Example #1
0
 /**
  * authentication
  *
  * @param string $_username
  * @param string $_password
  */
 public function authenticate($_username, $_password)
 {
     $authResult = Tinebase_Auth::getInstance()->authenticate($_username, $_password);
     if ($authResult->isValid()) {
         $accountsController = Tinebase_User::getInstance();
         try {
             $account = $accountsController->getFullUserByLoginName($authResult->getIdentity());
         } catch (Tinebase_Exception_NotFound $e) {
             echo 'account ' . $authResult->getIdentity() . ' not found in account storage' . "\n";
             exit;
         }
         Tinebase_Core::set('currentAccount', $account);
         $ipAddress = '127.0.0.1';
         $account->setLoginTime($ipAddress);
         Tinebase_AccessLog::getInstance()->create(new Tinebase_Model_AccessLog(array('sessionid' => 'cli call', 'login_name' => $authResult->getIdentity(), 'ip' => $ipAddress, 'li' => Tinebase_DateTime::now()->get(Tinebase_Record_Abstract::ISO8601LONG), 'lo' => Tinebase_DateTime::now()->get(Tinebase_Record_Abstract::ISO8601LONG), 'result' => $authResult->getCode(), 'account_id' => Tinebase_Core::getUser()->getId(), 'clienttype' => 'TineCli')));
     } else {
         echo "Wrong username and/or password.\n";
         exit;
     }
 }
Example #2
0
 /**
  * factory function to return a selected authentication backend class
  *
  * @param   string $type
  * @return  Tinebase_Auth_Interface
  * @throws  Tinebase_Exception_InvalidArgument
  */
 public static function factory($_type)
 {
     switch ($_type) {
         case Tinebase_Auth::LDAP:
             $options = array('ldap' => Tinebase_Auth::getBackendConfiguration());
             //only pass ldap options without e.g. sql options
             $instance = new Tinebase_Auth_Ldap($options);
             break;
         case Tinebase_Auth::SQL:
             $instance = new Tinebase_Auth_Sql(Tinebase_Core::getDb(), SQL_TABLE_PREFIX . 'accounts', 'login_name', 'password', 'MD5(?)');
             break;
         case Tinebase_Auth::IMAP:
             $options = array(Tinebase_Auth::getBackendConfiguration());
             $instance = new Tinebase_Auth_Imap($options);
             break;
         default:
             throw new Tinebase_Exception_InvalidArgument('Unknown authentication backend');
             break;
     }
     return $instance;
 }
 /**
  * Getter for {@see $_backendConfiguration}
  * 
  * @param boolean $_getConfiguredBackend
  * @return mixed [If {@param $_key} is set then only the specified option is returned, otherwise the whole options hash]
  */
 public static function getBackendConfiguration($_key = null, $_default = null)
 {
     //lazy loading for $_backendConfiguration
     if (!isset(self::$_backendConfiguration)) {
         if (Tinebase_Application::getInstance()->isInstalled('Tinebase')) {
             $rawBackendConfiguration = Tinebase_Config::getInstance()->get(Tinebase_Config::AUTHENTICATIONBACKEND, new Tinebase_Config_Struct())->toArray();
         } else {
             $rawBackendConfiguration = array();
         }
         self::$_backendConfiguration = is_array($rawBackendConfiguration) ? $rawBackendConfiguration : Zend_Json::decode($rawBackendConfiguration);
         if (!empty(self::$_backendConfiguration['password'])) {
             Tinebase_Core::getLogger()->getFormatter()->addReplacement(self::$_backendConfiguration['password']);
         }
     }
     if (isset($_key)) {
         return isset(self::$_backendConfiguration[$_key]) || array_key_exists($_key, self::$_backendConfiguration) ? self::$_backendConfiguration[$_key] : $_default;
     } else {
         return self::$_backendConfiguration;
     }
 }
Example #4
0
 /**
  * @return string The short account domain name
  */
 protected function _getAccountDomainNameShort()
 {
     return Tinebase_Auth::getBackendConfiguration('accountDomainNameShort', NULL);
 }
Example #5
0
 /**
  * send lost password mail
  *
  * @param   string $_username
  * @return  bool
  * 
  * @todo    add more texts to mail views & translate mails
  */
 public function sendLostPasswordMail($_username)
 {
     // get full user
     $fullAccount = Tinebase_User::getInstance()->getFullUserByLoginName($_username);
     // generate new password
     $newPassword = $this->generatePassword();
     // save new password in user
     Tinebase_Auth::getInstance()->setPassword($_username, $newPassword, $newPassword);
     // send lost password mail
     $mail = new Tinebase_Mail('UTF-8');
     $mail->setSubject("New password for Tine 2.0");
     // get name from user
     //$recipientName = $fullAccount->accountFirstName." ".$fullAccount->accountLastName;
     $recipientName = $fullAccount->accountFullName;
     // get email from user
     $recipientEmail = $fullAccount->accountEmailAddress;
     // get plain and html message from views
     //-- translate text and insert correct link
     $view = new Zend_View();
     $view->setScriptPath(dirname(dirname(__FILE__)) . DIRECTORY_SEPARATOR . 'views');
     $view->mailTextWelcome = "We generated a new password for you ...";
     $view->newPassword = $newPassword;
     $messagePlain = $view->render('lostpwMailPlain.php');
     $mail->setBodyText($messagePlain);
     $messageHtml = $view->render('lostpwMailHtml.php');
     if ($messageHtml !== NULL) {
         $mail->setBodyHtml($messageHtml);
     }
     $mail->addHeader('X-MailGenerator', 'Tine 2.0');
     $mail->setFrom('*****@*****.**', 'Tine 2.0 Webmaster');
     if (!empty($recipientEmail)) {
         if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
             Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' send lost password email to ' . $recipientEmail);
         }
         $mail->addTo($recipientEmail, $recipientName);
         $mail->send();
         return true;
     }
     return false;
 }
 /**
  * try to reset password
  */
 public function testResetPassword()
 {
     $userArray = $this->testSaveAccount();
     $this->_json->resetPassword($userArray, 'password', false);
     $authResult = Tinebase_Auth::getInstance()->authenticate($this->objects['user']->accountLoginName, 'password');
     $this->assertTrue($authResult->isValid());
 }
 /**
  *
  * get auth provider data
  *
  * @return array
  *
  * @todo get this from config table instead of file!
  */
 protected function _getAuthProviderData()
 {
     $result = Tinebase_Auth::getBackendConfigurationWithDefaults(Setup_Core::get(Setup_Core::CHECKDB));
     $result['backend'] = Setup_Core::get(Setup_Core::CHECKDB) ? Tinebase_Auth::getConfiguredBackend() : Tinebase_Auth::SQL;
     return $result;
 }
Example #8
0
 /**
  * try to reset password
  *
  */
 public function testResetPassword()
 {
     $this->_json->resetPassword($this->objects['user']->toArray(), 'password', FALSE);
     $authResult = Tinebase_Auth::getInstance()->authenticate($this->objects['user']->accountLoginName, 'password');
     $this->assertTrue($authResult->isValid());
 }
 /**
  * change user password
  *
  * @param string $_oldPassword
  * @param string $_newPassword
  * @throws  Tinebase_Exception_AccessDenied
  * @throws  Tinebase_Exception_InvalidArgument
  */
 public function changePassword($_oldPassword, $_newPassword)
 {
     if (!Tinebase_Config::getInstance()->get(Tinebase_Config::PASSWORD_CHANGE, TRUE)) {
         throw new Tinebase_Exception_AccessDenied('Password change not allowed.');
     }
     $loginName = Tinebase_Core::getUser()->accountLoginName;
     if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
         Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . " change password for {$loginName}");
     }
     if (!Tinebase_Auth::getInstance()->isValidPassword($loginName, $_oldPassword)) {
         throw new Tinebase_Exception_InvalidArgument('Old password is wrong.');
     }
     Tinebase_User::getInstance()->setPassword(Tinebase_Core::getUser(), $_newPassword, true, false);
 }
 /**
  * testInstallAdminAccountOptions
  */
 public function testInstallAdminAccountOptions()
 {
     $this->_uninstallAllApplications();
     $this->_uit->installApplications(array('Tinebase'), array('adminLoginName' => 'phpunit-admin', 'adminPassword' => 'phpunit-password'));
     $adminUser = Tinebase_User::getInstance()->getFullUserByLoginName('phpunit-admin');
     $this->assertTrue($adminUser instanceof Tinebase_Model_User);
     $this->assertNull(Tinebase_Auth::getBackendConfiguration('adminLoginName'));
     $this->assertNull(Tinebase_Auth::getBackendConfiguration('adminPassword'));
     $this->assertNull(Tinebase_Auth::getBackendConfiguration('adminConfirmation'));
     // cleanup
     $this->_uninstallAllApplications();
 }
Example #11
0
 /**
  * change user password
  *
  * @param string $_oldPassword
  * @param string $_newPassword
  * @throws  Tinebase_Exception_AccessDenied
  * @throws  Tinebase_Exception_InvalidArgument
  */
 public function changePassword($_oldPassword, $_newPassword)
 {
     //error_log(print_r(Tinebase_Core::getUser()->toArray(), true));
     // check config setting
     if (!Tinebase_User::getBackendConfiguration('changepw', true)) {
         throw new Tinebase_Exception_AccessDenied('Password change not allowed.');
     }
     $loginName = Tinebase_Core::getUser()->accountLoginName;
     if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
         Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . " change password for {$loginName}");
     }
     if (!Tinebase_Auth::getInstance()->isValidPassword($loginName, $_oldPassword)) {
         throw new Tinebase_Exception_InvalidArgument('Old password is wrong.');
     }
     Tinebase_User::getInstance()->setPassword(Tinebase_Core::getUser(), $_newPassword, true, false);
 }
 /**
  * @see 0011366: support privacyIdea authentication
  */
 public function testSecondFactor()
 {
     $result = Tinebase_Auth::validateSecondFactor('phil', 'phil', array('active' => true, 'provider' => 'Mock', 'url' => 'https://localhost/validate/check'));
     $this->assertEquals(Tinebase_Auth::SUCCESS, $result);
 }
 /**
  * returns TRUE if user has to change his/her password (compare sambaSAM->pwdMustChange with Tinebase_DateTime::now())
  *
  * TODO switch check AUTH backend?
  *
  * @return boolean
  */
 public function mustChangePassword()
 {
     switch (Tinebase_User::getConfiguredBackend()) {
         case Tinebase_User::ACTIVEDIRECTORY:
             return $this->_sambaSamPasswordChangeNeeded();
             break;
         case Tinebase_User::LDAP:
             return $this->_sambaSamPasswordChangeNeeded();
             break;
         default:
             if (Tinebase_Auth::getConfiguredBackend() === Tinebase_Auth::SQL) {
                 return $this->_sqlPasswordChangeNeeded();
             } else {
                 // no pw change needed for non-sql auth backends
                 return false;
             }
             break;
     }
 }
Example #14
0
 /**
  * Getter for {@see $_backendConfiguration}
  * 
  * @param boolean $_getConfiguredBackend
  * @return mixed [If {@param $_key} is set then only the specified option is returned, otherwise the whole options hash]
  */
 public static function getBackendConfiguration($_key = null, $_default = null)
 {
     //lazy loading for $_backendConfiguration
     if (!isset(self::$_backendConfiguration)) {
         if (Setup_Controller::getInstance()->isInstalled('Tinebase')) {
             $rawBackendConfiguration = Tinebase_Config::getInstance()->getConfig(Tinebase_Config::AUTHENTICATIONBACKEND, null, array())->value;
         } else {
             $rawBackendConfiguration = array();
         }
         self::$_backendConfiguration = is_array($rawBackendConfiguration) ? $rawBackendConfiguration : Zend_Json::decode($rawBackendConfiguration);
     }
     if (isset($_key)) {
         return array_key_exists($_key, self::$_backendConfiguration) ? self::$_backendConfiguration[$_key] : $_default;
     } else {
         return self::$_backendConfiguration;
     }
 }
 /**
  * test imap authentication
  */
 public function testImapAuth()
 {
     // use imap config for the auth config
     $imapConfig = Tinebase_Config::getInstance()->get(Tinebase_Config::IMAP, new Tinebase_Config_Struct())->toArray();
     if (empty($imapConfig)) {
         $this->markTestSkipped('No IMAP config found.');
     }
     $authConfig = array('host' => $imapConfig['host'], 'port' => $imapConfig['port'], 'ssl' => $imapConfig['ssl'], 'domain' => $imapConfig['domain']);
     Tinebase_Auth::setBackendType(Tinebase_Auth::IMAP);
     Tinebase_Auth::setBackendConfiguration($authConfig);
     Tinebase_Auth::saveBackendConfiguration();
     Tinebase_Auth::getInstance()->setBackend();
     $this->assertEquals(Tinebase_Auth::IMAP, Tinebase_Auth::getConfiguredBackend());
     $testCredentials = TestServer::getInstance()->getTestCredentials();
     // valid authentication
     $authResult = Tinebase_Auth::getInstance()->authenticate($testCredentials['username'], $testCredentials['password']);
     $this->assertTrue($authResult->isValid());
     // invalid authentication
     $authResult = Tinebase_Auth::getInstance()->authenticate($testCredentials['username'], 'some pw');
     $this->assertFalse($authResult->isValid());
     $this->assertEquals(Tinebase_Auth::FAILURE_CREDENTIAL_INVALID, $authResult->getCode());
     $this->assertEquals(array('Invalid credentials for user ' . $this->_getEmailAddress(), ''), $authResult->getMessages());
 }
 /**
  * update to 2.6
  * - move authentication storage configuration from config.inc.php to config db table
  *  
  */
 public function update_5()
 {
     $config = Setup_Controller::getInstance()->getConfigData();
     if (!empty($config['authentication'])) {
         if (empty($config['authentication']['backend'])) {
             $config['authentication']['backend'] = 'Sql';
         }
         $backendType = ucfirst($config['authentication']['backend']);
         Tinebase_Auth::setBackendType($backendType);
         //add default config settings
         $defaultConfig = Tinebase_Auth::getBackendConfigurationDefaults($backendType);
         Tinebase_Auth::setBackendConfiguration($defaultConfig);
         //override default settings with config.inc.php settings
         if (!empty($config['authentication'][$config['authentication']['backend']])) {
             if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
                 Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' Setting config: ' . print_r($config['authentication'][$config['authentication']['backend']], TRUE));
             }
             Tinebase_Auth::setBackendConfiguration($config['authentication'][$config['authentication']['backend']]);
         }
         Tinebase_Auth::saveBackendConfiguration();
     }
     $this->setApplicationVersion('Tinebase', '2.6');
 }
 /**
  * get anonymous registry
  * 
  * @return array
  */
 protected function _getAnonymousRegistryData()
 {
     $locale = Tinebase_Core::get('locale');
     $tbFrontendHttp = new Tinebase_Frontend_Http();
     // default credentials
     if (isset(Tinebase_Core::getConfig()->login)) {
         $loginConfig = Tinebase_Core::getConfig()->login;
         $defaultUsername = isset($loginConfig->username) ? $loginConfig->username : '';
         $defaultPassword = isset($loginConfig->password) ? $loginConfig->password : '';
     } else {
         $defaultUsername = '';
         $defaultPassword = '';
     }
     $symbols = Zend_Locale::getTranslationList('symbols', $locale);
     $registryData = array('modSsl' => Tinebase_Auth::getConfiguredBackend() == Tinebase_Auth::MODSSL, 'serviceMap' => $tbFrontendHttp->getServiceMap(), 'locale' => array('locale' => $locale->toString(), 'language' => Zend_Locale::getTranslation($locale->getLanguage(), 'language', $locale), 'region' => Zend_Locale::getTranslation($locale->getRegion(), 'country', $locale)), 'version' => array('buildType' => TINE20_BUILDTYPE, 'codeName' => TINE20_CODENAME, 'packageString' => TINE20_PACKAGESTRING, 'releaseTime' => TINE20_RELEASETIME, 'filesHash' => TINE20_BUILDTYPE != 'DEVELOPMENT' ? $tbFrontendHttp->getJsCssHash() : null), 'defaultUsername' => $defaultUsername, 'defaultPassword' => $defaultPassword, 'denySurveys' => Tinebase_Core::getConfig()->denySurveys, 'titlePostfix' => Tinebase_Config::getInstance()->get(Tinebase_Config::PAGETITLEPOSTFIX), 'redirectUrl' => Tinebase_Config::getInstance()->get(Tinebase_Config::REDIRECTURL), 'helpUrl' => Tinebase_Core::getConfig()->helpUrl, 'maxFileUploadSize' => Tinebase_Helper::convertToBytes(ini_get('upload_max_filesize')), 'maxPostSize' => Tinebase_Helper::convertToBytes(ini_get('post_max_size')), 'thousandSeparator' => $symbols['group'], 'decimalSeparator' => $symbols['decimal'], 'filesystemAvailable' => Tinebase_Core::isFilesystemAvailable());
     if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) {
         Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' Anonymous registry: ' . print_r($registryData, TRUE));
     }
     return $registryData;
 }
 /**
  * validate is authentication was successful, user object is available and user is not expired
  * 
  * @param Zend_Auth_Result $authResult
  * @param Tinebase_Model_AccessLog $accessLog
  * @return boolean|Tinebase_Model_FullUser
  */
 protected function _validateAuthResult(Zend_Auth_Result $authResult, Tinebase_Model_AccessLog $accessLog)
 {
     // authentication failed
     if ($accessLog->result !== Tinebase_Auth::SUCCESS) {
         $this->_loginFailed($authResult, $accessLog);
         return false;
     }
     // try to retrieve user from accounts backend
     $user = $this->_getLoginUser($authResult->getIdentity(), $accessLog);
     if ($accessLog->result !== Tinebase_Auth::SUCCESS || !$user) {
         if ($user) {
             $accessLog->account_id = $user->getId();
         }
         $this->_loginFailed($authResult, $accessLog);
         return false;
     }
     // check if user is expired or blocked
     $this->_checkUserStatus($user, $accessLog);
     if ($accessLog->result !== Tinebase_Auth::SUCCESS) {
         $this->_loginFailed($authResult, $accessLog);
         return false;
     }
     // 2nd factor
     $secondFactorConfig = Tinebase_Config::getInstance()->get(Tinebase_Config::AUTHENTICATIONSECONDFACTOR);
     if ($secondFactorConfig && $secondFactorConfig->active && $accessLog->clienttype === 'JSON-RPC') {
         $context = $this->getRequestContext();
         if (Tinebase_Auth::validateSecondFactor($user->accountLoginName, $context['otp'], $secondFactorConfig->toArray()) !== Tinebase_Auth::SUCCESS) {
             $authResult = new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, $user->accountLoginName, array('Second factor authentication failed.'));
             $accessLog->result = Tinebase_Auth::FAILURE;
             $this->_loginFailed($authResult, $accessLog);
             return false;
         }
     }
     return $user;
 }
Example #19
0
 /**
  * authenticate user by username and password
  *
  * @param  string $username the username
  * @param  string $password the password
  * @return array
  */
 public function authenticate($username, $password)
 {
     $authResult = Tinebase_Auth::getInstance()->authenticate($username, $password);
     if ($authResult->isValid()) {
         $response = array('status' => 'success', 'msg' => 'authentication succseed');
     } else {
         $response = array('status' => 'fail', 'msg' => 'authentication failed');
     }
     return $response;
 }
Example #20
0
 /**
  * test imap authentication
  */
 public function testImapAuth()
 {
     // use imap config for the auth config
     $imapConfig = Tinebase_Config::getInstance()->getConfigAsArray(Tinebase_Config::IMAP);
     if (empty($imapConfig)) {
         $this->markTestSkipped('No IMAP config found.');
     }
     $authConfig = array('host' => $imapConfig['host'], 'port' => $imapConfig['port'], 'ssl' => $imapConfig['ssl'], 'domain' => $imapConfig['domain']);
     Tinebase_Auth::setBackendType(Tinebase_Auth::IMAP);
     Tinebase_Auth::setBackendConfiguration($authConfig);
     Tinebase_Auth::saveBackendConfiguration();
     Tinebase_Auth::getInstance()->setBackend();
     $this->assertEquals(Tinebase_Auth::IMAP, Tinebase_Auth::getConfiguredBackend());
     $testConfig = Zend_Registry::get('testConfig');
     // valid authentication
     $authResult = Tinebase_Auth::getInstance()->authenticate($testConfig->username, $testConfig->password);
     $this->assertTrue($authResult->isValid());
     // invalid authentication
     $authResult = Tinebase_Auth::getInstance()->authenticate($testConfig->username, 'some pw');
     $this->assertFalse($authResult->isValid());
     $this->assertEquals(Tinebase_Auth::FAILURE_CREDENTIAL_INVALID, $authResult->getCode());
     if ($testConfig->email) {
         $this->assertEquals(array('Invalid credentials for user ' . $testConfig->email, ''), $authResult->getMessages());
     }
 }