Rev 1201 | Rev 1226 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 1201 | Rev 1212 | ||
|---|---|---|---|
| Line 361... | Line 361... | ||
| 361 | $good = true; |
361 | $good = true; |
| 362 | if (strpos($value,'/') !== false) $good = false; |
362 | if (strpos($value,'/') !== false) $good = false; |
| 363 | if (strpos($value,'\\') !== false) $good = false; |
363 | if (strpos($value,'\\') !== false) $good = false; |
| 364 | if (strpos($value,'..') !== false) $good = false; |
364 | if (strpos($value,'..') !== false) $good = false; |
| 365 | if (!$good) { |
365 | if (!$good) { |
| 366 | throw new OIDplusException(_L('Invalid auth plugin folder name. Do only enter a folder name, not an absolute or relative path')); |
366 | throw new OIDplusException(_L('Invalid auth plugin name. It is usually the folder name, without path, e.g. "%1"', 'A4_argon2')); |
| 367 | } |
367 | } |
| 368 | 368 | ||
| 369 | OIDplus::checkRaAuthPluginAvailable($value, true); |
369 | OIDplus::checkRaAuthPluginAvailable($value, true); |
| 370 | }); |
370 | }); |
| 371 | } |
371 | } |
| Line 640... | Line 640... | ||
| 640 | } |
640 | } |
| 641 | 641 | ||
| 642 | // --- Auth plugin |
642 | // --- Auth plugin |
| 643 | 643 | ||
| 644 | /** |
644 | /** |
| 645 | * @param string $foldername |
645 | * @param string $id |
| 646 | * @return OIDplusAuthPlugin|null |
646 | * @return OIDplusAuthPlugin|null |
| 647 | */ |
647 | */ |
| 648 | public static function getAuthPluginByFoldername(string $foldername)/*: ?OIDplusAuthPlugin*/ { |
648 | public static function getAuthPluginById(string $id)/*: ?OIDplusAuthPlugin*/ { |
| 649 | $plugins = OIDplus::getAuthPlugins(); |
649 | $plugins = OIDplus::getAuthPlugins(); |
| 650 | foreach ($plugins as $plugin) { |
650 | foreach ($plugins as $plugin) { |
| 651 | if (basename($plugin->getPluginDirectory()) === $foldername) { |
651 | if ($plugin->id() == $id) { |
| 652 | return $plugin; |
652 | return $plugin; |
| 653 | } |
653 | } |
| 654 | } |
654 | } |
| 655 | return null; |
655 | return null; |
| 656 | } |
656 | } |
| 657 | 657 | ||
| 658 | /** |
658 | /** |
| 659 | * @param string $plugin_foldername |
659 | * @param string $plugin_id |
| 660 | * @param bool $must_hash |
660 | * @param bool $must_hash |
| 661 | * @return void |
661 | * @return void |
| 662 | * @throws OIDplusException |
662 | * @throws OIDplusException |
| 663 | */ |
663 | */ |
| 664 | private static function checkRaAuthPluginAvailable(string $plugin_foldername, bool $must_hash) { |
664 | private static function checkRaAuthPluginAvailable(string $plugin_id, bool $must_hash) { |
| 665 | // if (!wildcard_is_dir(OIDplus::localpath().'plugins/'.'*'.'/auth/'.$plugin_foldername)) { |
665 | // if (!wildcard_is_dir(OIDplus::localpath().'plugins/'.'*'.'/auth/'.$plugin_foldername)) { |
| 666 | $plugin = OIDplus::getAuthPluginByFoldername($plugin_foldername); |
666 | $plugin = OIDplus::getAuthPluginById($plugin_id); |
| 667 | if (is_null($plugin)) { |
667 | if (is_null($plugin)) { |
| 668 | throw new OIDplusException(_L('The auth plugin "%1" does not exist in plugin directory %2',$plugin_foldername,'plugins/[vendorname]/auth/')); |
668 | throw new OIDplusException(_L('The auth plugin "%1" does not exist in plugin directory %2',$plugin_id,'plugins/[vendorname]/auth/')); |
| 669 | } |
669 | } |
| 670 | 670 | ||
| 671 | $reason = ''; |
671 | $reason = ''; |
| 672 | if (!$plugin->availableForVerify($reason)) { |
672 | if (!$plugin->availableForVerify($reason)) { |
| 673 | throw new OIDplusException(trim(_L('The auth plugin "%1" is not available for password verification on this system.',$plugin_foldername).' '.$reason)); |
673 | throw new OIDplusException(trim(_L('The auth plugin "%1" is not available for password verification on this system.',$plugin_id).' '.$reason)); |
| 674 | } |
674 | } |
| 675 | if ($must_hash && !$plugin->availableForHash($reason)) { |
675 | if ($must_hash && !$plugin->availableForHash($reason)) { |
| 676 | throw new OIDplusException(trim(_L('The auth plugin "%1" is not available for hashing on this system.',$plugin_foldername).' '.$reason)); |
676 | throw new OIDplusException(trim(_L('The auth plugin "%1" is not available for hashing on this system.',$plugin_id).' '.$reason)); |
| 677 | } |
677 | } |
| 678 | } |
678 | } |
| 679 | 679 | ||
| 680 | /** |
680 | /** |
| 681 | * @param bool $must_hash |
681 | * @param bool $must_hash |
| 682 | * @return OIDplusAuthPlugin|null |
682 | * @return OIDplusAuthPlugin|null |
| 683 | * @throws OIDplusException |
683 | * @throws OIDplusException |
| 684 | */ |
684 | */ |
| 685 | public static function getDefaultRaAuthPlugin(bool $must_hash)/*: OIDplusAuthPlugin*/ { |
685 | public static function getDefaultRaAuthPlugin(bool $must_hash)/*: OIDplusAuthPlugin*/ { |
| 686 | // 1. Priority: Use the auth plugin the user prefers |
686 | // 1. Priority: Use the auth plugin the user prefers |
| 687 | $def_plugin_foldername = OIDplus::config()->getValue('default_ra_auth_method'); |
687 | $def_plugin_id = OIDplus::config()->getValue('default_ra_auth_method'); |
| 688 | if (trim($def_plugin_foldername) !== '') { |
688 | if (trim($def_plugin_id) !== '') { |
| 689 | OIDplus::checkRaAuthPluginAvailable($def_plugin_foldername, $must_hash); |
689 | OIDplus::checkRaAuthPluginAvailable($def_plugin_id, $must_hash); |
| 690 | return OIDplus::getAuthPluginByFoldername($def_plugin_foldername); |
690 | return OIDplus::getAuthPluginById($def_plugin_id); |
| 691 | } |
691 | } |
| 692 | 692 | ||
| 693 | // 2. Priority: If empty (i.e. OIDplus may decide), choose the best ViaThinkSoft plugin that is supported on this system |
693 | // 2. Priority: If empty (i.e. OIDplus may decide), choose the best ViaThinkSoft plugin that is supported on this system |
| 694 | $preferred_auth_plugins = array( |
694 | $preferred_auth_plugins = array( |
| 695 | // Sorted by preference |
695 | // Sorted by preference |
| 696 | 'A4_argon2', // usually Salted Argon2id |
696 | 'A4_argon2', // usually Salted Argon2id |
| 697 | 'A3_bcrypt', // usually Salted BCrypt |
697 | 'A3_bcrypt', // usually Salted BCrypt |
| 698 | 'A5_vts_mcf', // usually SHA3-512-HMAC |
698 | 'A5_vts_mcf', // usually SHA3-512-HMAC |
| 699 | 'A6_crypt' // usually Salted SHA512 with 5000 rounds |
699 | 'A6_crypt' // usually Salted SHA512 with 5000 rounds |
| 700 | ); |
700 | ); |
| 701 | foreach ($preferred_auth_plugins as $plugin_foldername) { |
701 | foreach ($preferred_auth_plugins as $plugin_id) { |
| 702 | $plugin = OIDplus::getAuthPluginByFoldername($plugin_foldername); |
702 | $plugin = OIDplus::getAuthPluginById($plugin_id); |
| 703 | if (is_null($plugin)) continue; |
703 | if (is_null($plugin)) continue; |
| 704 | 704 | ||
| 705 | $reason = ''; |
705 | $reason = ''; |
| 706 | if (!$plugin->availableForHash($reason)) continue; |
706 | if (!$plugin->availableForHash($reason)) continue; |
| 707 | if ($must_hash && !$plugin->availableForVerify($reason)) continue; |
707 | if ($must_hash && !$plugin->availableForVerify($reason)) continue; |
| Line 799... | Line 799... | ||
| 799 | * @throws OIDplusException |
799 | * @throws OIDplusException |
| 800 | */ |
800 | */ |
| 801 | public static function getActiveDesignPlugin()/*: ?OIDplusDesignPlugin*/ { |
801 | public static function getActiveDesignPlugin()/*: ?OIDplusDesignPlugin*/ { |
| 802 | $plugins = OIDplus::getDesignPlugins(); |
802 | $plugins = OIDplus::getDesignPlugins(); |
| 803 | foreach ($plugins as $plugin) { |
803 | foreach ($plugins as $plugin) { |
| 804 | if ((basename($plugin->getPluginDirectory())) == OIDplus::config()->getValue('design','default')) { |
804 | if ($plugin->id() == OIDplus::config()->getValue('design','default')) { |
| 805 | return $plugin; |
805 | return $plugin; |
| 806 | } |
806 | } |
| 807 | } |
807 | } |
| 808 | return null; |
808 | return null; |
| 809 | } |
809 | } |