Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authentication Hook #3401

Merged
merged 1 commit into from
Mar 28, 2018
Merged

Authentication Hook #3401

merged 1 commit into from
Mar 28, 2018

Conversation

b1zzu
Copy link

@b1zzu b1zzu commented Mar 28, 2018

With this patch, we have created a new Hook that allows modules to authenticate the user in third-party applications during login and logout actions.

The implementation of the onLogin and onLogout methods of the hook are not mandatory.

A use case is to authenticate the user in grafana trough the login of icingaweb.
This is an example of how we have implemented the AuthenticationHook for Grafana.

<?php

namespace Icinga\Module\Analytics\ProvidedHook;

use Icinga\Application\Hook\AuthenticationHook;
use Icinga\Application\Logger;
use Icinga\User;

class Authentication extends AuthenticationHook
{
    const GRAFANA_SESS = "grafana_sess";

    public function onLogin(User $user)
    {
        $ch = curl_init();

        curl_setopt($ch, CURLOPT_URL, "http://localhost:3000/login");
        curl_setopt($ch, CURLOPT_HTTPHEADER, array(sprintf("X-WEBAUTH-USER: %s", $user->getUsername())));
        curl_setopt($ch, CURLOPT_HEADER, true);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

        if (!$result = curl_exec($ch)) {
            // don't fail but log the possible errors
            Logger::error(new \Exception(curl_error($ch)));
            return;
        }

        $preg = sprintf('/^\s*Set-Cookie:\s+%s=(.*?);.*$/mi', self::GRAFANA_SESS);
        preg_match($preg, $result, $matches);

        if (count($matches) < 2) {
            Logger::error(new \Exception("Login to grafana did not return any grafana_sess"));
            return;
        }

        $session = $matches[1];

        if (!setcookie(self::GRAFANA_SESS, $session, 0, "/grafana", null, false, true)) {
            Logger::error(new \Exception("Failed to set grafana_sess"));
            return;
        }

        return;
    }

    public function onLogout(User $_)
    {
        // remove the cookie by set it to null
        // this will remove this cookie from all tabs and windows
        // but this will not logout the user from different browsers or devices
        if (!setcookie(self::GRAFANA_SESS, null, 0, "/grafana", null, false, true)) {
            Logger::error(new \Exception("Failed to set grafana_sess"));
            return;
        }

        return;
    }
}

@lippserd lippserd added this to the 2.6.0 milestone Mar 28, 2018
@b1zzu b1zzu force-pushed the feature/authentication-hook branch from f37b21d to 4729642 Compare March 28, 2018 14:15
Add AuthenticationHook
8b5fe61 
Created AuthenticationHook class with two main methods: onLogin and
onLogout that are called after login and before logout.
@b1zzu b1zzu force-pushed the feature/authentication-hook branch from 4729642 to 8b5fe61 Compare March 28, 2018 14:18
lippserd
lippserd approved these changes Mar 28, 2018
View reviewed changes
Copy link
Member

@lippserd lippserd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi,

Thanks for the idea and the PR. I like the method names and the fact that Hook::all() is handled in the Hook itself. Good job 👍

Cheers,
Eric

@lippserd lippserd merged commit 382dac3 into Icinga:master Mar 28, 2018
@nilmerg nilmerg modified the milestones: 2.6.0, 2.5.2 Apr 25, 2018
@dupondje dupondje mentioned this pull request Apr 27, 2018
Closed
@lippserd lippserd mentioned this pull request May 7, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lippserd lippserd lippserd approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.5.2
Development

Successfully merging this pull request may close these issues.
3 participants
@b1zzu @lippserd @nilmerg