From 00386636c5cd5c824eb4f44447be09817faab079 Mon Sep 17 00:00:00 2001 From: Michael M Slusarz Date: Tue, 29 Oct 2013 14:49:05 -0600 Subject: [PATCH] [mms] Add 'fallback' option for the Horde_Registry#appInit() 'authentication' parameter. --- .../Core/lib/Horde/Core/Ajax/Application.php | 9 +++-- framework/Core/lib/Horde/Registry.php | 39 +++++++++++++++++-- framework/Core/package.xml | 10 +++-- 3 files changed, 47 insertions(+), 11 deletions(-) diff --git a/framework/Core/lib/Horde/Core/Ajax/Application.php b/framework/Core/lib/Horde/Core/Ajax/Application.php index df4da6a19b0..c79b478e98f 100644 --- a/framework/Core/lib/Horde/Core/Ajax/Application.php +++ b/framework/Core/lib/Horde/Core/Ajax/Application.php @@ -72,7 +72,7 @@ abstract class Horde_Core_Ajax_Application public function __construct($app, Horde_Variables $vars, $action = null, $token = null) { - global $session; + global $registry, $session; $this->_app = $app; $this->_vars = $vars; @@ -82,12 +82,15 @@ public function __construct($app, Horde_Variables $vars, $action = null, $ob = $this->_getHandler(); - /* Check token. */ + /* Check authentication/token. */ if ($ob && !$ob->external($action)) { + if (!$registry->currentProcessAuth()) { + throw new Horde_Exception('Accessing AJAX action without being authenticated.'); + } $session->checkToken($token); } - /* Check for session regnerateion request. */ + /* Check for session regneration request. */ if ($vars->regenerate_sid) { $session->regenerate(); if (SID) { diff --git a/framework/Core/lib/Horde/Registry.php b/framework/Core/lib/Horde/Registry.php index 9480e431076..ace05191d3d 100644 --- a/framework/Core/lib/Horde/Registry.php +++ b/framework/Core/lib/Horde/Registry.php @@ -143,6 +143,7 @@ class Horde_Registry implements Horde_Shutdown_Task * Page compression will be started (if configured). * * Global variables defined: + * 
      *   - $browser: Horde_Browser object
      *   - $cli: Horde_Cli object (if 'cli' is true)
      *   - $conf: Configuration array
@@ -153,13 +154,17 @@ class Horde_Registry implements Horde_Shutdown_Task
      *   - $prefs: Horde_Prefs object
      *   - $registry: Horde_Registry object
      *   - $session: Horde_Session object
+     *
* * @param string $app The application to initialize. * @param array $args Optional arguments: + * 
      *   - admin: (boolean) Require authenticated user to be an admin?
      *            DEFAULT: false
      *   - authentication: (string) The type of authentication to use:
      *     - none: Do not authenticate
+     *     - fallback: Attempt to authenticate; if failure, then don't auth
+     *                 (@since 2.11.0).
      *     - [DEFAULT]: Authenticate; on no auth redirect to login screen
      *   - cli: (boolean) Initialize a CLI interface. Setting this to true
      *          implicits setting 'authentication' to 'none' and 'admin' and
@@ -189,6 +194,7 @@ class Horde_Registry implements Horde_Shutdown_Task
      *               DEFAULT: false
      *   - user_admin: (boolean) Set authentication to an admin user?
      *                 DEFAULT: false
+     *
* * @return Horde_Registry_Application The application object. * @throws Horde_Exception @@ -227,6 +233,14 @@ static public function appInit($app, array $args = array()) $args['authentication'] = 'none'; } + // For 'fallback' authentication, try authentication first. + if ($args['authentication'] === 'fallback') { + $fallback_auth = true; + $args['authentication'] = ''; + } else { + $fallback_auth = false; + } + // Registry. $s_ctrl = 0; switch ($args['session_control']) { @@ -267,6 +281,11 @@ static public function appInit($app, array $args = array()) throw new Horde_Exception(Horde_Core_Translation::t("Not an admin")); } } catch (Horde_Exception_PushApp $e) { + if ($fallback_auth) { + $args['authentication'] = 'none'; + return self::appInit($app, $args); + } + $appob->appInitFailure($e); switch ($e->getCode()) { @@ -937,7 +956,7 @@ public function isInactive($app) (($this->applications[$app]['status'] == 'admin') && !$this->isAdmin()) || (($this->applications[$app]['status'] == 'noadmin') && - $this->_args['authentication'] != 'none' && + $this->currentProcessAuth() && $this->isAdmin())); } @@ -1109,7 +1128,7 @@ public function callByPackage($app, $call, array $args = array(), * including any files which might do it for us. Return an * error immediately if pushApp() fails. */ $pushed = $this->pushApp($app, array( - 'check_perms' => !in_array($call, $api_ob->noPerms()) && empty($options['noperms']) && $this->_args['authentication'] != 'none' + 'check_perms' => !in_array($call, $api_ob->noPerms()) && empty($options['noperms']) && $this->currentProcessAuth() )); try { @@ -1174,7 +1193,7 @@ public function callAppMethod($app, $call, array $options = array()) * including any files which might do it for us. Return an * error immediately if pushApp() fails. */ $pushed = $this->pushApp($app, array( - 'check_perms' => empty($options['noperms']) && $this->_args['authentication'] != 'none' + 'check_perms' => empty($options['noperms']) && $this->currentProcessAuth() )); try { @@ -1502,7 +1521,7 @@ public function pushApp($app, array $options = array()) $checkPerms = ((!isset($options['check_perms']) || !empty($options['check_perms'])) && - ($this->_args['authentication'] != 'none')); + $this->currentProcessAuth()); /* If permissions checking is requested, return an error if the * current user does not have read perms to the application being @@ -2174,6 +2193,18 @@ public function isAuthenticated(array $options = array()) } } + /** + * Checks whether this process required authentication. + * + * @since 2.11.0 + * + * @return boolean True if the current process required authentication. + */ + public function currentProcessAuth() + { + return ($this->_args['authentication'] !== 'none'); + } + /** * Returns a URL to the login screen, adding the necessary logout * parameters. diff --git a/framework/Core/package.xml b/framework/Core/package.xml index 1000170b46f..edf49fc3100 100644 --- a/framework/Core/package.xml +++ b/framework/Core/package.xml @@ -30,8 +30,8 @@ 2013-10-28 - 2.10.3 - 2.10.0 + 2.11.0 + 2.11.0 stable @@ -39,6 +39,7 @@ LGPL-2.1 +* [mms] Add 'fallback' option for the Horde_Registry#appInit() 'authentication' parameter. * [mms] Fix deauthenticating when a system-level logout event occurs. @@ -3214,14 +3215,15 @@ - 2.10.3 - 2.10.0 + 2.11.0 + 2.11.0 stable stable 2013-10-28 LGPL-2.1 +* [mms] Add 'fallback' option for the Horde_Registry#appInit() 'authentication' parameter. * [mms] Fix deauthenticating when a system-level logout event occurs.