projects / platal.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Moving to GitHub.
[platal.git] / classes / xorgsession.php
diff --git a/classes/xorgsession.php b/classes/xorgsession.php
index 400f809..2a9e73d 100644 (file)
--- a/classes/xorgsession.php
+++ b/classes/xorgsession.php
@@ -1,6 +1,6 @@
 <?php
 /***************************************************************************
- *  Copyright (C) 2003-2011 Polytechnique.org                              *
+ *  Copyright (C) 2003-2014 Polytechnique.org                              *
  *  http://opensource.polytechnique.org/                                   *
  *                                                                         *
  *  This program is free software; you can redistribute it and/or modify   *
@@ -77,36 +77,29 @@ class XorgSession extends PlSession
         return self::INVALID_USER;
     }
 
-    private function checkPassword($uname, $login, $response, $login_type)
+    const TEXT_INVALID_LOGIN = "Mot de passe ou nom d'utilisateur invalide";
+    const TEXT_INVALID_PASS = "Mot de passe invalide";
+
+    private function checkPassword($login, User $user, $response)
     {
-        if ($login_type == 'alias') {
-            $res = XDB::query('SELECT  a.uid, a.password
-                                 FROM  accounts             AS a
-                           INNER JOIN  email_source_account AS e ON (e.uid = a.uid)
-                                WHERE  e.email = {?}',
-                              $login);
+        if ($user === null) {
+            Platal::page()->trigError(self::TEXT_INVALID_LOGIN);
+            return false;
         } else {
-            $res = XDB::query('SELECT  uid, password
-                                 FROM  accounts
-                                WHERE  ' . $login_type . ' = {?}',
-                              $login);
-        }
-        if (list($uid, $password) = $res->fetchOneRow()) {
-            $expected_response = sha1("$uname:$password:" . S::v('challenge'));
+            $password = $user->password();
+            $expected_response = sha1("$login:$password:" . S::v('challenge'));
             /* Deprecates len(password) > 10 conversion. */
             if ($response != $expected_response) {
                 if (!S::logged()) {
-                    Platal::page()->trigError('Mot de passe ou nom d\'utilisateur invalide');
+                    Platal::page()->trigError(self::TEXT_INVALID_LOGIN);
                 } else {
-                    Platal::page()->trigError('Mot de passe invalide');
+                    Platal::page()->trigError(self::TEXT_INVALID_PASS);
                 }
                 S::logger($uid)->log('auth_fail', 'bad password');
-                return null;
+                return false;
             }
-            return $uid;
+            return true;
         }
-        Platal::page()->trigError('Mot de passe ou nom d\'utilisateur invalide');
-        return null;
     }
 
 
@@ -138,51 +131,30 @@ class XorgSession extends PlSession
         /** We come from an authentication form.
          */
         if (S::suid()) {
-            $login = $uname = S::suid('uid');
-            $loginType = 'uid';
+            $login = S::suid('uid');
         } else {
-            $uname = Post::v('username');
-            if (Post::s('domain') == "alias") {
-                $login = XDB::fetchOneCell('SELECT  uid
-                                              FROM  email_source_account
-                                             WHERE  email = {?} AND type = \'alias_aux\'',
-                                           $uname);
-                $loginType = 'uid';
-            } else if (Post::s('domain') == 'hruid') {
-                $login = $uname;
-                $loginType = 'hruid';
-            } else {
-                $login = $uname;
-                $loginType = is_numeric($uname) ? 'uid' : 'alias';
-            }
+            $login = Post::v('username');
         }
 
-        $uid = $this->checkPassword($uname, $login, Post::v('response'), $loginType);
-        if (!is_null($uid) && S::suid()) {
-            if (S::suid('uid') == $uid) {
-                $uid = S::i('uid');
+        $user = User::getSilent($login);
+
+        if (is_null($user)) {
+            Platal::page()->trigError(self::TEXT_INVALID_LOGIN);
+            $success = false;
+        } else {
+            if (S::suid()) {
+                $success = (S::suid('uid') == $user->id());
             } else {
-                $uid = null;
+                $success = $this->checkPassword($login, $user, Post::v('response'));
             }
         }
-        if (!is_null($uid)) {
-            S::set('auth', AUTH_MDP);
-            if (!S::suid()) {
-                if (Post::has('domain')) {
-                    $domain = Post::v('domain', 'login');
-                    if ($domain == 'alias') {
-                        Cookie::set('domain', 'alias', 300);
-                    } else if ($domain == 'ax') {
-                        Cookie::set('domain', 'ax', 300);
-                    } else {
-                        Cookie::kill('domain');
-                    }
-                }
-            }
+
+        if ($success) {
+            S::set('auth', AUTH_PASSWD);
             S::kill('challenge');
-            S::logger($uid)->log('auth_ok');
+            S::logger($user->id())->log('auth_ok');
         }
-        return User::getSilentWithUID($uid);
+        return $user;
     }
 
     protected function startSessionAs($user, $level)
@@ -194,7 +166,7 @@ class XorgSession extends PlSession
             return true;
         }
         if ($level == AUTH_SUID) {
-            S::set('auth', AUTH_MDP);
+            S::set('auth', AUTH_PASSWD);
         }
 
         // Loads uid and hruid into the session for developement conveniance.
@@ -211,6 +183,13 @@ class XorgSession extends PlSession
                 $this->setAccessCookie(false, S::i('auth_by_cookie') != $user->id());
             } else {
                 $this->killAccessCookie();
+
+                // If login for an external website and not activating cookie,
+                // mark that we want to disconnect once external auth checks
+                // have been performed.
+                if (Post::b('external_auth')) {
+                    S::set('external_auth_exit', true);
+                }
             }
         }
 
@@ -219,7 +198,10 @@ class XorgSession extends PlSession
         $this->securityChecks();
         $this->setSkin();
         $this->updateNbNotifs();
-        check_redirect();
+        // Only check email redirection for 'internal' users.
+        if ($user->checkPerms(PERMS_USER)) {
+            check_redirect();
+        }
 
         // We should not have to use this private data anymore
         S::kill('auth_by_cookie');
@@ -331,7 +313,7 @@ class XorgSession extends PlSession
 
     public function sureLevel()
     {
-        return AUTH_MDP;
+        return AUTH_PASSWD;
     }
 
 
@@ -366,5 +348,5 @@ class XorgSession extends PlSession
     }
 }
 
-// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
+// vim:set et sw=4 sts=4 sws=4 foldmethod=marker fenc=utf-8:
 ?>
plat/al