Implement auth callback fix #33
This commit is contained in:
parent
36cddead3e
commit
d2f57e3fdc
|
@ -71,6 +71,27 @@ const ENABLE_XSENDFILE = false;
|
||||||
*/
|
*/
|
||||||
const DISABLE_SLOW_OPERATIONS = false;
|
const DISABLE_SLOW_OPERATIONS = false;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* External authentication callback
|
||||||
|
*
|
||||||
|
* Use this to authenticate a user with a third-party service.
|
||||||
|
* Provide a valid PHP callback: either a function name, or a class name and method in an array.
|
||||||
|
*
|
||||||
|
* The callback will be passed the username and password as parameters, and must return
|
||||||
|
* TRUE if auth was successful, or FALSE otherwise.
|
||||||
|
*
|
||||||
|
* If the callback returned TRUE and the user does not exist in the database,
|
||||||
|
* it will be created with the default quota.
|
||||||
|
*
|
||||||
|
* @var string|array
|
||||||
|
*/
|
||||||
|
const AUTH_CALLBACK = null;
|
||||||
|
//const AUTH_CALLBACK = ['MyAuthClass', 'login'];
|
||||||
|
//const AUTH_CALLBACK = 'my_login';
|
||||||
|
//function my_login(string $user, string $password) {
|
||||||
|
// return ($user == 'me' && $password == 'secret');
|
||||||
|
//}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* LDAP server configuration
|
* LDAP server configuration
|
||||||
*
|
*
|
||||||
|
|
|
@ -139,7 +139,7 @@ class Users
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function login(?string $login, ?string $password, ?string $app_password = null): ?stdClass
|
public function login(?string $login, ?string $password): ?stdClass
|
||||||
{
|
{
|
||||||
$login = null !== $login ? strtolower(trim($login)) : null;
|
$login = null !== $login ? strtolower(trim($login)) : null;
|
||||||
|
|
||||||
|
@ -155,18 +155,35 @@ class Users
|
||||||
}
|
}
|
||||||
|
|
||||||
// If not, try to login
|
// If not, try to login
|
||||||
$user = $this->get($login);
|
$ok = false;
|
||||||
|
|
||||||
if (!$user) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (LDAP::enabled()) {
|
if (LDAP::enabled()) {
|
||||||
if (!LDAP::checkPassword($login, $password)) {
|
if (!LDAP::checkPassword($login, $password)) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$ok = true;
|
||||||
}
|
}
|
||||||
elseif (!password_verify(trim($password), $user->password)) {
|
elseif (AUTH_CALLBACK) {
|
||||||
|
$r = call_user_func(AUTH_CALLBACK, $login, $password);
|
||||||
|
if ($r !== true) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
$ok = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
$user = $this->get($login);
|
||||||
|
|
||||||
|
if (!$user && !$ok) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
elseif (!$user && $ok) {
|
||||||
|
$this->create($login, random_bytes(10));
|
||||||
|
$user = $this->get($login);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!$ok && !password_verify(trim($password), $user->password)) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue