/** * Attempt to log in using the given username and password. * * On a successful login, this function should return the username as 'uid' attribute, * and merged attributes from the configuration file. * On failure, it should throw an exception. A SimpleSAML_Error_Error('WRONGUSERPASS') * should be thrown in case of a wrong username OR a wrong password, to prevent the * enumeration of usernames. * * @param string $username The username the user wrote. * @param string $password The password the user wrote. * @return array Associative array with the users attributes. */ protected function login($username, $password) { assert('is_string($username)'); assert('is_string($password)'); foreach ($this->users as $userpass) { $matches = explode(':', $userpass, 2); if ($matches[0] == $username) { $crypted = $matches[1]; // This is about the only attribute we can add $attributes = array_merge(array('uid' => array($username)), $this->attributes); // Traditional crypt(3) if (crypt($password, $crypted) == $crypted) { SimpleSAML_Logger::debug('User ' . $username . ' authenticated successfully'); return $attributes; } // Apache's custom MD5 if (APR1_MD5::check($crypted, $password)) { SimpleSAML_Logger::debug('User ' . $username . ' authenticated successfully'); return $attributes; } // SHA1 or plain-text if (SimpleSAML\Utils\Crypto::pwValid($crypted, $password)) { SimpleSAML_Logger::debug('User ' . $username . ' authenticated successfully'); return $attributes; } throw new SimpleSAML_Error_Error('WRONGUSERPASS'); } } throw new SimpleSAML_Error_Error('WRONGUSERPASS'); }
/** * Attempt to log in using the given username and password. * * On a successful login, this function should return the users attributes. On failure, * it should throw an exception. If the error was caused by the user entering the wrong * username OR password, a SimpleSAML_Error_Error('WRONGUSERPASS') should be thrown. * * The username is UTF-8 encoded, and the hash is base64 encoded. * * @param string $username The username the user wrote. * @param string $password The password the user wrote. * @return array Associative array with the users attributes. */ protected function login($username, $password) { assert('is_string($username)'); assert('is_string($password)'); foreach ($this->users as $userpass => $attrs) { $matches = explode(':', $userpass, 2); if ($matches[0] === $username) { if (SimpleSAML\Utils\Crypto::pwValid($matches[1], $password)) { return $this->users[$userpass]; } else { SimpleSAML_Logger::debug('Incorrect password "' . $password . '" for user ' . $username); } } } throw new SimpleSAML_Error_Error('WRONGUSERPASS'); }
/** * Attempt to log in using the given username and password. * * On a successful login, this function should return the users attributes. On failure, * it should throw an exception. If the error was caused by the user entering the wrong * username or password, a SimpleSAML_Error_Error('WRONGUSERPASS') should be thrown. * * Note that both the username and the password are UTF-8 encoded. * * @param string $username The username the user wrote. * @param string $password The password the user wrote. * @return array Associative array with the users attributes. */ protected function login($username, $password) { assert('is_string($username)'); assert('is_string($password)'); $config = SimpleSAML_Configuration::getInstance(); $adminPassword = $config->getString('auth.adminpassword', '123'); if ($adminPassword === '123') { /* We require that the user changes the password. */ throw new SimpleSAML_Error_Error('NOTSET'); } if ($username !== "admin") { throw new SimpleSAML_Error_Error('WRONGUSERPASS'); } if (!SimpleSAML\Utils\Crypto::pwValid($adminPassword, $password)) { throw new SimpleSAML_Error_Error('WRONGUSERPASS'); } return array('user' => array('admin')); }