refactor(m2mauth): add abstract class for mutualized code

Signed-off-by: Thierry Bugier <[email protected]>

Author: btry

front/mosquitto-authenticate.php renamed to front/mosquittoauth.php

@@ -32,13 +32,26 @@
  // Workaround CSRF checks
 $postData = $_POST;
 unset($_POST);
+
 include '../../../inc/includes.php';
 $plugin = new Plugin();
 if (!$plugin->isActivated('flyvemdm')) {
    http_response_code(404);
 }
+
+// Restore POST data
 $_POST = $postData;
 $flyvemdmM2mApi = new PluginFlyvemdmMosquittoAuth();
-$answer = $flyvemdmM2mApi->authenticate($_POST);
 
-http_response_code($answer);
+if (isset($_GET['authenticate'])) {
+   $answer = $flyvemdmM2mApi->authenticate($_POST);
+   http_response_code($answer);
+   die();
+}
+if (isset($_GET['authorize'])) {
+   $answer = $flyvemdmM2mApi->authorize($_POST);
+   http_response_code($answer);
+   die();
+}
+
+http_response_code(404);

inc/m2mauth.class.php

@@ -0,0 +1,58 @@
+<?php
+/**
+ * LICENSE
+ *
+ * Copyright © 2016-2018 Teclib'
+ * Copyright © 2010-2018 by the FusionInventory Development Team.
+ *
+ * This file is part of Flyve MDM Plugin for GLPI.
+ *
+ * Flyve MDM Plugin for GLPI is a subproject of Flyve MDM. Flyve MDM is a mobile
+ * device management software.
+ *
+ * Flyve MDM Plugin for GLPI is free software: you can redistribute it and/or
+ * modify it under the terms of the GNU Affero General Public License as published
+ * by the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * Flyve MDM Plugin for GLPI is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ * You should have received a copy of the GNU Affero General Public License
+ * along with Flyve MDM Plugin for GLPI. If not, see http://www.gnu.org/licenses/.
+ * ------------------------------------------------------------------------------
+ * @author    Thierry Bugier
+ * @copyright Copyright © 2018 Teclib
+ * @license   AGPLv3+ http://www.gnu.org/licenses/agpl.txt
+ * @link      https://github.com/flyve-mdm/glpi-plugin
+ * @link      https://flyve-mdm.com/
+ * ------------------------------------------------------------------------------
+ */
+
+if (!defined('GLPI_ROOT')) {
+   die("Sorry. You can't access this file directly");
+}
+
+abstract class PluginFlyvemdmM2mAuth implements PluginFlyvemdmM2mAuthInterface {
+
+   /**
+    * Checks the remote IP address matches the configured M2M server
+    */
+   protected function checkRemote() {
+      $remoteIp = Toolbox::getRemoteIpAddress();
+      $config = Config::getConfigurationValues('flyvemdm', ['mqtt_broker_internal_address']);
+
+      // Try assuming the internal address is an IP Address
+      if ($config['mqtt_broker_internal_address'] == $remoteIp) {
+         return true;
+      }
+
+      foreach (gethostbynamel($config['mqtt_broker_internal_address']) as $validIp) {
+         if ($remoteIp == $validIp) {
+            return true;
+         }
+      }
+
+      return false;
+   }
+}

inc/m2mauthinterface.class.php

@@ -43,4 +43,6 @@ interface PluginFlyvemdmM2mAuthInterface {
     * @return integer HTTP response code
     */
    public function authenticate($input);
+
+   public function authorize($input);
 }

inc/mosquittoauth.class.php

@@ -33,19 +33,17 @@
    die("Sorry. You can't access this file directly");
 }
 
-class PluginFlyvemdmMosquittoAuth implements PluginFlyvemdmM2mAuthInterface {
+class PluginFlyvemdmMosquittoAuth extends PluginFlyvemdmM2mAuth {
    public function authenticate($input) {
+      if (!$this->checkRemote()) {
+         return 403;
+      }
+
       if (!isset($input['username']) || !isset($input['password'])) {
          // No credentials or credentials incomplete
          return 404;
       }
 
-      $remoteIp = Toolbox::getRemoteIpAddress();
-      $config = Config::getConfigurationValues('flyvemdm', ['mqtt_broker_internal_address']);
-      if ($config['mqtt_broker_internal_address'] != $remoteIp) {
-         return 403;
-      }
-
       $mqttUser = new PluginFlyvemdmMqttUser();
       if (!$mqttUser->getByUser($input['username'])) {
          return 404;
@@ -55,6 +53,12 @@ public function authenticate($input) {
          return 200;
       }
 
+      return 404;
+   }
+
+   public function authorize($input) {
+
+
       return 404;
    }
 }

tests/suite-unit/PluginFlyvemdmMosquittoAuth.php

@@ -44,14 +44,19 @@ public function beforeTestMethod($method) {
                'user'      => 'john',
                'password'  => 'doe',
             ]);
+            $this->boolean($this->mqttUser->isNewItem())->isFalse('Failed to create a MQTT user');
             break;
       }
    }
 
    public function afterTestMethod($method) {
       switch ($method) {
          case 'testAuthenticate':
-            $this->mqttUser->delete($this->mqttUser->fields, 1);
+            $this->mqttUser->delete([
+                  'id' => $this->mqttUser->getID(),
+               ],
+               1
+            );
             break;
       }
    }
@@ -63,7 +68,7 @@ public function providerAuthenticate() {
                'username' => 'foo',
                'password' => 'bar',
             ],
-            'repoteIp' => '127.0.0.1',
+            'remoteIp' => '127.0.0.1',
             'expected' => [
                'httpCode' => '404',
             ]
@@ -73,7 +78,7 @@ public function providerAuthenticate() {
                'username' => 'john',
                'password' => 'doe',
             ],
-            'repoteIp' => '127.0.0.1',
+            'remoteIp' => '127.0.0.1',
             'expected' => [
                'httpCode' => '200',
             ]
@@ -83,7 +88,7 @@ public function providerAuthenticate() {
                'username' => 'john',
                'password' => 'bar',
             ],
-            'repoteIp' => '127.0.0.1',
+            'remoteIp' => '127.0.0.1',
             'expected' => [
                'httpCode' => '404',
             ]
@@ -93,7 +98,7 @@ public function providerAuthenticate() {
                'username' => 'john',
                'password' => 'doe',
             ],
-            'repoteIp' => '10.0.0.1',
+            'remoteIp' => '10.0.0.1',
             'expected' => [
                'httpCode' => '403',
             ]
@@ -103,6 +108,7 @@ public function providerAuthenticate() {
 
    /**
     * @dataProvider providerAuthenticate
+    * @engine inline
     */
    public function testAuthenticate($input, $remoteIp, $expected) {
       $backupServer = $_SERVER;