private static function set_csrf_token_if_not_set()
{
if (!isset($_SESSION['csrf_token'])) {
$_SESSION['csrf_token'] = NeechySecurity::random_hex(40);
}
return $_SESSION['csrf_token'];
}
public function testShouldSetSecureUserPassword()
{
$user = User::find_by_name('NeechyUser');
$password = '******';
$user->set_password($password);
$this->assertTrue(NeechySecurity::verify_password($password, $user->field('password')));
}
public function testHashPassword()
{
$password = '******';
$stored_hash = NeechySecurity::hash_password($password);
$verified = NeechySecurity::verify_password($password, $stored_hash);
$this->assertTrue($verified);
$unverified = NeechySecurity::verify_password("don't remember", $stored_hash);
$this->assertFalse($unverified);
}
public function authenticate_user_password()
{
$key = 'authenticate';
$message = 'Password is incorrect. Please try again.';
if (!NeechySecurity::verify_password($this->value, $this->user->field('password'))) {
$this->add_error('authenticate', $message);
return false;
} else {
return true;
}
}
public function serve()
{
try {
NeechySecurity::start_session();
NeechySecurity::prevent_csrf();
$this->request = NeechyRequest::load();
$this->validate_environment();
$handler = $this->load_handler();
$response = $handler->handle();
} catch (NeechyError $e) {
$handler = new ErrorHandler($this->request);
$response = $handler->handle_error($e);
}
$response->send_headers();
$response->render();
}
private function authenticate_user_password()
{
$form_key = 'login-pass';
$value = $this->request->post($form_key, '');
# Rules
if ($this->string_is_empty($value)) {
$message = 'Enter your password';
$this->add_error($form_key, $message);
throw new LoginException($message);
}
if (NeechySecurity::verify_password($value, $this->user->field('password'))) {
return TRUE;
} else {
$this->add_error($form_key, self::FAILURE_MESSAGE);
throw new LoginException(self::FAILURE_MESSAGE);
}
}
public static function create_on_install()
{
# Create System user
$system_user_name = NEECHY_USER;
$system_user_email = '*****@*****.**';
$system_user = new User(array('name' => $system_user_name, 'email' => $system_user_email, 'status' => self::$STATUS_LEVELS['NEW']));
$system_user->set_password(NeechySecurity::random_hex());
$system_user->save();
# Create Owner (user currently logged in)
$app_engine_user = AppAuthService::user();
if ($app_engine_user) {
$owner_name = $app_engine_user->getNickname();
$owner_email = $app_engine_user->getEmail();
$owner = new User(array('name' => $owner_name, 'email' => $owner_email, 'status' => self::$STATUS_LEVELS['NEW']));
$owner->set_password(NeechySecurity::random_hex());
$owner->save();
} else {
$owner = null;
}
return array($system_user, $owner);
}
protected function create_admin_user()
{
$this->print_header('Create Admin User');
$name_is_valid = false;
$email_is_valid = false;
# Choose name (5 tries)
$strikes = 5;
while (!$name_is_valid) {
$validator = new SignUpValidator();
$name = $this->prompt_user('Please enter your new user name');
if (!$validator->validate_signup_user($name, 'name')) {
$m = sprintf('invalid user name: %s', implode(', ', $validator->errors['name']));
$this->println($m);
$strikes--;
} else {
$name_is_valid = true;
}
if ($strikes < 1) {
$m = 'User name cannot be validated. Install failed. Please start over.';
throw new NeechyInstallError($m);
}
}
# Input email
$strikes = 5;
while (!$email_is_valid) {
$validator = new SignUpValidator();
$email = $this->prompt_user('Please enter your email');
if (!$validator->validate_signup_email($email, 'email')) {
$m = sprintf('invalid email address: %s', implode(', ', $validator->errors['email']));
$this->println($m);
$strikes--;
} else {
$email_is_valid = true;
}
if ($strikes < 1) {
$m = 'Email cannot be validated. Install failed. Please start over.';
throw new NeechyInstallError($m);
}
}
# Register user and create page
$password = NeechySecurity::random_hex();
$this->register_admin_user($name, $email, $password);
# Feedback
$format = <<<STDOUT
An admin has been created with your user name: %s
Your random password is: %s
Please login now and change your password.
STDOUT;
$this->println(sprintf($format, $name, $password));
}
private function reset_user_password($user, $password = null)
{
$password = !empty($password) ? $password : NeechySecurity::random_hex();
$user->set_password($password);
$user->save();
return $password;
}
public function set_password($password)
{
$this->set('password', NeechySecurity::hash_password($password));
}
