283,7 → 283,9 |
self::$config->prepareConfigKey('last_known_version', 'Last known OIDplus Version', '', OIDplusConfig::PROTECTION_HIDDEN, function($value) { |
// Nothing here yet |
}); |
self::$config->prepareConfigKey('default_ra_auth_method', 'Default auth method used for generating password of RAs (must exist in plugins/[vendorname]/auth/)?', 'A3_bcrypt', OIDplusConfig::PROTECTION_EDITABLE, function($value) { |
self::$config->prepareConfigKey('default_ra_auth_method', 'Default auth method used for generating password of RAs (must exist in plugins/[vendorname]/auth/)? Empty = OIDplus decides.', '', OIDplusConfig::PROTECTION_EDITABLE, function($value) { |
if (trim($value) === '') return; // OIDplus decides |
|
$good = true; |
if (strpos($value,'/') !== false) $good = false; |
if (strpos($value,'\\') !== false) $good = false; |
292,9 → 294,7 |
throw new OIDplusException(_L('Invalid auth plugin folder name. Do only enter a folder name, not an absolute or relative path')); |
} |
|
if (!wildcard_is_dir(OIDplus::localpath().'plugins/'.'*'.'/auth/'.$value)) { |
throw new OIDplusException(_L('The auth plugin "%1" does not exist in plugin directory %2',$value,'plugins/[vendorname]/auth/')); |
} |
OIDplus::checkRaAuthPluginAvailable($value); |
}); |
} |
|
485,6 → 485,65 |
|
// --- Auth plugin |
|
public static function getAuthPluginByFoldername($foldername)/*: ?OIDplusAuthPlugin*/ { |
$plugins = OIDplus::getAuthPlugins(); |
foreach ($plugins as $plugin) { |
if (basename($plugin->getPluginDirectory()) === $foldername) { |
return $plugin; |
} |
} |
return null; |
} |
|
private static function checkRaAuthPluginAvailable($plugin_foldername) { |
// if (!wildcard_is_dir(OIDplus::localpath().'plugins/'.'*'.'/auth/'.$plugin_foldername)) { |
$plugin = OIDplus::getAuthPluginByFoldername($plugin_foldername); |
if (is_null($plugin)) { |
throw new OIDplusException(_L('The auth plugin "%1" does not exist in plugin directory %2',$plugin_foldername,'plugins/[vendorname]/auth/')); |
} |
|
$reason = ''; |
if (!$plugin->available($reason)) { |
throw new OIDplusException(trim(_L('The auth plugin "%1" is not available on this system.',$plugin_foldername).' '.$reason)); |
} |
} |
|
public static function getDefaultRaAuthPlugin()/*: OIDplusAuthPlugin*/ { |
// 1. Priority: Use the auth plugin the user prefers |
$def_plugin_foldername = OIDplus::config()->getValue('default_ra_auth_method'); |
if (trim($def_plugin_foldername) !== '') { |
OIDplus::checkRaAuthPluginAvailable($def_plugin_foldername); |
$plugin = OIDplus::getAuthPluginByFoldername($def_plugin_foldername); |
return $plugin; |
} |
|
// 2. Priority: If empty (i.e. OIDplus may decide), choose the best ViaThinkSoft plugin that is supported on this system |
$preferred_auth_plugins = array( |
'A4_argon2', |
'A3_bcrypt', |
'A2_sha3_salted_base64', |
'A1_phpgeneric_salted_hex' |
); |
foreach ($preferred_auth_plugins as $plugin_foldername) { |
$plugin = OIDplus::getAuthPluginByFoldername($plugin_foldername); |
if (is_null($plugin)) continue; |
|
$reason = ''; |
if (!$plugin->available($reason)) continue; |
|
return $plugin; |
} |
|
// 3. Priority: If nothing found, take the first found plugin |
$plugins = OIDplus::getAuthPlugins(); |
if (count($plugins) > 0) { |
return $plugins[0]; |
} |
|
// 4. Priority: We must deny the creation of the password because we have no auth plugin! |
throw new OIDplusException(_L('Could not find a fitting auth plugin!')); |
} |
|
private static function registerAuthPlugin(OIDplusAuthPlugin $plugin) { |
if (OIDplus::baseConfig()->getValue('DEBUG')) { |
$password = generateRandomString(25); |
493,8 → 552,10 |
$authInfo = $plugin->generate($password); |
} catch (OIDplusException $e) { |
// This can happen when the AuthKey or Salt is too long |
// Note: The constructor and setters of OIDplusRAAuthInfo() already check for length and null/false values. |
throw new OIDplusException(_L('Auth plugin "%1" is erroneous: %2',basename($plugin->getPluginDirectory()),$e->getMessage())); |
} |
|
$salt = $authInfo->getSalt(); |
$authKey = $authInfo->getAuthKey(); |
|
508,7 → 569,7 |
(!empty($salt) && $plugin->verify($authInfo_SaltDiff,$password)) || |
($plugin->verify($authInfo_AuthKeyDiff,$password)) || |
($plugin->verify($authInfo,$password.'x'))) { |
throw new OIDplusException(_L('Auth plugin "%1" is erroneous: Generate/Verify self test failed',basename($plugin->getPluginDirectory()))); |
throw new OIDplusException(_L('Auth plugin "%1" is erroneous: Generate/Verify self-test failed',basename($plugin->getPluginDirectory()))); |
} |
} |
|