/**
* Logs a user in for impersonation.
*
* This method doesn’t have any sort of credential verification, and just requires the ID of the user to
* impersonate, so use it at your own peril.
*
* The new user session will only last as long as the browser session remains active; no identity cookie will be
* created.
*
* @param int $userId The user’s ID.
*
* @throws Exception
* @return bool Whether the user is now being impersonated.
*/
public function impersonate($userId)
{
$userModel = craft()->users->getUserById($userId);
if (!$userModel) {
throw new Exception(Craft::t('Could not find a user with Id of {userId}.', array('{userId}' => $userId)));
}
$this->_identity = new UserIdentity($userModel->username, null);
$this->_identity->logUserIn($userModel);
$id = $this->_identity->getId();
$states = $this->_identity->getPersistentStates();
// Run any before login logic.
if ($this->beforeLogin($id, $states, false)) {
// Fire an 'onBeforeLogin' event
$this->onBeforeLogin(new Event($this, array('username' => $userModel->username)));
$this->changeIdentity($id, $this->_identity->getName(), $states);
// Fire an 'onLogin' event
$this->onLogin(new Event($this, array('username' => $userModel->username)));
$this->_sessionRestoredFromCookie = false;
$this->_userRow = null;
$this->_userModel = null;
$this->setReturnUrl(null);
// Run any after login logic.
$this->afterLogin(false);
return !$this->getIsGuest();
}
Craft::log($userModel->username . ' tried to log in unsuccessfully.', LogLevel::Warning);
return false;
}
public function testRemoteIdentity()
{
$identity = new UserIdentity('neo', 'Test1233');
$this->assertFalse($identity->addRemoteIdentity('facebook', 'one'));
$this->assertTrue($identity->authenticate());
$this->assertTrue($identity->addRemoteIdentity('facebook', 'one'));
$identity2 = UserIdentity::findByProvider('facebook', 'one');
$this->assertEquals($identity->getId(), $identity2->getId());
}
public function becomeUser($username)
{
Yii::import('application.modules_core.user.components.*');
$newIdentity = new UserIdentity($username, '');
$newIdentity->fakeAuthenticate();
Yii::app()->user->setId($newIdentity->getId());
Yii::app()->user->setName($newIdentity->getName());
Yii::app()->user->reload();
}
public function actionLogin()
{
$username = $_POST['username'];
$password = $_POST['password'];
$identity = new UserIdentity($username, $password);
if (!$identity->authenticate()) {
Helper::renderJSONErorr("Wrong username or password");
}
$token = new Token();
$token->user = $identity->getId();
$token->token = Yii::app()->getSecurityManager()->generateRandomString(64);
if ($token->save()) {
Helper::renderJSON(["access_token" => $token->token, "token_type" => "bearer"]);
}
Helper::renderJSONErorr("Internal error");
}
/**
* Authenticates the password.
* This is the 'authenticate' validator as declared in rules().
*/
public function authenticate($attribute, $params)
{
if (!$this->hasErrors()) {
$identity = new UserIdentity($this->username, $this->password);
if (0 == $this->isapi) {
$identity->authenticate();
} else {
$identity->apiAuthenticate();
}
switch ($identity->errorCode) {
case UserIdentity::ERROR_NONE:
$accessableProducts = TestUserService::getAccessableProduct($identity->getId());
if (empty($accessableProducts)) {
$this->addError('username', Yii::t('LoginForm', 'no accessable product'));
} else {
$duration = 0;
if ($this->rememberMe) {
// keep login state duration
$duration = LoginForm::DURATION;
}
Yii::app()->user->login($identity, $duration);
UserLogService::createUserLog(array('created_by' => Yii::app()->user->id, 'created_at' => date(CommonService::DATE_FORMAT), 'ip' => $_SERVER['REMOTE_ADDR']));
LoginService::setLanguageCookie($this->language);
}
break;
case UserIdentity::ERROR_USERNAME_INVALID:
$this->addError('username', Yii::t('LoginForm', 'username is incorrect'));
break;
case UserIdentity::ERROR_CONNECT:
$this->addError('username', Yii::t('LoginForm', 'ldap connect failed'));
break;
case UserIdentity::ERROR_USER_DISABLED:
$this->addError('username', Yii::t('LoginForm', 'user disabled'));
break;
case UserIdentity::ERROR_LDAP_MISS:
$this->addError('username', Yii::t('LoginForm', 'ldap module disabled'));
break;
case UserIdentity::ERROR_USER_NOT_FOUND:
$this->addError('username', Yii::t('LoginForm', 'user not found') . ' <a href="' . Yii::app()->createUrl('site/permission') . '">' . Yii::t('LoginForm', 'permission tips') . '</a>');
break;
default:
// UserIdentity::ERROR_PASSWORD_INVALID {
$this->addError('password', Yii::t('LoginForm', 'password is incorrect'));
break;
}
}
}
/**
* Logs a user in for solely by their user ID.
*
* This method doesn’t have any sort of credential verification, so use it at your own peril.
*
* @param int $userId The user ID of the person to log in.
* @param bool $rememberMe Whether the user should be remembered.
* @param bool $setUsernameCookie Whether to set the username cookie or not.
*
* @return bool
* @throws Exception
*/
public function loginByUserId($userId, $rememberMe = false, $setUsernameCookie = false)
{
$userModel = craft()->users->getUserById($userId);
if (!$userModel) {
throw new Exception(Craft::t('Could not find a user with Id of {userId}.', array('{userId}' => $userId)));
}
// Require a userAgent string and an IP address to help prevent direct socket connections from trying to login.
if (!craft()->request->userAgent || !$_SERVER['REMOTE_ADDR']) {
Craft::log('Someone tried to login with userId: ' . $userId . ', without presenting an IP address or userAgent string.', LogLevel::Warning);
$this->logout(true);
$this->requireLogin();
}
$this->_identity = new UserIdentity($userModel->username, null);
$this->_identity->logUserIn($userModel);
if ($setUsernameCookie) {
$this->processUsernameCookie($userModel->username);
}
// Get how long this session is supposed to last.
$this->authTimeout = craft()->config->getUserSessionDuration($rememberMe);
$id = $this->_identity->getId();
$states = $this->_identity->getPersistentStates();
// Fire an 'onBeforeLogin' event
$event = new Event($this, array('username' => $userModel->username));
$this->onBeforeLogin($event);
// Is the event is giving us the go-ahead?
if ($event->performAction) {
// Run any before login logic.
if ($this->beforeLogin($id, $states, false)) {
$this->changeIdentity($id, $this->_identity->getName(), $states);
$user = craft()->users->getUserById($id);
if ($user) {
if ($this->authTimeout) {
if ($this->allowAutoLogin) {
// Save the necessary info to the identity cookie.
$sessionToken = craft()->security->generateRandomString(32);
$hashedToken = craft()->security->hashData(base64_encode(serialize($sessionToken)));
$uid = $this->storeSessionToken($user, $hashedToken);
$data = array($this->getName(), $sessionToken, $uid, $rememberMe ? 1 : 0, craft()->request->getUserAgent(), $this->saveIdentityStates());
$this->_identityCookie = $this->saveCookie('', $data, $this->authTimeout);
} else {
throw new Exception(Craft::t('{class}.allowAutoLogin must be set true in order to use cookie-based authentication.', array('{class}' => get_class($this))));
}
}
craft()->users->updateUserLoginInfo($user);
} else {
throw new Exception(Craft::t('Could not find a user with Id of {userId}.', array('{userId}' => $this->getId())));
}
$this->_sessionRestoredFromCookie = false;
$this->_userRow = null;
$this->_sessionRestoredFromCookie = false;
$this->_userRow = null;
$this->_userModel = null;
// Run any after login logic.
$this->afterLogin(false);
$success = !$this->getIsGuest();
} else {
$success = false;
}
} else {
$success = false;
}
if ($success) {
// Fire an 'onLogin' event
$this->onLogin(new Event($this, array('username' => $userModel->username)));
return true;
} else {
Craft::log($userModel->username . ' tried to log in unsuccessfully.', LogLevel::Warning);
return false;
}
}
/**
* Logs a user in.
*
* @param \IUserIdentity $username
* @param int $password
* @param bool $rememberMe
* @throws Exception
* @return bool
*/
public function login($username, $password, $rememberMe = false)
{
// Validate the username/password first.
$usernameModel = new UsernameModel();
$passwordModel = new PasswordModel();
$usernameModel->username = $username;
$passwordModel->password = $password;
// Require a userAgent string and an IP address to help prevent direct socket connections from trying to login.
if (!craft()->request->userAgent || !craft()->request->getIpAddress()) {
Craft::log('Someone tried to login with loginName: ' . $username . ', without presenting an IP address or userAgent string.', LogLevel::Warning);
$this->logout();
$this->requireLogin();
}
// Validate the model.
if ($usernameModel->validate() && $passwordModel->validate()) {
// Authenticate the credentials.
$this->_identity = new UserIdentity($username, $password);
$this->_identity->authenticate();
// Was the login successful?
if ($this->_identity->errorCode == UserIdentity::ERROR_NONE) {
// See if the 'rememberUsernameDuration' config item is set. If so, save the name to a cookie.
$rememberUsernameDuration = craft()->config->get('rememberUsernameDuration');
if ($rememberUsernameDuration) {
$interval = new DateInterval($rememberUsernameDuration);
$expire = new DateTime();
$expire->add($interval);
// Save the username cookie.
$this->saveCookie('username', $username, $expire->getTimestamp());
}
// Get how long this session is supposed to last.
$seconds = $this->_getSessionDuration($rememberMe);
$this->authTimeout = $seconds;
$id = $this->_identity->getId();
$states = $this->_identity->getPersistentStates();
// Run any before login logic.
if ($this->beforeLogin($id, $states, false)) {
$this->changeIdentity($id, $this->_identity->getName(), $states);
if ($seconds > 0) {
if ($this->allowAutoLogin) {
$user = craft()->users->getUserById($id);
if ($user) {
// Save the necessary info to the identity cookie.
$sessionToken = StringHelper::UUID();
$hashedToken = craft()->security->hashString($sessionToken);
$uid = craft()->users->handleSuccessfulLogin($user, $hashedToken['hash']);
$userAgent = craft()->request->userAgent;
$data = array($this->getName(), $sessionToken, $uid, $seconds, $userAgent, $this->saveIdentityStates());
$this->saveCookie('', $data, $seconds);
} else {
throw new Exception(Craft::t('Could not find a user with Id of {userId}.', array('{userId}' => $this->getId())));
}
} else {
throw new Exception(Craft::t('{class}.allowAutoLogin must be set true in order to use cookie-based authentication.', array('{class}' => get_class($this))));
}
}
$this->_sessionRestoredFromCookie = false;
$this->_userRow = null;
// Run any after login logic.
$this->afterLogin(false);
}
return !$this->getIsGuest();
}
}
Craft::log($username . ' tried to log in unsuccessfully.', LogLevel::Warning);
return false;
}
public function testGetId()
{
Yii::app()->params['auth_source'] = 'BASIC';
$userIdentity = new UserIdentity('JoeBloggs', 'secret');
$this->assertTrue($userIdentity->authenticate());
$this->assertEquals($this->users['user1']['id'], $userIdentity->getId());
}