first commit

2025-06-17 11:53:18 +02:00
commit 9f0f7ba12b
8804 changed files with 1369176 additions and 0 deletions
--- a/plugins/authentication/joomla/joomla.xml
+++ b/plugins/authentication/joomla/joomla.xml
@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<extension type="plugin" group="authentication" method="upgrade">
+	<name>plg_authentication_joomla</name>
+	<author>Joomla! Project</author>
+	<creationDate>2005-11</creationDate>
+	<copyright>(C) 2005 Open Source Matters, Inc.</copyright>
+	<license>GNU General Public License version 2 or later; see LICENSE.txt</license>
+	<authorEmail>admin@joomla.org</authorEmail>
+	<authorUrl>www.joomla.org</authorUrl>
+	<version>3.0.0</version>
+	<description>PLG_AUTHENTICATION_JOOMLA_XML_DESCRIPTION</description>
+	<namespace path="src">Joomla\Plugin\Authentication\Joomla</namespace>
+	<files>
+		<folder plugin="joomla">services</folder>
+		<folder>src</folder>
+	</files>
+	<languages>
+		<language tag="en-GB">language/en-GB/plg_authentication_joomla.ini</language>
+		<language tag="en-GB">language/en-GB/plg_authentication_joomla.sys.ini</language>
+	</languages>
+</extension>
--- a/plugins/authentication/joomla/services/provider.php
+++ b/plugins/authentication/joomla/services/provider.php
@ -0,0 +1,50 @@
+<?php
+
+/**
+ * @package     Joomla.Plugin
+ * @subpackage  Authentication.joomla
+ *
+ * @copyright   (C) 2023 Open Source Matters, Inc. <https://www.joomla.org>
+ * @license     GNU General Public License version 2 or later; see LICENSE.txt
+ */
+
+\defined('_JEXEC') or die;
+
+use Joomla\CMS\Extension\PluginInterface;
+use Joomla\CMS\Factory;
+use Joomla\CMS\Plugin\PluginHelper;
+use Joomla\CMS\User\UserFactoryInterface;
+use Joomla\Database\DatabaseInterface;
+use Joomla\DI\Container;
+use Joomla\DI\ServiceProviderInterface;
+use Joomla\Event\DispatcherInterface;
+use Joomla\Plugin\Authentication\Joomla\Extension\Joomla;
+
+return new class () implements ServiceProviderInterface {
+    /**
+     * Registers the service provider with a DI container.
+     *
+     * @param   Container  $container  The DI container.
+     *
+     * @return  void
+     *
+     * @since   4.3.0
+     */
+    public function register(Container $container)
+    {
+        $container->set(
+            PluginInterface::class,
+            function (Container $container) {
+                $plugin = new Joomla(
+                    $container->get(DispatcherInterface::class),
+                    (array) PluginHelper::getPlugin('authentication', 'joomla')
+                );
+                $plugin->setApplication(Factory::getApplication());
+                $plugin->setDatabase($container->get(DatabaseInterface::class));
+                $plugin->setUserFactory($container->get(UserFactoryInterface::class));
+
+                return $plugin;
+            }
+        );
+    }
+};
--- a/plugins/authentication/joomla/src/Extension/Joomla.php
+++ b/plugins/authentication/joomla/src/Extension/Joomla.php
@ -0,0 +1,128 @@
+<?php
+
+/**
+ * @package     Joomla.Plugin
+ * @subpackage  Authentication.joomla
+ *
+ * @copyright   (C) 2006 Open Source Matters, Inc. <https://www.joomla.org>
+ * @license     GNU General Public License version 2 or later; see LICENSE.txt
+ */
+
+namespace Joomla\Plugin\Authentication\Joomla\Extension;
+
+use Joomla\CMS\Authentication\Authentication;
+use Joomla\CMS\Event\User\AuthenticationEvent;
+use Joomla\CMS\Plugin\CMSPlugin;
+use Joomla\CMS\User\UserFactoryAwareTrait;
+use Joomla\CMS\User\UserHelper;
+use Joomla\Database\DatabaseAwareTrait;
+use Joomla\Event\SubscriberInterface;
+
+// phpcs:disable PSR1.Files.SideEffects
+\defined('_JEXEC') or die;
+// phpcs:enable PSR1.Files.SideEffects
+
+/**
+ * Joomla Authentication plugin
+ *
+ * @since  1.5
+ */
+final class Joomla extends CMSPlugin implements SubscriberInterface
+{
+    use DatabaseAwareTrait;
+    use UserFactoryAwareTrait;
+
+    /**
+     * Returns an array of events this subscriber will listen to.
+     *
+     * @return  array
+     *
+     * @since   5.0.0
+     */
+    public static function getSubscribedEvents(): array
+    {
+        return ['onUserAuthenticate' => 'onUserAuthenticate'];
+    }
+
+    /**
+     * This method should handle any authentication and report back to the subject
+     *
+     * @param   AuthenticationEvent  $event    Authentication event
+     *
+     * @return  void
+     *
+     * @since   1.5
+     */
+    public function onUserAuthenticate(AuthenticationEvent $event)
+    {
+        $credentials = $event->getCredentials();
+        $response    = $event->getAuthenticationResponse();
+
+        $response->type = 'Joomla';
+
+        // Joomla does not like blank passwords
+        if (empty($credentials['password'])) {
+            $response->status        = Authentication::STATUS_FAILURE;
+            $response->error_message = $this->getApplication()->getLanguage()->_('JGLOBAL_AUTH_EMPTY_PASS_NOT_ALLOWED');
+
+            return;
+        }
+
+        $db    = $this->getDatabase();
+        $query = $db->getQuery(true)
+            ->select($db->quoteName(['id', 'password']))
+            ->from($db->quoteName('#__users'))
+            ->where($db->quoteName('username') . ' = :username')
+            ->bind(':username', $credentials['username']);
+
+        $db->setQuery($query);
+        $result = $db->loadObject();
+
+        if ($result) {
+            $match = UserHelper::verifyPassword($credentials['password'], $result->password, $result->id);
+
+            if ($match === true) {
+                // Bring this in line with the rest of the system
+                $user               = $this->getUserFactory()->loadUserById($result->id);
+                $response->email    = $user->email;
+                $response->fullname = $user->name;
+
+                // Set default status response to success
+                $_status       = Authentication::STATUS_SUCCESS;
+                $_errorMessage = '';
+
+                if ($this->getApplication()->isClient('administrator')) {
+                    $response->language = $user->getParam('admin_language');
+                } else {
+                    $response->language = $user->getParam('language');
+
+                    if ($this->getApplication()->get('offline') && !$user->authorise('core.login.offline')) {
+                        // User do not have access in offline mode
+                        $_status       = Authentication::STATUS_FAILURE;
+                        $_errorMessage = $this->getApplication()->getLanguage()->_('JLIB_LOGIN_DENIED');
+                    }
+                }
+
+                $response->status        = $_status;
+                $response->error_message = $_errorMessage;
+
+                // Stop event propagation when status is STATUS_SUCCESS
+                if ($response->status === Authentication::STATUS_SUCCESS) {
+                    $event->stopPropagation();
+                }
+            } else {
+                // Invalid password
+                $response->status        = Authentication::STATUS_FAILURE;
+                $response->error_message = $this->getApplication()->getLanguage()->_('JGLOBAL_AUTH_INVALID_PASS');
+            }
+        } else {
+            // Let's hash the entered password even if we don't have a matching user for some extra response time
+            // By doing so, we mitigate side channel user enumeration attacks
+            UserHelper::hashPassword($credentials['password']);
+
+            // Invalid user
+            $response->status        = Authentication::STATUS_FAILURE;
+            $response->error_message = $this->getApplication()->getLanguage()->_('JGLOBAL_AUTH_NO_USER');
+        }
+    }
+}