public function doLogin()
{
// obtain credentials from POST
$user = isset($_POST['user']) ? $_POST['user'] : null;
$password = isset($_POST['password']) ? $_POST['password'] : null;
$redirUrl = isset($_POST['redirUrl']) ? $_POST['redirUrl'] : '/';
$database = new ezcAuthenticationDatabaseInfo(ezcDbInstance::get(), 'user', array('id', 'password'));
$databaseFilter = new ezcAuthenticationDatabaseFilter($database);
$options = new ezcAuthenticationSessionOptions();
$options->validity = 86400;
$session = new ezcAuthenticationSession($options);
$session->start();
// use the options object when creating a new Session object
$credentials = new ezcAuthenticationPasswordCredentials($user, md5($password));
$authentication = new ezcAuthentication($credentials);
$authentication->session = $session;
$authentication->addFilter($databaseFilter);
if (!$authentication->run()) {
$request = clone $this->request;
$status = $authentication->getStatus();
$request->variables['redirUrl'] = $redirUrl;
$request->variables['reasons'] = $status;
$request->uri = '/login-required';
return new ezcMvcInternalRedirect($request);
}
$res = new ezcMvcResult();
$res->status = new ezcMvcExternalRedirect($redirUrl);
return $res;
}
public function testTokenExternCallbackFail()
{
$credentials = new ezcAuthenticationIdCredentials('foobar');
$authentication = new ezcAuthentication($credentials);
$authentication->addFilter(new ezcAuthenticationTokenFilter('wrong value', array('EncryptionTest', 'uncrackable')));
$this->assertEquals(false, $authentication->run());
}
public function authenticate( ezcAuthentication $auth, ezcMvcRequest $request )
{
if ( !$auth->run() )
{
$aStatuses = $auth->getStatus();
$statusCode = null;
foreach ( $aStatuses as $status )
{
if ( key( $status ) === 'ezpOauthFilter' )
{
$statusCode = current( $status );
break;
}
}
$request->variables['ezpAuth_redirUrl'] = $request->uri;
$request->variables['ezpAuth_reason'] = $statusCode;
$request->uri = "{$this->prefix}/auth/oauth/login";
return new ezcMvcInternalRedirect( $request );
}
else
{
$user = eZUser::fetch( ezpOauthFilter::$tokenInfo->user_id );
if ( !$user instanceof eZUser )
{
throw new ezpUserNotFoundException( ezpOauthFilter::$tokenInfo->user_id );
}
return $user;
}
}
/**
* @see ezpRestAuthenticationStyleInterface::authenticate()
*/
public function authenticate(ezcAuthentication $auth, ezcMvcRequest $request)
{
if (!$auth->run() && $request->uri !== "{$this->prefix}/fatal") {
throw new ezpUserNotFoundException($auth->credentials->id);
} else {
return eZUser::fetch($auth->credentials->id);
}
}
public function authenticate(ezcAuthentication $auth, ezcMvcRequest $request)
{
if (!$auth->run()) {
$request->uri = "{$this->prefix}/auth/http-basic-auth";
return new ezcMvcInternalRedirect($request);
} else {
// We're in. Get the ezp user and return it
return eZUser::fetchByName($auth->credentials->id);
}
}
public function authenticate(ezcAuthentication $auth, ezcMvcRequest $request)
{
if (!$auth->run()) {
// @TODO: Proper error messages required of course.
$request->uri = '/http-basic-auth';
return new ezcMvcInternalRedirect($request);
} else {
// We're in
$logger->log("Authentication successful", ezcLog::DEBUG);
// $logger->log( var_export( $request->raw, true), ezcLog::DEBUG );
}
}
public function authenticate(ezcAuthentication $auth, ezcMvcRequest $request)
{
if (!$auth->run()) {
// @TODO Current code block is inactive as auth is currently handled
// via exceptions rather than via auth status.
$request->variables['ezcAuth_redirUrl'] = $request->uri;
$request->variables['ezcAuth_reasons'] = $auth->getStatus();
$request->uri = '/login/oauth';
return new ezcMvcInternalRedirect($request);
}
return;
}
public function testSessionRunValidExpired()
{
$_SESSION[self::$timestampKey] = time() - 5;
$_SESSION[self::$idKey] = self::$id;
$credentials = new ezcAuthenticationIdCredentials(self::$id);
$authentication = new ezcAuthentication($credentials);
$options = new ezcAuthenticationSessionOptions();
$options->validity = 1;
$authentication->session = new ezcAuthenticationSession($options);
$this->assertEquals(true, isset($_SESSION[self::$timestampKey]));
$this->assertEquals(true, isset($_SESSION[self::$idKey]));
$this->assertEquals(false, $authentication->run());
$this->assertEquals(false, isset($_SESSION[self::$timestampKey]));
$this->assertEquals(false, isset($_SESSION[self::$idKey]));
}
public function testGroupMultipleCredentialsConstructor()
{
foreach (self::$results as $result) {
$credentials1 = new ezcAuthenticationIdCredentials(self::$data1[$result[0]][0]);
$credentials2 = new ezcAuthenticationIdCredentials(self::$data2[$result[1]][0]);
$authentication = new ezcAuthentication($credentials1);
$filter1 = new ezcAuthenticationTokenFilter(self::$data1[$result[0]][1], self::$data1[$result[0]][2]);
$filter2 = new ezcAuthenticationTokenFilter(self::$data2[$result[1]][1], self::$data2[$result[1]][2]);
$options = new ezcAuthenticationGroupOptions();
$options->multipleCredentials = true;
$options->mode = $result[2];
$group = new ezcAuthenticationGroupFilter(array(array($filter1, $credentials1), array($filter2, $credentials2)), $options);
$authentication->addFilter($group);
$this->assertEquals($result[3], $authentication->run(), "Test failed for ({$result[0]}, {$result[1]}, {$result[2]}).");
}
}
$action = isset($_GET['action']) ? strtolower($_GET['action']) : null;
$credentials = new ezcAuthenticationIdCredentials($url);
$authentication = new ezcAuthentication($credentials);
$authentication->session = $session;
if ($action === 'logout') {
$session->destroy();
} else {
$options = new ezcAuthenticationOpenidOptions();
$options->mode = ezcAuthenticationOpenidFilter::MODE_SMART;
$options->openidVersion = ezcAuthenticationOpenidFilter::VERSION_2_0;
$options->store = new ezcAuthenticationOpenidFileStore('/tmp/store');
$filter = new ezcAuthenticationOpenidFilter($options);
$filter->registerFetchData(array('fullname', 'gender', 'country', 'language'));
$authentication->addFilter($filter);
}
if (!$authentication->run()) {
// authentication did not succeed, so inform the user
$status = $authentication->getStatus();
$err = array();
$err["user"] = "";
$err["session"] = "";
for ($i = 0; $i < count($status); $i++) {
list($key, $value) = each($status[$i]);
switch ($key) {
case 'ezcAuthenticationOpenidFilter':
if ($value === ezcAuthenticationOpenidFilter::STATUS_SIGNATURE_INCORRECT) {
$err["user"] = "******";
}
if ($value === ezcAuthenticationOpenidFilter::STATUS_CANCELLED) {
$err["user"] = "******";
}
/**
* Returns either an internal or external redirect depending on whether the
* user authenticated succesfully.
*
* This method is run from the "login" action just after login() has been
* called. It takes the $authentication object, the $request and the form
* provided $redirUrl. It redirects upon failure to the configured
* loginRequiredUri and upon succes to the provided $redirUrl. The
* redirection happens by returning an ezcMvcInternalRedirect or
* ezcMvcResult with a ezcMvcExternalRedirect status.
*
* @param ezcAuthentication $authentication
* @param ezcMvcRequest $request
* @param string $redirUrl
* @return ezcMvcInternalRedirect|ezcMvcResult
*/
function returnLoginRedirect(ezcAuthentication $authentication, ezcMvcRequest $request, $redirUrl)
{
if (!$authentication->run()) {
$request = clone $request;
$status = $authentication->getStatus();
$request->variables['ezcAuth_redirUrl'] = $redirUrl;
$request->variables['ezcAuth_reasons'] = $status;
$request->uri = $this->options->loginRequiredUri;
return new ezcMvcInternalRedirect($request);
}
$res = new ezcMvcResult();
$res->status = new ezcMvcExternalRedirect($redirUrl);
return $res;
}
public function testGeneralNoFilters()
{
$credentials = new ezcAuthenticationIdCredentials('john.doe');
$authentication = new ezcAuthentication($credentials);
$this->assertEquals(true, $authentication->run());
}
public function testGroupConstructorArrayArrayFilters()
{
$optionsGroup = new ezcAuthenticationGroupOptions();
$optionsGroup->mode = ezcAuthenticationGroupFilter::MODE_AND;
$credentials = new ezcAuthenticationPasswordCredentials('john.doe', 'foobar');
$authentication = new ezcAuthentication($credentials);
$options = new ezcAuthenticationHtpasswdOptions();
$options->plain = true;
$authentication->addFilter(new ezcAuthenticationGroupFilter(array(array(new ezcAuthenticationHtpasswdFilter(self::$empty, $options)), array(new ezcAuthenticationHtpasswdFilter(self::$empty, $options))), $optionsGroup));
$this->assertEquals(false, $authentication->run());
}
/**
* Modified test for issue #12992 (case-sensitivity problems for LDAP registerFetchData()).
*
* Modified 'objectclass' into 'objectClass'.
*/
public function testLdapFetchExtraDataObjectClass()
{
$credentials = new ezcAuthenticationPasswordCredentials('jan.modaal', 'qwerty');
$ldap = new ezcAuthenticationLdapInfo(self::$host, self::$format, self::$base, self::$port);
$authentication = new ezcAuthentication($credentials);
$filter = new ezcAuthenticationLdapFilter($ldap);
$filter->registerFetchData(array('uid', 'objectClass'));
$authentication->addFilter($filter);
$this->assertEquals(true, $authentication->run());
$expected = array('uid' => array('jan.modaal'), 'objectClass' => array('account', 'simpleSecurityObject', 'top'));
$this->assertEquals($expected, $filter->fetchData());
}
public function testOpenidMockImmediateCaseNullSmartModeFileStore()
{
if (!ezcBaseFeatures::hasExtensionSupport('bcmath') && !ezcBaseFeatures::hasExtensionSupport('gmp')) {
$this->markTestSkipped('PHP must be compiled with --enable-bcmath or --with-gmp.');
}
$credentials = new ezcAuthenticationIdCredentials(self::$url);
$authentication = new ezcAuthentication($credentials);
$options = new ezcAuthenticationOpenidOptions();
$options->mode = ezcAuthenticationOpenidFilter::MODE_SMART;
$path = $this->createTempDir(get_class($this));
$options->store = new ezcAuthenticationOpenidFileStore($path);
$options->immediate = true;
$filter = $this->getMock('ezcAuthenticationOpenidFilter', array('generateNonce'), array($options));
$filter->expects($this->any())->method('generateNonce')->will($this->returnValue('123456'));
$authentication->addFilter($filter);
$authentication->run();
$this->removeTempDir();
$setupUrl = $filter->getSetupUrl();
$expected = "http://www.myopenid.com/server?action=login&openid_identifier=http%3A%2F%2Fezc.myopenid.com&nonce=123456&openid.assoc_handle=%7BHMAC-SHA1%7D%7B46c3086c%7D%7B%2F3r4xA%3D%3D%7D&openid.mode=checkid_setup&openid.sig=miZkmdlb3%2BPDCASwZzAqxQfZqn4%3D&openid.claimed_id%3Dhttp%253A%252F%252Fezc.myopenid.com%252F%26openid.identity%3Dhttp%253A%252F%252Fezc.myopenid.com%252F%26openid.mode%3Dcheckid_setup%26openid.return_to%3Dhttp%253A%252F%252Flocalhost%252Fopenid.php%253Faction%253Dlogin%2526openid_identifier%253Dhttp%25253A%25252F%25252Fezc.myopenid.com%2526nonce%253D123456%26openid.trust_root%3Dhttp%253A%252F%252Flocalhost&openid.claimed_id=http%3A%2F%2Fezc.myopenid.com%2F&openid.identity=http%3A%2F%2Fezc.myopenid.com%2F&openid.return_to=http%3A%2F%2Flocalhost%2Fopenid.php%3Faction%3Dlogin%26openid_identifier%3Dhttp%253A%252F%252Fezc.myopenid.com%26nonce%3D123456&openid.trust_root=http%3A%2F%2Flocalhost";
$this->assertEquals(substr($expected, 0, 138), substr($setupUrl, 0, 138));
$this->assertEquals(substr($expected, strpos($expected, 'openid.claimed_id')), substr($setupUrl, strpos($setupUrl, 'openid.claimed_id')));
}
/**
* Test for issue #15244 (DN can not be retrieved from the LDAP filter (patch)).
*/
public function testLdapFetchExtraDataDN()
{
$credentials = new ezcAuthenticationPasswordCredentials('jan.modaal', 'qwerty');
$ldap = new ezcAuthenticationLdapInfo(self::$host, self::$format, self::$base, self::$port);
$authentication = new ezcAuthentication($credentials);
$filter = new ezcAuthenticationLdapFilter($ldap);
$filter->registerFetchData(array('uid', 'dn'));
$authentication->addFilter($filter);
$this->assertEquals(true, $authentication->run());
$expected = array('uid' => array('jan.modaal'), 'dn' => 'uid=jan.modaal,dc=ezctest,dc=ez,dc=no');
$this->assertEquals($expected, $filter->fetchData());
}
public function testHtpasswdFileNoPasswords()
{
$credentials = new ezcAuthenticationPasswordCredentials('john.doe', '');
$authentication = new ezcAuthentication($credentials);
$options = new ezcAuthenticationHtpasswdOptions();
$options->plain = true;
$authentication->addFilter(new ezcAuthenticationHtpasswdFilter(self::$nopass, $options));
$this->assertEquals(false, $authentication->run());
}
public function testDatabaseFetchData()
{
$credentials = new ezcAuthenticationPasswordCredentials('john.doe', 'joB9EZ4O1cXDk');
$database = new ezcAuthenticationDatabaseInfo($this->db, self::$table, array(self::$fieldUser, self::$fieldPassword));
$authentication = new ezcAuthentication($credentials);
$filter = new ezcAuthenticationDatabaseFilter($database);
$filter->registerFetchData(array('name', 'country'));
$authentication->addFilter($filter);
$this->assertEquals(true, $authentication->run());
$expected = array('name' => array('John Doe'), 'country' => array('US'));
$this->assertEquals($expected, $filter->fetchData());
}
public function testTypeKeyFetchExtraDataWithEmail()
{
if (!ezcBaseFeatures::hasExtensionSupport('gmp')) {
$this->markTestSkipped('PHP must be compiled with --with-gmp.');
}
$_GET = self::$responseWithEmail;
$credentials = new ezcAuthenticationIdCredentials(self::$token);
$authentication = new ezcAuthentication($credentials);
$filter = new ezcAuthenticationTypekeyFilter();
$filter->lib = ezcAuthenticationMath::createBignumLibrary('gmp');
$authentication->addFilter($filter);
$this->assertEquals(true, $authentication->run());
$expected = array('name' => array('ezc'), 'nick' => array('ezctest'), 'email' => array('*****@*****.**'));
$this->assertEquals($expected, $filter->fetchData());
}
private function runAuthRequiredFilter($request)
{
$database = new ezcAuthenticationDatabaseInfo(ezcDbInstance::get(), 'user', array('id', 'password'));
$databaseFilter = new ezcAuthenticationDatabaseFilter($database);
// use the options object when creating a new Session object
$options = new ezcAuthenticationSessionOptions();
$options->validity = 86400;
$session = new ezcAuthenticationSession($options);
$session->start();
$user = $session->load();
$password = null;
$loginWithForm = true;
$credentials = new ezcAuthenticationPasswordCredentials($user, md5($password));
$authentication = new ezcAuthentication($credentials);
$authentication->session = $session;
$authentication->addFilter($databaseFilter);
if (!$authentication->run()) {
$status = $authentication->getStatus();
$request->variables['redirUrl'] = $request->uri;
$request->variables['reasons'] = $status;
$request->uri = '/login-required';
debugLogger::log(var_export($status, true), ezcLog::DEBUG, array("source" => __METHOD__));
return new ezcMvcInternalRedirect($request);
}
if (isset($_SESSION['ezcAuth_id'])) {
/*
$q = ezcDbInstance::get()->createSelectQuery();
$q->select( '*' )
->from( 'user' )
->leftJoin( 'user_pref', 'user.id', 'user_pref.user_id' )
->where( $q->expr->eq( 'id', $q->bindValue( $_SESSION['ezcAuth_id'] ) ) );
$s = $q->prepare();
$s->execute();
$r = $s->fetchAll();
$userName = $r[0]['fullname'];
*/
$q = ezcDbInstance::get()->createSelectQuery();
$q->select('*')->from('user')->where($q->expr->eq('id', $q->bindValue($_SESSION['ezcAuth_id'])));
$s = $q->prepare();
$s->execute();
$r = $s->fetchAll();
$userName = $r[0]['fullname'];
date_default_timezone_set($r[0]['timezone']);
}
$request->variables['user'] = $userName;
}
