Implement auth callback fix #33

This commit is contained in:
bohwaz 2023-05-11 01:54:43 +02:00
parent 36cddead3e
commit d2f57e3fdc
2 changed files with 45 additions and 7 deletions

View file

@ -71,6 +71,27 @@ const ENABLE_XSENDFILE = false;
*/
const DISABLE_SLOW_OPERATIONS = false;
/**
* External authentication callback
*
* Use this to authenticate a user with a third-party service.
* Provide a valid PHP callback: either a function name, or a class name and method in an array.
*
* The callback will be passed the username and password as parameters, and must return
* TRUE if auth was successful, or FALSE otherwise.
*
* If the callback returned TRUE and the user does not exist in the database,
* it will be created with the default quota.
*
* @var string|array
*/
const AUTH_CALLBACK = null;
//const AUTH_CALLBACK = ['MyAuthClass', 'login'];
//const AUTH_CALLBACK = 'my_login';
//function my_login(string $user, string $password) {
// return ($user == 'me' && $password == 'secret');
//}
/**
* LDAP server configuration
*

View file

@ -139,7 +139,7 @@ class Users
return true;
}
public function login(?string $login, ?string $password, ?string $app_password = null): ?stdClass
public function login(?string $login, ?string $password): ?stdClass
{
$login = null !== $login ? strtolower(trim($login)) : null;
@ -155,18 +155,35 @@ class Users
}
// If not, try to login
$user = $this->get($login);
if (!$user) {
return null;
}
$ok = false;
if (LDAP::enabled()) {
if (!LDAP::checkPassword($login, $password)) {
return null;
}
$ok = true;
}
elseif (!password_verify(trim($password), $user->password)) {
elseif (AUTH_CALLBACK) {
$r = call_user_func(AUTH_CALLBACK, $login, $password);
if ($r !== true) {
return false;
}
$ok = true;
}
$user = $this->get($login);
if (!$user && !$ok) {
return null;
}
elseif (!$user && $ok) {
$this->create($login, random_bytes(10));
$user = $this->get($login);
}
if (!$ok && !password_verify(trim($password), $user->password)) {
return null;
}