AutoLogin/Logout: Remove own session namespace

Store data in the user and implement interface to left backends store remote information. fixes #6461
Icinga · Jul 30, 2014 · e2c761a · e2c761a
1 parent 294728a
commit e2c761a
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 13 deletions.
diff --git a/application/controllers/AuthenticationController.php b/application/controllers/AuthenticationController.php
@@ -68,9 +68,6 @@ public function loginAction()
                         $authenticated  = $backend->authenticate($user);
                         if ($authenticated === true) {
                             $auth->setAuthenticated($user);
-                            $session = Session::getSession()->getNamespace('authentication');
-                            $session->set('is_remote_user', true);
-                            $session->write();
                             $this->rerenderLayout()->redirectNow($redirectUrl);
                         }
                     }
@@ -135,12 +132,10 @@ public function loginAction()
     public function logoutAction()
     {
         $auth = $this->Auth();
-
-        $session = Session::getSession()->getNamespace('authentication');
-
+        $isRemoteUser = $auth->getUser()->isRemoteUser();
         $auth->removeAuthorization();
 
-        if ($session->get('is_remote_user', false) === true) {
+        if ($isRemoteUser === true) {
             $this->_helper->layout->setLayout('login');
             $this->_response->setHttpResponseCode(401);
         } else {

diff --git a/library/Icinga/Authentication/Backend/AutoLoginBackend.php b/library/Icinga/Authentication/Backend/AutoLoginBackend.php
@@ -53,6 +53,7 @@ public function hasUser(User $user)
     {
         if (isset($_SERVER['REMOTE_USER'])) {
             $username = $_SERVER['REMOTE_USER'];
+            $user->setRemoteUserInformation($username, 'REMOTE_USER');
             if ($this->stripUsernameRegexp !== null) {
                 $stripped = preg_replace($this->stripUsernameRegexp, '', $username);
                 if ($stripped !== false) {

diff --git a/library/Icinga/Authentication/Manager.php b/library/Icinga/Authentication/Manager.php
@@ -30,12 +30,6 @@ class Manager
      */
     private $user;
 
-    /**
-     * If the user was authenticated from the REMOTE_USER server variable
-     *
-     * @var Boolean
-     */
-    private $fromRemoteUser = false;
 
     private function __construct()
     {

diff --git a/library/Icinga/User.php b/library/Icinga/User.php
@@ -58,6 +58,18 @@ class User
      */
     protected $additionalInformation = array();
 
+    /**
+     * Information if the user is external authenticated
+     *
+     * Keys:
+     *
+     * 0: origin username
+     * 1: origin field name
+     *
+     * @var array
+     */
+    protected $remoteUserInformation = array();
+
     /**
      * Set of permissions
      *
@@ -401,4 +413,35 @@ public function clearMessages()
     {
         $this->messages = null;
     }
+
+    /**
+     * Set additional remote user information
+     *
+     * @param stirng    $username
+     * @param string    $field
+     */
+    public function setRemoteUserInformation($username, $field)
+    {
+        $this->remoteUserInformation = array($username, $field);
+    }
+
+    /**
+     * Get additional remote user information
+     *
+     * @return array
+     */
+    public function getRemoteUserInformation()
+    {
+        return $this->remoteUserInformation;
+    }
+
+    /**
+     * Return true if user has remote user information set
+     *
+     * @return bool
+     */
+    public function isRemoteUser()
+    {
+        return (count($this->remoteUserInformation)) ? true : false;
+    }
 }