diff --git a/classes/iauthmodule.php b/classes/iauthmodule.php new file mode 100644 index 000000000..d47dbacfb --- /dev/null +++ b/classes/iauthmodule.php @@ -0,0 +1,5 @@ + diff --git a/classes/pluginhost.php b/classes/pluginhost.php index 545e62e01..d97dfa666 100644 --- a/classes/pluginhost.php +++ b/classes/pluginhost.php @@ -13,6 +13,7 @@ class PluginHost { const HOOK_PREFS_TABS = 5; const HOOK_FEED_PARSED = 6; const HOOK_UPDATE_TASK = 7; + const HOOK_AUTH_USER = 8; const KIND_ALL = 1; const KIND_SYSTEM = 2; diff --git a/classes/pref/prefs.php b/classes/pref/prefs.php index e8926194e..0922e43a8 100644 --- a/classes/pref/prefs.php +++ b/classes/pref/prefs.php @@ -28,8 +28,8 @@ class Pref_Prefs extends Handler_Protected { return; } - $module_class = "auth_" . $_SESSION["auth_module"]; - $authenticator = new $module_class($this->link); + global $pluginhost; + $authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]); if (method_exists($authenticator, "change_password")) { print $authenticator->change_password($_SESSION["uid"], $old_pw, $new_pw); @@ -188,9 +188,11 @@ class Pref_Prefs extends Handler_Protected { print ""; - if ($_SESSION["auth_module"]) { - $module_class = "auth_" . $_SESSION["auth_module"]; - $authenticator = new $module_class($this->link); + if ($_SESSION["auth_module"]) { + global $pluginhost; + + $authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]); + } else { $authenticator = false; } @@ -258,7 +260,7 @@ class Pref_Prefs extends Handler_Protected { print ""; - if ($_SESSION["auth_module"] == "internal") { + if ($_SESSION["auth_module"] == "auth_internal") { print "

" . __("One time passwords / Authenticator") . "

"; @@ -802,11 +804,11 @@ class Pref_Prefs extends Handler_Protected { function otpenable() { $password = db_escape_string($_REQUEST["password"]); - - $module_class = "auth_" . $_SESSION["auth_module"]; - $authenticator = new $module_class($this->link); $enable_otp = $_REQUEST["enable_otp"] == "on"; + global $pluginhost; + $authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]); + if ($authenticator->check_password($_SESSION["uid"], $password)) { if ($enable_otp) { @@ -824,8 +826,8 @@ class Pref_Prefs extends Handler_Protected { function otpdisable() { $password = db_escape_string($_REQUEST["password"]); - $module_class = "auth_" . $_SESSION["auth_module"]; - $authenticator = new $module_class($this->link); + global $pluginhost; + $authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]); if ($authenticator->check_password($_SESSION["uid"], $password)) { diff --git a/config.php-dist b/config.php-dist index cd7a29be6..e0949c61e 100644 --- a/config.php-dist +++ b/config.php-dist @@ -52,15 +52,7 @@ // *** Authentication *** // ********************** - define('AUTH_MODULES', 'internal'); - // Comma-separated list of authentication modules to use. - // Available modules are: - // internal - tt-rss internal user DB - // remote - use server REMOTE_USER variable or client SSL certificate if enabled - // imap - authenticates using an IMAP server (check classes/auth/imap.php for some - // stuff you need to put into config.php) - // in preferences - // + // Please see PLUGINS below to configure various authentication modules. define('AUTH_AUTO_CREATE', true); // Allow authentication modules to auto-create users in tt-rss internal @@ -173,12 +165,13 @@ // if you experience weird errors and tt-rss failing to start, blank pages // after login, or content encoding errors, disable it. - define('PLUGINS', 'note'); - // Comma-separated list of plugins to load automatically for all users. - // System plugins have to be specified here. + define('PLUGINS', 'auth_remote, auth_internal, note'); + // Comma-separated list of plugins to load automatically for all users. + // System plugins have to be specified here. Please enable at least one + // authentication plugin here (auth_*). // Users may enable other user plugins from Preferences/Plugins but may not // disable plugins specified in this list. - + define('FEEDBACK_URL', ''); // Displays an URL for users to provide feedback or comments regarding // this instance of tt-rss. Can lead to a forum, contact email, etc. diff --git a/include/functions.php b/include/functions.php index d03fcfb15..f6ef7c2b3 100644 --- a/include/functions.php +++ b/include/functions.php @@ -547,7 +547,7 @@ if (!SINGLE_USER_MODE) { $user_id = false; - $modules = explode(",", AUTH_MODULES); + /* $modules = explode(",", AUTH_MODULES); foreach ($modules as $module) { $module_class = "auth_$module"; @@ -565,6 +565,17 @@ print T_sprintf("Fatal: authentication module %s not found.", $module); die; } + } */ + + global $pluginhost; + foreach ($pluginhost->get_hooks($pluginhost::HOOK_AUTH_USER) as $plugin) { + + $user_id = (int) $plugin->authenticate($login, $password); + + if ($user_id) { + $_SESSION["auth_module"] = strtolower(get_class($plugin)); + break; + } } if ($user_id && !$check_only) { diff --git a/include/sanity_config.php b/include/sanity_config.php index f5436b6b0..04058560f 100644 --- a/include/sanity_config.php +++ b/include/sanity_config.php @@ -1,3 +1,3 @@ - +$requred_defines = array( 'DB_TYPE', 'DB_HOST', 'DB_USER', 'DB_NAME', 'DB_PASS', 'MYSQL_CHARSET', 'SELF_URL_PATH', 'SINGLE_USER_MODE', 'PHP_EXECUTABLE', 'LOCK_DIRECTORY', 'CACHE_DIR', 'ICONS_DIR', 'ICONS_URL', 'AUTH_AUTO_CREATE', 'AUTH_AUTO_LOGIN', 'FORCE_ARTICLE_PURGE', 'PUBSUBHUBBUB_HUB', 'PUBSUBHUBBUB_ENABLED', 'SPHINX_ENABLED', 'SPHINX_INDEX', 'ENABLE_REGISTRATION', 'REG_NOTIFY_ADDRESS', 'REG_MAX_USERS', 'SESSION_COOKIE_LIFETIME', 'SESSION_EXPIRE_TIME', 'SESSION_CHECK_ADDRESS', 'SMTP_FROM_NAME', 'SMTP_FROM_ADDRESS', 'DIGEST_SUBJECT', 'SMTP_HOST', 'SMTP_LOGIN', 'SMTP_PASSWORD', 'CHECK_FOR_NEW_VERSION', 'ENABLE_GZIP_OUTPUT', 'PLUGINS', 'FEEDBACK_URL', 'CONFIG_VERSION'); ?> diff --git a/classes/auth/imap.php b/plugins/auth_imap/auth_imap.php similarity index 52% rename from classes/auth/imap.php rename to plugins/auth_imap/auth_imap.php index 52664eb3e..cca279cb3 100644 --- a/classes/auth/imap.php +++ b/plugins/auth_imap/auth_imap.php @@ -6,9 +6,27 @@ define('IMAP_AUTH_OPTIONS', '/tls/novalidate-cert/norsh'); // More about options: http://php.net/manual/ru/function.imap-open.php - */ +*/ +class Auth_Imap extends Plugin implements IAuthModule { + + private $link; + private $host; + private $base; + + function about() { + return array(1.0, + "Authenticates against an IMAP server (configured in config.php)", + "fox", + true); + } + + function init($host) { + $this->link = $host->get_link(); + $this->host = $host; + $this->base = new Auth_Base($this->link); -class Auth_Imap extends Auth_Base { + $host->add_hook($host::HOOK_AUTH_USER, $this); + } function authenticate($login, $password) { @@ -21,7 +39,7 @@ class Auth_Imap extends Auth_Base { if ($imap) { imap_close($imap); - return $this->auto_create_user($login); + return $this->base->auto_create_user($login); } } @@ -29,4 +47,5 @@ class Auth_Imap extends Auth_Base { } } + ?> diff --git a/classes/auth/internal.php b/plugins/auth_internal/auth_internal.php similarity index 93% rename from classes/auth/internal.php rename to plugins/auth_internal/auth_internal.php index 37014ce47..cf6c13780 100644 --- a/classes/auth/internal.php +++ b/plugins/auth_internal/auth_internal.php @@ -1,5 +1,22 @@ link = $host->get_link(); + $this->host = $host; + + $host->add_hook($host::HOOK_AUTH_USER, $this); + } function authenticate($login, $password) { diff --git a/classes/auth/remote.php b/plugins/auth_remote/auth_remote.php similarity index 77% rename from classes/auth/remote.php rename to plugins/auth_remote/auth_remote.php index 6892a3528..65f188b8f 100644 --- a/classes/auth/remote.php +++ b/plugins/auth_remote/auth_remote.php @@ -1,5 +1,25 @@ link = $host->get_link(); + $this->host = $host; + $this->base = new Auth_Base($this->link); + + $host->add_hook($host::HOOK_AUTH_USER, $this); + } + function get_login_by_ssl_certificate() { $cert_serial = db_escape_string(get_ssl_certificate_id()); @@ -24,7 +44,7 @@ class Auth_Remote extends Auth_Base { # if (!$try_login) $try_login = "test_qqq"; if ($try_login) { - $user_id = $this->auto_create_user($try_login); + $user_id = $this->base->auto_create_user($try_login); if ($user_id) { $_SESSION["fake_login"] = $try_login;