public function githubLogin()
{
$access_token = Input::get('access_token');
$ch = curl_init('https://api.github.com/user');
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Authorization: token {$access_token}"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
curl_setopt($ch, CURLOPT_USERAGENT, 'SWAMP');
$response = curl_exec($ch);
$user = json_decode($response);
$account = LinkedAccount::where('user_external_id', '=', $user->id)->first();
if ($account) {
Session::set('github_access_token', $access_token);
$user = User::getIndex($account->user_uid);
if ($user) {
if ($user->isEnabled()) {
$res = Response::json(array('user_uid' => $user->user_uid));
Session::set('timestamp', time());
Session::set('user_uid', $user->user_uid);
return $res;
} else {
return Response::make('User has not been approved.', 401);
}
} else {
return Response::make('Incorrect username or password.', 401);
}
} else {
return Response::make('Account not found.', 401);
}
}
public function markAcceptance($policyCode, $userUid)
{
// get inputs
//
$policy = Policy::where('policy_code', '=', $policyCode)->first();
$user = User::getIndex($userUid);
$acceptFlag = Input::has('accept_flag');
// check inputs
//
if (!$user || !$policy || !$acceptFlag) {
return Response::make('Invalid input.', 404);
}
// check privileges
//
if (!$user->isAdmin() && $user->user_uid != Session::get('user_uid')) {
return Response::make('Insufficient privileges to mark policy acceptance.', 401);
}
// get or create new user policy
//
$userPolicy = UserPolicy::where('user_uid', '=', $userUid)->where('policy_code', '=', $policyCode)->first();
if (!$userPolicy) {
$userPolicy = new UserPolicy(array('user_policy_uid' => GUID::create(), 'user_uid' => $userUid, 'policy_code' => $policyCode));
}
$userPolicy->accept_flag = $acceptFlag;
$userPolicy->save();
return $userPolicy;
}
static function whitelisted()
{
// Detect API Request
//
if (Input::get('api_key') && Input::get('user_uid')) {
if (Config::get('app.api_key') == Input::get('api_key')) {
if (!User::getIndex(Input::get('user_uid'))) {
return false;
}
Session::set('user_uid', Input::get('user_uid'));
return true;
}
return false;
}
// Detect Whitelisted Route
//
foreach (Config::get('app.whitelist') as $pattern) {
if (is_array($pattern)) {
if (Request::is(key($pattern))) {
return in_array(self::method(), current($pattern));
}
} else {
if (Request::is($pattern)) {
return true;
}
}
}
return false;
}
/**
* accessor methods
*/
public function getUserAttribute()
{
$user = User::getIndex($this->user_uid);
if ($user) {
return array('first_name' => $user->first_name, 'last_name' => $user->last_name, 'preferred_name' => $user->preferred_name, 'email' => $user->email);
}
}
/**
* invitation sending / emailing method
*/
public function send($passwordResetNonce)
{
$this->user = User::getIndex($this->user_uid);
$data = array('user' => $this->user, 'password_reset' => $this, 'password_reset_url' => Config::get('app.cors_url') . '/#reset-password/' . $passwordResetNonce . '/' . $this->password_reset_id);
Mail::send(array('text' => 'emails.reset-password-plaintext'), $data, function ($message) {
$message->to($this->user->email, $this->user->getFullName());
$message->subject('SWAMP Password Reset');
});
}
/**
* accessor methods
*/
public function getUserAttribute()
{
$user = User::getIndex($this->user_uid);
// return a subset of user fields
//
if ($user) {
return array('first_name' => $user->first_name, 'last_name' => $user->last_name, 'email' => $user->email);
}
}
/**
* status changing methods
*/
public function accept()
{
$this->accept_date = new DateTime();
// create new project membership
//
$invitee = User::getByEmail($this->email);
$projectMembership = new ProjectMembership(array('membership_uid' => GUID::create(), 'project_uid' => $this->project_uid, 'user_uid' => $invitee->user_uid, 'admin_flag' => false));
$projectMembership->save();
}
/**
* invitation sending / emailing method
*/
public function send($verifyRoute, $changed = false)
{
$data = array('user' => User::getIndex($this->user_uid), 'verification_key' => $this->verification_key, 'verify_url' => Config::get('app.cors_url') . '/' . $verifyRoute);
$template = $changed ? 'emails.email-verification' : 'emails.user-verification';
$this->subject = $changed ? 'SWAMP Email Verification' : 'SWAMP User Verification';
$this->recipient = User::getIndex($this->user_uid);
Mail::send($template, $data, function ($message) {
$message->to($this->email, $this->recipient->getFullName());
$message->subject($this->subject);
});
}
public function getAll($userUid)
{
$user = User::getIndex($userUid);
if ($user) {
if ($user->isAdmin()) {
return Contact::all();
} else {
return Response::make('This user is not an administrator.', 500);
}
} else {
return Response::make('Administrator authorization is required.', 500);
}
}
public function getAll()
{
$user = User::getIndex(Session::get('user_uid'));
if ($user && $user->isAdmin()) {
$platformsQuery = Platform::orderBy('create_date', 'DESC');
// add filters
//
$platformsQuery = DateFilter::apply($platformsQuery);
$platformsQuery = LimitFilter::apply($platformsQuery);
return $platformsQuery->get();
}
return '';
}
/**
* methods
*/
public static function getIndex($userUid)
{
$user = User::getIndex($userUid);
// assign subset of user attributes
//
if ($user) {
$owner = new Owner();
$owner->user_uid = $user->user_uid;
$owner->first_name = $user->first_name;
$owner->last_name = $user->last_name;
$owner->preferred_name = $user->preferred_name;
$owner->email = $user->email;
return $owner;
}
}
public function setEnabledFlag($linkedAccountId)
{
$value = Input::get('enabled_flag');
$active_user = User::getIndex(Session::get('user_uid'));
$account = LinkedAccount::where('linked_account_id', '=', $linkedAccountId)->first();
$user = User::getIndex($account->user_uid);
if ($user->user_uid == $active_user->user_uid || $active_user->isAdmin()) {
$account->enabled_flag = $value ? 1 : 0;
$account->save();
$userEvent = new UserEvent(array('user_uid' => $user->user_uid, 'event_type' => 'linkedAccountToggled', 'value' => json_encode(array('linked_account_provider_code' => 'github', 'user_external_id' => $account->user_external_id, 'user_ip' => $_SERVER['REMOTE_ADDR'], 'enabled' => $account->enabled_flag))));
$userEvent->save();
return Response::make('The status of this linked account has been updated.');
} else {
return Response::make('Unable to update this linked account. Insufficient privileges.', 500);
}
}
private function checkPermissions($assessmentRun)
{
$tool = Tool::where('tool_uuid', '=', $assessmentRun->tool_uuid)->first();
if ($tool->policy_code) {
$user = User::getIndex(Session::get('user_uid'));
switch ($tool->policy_code) {
case 'parasoft-user-c-test-policy':
case 'parasoft-user-j-test-policy':
$permission = Permission::where('policy_code', '=', $tool->policy_code)->first();
$project = Project::where('project_uid', '=', $assessmentRun->project_uuid)->first();
$projectOwner = $project->owner;
if (!$permission || !$project || !$projectOwner) {
return Response::json(array('status' => 'error'), 404);
}
$userPermission = UserPermission::where('permission_code', '=', $permission->permission_code)->where('user_uid', '=', $projectOwner['user_uid'])->first();
$userPermissionProject = UserPermissionProject::where('user_permission_uid', '=', $userPermission->user_permission_uid)->where('project_uid', '=', $project->project_uid)->first();
// if the permission doesn't exist or isn't valid, return error
//
if (!$userPermission) {
return Response::json(array('status' => 'owner_no_permission', 'project_name' => $project->full_name, 'tool_name' => $tool->name), 404);
}
if ($userPermission->status !== 'granted') {
return Response::json(array('status' => 'owner_no_permission', 'project_name' => $project->full_name, 'tool_name' => $tool->name), 401);
}
// if the project hasn't been designated, return error
//
if (!$userPermissionProject) {
return Response::json(array('status' => 'no_project', 'project_name' => $project->full_name, 'tool_name' => $tool->name), 404);
}
$userPolicy = UserPolicy::where('policy_code', '=', $tool->policy_code)->where('user_uid', '=', $user->user_uid)->first();
// if the policy hasn't been accepted, return error
//
$policyResponse = Response::json(array('status' => 'no_policy', 'policy' => $tool->policy, 'policy_code' => $tool->policy_code, 'tool' => $tool), 404);
if ($userPolicy) {
if ($userPolicy->accept_flag != '1') {
return $policyResponse;
}
} else {
return $policyResponse;
}
break;
default:
break;
}
}
return true;
}
public function updateIndex($passwordResetId)
{
$pr = PasswordReset::where('password_reset_id', '=', $passwordResetId)->first();
$user = User::getIndex($pr->user_uid);
$password = Input::get('password');
$user->modifyPassword($password);
// destroy password reset if present
//
$pr->delete();
$cfg = array('url' => Config::get('app.cors_url') ?: '', 'user' => $user);
Mail::send('emails.password-changed', $cfg, function ($message) use($user) {
$message->to($user->email, $user->getFullName());
$message->subject('SWAMP Password Changed');
});
// return response
//
return Response::json(array('success' => true));
}
public function deleteIndex($membershipUid)
{
$projectMembership = ProjectMembership::where('membership_uid', '=', $membershipUid)->first();
// get user and project associated with this email
//
$user = User::getIndex($projectMembership->user_uid);
$project = Project::where('project_uid', '=', $projectMembership->project_uid)->first();
// send notification email
//
$data = array('user' => $user, 'project' => $project);
$this->user = $user;
Mail::send('emails.project-membership-deleted', $data, function ($message) {
$message->to($this->user->email, $this->user->getFullName());
$message->subject('SWAMP Project Membership Deleted');
});
$projectMembership->delete();
return $projectMembership;
}
public function sendEmail()
{
if (!Input::has('subject')) {
return Response::make('Missing subject field.', 500);
} elseif (!Input::has('body')) {
return Response::make('Missing body field.', 500);
} elseif (!Input::has('recipients')) {
return Response::make('Missing recipients field.', 500);
}
$this->subject = Input::get('subject');
$body = Input::get('body');
if ($this->subject == '' || $body == '') {
return Response::make('The email subject and body fields must not be empty.', 500);
}
$recipients = Input::get('recipients');
if (sizeof($recipients) < 1) {
return Response::make('The email must have at least one recipient.', 500);
}
$failures = new Collection();
foreach ($recipients as $email) {
$user = User::getByEmail($email);
if (!$user) {
return Response::make("Could not load user: {$email}", 500);
}
$data = array('user' => $user, 'body' => $body);
$this->secure = false;
if (strpos($body, 'END PGP SIGNATURE') != FALSE || strpos($body, 'END GPG SIGNATURE') != FALSE) {
$this->secure = true;
}
if ($user && filter_var($user->email, FILTER_VALIDATE_EMAIL) && trim($user->email) != '' && trim($user->getFullName()) != '') {
Mail::send(array('text' => 'emails.admin'), $data, function ($message) use($user) {
$message->to($user->email, $user->getFullName());
$message->subject($this->subject);
if ($this->secure) {
$message->from('*****@*****.**');
}
});
} else {
$failures->push(array('user' => $user->toArray(), 'email' => $email));
}
}
return $failures;
}
public function getProjects($userUid)
{
$user = User::getIndex($userUid);
$projects = null;
$results = new Collection();
if ($user != null) {
$projects = $user->getProjects();
foreach ($projects as $project) {
if (!$project->deactivation_date) {
$results->push($project);
}
}
}
return $results;
}
/**
* accessor methods
*/
public function getPackageOwnerAttribute()
{
// check to see if user is logged in
//
$user = User::getIndex(Session::get('user_uid'));
if ($user) {
// fetch owner information
//
$owner = Owner::getIndex($this->package_owner_uuid);
if ($owner) {
return $owner->toArray();
}
}
}
public function designateProject($userPermissionUid, $projectUid)
{
$up = UserPermission::where('user_permission_uid', '=', $userPermissionUid)->first();
$p = Project::where('project_uid', '=', $projectUid)->first();
$user = User::getIndex(Session::get('user_uid'));
if (!($up && $p && $user)) {
return Response::make('Unable to find permission information.', 404);
}
if (!$user->isAdmin() && $user->user_uid != $p->owner['user_uid']) {
return Response::make('User does not have permission to designate a project.', 401);
}
$upp = new UserPermissionProject(array('user_permission_project_uid' => GUID::create(), 'user_permission_uid' => $userPermissionUid, 'project_uid' => $projectUid));
$upp->save();
return $upp;
}
public function modifyPassword($password)
{
// check to see if there is an LDAP connection for this environment
//
$ldapConnectionConfig = Config::get('ldap.connections.' . App::environment());
if ($ldapConnectionConfig) {
// use LDAP
//
return LDAP::modifyPassword($this, $password);
} else {
// encrypt password
//
$this->password = User::getEncryptedPassword($password, '{SSHA}', $this->password);
// use SQL / Eloquent
//
$this->save();
return $this;
}
}
public function getUsers($projectUid)
{
$users = new Collection();
$projectMemberships = ProjectMembership::where('project_uid', '=', $projectUid)->get();
$project = Project::where('project_uid', '=', $projectUid)->first();
for ($i = 0; $i < sizeOf($projectMemberships); $i++) {
$projectMembership = $projectMemberships[$i];
$userUid = $projectMembership['user_uid'];
$user = User::getIndex($userUid);
if ($user) {
// set public fields
//
$user = array('first_name' => $user->first_name, 'last_name' => $user->last_name, 'email' => $user->email, 'affiliation' => $user->affiliation);
// set metadata
//
if ($project->project_owner_uid == $userUid) {
$user['owner'] = true;
}
}
$users[] = $user;
}
return $users;
}
public function getToolPermissionStatus($toolUuid)
{
$tool = Tool::where('tool_uuid', '=', $toolUuid)->first();
$package = Input::has('package_uuid') ? Package::where('package_uuid', '=', Input::get('package_uuid'))->first() : null;
$project = Input::has('project_uid') ? Project::where('project_uid', '=', Input::get('project_uid'))->first() : null;
$user = Input::has('user_uid') ? User::getIndex(Input::get('user_uid')) : User::getIndex(Session::get('user_uid'));
// Parasoft tool
//
if ($tool->isParasoftTool()) {
return $tool->getParasoftPermissionStatus($package, $project, $user);
}
return Response::json(array('success', true));
}
// check to see if user has priveleges to view tool
//
if (!$isPublic) {
if (!($user->isAdmin() || $tool->isOwnedBy($user))) {
return Response::make('Insufficient priveleges to access tool.', 403);
}
}
}
}
// check tool version routes
//
$toolVersionUuid = $route->getParameter('tool_version_uuid');
if ($toolVersionUuid) {
// get relevant attributes
//
$user = User::getIndex(Session::get('user_uid'));
$toolVersion = ToolVersion::where('tool_version_uuid', '=', $toolVersionUuid)->first();
$tool = Tool::where('tool_uuid', '=', $toolVersion->tool_uuid)->first();
$isPublic = $tool->tool_sharing_status == 'public' || $tool->tool_sharing_status == 'PUBLIC';
$authenticationRequired = $method != 'get' && !$isPublic;
// check to see if user is logged in
//
if ($authenticationRequired && !$user) {
return Response::make('Authentication required to access tool version.', 401);
} else {
// check to see if user has priveleges to view tool version
//
if (!$isPublic) {
if (!($user->isAdmin() || $toolVersion->getTool()->isOwnedBy($user))) {
return Response::make('Insufficient priveleges to access tool version.', 403);
}
public function getInviters()
{
$adminInvitations = AdminInvitation::all();
$users = new Collection();
for ($i = 0; $i < sizeOf($adminInvitations); $i++) {
$adminInvitation = $adminInvitations[$i];
$user = User::getIndex($adminInvitation['inviter_uid']);
}
return $users;
}
public function getAll()
{
$user = User::getIndex(Session::get('user_uid'));
if ($user && $user->isAdmin()) {
$executionRecordsQuery = ExecutionRecord::orderBy('create_date', 'DESC');
// add filters
//
$executionRecordsQuery = DateFilter::apply($executionRecordsQuery);
$executionRecordsQuery = TripletFilter2::apply($executionRecordsQuery, null);
$executionRecordsQuery = LimitFilter::apply($executionRecordsQuery);
// allow soft delete
//
$executionRecordsQuery = $executionRecordsQuery->whereNull('delete_date');
return $executionRecordsQuery->get();
}
}
public function getInvitee()
{
return User::getIndex($this->invitee_uid);
}
public static function getNumUserProjectEvents($userUid)
{
$num = 0;
// get optional project paramter
//
$projectUid = Input::get('project_uuid');
if ($projectUid != '') {
$project = Project::where('project_uid', '=', $projectUid)->first();
// get events for a specific project
//
$userProjectEventsQuery = $project->getUserEventsQuery();
// apply filters
//
$userProjectEventsQuery = EventDateFilter::apply($userProjectEventsQuery);
$userProjectEventsQuery = LimitFilter::apply($userProjectEventsQuery);
$num = $userProjectEventsQuery->count();
} else {
$userProjectEvents = new Collection();
// collect events of user's projects
//
$user = User::getIndex($userUid);
if ($user) {
$projects = $user->getProjects();
for ($i = 0; $i < sizeOf($projects); $i++) {
if ($projects[$i] != null) {
$userProjectEventsQuery = $projects[$i]->getUserEventsQuery();
// apply filters
//
$userProjectEventsQuery = EventDateFilter::apply($userProjectEventsQuery);
$userProjectEventsQuery = LimitFilter::apply($userProjectEventsQuery);
$num += $userProjectEventsQuery->count();
}
}
}
}
return $num;
}
public function githubLogin()
{
// Attempt to load the github account the user is currently logged in as.
//
if (!Session::has('github_access_token')) {
return Response::make('Unauthorized GitHub access.', 401);
}
$token = Session::get('github_access_token');
$ch = curl_init('https://api.github.com/user');
curl_setopt($ch, CURLOPT_HTTPHEADER, array("Authorization: token {$token}"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'GET');
curl_setopt($ch, CURLOPT_USERAGENT, 'SWAMP');
$response = curl_exec($ch);
$github_user = json_decode($response);
if (!property_exists($github_user, 'id')) {
return Response::make('Unable to authenticate with GitHub.', 401);
}
$account = LinkedAccount::where('user_external_id', '=', $github_user->id)->first();
if ($account) {
$user = User::getIndex($account->user_uid);
if ($user) {
if ($user->hasBeenVerified()) {
if ($user->isEnabled()) {
$userAccount = $user->getUserAccount();
$userAccount->penultimate_login_date = $userAccount->ultimate_login_date;
$userAccount->ultimate_login_date = gmdate('Y-m-d H:i:s');
$userAccount->save();
$userEvent = new UserEvent(array('user_uid' => $user->user_uid, 'event_type' => 'linkedAccountSignIn', 'value' => json_encode(array('linked_account_provider_code' => 'github', 'user_external_id' => $account->user_external_id, 'user_ip' => $_SERVER['REMOTE_ADDR']))));
$userEvent->save();
$res = Response::json(array('user_uid' => $user->user_uid, 'access_token' => $token));
Session::set('timestamp', time());
Session::set('user_uid', $user->user_uid);
return $res;
} else {
return Response::make('User has not been approved.', 401);
}
} else {
return Response::make('User email has not been verified.', 401);
}
} else {
return Response::make('Incorrect username or password.', 401);
}
} else {
return Response::make('Account not found.', 401);
}
}
public function getUser()
{
return User::getIndex($this->user_uid);
}
public function getInvitee($invitationKey)
{
$projectInvitation = ProjectInvitation::where('invitation_key', '=', $invitationKey)->get()->first();
$invitee = User::getByEmail($projectInvitation->email);
return $invitee;
}
