/**
* Attempt to log in using the given username and password.
*
* On a successful login, this function should return the username as 'uid' attribute,
* and merged attributes from the configuration file.
* On failure, it should throw an exception. A SimpleSAML_Error_Error('WRONGUSERPASS')
* should be thrown in case of a wrong username OR a wrong password, to prevent the
* enumeration of usernames.
*
* @param string $username The username the user wrote.
* @param string $password The password the user wrote.
* @return array Associative array with the users attributes.
*/
protected function login($username, $password)
{
assert('is_string($username)');
assert('is_string($password)');
foreach ($this->users as $userpass) {
$matches = explode(':', $userpass, 2);
if ($matches[0] == $username) {
$crypted = $matches[1];
// This is about the only attribute we can add
$attributes = array_merge(array('uid' => array($username)), $this->attributes);
// Traditional crypt(3)
if (crypt($password, $crypted) == $crypted) {
SimpleSAML_Logger::debug('User ' . $username . ' authenticated successfully');
return $attributes;
}
// Apache's custom MD5
if (APR1_MD5::check($crypted, $password)) {
SimpleSAML_Logger::debug('User ' . $username . ' authenticated successfully');
return $attributes;
}
// SHA1 or plain-text
if (SimpleSAML\Utils\Crypto::pwValid($crypted, $password)) {
SimpleSAML_Logger::debug('User ' . $username . ' authenticated successfully');
return $attributes;
}
throw new SimpleSAML_Error_Error('WRONGUSERPASS');
}
}
throw new SimpleSAML_Error_Error('WRONGUSERPASS');
}
/**
* Attempt to log in using the given username and password.
*
* On a successful login, this function should return the users attributes. On failure,
* it should throw an exception. If the error was caused by the user entering the wrong
* username OR password, a SimpleSAML_Error_Error('WRONGUSERPASS') should be thrown.
*
* The username is UTF-8 encoded, and the hash is base64 encoded.
*
* @param string $username The username the user wrote.
* @param string $password The password the user wrote.
* @return array Associative array with the users attributes.
*/
protected function login($username, $password)
{
assert('is_string($username)');
assert('is_string($password)');
foreach ($this->users as $userpass => $attrs) {
$matches = explode(':', $userpass, 2);
if ($matches[0] === $username) {
if (SimpleSAML\Utils\Crypto::pwValid($matches[1], $password)) {
return $this->users[$userpass];
} else {
SimpleSAML_Logger::debug('Incorrect password "' . $password . '" for user ' . $username);
}
}
}
throw new SimpleSAML_Error_Error('WRONGUSERPASS');
}
/**
* Attempt to log in using the given username and password.
*
* On a successful login, this function should return the users attributes. On failure,
* it should throw an exception. If the error was caused by the user entering the wrong
* username or password, a SimpleSAML_Error_Error('WRONGUSERPASS') should be thrown.
*
* Note that both the username and the password are UTF-8 encoded.
*
* @param string $username The username the user wrote.
* @param string $password The password the user wrote.
* @return array Associative array with the users attributes.
*/
protected function login($username, $password)
{
assert('is_string($username)');
assert('is_string($password)');
$config = SimpleSAML_Configuration::getInstance();
$adminPassword = $config->getString('auth.adminpassword', '123');
if ($adminPassword === '123') {
/* We require that the user changes the password. */
throw new SimpleSAML_Error_Error('NOTSET');
}
if ($username !== "admin") {
throw new SimpleSAML_Error_Error('WRONGUSERPASS');
}
if (!SimpleSAML\Utils\Crypto::pwValid($adminPassword, $password)) {
throw new SimpleSAML_Error_Error('WRONGUSERPASS');
}
return array('user' => array('admin'));
}
