/**
* Authenticate a user.
* @param Zend_Controller_Request_Abstract $request The current request
* @param Zend_Controller_Response_Abstract $response The current response
* @return Array|Boolean User data, or FALSE
*/
public function authenticate(Zend_Controller_Request_Abstract $request, Zend_Controller_Response_Abstract $response)
{
$authVars = new Garp_Util_Configuration($this->_getAuthVars()->toArray());
$authVars->obligate('model')->obligate('identityColumn')->obligate('credentialColumn')->setDefault('hashMethod', 'MD5')->setDefault('salt', '');
if (!$request->getPost($authVars['identityColumn']) || !$request->getPost($authVars['credentialColumn'])) {
$this->_addError('Insufficient data received');
return false;
}
$identityValue = $request->getPost($authVars['identityColumn']);
$credentialValue = $request->getPost($authVars['credentialColumn']);
$ini = Zend_Registry::get('config');
$sessionColumns = null;
if (!empty($ini->auth->login->sessionColumns)) {
$sessionColumns = $ini->auth->login->sessionColumns;
$sessionColumns = explode(',', $sessionColumns);
}
$model = new Model_AuthLocal();
try {
$result = $model->tryLogin($identityValue, $credentialValue, $authVars, $sessionColumns);
return $result->toArray();
} catch (Garp_Auth_Adapter_Db_UserNotFoundException $e) {
$this->_addError('The email address is not found');
} catch (Garp_Auth_Adapter_Db_InvalidPasswordException $e) {
$this->_addError('The password is invalid');
}
return false;
}
/**
* BeforeUpdate callback
* @param Array $args
* @return Void
*/
public function beforeUpdate(array &$args)
{
$data =& $args[1];
$where = $args[2];
$authVars = Garp_Auth::getInstance()->getConfigValues('validateemail');
// Check if the email address is about to be changed, and wether we should respond to it
if (!empty($authVars['enabled']) && $authVars['enabled'] && array_key_exists('email', $data)) {
// Collect the current email addresses to see if they are to be changed
// @todo For now we assume that email is a unique value. This means that
// we use fetchRow instead of fetchAll.
// If this ever changes, fix this code.
$user = $this->fetchRow($this->select()->from($this->getName(), array('email'))->where($where));
if ($user && $user->email != $data['email']) {
$this->_validateEmail = true;
}
}
if (array_key_exists(self::IMAGE_URL_COLUMN, $data)) {
// Allow passing in of image URLs. These are downloaded and added as image_id
$data['image_id'] = $this->_grabRemoteImage($data[self::IMAGE_URL_COLUMN]);
unset($data[self::IMAGE_URL_COLUMN]);
}
// A password might be passed in, and needs to be passed to Model_AuthLocal
if (!empty($data[self::PASSWORD_COLUMN])) {
// $primaryKey = $this->info(self::PRIMARY);
// @note 'id' is the only valid primary key here. This might not be flexible enough
// in the future, in that case, use $this->info(self::PRIMARY) to fetch the primary key.
$primaryKey = 'id';
// Find all matches and create or update an AuthLocal record for them.
$matchedRecords = $this->fetchAll($this->select()->from($this->getName(), array($primaryKey))->where($where));
foreach ($matchedRecords as $matchedRecord) {
$thePrimaryKey = $matchedRecord->{$primaryKey};
$authLocalModel = new Model_AuthLocal();
// Check if an AuthLocal record already exists
$authLocalRecord = $authLocalModel->fetchRow($authLocalModel->select()->where('user_id = ?', $thePrimaryKey));
// If not, create a new one
if (!$authLocalRecord) {
$authLocalModel->insert(array('user_id' => $thePrimaryKey, 'password' => $data[self::PASSWORD_COLUMN]));
} else {
$authLocalRecord->{self::PASSWORD_COLUMN} = $data[self::PASSWORD_COLUMN];
$authLocalRecord->save();
}
}
// Remove the password key from the data to prevent an error
unset($data[self::PASSWORD_COLUMN]);
}
// If the role is not part of the data, fetch it live
if (empty($data[self::ROLE_COLUMN])) {
$rows = $this->fetchAll($where);
foreach ($rows as $row) {
if (!$this->_isRoleAllowed($row->{self::ROLE_COLUMN})) {
throw new Garp_Model_Exception(self::EXCEPTION_CANNOT_EDIT_GREATER_ROLE);
}
}
} else {
// Prevent admins from saving a user's role greater than their own.
if (!$this->_isRoleAllowed($data[self::ROLE_COLUMN])) {
throw new Garp_Model_Exception(self::EXCEPTION_CANNOT_EDIT_GREATER_ROLE);
}
}
}
/**
* Make an existing user admin
*
* @param array $args
* @return void
*/
public function make(array $args = array())
{
$userModel = new Model_User();
if (!empty($args)) {
$id = $args[0];
} else {
$id = Garp_Cli::prompt('What is the id or email address of the user?');
}
$select = $userModel->select();
if (is_numeric($id)) {
$filterColumn = 'id';
} else {
$filterColumn = 'email';
}
$select->where($filterColumn . ' = ?', $id);
$user = $userModel->fetchRow($select);
if (!$user) {
Garp_Cli::errorOut('Error: could not find user with ' . $filterColumn . ' ' . $id);
} else {
$user->role = 'admin';
if ($user->save()) {
// For completeness sake, check if the user has an AuthLocal
// record. We disregard the fact wether the user already has any
// of the other Auth- records.
$authLocalModel = new Model_AuthLocal();
$authLocalRecord = $authLocalModel->fetchRow($authLocalModel->select()->where('user_id = ?', $user->id));
if (!$authLocalRecord) {
$newAuthLocalData = array('password' => trim(Garp_Cli::prompt('Choose a password:'******'user_id' => $user->id);
$authLocalModel->insert($newAuthLocalData);
}
Garp_Cli::lineOut('User with ' . $filterColumn . ' ' . $id . ' is now administrator');
} else {
Garp_Cli::errorOut('Error: could not make user with ' . $filterColumn . ' ' . $id . ' administrator');
}
}
}
