/**
* Save the associated user model
*
* Also, this clears out all password resets associated with the given user,
* if successful.
* @return type
*/
public function save()
{
if ($this->validate()) {
$this->userModel->password = PasswordUtil::createHash($this->password);
PasswordReset::model()->deleteAllByAttributes(array('userId' => $this->userModel->id));
return $this->userModel->update(array('password'));
}
return false;
}
public function testSave()
{
$user = $this->user('testUser');
$form = new PasswordResetForm($user);
$password = '******';
$form->password = $password;
$form->confirm = $form->password;
$form->save();
$user->refresh();
$this->assertTrue(PasswordUtil::validatePassword($password, $user->password));
$this->assertEquals(0, PasswordReset::model()->countByAttributes(array('userId' => $user->id)));
}
public function testSave()
{
$user = $this->user('testUser');
$form = new PasswordResetForm($user);
$password = '******';
$form->password = $password;
$form->confirm = $form->password;
$form->save();
$user->refresh();
$this->assertTrue(PasswordUtil::validatePassword($password, $user->password));
$this->assertEquals(0, PasswordReset::model()->countByAttributes(array('userId' => $user->id)));
// Test validation as well, as a "bonus", since there needn't be any
// fixture loading for it, and it thus saves a few seconds when running
// the test:
$form = new PasswordResetForm($user);
$passwords = array(false => array('n#6', 'ninininini'), true => array('D83*@)1', 'this that and the next thing'));
foreach ($passwords as $good => $passes) {
foreach ($passes as $pass) {
$form->password = $pass;
$form->confirm = $pass;
$this->assertEquals($good, $form->validate(array('password')));
}
}
}
/**
* Updates a particular model.
* If update is successful, the browser will be redirected to the 'view' page.
* @param integer $id the ID of the model to be updated
*/
public function actionUpdate($id)
{
$model = $this->loadModel($id);
$groups = array();
foreach (Groups::model()->findAll() as $group) {
$groups[$group->id] = CHtml::encode($group->name);
}
$selectedGroups = array();
foreach (GroupToUser::model()->findAllByAttributes(array('userId' => $model->id)) as $link) {
$selectedGroups[] = $link->groupId;
}
$roles = array();
foreach (Roles::model()->findAll() as $role) {
$roles[$role->id] = CHtml::encode($role->name);
}
$selectedRoles = array();
foreach (RoleToUser::model()->findAllByAttributes(array('userId' => $model->id)) as $link) {
$selectedRoles[] = $link->roleId;
}
// Uncomment the following line if AJAX validation is needed
// $this->performAjaxValidation($model);
if (!isset($model->userAlias)) {
$model->userAlias = $model->username;
}
if (isset($_POST['User'])) {
$old = $model->attributes;
$temp = $model->password;
$model->attributes = $_POST['User'];
if ($model->password != "") {
$model->password = PasswordUtil::createHash($model->password);
} else {
$model->password = $temp;
}
if (empty($model->userKey)) {
$model->userKey = substr(str_shuffle(str_repeat('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789', 32)), 0, 32);
}
if ($model->save()) {
$profile = $model->profile;
if (!empty($profile)) {
$profile->emailAddress = $model->emailAddress;
$profile->fullName = $model->firstName . ' ' . $model->lastName;
$profile->save();
}
if ($old['username'] != $model->username) {
$fieldRecords = Fields::model()->findAllByAttributes(array('fieldName' => 'assignedTo'));
$modelList = array();
foreach ($fieldRecords as $record) {
$modelList[$record->modelName] = $record->linkType;
}
foreach ($modelList as $modelName => $type) {
if ($modelName == 'Quotes') {
$modelName = "Quote";
}
if ($modelName == 'Products') {
$modelName = 'Product';
}
if (empty($type)) {
$list = X2Model::model($modelName)->findAllByAttributes(array('assignedTo' => $old['username']));
foreach ($list as $item) {
$item->assignedTo = $model->username;
$item->save();
}
} else {
$list = X2Model::model($modelName)->findAllBySql("SELECT * FROM " . X2Model::model($modelName)->tableName() . " WHERE assignedTo LIKE '%" . $old['username'] . "%'");
foreach ($list as $item) {
$assignedTo = explode(", ", $item->assignedTo);
$key = array_search($old['username'], $assignedTo);
if ($key >= 0) {
$assignedTo[$key] = $model->username;
}
$item->assignedTo = implode(", ", $assignedTo);
$item->save();
}
}
}
$profile = Profile::model()->findByAttributes(array('username' => $old['username']));
if (isset($profile)) {
$profile->username = $model->username;
$profile->save();
}
}
foreach (RoleToUser::model()->findAllByAttributes(array('userId' => $model->id)) as $link) {
$link->delete();
}
foreach (GroupToUser::model()->findAllByAttributes(array('userId' => $model->id)) as $link) {
$link->delete();
}
if (isset($_POST['roles'])) {
$roles = $_POST['roles'];
foreach ($roles as $role) {
$link = new RoleToUser();
$link->roleId = $role;
$link->type = "user";
$link->userId = $model->id;
$link->save();
}
}
if (isset($_POST['groups'])) {
$groups = $_POST['groups'];
foreach ($groups as $group) {
$link = new GroupToUser();
$link->groupId = $group;
$link->userId = $model->id;
$link->username = $model->username;
$link->save();
}
}
$this->redirect(array('view', 'id' => $model->id));
}
}
$this->render('update', array('model' => $model, 'groups' => $groups, 'roles' => $roles, 'selectedGroups' => $selectedGroups, 'selectedRoles' => $selectedRoles));
}
/**
* Changes the password for the user given by its record ID number.
* @param integer $id ID of the user to be updated.
*/
public function actionChangePassword($id)
{
if ($id === Yii::app()->user->getId()) {
$user = User::model()->findByPk($id);
if (isset($_POST['oldPassword'], $_POST['newPassword'], $_POST['newPassword2'])) {
$oldPass = $_POST['oldPassword'];
$newPass = $_POST['newPassword'];
$newPass2 = $_POST['newPassword2'];
if (PasswordUtil::validatePassword($oldPass, $user->password)) {
if ($newPass === $newPass2) {
$user->password = PasswordUtil::createHash($newPass);
// Ensure an alias is set so that validation succeeds
if (empty($user->userAlias)) {
$user->userAlias = $user->username;
}
$user->save();
$this->redirect($this->createUrl('/profile/view', array('id' => $id)));
}
} else {
Yii::app()->clientScript->registerScript('alertPassWrong', "alert('Old password is incorrect.');");
}
}
$this->render('changePassword', array('model' => $user));
}
}
public function testCreateSalt()
{
//Simple test to ensure salts are non-null and different with each call
$salt1 = PasswordUtil::createSalt();
$this->assertNotNull($salt1);
for ($i = 0; $i < 1000; $i++) {
$this->assertNotEquals(PasswordUtil::createSalt(), PasswordUtil::createSalt());
}
}
/**
* Sets the user for a stateless API request
*/
public function filterAuthenticate($filterChain)
{
// Check for the availability of authentication:
if (!isset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) && isset($_SERVER['HTTP_AUTHORIZATION'])) {
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
}
foreach (array('user', 'pw') as $field) {
$srvKey = 'PHP_AUTH_' . strtoupper($field);
if (!isset($_SERVER[$srvKey]) || empty($_SERVER[$srvKey])) {
$this->authFail("Missing user credentials: {$field}");
return;
}
${$field} = $_SERVER[$srvKey];
}
$userModel = User::model()->findByAlias($user);
// Invalid/not found
if (!$userModel instanceof User || !PasswordUtil::slowEquals($userModel->userKey, $pw)) {
$this->authFail("Invalid user credentials.");
} elseif (trim($userModel->userKey) == null) {
// Null user key = disabled
$this->authFail("API access has been disabled for the specified user.");
}
// Set user model and profile to respect permissions
Yii::app()->setSuModel($userModel);
$profile = $userModel->profile;
if ($profile instanceof Profile) {
Yii::app()->params->profile = $profile;
}
$filterChain->run();
}
public function authenticate($google = false)
{
$user = $this->getUserModel();
$isRealUser = $user instanceof User;
if ($isRealUser) {
$this->username = $user->username;
if ((int) $user->status === User::STATUS_INACTIVE) {
$this->errorCode = self::ERROR_DISABLED;
return false;
}
}
if (!$isRealUser) {
// username not found
$this->errorCode = self::ERROR_USERNAME_INVALID;
} elseif ($google) {
// Completely bypasses password-based authentication
$this->errorCode = self::ERROR_NONE;
$this->_id = $user->id;
return true;
} else {
if ($user->status == 0) {
// User has been disabled
$this->errorCode = self::ERROR_DISABLED;
return false;
}
$reEncrypt = false;
$isValid = false;
if (PasswordUtil::validatePassword($this->password, $user->password)) {
$isValid = true;
} else {
if (PasswordUtil::slowEquals(md5($this->password), $user->password)) {
//Oldest format
$isValid = true;
$reEncrypt = true;
} else {
if (PasswordUtil::slowEquals(crypt($this->password, '$5$rounds=32678$' . $user->password), '$5$rounds=32678$' . $user->password)) {
//Old format
$isValid = true;
$reEncrypt = true;
}
}
}
if ($isValid) {
$this->errorCode = self::ERROR_NONE;
$this->_id = $user->id;
if ($reEncrypt) {
$user->password = PasswordUtil::createHash($this->password);
$user->update(array('password'));
}
} else {
$this->errorCode = self::ERROR_PASSWORD_INVALID;
}
}
return $this->errorCode === self::ERROR_NONE;
}
public function testSlowEquals()
{
// Test null values
$a = null;
$b = null;
$this->assertFalse(PasswordUtil::slowEquals($a, $b));
// Test empty strings
$a = '';
$b = '';
$this->assertTrue(PasswordUtil::slowEquals($a, $b));
$a = '';
$b = null;
$this->assertFalse(PasswordUtil::slowEquals($a, $b));
$a = 'Array';
$b = array();
$this->assertFalse(PasswordUtil::slowEquals($a, $b));
$a = 'this is a string';
$b = 'this is a string';
$this->assertTrue(PasswordUtil::slowEquals($a, $b));
$a = 'this is a string';
$b = 'this is a string ';
$this->assertFalse(PasswordUtil::slowEquals($a, $b));
}
