create() public static method

Creates a session
public static create ( integer $userId, integer $ruid = null )
$userId integer The effective identifier of the user
$ruid integer optional Real user identifier which is used to sign in to Scalr (Admin UserId)
Esempio n. 1
0
 public function xLoginAsAction()
 {
     if ($this->getParam('accountId')) {
         $account = new Scalr_Account();
         $account->loadById($this->getParam('accountId'));
         $user = $account->getOwner();
     } else {
         $user = new Scalr_Account_User();
         $user->loadById($this->getParam('userId'));
     }
     if ($user->status != User::STATUS_ACTIVE) {
         throw new Exception('User account has been deactivated. You cannot login into it.');
     }
     Scalr_Session::create($user->getId(), $this->user->getId());
     try {
         $envId = $this->getEnvironmentId(true) ?: $user->getDefaultEnvironment()->id;
     } catch (Exception $e) {
         $envId = null;
     }
     $this->auditLog("user.auth.login", $user, $envId, $this->request->getRemoteAddr(), $this->user->getId());
     $this->response->success();
 }
Esempio n. 2
0
 public function xProfileSaveAction()
 {
     $this->request->defineParams(array('fullname' => array('type' => 'string'), 'password' => array('type' => 'string'), 'cpassword' => array('type' => 'string')));
     if (!$this->getParam('password')) {
         $err['password'] = "******";
     }
     if ($this->getParam('password') != $this->getParam('cpassword')) {
         $err['cpassword'] = "******";
     }
     if (count($err) == 0) {
         $updateSession = false;
         if ($this->getParam('password') != '******') {
             $this->user->updatePassword($this->getParam('password'));
             $updateSession = true;
         }
         $this->user->fullname = $this->getParam("fullname");
         $this->user->save();
         if ($updateSession) {
             Scalr_Session::create($this->user->getId());
         }
         $this->response->success('Profile successfully updated');
     } else {
         $this->response->failure();
         $this->response->data(array('errors' => $err));
     }
 }
Esempio n. 3
0
 /**
  * @param Scalr_Account_User $user
  * @param bool $keepSession
  */
 private function loginUserCreate($user, $keepSession)
 {
     $user->updateLastLogin();
     Scalr_Session::create($user->getId());
     if (Scalr::config('scalr.auth_mode') == 'ldap') {
         $user->applyLdapGroups($this->ldapGroups);
     } else {
         if ($keepSession) {
             Scalr_Session::keepSession();
         }
     }
     $this->response->data(array('userId' => $user->getId(), 'specialToken' => Scalr_Session::getInstance()->getToken()));
 }
Esempio n. 4
0
 public function xLoginAsAction()
 {
     if ($this->getParam('accountId')) {
         $account = new Scalr_Account();
         $account->loadById($this->getParam('accountId'));
         $user = $account->getOwner();
     } else {
         $user = new Scalr_Account_User();
         $user->loadById($this->getParam('userId'));
     }
     Scalr_Session::create($user->getId(), true);
     $this->response->success();
 }
Esempio n. 5
0
 public function xSaveAction()
 {
     $this->request->defineParams(array('teams' => array('type' => 'json'), 'action', 'password' => array('type' => 'string', 'rawValue' => true), 'currentPassword' => array('type' => 'string', 'rawValue' => true)));
     $user = Scalr_Account_User::init();
     $validator = new Scalr_Validator();
     if ($this->getParam('id')) {
         $user->loadById((int) $this->getParam('id'));
     } else {
         if ($this->getContainer()->config->get('scalr.auth_mode') == 'ldap') {
             throw new Exception("Adding new users is not supported with LDAP user management");
         }
     }
     if ($this->getContainer()->config->get('scalr.auth_mode') != 'ldap') {
         if (!$this->getParam('email')) {
             throw new Scalr_Exception_Core('Email cannot be null');
         }
         if ($validator->validateEmail($this->getParam('email'), null, true) !== true) {
             throw new Scalr_Exception_Core('Email should be correct');
         }
         if ($this->getParam('id')) {
             if (!$this->user->canEditUser($user)) {
                 throw new Scalr_Exception_InsufficientPermissions();
             }
             $user->updateEmail($this->getParam('email'));
         } else {
             $this->user->getAccount()->validateLimit(Scalr_Limits::ACCOUNT_USERS, 1);
             $user->create($this->getParam('email'), $this->user->getAccountId());
             $user->type = Scalr_Account_User::TYPE_TEAM_USER;
             $newUser = true;
         }
         $password = $this->getParam('password');
         if (!$newUser && $password) {
             $existingPasswordChanged = true;
         } else {
             if (!$password && ($this->request->hasParam('password') || $newUser)) {
                 $password = $this->getCrypto()->sault(10);
                 $sendResetLink = true;
             }
         }
         if (($existingPasswordChanged || !$newUser && $sendResetLink) && !$this->user->checkPassword($this->getParam('currentPassword'))) {
             $this->response->data(['errors' => ['currentPassword' => 'Invalid password']]);
             $this->response->failure();
             return;
         }
         if ($password) {
             $user->updatePassword($password);
         }
     }
     if ($user->getId() != $this->user->getId() && in_array($this->getParam('status'), array(Scalr_Account_User::STATUS_ACTIVE, Scalr_Account_User::STATUS_INACTIVE))) {
         $user->status = $this->getParam('status');
     }
     if (!$user->isAccountOwner()) {
         if ($this->getParam('isAccountAdmin')) {
             if ($this->user->isAccountOwner() && $this->getParam('isAccountSuperAdmin')) {
                 $user->type = Scalr_Account_User::TYPE_ACCOUNT_SUPER_ADMIN;
             } else {
                 if ($user->type != Scalr_Account_User::TYPE_ACCOUNT_SUPER_ADMIN) {
                     $user->type = Scalr_Account_User::TYPE_ACCOUNT_ADMIN;
                 }
             }
         } else {
             $user->type = Scalr_Account_User::TYPE_TEAM_USER;
         }
     }
     $user->fullname = $this->getParam('fullname');
     $user->comments = $this->getParam('comments');
     $user->save();
     $user->setAclRoles($this->getParam('teams'));
     if ($this->getParam('enableApi')) {
         $keys = Scalr::GenerateAPIKeys();
         $user->setSetting(Scalr_Account_User::SETTING_API_ENABLED, true);
         $user->setSetting(Scalr_Account_User::SETTING_API_ACCESS_KEY, $keys['id']);
         $user->setSetting(Scalr_Account_User::SETTING_API_SECRET_KEY, $keys['key']);
     }
     $creatorName = $this->user->fullname;
     if (empty($creatorName)) {
         $creatorName = $this->user->isAccountOwner() ? 'Account owner' : ($this->user->isAccountAdmin() ? 'Account admin' : 'Team user');
     }
     if ($newUser) {
         try {
             $clientinfo = array('fullname' => $user->fullname, 'firstname' => $user->fullname, 'email' => $user->getEmail(), 'password' => $password);
             $url = Scalr::config('scalr.endpoint.scheme') . "://" . Scalr::config('scalr.endpoint.host');
             $res = $this->getContainer()->mailer->sendTemplate(SCALR_TEMPLATES_PATH . '/emails/referral.eml.php', array("creatorName" => $creatorName, "clientFirstname" => $clientinfo['firstname'], "email" => $clientinfo['email'], "password" => $clientinfo['password'], "siteUrl" => $url, "wikiUrl" => \Scalr::config('scalr.ui.wiki_url'), "supportUrl" => \Scalr::config('scalr.ui.support_url'), "isUrl" => preg_match('/^http(s?):\\/\\//i', \Scalr::config('scalr.ui.support_url'))), $user->getEmail());
         } catch (Exception $e) {
         }
     } elseif ($sendResetLink) {
         try {
             $hash = $this->getCrypto()->sault(10);
             $user->setSetting(Scalr_Account::SETTING_OWNER_PWD_RESET_HASH, $hash);
             $clientinfo = array('email' => $user->getEmail(), 'fullname' => $user->fullname);
             $res = $this->getContainer()->mailer->sendTemplate(SCALR_TEMPLATES_PATH . '/emails/user_account_confirm.eml', array("{{fullname}}" => $clientinfo['fullname'], "{{pwd_link}}" => "https://{$_SERVER['HTTP_HOST']}/#/guest/updatePassword/?hash={$hash}"), $clientinfo['email'], $clientinfo['fullname']);
         } catch (Exception $e) {
         }
     } else {
         if ($existingPasswordChanged) {
             // Send notification E-mail
             $this->getContainer()->mailer->sendTemplate(SCALR_TEMPLATES_PATH . '/emails/password_change_notification.eml', array('{{fullname}}' => $user->fullname ? $user->fullname : $user->getEmail()), $user->getEmail(), $user->fullname);
         }
     }
     $userTeams = array();
     $troles = $this->getContainer()->acl->getUserRoleIdsByTeam($user->id, array_map(create_function('$v', 'return $v["id"];'), $user->getTeams()), $user->getAccountId());
     foreach ($troles as $teamId => $roles) {
         $userTeams[$teamId] = array('roles' => $roles);
     }
     $data = ['user' => $user->getUserInfo(), 'teams' => $userTeams];
     if ($existingPasswordChanged && $user->getId() == $this->user->getId()) {
         Scalr_Session::create($this->user->getId());
         $data['specialToken'] = Scalr_Session::getInstance()->getToken();
     }
     $this->response->data($data);
     $this->response->success('User successfully saved');
 }
Esempio n. 6
0
 /**
  * @param $password
  * @param $cpassword
  * @param $securityIpWhitelist
  */
 public function xSecuritySaveAction($password, $cpassword, $securityIpWhitelist)
 {
     $validator = new Validator();
     $validator->validate($password, 'password', Validator::NOEMPTY);
     $validator->validate($cpassword, 'cpassword', Validator::NOEMPTY);
     $validator->addErrorIf($password && $cpassword && $password != $cpassword, ['password', 'cpassword'], 'Two passwords are not equal');
     $subnets = array();
     $securityIpWhitelist = trim($securityIpWhitelist);
     if ($securityIpWhitelist) {
         $whitelist = explode(',', $securityIpWhitelist);
         foreach ($whitelist as $mask) {
             $sub = Scalr_Util_Network::convertMaskToSubnet($mask);
             if ($sub) {
                 $subnets[] = $sub;
             } else {
                 $validator->addError('securityIpWhitelist', sprintf('Not valid mask: %s', $mask));
             }
         }
     }
     if (count($subnets) && !Scalr_Util_Network::isIpInSubnets($this->request->getRemoteAddr(), $subnets)) {
         $validator->addError('securityIpWhitelist', 'New IP access whitelist doesn\'t correspond your current IP address');
     }
     if ($validator->isValid($this->response)) {
         $updateSession = false;
         if ($password != '******') {
             $this->user->updatePassword($password);
             $updateSession = true;
         }
         $this->user->setVar(Scalr_Account_User::VAR_SECURITY_IP_WHITELIST, count($subnets) ? serialize($subnets) : '');
         $this->user->save();
         if ($updateSession) {
             Scalr_Session::create($this->user->getId());
         }
         $this->response->success('Security settings successfully updated');
     }
 }
Esempio n. 7
0
 /**
  * @param RawData $password
  * @param RawData $cpassword
  * @param $securityIpWhitelist
  * @param RawData $currentPassword optional
  */
 public function xSecuritySaveAction(RawData $password, RawData $cpassword, $securityIpWhitelist, RawData $currentPassword = null)
 {
     $validator = new Validator();
     if ($password != '******') {
         $validator->addErrorIf(!$this->user->checkPassword($currentPassword), ['currentPassword'], 'Invalid password');
     }
     $validator->validate($password, 'password', Validator::NOEMPTY);
     $validator->validate($cpassword, 'cpassword', Validator::NOEMPTY);
     $validator->addErrorIf($password && $cpassword && $password != $cpassword, ['password', 'cpassword'], 'Two passwords are not equal');
     $subnets = array();
     $securityIpWhitelist = trim($securityIpWhitelist);
     if ($securityIpWhitelist) {
         $whitelist = explode(',', $securityIpWhitelist);
         foreach ($whitelist as $mask) {
             $sub = Scalr_Util_Network::convertMaskToSubnet($mask);
             if ($sub) {
                 $subnets[] = $sub;
             } else {
                 $validator->addError('securityIpWhitelist', sprintf('Not valid mask: %s', $mask));
             }
         }
     }
     if (count($subnets) && !Scalr_Util_Network::isIpInSubnets($this->request->getRemoteAddr(), $subnets)) {
         $validator->addError('securityIpWhitelist', 'New IP access whitelist doesn\'t correspond your current IP address');
     }
     if ($validator->isValid($this->response)) {
         $updateSession = false;
         if ($password != '******') {
             $this->user->updatePassword($password);
             $updateSession = true;
             // Send notification E-mail
             $this->getContainer()->mailer->sendTemplate(SCALR_TEMPLATES_PATH . '/emails/password_change_notification.eml', array('{{fullname}}' => $this->user->fullname ? $this->user->fullname : $this->user->getEmail()), $this->user->getEmail(), $this->user->fullname);
         }
         $this->user->setVar(Scalr_Account_User::VAR_SECURITY_IP_WHITELIST, count($subnets) ? serialize($subnets) : '');
         $this->user->save();
         if ($updateSession) {
             Scalr_Session::create($this->user->getId());
             $this->response->data(['specialToken' => Scalr_Session::getInstance()->getToken()]);
         }
         $this->response->success('Security settings successfully updated');
     }
 }
Esempio n. 8
0
 /**
  * @param Scalr_Account_User $user
  */
 private function loginUserCreate($user)
 {
     $user->updateLastLogin();
     Scalr_Session::create($user->getId());
     if (Scalr::config('scalr.auth_mode') == 'ldap') {
         $user->applyLdapGroups($this->ldapGroups);
     } else {
         if ($this->getParam('scalrKeepSession') == 'on') {
             Scalr_Session::keepSession();
         }
     }
     $this->response->data(array('userId' => $user->getId()));
 }
Esempio n. 9
0
 private function loginUserCreate($user)
 {
     $user->updateLastLogin();
     Scalr_Session::create($user->getId());
     if ($this->getParam('scalrKeepSession') == 'on') {
         Scalr_Session::keepSession();
     }
     $this->response->data(array('userId' => $user->getId()));
 }
Esempio n. 10
0
 public function loginAsOwnerAction()
 {
     $account = Scalr_Account::init()->loadById($this->getParam(self::CALL_PARAM_NAME));
     $owner = $account->getOwner();
     Scalr_Session::create($owner->getId());
     UI::Redirect("/#/dashboard");
 }
Esempio n. 11
0
 public function xSecuritySaveAction()
 {
     $this->request->defineParams(array('password' => array('type' => 'string', 'validator' => array(Scalr_Validator::NOEMPTY => true)), 'cpassword' => array('type' => 'string', 'validator' => array(Scalr_Validator::NOEMPTY => true))));
     $this->request->validate();
     if ($this->getParam('password') != $this->getParam('cpassword')) {
         $this->request->addValidationErrors('cpassword', 'Two passwords are not equal');
     }
     $subnets = array();
     $whitelist = trim($this->getParam('security_ip_whitelist'));
     if ($whitelist) {
         $whitelist = explode(',', $whitelist);
         foreach ($whitelist as $mask) {
             $sub = Scalr_Util_Network::convertMaskToSubnet($mask);
             if ($sub) {
                 $subnets[] = $sub;
             } else {
                 $this->request->addValidationErrors('security_ip_whitelist', sprintf('Not valid mask: %s', $mask));
             }
         }
     }
     if (count($subnets) && !Scalr_Util_Network::isIpInSubnets($this->request->getRemoteAddr(), $subnets)) {
         $this->request->addValidationErrors('security_ip_whitelist', 'New IP access whitelist doesn\'t correspond your current IP address');
     }
     if ($this->request->isValid()) {
         $updateSession = false;
         if ($this->getParam('password') != '******') {
             $this->user->updatePassword($this->getParam('password'));
             $updateSession = true;
         }
         $this->user->setVar(Scalr_Account_User::VAR_SECURITY_IP_WHITELIST, count($subnets) ? serialize($subnets) : '');
         $this->user->save();
         if ($updateSession) {
             Scalr_Session::create($this->user->getId());
         }
         $this->response->success('Secuity settings successfully updated');
     } else {
         $this->response->failure();
         $this->response->data($this->request->getValidationErrors());
     }
 }