2013-06-14 07:51:44 -04:00
|
|
|
<?php
|
|
|
|
|
// {{{ICINGA_LICENSE_HEADER}}}
|
|
|
|
|
// {{{ICINGA_LICENSE_HEADER}}}
|
|
|
|
|
|
|
|
|
|
# namespace Icinga\Application\Controllers;
|
|
|
|
|
|
2014-03-03 11:21:17 -05:00
|
|
|
use Icinga\Application\Config;
|
2014-12-29 08:30:47 -05:00
|
|
|
use Icinga\Application\Icinga;
|
2014-10-31 05:27:17 -04:00
|
|
|
use Icinga\Application\Logger;
|
2014-12-29 08:30:47 -05:00
|
|
|
use Icinga\Authentication\AuthChain;
|
|
|
|
|
use Icinga\Authentication\Backend\AutoLoginBackend;
|
2014-06-02 09:47:21 -04:00
|
|
|
use Icinga\Exception\AuthenticationException;
|
2014-03-03 11:21:17 -05:00
|
|
|
use Icinga\Exception\ConfigurationError;
|
2014-12-29 08:30:47 -05:00
|
|
|
use Icinga\Exception\NotReadableError;
|
|
|
|
|
use Icinga\Forms\Authentication\LoginForm;
|
2014-03-03 11:21:17 -05:00
|
|
|
use Icinga\User;
|
2014-12-29 08:30:47 -05:00
|
|
|
use Icinga\Web\Controller\ActionController;
|
2014-03-06 06:07:24 -05:00
|
|
|
use Icinga\Web\Url;
|
2013-07-12 10:10:56 -04:00
|
|
|
|
2013-06-14 07:51:44 -04:00
|
|
|
/**
|
2013-08-16 08:56:23 -04:00
|
|
|
* Application wide controller for authentication
|
2013-06-14 07:51:44 -04:00
|
|
|
*/
|
|
|
|
|
class AuthenticationController extends ActionController
|
|
|
|
|
{
|
|
|
|
|
/**
|
2014-01-23 10:03:47 -05:00
|
|
|
* This controller does not require authentication
|
2013-08-16 08:56:23 -04:00
|
|
|
*
|
2013-06-14 07:51:44 -04:00
|
|
|
* @var bool
|
|
|
|
|
*/
|
2013-08-30 09:50:49 -04:00
|
|
|
protected $requiresAuthentication = false;
|
2013-06-14 07:51:44 -04:00
|
|
|
|
|
|
|
|
/**
|
2013-08-16 08:56:23 -04:00
|
|
|
* Log into the application
|
2013-06-14 07:51:44 -04:00
|
|
|
*/
|
|
|
|
|
public function loginAction()
|
|
|
|
|
{
|
2014-12-29 08:30:06 -05:00
|
|
|
$icinga = Icinga::app();
|
|
|
|
|
if ($icinga->setupTokenExists() && $icinga->requiresSetup()) {
|
2014-11-18 07:13:02 -05:00
|
|
|
$this->redirectNow(Url::fromPath('setup'));
|
2014-09-10 08:48:33 -04:00
|
|
|
}
|
|
|
|
|
|
2014-06-22 14:08:55 -04:00
|
|
|
$auth = $this->Auth();
|
2014-08-19 04:14:46 -04:00
|
|
|
$this->view->form = $form = new LoginForm();
|
2014-05-27 17:47:13 -04:00
|
|
|
$this->view->title = $this->translate('Icingaweb Login');
|
2014-03-28 09:45:03 -04:00
|
|
|
|
2013-06-24 12:46:45 -04:00
|
|
|
try {
|
2014-08-19 04:14:46 -04:00
|
|
|
$redirectUrl = $this->view->form->getValue('redirect');
|
|
|
|
|
if ($redirectUrl) {
|
|
|
|
|
$redirectUrl = Url::fromPath($redirectUrl);
|
|
|
|
|
} else {
|
|
|
|
|
$redirectUrl = Url::fromPath('dashboard');
|
|
|
|
|
}
|
2014-06-03 11:59:22 -04:00
|
|
|
|
2013-06-24 12:46:45 -04:00
|
|
|
if ($auth->isAuthenticated()) {
|
2014-06-22 14:06:45 -04:00
|
|
|
$this->rerenderLayout()->redirectNow($redirectUrl);
|
2013-06-24 12:46:45 -04:00
|
|
|
}
|
2014-03-28 09:45:03 -04:00
|
|
|
|
2014-06-03 11:59:22 -04:00
|
|
|
try {
|
|
|
|
|
$config = Config::app('authentication');
|
|
|
|
|
} catch (NotReadableError $e) {
|
|
|
|
|
throw new ConfigurationError(
|
2014-11-13 09:41:31 -05:00
|
|
|
$this->translate('Could not read your authentication.ini, no authentication methods are available.'),
|
2014-08-20 07:13:50 -04:00
|
|
|
0,
|
|
|
|
|
$e
|
2014-06-03 11:59:22 -04:00
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$chain = new AuthChain($config);
|
2014-07-18 04:23:04 -04:00
|
|
|
$request = $this->getRequest();
|
|
|
|
|
if ($request->isPost() && $this->view->form->isValid($request->getPost())) {
|
2014-06-02 08:04:45 -04:00
|
|
|
$user = new User($this->view->form->getValue('username'));
|
|
|
|
|
$password = $this->view->form->getValue('password');
|
2014-03-03 11:21:17 -05:00
|
|
|
$backendsTried = 0;
|
2014-03-28 09:45:03 -04:00
|
|
|
$backendsWithError = 0;
|
2014-06-03 11:59:22 -04:00
|
|
|
|
2014-08-19 04:14:46 -04:00
|
|
|
$redirectUrl = $form->getValue('redirect');
|
|
|
|
|
|
|
|
|
|
if ($redirectUrl) {
|
|
|
|
|
$redirectUrl = Url::fromPath($redirectUrl);
|
|
|
|
|
} else {
|
|
|
|
|
$redirectUrl = Url::fromPath('dashboard');
|
|
|
|
|
}
|
|
|
|
|
|
2014-03-03 11:21:17 -05:00
|
|
|
foreach ($chain as $backend) {
|
2014-06-03 11:59:22 -04:00
|
|
|
if ($backend instanceof AutoLoginBackend) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2014-06-06 03:33:29 -04:00
|
|
|
++$backendsTried;
|
2014-06-02 09:47:21 -04:00
|
|
|
try {
|
|
|
|
|
$authenticated = $backend->authenticate($user, $password);
|
|
|
|
|
} catch (AuthenticationException $e) {
|
|
|
|
|
Logger::error($e);
|
|
|
|
|
++$backendsWithError;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2014-03-28 09:45:03 -04:00
|
|
|
if ($authenticated === true) {
|
|
|
|
|
$auth->setAuthenticated($user);
|
2014-06-22 14:06:45 -04:00
|
|
|
$this->rerenderLayout()->redirectNow($redirectUrl);
|
2014-03-03 11:21:17 -05:00
|
|
|
}
|
|
|
|
|
}
|
2014-07-09 06:53:25 -04:00
|
|
|
if ($backendsTried === 0) {
|
2014-11-12 10:23:55 -05:00
|
|
|
$this->view->form->addError(
|
2014-08-19 12:55:58 -04:00
|
|
|
$this->translate(
|
|
|
|
|
'No authentication methods available. Did you create'
|
2014-11-10 04:30:52 -05:00
|
|
|
. ' authentication.ini when setting up Icinga Web 2?'
|
2014-08-19 12:55:58 -04:00
|
|
|
)
|
2014-07-09 06:53:25 -04:00
|
|
|
);
|
2014-11-12 10:23:55 -05:00
|
|
|
} else if ($backendsTried === $backendsWithError) {
|
|
|
|
|
$this->view->form->addError(
|
2014-06-02 09:47:21 -04:00
|
|
|
$this->translate(
|
2014-08-19 12:55:58 -04:00
|
|
|
'All configured authentication methods failed.'
|
|
|
|
|
. ' Please check the system log or Icinga Web 2 log for more information.'
|
2014-06-02 09:47:21 -04:00
|
|
|
)
|
2014-03-03 11:21:17 -05:00
|
|
|
);
|
2014-11-12 10:23:55 -05:00
|
|
|
} elseif ($backendsWithError) {
|
|
|
|
|
$this->view->form->addError(
|
2014-06-02 09:47:21 -04:00
|
|
|
$this->translate(
|
2014-09-30 09:59:11 -04:00
|
|
|
'Please note that not all authentication methods were available.'
|
2014-08-19 12:55:58 -04:00
|
|
|
. ' Check the system log or Icinga Web 2 log for more information.'
|
2014-06-02 09:47:21 -04:00
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
}
|
2014-11-12 10:23:55 -05:00
|
|
|
if ($backendsTried > 0 && $backendsTried !== $backendsWithError) {
|
|
|
|
|
$this->view->form->getElement('password')->addError($this->translate('Incorrect username or password'));
|
|
|
|
|
}
|
2014-07-18 04:23:04 -04:00
|
|
|
} elseif ($request->isGet()) {
|
2014-07-10 05:15:46 -04:00
|
|
|
$user = new User('');
|
|
|
|
|
foreach ($chain as $backend) {
|
|
|
|
|
if ($backend instanceof AutoLoginBackend) {
|
|
|
|
|
$authenticated = $backend->authenticate($user);
|
|
|
|
|
if ($authenticated === true) {
|
|
|
|
|
$auth->setAuthenticated($user);
|
2014-09-30 09:49:31 -04:00
|
|
|
$this->rerenderLayout()->redirectNow(
|
|
|
|
|
Url::fromPath(Url::fromRequest()->getParam('redirect', 'dashboard'))
|
|
|
|
|
);
|
2014-07-10 05:15:46 -04:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2013-06-24 12:46:45 -04:00
|
|
|
}
|
2014-02-12 07:57:17 -05:00
|
|
|
} catch (Exception $e) {
|
|
|
|
|
$this->view->errorInfo = $e->getMessage();
|
2013-06-24 12:46:45 -04:00
|
|
|
}
|
2014-10-21 10:11:49 -04:00
|
|
|
|
2014-12-29 08:30:06 -05:00
|
|
|
$this->view->requiresSetup = Icinga::app()->requiresSetup();
|
2013-06-14 07:51:44 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
2013-08-16 08:56:23 -04:00
|
|
|
* Log out the current user
|
2013-06-14 07:51:44 -04:00
|
|
|
*/
|
|
|
|
|
public function logoutAction()
|
|
|
|
|
{
|
2014-06-22 14:08:55 -04:00
|
|
|
$auth = $this->Auth();
|
2014-10-01 02:13:17 -04:00
|
|
|
if (! $auth->isAuthenticated()) {
|
|
|
|
|
$this->redirectToLogin();
|
|
|
|
|
}
|
2014-07-30 06:35:55 -04:00
|
|
|
$isRemoteUser = $auth->getUser()->isRemoteUser();
|
2013-06-24 12:46:45 -04:00
|
|
|
$auth->removeAuthorization();
|
2014-07-30 06:35:55 -04:00
|
|
|
if ($isRemoteUser === true) {
|
2014-02-26 11:36:20 -05:00
|
|
|
$this->_response->setHttpResponseCode(401);
|
|
|
|
|
} else {
|
2014-10-01 02:13:17 -04:00
|
|
|
$this->redirectToLogin();
|
2014-02-26 11:36:20 -05:00
|
|
|
}
|
2013-06-14 07:51:44 -04:00
|
|
|
}
|
|
|
|
|
}
|
