Compare commits
3 commits
master
...
auth-proxy
Author | SHA1 | Date | |
---|---|---|---|
|
6b0ef3d211 | ||
d6ab5df482 | |||
7e1a483db2 |
3 changed files with 98 additions and 1 deletions
|
@ -263,7 +263,11 @@ class Handler_Public extends Handler {
|
|||
|
||||
function logout() {
|
||||
logout_user();
|
||||
header("Location: index.php");
|
||||
$location = 'index.php';
|
||||
if(defined('LOGOUT_LOCATION')) {
|
||||
$location = LOGOUT_LOCATION;
|
||||
}
|
||||
header("Location: $location");
|
||||
}
|
||||
|
||||
function share() {
|
||||
|
|
|
@ -90,6 +90,10 @@
|
|||
// If set to true, users won't be able to set application language
|
||||
// and settings profile.
|
||||
|
||||
define ('LOGIN_LOCATION', 'index.php');
|
||||
// When a user logs out, redirect to this location. This is useful when you have some central
|
||||
// authentication system, and you want to reach the main logout page
|
||||
|
||||
// *********************
|
||||
// *** Feed settings ***
|
||||
// *********************
|
||||
|
|
89
plugins/auth_proxy/init.php
Normal file
89
plugins/auth_proxy/init.php
Normal file
|
@ -0,0 +1,89 @@
|
|||
<?php
|
||||
class Auth_Proxy extends Plugin implements IAuthModule {
|
||||
|
||||
private $host;
|
||||
/* @var Auth_Base $base */
|
||||
private $base;
|
||||
|
||||
function about() {
|
||||
return array(1.0,
|
||||
"Trust proxy X-Forwarded-User. May be dangerous, see doc",
|
||||
"boyska",
|
||||
true);
|
||||
}
|
||||
|
||||
/* @var PluginHost $host */
|
||||
function init($host ) {
|
||||
$this->host = $host;
|
||||
$this->base = new Auth_Base();
|
||||
|
||||
$host->add_hook($host::HOOK_AUTH_USER, $this);
|
||||
}
|
||||
|
||||
/*
|
||||
* is_whitelisted check if an IP is whitelisted by defined values in config.php
|
||||
* it will check by-IP and by-NAME
|
||||
* currently, only exact IP is supported (no cidr, no wildcard); this is a TODO
|
||||
* check by
|
||||
*/
|
||||
private function is_whitelisted($client_ip) {
|
||||
if(!defined('AUTHPROXY_WHITELIST_IP') && !defined('AUTHPROXY_WHITELIST_NAME')) {
|
||||
// TODO: send a warning: this is a misconfiguration!
|
||||
return false;
|
||||
}
|
||||
if(defined('AUTHPROXY_WHITELIST_IP')) {
|
||||
$whitelist = explode(' ', AUTHPROXY_WHITELIST_IP);
|
||||
foreach($whitelist as $w_ip) {
|
||||
if($client_ip === $w_ip) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
if(defined('AUTHPROXY_WHITELIST_NAME')) {
|
||||
$whitelist = explode(' ', AUTHPROXY_WHITELIST_NAME);
|
||||
foreach($whitelist as $w_name) {
|
||||
foreach(gethostbynamel($w_name) as $w_ip) {
|
||||
if($client_ip === $w_ip) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* @SuppressWarnings(PHPMD.UnusedFormalParameter)
|
||||
*/
|
||||
function authenticate($login, $password) {
|
||||
$client_ip = $_SERVER['REMOTE_ADDR'];
|
||||
if($this->is_whitelisted($client_ip) === false) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if(!array_key_exists("HTTP_X_FORWARDED_USER", $_SERVER)) {
|
||||
return false;
|
||||
}
|
||||
$try_login = $_SERVER["HTTP_X_FORWARDED_USER"];
|
||||
|
||||
if ($try_login) {
|
||||
$user_id = $this->base->auto_create_user($try_login, $password);
|
||||
|
||||
if ($user_id) {
|
||||
$_SESSION["fake_login"] = $try_login;
|
||||
$_SESSION["fake_password"] = "******";
|
||||
$_SESSION["hide_hello"] = true;
|
||||
$_SESSION["hide_logout"] = true;
|
||||
|
||||
return $user_id;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
function api_version() {
|
||||
return 2;
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in a new issue