mirror of
https://github.com/Combodo/iTop.git
synced 2026-05-17 06:18:44 +02:00
be able to call cron locally/remotely via any authentication mode that implements iTokenLoginUIExtension (interface badly named)
This commit is contained in:
odain
@@ -9,7 +9,7 @@ use Combodo\iTop\Application\Helper\Session;
|
||||
* @license http://opensource.org/licenses/AGPL-3.0
|
||||
*/
|
||||
|
||||
class LoginBasic extends AbstractLoginFSMExtension
|
||||
class LoginBasic extends AbstractLoginFSMExtension implements iTokenLoginUIExtension
|
||||
{
|
||||
/**
|
||||
* Return the list of supported login modes for this plugin
|
||||
@@ -120,4 +120,21 @@ class LoginBasic extends AbstractLoginFSMExtension
|
||||
}
|
||||
return [$sAuthUser, $sAuthPwd];
|
||||
}
|
||||
|
||||
public function GetTokenInfo(): array
|
||||
{
|
||||
return $this->GetAuthUserAndPassword();
|
||||
}
|
||||
|
||||
public function GetUserLogin(array $aTokenInfo): string
|
||||
{
|
||||
$sLogin = $aTokenInfo[0];
|
||||
$sLoginMode = 'basic';
|
||||
if (UserRights::CheckCredentials($sLogin, $aTokenInfo[1], $sLoginMode, 'internal'))
|
||||
{
|
||||
return $sLogin;
|
||||
}
|
||||
|
||||
throw new Exception("Cannot CheckCredentials user login ($sLogin) with ($sLoginMode) mode");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -12,7 +12,7 @@ use Combodo\iTop\Application\Helper\Session;
|
||||
*
|
||||
* @since 2.7.0
|
||||
*/
|
||||
class LoginForm extends AbstractLoginFSMExtension implements iLoginUIExtension
|
||||
class LoginForm extends AbstractLoginFSMExtension implements iLoginUIExtension, iTokenLoginUIExtension
|
||||
{
|
||||
private $bForceFormOnError = false;
|
||||
|
||||
@@ -32,10 +32,11 @@ class LoginForm extends AbstractLoginFSMExtension implements iLoginUIExtension
|
||||
protected function OnReadCredentials(&$iErrorCode)
|
||||
{
|
||||
if (!Session::IsSet('login_mode') || Session::Get('login_mode') == 'form') {
|
||||
$sAuthUser = utils::ReadPostedParam('auth_user', '', 'raw_data');
|
||||
$sAuthPwd = utils::ReadPostedParam('auth_pwd', null, 'raw_data');
|
||||
if ($this->bForceFormOnError || empty($sAuthUser) || empty($sAuthPwd)) {
|
||||
if (array_key_exists('HTTP_X_COMBODO_AJAX', $_SERVER)) {
|
||||
list($sAuthUser, $sAuthPwd) = $this->GetTokenInfo();
|
||||
if ($this->bForceFormOnError || empty($sAuthUser) || empty($sAuthPwd))
|
||||
{
|
||||
if (array_key_exists('HTTP_X_COMBODO_AJAX', $_SERVER))
|
||||
{
|
||||
// X-Combodo-Ajax is a special header automatically added to all ajax requests
|
||||
// Let's reply that we're currently logged-out
|
||||
header('HTTP/1.0 401 Unauthorized');
|
||||
@@ -64,10 +65,11 @@ class LoginForm extends AbstractLoginFSMExtension implements iLoginUIExtension
|
||||
*/
|
||||
protected function OnCheckCredentials(&$iErrorCode)
|
||||
{
|
||||
if (Session::Get('login_mode') == 'form') {
|
||||
$sAuthUser = utils::ReadPostedParam('auth_user', '', 'raw_data');
|
||||
$sAuthPwd = utils::ReadPostedParam('auth_pwd', null, 'raw_data');
|
||||
if (!UserRights::CheckCredentials($sAuthUser, $sAuthPwd, Session::Get('login_mode'), 'internal')) {
|
||||
if (Session::Get('login_mode') == 'form')
|
||||
{
|
||||
list($sAuthUser, $sAuthPwd) = $this->GetTokenInfo();
|
||||
if (!UserRights::CheckCredentials($sAuthUser, $sAuthPwd, Session::Get('login_mode'), 'internal'))
|
||||
{
|
||||
$iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS;
|
||||
return LoginWebPage::LOGIN_FSM_ERROR;
|
||||
}
|
||||
@@ -145,4 +147,23 @@ class LoginForm extends AbstractLoginFSMExtension implements iLoginUIExtension
|
||||
|
||||
return $oLoginContext;
|
||||
}
|
||||
|
||||
public function GetTokenInfo(): array
|
||||
{
|
||||
$sAuthUser = utils::ReadPostedParam('auth_user', '', 'raw_data');
|
||||
$sAuthPwd = utils::ReadPostedParam('auth_pwd', null, 'raw_data');
|
||||
return [$sAuthUser, $sAuthPwd];
|
||||
}
|
||||
|
||||
public function GetUserLogin(array $aTokenInfo): string
|
||||
{
|
||||
$sLogin = $aTokenInfo[0];
|
||||
$sLoginMode = 'form';
|
||||
if (UserRights::CheckCredentials($sLogin, $aTokenInfo[1], $sLoginMode, 'internal'))
|
||||
{
|
||||
return $sLogin;
|
||||
}
|
||||
|
||||
throw new Exception("Cannot CheckCredentials user login ($sLogin) with ($sLoginMode) mode");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -9,7 +9,7 @@ use Combodo\iTop\Application\Helper\Session;
|
||||
* @license http://opensource.org/licenses/AGPL-3.0
|
||||
*/
|
||||
|
||||
class LoginURL extends AbstractLoginFSMExtension
|
||||
class LoginURL extends AbstractLoginFSMExtension implements iTokenLoginUIExtension
|
||||
{
|
||||
/**
|
||||
* @var bool
|
||||
@@ -28,10 +28,10 @@ class LoginURL extends AbstractLoginFSMExtension
|
||||
|
||||
protected function OnModeDetection(&$iErrorCode)
|
||||
{
|
||||
if (!Session::IsSet('login_mode') && !$this->bErrorOccurred) {
|
||||
$sAuthUser = utils::ReadParam('auth_user', '', false, 'raw_data');
|
||||
$sAuthPwd = utils::ReadParam('auth_pwd', null, false, 'raw_data');
|
||||
if (!empty($sAuthUser) && !empty($sAuthPwd)) {
|
||||
if (!Session::IsSet('login_mode') && !$this->bErrorOccurred)
|
||||
{
|
||||
list($sAuthUser, $sAuthPwd) = $this->GetTokenInfo();
|
||||
{
|
||||
Session::Set('login_mode', 'url');
|
||||
}
|
||||
}
|
||||
@@ -48,10 +48,11 @@ class LoginURL extends AbstractLoginFSMExtension
|
||||
|
||||
protected function OnCheckCredentials(&$iErrorCode)
|
||||
{
|
||||
if (Session::Get('login_mode') == 'url') {
|
||||
$sAuthUser = utils::ReadParam('auth_user', '', false, 'raw_data');
|
||||
$sAuthPwd = utils::ReadParam('auth_pwd', null, false, 'raw_data');
|
||||
if (!UserRights::CheckCredentials($sAuthUser, $sAuthPwd, Session::Get('login_mode'), 'internal')) {
|
||||
if (Session::Get('login_mode') == 'url')
|
||||
{
|
||||
list($sAuthUser, $sAuthPwd) = $this->GetTokenInfo();
|
||||
if (!UserRights::CheckCredentials($sAuthUser, $sAuthPwd, Session::Get('login_mode'), 'internal'))
|
||||
{
|
||||
$iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS;
|
||||
return LoginWebPage::LOGIN_FSM_ERROR;
|
||||
}
|
||||
@@ -84,4 +85,23 @@ class LoginURL extends AbstractLoginFSMExtension
|
||||
}
|
||||
return LoginWebPage::LOGIN_FSM_CONTINUE;
|
||||
}
|
||||
|
||||
public function GetTokenInfo(): array
|
||||
{
|
||||
$sAuthUser = utils::ReadParam('auth_user', '', false, 'raw_data');
|
||||
$sAuthPwd = utils::ReadParam('auth_pwd', null, false, 'raw_data');
|
||||
return [$sAuthUser, $sAuthPwd];
|
||||
}
|
||||
|
||||
public function GetUserLogin(array $aTokenInfo): string
|
||||
{
|
||||
$sLogin = $aTokenInfo[0];
|
||||
$sLoginMode = 'url';
|
||||
if (UserRights::CheckCredentials($sLogin, $aTokenInfo[1], $sLoginMode, 'internal'))
|
||||
{
|
||||
return $sLogin;
|
||||
}
|
||||
|
||||
throw new Exception("Cannot CheckCredentials user login ($sLogin) with ($sLoginMode) mode");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -530,6 +530,26 @@ class LoginWebPage extends NiceWebPage
|
||||
return $aPlugins;
|
||||
}
|
||||
|
||||
public static function GetCurrentLoginPlugin(string $sCurrentLoginMode) : iLoginExtension
|
||||
{
|
||||
/** @var iLoginExtension $oLoginExtensionInstance */
|
||||
foreach (MetaModel::EnumPlugins('iLoginFSMExtension') as $oLoginExtensionInstance)
|
||||
{
|
||||
$aLoginModes = $oLoginExtensionInstance->ListSupportedLoginModes();
|
||||
$aLoginModes = (is_array($aLoginModes) ? $aLoginModes : array());
|
||||
foreach ($aLoginModes as $sLoginMode)
|
||||
{
|
||||
// Keep only the plugins for the current login mode + before + after
|
||||
if ($sLoginMode == $sCurrentLoginMode)
|
||||
{
|
||||
return $oLoginExtensionInstance;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
throw new \Exception("should not happen");
|
||||
}
|
||||
|
||||
/**
|
||||
* Advance Login Finite State Machine to the next step
|
||||
*
|
||||
|
||||
@@ -14,7 +14,10 @@ if (PHP_VERSION_ID < 50600) {
|
||||
echo $err;
|
||||
}
|
||||
}
|
||||
throw new RuntimeException($err);
|
||||
trigger_error(
|
||||
$err,
|
||||
E_USER_ERROR
|
||||
);
|
||||
}
|
||||
|
||||
require_once __DIR__ . '/composer/autoload_real.php';
|
||||
|
||||
@@ -3150,6 +3150,7 @@ return array(
|
||||
'iRestServiceProvider' => $baseDir . '/application/applicationextension.inc.php',
|
||||
'iScheduledProcess' => $baseDir . '/core/backgroundprocess.inc.php',
|
||||
'iSelfRegister' => $baseDir . '/core/userrights.class.inc.php',
|
||||
'iTokenLoginUIExtension' => $baseDir . '/application/applicationextension/login/iTokenLoginUIExtension.php',
|
||||
'iTopConfigParser' => $baseDir . '/core/iTopConfigParser.php',
|
||||
'iTopMutex' => $baseDir . '/core/mutex.class.inc.php',
|
||||
'iTopOwnershipLock' => $baseDir . '/core/ownershiplock.class.inc.php',
|
||||
|
||||
@@ -56,7 +56,7 @@ return array(
|
||||
'Psr\\Cache\\' => array($vendorDir . '/psr/cache/src'),
|
||||
'PhpParser\\' => array($vendorDir . '/nikic/php-parser/lib/PhpParser'),
|
||||
'Pelago\\Emogrifier\\' => array($vendorDir . '/pelago/emogrifier/src'),
|
||||
'League\\OAuth2\\Client\\' => array($vendorDir . '/league/oauth2-google/src', $vendorDir . '/league/oauth2-client/src'),
|
||||
'League\\OAuth2\\Client\\' => array($vendorDir . '/league/oauth2-client/src', $vendorDir . '/league/oauth2-google/src'),
|
||||
'GuzzleHttp\\Psr7\\' => array($vendorDir . '/guzzlehttp/psr7/src'),
|
||||
'GuzzleHttp\\Promise\\' => array($vendorDir . '/guzzlehttp/promises/src'),
|
||||
'GuzzleHttp\\' => array($vendorDir . '/guzzlehttp/guzzle/src'),
|
||||
|
||||
@@ -314,8 +314,8 @@ class ComposerStaticInit7f81b4a2a468a061c306af5e447a9a9f
|
||||
),
|
||||
'League\\OAuth2\\Client\\' =>
|
||||
array (
|
||||
0 => __DIR__ . '/..' . '/league/oauth2-google/src',
|
||||
1 => __DIR__ . '/..' . '/league/oauth2-client/src',
|
||||
0 => __DIR__ . '/..' . '/league/oauth2-client/src',
|
||||
1 => __DIR__ . '/..' . '/league/oauth2-google/src',
|
||||
),
|
||||
'GuzzleHttp\\Psr7\\' =>
|
||||
array (
|
||||
@@ -3509,6 +3509,7 @@ class ComposerStaticInit7f81b4a2a468a061c306af5e447a9a9f
|
||||
'iRestServiceProvider' => __DIR__ . '/../..' . '/application/applicationextension.inc.php',
|
||||
'iScheduledProcess' => __DIR__ . '/../..' . '/core/backgroundprocess.inc.php',
|
||||
'iSelfRegister' => __DIR__ . '/../..' . '/core/userrights.class.inc.php',
|
||||
'iTokenLoginUIExtension' => __DIR__ . '/../..' . '/application/applicationextension/login/iTokenLoginUIExtension.php',
|
||||
'iTopConfigParser' => __DIR__ . '/../..' . '/core/iTopConfigParser.php',
|
||||
'iTopMutex' => __DIR__ . '/../..' . '/core/mutex.class.inc.php',
|
||||
'iTopOwnershipLock' => __DIR__ . '/../..' . '/core/ownershiplock.class.inc.php',
|
||||
|
||||
@@ -36,7 +36,8 @@ if ($issues) {
|
||||
echo 'Composer detected issues in your platform:' . PHP_EOL.PHP_EOL . str_replace('You are running '.PHP_VERSION.'.', '', implode(PHP_EOL, $issues)) . PHP_EOL.PHP_EOL;
|
||||
}
|
||||
}
|
||||
throw new \RuntimeException(
|
||||
'Composer detected issues in your platform: ' . implode(' ', $issues)
|
||||
trigger_error(
|
||||
'Composer detected issues in your platform: ' . implode(' ', $issues),
|
||||
E_USER_ERROR
|
||||
);
|
||||
}
|
||||
|
||||
@@ -466,14 +466,33 @@ try {
|
||||
// Next steps:
|
||||
// specific arguments: 'csv file'
|
||||
//
|
||||
$sAuthUser = ReadMandatoryParam($oP, 'auth_user', 'raw_data');
|
||||
$sAuthPwd = ReadMandatoryParam($oP, 'auth_pwd', 'raw_data');
|
||||
if (UserRights::CheckCredentials($sAuthUser, $sAuthPwd)) {
|
||||
UserRights::Login($sAuthUser); // Login & set the user's language
|
||||
} else {
|
||||
$oP->p("Access wrong credentials ('$sAuthUser')");
|
||||
$oP->output();
|
||||
exit(EXIT_CODE_ERROR);
|
||||
$sTokenInfo = utils::ReadParam('auth_token_info', null, true, 'raw_data');
|
||||
$sLoginMode = utils::ReadParam('login_mode', null, true, 'raw_data');
|
||||
if (is_null($sLoginMode) || is_null($sTokenInfo)) {
|
||||
$sAuthUser = ReadMandatoryParam($oP, 'auth_user', 'raw_data');
|
||||
$sAuthPwd = ReadMandatoryParam($oP, 'auth_pwd', 'raw_data');
|
||||
if (UserRights::CheckCredentials($sAuthUser, $sAuthPwd)) {
|
||||
UserRights::Login($sAuthUser); // Login & set the user's language
|
||||
} else {
|
||||
$oP->p("Access wrong credentials ('$sAuthUser')");
|
||||
$oP->output();
|
||||
exit(EXIT_CODE_ERROR);
|
||||
}
|
||||
} else
|
||||
{
|
||||
$oLoginFSMExtensionInstance = LoginWebPage::GetCurrentLoginPlugin($sLoginMode);
|
||||
|
||||
if ($oLoginFSMExtensionInstance instanceof iTokenLoginUIExtension){
|
||||
$aTokenInfo = json_decode(base64_decode($sTokenInfo), true);
|
||||
|
||||
/** @var iTokenLoginUIExtension $oLoginFSMExtensionInstance */
|
||||
$sAuthUser = $oLoginFSMExtensionInstance->GetUserLogin($aTokenInfo);
|
||||
UserRights::Login($sAuthUser); // Login & set the user's language
|
||||
} else {
|
||||
$oP->p("cannot call cron asynchronously via current login mode $sLoginMode");
|
||||
$oP->output();
|
||||
exit(EXIT_CODE_ERROR);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
require_once(APPROOT.'/application/loginwebpage.class.inc.php');
|
||||
|
||||
@@ -9,21 +9,12 @@ const RUNNING = "running";
|
||||
const STOPPED = "stopped";
|
||||
const ERROR = "error";
|
||||
|
||||
$sAuthUser = ReadParam("auth_user");
|
||||
$sAuthPwd = ReadParam("auth_pwd");
|
||||
|
||||
try {
|
||||
$sAuthUser = ReadParam("auth_user");
|
||||
$sAuthPwd = ReadParam("auth_pwd");
|
||||
|
||||
if (is_null($sAuthUser) || is_null($sAuthPwd)) {
|
||||
throw new \Exception("Missing credentials");
|
||||
}
|
||||
|
||||
if (UserRights::CheckCredentials($sAuthUser, $sAuthPwd)) {
|
||||
UserRights::Login($sAuthUser); // Login & set the user's language
|
||||
} else {
|
||||
throw new \Exception("Invalid credentials");
|
||||
$oCtx = new ContextTag(ContextTag::TAG_CRON);
|
||||
LoginWebPage::ResetSession(true);
|
||||
$iRet = LoginWebPage::DoLogin(false, false, LoginWebPage::EXIT_RETURN);
|
||||
if ($iRet != LoginWebPage::EXIT_CODE_OK){
|
||||
throw new Exception("Unknown authentication error (retCode=$iRet)", RestResult::UNAUTHORIZED);
|
||||
}
|
||||
|
||||
$sLogFilename = ReadParam("cron_log_file", "cron.log");
|
||||
|
||||
@@ -1,21 +1,28 @@
|
||||
<?php
|
||||
|
||||
use Hybridauth\Storage\Session;
|
||||
|
||||
require_once(__DIR__.'/../approot.inc.php');
|
||||
require_once(APPROOT.'/application/application.inc.php');
|
||||
require_once(APPROOT.'/application/startup.inc.php');
|
||||
|
||||
try {
|
||||
$sAuthUser = ReadParam("auth_user");
|
||||
$sAuthPwd = ReadParam("auth_pwd");
|
||||
|
||||
if (is_null($sAuthUser) || is_null($sAuthPwd)) {
|
||||
throw new \Exception("Missing credentials");
|
||||
$oCtx = new ContextTag(ContextTag::TAG_CRON);
|
||||
LoginWebPage::ResetSession(true);
|
||||
$iRet = LoginWebPage::DoLogin(false, false, LoginWebPage::EXIT_RETURN);
|
||||
if ($iRet != LoginWebPage::EXIT_CODE_OK){
|
||||
throw new Exception("Unknown authentication error (retCode=$iRet)", RestResult::UNAUTHORIZED);
|
||||
}
|
||||
|
||||
if (UserRights::CheckCredentials($sAuthUser, $sAuthPwd)) {
|
||||
UserRights::Login($sAuthUser); // Login & set the user's language
|
||||
$sCurrentLoginMode = \Combodo\iTop\Application\Helper\Session::Get('login_mode', '');
|
||||
$oLoginFSMExtensionInstance = LoginWebPage::GetCurrentLoginPlugin($sCurrentLoginMode);
|
||||
|
||||
if ($oLoginFSMExtensionInstance instanceof iTokenLoginUIExtension){
|
||||
/** @var iTokenLoginUIExtension $oLoginFSMExtensionInstance */
|
||||
$aTokenInfo = $oLoginFSMExtensionInstance->GetTokenInfo();
|
||||
$sTokenInfo = base64_encode(json_encode($aTokenInfo));
|
||||
} else {
|
||||
throw new \Exception("Invalid credentials");
|
||||
throw new \Exception("cannot call cron asynchronously via current login mode $sCurrentLoginMode");
|
||||
}
|
||||
|
||||
$sLogFilename = ReadParam("cron_log_file", "cron.log");
|
||||
@@ -30,13 +37,8 @@ try {
|
||||
} else {
|
||||
$sCliParams = trim(base64_decode($sCliParams, true));
|
||||
|
||||
if (false === strpos($sCliParams, '--auth_user=')) {
|
||||
$sCliParams = "--auth_user=$sAuthUser ".$sCliParams;
|
||||
}
|
||||
|
||||
if (false === strpos($sCliParams, '--auth_pwd=')) {
|
||||
$sCliParams = "--auth_pwd=$sAuthPwd ".$sCliParams;
|
||||
}
|
||||
$sCliParams = "--auth_token_info=$sTokenInfo ".$sCliParams;
|
||||
$sCliParams = "--login_mode=$sCurrentLoginMode ".$sCliParams;
|
||||
|
||||
if (false !== strpos($sCliParams, '--status_only=1')) {
|
||||
$bAsynchronous = false;
|
||||
@@ -51,8 +53,6 @@ try {
|
||||
file_put_contents($sLogFile, $sCli);
|
||||
$process = popen($sCli, 'r');
|
||||
} else {
|
||||
|
||||
|
||||
$sCli = sprintf("\n $sPHPExec %s/cron.php $sCliParams", __DIR__);
|
||||
$fp = fopen($sLogFile, 'a+');
|
||||
fwrite($fp, $sCli);
|
||||
|
||||
Reference in New Issue
Block a user