Refactor login / ban management #1008
Conversation
virtualtam
added
cleanup
virtualtam
force-pushed
the
refactor/authentication
branch
2 times, most recently
from
ae90c6c
to
ff7fb9e
Compare
|
Nice one 👍 Note that you can get rid of that |
virtualtam
force-pushed
the
refactor/authentication
branch
2 times, most recently
from
9fc5e93
to
897f57d
Compare
|
@ArthurHoaro getting rid of globals was planned for #587, I'm tempted to address it in this PR though as it makes more sense to refactor the whole feature at once @nodiscc this is still a WIP, could you un-approve the PR? (not to say you should disapprove of it ^^) |
|
Oh right, I forgot about this one. I'll move its milestone to get it addressed sooner, if not in this PR. |
virtualtam
force-pushed
the
refactor/authentication
branch
2 times, most recently
from
d509d54
to
48da9b5
Compare
virtualtam
force-pushed
the
refactor/authentication
branch
4 times, most recently
from
f95593f
to
041f8c4
Compare
application/LoginManager.php
Outdated
| function handleSuccessfulLogin($server) | ||
| { | ||
| $ip = $server['REMOTE_ADDR']; | ||
| // FIXME unban when behind a trusted proxy? |
There was a problem hiding this comment.
I'm not sure what to do for this specific point; according to my understanding of the login / ban mechanism, I'd expect this method to be on par with handleFailedLogin() as far as proxy handling is concerned:
- the IP is not behind a trusted proxy:
- current, expected: reset the ban counter for this IP
- the IP is behind a trusted proxy but is not forwarded:
- expected: do nothing
- current: reset the ban counter for the proxy's IP
- the IP is behind a trusted proxy and forwarded:
- expected: reset the ban counter for the forwarded IP
- current: reset the ban counter for the proxy's IP
ping @ArthurHoaro @nodiscc
virtualtam
changed the title
|
This part of the refactoring is up for reviewing :) |
virtualtam
force-pushed
the
refactor/authentication
branch
from
041f8c4
to
47d6007
Compare
application/LoginManager.php
Outdated
| } | ||
| } | ||
|
|
||
| $ipBans = &$this->globals['IPBANS']; |
There was a problem hiding this comment.
Is this for readability only? I would tend to say that it is a bad practice as you then don't see at first glance that you're manipulating a class attribute.
There was a problem hiding this comment.
Is this for readability only?
Yup
you then don't see at first glance that you're manipulating a class attribute
Didn't think of it, that's a very valid point :)
| public function handleSuccessfulLogin($server) | ||
| { | ||
| $ip = $server['REMOTE_ADDR']; | ||
| // FIXME unban when behind a trusted proxy? |
There was a problem hiding this comment.
It would make more sense in canLogin() as it's not possible to have a successful login while being banned.
There was a problem hiding this comment.
Argh, my comment on this section was hidden after the last rebase... re-posting:
I'm not sure what to do for this specific point; according to my understanding of the login / ban mechanism, I'd expect this method to be on par with handleFailedLogin() as far as proxy handling is concerned:
- the IP is not behind a trusted proxy:
- current, expected: reset the ban counter for this IP
- the IP is behind a trusted proxy but is not forwarded:
- expected: do nothing
- current: reset the ban counter for the proxy's IP
- the IP is behind a trusted proxy and forwarded:
- expected: reset the ban counter for the forwarded IP
- current: reset the ban counter for the proxy's IP
There was a problem hiding this comment.
Oh I didn't remember that. So, if I understand correctly, currently the ban mechanism is pretty useless if Shaarli is behind a reverse proxy, as the REMOTE_ADDR IP is always the proxy's one? It may be a good idea to expand a bit this comment and open a new issue?
There was a problem hiding this comment.
the ban mechanism is pretty useless if Shaarli is behind a reverse proxy
it seems so, unless the user has:
- properly configured the proxy / proxy chain to forward client information
- configured the trusted proxy list in Shaarli settings
I think this point is not clearly mentioned in the docs, and I completely missed it while working on Docker images too 😿
https://shaarli.readthedocs.io/en/master/Shaarli-configuration/#security
expand a bit this comment and open a new issue
=> #1032
| if (!ban_canLogin($conf)) die(t('I said: NO. You are banned for the moment. Go away.')); | ||
| if (! $loginManager->canLogin($_SERVER)) { | ||
| die(t('I said: NO. You are banned for the moment. Go away.')); | ||
| } | ||
| if (isset($_POST['password']) | ||
| && $sessionManager->checkToken($_POST['token']) | ||
| && (check_auth($_POST['login'], $_POST['password'], $conf)) |
There was a problem hiding this comment.
Shouldn't check_auth be a part of LoginManager?
There was a problem hiding this comment.
... and so do isLoggedIn() and logout(), I'm doing this one step at a time :)
virtualtam
force-pushed
the
refactor/authentication
branch
from
47d6007
to
f6f09f7
Compare
virtualtam
force-pushed
the
refactor/authentication
branch
from
f6f09f7
to
93fa075
Compare
Relates to shaarli#324 Added: - Add the `LoginManager` class to manage logins and bans Changed: - Refactor IP ban management - Simplify logic - Avoid using globals, inject dependencies Fixed: - Use `ban_duration` instead of `ban_after` when setting a new ban Signed-off-by: VirtualTam <[email protected]>
virtualtam
force-pushed
the
refactor/authentication
branch
from
93fa075
to
44acf70
Compare
|
Rebased and merged, thanks for the reviews :) |
Introduced by shaarli#1008 Signed-off-by: VirtualTam <[email protected]>
Relates to #324
Added:
LoginManagerclass to manage logins and bansChanged:
Fixed:
ban_durationinstead ofban_afterwhen setting a new ban