public function do_execute()
{
$this->cliEcho("\n");
$this->cliEcho("Revert authentication backend\n", 'white', 'bold');
$this->cliEcho("This command is useful if you've managed to lock yourself.\n");
$this->cliEcho("out due to an authentication backend change gone bad.\n\n");
if (\thebuggenie\core\framework\Settings::getAuthenticationBackend() == 'tbg' || \thebuggenie\core\framework\Settings::getAuthenticationBackend() == null) {
$this->cliEcho("You are currently using the default authentication backend.\n\n");
} else {
$this->cliEcho("Please type 'yes' if you want to revert to the default authentication backend: ");
$this->cliEcho("\n");
if ($this->getInput() == 'yes') {
\thebuggenie\core\framework\Settings::saveSetting(\thebuggenie\core\framework\Settings::SETTING_AUTH_BACKEND, 'tbg');
$this->cliEcho("Authentication backend reverted.\n\n");
} else {
$this->cliEcho("No changes made.\n\n");
}
}
}
/**
* Returns the logged in user, or default user if not logged in
*
* @param \thebuggenie\core\framework\Request $request
* @param \thebuggenie\core\framework\Action $action
*
* @return \thebuggenie\core\entities\User
*/
public static function loginCheck(framework\Request $request, framework\Action $action)
{
try {
$authentication_method = $action->getAuthenticationMethodForAction(framework\Context::getRouting()->getCurrentRouteAction());
$user = null;
$external = false;
switch ($authentication_method) {
case framework\Action::AUTHENTICATION_METHOD_ELEVATED:
case framework\Action::AUTHENTICATION_METHOD_CORE:
$username = $request['tbg3_username'];
$password = $request['tbg3_password'];
if ($authentication_method == framework\Action::AUTHENTICATION_METHOD_ELEVATED) {
$elevated_password = $request['tbg3_elevated_password'];
}
$raw = true;
// If no username and password specified, check if we have a session that exists already
if ($username === null && $password === null) {
if (framework\Context::getRequest()->hasCookie('tbg3_username') && framework\Context::getRequest()->hasCookie('tbg3_password')) {
$username = framework\Context::getRequest()->getCookie('tbg3_username');
$password = framework\Context::getRequest()->getCookie('tbg3_password');
$user = self::getB2DBTable()->getByUsername($username);
if ($authentication_method == framework\Action::AUTHENTICATION_METHOD_ELEVATED) {
$elevated_password = framework\Context::getRequest()->getCookie('tbg3_elevated_password');
if ($user instanceof User && !$user->hasPasswordHash($password)) {
$user = null;
} else {
if ($user instanceof User && !$user->hasPasswordHash($elevated_password)) {
framework\Context::setUser($user);
framework\Context::getRouting()->setCurrentRouteName('elevated_login_page');
throw new framework\exceptions\ElevatedLoginException('reenter');
}
}
} else {
if ($user instanceof User && !$user->hasPasswordHash($password)) {
$user = null;
}
}
if (!$user instanceof User) {
framework\Context::logout();
throw new \Exception('No such login');
}
}
}
// If we have authentication details, validate them
if (framework\Settings::isUsingExternalAuthenticationBackend() && $username !== null && $password !== null) {
$external = true;
framework\Logging::log('Authenticating with backend: ' . framework\Settings::getAuthenticationBackend(), 'auth', framework\Logging::LEVEL_INFO);
try {
$mod = framework\Context::getModule(framework\Settings::getAuthenticationBackend());
if ($mod->getType() !== Module::MODULE_AUTH) {
framework\Logging::log('Auth module is not the right type', 'auth', framework\Logging::LEVEL_FATAL);
}
if (framework\Context::getRequest()->hasCookie('tbg3_username') && framework\Context::getRequest()->hasCookie('tbg3_password')) {
$user = $mod->verifyLogin($username, $password);
} else {
$user = $mod->doLogin($username, $password);
}
if (!$user instanceof User) {
// Invalid
framework\Context::logout();
throw new \Exception('No such login');
//framework\Context::getResponse()->headerRedirect(framework\Context::getRouting()->generate('login'));
}
} catch (\Exception $e) {
throw $e;
}
} elseif (framework\Settings::isUsingExternalAuthenticationBackend()) {
$external = true;
framework\Logging::log('Authenticating without credentials with backend: ' . framework\Settings::getAuthenticationBackend(), 'auth', framework\Logging::LEVEL_INFO);
try {
$mod = framework\Context::getModule(framework\Settings::getAuthenticationBackend());
if ($mod->getType() !== Module::MODULE_AUTH) {
framework\Logging::log('Auth module is not the right type', 'auth', framework\Logging::LEVEL_FATAL);
}
$user = $mod->doAutoLogin();
if ($user == false) {
// Invalid
framework\Context::logout();
throw new \Exception('No such login');
//framework\Context::getResponse()->headerRedirect(framework\Context::getRouting()->generate('login'));
} else {
if ($user == true) {
$user = null;
}
}
} catch (\Exception $e) {
throw $e;
}
} elseif ($username !== null && $password !== null && !$user instanceof User) {
$external = false;
framework\Logging::log('Using internal authentication', 'auth', framework\Logging::LEVEL_INFO);
$user = self::getB2DBTable()->getByUsername($username);
if ($user instanceof User && !$user->hasPassword($password)) {
$user = null;
}
if (!$user instanceof User) {
framework\Context::logout();
}
}
break;
case framework\Action::AUTHENTICATION_METHOD_DUMMY:
$user = self::getB2DBTable()->getByUserID(framework\Settings::getDefaultUserID());
break;
case framework\Action::AUTHENTICATION_METHOD_CLI:
$user = self::getB2DBTable()->getByUsername(framework\Context::getCurrentCLIusername());
break;
case framework\Action::AUTHENTICATION_METHOD_RSS_KEY:
$user = self::getB2DBTable()->getByRssKey($request['rsskey']);
break;
case framework\Action::AUTHENTICATION_METHOD_APPLICATION_PASSWORD:
$user = self::getB2DBTable()->getByUsername($request['api_username']);
if (!$user->authenticateApplicationPassword($request['api_token'])) {
$user = null;
}
break;
}
if ($user === null && !framework\Settings::isLoginRequired()) {
$user = self::getB2DBTable()->getByUserID(framework\Settings::getDefaultUserID());
}
if ($user instanceof User) {
if (!$user->isActivated()) {
throw new \Exception('This account has not been activated yet');
} elseif (!$user->isEnabled()) {
throw new \Exception('This account has been suspended');
} elseif (!$user->isConfirmedMemberOfScope(framework\Context::getScope())) {
if (!framework\Settings::isRegistrationAllowed()) {
throw new \Exception('This account does not have access to this scope');
}
}
if ($external == false && $authentication_method == framework\Action::AUTHENTICATION_METHOD_CORE) {
$password = $user->getHashPassword();
if (!$request->hasCookie('tbg3_username') && !$user->isGuest()) {
if ($request->getParameter('tbg3_rememberme')) {
framework\Context::getResponse()->setCookie('tbg3_username', $user->getUsername());
framework\Context::getResponse()->setCookie('tbg3_password', $user->getPassword());
} else {
framework\Context::getResponse()->setSessionCookie('tbg3_username', $user->getUsername());
framework\Context::getResponse()->setSessionCookie('tbg3_password', $user->getPassword());
}
}
}
} elseif (framework\Settings::isLoginRequired()) {
throw new \Exception('Login required');
} else {
throw new \Exception('No such login');
}
} catch (\Exception $e) {
throw $e;
}
return $user;
}
/**
* Log out the current user (does not work when auth method is set to http)
*/
public static function logout()
{
if (Settings::isUsingExternalAuthenticationBackend()) {
$mod = self::getModule(Settings::getAuthenticationBackend());
$mod->logout();
}
Event::createNew('core', 'pre_logout')->trigger();
self::getResponse()->deleteCookie('tbg3_username');
self::getResponse()->deleteCookie('tbg3_password');
self::getResponse()->deleteCookie('tbg3_elevated_password');
self::getResponse()->deleteCookie('tbg3_persona_session');
self::getResponse()->deleteCookie('THEBUGGENIE');
session_regenerate_id(true);
Event::createNew('core', 'post_logout')->trigger();
}
<td>
<select name="auth_backend" id="auth_backend">
<option value="tbg"<?php
if (\thebuggenie\core\framework\Settings::getAuthenticationBackend() == 'tbg' || \thebuggenie\core\framework\Settings::getAuthenticationBackend() == null) {
?>
selected="selected"<?php
}
?>
><?php
echo __('The Bug Genie authentication (use internal user mechanisms)');
?>
</option>
<?php
foreach ($modules as $module) {
$selected = null;
if (\thebuggenie\core\framework\Settings::getAuthenticationBackend() == $module->getTabKey()) {
$selected = ' selected="selected"';
}
echo '<option value="' . $module->getTabKey() . '"' . $selected . '>' . $module->getLongName() . '</option>';
}
?>
</select>
</td>
</tr>
<tr>
<td class="config_explanation" colspan="2"><?php
echo __('All modules which provide authentication are shown here. Please ensure your chosen backend is configured first, and please read the warnings included with your chosen backend to ensure that you do not lose administrator access.');
?>
</td>
</tr>
<tr>
public function listen_configurationAuthenticationMethod(framework\Event $event)
{
if (framework\Settings::getAuthenticationBackend() == $this->getName()) {
$event->setReturnValue(framework\Action::AUTHENTICATION_METHOD_CORE);
}
}
