/** * Get a session using user email and password * * @param string $puserId * @param string $loginEmail * @param string $password * @param int $partnerId * @param int $expiry * @param string $privileges * * @return string KS * * @throws KalturaErrors::USER_NOT_FOUND * @thrown KalturaErrors::LOGIN_RETRIES_EXCEEDED * @thrown KalturaErrors::LOGIN_BLOCKED * @thrown KalturaErrors::PASSWORD_EXPIRED * @thrown KalturaErrors::INVALID_PARTNER_ID * @thrown KalturaErrors::INTERNAL_SERVERL_ERROR * @throws KalturaErrors::USER_IS_BLOCKED */ protected function loginImpl($puserId, $loginEmail, $password, $partnerId = null, $expiry = 86400, $privileges = '*') { KalturaResponseCacher::disableCache(); myPartnerUtils::resetPartnerFilter('kuser'); kuserPeer::setUseCriteriaFilter(true); // if a KS of a specific partner is used, don't allow logging in to a different partner if ($this->getPartnerId() && $partnerId && $this->getPartnerId() != $partnerId) { throw new KalturaAPIException(KalturaErrors::INVALID_PARTNER_ID, $partnerId); } if ($loginEmail && !$partnerId) { $this->validateApiAccessControlByEmail($loginEmail); } try { if ($loginEmail) { $user = UserLoginDataPeer::userLoginByEmail($loginEmail, $password, $partnerId); } else { $user = kuserPeer::userLogin($puserId, $password, $partnerId); } } catch (kUserException $e) { $code = $e->getCode(); if ($code == kUserException::LOGIN_DATA_NOT_FOUND) { throw new KalturaAPIException(KalturaErrors::USER_NOT_FOUND); } if ($code == kUserException::USER_NOT_FOUND) { throw new KalturaAPIException(KalturaErrors::USER_NOT_FOUND); } else { if ($code == kUserException::LOGIN_RETRIES_EXCEEDED) { throw new KalturaAPIException(KalturaErrors::LOGIN_RETRIES_EXCEEDED); } else { if ($code == kUserException::LOGIN_BLOCKED) { throw new KalturaAPIException(KalturaErrors::LOGIN_BLOCKED); } else { if ($code == kUserException::PASSWORD_EXPIRED) { throw new KalturaAPIException(KalturaErrors::PASSWORD_EXPIRED); } else { if ($code == kUserException::WRONG_PASSWORD) { throw new KalturaAPIException(KalturaErrors::USER_WRONG_PASSWORD); } else { if ($code == kUserException::USER_IS_BLOCKED) { throw new KalturaAPIException(KalturaErrors::USER_IS_BLOCKED); } } } } } } throw new $e(); } if (!$user) { throw new KalturaAPIException(KalturaErrors::LOGIN_DATA_NOT_FOUND); } if ($partnerId && $user->getPartnerId() != $partnerId || $this->getPartnerId() && !$partnerId && $user->getPartnerId() != $this->getPartnerId()) { throw new KalturaAPIException(KalturaErrors::INVALID_PARTNER_ID, $partnerId); } $partner = PartnerPeer::retrieveByPK($user->getPartnerId()); if (!$partner || $partner->getStatus() == Partner::PARTNER_STATUS_FULL_BLOCK) { throw new KalturaAPIException(KalturaErrors::INVALID_PARTNER_ID, $user->getPartnerId()); } $ks = null; $admin = $user->getIsAdmin() ? KalturaSessionType::ADMIN : KalturaSessionType::USER; // create a ks for this admin_kuser as if entered the admin_secret using the API kSessionUtils::createKSessionNoValidations($partner->getId(), $user->getPuserId(), $ks, $expiry, $admin, "", $privileges); return $ks; }
/** * Retrieve partner secret and admin secret * * @action getSecrets * @param int $partnerId * @param string $adminEmail * @param string $cmsPassword * @return KalturaPartner * * * @throws APIErrors::ADMIN_KUSER_NOT_FOUND */ public function getSecretsAction($partnerId, $adminEmail, $cmsPassword) { KalturaResponseCacher::disableCache(); $adminKuser = null; try { $adminKuser = UserLoginDataPeer::userLoginByEmail($adminEmail, $cmsPassword, $partnerId); } catch (kUserException $e) { throw new KalturaAPIException(APIErrors::ADMIN_KUSER_NOT_FOUND, "The data you entered is invalid"); } if (!$adminKuser || !$adminKuser->getIsAdmin()) { throw new KalturaAPIException(APIErrors::ADMIN_KUSER_NOT_FOUND, "The data you entered is invalid"); } KalturaLog::log("Admin Kuser found, going to validate password", KalturaLog::INFO); // user logged in - need to re-init kPermissionManager in order to determine current user's permissions $ks = null; kSessionUtils::createKSessionNoValidations($partnerId, $adminKuser->getPuserId(), $ks, 86400, $adminKuser->getIsAdmin(), "", '*'); kCurrentContext::initKsPartnerUser($ks); kPermissionManager::init(); $dbPartner = PartnerPeer::retrieveByPK($partnerId); $partner = new KalturaPartner(); $partner->fromPartner($dbPartner); $partner->cmsPassword = $cmsPassword; return $partner; }
public function executeImpl($partner_id, $subp_id, $puser_id, $partner_prefix, $puser_kuser) { defPartnerservices2baseAction::disableCache(); kuserPeer::setUseCriteriaFilter(false); $email = trim($this->getPM("email")); $password = trim($this->getPM("password")); $loginData = UserLoginDataPeer::getByEmail($email); // be sure to return the same error if there are no admins in the list and when there are none matched - // so no hint about existing admin will leak if (!$loginData) { $this->addError(APIErrors::ADMIN_KUSER_NOT_FOUND); return; } try { $adminKuser = UserLoginDataPeer::userLoginByEmail($email, $password, $partner_id); } catch (kUserException $e) { $code = $e->getCode(); if ($code == kUserException::USER_NOT_FOUND) { $this->addError(APIErrors::ADMIN_KUSER_NOT_FOUND); return null; } if ($code == kUserException::LOGIN_DATA_NOT_FOUND) { $this->addError(APIErrors::ADMIN_KUSER_NOT_FOUND); return null; } else { if ($code == kUserException::LOGIN_RETRIES_EXCEEDED) { $this->addError(APIErrors::LOGIN_RETRIES_EXCEEDED); return null; } else { if ($code == kUserException::LOGIN_BLOCKED) { $this->addError(APIErrors::LOGIN_BLOCKED); return null; } else { if ($code == kUserException::PASSWORD_EXPIRED) { $this->addError(APIErrors::PASSWORD_EXPIRED); return null; } else { if ($code == kUserException::WRONG_PASSWORD) { $this->addError(APIErrors::USER_WRONG_PASSWORD); return null; } else { if ($code == kUserException::USER_IS_BLOCKED) { $this->addError(APIErrors::USER_IS_BLOCKED); return null; } else { $this->addError(APIErrors::INTERNAL_SERVERL_ERROR); return null; } } } } } } } if (!$adminKuser || !$adminKuser->getIsAdmin()) { $this->addError(APIErrors::ADMIN_KUSER_NOT_FOUND); return null; } if ($partner_id && $partner_id != $adminKuser->getPartnerId()) { $this->addError(APIErrors::UNKNOWN_PARTNER_ID); return; } $partner = PartnerPeer::retrieveByPK($adminKuser->getPartnerId()); if (!$partner) { $this->addError(APIErrors::UNKNOWN_PARTNER_ID); return; } $partner_id = $partner->getId(); $subp_id = $partner->getSubpId(); $admin_puser_id = $adminKuser->getPuserId(); // get the puser_kuser for this admin if exists, if not - creae it and return it - create a kuser too $puser_kuser = PuserKuserPeer::createPuserKuser($partner_id, $subp_id, $admin_puser_id, $adminKuser->getScreenName(), $adminKuser->getScreenName(), true); $uid = $puser_kuser->getPuserId(); $ks = null; // create a ks for this admin_kuser as if entered the admin_secret using the API // ALLOW A KS FOR 30 DAYS kSessionUtils::createKSessionNoValidations($partner_id, $uid, $ks, 30 * 86400, 2, "", "*"); $this->addMsg("partner_id", $partner_id); $this->addMsg("subp_id", $subp_id); $this->addMsg("uid", $uid); $this->addMsg("ks", $ks); $this->addMsg("screenName", $adminKuser->getFullName()); $this->addMsg("fullName", $adminKuser->getFullName()); $this->addMsg("email", $adminKuser->getEmail()); }