composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-02-12 23:14:18 +01:00
Code Issues Packages Projects Releases Wiki Activity

be able to call cron locally/remotely via any authentication mode that implements iTokenLoginUIExtension (interface badly named)

Browse Source
This commit is contained in:
odain
2026-02-09 23:08:48 +01:00
parent ee13dec3d1
commit 933b72195d
12 changed files with 143 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
application/loginbasic.class.inc.php
View File

@@ -9,7 +9,7 @@ use Combodo\iTop\Application\Helper\Session;
* @license http://opensource.org/licenses/AGPL-3.0 * @license http://opensource.org/licenses/AGPL-3.0
*/ */
class LoginBasic extends AbstractLoginFSMExtension class LoginBasic extends AbstractLoginFSMExtension implements iTokenLoginUIExtension
{ {
/** /**
* Return the list of supported login modes for this plugin * Return the list of supported login modes for this plugin
@@ -143,4 +143,21 @@ class LoginBasic extends AbstractLoginFSMExtension
} }
return array($sAuthUser, $sAuthPwd); return array($sAuthUser, $sAuthPwd);
} }
public function GetTokenInfo(): array
{
return $this->GetAuthUserAndPassword();
}
public function GetUserLogin(array $aTokenInfo): string
{
$sLogin = $aTokenInfo[0];
$sLoginMode = 'basic';
if (UserRights::CheckCredentials($sLogin, $aTokenInfo[1], $sLoginMode, 'internal'))
{
return $sLogin;
}
throw new Exception("Cannot CheckCredentials user login ($sLogin) with ($sLoginMode) mode");
}
} }

27
application/loginform.class.inc.php
View File

@@ -12,7 +12,7 @@ use Combodo\iTop\Application\Helper\Session;
* *
* @since 2.7.0 * @since 2.7.0
*/ */
class LoginForm extends AbstractLoginFSMExtension implements iLoginUIExtension class LoginForm extends AbstractLoginFSMExtension implements iLoginUIExtension, iTokenLoginUIExtension
{ {
private $bForceFormOnError = false; private $bForceFormOnError = false;
@@ -32,8 +32,7 @@ class LoginForm extends AbstractLoginFSMExtension implements iLoginUIExtension
protected function OnReadCredentials(&$iErrorCode) protected function OnReadCredentials(&$iErrorCode)
{ {
if (!Session::IsSet('login_mode') || Session::Get('login_mode') == 'form') { if (!Session::IsSet('login_mode') || Session::Get('login_mode') == 'form') {
$sAuthUser = utils::ReadPostedParam('auth_user', '', 'raw_data'); list($sAuthUser, $sAuthPwd) = $this->GetTokenInfo();
$sAuthPwd = utils::ReadPostedParam('auth_pwd', null, 'raw_data');
if ($this->bForceFormOnError || empty($sAuthUser) || empty($sAuthPwd)) if ($this->bForceFormOnError || empty($sAuthUser) || empty($sAuthPwd))
{ {
if (array_key_exists('HTTP_X_COMBODO_AJAX', $_SERVER)) if (array_key_exists('HTTP_X_COMBODO_AJAX', $_SERVER))
@@ -68,8 +67,7 @@ class LoginForm extends AbstractLoginFSMExtension implements iLoginUIExtension
{ {
if (Session::Get('login_mode') == 'form') if (Session::Get('login_mode') == 'form')
{ {
$sAuthUser = utils::ReadPostedParam('auth_user', '', 'raw_data'); list($sAuthUser, $sAuthPwd) = $this->GetTokenInfo();
$sAuthPwd = utils::ReadPostedParam('auth_pwd', null, 'raw_data');
if (!UserRights::CheckCredentials($sAuthUser, $sAuthPwd, Session::Get('login_mode'), 'internal')) if (!UserRights::CheckCredentials($sAuthUser, $sAuthPwd, Session::Get('login_mode'), 'internal'))
{ {
$iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS; $iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS;
@@ -153,4 +151,23 @@ class LoginForm extends AbstractLoginFSMExtension implements iLoginUIExtension
return $oLoginContext; return $oLoginContext;
} }
public function GetTokenInfo(): array
{
$sAuthUser = utils::ReadPostedParam('auth_user', '', 'raw_data');
$sAuthPwd = utils::ReadPostedParam('auth_pwd', null, 'raw_data');
return [$sAuthUser, $sAuthPwd];
}
public function GetUserLogin(array $aTokenInfo): string
{
$sLogin = $aTokenInfo[0];
$sLoginMode = 'form';
if (UserRights::CheckCredentials($sLogin, $aTokenInfo[1], $sLoginMode, 'internal'))
{
return $sLogin;
}
throw new Exception("Cannot CheckCredentials user login ($sLogin) with ($sLoginMode) mode");
}
} }

28
application/loginurl.class.inc.php
View File

@@ -9,7 +9,7 @@ use Combodo\iTop\Application\Helper\Session;
* @license http://opensource.org/licenses/AGPL-3.0 * @license http://opensource.org/licenses/AGPL-3.0
*/ */
class LoginURL extends AbstractLoginFSMExtension class LoginURL extends AbstractLoginFSMExtension implements iTokenLoginUIExtension
{ {
/** /**
* @var bool * @var bool
@@ -30,9 +30,7 @@ class LoginURL extends AbstractLoginFSMExtension
{ {
if (!Session::IsSet('login_mode') && !$this->bErrorOccurred) if (!Session::IsSet('login_mode') && !$this->bErrorOccurred)
{ {
$sAuthUser = utils::ReadParam('auth_user', '', false, 'raw_data'); list($sAuthUser, $sAuthPwd) = $this->GetTokenInfo();
$sAuthPwd = utils::ReadParam('auth_pwd', null, false, 'raw_data');
if (!empty($sAuthUser) && !empty($sAuthPwd))
{ {
Session::Set('login_mode', 'url'); Session::Set('login_mode', 'url');
} }
@@ -53,8 +51,7 @@ class LoginURL extends AbstractLoginFSMExtension
{ {
if (Session::Get('login_mode') == 'url') if (Session::Get('login_mode') == 'url')
{ {
$sAuthUser = utils::ReadParam('auth_user', '', false, 'raw_data'); list($sAuthUser, $sAuthPwd) = $this->GetTokenInfo();
$sAuthPwd = utils::ReadParam('auth_pwd', null, false, 'raw_data');
if (!UserRights::CheckCredentials($sAuthUser, $sAuthPwd, Session::Get('login_mode'), 'internal')) if (!UserRights::CheckCredentials($sAuthUser, $sAuthPwd, Session::Get('login_mode'), 'internal'))
{ {
$iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS; $iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS;
@@ -92,4 +89,23 @@ class LoginURL extends AbstractLoginFSMExtension
} }
return LoginWebPage::LOGIN_FSM_CONTINUE; return LoginWebPage::LOGIN_FSM_CONTINUE;
} }
public function GetTokenInfo(): array
{
$sAuthUser = utils::ReadParam('auth_user', '', false, 'raw_data');
$sAuthPwd = utils::ReadParam('auth_pwd', null, false, 'raw_data');
return [$sAuthUser, $sAuthPwd];
}
public function GetUserLogin(array $aTokenInfo): string
{
$sLogin = $aTokenInfo[0];
$sLoginMode = 'url';
if (UserRights::CheckCredentials($sLogin, $aTokenInfo[1], $sLoginMode, 'internal'))
{
return $sLogin;
}
throw new Exception("Cannot CheckCredentials user login ($sLogin) with ($sLoginMode) mode");
}
} }

20
application/loginwebpage.class.inc.php
View File

@@ -581,6 +581,26 @@ class LoginWebPage extends NiceWebPage
return $aPlugins; return $aPlugins;
} }
public static function GetCurrentLoginPlugin(string $sCurrentLoginMode) : iLoginExtension
{
/** @var iLoginExtension $oLoginExtensionInstance */
foreach (MetaModel::EnumPlugins('iLoginFSMExtension') as $oLoginExtensionInstance)
{
$aLoginModes = $oLoginExtensionInstance->ListSupportedLoginModes();
$aLoginModes = (is_array($aLoginModes) ? $aLoginModes : array());
foreach ($aLoginModes as $sLoginMode)
{
// Keep only the plugins for the current login mode + before + after
if ($sLoginMode == $sCurrentLoginMode)
{
return $oLoginExtensionInstance;
}
}
}
throw new \Exception("should not happen");
}
/** /**
* Advance Login Finite State Machine to the next step * Advance Login Finite State Machine to the next step
* *

5
lib/autoload.php
View File

@@ -14,7 +14,10 @@ if (PHP_VERSION_ID < 50600) {
echo $err; echo $err;
} }
} }
throw new RuntimeException($err); trigger_error(
$err,
E_USER_ERROR
);
} }
require_once __DIR__ . '/composer/autoload_real.php'; require_once __DIR__ . '/composer/autoload_real.php';

1
lib/composer/autoload_classmap.php
View File

@@ -3169,6 +3169,7 @@ return array(
'iRestServiceProvider' => $baseDir . '/application/applicationextension/rest/iRestServiceProvider.php', 'iRestServiceProvider' => $baseDir . '/application/applicationextension/rest/iRestServiceProvider.php',
'iScheduledProcess' => $baseDir . '/core/backgroundprocess.inc.php', 'iScheduledProcess' => $baseDir . '/core/backgroundprocess.inc.php',
'iSelfRegister' => $baseDir . '/core/userrights.class.inc.php', 'iSelfRegister' => $baseDir . '/core/userrights.class.inc.php',
'iTokenLoginUIExtension' => $baseDir . '/application/applicationextension/login/iTokenLoginUIExtension.php',
'iTopConfigParser' => $baseDir . '/core/iTopConfigParser.php', 'iTopConfigParser' => $baseDir . '/core/iTopConfigParser.php',
'iTopMutex' => $baseDir . '/core/mutex.class.inc.php', 'iTopMutex' => $baseDir . '/core/mutex.class.inc.php',
'iTopOwnershipLock' => $baseDir . '/core/ownershiplock.class.inc.php', 'iTopOwnershipLock' => $baseDir . '/core/ownershiplock.class.inc.php',

2
lib/composer/autoload_psr4.php
View File

@@ -56,7 +56,7 @@ return array(
'Psr\\Cache\\' => array($vendorDir . '/psr/cache/src'), 'Psr\\Cache\\' => array($vendorDir . '/psr/cache/src'),
'PhpParser\\' => array($vendorDir . '/nikic/php-parser/lib/PhpParser'), 'PhpParser\\' => array($vendorDir . '/nikic/php-parser/lib/PhpParser'),
'Pelago\\Emogrifier\\' => array($vendorDir . '/pelago/emogrifier/src'), 'Pelago\\Emogrifier\\' => array($vendorDir . '/pelago/emogrifier/src'),
'League\\OAuth2\\Client\\' => array($vendorDir . '/league/oauth2-google/src', $vendorDir . '/league/oauth2-client/src'), 'League\\OAuth2\\Client\\' => array($vendorDir . '/league/oauth2-client/src', $vendorDir . '/league/oauth2-google/src'),
'GuzzleHttp\\Psr7\\' => array($vendorDir . '/guzzlehttp/psr7/src'), 'GuzzleHttp\\Psr7\\' => array($vendorDir . '/guzzlehttp/psr7/src'),
'GuzzleHttp\\Promise\\' => array($vendorDir . '/guzzlehttp/promises/src'), 'GuzzleHttp\\Promise\\' => array($vendorDir . '/guzzlehttp/promises/src'),
'GuzzleHttp\\' => array($vendorDir . '/guzzlehttp/guzzle/src'), 'GuzzleHttp\\' => array($vendorDir . '/guzzlehttp/guzzle/src'),

5
lib/composer/autoload_static.php
View File

@@ -314,8 +314,8 @@ class ComposerStaticInit7f81b4a2a468a061c306af5e447a9a9f
), ),
'League\\OAuth2\\Client\\' => 'League\\OAuth2\\Client\\' =>
array ( array (
0 => __DIR__ . '/..' . '/league/oauth2-google/src', 0 => __DIR__ . '/..' . '/league/oauth2-client/src',
1 => __DIR__ . '/..' . '/league/oauth2-client/src', 1 => __DIR__ . '/..' . '/league/oauth2-google/src',
), ),
'GuzzleHttp\\Psr7\\' => 'GuzzleHttp\\Psr7\\' =>
array ( array (
@@ -3524,6 +3524,7 @@ class ComposerStaticInit7f81b4a2a468a061c306af5e447a9a9f
'iRestServiceProvider' => __DIR__ . '/../..' . '/application/applicationextension/rest/iRestServiceProvider.php', 'iRestServiceProvider' => __DIR__ . '/../..' . '/application/applicationextension/rest/iRestServiceProvider.php',
'iScheduledProcess' => __DIR__ . '/../..' . '/core/backgroundprocess.inc.php', 'iScheduledProcess' => __DIR__ . '/../..' . '/core/backgroundprocess.inc.php',
'iSelfRegister' => __DIR__ . '/../..' . '/core/userrights.class.inc.php', 'iSelfRegister' => __DIR__ . '/../..' . '/core/userrights.class.inc.php',
'iTokenLoginUIExtension' => __DIR__ . '/../..' . '/application/applicationextension/login/iTokenLoginUIExtension.php',
'iTopConfigParser' => __DIR__ . '/../..' . '/core/iTopConfigParser.php', 'iTopConfigParser' => __DIR__ . '/../..' . '/core/iTopConfigParser.php',
'iTopMutex' => __DIR__ . '/../..' . '/core/mutex.class.inc.php', 'iTopMutex' => __DIR__ . '/../..' . '/core/mutex.class.inc.php',
'iTopOwnershipLock' => __DIR__ . '/../..' . '/core/ownershiplock.class.inc.php', 'iTopOwnershipLock' => __DIR__ . '/../..' . '/core/ownershiplock.class.inc.php',

5
lib/composer/platform_check.php
View File

@@ -36,7 +36,8 @@ if ($issues) {
echo 'Composer detected issues in your platform:' . PHP_EOL.PHP_EOL . str_replace('You are running '.PHP_VERSION.'.', '', implode(PHP_EOL, $issues)) . PHP_EOL.PHP_EOL; echo 'Composer detected issues in your platform:' . PHP_EOL.PHP_EOL . str_replace('You are running '.PHP_VERSION.'.', '', implode(PHP_EOL, $issues)) . PHP_EOL.PHP_EOL;
} }
} }
throw new \RuntimeException( trigger_error(
'Composer detected issues in your platform: ' . implode(' ', $issues) 'Composer detected issues in your platform: ' . implode(' ', $issues),
E_USER_ERROR
); );
} }

39
webservices/cron.php
View File

@@ -518,22 +518,37 @@ try
$bVerbose = utils::ReadParam('verbose', false, true /* Allow CLI */); $bVerbose = utils::ReadParam('verbose', false, true /* Allow CLI */);
$bDebug = utils::ReadParam('debug', false, true /* Allow CLI */); $bDebug = utils::ReadParam('debug', false, true /* Allow CLI */);
if ($bIsModeCLI) if ($bIsModeCLI) {
{
// Next steps: // Next steps:
// specific arguments: 'csv file' // specific arguments: 'csv file'
// //
$sAuthUser = ReadMandatoryParam($oP, 'auth_user', 'raw_data'); $sTokenInfo = utils::ReadParam('auth_token_info', null, true, 'raw_data');
$sAuthPwd = ReadMandatoryParam($oP, 'auth_pwd', 'raw_data'); $sLoginMode = utils::ReadParam('login_mode', null, true, 'raw_data');
if (UserRights::CheckCredentials($sAuthUser, $sAuthPwd)) if (is_null($sLoginMode) || is_null($sTokenInfo)) {
$sAuthUser = ReadMandatoryParam($oP, 'auth_user', 'raw_data');
$sAuthPwd = ReadMandatoryParam($oP, 'auth_pwd', 'raw_data');
if (UserRights::CheckCredentials($sAuthUser, $sAuthPwd)) {
UserRights::Login($sAuthUser); // Login & set the user's language
} else {
$oP->p("Access wrong credentials ('$sAuthUser')");
$oP->output();
exit(EXIT_CODE_ERROR);
}
} else
{ {
UserRights::Login($sAuthUser); // Login & set the user's language $oLoginFSMExtensionInstance = LoginWebPage::GetCurrentLoginPlugin($sLoginMode);
}
else if ($oLoginFSMExtensionInstance instanceof iTokenLoginUIExtension){
{ $aTokenInfo = json_decode(base64_decode($sTokenInfo), true);
$oP->p("Access wrong credentials ('$sAuthUser')");
$oP->output(); /** @var iTokenLoginUIExtension $oLoginFSMExtensionInstance */
exit(EXIT_CODE_ERROR); $sAuthUser = $oLoginFSMExtensionInstance->GetUserLogin($aTokenInfo);
UserRights::Login($sAuthUser); // Login & set the user's language
} else {
$oP->p("cannot call cron asynchronously via current login mode $sLoginMode");
$oP->output();
exit(EXIT_CODE_ERROR);
}
} }
} }
else else

19
webservices/cron_status.php
View File

@@ -9,21 +9,12 @@ const RUNNING = "running";
const STOPPED = "stopped"; const STOPPED = "stopped";
const ERROR = "error"; const ERROR = "error";
$sAuthUser = ReadParam("auth_user");
$sAuthPwd = ReadParam("auth_pwd");
try { try {
$sAuthUser = ReadParam("auth_user"); $oCtx = new ContextTag(ContextTag::TAG_CRON);
$sAuthPwd = ReadParam("auth_pwd"); LoginWebPage::ResetSession(true);
$iRet = LoginWebPage::DoLogin(false, false, LoginWebPage::EXIT_RETURN);
if (is_null($sAuthUser) || is_null($sAuthPwd)) { if ($iRet != LoginWebPage::EXIT_CODE_OK){
throw new \Exception("Missing credentials"); throw new Exception("Unknown authentication error (retCode=$iRet)", RestResult::UNAUTHORIZED);
}
if (UserRights::CheckCredentials($sAuthUser, $sAuthPwd)) {
UserRights::Login($sAuthUser); // Login & set the user's language
} else {
throw new \Exception("Invalid credentials");
} }
$sLogFilename = ReadParam("cron_log_file", "cron.log"); $sLogFilename = ReadParam("cron_log_file", "cron.log");

34
webservices/launch_cron_asynchronously.php
View File

@@ -1,21 +1,28 @@
<?php <?php
use Hybridauth\Storage\Session;
require_once(__DIR__.'/../approot.inc.php'); require_once(__DIR__.'/../approot.inc.php');
require_once(APPROOT.'/application/application.inc.php'); require_once(APPROOT.'/application/application.inc.php');
require_once(APPROOT.'/application/startup.inc.php'); require_once(APPROOT.'/application/startup.inc.php');
try { try {
$sAuthUser = ReadParam("auth_user"); $oCtx = new ContextTag(ContextTag::TAG_CRON);
$sAuthPwd = ReadParam("auth_pwd"); LoginWebPage::ResetSession(true);
$iRet = LoginWebPage::DoLogin(false, false, LoginWebPage::EXIT_RETURN);
if (is_null($sAuthUser) || is_null($sAuthPwd)) { if ($iRet != LoginWebPage::EXIT_CODE_OK){
throw new \Exception("Missing credentials"); throw new Exception("Unknown authentication error (retCode=$iRet)", RestResult::UNAUTHORIZED);
} }
if (UserRights::CheckCredentials($sAuthUser, $sAuthPwd)) { $sCurrentLoginMode = \Combodo\iTop\Application\Helper\Session::Get('login_mode', '');
UserRights::Login($sAuthUser); // Login & set the user's language $oLoginFSMExtensionInstance = LoginWebPage::GetCurrentLoginPlugin($sCurrentLoginMode);
if ($oLoginFSMExtensionInstance instanceof iTokenLoginUIExtension){
/** @var iTokenLoginUIExtension $oLoginFSMExtensionInstance */
$aTokenInfo = $oLoginFSMExtensionInstance->GetTokenInfo();
$sTokenInfo = base64_encode(json_encode($aTokenInfo));
} else { } else {
throw new \Exception("Invalid credentials"); throw new \Exception("cannot call cron asynchronously via current login mode $sCurrentLoginMode");
} }
$sLogFilename = ReadParam("cron_log_file", "cron.log"); $sLogFilename = ReadParam("cron_log_file", "cron.log");
@@ -30,13 +37,8 @@ try {
} else { } else {
$sCliParams = trim(base64_decode($sCliParams, true)); $sCliParams = trim(base64_decode($sCliParams, true));
if (false === strpos($sCliParams, '--auth_user=')) { $sCliParams = "--auth_token_info=$sTokenInfo ".$sCliParams;
$sCliParams = "--auth_user=$sAuthUser ".$sCliParams; $sCliParams = "--login_mode=$sCurrentLoginMode ".$sCliParams;
}
if (false === strpos($sCliParams, '--auth_pwd=')) {
$sCliParams = "--auth_pwd=$sAuthPwd ".$sCliParams;
}
if (false !== strpos($sCliParams, '--status_only=1')) { if (false !== strpos($sCliParams, '--status_only=1')) {
$bAsynchronous = false; $bAsynchronous = false;
@@ -51,8 +53,6 @@ try {
file_put_contents($sLogFile, $sCli); file_put_contents($sLogFile, $sCli);
$process = popen($sCli, 'r'); $process = popen($sCli, 'r');
} else { } else {
$sCli = sprintf("\n $sPHPExec %s/cron.php $sCliParams", __DIR__); $sCli = sprintf("\n $sPHPExec %s/cron.php $sCliParams", __DIR__);
$fp = fopen($sLogFile, 'a+'); $fp = fopen($sLogFile, 'a+');
fwrite($fp, $sCli); fwrite($fp, $sCli);