From 6cce7840e69bc0b6647e1bc5ea3437a925cd63a0 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Rapha=C3=ABl=20Barrois?= <raphael.barrois@polytechnique.org>
Date: Wed, 24 Aug 2011 00:59:06 +0200
Subject: [PATCH] Don't use the domain part in login anymore.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Signed-off-by: RaphaÃ«l Barrois <raphael.barrois@polytechnique.org>
---
 classes/xorgsession.php            | 94 +++++++++++---------------------------
 configs/platal.ini                 |  2 +-
 htdocs/javascript/xorg.js          |  1 -
 plugins/insert.getUserName.php     | 22 +--------
 templates/core/password_prompt.tpl | 22 ++++-----
 5 files changed, 38 insertions(+), 103 deletions(-)

diff --git a/classes/xorgsession.php b/classes/xorgsession.php
index 3862b91..84128af 100644
--- a/classes/xorgsession.php
+++ b/classes/xorgsession.php
@@ -77,36 +77,29 @@ class XorgSession extends PlSession
         return self::INVALID_USER;
     }
 
-    private function checkPassword($uname, $login, $response, $login_type)
+    const TEXT_INVALID_LOGIN = "Mot de passe ou nom d'utilisateur invalide";
+    const TEXT_INVALID_PASS = "Mot de passe invalide";
+
+    private function checkPassword($login, User $user, $response)
     {
-        if ($login_type == 'alias') {
-            $res = XDB::query('SELECT  a.uid, a.password
-                                 FROM  accounts             AS a
-                           INNER JOIN  email_source_account AS e ON (e.uid = a.uid)
-                                WHERE  e.email = {?}',
-                              $login);
+        if ($user === null) {
+            Platal::page()->trigError(self::TEXT_INVALID_LOGIN);
+            return false;
         } else {
-            $res = XDB::query('SELECT  uid, password
-                                 FROM  accounts
-                                WHERE  ' . $login_type . ' = {?}',
-                              $login);
-        }
-        if (list($uid, $password) = $res->fetchOneRow()) {
-            $expected_response = sha1("$uname:$password:" . S::v('challenge'));
+            $password = $user->password();
+            $expected_response = sha1("$login:$password:" . S::v('challenge'));
             /* Deprecates len(password) > 10 conversion. */
             if ($response != $expected_response) {
                 if (!S::logged()) {
-                    Platal::page()->trigError('Mot de passe ou nom d\'utilisateur invalide');
+                    Platal::page()->trigError(self::TEXT_INVALID_LOGIN);
                 } else {
-                    Platal::page()->trigError('Mot de passe invalide');
+                    Platal::page()->trigError(self::TEXT_INVALID_PASS);
                 }
                 S::logger($uid)->log('auth_fail', 'bad password');
-                return null;
+                return false;
             }
-            return $uid;
+            return true;
         }
-        Platal::page()->trigError('Mot de passe ou nom d\'utilisateur invalide');
-        return null;
     }
 
 
@@ -138,60 +131,27 @@ class XorgSession extends PlSession
         /** We come from an authentication form.
          */
         if (S::suid()) {
-            $login = $uname = S::suid('uid');
-            $loginType = 'uid';
+            $login = S::suid('uid');
         } else {
-            $uname = Post::v('username');
-            if (Post::s('domain') == "alias") {
-                $login = XDB::fetchOneCell('SELECT  uid
-                                              FROM  email_source_account
-                                             WHERE  email = {?} AND type = \'alias_aux\'',
-                                           $uname);
-                $loginType = 'uid';
-            } else if (Post::s('domain') == 'hruid') {
-                $login = $uname;
-                $loginType = 'hruid';
-            } else if ((Post::s('domain') == 'email')) {
-                $login = XDB::fetchOneCell('SELECT  SQL_CALC_FOUND_ROWS uid
-                                              FROM  accounts
-                                             WHERE  email = {?}',
-                                           $uname);
-                if (!(XDB::fetchOneCell('SELECT FOUND_ROWS()') == 1)) {
-                    $login =null;
-                }
-                $loginType = 'uid';
-            } else {
-                $login = $uname;
-                $loginType = is_numeric($uname) ? 'uid' : 'alias';
-            }
+            $login = Post::v('username');
         }
 
-        $uid = $this->checkPassword($uname, $login, Post::v('response'), $loginType);
-        if (!is_null($uid) && S::suid()) {
-            if (S::suid('uid') == $uid) {
-                $uid = S::i('uid');
-            } else {
-                $uid = null;
-            }
+        $user = User::getSilent($login);
+
+        $success = $this->checkPassword($login, $user, Post::v('response'));
+
+        if (!is_null($user) && S::suid()) {
+            $success = (S::suid('uid') == $user->id());
+        } else {
+            $success = $this->checkPassword($login, $user, Post::v('response'));
         }
-        if (!is_null($uid)) {
+
+        if ($success) {
             S::set('auth', AUTH_MDP);
-            if (!S::suid()) {
-                if (Post::has('domain')) {
-                    $domain = Post::v('domain', 'login');
-                    if ($domain == 'alias') {
-                        Cookie::set('domain', 'alias', 300);
-                    } else if ($domain == 'ax') {
-                        Cookie::set('domain', 'ax', 300);
-                    } else {
-                        Cookie::kill('domain');
-                    }
-                }
-            }
             S::kill('challenge');
-            S::logger($uid)->log('auth_ok');
+            S::logger($user->id())->log('auth_ok');
         }
-        return User::getSilentWithUID($uid);
+        return $user;
     }
 
     protected function startSessionAs($user, $level)
diff --git a/configs/platal.ini b/configs/platal.ini
index 9ce8614..5b85fc3 100644
--- a/configs/platal.ini
+++ b/configs/platal.ini
@@ -442,7 +442,7 @@ private_key_ax = ""
 secret       = ""
 
 ; $globals->xnet->auth_baseurl
-; Baseur of the site used to perform authentication
+; Baseurl of the site used to perform authentication
 auth_baseurl = ""
 
 ; $globals->xnet->evts_domain
diff --git a/htdocs/javascript/xorg.js b/htdocs/javascript/xorg.js
index c05ed85..f069982 100644
--- a/htdocs/javascript/xorg.js
+++ b/htdocs/javascript/xorg.js
@@ -662,7 +662,6 @@ function doChallengeResponse() {
     }
     document.forms.loginsub.username.value = document.forms.login.username.value;
     document.forms.loginsub.remember.value = document.forms.login.remember.checked;
-    document.forms.loginsub.domain.value = document.forms.login.domain.value;
     document.forms.login.password.value = "";
     document.forms.loginsub.submit();
 }
diff --git a/plugins/insert.getUserName.php b/plugins/insert.getUserName.php
index 7caa9a2..f054e5d 100644
--- a/plugins/insert.getUserName.php
+++ b/plugins/insert.getUserName.php
@@ -28,26 +28,8 @@ function smarty_insert_getUsername()
         return '';
     }
 
-    $domain = Cookie::v('domain', 'login');
-    if ($domain == 'hruid') {
-        return XDB::fetchOneCell('SELECT  hruid
-                                    FROM  accounts
-                                   WHERE  uid = {?}',
-                                 $id);
-    } elseif ($domain == 'alias') {
-        return XDB::fetchOneCell('SELECT  email
-                                    FROM  email_source_account
-                                   WHERE  uid = {?} AND type = \'alias_aux\'',
-                                 $id);
-    } else {
-        return XDB::fetchOneCell('SELECT  email
-                                    FROM  email_source_account
-                                   WHERE  uid = {?} AND type != \'alias_aux\'
-                                ORDER BY  NOT FIND_IN_SET(\'bestalias\', flags), CHAR_LENGTH(email)',
-                                 $id);
-    }
-
-     return '';
+    $user = User::getSilentWithUID($id);
+    return $user->bestEmail();
 }
 
 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
diff --git a/templates/core/password_prompt.tpl b/templates/core/password_prompt.tpl
index 6975a2c..0834ff5 100644
--- a/templates/core/password_prompt.tpl
+++ b/templates/core/password_prompt.tpl
@@ -26,8 +26,12 @@
 </h1>
 <p>
   Bonjour,<br />
-  la page que vous avez demandÃ©e
-  (<strong>{if $referer}{$smarty.server.HTTP_REFERER}{else}{$globals->baseurl}/{$platal->pl_self()}{/if}</strong>)
+  {if t($group)}
+    le site du groupe {$group}
+  {else}
+    la page que vous avez demandÃ©e
+  {/if}
+  (<strong>{if t($referer)}{$smarty.server.HTTP_REFERER}{else}{$globals->baseurl}/{$platal->pl_self()}{/if}</strong>)
   nÃ©cessite une authentification.
 </p>
 {else}
@@ -47,19 +51,10 @@
     </tr>
     <tr style="white-space: nowrap">
       <td class="titre">
-        Identifiant&nbsp;:
+        Identifiant ou email&nbsp;:
       </td>
       <td>
-        <input type="text" name="username" size="20" maxlength="50" value="{insert name="getUserName"}" />
-        <select name="domain">
-          <option value="login">@alumni. {#globals.mail.domain#} / {#globals.mail.domain2#}</option>
-          <option value="alias" {if t($smarty.cookies.ORGdomain) && $smarty.cookies.ORGdomain eq "alias"}selected="selected"{/if}>
-            @ {#globals.mail.alias_dom#} / {#globals.mail.alias_dom2#}
-          </option>
-          <option value="hruid" {if t($smarty.cookies.ORGdomain) && $smarty.cookies.ORGdomain eq "ax"}selected="selected"{/if}>
-            Identifiant
-          </option>
-        </select>
+        <input type="text" name="username" size="40" maxlength="100" value="{insert name="getUserName"}" />
       </td>
     </tr>
     <tr>
@@ -153,7 +148,6 @@
     <input type="hidden" name="xorpass"   value="" />
     <input type="hidden" name="username"  value="" />
     <input type="hidden" name="remember"  value="" />
-    <input type="hidden" name="domain"    value="" />
   </div>
 </form>
 
-- 
2.1.4