diff --git a/classes/iauthmodule.php b/classes/iauthmodule.php
new file mode 100644
index 000000000..d47dbacfb
--- /dev/null
+++ b/classes/iauthmodule.php
@@ -0,0 +1,5 @@
+
diff --git a/classes/pluginhost.php b/classes/pluginhost.php
index 545e62e01..d97dfa666 100644
--- a/classes/pluginhost.php
+++ b/classes/pluginhost.php
@@ -13,6 +13,7 @@ class PluginHost {
const HOOK_PREFS_TABS = 5;
const HOOK_FEED_PARSED = 6;
const HOOK_UPDATE_TASK = 7;
+ const HOOK_AUTH_USER = 8;
const KIND_ALL = 1;
const KIND_SYSTEM = 2;
diff --git a/classes/pref/prefs.php b/classes/pref/prefs.php
index e8926194e..0922e43a8 100644
--- a/classes/pref/prefs.php
+++ b/classes/pref/prefs.php
@@ -28,8 +28,8 @@ class Pref_Prefs extends Handler_Protected {
return;
}
- $module_class = "auth_" . $_SESSION["auth_module"];
- $authenticator = new $module_class($this->link);
+ global $pluginhost;
+ $authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]);
if (method_exists($authenticator, "change_password")) {
print $authenticator->change_password($_SESSION["uid"], $old_pw, $new_pw);
@@ -188,9 +188,11 @@ class Pref_Prefs extends Handler_Protected {
print "";
- if ($_SESSION["auth_module"]) {
- $module_class = "auth_" . $_SESSION["auth_module"];
- $authenticator = new $module_class($this->link);
+ if ($_SESSION["auth_module"]) {
+ global $pluginhost;
+
+ $authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]);
+
} else {
$authenticator = false;
}
@@ -258,7 +260,7 @@ class Pref_Prefs extends Handler_Protected {
print "";
- if ($_SESSION["auth_module"] == "internal") {
+ if ($_SESSION["auth_module"] == "auth_internal") {
print "
" . __("One time passwords / Authenticator") . "
";
@@ -802,11 +804,11 @@ class Pref_Prefs extends Handler_Protected {
function otpenable() {
$password = db_escape_string($_REQUEST["password"]);
-
- $module_class = "auth_" . $_SESSION["auth_module"];
- $authenticator = new $module_class($this->link);
$enable_otp = $_REQUEST["enable_otp"] == "on";
+ global $pluginhost;
+ $authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]);
+
if ($authenticator->check_password($_SESSION["uid"], $password)) {
if ($enable_otp) {
@@ -824,8 +826,8 @@ class Pref_Prefs extends Handler_Protected {
function otpdisable() {
$password = db_escape_string($_REQUEST["password"]);
- $module_class = "auth_" . $_SESSION["auth_module"];
- $authenticator = new $module_class($this->link);
+ global $pluginhost;
+ $authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]);
if ($authenticator->check_password($_SESSION["uid"], $password)) {
diff --git a/config.php-dist b/config.php-dist
index cd7a29be6..e0949c61e 100644
--- a/config.php-dist
+++ b/config.php-dist
@@ -52,15 +52,7 @@
// *** Authentication ***
// **********************
- define('AUTH_MODULES', 'internal');
- // Comma-separated list of authentication modules to use.
- // Available modules are:
- // internal - tt-rss internal user DB
- // remote - use server REMOTE_USER variable or client SSL certificate if enabled
- // imap - authenticates using an IMAP server (check classes/auth/imap.php for some
- // stuff you need to put into config.php)
- // in preferences
- //
+ // Please see PLUGINS below to configure various authentication modules.
define('AUTH_AUTO_CREATE', true);
// Allow authentication modules to auto-create users in tt-rss internal
@@ -173,12 +165,13 @@
// if you experience weird errors and tt-rss failing to start, blank pages
// after login, or content encoding errors, disable it.
- define('PLUGINS', 'note');
- // Comma-separated list of plugins to load automatically for all users.
- // System plugins have to be specified here.
+ define('PLUGINS', 'auth_remote, auth_internal, note');
+ // Comma-separated list of plugins to load automatically for all users.
+ // System plugins have to be specified here. Please enable at least one
+ // authentication plugin here (auth_*).
// Users may enable other user plugins from Preferences/Plugins but may not
// disable plugins specified in this list.
-
+
define('FEEDBACK_URL', '');
// Displays an URL for users to provide feedback or comments regarding
// this instance of tt-rss. Can lead to a forum, contact email, etc.
diff --git a/include/functions.php b/include/functions.php
index d03fcfb15..f6ef7c2b3 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -547,7 +547,7 @@
if (!SINGLE_USER_MODE) {
$user_id = false;
- $modules = explode(",", AUTH_MODULES);
+ /* $modules = explode(",", AUTH_MODULES);
foreach ($modules as $module) {
$module_class = "auth_$module";
@@ -565,6 +565,17 @@
print T_sprintf("Fatal: authentication module %s not found.", $module);
die;
}
+ } */
+
+ global $pluginhost;
+ foreach ($pluginhost->get_hooks($pluginhost::HOOK_AUTH_USER) as $plugin) {
+
+ $user_id = (int) $plugin->authenticate($login, $password);
+
+ if ($user_id) {
+ $_SESSION["auth_module"] = strtolower(get_class($plugin));
+ break;
+ }
}
if ($user_id && !$check_only) {
diff --git a/include/sanity_config.php b/include/sanity_config.php
index f5436b6b0..04058560f 100644
--- a/include/sanity_config.php
+++ b/include/sanity_config.php
@@ -1,3 +1,3 @@
-
+$requred_defines = array( 'DB_TYPE', 'DB_HOST', 'DB_USER', 'DB_NAME', 'DB_PASS', 'MYSQL_CHARSET', 'SELF_URL_PATH', 'SINGLE_USER_MODE', 'PHP_EXECUTABLE', 'LOCK_DIRECTORY', 'CACHE_DIR', 'ICONS_DIR', 'ICONS_URL', 'AUTH_AUTO_CREATE', 'AUTH_AUTO_LOGIN', 'FORCE_ARTICLE_PURGE', 'PUBSUBHUBBUB_HUB', 'PUBSUBHUBBUB_ENABLED', 'SPHINX_ENABLED', 'SPHINX_INDEX', 'ENABLE_REGISTRATION', 'REG_NOTIFY_ADDRESS', 'REG_MAX_USERS', 'SESSION_COOKIE_LIFETIME', 'SESSION_EXPIRE_TIME', 'SESSION_CHECK_ADDRESS', 'SMTP_FROM_NAME', 'SMTP_FROM_ADDRESS', 'DIGEST_SUBJECT', 'SMTP_HOST', 'SMTP_LOGIN', 'SMTP_PASSWORD', 'CHECK_FOR_NEW_VERSION', 'ENABLE_GZIP_OUTPUT', 'PLUGINS', 'FEEDBACK_URL', 'CONFIG_VERSION'); ?>
diff --git a/classes/auth/imap.php b/plugins/auth_imap/auth_imap.php
similarity index 52%
rename from classes/auth/imap.php
rename to plugins/auth_imap/auth_imap.php
index 52664eb3e..cca279cb3 100644
--- a/classes/auth/imap.php
+++ b/plugins/auth_imap/auth_imap.php
@@ -6,9 +6,27 @@
define('IMAP_AUTH_OPTIONS', '/tls/novalidate-cert/norsh');
// More about options: http://php.net/manual/ru/function.imap-open.php
- */
+*/
+class Auth_Imap extends Plugin implements IAuthModule {
+
+ private $link;
+ private $host;
+ private $base;
+
+ function about() {
+ return array(1.0,
+ "Authenticates against an IMAP server (configured in config.php)",
+ "fox",
+ true);
+ }
+
+ function init($host) {
+ $this->link = $host->get_link();
+ $this->host = $host;
+ $this->base = new Auth_Base($this->link);
-class Auth_Imap extends Auth_Base {
+ $host->add_hook($host::HOOK_AUTH_USER, $this);
+ }
function authenticate($login, $password) {
@@ -21,7 +39,7 @@ class Auth_Imap extends Auth_Base {
if ($imap) {
imap_close($imap);
- return $this->auto_create_user($login);
+ return $this->base->auto_create_user($login);
}
}
@@ -29,4 +47,5 @@ class Auth_Imap extends Auth_Base {
}
}
+
?>
diff --git a/classes/auth/internal.php b/plugins/auth_internal/auth_internal.php
similarity index 93%
rename from classes/auth/internal.php
rename to plugins/auth_internal/auth_internal.php
index 37014ce47..cf6c13780 100644
--- a/classes/auth/internal.php
+++ b/plugins/auth_internal/auth_internal.php
@@ -1,5 +1,22 @@
link = $host->get_link();
+ $this->host = $host;
+
+ $host->add_hook($host::HOOK_AUTH_USER, $this);
+ }
function authenticate($login, $password) {
diff --git a/classes/auth/remote.php b/plugins/auth_remote/auth_remote.php
similarity index 77%
rename from classes/auth/remote.php
rename to plugins/auth_remote/auth_remote.php
index 6892a3528..65f188b8f 100644
--- a/classes/auth/remote.php
+++ b/plugins/auth_remote/auth_remote.php
@@ -1,5 +1,25 @@
link = $host->get_link();
+ $this->host = $host;
+ $this->base = new Auth_Base($this->link);
+
+ $host->add_hook($host::HOOK_AUTH_USER, $this);
+ }
+
function get_login_by_ssl_certificate() {
$cert_serial = db_escape_string(get_ssl_certificate_id());
@@ -24,7 +44,7 @@ class Auth_Remote extends Auth_Base {
# if (!$try_login) $try_login = "test_qqq";
if ($try_login) {
- $user_id = $this->auto_create_user($try_login);
+ $user_id = $this->base->auto_create_user($try_login);
if ($user_id) {
$_SESSION["fake_login"] = $try_login;