forked from extern/egroupware
* API: fallback auth checks and - if necessary - updates passwords on fallback on successful primary authentication or password change, to ensure they are kept up to date
This commit is contained in:
parent
5182f8280b
commit
f993f20723
@ -12,32 +12,32 @@
|
||||
|
||||
/**
|
||||
* Authentication agains a LDAP Server with fallback to SQL
|
||||
*
|
||||
*
|
||||
* For other fallback types, simply change auth backends in constructor call
|
||||
*/
|
||||
class auth_fallback implements auth_backend
|
||||
{
|
||||
/**
|
||||
* Primary auth backend
|
||||
*
|
||||
*
|
||||
* @var auth_backend
|
||||
*/
|
||||
private $primary_backend;
|
||||
|
||||
|
||||
/**
|
||||
* Fallback auth backend
|
||||
*
|
||||
*
|
||||
* @var auth_backend
|
||||
*/
|
||||
private $fallback_backend;
|
||||
|
||||
|
||||
/**
|
||||
* Constructor
|
||||
*/
|
||||
function __construct($primary='auth_ldap',$fallback='auth_sql')
|
||||
{
|
||||
$this->primary_backend = new $primary;
|
||||
|
||||
|
||||
$this->fallback_backend = new $fallback;
|
||||
}
|
||||
|
||||
@ -53,6 +53,16 @@ class auth_fallback implements auth_backend
|
||||
if ($this->primary_backend->authenticate($username, $passwd, $passwd_type))
|
||||
{
|
||||
egw_cache::setInstance(__CLASS__,'backend_used-'.$username,'primary');
|
||||
// check if fallback has correct password, if not update it
|
||||
if (($account_id = $GLOBALS['egw']->accounts->name2id($username)) &&
|
||||
!$this->fallback_backend->authenticate($username,$passwd, $passwd_type))
|
||||
{
|
||||
$backup_currentapp = $GLOBALS['egw_info']['flags']['currentapp'];
|
||||
$GLOBALS['egw_info']['flags']['currentapp'] = 'admin'; // otherwise
|
||||
$ret = $this->fallback_backend->change_password('', $passwd, $account_id);
|
||||
$GLOBALS['egw_info']['flags']['currentapp'] = $backup_currentapp;
|
||||
error_log(__METHOD__."('$username', \$passwd) updated password for #$account_id on fallback ".($ret ? 'successfull' : 'failed!'));
|
||||
}
|
||||
return true;
|
||||
}
|
||||
if ($this->fallback_backend->authenticate($username,$passwd, $passwd_type))
|
||||
@ -88,7 +98,12 @@ class auth_fallback implements auth_backend
|
||||
}
|
||||
if (egw_cache::getInstance(__CLASS__,'backend_used-'.$username) == 'primary')
|
||||
{
|
||||
return $this->primary_backend->change_password($old_passwd, $new_passwd, $account_id);
|
||||
if ($ret = $this->primary_backend->change_password($old_passwd, $new_passwd, $account_id))
|
||||
{
|
||||
// if password successfully changed on primary, also update fallback
|
||||
$this->fallback_backend->change_password($old_passwd, $new_passwd, $account_id);
|
||||
}
|
||||
return $ret;
|
||||
}
|
||||
return $this->fallback_backend->change_password($old_passwd, $new_passwd, $account_id);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user