static function check_user_name($user_name) { if (identity::lookup_user_by_name($user_name)) { return true; } $user = ORM::factory("pending_user")->where("name", "=", $user_name)->find(); return $user->loaded(); }
public function index() { $username = Input::instance()->post("user"); $password = Input::instance()->post("password"); $user = identity::lookup_user_by_name($username); if (empty($user) || !identity::is_correct_password($user, $password)) { throw new Rest_Exception("Forbidden", 403); } $key = rest::get_access_token($user->id); rest::reply($key->access_key); }
static function gallery_ready() { $sso_username = Input::instance()->server("REMOTE_USER"); $user = Session::instance()->get("user"); if (empty($user) || $user->name != $sso_username) { try { identity::set_active_user(identity::lookup_user_by_name($sso_username)); } catch (Exception $e) { Kohana_Log::add("error", "Couldn't authenticate as {$sso_username}: " . $e->getMessage() . "\n" . $e->getTraceAsString()); } } }
public function index() { $username = Input::instance()->post("user"); $password = Input::instance()->post("password"); if (empty($username) || auth::too_many_failures($username)) { throw new Rest_Exception("Forbidden", 403); } $user = identity::lookup_user_by_name($username); if (empty($user) || !identity::is_correct_password($user, $password)) { module::event("user_login_failed", $username); throw new Rest_Exception("Forbidden", 403); } auth::login($user); rest::reply(rest::access_key()); }
static function user_auth_failed($user_name) { $log_failed_logins = module::get_var("user_info", "log_failed_logins"); if ($log_failed_logins == "Yes") { $user_info = ORM::factory("user_info"); if (identity::lookup_user_by_name($user_name)) { $user_info->user_id = identity::lookup_user_by_name($user_name)->id; } else { $user_info->user_id = ""; } $user_info->user_name = $user_name; $user_info->ip_address = $_SERVER['REMOTE_ADDR']; $user_info->time_stamp = time(); $user_info->action = "Failed Login"; $user_info->save(); } }
private function _authenticate() { $auth = new Sabre_HTTP_BasicAuth(); $auth->setRealm(item::root()->title); $authResult = $auth->getUserPass(); list($username, $password) = $authResult; if (!$username || !$password) { $auth->requireLogin(); return false; } $user = identity::lookup_user_by_name($username); if (empty($user) || !identity::is_correct_password($user, $password)) { $auth->requireLogin(); return false; } identity::set_active_user($user); return true; }
private function _auth($url) { $form = auth::get_login_form($url); $valid = $form->validate(); if ($valid) { $user = identity::lookup_user_by_name($form->login->inputs["name"]->value); if (empty($user) || !identity::is_correct_password($user, $form->login->password->value)) { log::warning("user", t("Failed login for %name", array("name" => $form->login->inputs["name"]->value))); $form->login->inputs["name"]->add_error("invalid_login", 1); $valid = false; } } if ($valid) { auth::login($user); } // Either way, regenerate the session id to avoid session trapping Session::instance()->regenerate(); return array($valid, $form); }
/** * Import a single user. */ static function import_user(&$queue) { $messages = array(); $g2_user_id = array_shift($queue); if (self::map($g2_user_id)) { return t("User with id: %id already imported, skipping", array("id" => $g2_user_id)); } if (g2(GalleryCoreApi::isAnonymousUser($g2_user_id))) { self::set_map($g2_user_id, identity::guest()->id, "group"); return t("Skipping anonymous user"); } $g2_admin_group_id = g2(GalleryCoreApi::getPluginParameter("module", "core", "id.adminGroup")); try { $g2_user = g2(GalleryCoreApi::loadEntitiesById($g2_user_id)); } catch (Exception $e) { throw new G2_Import_Exception(t("Failed to import Gallery 2 user with id: %id\n%exception", array("id" => $g2_user_id, "exception" => (string) $e)), $e); } $g2_groups = g2(GalleryCoreApi::fetchGroupsForUser($g2_user->getId())); $user = identity::lookup_user_by_name($g2_user->getUsername()); if ($user) { $messages[] = t("Loaded existing user: '******'.", array("name" => $user->name)); } else { $email = $g2_user->getEmail(); if (empty($email) || !valid::email($email)) { $email = "*****@*****.**"; } try { $user = identity::create_user($g2_user->getUserName(), $g2_user->getFullName(), $g2_user->getHashedPassword(), $email); } catch (Exception $e) { throw new G2_Import_Exception(t("Failed to create user: '******' (id: %id)", array("name" => $g2_user->getUserName(), "id" => $g2_user_id)), $e, $messages); } if (class_exists("User_Model") && $user instanceof User_Model) { // This will work if G2's password is a PasswordHash password as well. $user->hashed_password = $g2_user->getHashedPassword(); } $messages[] = t("Created user: '******'.", array("name" => $user->name)); if ($email == "*****@*****.**") { $messages[] = t("Fixed invalid email (was '%invalid_email')", array("invalid_email" => $g2_user->getEmail())); } } $user->locale = $g2_user->getLanguage(); foreach ($g2_groups as $g2_group_id => $g2_group_name) { if ($g2_group_id == $g2_admin_group_id) { $user->admin = true; $messages[] = t("Added 'admin' flag to user"); } else { $group = identity::lookup_group(self::map($g2_group_id)); $user->add($group); $messages[] = t("Added user to group '%group'.", array("group" => $group->name)); } } try { $user->save(); self::set_map($g2_user->getId(), $user->id, "user"); } catch (Exception $e) { throw new G2_Import_Exception(t("Failed to create user: '******'", array("name" => $user->name)), $e, $messages); } return $messages; }
public function moved_items_inherit_new_permissions_test() { identity::set_active_user(identity::lookup_user_by_name("admin")); $public_album = test::random_album(); $public_photo = test::random_photo($public_album); access::allow(identity::everybody(), "view", $public_album); access::allow(identity::everybody(), "edit", $public_album); item::root()->reload(); // Account for MPTT changes $private_album = test::random_album(); access::deny(identity::everybody(), "view", $private_album); access::deny(identity::everybody(), "edit", $private_album); $private_photo = test::random_photo($private_album); // Make sure that we now have a public photo and private photo. $this->assert_true(access::group_can(identity::everybody(), "view", $public_photo)); $this->assert_false(access::group_can(identity::everybody(), "view", $private_photo)); // Swap the photos item::move($public_photo, $private_album); $private_album->reload(); // Reload to get new MPTT pointers and cached perms. $public_album->reload(); $private_photo->reload(); $public_photo->reload(); item::move($private_photo, $public_album); $private_album->reload(); // Reload to get new MPTT pointers and cached perms. $public_album->reload(); $private_photo->reload(); $public_photo->reload(); // Make sure that the public_photo is now private, and the private_photo is now public. $this->assert_false(access::group_can(identity::everybody(), "view", $public_photo)); $this->assert_false(access::group_can(identity::everybody(), "edit", $public_photo)); $this->assert_true(access::group_can(identity::everybody(), "view", $private_photo)); $this->assert_true(access::group_can(identity::everybody(), "edit", $private_photo)); }
/** * Import a single user. */ static function import_user(&$queue) { $g2_user_id = array_shift($queue); if (self::map($g2_user_id)) { return t("User with id: %id already imported, skipping", array("id" => $g2_user_id)); } if (g2(GalleryCoreApi::isAnonymousUser($g2_user_id))) { self::set_map($g2_user_id, identity::guest()->id); return t("Skipping anonymous user"); } $g2_admin_group_id = g2(GalleryCoreApi::getPluginParameter("module", "core", "id.adminGroup")); try { $g2_user = g2(GalleryCoreApi::loadEntitiesById($g2_user_id)); } catch (Exception $e) { return t("Failed to import Gallery 2 user with id: %id\n%exception", array("id" => $g2_user_id, "exception" => $e->__toString())); } $g2_groups = g2(GalleryCoreApi::fetchGroupsForUser($g2_user->getId())); try { $user = identity::create_user($g2_user->getUsername(), $g2_user->getfullname(), ""); $message = t("Created user: '******'.", array("name" => $user->name)); } catch (Exception $e) { // @todo For now we assume this is a "duplicate user" exception $user = identity::lookup_user_by_name($g2_user->getUsername()); $message = t("Loaded existing user: '******'.", array("name" => $user->name)); } $user->hashed_password = $g2_user->getHashedPassword(); $user->email = $g2_user->getEmail(); $user->locale = $g2_user->getLanguage(); foreach ($g2_groups as $g2_group_id => $g2_group_name) { if ($g2_group_id == $g2_admin_group_id) { $user->admin = true; $message .= t("\n\tAdded 'admin' flag to user"); } else { $group = identity::lookup_group(self::map($g2_group_id)); $user->add($group); $message .= t("\n\tAdded user to group '%group'.", array("group" => $group->name)); } } $user->save(); self::set_map($g2_user->getId(), $user->id); return $message; }
public function first($hash) { $pending_user = ORM::factory("pending_user")->where("hash", "=", $hash)->where("state", "=", 2)->find(); if ($pending_user->loaded()) { // @todo add a request date to the pending user table and check that it hasn't expired $user = identity::lookup_user_by_name($pending_user->name); if (!empty($user)) { auth::login($user); Session::instance()->set("registration_first_usage", true); $pending_user->delete(); } url::redirect(item::root()->abs_url()); } else { message::warning(t("Your account is ready to use so please login.")); } url::redirect(item::root()->abs_url()); }
public function __construct($name, $pass) { $user = identity::lookup_user_by_name($name); $this->result = identity::is_correct_password($user, $pass); }
public function moved_items_inherit_new_permissions_test() { identity::set_active_user(identity::lookup_user_by_name("admin")); $root = ORM::factory("item", 1); $public_album = album::create($root, rand(), "public album"); $public_photo = photo::create($public_album, MODPATH . "gallery/images/gallery.png", "", ""); access::allow(identity::everybody(), "view", $public_album); $root->reload(); // Account for MPTT changes $private_album = album::create($root, rand(), "private album"); access::deny(identity::everybody(), "view", $private_album); $private_photo = photo::create($private_album, MODPATH . "gallery/images/gallery.png", "", ""); // Make sure that we now have a public photo and private photo. $this->assert_true(access::group_can(identity::everybody(), "view", $public_photo)); $this->assert_false(access::group_can(identity::everybody(), "view", $private_photo)); // Swap the photos item::move($public_photo, $private_album); $private_album->reload(); // Reload to get new MPTT pointers and cached perms. $public_album->reload(); $private_photo->reload(); $public_photo->reload(); item::move($private_photo, $public_album); $private_album->reload(); // Reload to get new MPTT pointers and cached perms. $public_album->reload(); $private_photo->reload(); $public_photo->reload(); // Make sure that the public_photo is now private, and the private_photo is now public. $this->assert_false(access::group_can(identity::everybody(), "view", $public_photo)); $this->assert_true(access::group_can(identity::everybody(), "view", $private_photo)); }
/** * authenticate the user * * @param string $url * @return boolean */ private function _auth($url) { $form = auth::get_login_form($url); $validform = $form->validate(); $valid = false; if ($validform) { // retrieve the values from the form $name = $form->login->inputs["name"]->value; $pass = $form->login->password->value; // do we have a user? $user = identity::lookup_user_by_name($name); $validuser = empty($user) ? false : true; // is the user authentic? $checkpass = $this->_checkpass($name, $pass); /* * we are concerned with these three possibilities: * 1. there is no valid user or no valid password * 2. there is no valid user but a valid password * 3. there is a valid user and a valid password */ // 1. there is no valid user or no valid password: error if (!$validuser || !$checkpass) { $form->login->inputs["name"]->add_error("invalid_login", 1); $name = $form->login->inputs["name"]->value; log::warning("user", t("Failed login for %name", array("name" => $name))); module::event("user_auth_failed", $name); } // 2. there is no valid user but a valid password: create account if allowed if (!$validuser && $checkpass && $this->create_account) { $account = $this->pam_auth->getAccount(); if ($account) { $password = md5(uniqid(mt_rand(), true)); $new_user = identity::create_user($account->name, $account->full_name, $password, $account->email); $new_user->url = ''; $new_user->admin = false; $new_user->guest = false; $new_user->save(); $user = identity::lookup_user_by_name($account->name); $validuser = empty($user) ? false : true; } } // 3. there is a valid user and a valid password: load user account if ($validuser && $checkpass) { auth::login($user); $valid = true; } } // regenerate the session id to avoid session trapping Session::instance()->regenerate(); return array($valid, $form); }