- Removed constants LDAP_NO_USER_DN and LDAP_TOO_MANY_USER_DN from config/constants.php
- Added config entry timeout to config/ldap.php
- Changed private method libraries/AuthLib->_checkLDAPAuthentication
to use libraries/AuthLDAPLib->checkUsernamePassword
- Changed AuthLDAPLib to have only one public method called checkUsernamePassword that makes use of the other private methods to check if a username and password are valid on many LDAP servers
- Replace all show_error(getData( with show_error(getError(
- Replace all error($...->retval) with error(getError($...))
- Replace all ->outputJsonError(getData( with ->outputJsonError(getError(
- Replace all show_error($...->retval with show_error(getError($...
- Replace all outputJsonError($...->retval with outputJsonError(getError$...
- Replace all return error($...->retval) with return $...
- Added function getAuthPersonId to hlp_authentication helper
- Added function isLogged to hlp_common helper
- hlp_authentication helper functions getAuthPersonId and getAuthUID make use of isLogged function
- AuthLib loads hlp_authentication helper after a successful login or if a user is already logged
- FilterLib does NOT load anymore hlp_authentication helper
- FilterLib does NOT use anymore BenutzerModel and getAuthUID, but retrieves user data directly using the person_id from getAuthPersonId
- Removed method _isAllowed from APIv1_Controller
- Added public method _remap to APIv1_Controller
- PermissionLib loading moved from constructor to _remap in APIv1_Controller
- Changed method basicAuthentication in AuthLib, now calls loginLDAP
- AuthLib->redirectToLandingPage now calls getLandingPage
- Added new controller system/Login.php to perform login operations
- Added new view system/login/usernamePassword.php to login with username and password
- Added css/Login.css, images/logo-300x160.png and js/Login.js to be used by usernamePassword.php
- Renamed method loginAS to loginASByUID in AuthLib.php
- Added new public method loginASByPersonId to AuthLib.php
- Renamed method connect to anonymousConnect in LDAPLib
- Method LDAPLib->connectUsernamePassword now checks both username and password if they are empty strings
- Added new constant LOGINAS_PERSONIDS_BLACKLIST to PermissionLib
- Renamed method isEntitledLoginAS to isEntitledLoginASByUID in PermissionLib
- Added new public method isEntitledLoginASByPersonId to PermissionLib
- Added new private method _inLAPersonIdsBlacklist to PermissionLib
- Fixed function cleanSessionElement in hlp_session_helper
- Added constants AUTHENTICATION_LOGOUT_PAGE and SESSION_LANDING_PAGE to AuthLib
- Fixed method loginLDAP in AuthLib
- Added public method redirectToLandingPage to AuthLib
- Renamed method _storeAuthObj to _storeSessionAuthObj in AuthLib
- Added private method _storeSessionLandingPage to AuthLib
- Added private method _redirectTemporarily to AuthLib
- It contains the following entries:
- List of permissions that are allowed to perform loginAs
- List of permissions that cannot be gained with loginAs
- List of users whose identity cannot be obtained with loginAs
- Removed config entries authentication_loginas_perms and authentication_loginas_blacklist from config file auth.php
- Added constants to PermissionLib: LOGINAS_ALLOWED, LOGINAS_BLACKLIST and LOGINAS_USERS_BLACKLIST
- PermissionLib loads the config file permission.php
- Added public method isEntitledLoginAS to PermissionLib
- Added private methods _inLAUsersBlacklist, _hasLANotAllowedPermissions and _hasLAPermissions to PermissionLib
- Added public method loginAS to AuthLib
- Fixed logout method in AuthLib
- Fixed loginLDAP method in AuthLib
- Changed LDAP_Model to a library: LDAPLib
- Removed controller system/Login
AuthLib:
- Added new private method _createAuthObjByPerson
- Moved config load from constructor to _authenticate
- Moved Person_Model load from constructor to _createAuthObjByPerson
- Removed method checkUserAuthByCode
- Removed method checkUserAuthByCodeEmail
- Adapted code to use LDAPLib
- LDAP_Model->getUserDN now returns errors with more information
- Login redirection is performed with HTTP code 302 instead of 301
- Fixed _checkHBALDAPAuthentication behavior
- AuthLib errors have more information
- Fixed paths in array authentication_login_pages in ayth.php
- Added new constants AUTHENTICATION_LOGIN and AUTHENTICATION_LOGIN_PAGES to AuthLib
- Added private method _redirectToLogin to AuthLib
- Better comments
- Added new configuration file ldap.php for LDAP connection
- Added new controller system/Login to manage logins
- Added new controller system/Logout to manage logout
- Added new core model LDAP_Model to manage LDAP connections
- Added new constants in config/constants for authentication
- Added new function getCode to hlp_message_helper
- Now core/Auth_Controller loads the AuthLib as first step
- Now PermissionLib does NOT load anymore the AuthLib
- Removed old logic from PermissionLib
- Now function getAuthUID (hlp_authentication_helper) does not load anymore the AuthLib
- Now REST_Controller loads hlp_message_helper and hlp_common_helper
- core/APIv1_Controller does NOT load anymore hlp_message_helper and hlp_common_helper
- Added new constants to AuthLib
- AuthLib constructor now accept a parameter to enable the authentication immediatly (default)
- AuthLib loads configuration file auth.php and Person_model by default
- Added public methods getAuthObj and logout to AuthLib
- Renamed CheckUserAuthByUsernamePassword to checkUserAuthByUsernamePassword, CheckUserAuthByCode to checkUserAuthByCode and CheckUserAuthByCodeEmail to checkUserAuthByCodeEmail in AuthLib
- Added private methods _createAuthObj, _isLogged, _showInvalidAuthentication, _showError, _checkBTAuthentication, _checkHBALDAPAuthentication, _checkLDAPAuthentication, _checkForeignAuthentication, _storeAuthObj and _authenticate to AuthLib
Harald Bamberger