Add credentials page to auth flags and use consts

mantisbt · Apr 16, 2017 · 90c02d6 · 90c02d6
1 parent 90a6b73
commit 90c02d6
Show file tree

Hide file tree

Showing 10 changed files with 36 additions and 12 deletions.
diff --git a/config_defaults_inc.php b/config_defaults_inc.php
@@ -3357,7 +3357,7 @@
  * Specify where the user should be sent after logging out.
  * @global string $g_logout_redirect_page
  */
-$g_logout_redirect_page = 'login_page.php';
+$g_logout_redirect_page = AUTH_PAGE_USERNAME;
 
 ###########
 # Headers #

diff --git a/core/authentication_api.php b/core/authentication_api.php
@@ -225,7 +225,7 @@ function auth_credential_page( $p_query_string = '', $p_user_id = null ) {
 		$p_user_id = auth_get_current_user_id();
 	}
 
-	$t_url = 'login_password_page.php';
+	$t_url = AUTH_PAGE_CREDENTIAL;
 	if( $p_user_id === NO_USER || !user_exists( $p_user_id ) ) {
 		return helper_url_combine( $t_url, $p_query_string );
 	}

diff --git a/core/classes/AuthFlags.class.php b/core/classes/AuthFlags.class.php
@@ -51,14 +51,29 @@ class AuthFlags {
 	/**
 	 * The login page to use instead of the standard MantisBT login page.  This can be
 	 * a plugin page.
+	 *
+	 * @see $credentials_page
 	 * @see $logout_page
 	 * @var string|null
 	 */
 	private $login_page = null;
 
+	/**
+	 * The page to use for providing credentials.  This can be the default password page
+	 * provided by MantisBT, an auth plugin provided page that asks for credentials or
+	 * an auth plugin provided page that re-directs to an IDP.
+	 *
+	 * @see $login_page
+	 * @see $logout_page
+	 * @var string|null
+	 */
+	private $credentials_page = null;
+
 	/**
 	 * The logout page to use instead of the standard MantisBT logout page.  This can be
 	 * a plugin page.
+	 *
+	 * @see $credentials_page
 	 * @see $login_page
 	 * @see $logout_redirect_page
 	 * @var string|null
@@ -68,6 +83,7 @@ class AuthFlags {
 	/**
 	 * The page to redirect to after successful logout.  This can be a plugin page.  Such
 	 * page can display content directly to redirect to a MantisBT page to a remote page.
+	 *
 	 * @see $logout_page
 	 * @var string|null
 	 */
@@ -138,11 +154,15 @@ function setLoginPage( $p_page ) {
 	}
 
 	function getLoginPage() {
-		if( is_null( $this->login_page ) ) {
-			return 'login_page.php';
-		}
+		return is_null( $this->login_page ) ? AUTH_PAGE_USERNAME : $this->login_page;
+	}
+
+	function setCredentialsPage( $p_page ) {
+		$this->credentials_page = $p_page;
+	}
 
-		return $this->login_page;
+	function getCredentialsPage() {
+		return is_null( $this->credentials_page ) ? AUTH_PAGE_CREDENTIAL : $this->credentials_page;
 	}
 
 	function setLogoutPage( $p_page ) {

diff --git a/core/constant_inc.php b/core/constant_inc.php
@@ -682,6 +682,10 @@
 define( 'LOGIN_METHOD_API_TOKEN', 'api-token' );
 define( 'LOGIN_METHOD_ANONYMOUS', 'anonymous' );
 
+# AUTH PAGES
+define( 'AUTH_PAGE_USERNAME', 'login_page.php' );
+define( 'AUTH_PAGE_CREDENTIAL', 'login_password_page.php' );
+
 # SLIM FRAMEWORK ATTRIBUTES
 define( 'ATTRIBUTE_FORCE_API_ENABLED', 'force_enable_api' );
 

diff --git a/css/status_config.php b/css/status_config.php
@@ -68,7 +68,7 @@
 }
 
 switch( $t_referer_page ) {
-	case 'login_page.php':
+	case AUTH_PAGE_USERNAME:
 	case 'signup_page.php':
 	case 'lost_pwd_page.php':
 	case 'account_update.php':

diff --git a/login_page.php b/login_page.php
@@ -212,7 +212,7 @@ function debug_setting_message ( $p_type, $p_setting, $p_value ) {
 				</h4>
 				<div class="space-10"></div>
 <!-- Login Form BEGIN -->
-	<form id="login-form" method="post" action="login_password_page.php">
+	<form id="login-form" method="post" action="<?php echo AUTH_PAGE_CREDENTIAL ?>">
 		<fieldset>
 
 			<?php

diff --git a/login_password_page.php b/login_password_page.php
@@ -80,7 +80,7 @@
 # Get the user id and based on the user decide whether to continue with native password credential
 # page or one provided by a plugin.
 $t_user_id = auth_get_user_id_from_login_name( $t_username );
-if( $t_user_id !== false && auth_credential_page() != 'login_password_page.php' ) {
+if( $t_user_id !== false && auth_credential_page() != AUTH_PAGE_CREDENTIAL ) {
 	$t_query_args = array(
 		'username' => $t_username,
         'cookie_error' => $f_cookie_error,

diff --git a/lost_pwd_page.php b/lost_pwd_page.php
@@ -125,7 +125,7 @@
 	</form>
 	</div>
 		<div class="toolbar center">
-			<a class="back-to-login-link pull-left" href="login_page.php"><?php echo lang_get( 'login_link' ); ?></a>
+			<a class="back-to-login-link pull-left" href="<?php echo AUTH_PAGE_USERNAME ?>"><?php echo lang_get( 'login_link' ); ?></a>
 			<?php if( auth_signup_enabled() ) { ?>
 			<a class="back-to-login-link pull-right" href="signup_page.php"><?php echo lang_get( 'signup_link' ); ?></a>
 			<?php } ?>

diff --git a/signup.php b/signup.php
@@ -128,7 +128,7 @@
 
 							<br />
 							<div class="center">
-								<a class="width-40 btn btn-inverse bigger-110 btn-success" href="login_page.php">
+								<a class="width-40 btn btn-inverse bigger-110 btn-success" href="<?php echo AUTH_PAGE_USERNAME ?>">
 									<?php echo lang_get( 'proceed' ) ?>
 								</a>
 							</div>

diff --git a/signup_page.php b/signup_page.php
@@ -160,7 +160,7 @@
 </div>
 
 	<div class="toolbar center">
-		<a class="back-to-login-link pull-left" href="login_page.php"><?php echo lang_get( 'login_link' ); ?></a>
+		<a class="back-to-login-link pull-left" href="<?php echo AUTH_PAGE_USERNAME; ?>"><?php echo lang_get( 'login_link' ); ?></a>
 		<?php
 		# lost password feature disabled or reset password via email disabled
 		if( ( LDAP != config_get_global( 'login_method' ) ) &&