From 23fcd39503acf1ab00fa4432ad28f08ef44b562e Mon Sep 17 00:00:00 2001 From: Eric Lippmann Date: Wed, 29 Jul 2015 14:17:07 +0200 Subject: [PATCH] Relax auth controller complexity refs #9660 --- .../controllers/AuthenticationController.php | 131 ++---------------- 1 file changed, 13 insertions(+), 118 deletions(-) diff --git a/application/controllers/AuthenticationController.php b/application/controllers/AuthenticationController.php index 4d6fe9928..84efb9e09 100644 --- a/application/controllers/AuthenticationController.php +++ b/application/controllers/AuthenticationController.php @@ -6,20 +6,14 @@ use Icinga\Application\Config; use Icinga\Application\Icinga; use Icinga\Application\Logger; -use Icinga\Authentication\AuthChain; -use Icinga\Authentication\User\ExternalBackend; -use Icinga\Exception\AuthenticationException; -use Icinga\Exception\ConfigurationError; -use Icinga\Exception\NotReadableError; use Icinga\Forms\Authentication\LoginForm; -use Icinga\User; -use Icinga\Web\Controller\ActionController; +use Icinga\Web\Controller; use Icinga\Web\Url; /** * Application wide controller for authentication */ -class AuthenticationController extends ActionController +class AuthenticationController extends Controller { /** * This controller does not require authentication @@ -34,118 +28,19 @@ class AuthenticationController extends ActionController public function loginAction() { $icinga = Icinga::app(); - if ($icinga->setupTokenExists() && $icinga->requiresSetup()) { + if (($requiresSetup = $icinga->requiresSetup()) && $icinga->setupTokenExists()) { $this->redirectNow(Url::fromPath('setup')); } - - $triedOnlyExternalAuth = null; - $auth = $this->Auth(); - $this->view->form = $form = new LoginForm(); - $this->view->title = $this->translate('Icingaweb Login'); - - try { - $redirectUrl = $this->view->form->getValue('redirect'); - if ($redirectUrl) { - $redirectUrl = Url::fromPath($redirectUrl); - } else { - $redirectUrl = Url::fromPath('dashboard'); - } - - if ($auth->isAuthenticated()) { - $this->rerenderLayout()->redirectNow($redirectUrl); - } - - try { - $config = Config::app('authentication'); - } catch (NotReadableError $e) { - throw new ConfigurationError( - $this->translate('Could not read your authentication.ini, no authentication methods are available.'), - 0, - $e - ); - } - - $chain = new AuthChain($config); - $request = $this->getRequest(); - if ($request->isPost() && $this->view->form->isValid($request->getPost())) { - $user = new User($this->view->form->getValue('username')); - $password = $this->view->form->getValue('password'); - $backendsTried = 0; - $backendsWithError = 0; - - $redirectUrl = $form->getValue('redirect'); - - if ($redirectUrl) { - $redirectUrl = Url::fromPath($redirectUrl); - } else { - $redirectUrl = Url::fromPath('dashboard'); - } - - foreach ($chain as $backend) { - if ($backend instanceof ExternalBackend) { - continue; - } - ++$backendsTried; - try { - $authenticated = $backend->authenticate($user, $password); - } catch (AuthenticationException $e) { - Logger::error($e); - ++$backendsWithError; - continue; - } - if ($authenticated === true) { - $auth->setAuthenticated($user); - $this->rerenderLayout()->redirectNow($redirectUrl); - } - } - if ($backendsTried === 0) { - $this->view->form->addError( - $this->translate( - 'No authentication methods available. Did you create' - . ' authentication.ini when setting up Icinga Web 2?' - ) - ); - } else if ($backendsTried === $backendsWithError) { - $this->view->form->addError( - $this->translate( - 'All configured authentication methods failed.' - . ' Please check the system log or Icinga Web 2 log for more information.' - ) - ); - } elseif ($backendsWithError) { - $this->view->form->addError( - $this->translate( - 'Please note that not all authentication methods were available.' - . ' Check the system log or Icinga Web 2 log for more information.' - ) - ); - } - if ($backendsTried > 0 && $backendsTried !== $backendsWithError) { - $this->view->form->getElement('password')->addError($this->translate('Incorrect username or password')); - } - } elseif ($request->isGet()) { - $user = new User(''); - foreach ($chain as $backend) { - $triedOnlyExternalAuth = $triedOnlyExternalAuth === null; - if ($backend instanceof ExternalBackend) { - $authenticated = $backend->authenticate($user); - if ($authenticated === true) { - $auth->setAuthenticated($user); - $this->rerenderLayout()->redirectNow( - Url::fromPath(Url::fromRequest()->getParam('redirect', 'dashboard')) - ); - } - } else { - $triedOnlyExternalAuth = false; - } - } - } - } catch (Exception $e) { - $this->view->form->addError($e->getMessage()); + $form = new LoginForm(); + if ($this->Auth()->isAuthenticated()) { + $this->redirectNow($form->getRedirectUrl()); } - - $this->view->requiresExternalAuth = $triedOnlyExternalAuth && ! $auth->isAuthenticated(); - $this->view->requiresSetup = Icinga::app()->requiresSetup(); + if (! $requiresSetup) { + $form->handleRequest(); + } + $this->view->form = $form; + $this->view->title = $this->translate('Icinga Web 2 Login'); + $this->view->requiresSetup = $requiresSetup; } /** @@ -160,7 +55,7 @@ class AuthenticationController extends ActionController $isRemoteUser = $auth->getUser()->isRemoteUser(); $auth->removeAuthorization(); if ($isRemoteUser === true) { - $this->_response->setHttpResponseCode(401); + $this->getResponse()->setHttpResponseCode(401); } else { $this->redirectToLogin(); }