pnp4nagios/share/pnp/application/models/auth_multisite.php

112 lines
3.2 KiB
PHP
Raw Normal View History

2017-05-20 15:26:21 +02:00
<?php defined('SYSPATH') OR die('No direct access allowed.');
class Auth_Multisite_Model {
private $htpasswdPath;
private $serialsPath;
private $secretPath;
private $authFile;
public function __construct($htpasswdPath, $serialsPath, $secretPath, $loginUrl) {
$this->htpasswdPath = $htpasswdPath;
$this->serialsPath = $serialsPath;
$this->secretPath = $secretPath;
$this->loginUrl = $loginUrl;
// When the auth.serial file exists, use this instead of the htpasswd
// for validating the cookie. The structure of the file is equal, so
// the same code can be used.
if(file_exists($this->serialsPath)) {
$this->authFile = 'serial';
} elseif(file_exists($this->htpasswdPath)) {
$this->authFile = 'htpasswd';
} else {
throw new Kohana_exception("error.auth_multisite_missing_htpasswd");
}
if(!file_exists($this->secretPath)) {
$this->redirectToLogin();
}
}
private function loadAuthFile($path) {
$creds = array();
foreach(file($path) AS $line) {
if(strpos($line, ':') !== false) {
list($username, $secret) = explode(':', $line, 2);
$creds[$username] = rtrim($secret);
}
}
return $creds;
}
private function loadSecret() {
return trim(file_get_contents($this->secretPath));
}
private function generateHash($username, $now, $user_secret) {
$secret = $this->loadSecret();
return md5($username . $now . $user_secret . $secret);
}
private function checkAuthCookie($cookieName) {
if(!isset($_COOKIE[$cookieName]) || $_COOKIE[$cookieName] == '') {
throw new Exception();
}
list($username, $issueTime, $cookieHash) = explode(':', $_COOKIE[$cookieName], 3);
if($this->authFile == 'htpasswd')
$users = $this->loadAuthFile($this->htpasswdPath);
else
$users = $this->loadAuthFile($this->serialsPath);
if(!isset($users[$username])) {
throw new Exception();
}
$user_secret = $users[$username];
// Validate the hash
if($cookieHash != $this->generateHash($username, $issueTime, $user_secret)) {
throw new Exception();
}
// FIXME: Maybe renew the cookie here too
return $username;
}
private function checkAuth() {
// Loop all cookies trying to fetch a valid authentication
// cookie for this installation
foreach(array_keys($_COOKIE) AS $cookieName) {
if(substr($cookieName, 0, 5) != 'auth_') {
continue;
}
try {
$name = $this->checkAuthCookie($cookieName);
return $name;
} catch(Exception $e) {}
}
return '';
}
private function redirectToLogin() {
header('Location:' . $this->loginUrl . '?_origtarget=' . $_SERVER['REQUEST_URI']);
}
public function check() {
$username = $this->checkAuth();
if($username === '') {
$this->redirectToLogin();
exit(0);
}
return $username;
}
}
?>