/**
* Get a session using user email and password
*
* @param string $puserId
* @param string $loginEmail
* @param string $password
* @param int $partnerId
* @param int $expiry
* @param string $privileges
*
* @return string KS
*
* @throws KalturaErrors::USER_NOT_FOUND
* @thrown KalturaErrors::LOGIN_RETRIES_EXCEEDED
* @thrown KalturaErrors::LOGIN_BLOCKED
* @thrown KalturaErrors::PASSWORD_EXPIRED
* @thrown KalturaErrors::INVALID_PARTNER_ID
* @thrown KalturaErrors::INTERNAL_SERVERL_ERROR
* @throws KalturaErrors::USER_IS_BLOCKED
*/
protected function loginImpl($puserId, $loginEmail, $password, $partnerId = null, $expiry = 86400, $privileges = '*')
{
KalturaResponseCacher::disableCache();
myPartnerUtils::resetPartnerFilter('kuser');
kuserPeer::setUseCriteriaFilter(true);
// if a KS of a specific partner is used, don't allow logging in to a different partner
if ($this->getPartnerId() && $partnerId && $this->getPartnerId() != $partnerId) {
throw new KalturaAPIException(KalturaErrors::INVALID_PARTNER_ID, $partnerId);
}
if ($loginEmail && !$partnerId) {
$this->validateApiAccessControlByEmail($loginEmail);
}
try {
if ($loginEmail) {
$user = UserLoginDataPeer::userLoginByEmail($loginEmail, $password, $partnerId);
} else {
$user = kuserPeer::userLogin($puserId, $password, $partnerId);
}
} catch (kUserException $e) {
$code = $e->getCode();
if ($code == kUserException::LOGIN_DATA_NOT_FOUND) {
throw new KalturaAPIException(KalturaErrors::USER_NOT_FOUND);
}
if ($code == kUserException::USER_NOT_FOUND) {
throw new KalturaAPIException(KalturaErrors::USER_NOT_FOUND);
} else {
if ($code == kUserException::LOGIN_RETRIES_EXCEEDED) {
throw new KalturaAPIException(KalturaErrors::LOGIN_RETRIES_EXCEEDED);
} else {
if ($code == kUserException::LOGIN_BLOCKED) {
throw new KalturaAPIException(KalturaErrors::LOGIN_BLOCKED);
} else {
if ($code == kUserException::PASSWORD_EXPIRED) {
throw new KalturaAPIException(KalturaErrors::PASSWORD_EXPIRED);
} else {
if ($code == kUserException::WRONG_PASSWORD) {
throw new KalturaAPIException(KalturaErrors::USER_WRONG_PASSWORD);
} else {
if ($code == kUserException::USER_IS_BLOCKED) {
throw new KalturaAPIException(KalturaErrors::USER_IS_BLOCKED);
}
}
}
}
}
}
throw new $e();
}
if (!$user) {
throw new KalturaAPIException(KalturaErrors::LOGIN_DATA_NOT_FOUND);
}
if ($partnerId && $user->getPartnerId() != $partnerId || $this->getPartnerId() && !$partnerId && $user->getPartnerId() != $this->getPartnerId()) {
throw new KalturaAPIException(KalturaErrors::INVALID_PARTNER_ID, $partnerId);
}
$partner = PartnerPeer::retrieveByPK($user->getPartnerId());
if (!$partner || $partner->getStatus() == Partner::PARTNER_STATUS_FULL_BLOCK) {
throw new KalturaAPIException(KalturaErrors::INVALID_PARTNER_ID, $user->getPartnerId());
}
$ks = null;
$admin = $user->getIsAdmin() ? KalturaSessionType::ADMIN : KalturaSessionType::USER;
// create a ks for this admin_kuser as if entered the admin_secret using the API
kSessionUtils::createKSessionNoValidations($partner->getId(), $user->getPuserId(), $ks, $expiry, $admin, "", $privileges);
return $ks;
}
/**
* Retrieve partner secret and admin secret
*
* @action getSecrets
* @param int $partnerId
* @param string $adminEmail
* @param string $cmsPassword
* @return KalturaPartner
*
*
* @throws APIErrors::ADMIN_KUSER_NOT_FOUND
*/
public function getSecretsAction($partnerId, $adminEmail, $cmsPassword)
{
KalturaResponseCacher::disableCache();
$adminKuser = null;
try {
$adminKuser = UserLoginDataPeer::userLoginByEmail($adminEmail, $cmsPassword, $partnerId);
} catch (kUserException $e) {
throw new KalturaAPIException(APIErrors::ADMIN_KUSER_NOT_FOUND, "The data you entered is invalid");
}
if (!$adminKuser || !$adminKuser->getIsAdmin()) {
throw new KalturaAPIException(APIErrors::ADMIN_KUSER_NOT_FOUND, "The data you entered is invalid");
}
KalturaLog::log("Admin Kuser found, going to validate password", KalturaLog::INFO);
// user logged in - need to re-init kPermissionManager in order to determine current user's permissions
$ks = null;
kSessionUtils::createKSessionNoValidations($partnerId, $adminKuser->getPuserId(), $ks, 86400, $adminKuser->getIsAdmin(), "", '*');
kCurrentContext::initKsPartnerUser($ks);
kPermissionManager::init();
$dbPartner = PartnerPeer::retrieveByPK($partnerId);
$partner = new KalturaPartner();
$partner->fromPartner($dbPartner);
$partner->cmsPassword = $cmsPassword;
return $partner;
}
public function executeImpl($partner_id, $subp_id, $puser_id, $partner_prefix, $puser_kuser)
{
defPartnerservices2baseAction::disableCache();
kuserPeer::setUseCriteriaFilter(false);
$email = trim($this->getPM("email"));
$password = trim($this->getPM("password"));
$loginData = UserLoginDataPeer::getByEmail($email);
// be sure to return the same error if there are no admins in the list and when there are none matched -
// so no hint about existing admin will leak
if (!$loginData) {
$this->addError(APIErrors::ADMIN_KUSER_NOT_FOUND);
return;
}
try {
$adminKuser = UserLoginDataPeer::userLoginByEmail($email, $password, $partner_id);
} catch (kUserException $e) {
$code = $e->getCode();
if ($code == kUserException::USER_NOT_FOUND) {
$this->addError(APIErrors::ADMIN_KUSER_NOT_FOUND);
return null;
}
if ($code == kUserException::LOGIN_DATA_NOT_FOUND) {
$this->addError(APIErrors::ADMIN_KUSER_NOT_FOUND);
return null;
} else {
if ($code == kUserException::LOGIN_RETRIES_EXCEEDED) {
$this->addError(APIErrors::LOGIN_RETRIES_EXCEEDED);
return null;
} else {
if ($code == kUserException::LOGIN_BLOCKED) {
$this->addError(APIErrors::LOGIN_BLOCKED);
return null;
} else {
if ($code == kUserException::PASSWORD_EXPIRED) {
$this->addError(APIErrors::PASSWORD_EXPIRED);
return null;
} else {
if ($code == kUserException::WRONG_PASSWORD) {
$this->addError(APIErrors::USER_WRONG_PASSWORD);
return null;
} else {
if ($code == kUserException::USER_IS_BLOCKED) {
$this->addError(APIErrors::USER_IS_BLOCKED);
return null;
} else {
$this->addError(APIErrors::INTERNAL_SERVERL_ERROR);
return null;
}
}
}
}
}
}
}
if (!$adminKuser || !$adminKuser->getIsAdmin()) {
$this->addError(APIErrors::ADMIN_KUSER_NOT_FOUND);
return null;
}
if ($partner_id && $partner_id != $adminKuser->getPartnerId()) {
$this->addError(APIErrors::UNKNOWN_PARTNER_ID);
return;
}
$partner = PartnerPeer::retrieveByPK($adminKuser->getPartnerId());
if (!$partner) {
$this->addError(APIErrors::UNKNOWN_PARTNER_ID);
return;
}
$partner_id = $partner->getId();
$subp_id = $partner->getSubpId();
$admin_puser_id = $adminKuser->getPuserId();
// get the puser_kuser for this admin if exists, if not - creae it and return it - create a kuser too
$puser_kuser = PuserKuserPeer::createPuserKuser($partner_id, $subp_id, $admin_puser_id, $adminKuser->getScreenName(), $adminKuser->getScreenName(), true);
$uid = $puser_kuser->getPuserId();
$ks = null;
// create a ks for this admin_kuser as if entered the admin_secret using the API
// ALLOW A KS FOR 30 DAYS
kSessionUtils::createKSessionNoValidations($partner_id, $uid, $ks, 30 * 86400, 2, "", "*");
$this->addMsg("partner_id", $partner_id);
$this->addMsg("subp_id", $subp_id);
$this->addMsg("uid", $uid);
$this->addMsg("ks", $ks);
$this->addMsg("screenName", $adminKuser->getFullName());
$this->addMsg("fullName", $adminKuser->getFullName());
$this->addMsg("email", $adminKuser->getEmail());
}
