[!!] this Auth driver does not support roles nor autologin.
/**
* Extends the Kohana Auth ORM driver to give useradmin module extras
* @see Kohana_Auth_ORM::_login()
*/
protected function _login($user, $password, $remember)
{
if (!is_object($user)) {
$username = $user;
// Load the user
$user = ORM::factory('user');
$user->where($user->unique_key($username), '=', $username)->find();
}
// if there are too many recent failed logins, fail now
if ($this->_config["useradmin"]["max_failed_logins"] > 0 && $user->failed_login_count >= $this->_config["useradmin"]["max_failed_logins"] && strtotime($user->last_failed_login) > strtotime("-" . $this->_config["useradmin"]["login_jail_time"])) {
// do nothing, and fail (too many failed logins within {login_jail_time} minutes).
return FALSE;
}
// Loads default driver before extend the results
$status = parent::_login($user, $password, $remember);
if ($status) {
// Successful login
// Reset the login failed count
$user->failed_login_count = 0;
$user->save();
} else {
// Failed login
$user->failed_login_count = $user->failed_login_count + 1;
$user->last_failed_login = date("Y-m-d H:i:s");
// Verify if the user id if valid before save it
if (is_numeric($user->id) && $user->id != 0) {
$user->save();
}
}
return $status;
}
public function logout($destroy = FALSE, $logout_all = FALSE)
{
$settings = Kohana_Config::instance()->load("mmdb");
if (empty($settings->localMachine)) {
$user = $this->get_user();
if (!empty($user->kids_id)) {
setcookie("kidsessionid", null, -1, "/", ".nationalgeographic.com");
}
}
parent::logout($destroy, $logout_all);
}
/**
* Logs a user in.
*
* @param string email
* @param string password
* @param boolean enable autologin
* @return boolean
*/
protected function _login($email, $password, $remember)
{
$riverid_api = RiverID_API::instance();
// Fallback to local auth if user is in the exemption list
if (in_array($email, Kohana::$config->load('auth.exempt'))) {
return parent::_login($email, $password, $remember);
}
// Check if the email is registered on RiverID
if ($riverid_api->is_registered($email)) {
// Success! Proceed to sign in into RiverID
$login_response = $riverid_api->signin($email, $password);
if ($login_response and $login_response['status']) {
// Get the user object that matches the provided email and RiverID
$user = ORM::factory('user')->where('email', '=', $email)->where('riverid', '=', $login_response['user_id'])->find();
// User does not exist locally but authenticates via RiverID, create user
if (!$user->loaded()) {
// Check if the email is already registered locally
// If so, this will simply append a riverid
$user = ORM::factory('user')->where('email', '=', $email)->find();
// Only auto register if the site allows it
if (!(bool) Model_Setting::get_setting('public_registration_enabled') and !$user->loaded()) {
return FALSE;
}
$user->username = $user->email = $email;
$user->riverid = $login_response['user_id'];
$user->save();
// Allow the user be able to login immediately
$login_role = ORM::factory('role', array('name' => 'login'));
if (!$user->has('roles', $login_role)) {
$user->add('roles', $login_role);
}
}
// User exists locally and authenticates via RiverID so complete the login
if ($user->has('roles', ORM::factory('role', array('name' => 'login')))) {
if ($remember === TRUE) {
// Token data
$data = array('user_id' => $user->id, 'expires' => time() + $this->_config['lifetime'], 'user_agent' => sha1(Request::$user_agent));
// Create a new autologin token
$token = ORM::factory('user_token')->values($data)->create();
// Set the autologin cookie
Cookie::set('authautologin', $token->token, $this->_config['lifetime']);
}
// Finish the login
$this->complete_login($user);
return TRUE;
}
}
}
return FALSE;
}
/**
* Checks if a user logged in via an OAuth provider.
*
* @param string provider name (e.g. 'twitter', 'google', etc.)
* @return boolean
*/
public function logged_in_oauth($provider = NULL)
{
// For starters, the user needs to be logged in
if ( ! parent::logged_in())
return FALSE;
// Get the user from the session.
// Because parent::logged_in returned TRUE, we know this is a valid user ORM object.
$user = $this->get_user();
if ($provider !== NULL)
{
// Check for one specific OAuth provider
$provider = $provider.'_id';
return ! empty($user->$provider);
}
// Otherwise, just check the password field.
// We don't store passwords for OAuth users.
return empty($user->password);
}
