Permalink
Browse files

Fix multi auth

Add many debugging logs in auth.remote, retested wp, joomla and drupal usecases.
  • Loading branch information...
1 parent b208c8b commit 250b9120d4e3bf15fc051baa8be6010417532339 @cdujeu cdujeu committed Aug 25, 2016
@@ -75,7 +75,7 @@ public function init(ContextInterface $ctx, $options = [])
if (!$instance->isEnabled()) {
throw new Exception("You have selected a disabled plugin ($name) for type 'auth'");
}
- $instance->init($options);
+ $instance->init($ctx, $options);
if ($name != $this->getOption("MASTER_DRIVER")) {
$this->slaveName = $name;
}
@@ -29,6 +29,7 @@
use Pydio\Core\Utils\FileHelper;
use Pydio\Core\Utils\Vars\InputFilter;
use Pydio\Core\Utils\Vars\PasswordEncoder;
+use Pydio\Log\Core\Logger;
defined('AJXP_EXEC') or die('Access not allowed');
@@ -228,10 +229,10 @@ public function checkPassword($login, $pass, $seed)
$crtSessionId = session_id();
session_write_close();
- if (isSet($this->options["MASTER_HOST"])) {
+ if (!empty($this->options["MASTER_HOST"])) {
$host = $this->options["MASTER_HOST"];
} else {
- $host = parse_url($_SERVER["SERVER_ADDR"], PHP_URL_HOST);
+ $host = $_SERVER["HTTP_HOST"];
}
$formId = "";
if (isSet($this->options["MASTER_AUTH_FORM_ID"])) {
@@ -241,6 +242,7 @@ public function checkPassword($login, $pass, $seed)
$funcName = $this->options["MASTER_AUTH_FUNCTION"];
require_once 'cms_auth_functions.php';
if (function_exists($funcName)) {
+ Logger::debug("auth.remote", "Requesting authentication from remote CMS using function ".$funcName);
$sessCookies = call_user_func($funcName, $host, $uri, $login, $pass, $formId);
if ($sessCookies != "") {
if (is_array($sessCookies)) {
@@ -257,6 +259,7 @@ public function checkPassword($login, $pass, $seed)
session_id($sessCookies);
session_start();
}
+ Logger::debug("auth.remote", "Got cookies from remote authentication");
return true;
}
@@ -267,6 +270,7 @@ public function checkPassword($login, $pass, $seed)
return true;
}
}
+ Logger::debug("auth.remote", "No remote authentication from CMS succeeded, checking in local directory");
// NOW CHECK IN LOCAL USERS LIST
$userStoredPass = $this->getUserPass($login);
if (!$userStoredPass) return false;
@@ -61,6 +61,10 @@ function wordpress_remote_auth($host, $uri, $login, $pass, $formId = "")
"wp-submit" => "Log In",
"testcookie" => 1)
);
+ $err = $client->getError();
+ if(!empty($err)){
+ throw new \Pydio\Core\Exception\PydioException($err);
+ }
$newCookies = extractResponseCookies($client);
if (isSet($newCookies["AjaXplorer"])) {
return $newCookies;
@@ -54,6 +54,13 @@
if (!class_exists("SessionSwitcher")) {
require_once("$CURRENTPATH/sessionSwitcher.php");
}
+if (!function_exists("auth_remote_debug")){
+ function auth_remote_debug($str){
+ if(AJXP_SERVER_DEBUG){
+ error_log('[Pydio Auth Remote] '.$str);
+ }
+ }
+}
$pServ = PluginsService::getInstance();
ConfService::init($FRAMEWORK_PATH);
ConfService::start();
@@ -73,9 +80,11 @@
die("This file must be included and cannot be called directly");
}
if ($_SERVER['PHP_SELF'] != $authPlug->getOption("LOGIN_URL")) {
- $plugInAction = "WRONG_URL";
+ auth_remote_debug("No secret provided, comparing current URL and login URL parameter is wrong. Please set up a secret key.");
+ $plugInAction = "WRONG_URL";
}
} else if ($secret != $authPlug->getOption("SECRET")) {
+ auth_remote_debug("Secret keys are not corresponding. Make sure to setup secret in both CMS plugin and Pydio plugin.");
$plugInAction = "WRONG_SECRET";
}
@@ -87,6 +96,7 @@
function ajxp_gluecode_updateRole($loginData, &$userObject)
{
+ auth_remote_debug("Updating user roles based on mappings");
$authPlug = ConfService::getAuthDriverImpl();
if(property_exists($authPlug, "drivers") && is_array($authPlug->drivers) && $authPlug->drivers["remote"]){
$authPlug = $authPlug->drivers["remote"];
@@ -120,11 +130,14 @@ function ajxp_gluecode_updateRole($loginData, &$userObject)
switch ($plugInAction) {
case 'login':
+ auth_remote_debug("Entering 'login' case in glueCode");
$login = $AJXP_GLUE_GLOBALS["login"]; $autoCreate = $AJXP_GLUE_GLOBALS["autoCreate"];
if (is_array($login)) {
$newSession = new SessionSwitcher("AjaXplorer");
+ auth_remote_debug("Entering 'login' case in glueCode");
$creation = false;
if ($autoCreate && !UsersService::userExists($login["name"], "w")) {
+ auth_remote_debug("Automatically creating user in Pydio");
$creation = true;
$isAdmin = (isSet($login["right"]) && $login["right"] == "admin");
UsersService::createUser($login["name"], $login["password"], $isAdmin);
@@ -136,9 +149,12 @@ function ajxp_gluecode_updateRole($loginData, &$userObject)
$userObject = AuthService::logUser($login["name"], $login["password"], true);
}
$userObject = AuthService::getLoggedUser();
+ auth_remote_debug("User logged to pydio succesfully");
if ($userObject->isAdmin()) {
+ auth_remote_debug("User is admin, updating admin rights");
RolesService::updateAdminRights($userObject);
} else {
+ auth_remote_debug("User is standard, updating default rights");
RolesService::updateDefaultRights($userObject);
}
if($creation) ajxp_gluecode_updateRole($login, $userObject);
@@ -149,12 +165,14 @@ function ajxp_gluecode_updateRole($loginData, &$userObject)
}
break;
case 'logout':
+ auth_remote_debug("Entering 'logout' case in glueCode. Should kill pydio session");
$newSession = new SessionSwitcher("AjaXplorer");
global $_SESSION;
$_SESSION = array();
$result = TRUE;
break;
case 'addUser':
+ auth_remote_debug("Entering 'addUser' case in glueCode. Create user in pydio");
$user = $AJXP_GLUE_GLOBALS["user"];
if (is_array($user)) {
$isAdmin = (isSet($user["right"]) && $user["right"] == "admin");
@@ -167,13 +185,15 @@ function ajxp_gluecode_updateRole($loginData, &$userObject)
}
break;
case 'delUser':
+ auth_remote_debug("Entering 'delUser' case in glueCode. Delete user from pydio");
$userName = $AJXP_GLUE_GLOBALS["userName"];
if (strlen($userName)) {
UsersService::deleteUser($userName);
$result = TRUE;
}
break;
case 'updateUser':
+ auth_remote_debug("Entering 'updateUser' case in glueCode. Update user in pydio");
$user = $AJXP_GLUE_GLOBALS["user"];
if (is_array($user)) {
if (UsersService::userExists($user["name"]) && UsersService::updatePassword($user["name"], $user["password"])) {

0 comments on commit 250b912

Please sign in to comment.