Example #1
0
 public function authenticate($google = false)
 {
     $user = $this->getUserModel();
     $isRealUser = $user instanceof User;
     if ($isRealUser) {
         $this->username = $user->username;
         if ((int) $user->status === User::STATUS_INACTIVE) {
             $this->errorCode = self::ERROR_DISABLED;
             return false;
         }
     }
     if (!$isRealUser) {
         // username not found
         $this->errorCode = self::ERROR_USERNAME_INVALID;
     } elseif ($google) {
         // Completely bypasses password-based authentication
         $this->errorCode = self::ERROR_NONE;
         $this->_id = $user->id;
         return true;
     } else {
         if ($user->status == 0) {
             // User has been disabled
             $this->errorCode = self::ERROR_DISABLED;
             return false;
         }
         $reEncrypt = false;
         $isValid = false;
         if (PasswordUtil::validatePassword($this->password, $user->password)) {
             $isValid = true;
         } else {
             if (PasswordUtil::slowEquals(md5($this->password), $user->password)) {
                 //Oldest format
                 $isValid = true;
                 $reEncrypt = true;
             } else {
                 if (PasswordUtil::slowEquals(crypt($this->password, '$5$rounds=32678$' . $user->password), '$5$rounds=32678$' . $user->password)) {
                     //Old format
                     $isValid = true;
                     $reEncrypt = true;
                 }
             }
         }
         if ($isValid) {
             $this->errorCode = self::ERROR_NONE;
             $this->_id = $user->id;
             if ($reEncrypt) {
                 $user->password = PasswordUtil::createHash($this->password);
                 $user->update(array('password'));
             }
         } else {
             $this->errorCode = self::ERROR_PASSWORD_INVALID;
         }
     }
     return $this->errorCode === self::ERROR_NONE;
 }
Example #2
0
 public function testSlowEquals()
 {
     // Test null values
     $a = null;
     $b = null;
     $this->assertFalse(PasswordUtil::slowEquals($a, $b));
     // Test empty strings
     $a = '';
     $b = '';
     $this->assertTrue(PasswordUtil::slowEquals($a, $b));
     $a = '';
     $b = null;
     $this->assertFalse(PasswordUtil::slowEquals($a, $b));
     $a = 'Array';
     $b = array();
     $this->assertFalse(PasswordUtil::slowEquals($a, $b));
     $a = 'this is a string';
     $b = 'this is a string';
     $this->assertTrue(PasswordUtil::slowEquals($a, $b));
     $a = 'this is a string';
     $b = 'this is a string ';
     $this->assertFalse(PasswordUtil::slowEquals($a, $b));
 }
Example #3
0
 /**
  * Sets the user for a stateless API request
  */
 public function filterAuthenticate($filterChain)
 {
     // Check for the availability of authentication:
     if (!isset($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) && isset($_SERVER['HTTP_AUTHORIZATION'])) {
         list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($_SERVER['HTTP_AUTHORIZATION'], 6)));
     }
     foreach (array('user', 'pw') as $field) {
         $srvKey = 'PHP_AUTH_' . strtoupper($field);
         if (!isset($_SERVER[$srvKey]) || empty($_SERVER[$srvKey])) {
             $this->authFail("Missing user credentials: {$field}");
             return;
         }
         ${$field} = $_SERVER[$srvKey];
     }
     $userModel = User::model()->findByAlias($user);
     // Invalid/not found
     if (!$userModel instanceof User || !PasswordUtil::slowEquals($userModel->userKey, $pw)) {
         $this->authFail("Invalid user credentials.");
     } elseif (trim($userModel->userKey) == null) {
         // Null user key = disabled
         $this->authFail("API access has been disabled for the specified user.");
     }
     // Set user model and profile to respect permissions
     Yii::app()->setSuModel($userModel);
     $profile = $userModel->profile;
     if ($profile instanceof Profile) {
         Yii::app()->params->profile = $profile;
     }
     $filterChain->run();
 }