public function authenticate()
{
if (!$this->_session) {
return $this;
}
if (!empty($_GET['return'])) {
$this->set('return_url', $_GET['return']);
}
if ($this->getUserId()) {
return $this;
}
if (!$this->controller()->isInstalled()) {
return $this;
}
try {
if (empty($_POST['username']) || empty($_POST['password'])) {
$this->controller()->setAction('login');
return $this;
}
$user = $this->_session->login($_POST['username'], $_POST['password']);
$this->_session->refreshAcl();
if (!$user->getId() || !$this->_session->isAllowed('all')) {
$this->addMessage('error', 'Invalid user name or password');
$this->controller()->setAction('login');
return $this;
}
} catch (Exception $e) {
$this->addMessage('error', $e->getMessage());
}
$this->controller()->redirect($this->controller()->url($this->controller()->getAction()) . '&loggedin', true);
}
/**
* Disabled form security in order to prevent exit from the app
* @magentoConfigFixture current_store admin/security/session_lifetime 59
*/
public function testIsLoggedInWithIgnoredLifetime()
{
//$this->_model->login(Magento_Test_Bootstrap::ADMIN_NAME, Magento_Test_Bootstrap::ADMIN_PASSWORD);
$this->_model->login('', '');
$this->assertTrue($this->_model->isLoggedIn());
$this->_model->setUpdatedAt(time() - 101);
$this->assertTrue($this->_model->isLoggedIn());
}
/**
* Authentication to downloader
*/
public function authenticate()
{
if (!$this->_session) {
return $this;
}
if (!empty($_GET['return'])) {
$this->set('return_url', $_GET['return']);
}
if ($this->_checkUserAccess()) {
return $this;
}
if (!$this->controller()->isInstalled()) {
return $this;
}
try {
if (isset($_POST['username']) && !$this->validateFormKey()) {
$this->controller()->redirect($this->controller()->url(), true);
}
if (isset($_POST['username']) && empty($_POST['username']) || isset($_POST['password']) && empty($_POST['password'])) {
$this->addMessage('error', 'Invalid user name or password');
}
if (empty($_POST['username']) || empty($_POST['password'])) {
$this->controller()->setAction('login');
return $this;
}
$user = $this->_session->login($_POST['username'], $_POST['password']);
$this->_session->refreshAcl();
if ($this->_checkUserAccess($user)) {
return $this;
}
} catch (Exception $e) {
$this->addMessage('error', $e->getMessage());
}
$this->controller()->redirect($this->controller()->url('loggedin'), true);
}
public function login($username, $password, $request = null)
{
$ip = Mage::app()->getRequest()->getClientIp();
$max = $this->_config('max', true);
//clear chache, as we store blacklist and whitelist.
Mage::app()->cleanCache('CONFIG');
if ($max && !$this->_inList('white', $ip)) {
if ($this->_inList('black', $ip)) {
return $this->_fault();
}
$attemptCnt = $this->_getFailedAttemptsCount($ip);
if ($attemptCnt > $max) {
return $this->_fault();
}
if ($attemptCnt == $max) {
$this->_createLoginResrtiction($ip, $username);
return $this->_fault();
}
}
return parent::login($username, $password, $request);
}
