Pass the client IP ID to LoginManager

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
This commit is contained in:
VirtualTam 2018-04-18 23:09:45 +02:00
parent c7721487b2
commit 8474208474
2 changed files with 16 additions and 17 deletions

View file

@ -48,15 +48,15 @@ public function __construct(& $globals, $configManager, $sessionManager)
/** /**
* Check user session state and validity (expiration) * Check user session state and validity (expiration)
* *
* @param array $server The $_SERVER array
* @param array $session The $_SESSION array (reference) * @param array $session The $_SESSION array (reference)
* @param array $cookie The $_COOKIE array * @param array $cookie The $_COOKIE array
* @param string $webPath Path on the server in which the cookie will be available on * @param string $webPath Path on the server in which the cookie will be available on
* @param string $clientIpId Client IP address identifier
* @param string $token Session token * @param string $token Session token
* *
* @return bool true if the user session is valid, false otherwise * @return bool true if the user session is valid, false otherwise
*/ */
public function checkLoginState($server, & $session, $cookie, $webPath, $token) public function checkLoginState(& $session, $cookie, $webPath, $clientIpId, $token)
{ {
if (! $this->configManager->exists('credentials.login')) { if (! $this->configManager->exists('credentials.login')) {
// Shaarli is not configured yet // Shaarli is not configured yet
@ -64,8 +64,6 @@ public function checkLoginState($server, & $session, $cookie, $webPath, $token)
return; return;
} }
$clientIpId = client_ip_id($server);
if (isset($cookie[SessionManager::$LOGGED_IN_COOKIE]) if (isset($cookie[SessionManager::$LOGGED_IN_COOKIE])
&& $cookie[SessionManager::$LOGGED_IN_COOKIE] === $token && $cookie[SessionManager::$LOGGED_IN_COOKIE] === $token
) { ) {
@ -100,13 +98,14 @@ public function isLoggedIn()
/** /**
* Check user credentials are valid * Check user credentials are valid
* *
* @param array $server The $_SERVER array * @param string $remoteIp Remote client IP address
* @param string $clientIpId Client IP address identifier
* @param string $login Username * @param string $login Username
* @param string $password Password * @param string $password Password
* *
* @return bool true if the provided credentials are valid, false otherwise * @return bool true if the provided credentials are valid, false otherwise
*/ */
public function checkCredentials($server, $login, $password) public function checkCredentials($remoteIp, $clientIpId, $login, $password)
{ {
$hash = sha1($password . $login . $this->configManager->get('credentials.salt')); $hash = sha1($password . $login . $this->configManager->get('credentials.salt'));
@ -115,17 +114,16 @@ public function checkCredentials($server, $login, $password)
) { ) {
logm( logm(
$this->configManager->get('resource.log'), $this->configManager->get('resource.log'),
$server['REMOTE_ADDR'], $remoteIp,
'Login failed for user ' . $login 'Login failed for user ' . $login
); );
return false; return false;
} }
$clientIpId = client_ip_id($server);
$this->sessionManager->storeLoginInfo($clientIpId); $this->sessionManager->storeLoginInfo($clientIpId);
logm( logm(
$this->configManager->get('resource.log'), $this->configManager->get('resource.log'),
$server['REMOTE_ADDR'], $remoteIp,
'Login successful' 'Login successful'
); );
return true; return true;

View file

@ -123,6 +123,7 @@
$conf = new ConfigManager(); $conf = new ConfigManager();
$sessionManager = new SessionManager($_SESSION, $conf); $sessionManager = new SessionManager($_SESSION, $conf);
$loginManager = new LoginManager($GLOBALS, $conf, $sessionManager); $loginManager = new LoginManager($GLOBALS, $conf, $sessionManager);
$clientIpId = client_ip_id($_SERVER);
// LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead. // LC_MESSAGES isn't defined without php-intl, in this case use LC_COLLATE locale instead.
if (! defined('LC_MESSAGES')) { if (! defined('LC_MESSAGES')) {
@ -178,7 +179,7 @@
// a token depending of deployment salt, user password, and the current ip // a token depending of deployment salt, user password, and the current ip
define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt'))); define('STAY_SIGNED_IN_TOKEN', sha1($conf->get('credentials.hash') . $_SERVER['REMOTE_ADDR'] . $conf->get('credentials.salt')));
$loginManager->checkLoginState($_SERVER, $_SESSION, $_COOKIE, WEB_PATH, STAY_SIGNED_IN_TOKEN); $loginManager->checkLoginState($_SESSION, $_COOKIE, WEB_PATH, $clientIpId, STAY_SIGNED_IN_TOKEN);
/** /**
* Adapter function for PageBuilder * Adapter function for PageBuilder
@ -200,7 +201,7 @@ function isLoggedIn()
} }
if (isset($_POST['password']) if (isset($_POST['password'])
&& $sessionManager->checkToken($_POST['token']) && $sessionManager->checkToken($_POST['token'])
&& $loginManager->checkCredentials($_SERVER, $_POST['login'], $_POST['password']) && $loginManager->checkCredentials($_SERVER['REMOTE_ADDR'], $clientIpId, $_POST['login'], $_POST['password'])
) { ) {
// Login/password is OK. // Login/password is OK.
$loginManager->handleSuccessfulLogin($_SERVER); $loginManager->handleSuccessfulLogin($_SERVER);