Fix multi auth

Add many debugging logs in auth.remote, retested wp, joomla and drupal usecases.
pydio · Aug 25, 2016 · 250b912 · 250b912
1 parent b208c8b
commit 250b912
Show file tree

Hide file tree

Showing 4 changed files with 32 additions and 4 deletions.
diff --git a/core/src/plugins/auth.multi/MultiAuthDriver.php b/core/src/plugins/auth.multi/MultiAuthDriver.php
@@ -75,7 +75,7 @@ public function init(ContextInterface $ctx, $options = [])
             if (!$instance->isEnabled()) {
                 throw new Exception("You have selected a disabled plugin ($name) for type 'auth'");
             }
-            $instance->init($options);
+            $instance->init($ctx, $options);
             if ($name != $this->getOption("MASTER_DRIVER")) {
                 $this->slaveName = $name;
             }

diff --git a/core/src/plugins/auth.remote/RemoteAuthDriver.php b/core/src/plugins/auth.remote/RemoteAuthDriver.php
@@ -29,6 +29,7 @@
 use Pydio\Core\Utils\FileHelper;
 use Pydio\Core\Utils\Vars\InputFilter;
 use Pydio\Core\Utils\Vars\PasswordEncoder;
+use Pydio\Log\Core\Logger;
 
 defined('AJXP_EXEC') or die('Access not allowed');
 
@@ -228,10 +229,10 @@ public function checkPassword($login, $pass, $seed)
             $crtSessionId = session_id();
             session_write_close();
 
-            if (isSet($this->options["MASTER_HOST"])) {
+            if (!empty($this->options["MASTER_HOST"])) {
                 $host = $this->options["MASTER_HOST"];
             } else {
-                $host = parse_url($_SERVER["SERVER_ADDR"], PHP_URL_HOST);
+                $host = $_SERVER["HTTP_HOST"];
             }
             $formId = "";
             if (isSet($this->options["MASTER_AUTH_FORM_ID"])) {
@@ -241,6 +242,7 @@ public function checkPassword($login, $pass, $seed)
             $funcName = $this->options["MASTER_AUTH_FUNCTION"];
             require_once 'cms_auth_functions.php';
             if (function_exists($funcName)) {
+                Logger::debug("auth.remote", "Requesting authentication from remote CMS using function ".$funcName);
                 $sessCookies = call_user_func($funcName, $host, $uri, $login, $pass, $formId);
                 if ($sessCookies != "") {
                     if (is_array($sessCookies)) {
@@ -257,6 +259,7 @@ public function checkPassword($login, $pass, $seed)
                         session_id($sessCookies);
                         session_start();
                     }
+                    Logger::debug("auth.remote", "Got cookies from remote authentication");
                     return true;
                 }
 
@@ -267,6 +270,7 @@ public function checkPassword($login, $pass, $seed)
                     return true;
                 }
             }
+            Logger::debug("auth.remote", "No remote authentication from CMS succeeded, checking in local directory");
             // NOW CHECK IN LOCAL USERS LIST
             $userStoredPass = $this->getUserPass($login);
             if (!$userStoredPass) return false;

diff --git a/core/src/plugins/auth.remote/cms_auth_functions.php b/core/src/plugins/auth.remote/cms_auth_functions.php
@@ -61,6 +61,10 @@ function wordpress_remote_auth($host, $uri, $login, $pass, $formId = "")
         "wp-submit" => "Log In",
         "testcookie" => 1)
     );
+    $err = $client->getError();
+    if(!empty($err)){
+        throw new \Pydio\Core\Exception\PydioException($err);
+    }
     $newCookies = extractResponseCookies($client);
     if (isSet($newCookies["AjaXplorer"])) {
         return $newCookies;

diff --git a/core/src/plugins/auth.remote/glueCode.php b/core/src/plugins/auth.remote/glueCode.php
@@ -54,6 +54,13 @@
 if (!class_exists("SessionSwitcher")) {
     require_once("$CURRENTPATH/sessionSwitcher.php");
 }
+if (!function_exists("auth_remote_debug")){
+    function auth_remote_debug($str){
+        if(AJXP_SERVER_DEBUG){
+            error_log('[Pydio Auth Remote] '.$str);
+        }
+    }
+}
 $pServ = PluginsService::getInstance();
 ConfService::init($FRAMEWORK_PATH);
 ConfService::start();
@@ -73,9 +80,11 @@
        die("This file must be included and cannot be called directly");
     }
     if ($_SERVER['PHP_SELF'] != $authPlug->getOption("LOGIN_URL")) {
-       $plugInAction = "WRONG_URL";
+        auth_remote_debug("No secret provided, comparing current URL and login URL parameter is wrong. Please set up a secret key.");
+        $plugInAction = "WRONG_URL";
     }
 } else if ($secret != $authPlug->getOption("SECRET")) {
+    auth_remote_debug("Secret keys are not corresponding. Make sure to setup secret in both CMS plugin and Pydio plugin.");
     $plugInAction = "WRONG_SECRET";
 }
 
@@ -87,6 +96,7 @@
 
     function ajxp_gluecode_updateRole($loginData, &$userObject)
     {
+        auth_remote_debug("Updating user roles based on mappings");
         $authPlug = ConfService::getAuthDriverImpl();
         if(property_exists($authPlug, "drivers") && is_array($authPlug->drivers) && $authPlug->drivers["remote"]){
             $authPlug = $authPlug->drivers["remote"];
@@ -120,11 +130,14 @@ function ajxp_gluecode_updateRole($loginData, &$userObject)
 
 switch ($plugInAction) {
     case 'login':
+        auth_remote_debug("Entering 'login' case in glueCode");
         $login = $AJXP_GLUE_GLOBALS["login"]; $autoCreate = $AJXP_GLUE_GLOBALS["autoCreate"];
         if (is_array($login)) {
             $newSession = new SessionSwitcher("AjaXplorer");
+            auth_remote_debug("Entering 'login' case in glueCode");
             $creation = false;
             if ($autoCreate && !UsersService::userExists($login["name"], "w")) {
+                auth_remote_debug("Automatically creating user in Pydio");
                 $creation = true;
                 $isAdmin = (isSet($login["right"]) && $login["right"] == "admin");
                 UsersService::createUser($login["name"], $login["password"], $isAdmin);
@@ -136,9 +149,12 @@ function ajxp_gluecode_updateRole($loginData, &$userObject)
                     $userObject = AuthService::logUser($login["name"], $login["password"], true);
                 }
                 $userObject = AuthService::getLoggedUser();
+                auth_remote_debug("User logged to pydio succesfully");
                 if ($userObject->isAdmin()) {
+                    auth_remote_debug("User is admin, updating admin rights");
                     RolesService::updateAdminRights($userObject);
                 } else {
+                    auth_remote_debug("User is standard, updating default rights");
                     RolesService::updateDefaultRights($userObject);
                 }
                 if($creation) ajxp_gluecode_updateRole($login, $userObject);
@@ -149,12 +165,14 @@ function ajxp_gluecode_updateRole($loginData, &$userObject)
         }
         break;
     case 'logout':
+        auth_remote_debug("Entering 'logout' case in glueCode. Should kill pydio session");
         $newSession = new SessionSwitcher("AjaXplorer");
         global $_SESSION;
         $_SESSION = array();
         $result = TRUE;
         break;
     case 'addUser':
+        auth_remote_debug("Entering 'addUser' case in glueCode. Create user in pydio");
         $user = $AJXP_GLUE_GLOBALS["user"];
         if (is_array($user)) {
             $isAdmin = (isSet($user["right"]) && $user["right"] == "admin");
@@ -167,13 +185,15 @@ function ajxp_gluecode_updateRole($loginData, &$userObject)
         }
         break;
     case 'delUser':
+        auth_remote_debug("Entering 'delUser' case in glueCode. Delete user from pydio");
         $userName = $AJXP_GLUE_GLOBALS["userName"];
         if (strlen($userName)) {
             UsersService::deleteUser($userName);
             $result = TRUE;
         }
         break;
     case 'updateUser':
+        auth_remote_debug("Entering 'updateUser' case in glueCode. Update user in pydio");
         $user = $AJXP_GLUE_GLOBALS["user"];
         if (is_array($user)) {
             if (UsersService::userExists($user["name"]) && UsersService::updatePassword($user["name"], $user["password"])) {