/** * Provides login object created from POST-data * or null if login info is not (fully) present in the request. * * This function should be called only once (it will * return null on subsequent calls). * * @returns Login login instance recognized */ private function provideLogin(ServerConfig $serverConfig, LoginFactory $factory, Request $request) { $loginType = $request->getParameter("loginType"); $login = $request->getParameter('login'); $password = $request->getParameter('password'); $cosignCookie = $request->getParameter('cosignCookie'); // we don't need this info in the global scope anymore $request->clearParameter('login'); $request->clearParameter('password'); $request->clearParameter('cosignCookie'); if (empty($loginType)) { return null; } switch ($serverConfig->getLoginType()) { case 'password': $this->assertSecurity($loginType === 'password', "Wrong login type {$loginType}"); $this->assertSecurity($login !== null, 'Login field missing'); $this->assertSecurity($password !== null, 'Password field missing'); if ($login === '' || $password === '') { return null; } return $factory->newLoginUsingPassword($login, $password); break; case 'cosign': if ($loginType === 'cosigncookie') { if ($cosignCookie === '') { return null; } $cosignCookie = CosignServiceCookie::fixCookieValue($cosignCookie); return $factory->newLoginUsingCosignCookie(new CosignServiceCookie($serverConfig->getCosignCookieName(), $cosignCookie, $serverConfig->getServerName())); } else { if ($loginType == 'cosignpassword') { if ($login === null || $password === null) { return null; } return $factory->newLoginUsingCosignPassword($login, $password); } else { $this->assertSecurity(false, "Wrong loginType {$loginType}"); } } break; case 'cosignproxy': $this->assertSecurity($loginType === 'cosignproxy', "Wrong loginType {$loginType}"); return $factory->newLoginUsingCosignProxy($serverConfig->getCosignProxyDB(), $serverConfig->getCosignCookieName()); case 'nologin': $this->assertSecurity($loginType === 'nologin', "Wrong loginType {$loginType}"); return $factory->newNoLogin(); default: // TODO(ppershing): throw ConfigError assert(false); } }