Rev 1201 | Rev 1226 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 1201 | Rev 1212 | ||
---|---|---|---|
Line 361... | Line 361... | ||
361 | $good = true; |
361 | $good = true; |
362 | if (strpos($value,'/') !== false) $good = false; |
362 | if (strpos($value,'/') !== false) $good = false; |
363 | if (strpos($value,'\\') !== false) $good = false; |
363 | if (strpos($value,'\\') !== false) $good = false; |
364 | if (strpos($value,'..') !== false) $good = false; |
364 | if (strpos($value,'..') !== false) $good = false; |
365 | if (!$good) { |
365 | if (!$good) { |
366 | throw new OIDplusException(_L('Invalid auth plugin folder name. Do only enter a folder name, not an absolute or relative path')); |
366 | throw new OIDplusException(_L('Invalid auth plugin name. It is usually the folder name, without path, e.g. "%1"', 'A4_argon2')); |
367 | } |
367 | } |
368 | 368 | ||
369 | OIDplus::checkRaAuthPluginAvailable($value, true); |
369 | OIDplus::checkRaAuthPluginAvailable($value, true); |
370 | }); |
370 | }); |
371 | } |
371 | } |
Line 640... | Line 640... | ||
640 | } |
640 | } |
641 | 641 | ||
642 | // --- Auth plugin |
642 | // --- Auth plugin |
643 | 643 | ||
644 | /** |
644 | /** |
645 | * @param string $foldername |
645 | * @param string $id |
646 | * @return OIDplusAuthPlugin|null |
646 | * @return OIDplusAuthPlugin|null |
647 | */ |
647 | */ |
648 | public static function getAuthPluginByFoldername(string $foldername)/*: ?OIDplusAuthPlugin*/ { |
648 | public static function getAuthPluginById(string $id)/*: ?OIDplusAuthPlugin*/ { |
649 | $plugins = OIDplus::getAuthPlugins(); |
649 | $plugins = OIDplus::getAuthPlugins(); |
650 | foreach ($plugins as $plugin) { |
650 | foreach ($plugins as $plugin) { |
651 | if (basename($plugin->getPluginDirectory()) === $foldername) { |
651 | if ($plugin->id() == $id) { |
652 | return $plugin; |
652 | return $plugin; |
653 | } |
653 | } |
654 | } |
654 | } |
655 | return null; |
655 | return null; |
656 | } |
656 | } |
657 | 657 | ||
658 | /** |
658 | /** |
659 | * @param string $plugin_foldername |
659 | * @param string $plugin_id |
660 | * @param bool $must_hash |
660 | * @param bool $must_hash |
661 | * @return void |
661 | * @return void |
662 | * @throws OIDplusException |
662 | * @throws OIDplusException |
663 | */ |
663 | */ |
664 | private static function checkRaAuthPluginAvailable(string $plugin_foldername, bool $must_hash) { |
664 | private static function checkRaAuthPluginAvailable(string $plugin_id, bool $must_hash) { |
665 | // if (!wildcard_is_dir(OIDplus::localpath().'plugins/'.'*'.'/auth/'.$plugin_foldername)) { |
665 | // if (!wildcard_is_dir(OIDplus::localpath().'plugins/'.'*'.'/auth/'.$plugin_foldername)) { |
666 | $plugin = OIDplus::getAuthPluginByFoldername($plugin_foldername); |
666 | $plugin = OIDplus::getAuthPluginById($plugin_id); |
667 | if (is_null($plugin)) { |
667 | if (is_null($plugin)) { |
668 | throw new OIDplusException(_L('The auth plugin "%1" does not exist in plugin directory %2',$plugin_foldername,'plugins/[vendorname]/auth/')); |
668 | throw new OIDplusException(_L('The auth plugin "%1" does not exist in plugin directory %2',$plugin_id,'plugins/[vendorname]/auth/')); |
669 | } |
669 | } |
670 | 670 | ||
671 | $reason = ''; |
671 | $reason = ''; |
672 | if (!$plugin->availableForVerify($reason)) { |
672 | if (!$plugin->availableForVerify($reason)) { |
673 | throw new OIDplusException(trim(_L('The auth plugin "%1" is not available for password verification on this system.',$plugin_foldername).' '.$reason)); |
673 | throw new OIDplusException(trim(_L('The auth plugin "%1" is not available for password verification on this system.',$plugin_id).' '.$reason)); |
674 | } |
674 | } |
675 | if ($must_hash && !$plugin->availableForHash($reason)) { |
675 | if ($must_hash && !$plugin->availableForHash($reason)) { |
676 | throw new OIDplusException(trim(_L('The auth plugin "%1" is not available for hashing on this system.',$plugin_foldername).' '.$reason)); |
676 | throw new OIDplusException(trim(_L('The auth plugin "%1" is not available for hashing on this system.',$plugin_id).' '.$reason)); |
677 | } |
677 | } |
678 | } |
678 | } |
679 | 679 | ||
680 | /** |
680 | /** |
681 | * @param bool $must_hash |
681 | * @param bool $must_hash |
682 | * @return OIDplusAuthPlugin|null |
682 | * @return OIDplusAuthPlugin|null |
683 | * @throws OIDplusException |
683 | * @throws OIDplusException |
684 | */ |
684 | */ |
685 | public static function getDefaultRaAuthPlugin(bool $must_hash)/*: OIDplusAuthPlugin*/ { |
685 | public static function getDefaultRaAuthPlugin(bool $must_hash)/*: OIDplusAuthPlugin*/ { |
686 | // 1. Priority: Use the auth plugin the user prefers |
686 | // 1. Priority: Use the auth plugin the user prefers |
687 | $def_plugin_foldername = OIDplus::config()->getValue('default_ra_auth_method'); |
687 | $def_plugin_id = OIDplus::config()->getValue('default_ra_auth_method'); |
688 | if (trim($def_plugin_foldername) !== '') { |
688 | if (trim($def_plugin_id) !== '') { |
689 | OIDplus::checkRaAuthPluginAvailable($def_plugin_foldername, $must_hash); |
689 | OIDplus::checkRaAuthPluginAvailable($def_plugin_id, $must_hash); |
690 | return OIDplus::getAuthPluginByFoldername($def_plugin_foldername); |
690 | return OIDplus::getAuthPluginById($def_plugin_id); |
691 | } |
691 | } |
692 | 692 | ||
693 | // 2. Priority: If empty (i.e. OIDplus may decide), choose the best ViaThinkSoft plugin that is supported on this system |
693 | // 2. Priority: If empty (i.e. OIDplus may decide), choose the best ViaThinkSoft plugin that is supported on this system |
694 | $preferred_auth_plugins = array( |
694 | $preferred_auth_plugins = array( |
695 | // Sorted by preference |
695 | // Sorted by preference |
696 | 'A4_argon2', // usually Salted Argon2id |
696 | 'A4_argon2', // usually Salted Argon2id |
697 | 'A3_bcrypt', // usually Salted BCrypt |
697 | 'A3_bcrypt', // usually Salted BCrypt |
698 | 'A5_vts_mcf', // usually SHA3-512-HMAC |
698 | 'A5_vts_mcf', // usually SHA3-512-HMAC |
699 | 'A6_crypt' // usually Salted SHA512 with 5000 rounds |
699 | 'A6_crypt' // usually Salted SHA512 with 5000 rounds |
700 | ); |
700 | ); |
701 | foreach ($preferred_auth_plugins as $plugin_foldername) { |
701 | foreach ($preferred_auth_plugins as $plugin_id) { |
702 | $plugin = OIDplus::getAuthPluginByFoldername($plugin_foldername); |
702 | $plugin = OIDplus::getAuthPluginById($plugin_id); |
703 | if (is_null($plugin)) continue; |
703 | if (is_null($plugin)) continue; |
704 | 704 | ||
705 | $reason = ''; |
705 | $reason = ''; |
706 | if (!$plugin->availableForHash($reason)) continue; |
706 | if (!$plugin->availableForHash($reason)) continue; |
707 | if ($must_hash && !$plugin->availableForVerify($reason)) continue; |
707 | if ($must_hash && !$plugin->availableForVerify($reason)) continue; |
Line 799... | Line 799... | ||
799 | * @throws OIDplusException |
799 | * @throws OIDplusException |
800 | */ |
800 | */ |
801 | public static function getActiveDesignPlugin()/*: ?OIDplusDesignPlugin*/ { |
801 | public static function getActiveDesignPlugin()/*: ?OIDplusDesignPlugin*/ { |
802 | $plugins = OIDplus::getDesignPlugins(); |
802 | $plugins = OIDplus::getDesignPlugins(); |
803 | foreach ($plugins as $plugin) { |
803 | foreach ($plugins as $plugin) { |
804 | if ((basename($plugin->getPluginDirectory())) == OIDplus::config()->getValue('design','default')) { |
804 | if ($plugin->id() == OIDplus::config()->getValue('design','default')) { |
805 | return $plugin; |
805 | return $plugin; |
806 | } |
806 | } |
807 | } |
807 | } |
808 | return null; |
808 | return null; |
809 | } |
809 | } |