public function executeImpl($partner_id, $subp_id, $puser_id, $partner_prefix, $puser_kuser)
{
defPartnerservices2baseAction::disableCache();
$email = trim($this->getPM("email"));
try {
$new_password = UserLoginDataPeer::resetUserPassword($email);
} catch (kUserException $e) {
$code = $e->getCode();
if ($code == kUserException::LOGIN_DATA_NOT_FOUND) {
$this->addException(APIErrors::ADMIN_KUSER_NOT_FOUND);
return null;
}
if ($code == kUserException::PASSWORD_STRUCTURE_INVALID) {
$this->addException(APIErrors::PASSWORD_STRUCTURE_INVALID);
return null;
}
if ($code == kUserException::PASSWORD_ALREADY_USED) {
$this->addException(APIErrors::PASSWORD_ALREADY_USED);
return null;
}
if ($code == kUserException::INVALID_EMAIL) {
$this->addException(APIErrors::INVALID_FIELD_VALUE, 'email');
return null;
}
if ($code == kUserException::LOGIN_ID_ALREADY_USED) {
$this->addException(APIErrors::LOGIN_ID_ALREADY_USED);
return null;
}
throw $e;
}
if (!$new_password) {
$this->addException(APIErrors::ADMIN_KUSER_NOT_FOUND);
}
$this->addMsg("msg", "email sent");
}
public function execute()
{
// Prevent the page fron being embeded in an iframe
header('X-Frame-Options: DENY');
// Check if user already logged in and redirect to kmc2
if ($this->getRequest()->getCookie('kmcks')) {
$this->redirect('kmc/kmc2');
}
if (infraRequestUtils::getProtocol() != infraRequestUtils::PROTOCOL_HTTPS && kConf::get('kmc_secured_login')) {
$url = 'https://' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
header('Location:' . $url);
die;
}
$this->www_host = kConf::get('www_host');
$https_enabled = !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443 ? true : false;
$this->securedLogin = kConf::get('kmc_secured_login') || $https_enabled ? true : false;
$swfUrl = $this->securedLogin ? 'https://' : 'http://';
$swfUrl .= $this->www_host . myContentStorage::getFSFlashRootPath();
$swfUrl .= '/kmc/login/' . kConf::get('kmc_login_version') . '/login.swf';
$this->swfUrl = $swfUrl;
$this->partner_id = $this->getRequestParameter("partner_id");
$this->logoUrl = null;
if ($this->partner_id) {
$partner = PartnerPeer::retrieveByPK($this->partner_id);
if ($partner) {
$this->logoUrl = kmcUtils::getWhitelabelData($partner, 'logo_url');
}
}
$this->beta = $this->getRequestParameter("beta");
//prevent script injections - allow only base64_encode chars , which is used when creating A new hash key
$passHashparam = $this->getRequestParameter("setpasshashkey");
if ($passHashparam && !preg_match(self::BASE64_ENCODE_CHARS_REGEX, $passHashparam)) {
KExternalErrors::dieError(KExternalErrors::INVALID_HASH);
}
$this->setPassHashKey = $passHashparam;
$this->hashKeyErrorCode = null;
$this->displayErrorFromServer = false;
if ($this->setPassHashKey) {
try {
$loginData = UserLoginDataPeer::isHashKeyValid($this->setPassHashKey);
$partnerId = $loginData->getConfigPartnerId();
$partner = PartnerPeer::retrieveByPK($partnerId);
if ($partner && $partner->getPasswordStructureValidations()) {
$this->displayErrorFromServer = true;
}
} catch (kCoreException $e) {
$this->hashKeyErrorCode = $e->getCode();
}
}
sfView::SUCCESS;
}
public function getListResponse(KalturaFilterPager $pager, KalturaDetachedResponseProfile $responseProfile = null)
{
$userLoginDataFilter = $this->toObject();
$c = new Criteria();
$userLoginDataFilter->attachToCriteria($c);
$totalCount = UserLoginDataPeer::doCount($c);
$pager->attachToCriteria($c);
$list = UserLoginDataPeer::doSelect($c);
$newList = KalturaUserLoginDataArray::fromDbArray($list, $responseProfile);
$response = new KalturaUserLoginDataListResponse();
$response->totalCount = $totalCount;
$response->objects = $newList;
return $response;
}
public function executeImpl($partner_id, $subp_id, $puser_id, $partner_prefix, $puser_kuser)
{
defPartnerservices2baseAction::disableCache();
$email = trim($this->getPM("adminKuser_email"));
$new_email = trim($this->getP("new_email"));
$old_password = trim($this->getPM("adminKuser_password", null));
$password = trim($this->getPM("new_password", null));
if ($new_email) {
if (!kString::isEmailString($new_email)) {
$f_name = "new_email";
$this->addException(APIErrors::INVALID_FIELD_VALUE, $f_name);
}
}
try {
UserLoginDataPeer::updateLoginData($email, $old_password, $new_email, $password);
} catch (kUserException $e) {
$code = $e->getCode();
if ($code == kUserException::LOGIN_DATA_NOT_FOUND) {
$this->addException(APIErrors::ADMIN_KUSER_NOT_FOUND);
return null;
}
if ($code == kUserException::WRONG_PASSWORD) {
$this->addException(APIErrors::ADMIN_KUSER_WRONG_OLD_PASSWORD);
return null;
}
if ($code == kUserException::PASSWORD_STRUCTURE_INVALID) {
$this->addException(APIErrors::PASSWORD_STRUCTURE_INVALID);
return null;
}
if ($code == kUserException::PASSWORD_ALREADY_USED) {
$this->addException(APIErrors::PASSWORD_ALREADY_USED);
return null;
}
if ($code == kUserException::INVALID_EMAIL) {
$this->addException(APIErrors::INVALID_FIELD_VALUE, 'new_email');
return null;
}
if ($code == kUserException::LOGIN_ID_ALREADY_USED) {
$this->addException(APIErrors::LOGIN_ID_ALREADY_USED);
return null;
}
throw $e;
}
if ($new_email) {
$this->addMsg("new_email", $new_email);
}
$this->addMsg("new_password", $password);
}
/**
* Action which checks whther user login
* @action checkLoginDataExists
* @actionAlias user.checkLoginDataExists
* @param KalturaUserLoginDataFilter $filter
* @return bool
*/
public function checkLoginDataExistsAction(KalturaUserLoginDataFilter $filter)
{
if (!$filter) {
$filter = new KalturaUserLoginDataFilter();
$filter->loginEmailEqual = $this->getPartner()->getAdminEmail();
}
$userLoginDataFilter = new UserLoginDataFilter();
$filter->toObject($userLoginDataFilter);
$c = new Criteria();
$userLoginDataFilter->attachToCriteria($c);
$totalCount = UserLoginDataPeer::doCount($c);
if ($totalCount) {
return true;
}
return false;
}
public function execute()
{
$this->beta = $this->getRequestParameter("beta");
$this->kmc_login_version = kConf::get('kmc_login_version');
$this->setPassHashKey = $this->getRequestParameter("setpasshashkey");
$this->hashKeyErrorCode = null;
if ($this->setPassHashKey) {
try {
if (!UserLoginDataPeer::isHashKeyValid($this->setPassHashKey)) {
$this->hashKeyErrorCode = kUserException::NEW_PASSWORD_HASH_KEY_INVALID;
}
} catch (kCoreException $e) {
$this->hashKeyErrorCode = $e->getCode();
}
}
sfView::SUCCESS;
}
private function nextUser()
{
$this->adminKuser = adminKuserPeer::retrieveByPK($this->curId);
$this->assertNotNull($this->adminKuser, 'Admin kuser not found with id [' . $this->curId . ']');
$cLoginData = new Criteria();
$cLoginData->addAnd(UserLoginDataPeer::LOGIN_EMAIL, $this->adminKuser->getEmail());
$loginDatas = UserLoginDataPeer::doSelect($cLoginData);
$this->assertEquals(1, count($loginDatas), 'Number of login datas found for id [' . $this->curId . ']');
$this->loginData = $loginDatas[0];
$cKuser = new Criteria();
$cKuser->addAnd(kuserPeer::LOGIN_DATA_ID, $this->loginData->getId());
$cKuser->addAnd(kuserPeer::PARTNER_ID, $this->adminKuser->getPartnerId());
$kusers = kuserPeer::doSelect($cKuser);
$this->assertEquals(1, count($kusers), 'Number of kusers found for id [' . $this->curId . ']');
$this->kuser = $kusers[0];
return true;
}
public function executeImpl($partner_id, $subp_id, $puser_id, $partner_prefix, $puser_kuser)
{
// make sure the secret fits the one in the partner's table
$partner_adminEmail = trim($this->getPM("partner_adminEmail"));
$cms_password = trim($this->getPM("cms_password"));
$detailed = trim($this->getP("detailed", "true", true));
if ($detailed === "0" || $detailed === "false") {
$detailed = false;
}
if (empty($partner_id)) {
$this->addError(APIErrors::MANDATORY_PARAMETER_MISSING, "partner_id");
return;
}
$login_data = UserLoginDataPeer::getByEmail($partner_adminEmail);
if (!$login_data) {
$this->addError(APIErrors::ADMIN_KUSER_NOT_FOUND);
return;
}
if (!$login_data->isPasswordValid($cms_password)) {
$this->addError(APIErrors::ADMIN_KUSER_NOT_FOUND);
return;
}
$c = new Criteria();
$c->add(kuserPeer::EMAIL, $partner_adminEmail);
$c->add(kuserPeer::PARTNER_ID, $partner_id);
$c->add(kuserPeer::LOGIN_DATA_ID, $login_data->getId());
$c->add(kuserPeer::IS_ADMIN, true);
$c->setLimit(20);
// just to limit the number of partners returned
$admin = kuserPeer::doSelectOne($c);
// be sure to return the same error if there are no admins in the list and when there are none matched -
// so no hint about existing admin will leak
if (count($admin) < 1) {
$this->addError(APIErrors::ADMIN_KUSER_NOT_FOUND);
return;
}
$partner = PartnerPeer::retrieveByPK($partner_id);
$partner_registration = new myPartnerRegistration();
$partner_registration->sendRegistrationInformationForPartner($partner, true, true);
$subpid = $partner_id * 100;
$level = $detailed ? objectWrapperBase::DETAIL_LEVEL_DETAILED : objectWrapperBase::DETAIL_LEVEL_REGULAR;
$wrapper = objectWrapperBase::getWrapperClass($partner, $level);
$this->addMsg("partner", $wrapper);
$this->addMsg("html_message", "");
$this->addMsg("subp_id", $partner->getSubp());
}
public function execute()
{
// Prevent the page fron being embeded in an iframe
header('X-Frame-Options: DENY');
$service_url = requestUtils::getHost();
$service_url = str_replace("http://", "", $service_url);
if (kConf::get('kmc_secured_login')) {
$service_url = 'https://' . $service_url;
if ((empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == 'off') && $_SERVER['SERVER_PORT'] != 443) {
header('Location:' . $service_url . '/' . $_SERVER['REQUEST_URI']);
die;
}
} else {
$service_url = 'http://' . $service_url;
header('Location:' . $service_url . '/' . $_SERVER['REQUEST_URI']);
die;
}
$this->service_url = $service_url;
$this->kmc_login_version = kConf::get('kmc_login_version');
$this->setPassHashKey = $this->getRequestParameter("setpasshashkey");
$this->hashKeyErrorCode = null;
$this->hashKeyLoginId = null;
if ($this->setPassHashKey) {
try {
if (!UserLoginDataPeer::isHashKeyValid($this->setPassHashKey)) {
$this->hashKeyErrorCode = kUserException::NEW_PASSWORD_HASH_KEY_INVALID;
} else {
$userLoginDataId = UserLoginDataPeer::getIdFromHashKey($this->setPassHashKey);
$userLoginData = UserLoginDataPeer::retrieveByPK($userLoginDataId);
if (!$userLoginData) {
$this->hashKeyLoginId = "";
}
$this->hashKeyLoginId = $userLoginData->getLoginEmail();
}
} catch (kCoreException $e) {
$this->hashKeyErrorCode = $e->getCode();
}
}
sfView::SUCCESS;
}
public function execute()
{
// Prevent the page fron being embeded in an iframe
header('X-Frame-Options: DENY');
$this->beta = $this->getRequestParameter("beta");
$this->kmc_login_version = kConf::get('kmc_login_version');
$this->setPassHashKey = $this->getRequestParameter("setpasshashkey");
$this->hashKeyErrorCode = null;
$this->displayErrorFromServer = false;
if ($this->setPassHashKey) {
try {
$loginData = UserLoginDataPeer::isHashKeyValid($this->setPassHashKey);
$partnerId = $loginData->getConfigPartnerId();
$partner = PartnerPeer::retrieveByPK($partnerId);
if ($partner && $partner->getPasswordStructureValidations()) {
$this->displayErrorFromServer = true;
}
} catch (kCoreException $e) {
$this->hashKeyErrorCode = $e->getCode();
}
}
sfView::SUCCESS;
}
/**
* @dataProvider providerTestMigration
*/
public function testMigration($kuserId)
{
$this->assertNull($this->kuser);
$this->kuser = kuserPeer::retrieveByPK($kuserId);
$this->assertNotNull($this->kuser);
$this->assertEquals($this->kuser->getFullName(), trim($this->kuser->getFirstName() . ' ' . $this->kuser->getLastName()));
if ($this->kuser->getSalt() && $this->kuser->getSha1Password() && in_array($this->kuser->getPartnerId(), $this->loginPartnerIds)) {
$this->assertTrue($this->kuser->getLoginDataId());
$loginData1 = UserLoginDataPeer::retrieveByPK($this->kuser->getLoginDataId());
$this->assertNotNull($loginData1);
$loginData2 = UserLoginDataPeer::getByEmail($this->kuser->getEmail());
$this->assertNotNull($loginData2);
$this->assertEquals($loginData1->getId(), $loginData2->getId());
$this->assertEquals($this->kuser->getSalt(), $loginData2->getSalt());
$this->assertEquals($this->kuser->getSha1Password(), $loginData2->getSha1Password());
$this->assertEquals($this->kuser->getEmail(), $loginData2->getLoginEmail());
$c = new Criteria();
$c->addAnd(UserLoginDataPeer::LOGIN_EMAIL, $this->kuser->getEmail());
$loginDatas = UserLoginDataPeer::doSelect($c);
$this->assertEquals(count($loginDatas), 1);
$this->assertEquals($loginDatas[0]->getId(), $loginData1->getId());
$allKusers = kuserPeer::getByLoginDataAndPartner($this->kuser->getLoginDataId(), $this->kuser->getPartnerId());
$this->assertEquals(count($allKusers), 1);
} else {
if ($this->kuser->getPartnerId() != $this->adminConsolePartnerId && substr($this->kuser->getPuserId(), 0, 9) != '__ADMIN__') {
$this->assertNull($this->kuser->getLoginDataId());
}
}
if ($this->kuser->getPartnerId() == $this->adminConsolePartnerId || substr($this->kuser->getPuserId(), 0, 9) == '__ADMIN__') {
$this->assertTrue($this->kuser->getIsAdmin());
} else {
$this->assertFalse($this->kuser->getIsAdmin());
}
if ($this->kuser->getIsAdmin()) {
$this->assertTrue($this->kuser->getIsAdmin());
}
}
public function executeImpl($partner_id, $subp_id, $puser_id, $partner_prefix, $puser_kuser)
{
defPartnerservices2baseAction::disableCache();
$partner = new Partner();
$obj_wrapper = objectWrapperBase::getWrapperClass($partner, 0);
$fields_modified = baseObjectUtils::fillObjectFromMap($this->getInputParams(), $partner, "partner_", $obj_wrapper->getUpdateableFields());
$c = new Criteria();
$c->addAnd(UserLoginDataPeer::LOGIN_EMAIL, $partner->getAdminEmail(), Criteria::EQUAL);
$c->setLimit(1);
$existingUser = UserLoginDataPeer::doCount($c) > 0;
// check that mandatory fields were set
// TODO
if (count($fields_modified) > 0) {
try {
$cms_password = $this->getP("cms_password");
$partner_registration = new myPartnerRegistration();
list($pid, $subpid, $pass, $hashKey) = $partner_registration->initNewPartner($partner->getName(), $partner->getAdminName(), $partner->getAdminEmail(), $partner->getCommercialUse(), "yes", $partner->getDescription(), $partner->getUrl1(), $cms_password, $partner);
$partner_from_db = PartnerPeer::retrieveByPK($pid);
$partner_registration->sendRegistrationInformationForPartner($partner_from_db, false, $existingUser);
} catch (SignupException $se) {
$this->addError(APIErrors::PARTNER_REGISTRATION_ERROR, $se->getMessage());
return;
} catch (Exception $ex) {
// this assumes the partner name is unique - TODO - remove key from DB !
$this->addError(APIErrors::SERVERL_ERROR, "Partner with name already exists");
$this->addError(APIErrors::SERVERL_ERROR, $ex->getMessage());
return;
}
$this->addMsg("partner", objectWrapperBase::getWrapperClass($partner_from_db, objectWrapperBase::DETAIL_LEVEL_DETAILED));
$this->addMsg("subp_id", $subpid);
$this->addMsg("cms_password", $pass);
$this->addDebug("added_fields", $fields_modified);
} else {
$this->addError(APIErrors::NO_FIELDS_SET_FOR_PARTNER);
}
}
private function updateLoginData($email, $password, $newEmail = "", $newPassword = "", $newFirstName = null, $newLastName = null)
{
if ($newEmail != "") {
if (!kString::isEmailString($newEmail)) {
throw new KalturaLoginDataException(APIErrors::INVALID_FIELD_VALUE, "newEmail");
}
}
try {
UserLoginDataPeer::updateLoginData($email, $password, $newEmail, $newPassword, $newFirstName, $newLastName);
} catch (kUserException $e) {
$code = $e->getCode();
if ($code == kUserException::LOGIN_DATA_NOT_FOUND) {
throw new KalturaLoginDataException(APIErrors::LOGIN_DATA_NOT_FOUND);
} else {
if ($code == kUserException::WRONG_PASSWORD) {
if ($password == $newPassword) {
throw new KalturaLoginDataException(APIErrors::USER_WRONG_PASSWORD);
} else {
throw new KalturaLoginDataException(APIErrors::WRONG_OLD_PASSWORD);
}
} else {
if ($code == kUserException::PASSWORD_STRUCTURE_INVALID) {
$c = new Criteria();
$c->add(UserLoginDataPeer::LOGIN_EMAIL, $email);
$loginData = UserLoginDataPeer::doSelectOne($c);
$invalidPasswordStructureMessage = $loginData->getInvalidPasswordStructureMessage();
$invalidPasswordStructureMessage = str_replace('\\n', "\n", $invalidPasswordStructureMessage);
throw new KalturaLoginDataException(APIErrors::PASSWORD_STRUCTURE_INVALID, $invalidPasswordStructureMessage);
} else {
if ($code == kUserException::PASSWORD_ALREADY_USED) {
throw new KalturaLoginDataException(APIErrors::PASSWORD_ALREADY_USED);
} else {
if ($code == kUserException::INVALID_EMAIL) {
throw new KalturaLoginDataException(APIErrors::INVALID_FIELD_VALUE, 'email');
} else {
if ($code == kUserException::LOGIN_ID_ALREADY_USED) {
throw new KalturaLoginDataException(APIErrors::LOGIN_ID_ALREADY_USED);
}
}
}
}
}
}
throw $e;
}
}
/**
* Retrieve multiple objects by pkey.
*
* @param array $pks List of primary keys
* @param PropelPDO $con the connection to use
* @throws PropelException Any exceptions caught during processing will be
* rethrown wrapped into a PropelException.
*/
public static function retrieveByPKs($pks, PropelPDO $con = null)
{
$objs = null;
if (empty($pks)) {
$objs = array();
} else {
$criteria = new Criteria(UserLoginDataPeer::DATABASE_NAME);
$criteria->add(UserLoginDataPeer::ID, $pks, Criteria::IN);
$objs = UserLoginDataPeer::doSelect($criteria, $con);
}
return $objs;
}
protected function validateApiAccessControlByEmail($email)
{
$loginData = UserLoginDataPeer::getByEmail($email);
if ($loginData) {
$this->validateApiAccessControl($loginData->getLastLoginPartnerId());
}
}
/**
* Enable user login
* @param string $loginId
* @param string $password
* @param bool $checkPasswordStructure
* @throws kUserException::USER_LOGIN_ALREADY_ENABLED
* @throws kUserException::INVALID_EMAIL
* @throws kUserException::INVALID_PARTNER
* @throws kUserException::ADMIN_LOGIN_USERS_QUOTA_EXCEEDED
* @throws kUserException::PASSWORD_STRUCTURE_INVALID
* @throws kUserException::LOGIN_ID_ALREADY_USED
*/
public function enableLogin($loginId, $password = null, $checkPasswordStructure = true, $sendEmail = null)
{
if (!$password) {
$password = UserLoginDataPeer::generateNewPassword();
if (is_null($sendEmail)) {
$sendEmail = true;
}
}
if ($this->getLoginDataId()) {
throw new kUserException('', kUserException::USER_LOGIN_ALREADY_ENABLED);
}
$loginDataExisted = null;
$loginData = UserLoginDataPeer::addLoginData($loginId, $password, $this->getPartnerId(), $this->getFirstName(), $this->getLastName(), $this->getIsAdmin(), $checkPasswordStructure, $loginDataExisted);
if (!$loginData) {
throw new kUserException('', kUserException::LOGIN_DATA_NOT_FOUND);
}
$this->setLoginDataId($loginData->getId());
if ($sendEmail) {
if ($loginDataExisted) {
kuserPeer::sendNewUserMail($this, true);
} else {
kuserPeer::sendNewUserMail($this, false);
}
kuserPeer::sendNewUserMailToAdmins($this);
}
return $this;
}
public function execute()
{
$ks = $this->getP("ks");
if (!$ks) {
$this->dieOnError(APIErrors::MISSING_KS);
}
$requestedPartnerId = $this->getP("partner_id");
$expired = $this->getP("exp");
$ksObj = kSessionUtils::crackKs($ks);
$ksPartnerId = $ksObj->partner_id;
if (!$requestedPartnerId) {
$requestedPartnerId = $ksPartnerId;
}
try {
$adminKuser = UserLoginDataPeer::userLoginByKs($ks, $requestedPartnerId, true);
} catch (kUserException $e) {
$code = $e->getCode();
if ($code == kUserException::USER_NOT_FOUND) {
$this->dieOnError(APIErrors::ADMIN_KUSER_NOT_FOUND);
}
if ($code == kUserException::LOGIN_DATA_NOT_FOUND) {
$this->dieOnError(APIErrors::ADMIN_KUSER_NOT_FOUND);
} else {
if ($code == kUserException::LOGIN_RETRIES_EXCEEDED) {
$this->dieOnError(APIErrors::LOGIN_RETRIES_EXCEEDED);
} else {
if ($code == kUserException::LOGIN_BLOCKED) {
$this->dieOnError(APIErrors::LOGIN_BLOCKED);
} else {
if ($code == kUserException::PASSWORD_EXPIRED) {
$this->dieOnError(APIErrors::PASSWORD_EXPIRED);
} else {
if ($code == kUserException::WRONG_PASSWORD) {
$this->dieOnError(APIErrors::ADMIN_KUSER_NOT_FOUND);
} else {
if ($code == kUserException::USER_IS_BLOCKED) {
$this->dieOnError(APIErrors::USER_IS_BLOCKED);
}
}
}
}
}
}
$this->dieOnError(APIErrors::INTERNAL_SERVERL_ERROR);
}
if (!$adminKuser || !$adminKuser->getIsAdmin()) {
$this->dieOnError(APIErrors::ADMIN_KUSER_NOT_FOUND);
}
if ($requestedPartnerId != $adminKuser->getPartnerId()) {
$this->dieOnError(APIErrors::UNKNOWN_PARTNER_ID);
}
$partner = PartnerPeer::retrieveByPK($adminKuser->getPartnerId());
if (!$partner) {
$this->dieOnError(APIErrors::UNKNOWN_PARTNER_ID);
}
if (!$partner->validateApiAccessControl()) {
$this->dieOnError(APIErrors::SERVICE_ACCESS_CONTROL_RESTRICTED);
}
$partner_id = $partner->getId();
$subp_id = $partner->getSubpId();
$admin_puser_id = $adminKuser->getPuserId();
$exp = isset($expired) && is_numeric($expired) ? time() + $expired : 0;
$noUserInKs = is_null($ksObj->user) || $ksObj->user === '';
if ($ksPartnerId != $partner_id || $partner->getKmcVersion() >= 4 && $noUserInKs) {
$ks = null;
$sessionType = $adminKuser->getIsAdmin() ? SessionType::ADMIN : SessionType::USER;
kSessionUtils::createKSessionNoValidations($partner_id, $admin_puser_id, $ks, 30 * 86400, $sessionType, "", "*," . kSessionBase::PRIVILEGE_DISABLE_ENTITLEMENT);
}
$path = "/";
$domain = null;
$force_ssl = PermissionPeer::isValidForPartner(PermissionName::FEATURE_KMC_ENFORCE_HTTPS, $partner_id);
$secure = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' && $force_ssl ? true : false;
$http_only = true;
$this->getResponse()->setCookie("pid", $partner_id, $exp, $path, $domain, $secure, $http_only);
$this->getResponse()->setCookie("subpid", $subp_id, $exp, $path, $domain, $secure, $http_only);
$this->getResponse()->setCookie("kmcks", $ks, $exp, $path, $domain, $secure, $http_only);
$redirect_url = $force_ssl ? 'https' : 'http';
$redirect_url .= '://' . $_SERVER["HTTP_HOST"] . '/index.php/kmc/kmc2';
$this->redirect($redirect_url);
}
/**
* Adds a new user login data record
* @param unknown_type $loginEmail
* @param unknown_type $password
* @param unknown_type $partnerId
* @param unknown_type $firstName
* @param unknown_type $lastName
* @param bool $checkPasswordStructure backward compatibility - some extensions are registering a partner and setting its first password without checking its structure
*
* @throws kUserException::INVALID_EMAIL
* @throws kUserException::INVALID_PARTNER
* @throws kUserException::PASSWORD_STRUCTURE_INVALID
* @throws kUserException::LOGIN_ID_ALREADY_USED
* @throws kUserException::ADMIN_LOGIN_USERS_QUOTA_EXCEEDED
*/
public static function addLoginData($loginEmail, $password, $partnerId, $firstName, $lastName, $isAdminUser, $checkPasswordStructure = true, &$alreadyExisted = null)
{
if (!kString::isEmailString($loginEmail)) {
throw new kUserException('', kUserException::INVALID_EMAIL);
}
$partner = partnerPeer::retrieveByPK($partnerId);
if (!$partner) {
throw new kUserException('', kUserException::INVALID_PARTNER);
}
if ($isAdminUser) {
$userQuota = $partner->getAdminLoginUsersQuota();
$adminLoginUsersNum = $partner->getAdminLoginUsersNumber();
// check if login users quota exceeded - value -1 means unlimited
if ($adminLoginUsersNum && (is_null($userQuota) || $userQuota != -1 && $userQuota <= $adminLoginUsersNum)) {
throw new kUserException('', kUserException::ADMIN_LOGIN_USERS_QUOTA_EXCEEDED);
}
}
$existingData = self::getByEmail($loginEmail);
if (!$existingData) {
if ($checkPasswordStructure && !UserLoginDataPeer::isPasswordStructureValid($password)) {
throw new kUserException('', kUserException::PASSWORD_STRUCTURE_INVALID);
}
// create a new login data record
$loginData = new UserLoginData();
$loginData->setConfigPartnerId($partnerId);
$loginData->setLoginEmail($loginEmail);
$loginData->setFirstName($firstName);
$loginData->setLastName($lastName);
$loginData->setPassword($password);
$loginData->setLoginAttempts(0);
$loginData->setLoginBlockedUntil(null);
$loginData->resetPreviousPasswords();
$loginData->save();
// now $loginData has an id and hash key can be generated
$hashKey = $loginData->newPassHashKey();
$loginData->setPasswordHashKey($hashKey);
$loginData->save();
$alreadyExisted = false;
return $loginData;
} else {
// add existing login data if password is valid
$existingKuser = kuserPeer::getByLoginDataAndPartner($existingData->getId(), $partnerId);
if ($existingKuser) {
// partner already has a user with the same login data
throw new kUserException('', kUserException::LOGIN_ID_ALREADY_USED);
}
KalturaLog::debug('Existing login data with the same email & password exists - returning id [' . $existingData->getId() . ']');
$alreadyExisted = true;
if ($isAdminUser && !$existingData->isLastLoginPartnerIdSet()) {
$existingData->setLastLoginPartnerId($partnerId);
$existingData->save();
}
return $existingData;
}
}
/**
* Retrieve partner secret and admin secret
*
* @action getSecrets
* @param int $partnerId
* @param string $adminEmail
* @param string $cmsPassword
* @return KalturaPartner
*
*
* @throws APIErrors::ADMIN_KUSER_NOT_FOUND
*/
public function getSecretsAction($partnerId, $adminEmail, $cmsPassword)
{
KalturaResponseCacher::disableCache();
$adminKuser = null;
try {
$adminKuser = UserLoginDataPeer::userLoginByEmail($adminEmail, $cmsPassword, $partnerId);
} catch (kUserException $e) {
throw new KalturaAPIException(APIErrors::ADMIN_KUSER_NOT_FOUND, "The data you entered is invalid");
}
if (!$adminKuser || !$adminKuser->getIsAdmin()) {
throw new KalturaAPIException(APIErrors::ADMIN_KUSER_NOT_FOUND, "The data you entered is invalid");
}
KalturaLog::log("Admin Kuser found, going to validate password", KalturaLog::INFO);
// user logged in - need to re-init kPermissionManager in order to determine current user's permissions
$ks = null;
kSessionUtils::createKSessionNoValidations($partnerId, $adminKuser->getPuserId(), $ks, 86400, $adminKuser->getIsAdmin(), "", '*');
kCurrentContext::initKsPartnerUser($ks);
kPermissionManager::init();
$dbPartner = PartnerPeer::retrieveByPK($partnerId);
$partner = new KalturaPartner();
$partner->fromPartner($dbPartner);
$partner->cmsPassword = $cmsPassword;
return $partner;
}
/**
* Populates the object using an array.
*
* This is particularly useful when populating an object from one of the
* request arrays (e.g. $_POST). This method goes through the column
* names, checking to see whether a matching key exists in populated
* array. If so the setByName() method is called for that column.
*
* You can specify the key type of the array by additionally passing one
* of the class type constants BasePeer::TYPE_PHPNAME, BasePeer::TYPE_STUDLYPHPNAME,
* BasePeer::TYPE_COLNAME, BasePeer::TYPE_FIELDNAME, BasePeer::TYPE_NUM.
* The default key type is the column's phpname (e.g. 'AuthorId')
*
* @param array $arr An array to populate the object from.
* @param string $keyType The type of keys the array uses.
* @return void
*/
public function fromArray($arr, $keyType = BasePeer::TYPE_PHPNAME)
{
$keys = UserLoginDataPeer::getFieldNames($keyType);
if (array_key_exists($keys[0], $arr)) {
$this->setId($arr[$keys[0]]);
}
if (array_key_exists($keys[1], $arr)) {
$this->setLoginEmail($arr[$keys[1]]);
}
if (array_key_exists($keys[2], $arr)) {
$this->setFirstName($arr[$keys[2]]);
}
if (array_key_exists($keys[3], $arr)) {
$this->setLastName($arr[$keys[3]]);
}
if (array_key_exists($keys[4], $arr)) {
$this->setSha1Password($arr[$keys[4]]);
}
if (array_key_exists($keys[5], $arr)) {
$this->setSalt($arr[$keys[5]]);
}
if (array_key_exists($keys[6], $arr)) {
$this->setConfigPartnerId($arr[$keys[6]]);
}
if (array_key_exists($keys[7], $arr)) {
$this->setLoginBlockedUntil($arr[$keys[7]]);
}
if (array_key_exists($keys[8], $arr)) {
$this->setCreatedAt($arr[$keys[8]]);
}
if (array_key_exists($keys[9], $arr)) {
$this->setUpdatedAt($arr[$keys[9]]);
}
if (array_key_exists($keys[10], $arr)) {
$this->setCustomData($arr[$keys[10]]);
}
}
/**
* Disallow user to login with an id/password.
* Passing either a loginId or a userId is allowed.
*
* @action disableLogin
*
* @param string $userId
* @param string $loginId
*
* @return KalturaUser
*
* @throws KalturaErrors::USER_LOGIN_ALREADY_DISABLED
* @throws KalturaErrors::PROPERTY_VALIDATION_CANNOT_BE_NULL
* @throws KalturaErrors::USER_NOT_FOUND
* @throws KalturaErrors::CANNOT_DISABLE_LOGIN_FOR_ADMIN_USER
*
*/
public function disableLoginAction($userId = null, $loginId = null)
{
if (!$loginId && !userId) {
throw new KalturaAPIException(KalturaErrors::PROPERTY_VALIDATION_CANNOT_BE_NULL, 'userId');
}
$user = null;
try {
if ($loginId) {
$loginData = UserLoginDataPeer::getByEmail($loginId);
if (!$loginData) {
throw new KalturaAPIException(KalturaErrors::USER_NOT_FOUND);
}
$user = kuserPeer::getByLoginDataAndPartner($loginData->getId(), $this->getPartnerId());
} else {
$user = kuserPeer::getKuserByPartnerAndUid($this->getPArtnerId(), $userId);
}
if (!$user) {
throw new KalturaAPIException(KalturaErrors::USER_NOT_FOUND);
}
$user->disableLogin();
} catch (Exception $e) {
$code = $e->getCode();
if ($code == kUserException::USER_LOGIN_ALREADY_DISABLED) {
throw new KalturaAPIException(KalturaErrors::USER_LOGIN_ALREADY_DISABLED);
}
if ($code == kUserException::CANNOT_DISABLE_LOGIN_FOR_ADMIN_USER) {
throw new KalturaAPIException(KalturaErrors::CANNOT_DISABLE_LOGIN_FOR_ADMIN_USER);
}
throw $e;
}
$apiUser = new KalturaUser();
$apiUser->fromObject($user);
return $apiUser;
}
public static function sendNewUserMail(kuser $user, $existingUser)
{
// setup parameters
$partnerId = $user->getPartnerId();
$userName = $user->getFullName();
if (!$userName) {
$userName = $user->getPuserId();
}
$creatorUserName = '******';
if (!is_null(kCurrentContext::$ks_uid)) {
$creatorUser = kuserPeer::getKuserByPartnerAndUid($partnerId, kCurrentContext::$ks_uid);
if ($creatorUser) {
$creatorUserName = $creatorUser->getFullName();
}
}
$publisherName = PartnerPeer::retrieveByPK($partnerId)->getName();
$loginEmail = $user->getEmail();
$roleName = $user->getUserRoleNames();
$puserId = $user->getPuserId();
if (!$existingUser) {
$resetPasswordLink = UserLoginDataPeer::getPassResetLink($user->getLoginData()->getPasswordHashKey());
}
$kmcLink = trim(kConf::get('apphome_url'), '/') . '/kmc';
$adminConsoleLink = trim(kConf::get('admin_console_url'));
$contactLink = kConf::get('contact_url');
$beginnersGuideLink = kConf::get('beginners_tutorial_url');
$quickStartGuideLink = kConf::get('quick_start_guide_url');
// setup mail
$mailType = null;
$bodyParams = array();
if ($partnerId == Partner::ADMIN_CONSOLE_PARTNER_ID) {
if ($existingUser) {
$mailType = self::KALTURA_NEW_EXISTING_USER_ADMIN_CONSOLE_EMAIL;
$bodyParams = array($userName, $creatorUserName, $loginEmail, $roleName);
} else {
$mailType = self::KALTURA_NEW_USER_ADMIN_CONSOLE_EMAIL;
$bodyParams = array($userName, $creatorUserName, $loginEmail, $resetPasswordLink, $roleName, $adminConsoleLink);
}
} else {
if ($existingUser) {
$mailType = self::KALTURA_NEW_EXISTING_USER_EMAIL;
$bodyParams = array($userName, $creatorUserName, $publisherName, $loginEmail, $partnerId, $publisherName, $publisherName, $roleName, $publisherName, $puserId, $kmcLink, $contactLink, $beginnersGuideLink, $quickStartGuideLink);
} else {
$mailType = self::KALTURA_NEW_USER_EMAIL;
$bodyParams = array($userName, $creatorUserName, $publisherName, $loginEmail, $resetPasswordLink, $partnerId, $publisherName, $publisherName, $roleName, $publisherName, $puserId, $kmcLink, $contactLink, $beginnersGuideLink, $quickStartGuideLink);
}
}
// add mail job
kJobsManager::addMailJob(null, 0, $partnerId, $mailType, kMailJobData::MAIL_PRIORITY_NORMAL, kConf::get("partner_registration_confirmation_email"), kConf::get("partner_registration_confirmation_name"), $loginEmail, $bodyParams);
}
/**
* Enable user login
* @param string $loginId
* @param string $password
* @param bool $checkPasswordStructure
* @throws kUserException::USER_LOGIN_ALREADY_ENABLED
* @throws kUserException::INVALID_EMAIL
* @throws kUserException::INVALID_PARTNER
* @throws kUserException::ADMIN_LOGIN_USERS_QUOTA_EXCEEDED
* @throws kUserException::PASSWORD_STRUCTURE_INVALID
* @throws kUserException::LOGIN_ID_ALREADY_USED
*/
public function enableLogin($loginId, $password = null, $checkPasswordStructure = true, $sendEmail = null)
{
if (!$password) {
$password = UserLoginDataPeer::generateNewPassword();
if (is_null($sendEmail)) {
$sendEmail = true;
}
}
if ($this->getLoginDataId()) {
throw new kUserException('', kUserException::USER_LOGIN_ALREADY_ENABLED);
}
$loginDataExisted = null;
$loginData = UserLoginDataPeer::addLoginData($loginId, $password, $this->getPartnerId(), $this->getFirstName(), $this->getLastName(), $this->getIsAdmin(), $checkPasswordStructure, $loginDataExisted);
if (!$loginData) {
throw new kUserException('', kUserException::LOGIN_DATA_NOT_FOUND);
}
$this->setLoginDataId($loginData->getId());
//Email notification on user creation is sent while using kuser email so make sure this field is set before enabling login
//if not than set the email to be the $loginId provided to this action (we now know this is a valid email since "addLoginData" verifies this)
if (!$this->getEmail()) {
$this->setEmail($loginId);
}
if ($sendEmail) {
if ($loginDataExisted) {
kuserPeer::sendNewUserMail($this, true);
} else {
kuserPeer::sendNewUserMail($this, false);
}
if (!PermissionPeer::isValidForPartner(PermissionName::FEATURE_DISABLE_NEW_USER_EMAIL, $this->getPartnerId())) {
kuserPeer::sendNewUserMailToAdmins($this);
}
}
return $this;
}
public function initNewPartner($partner_name, $contact, $email, $ID_is_for, $SDK_terms_agreement, $description, $website_url, $password = null, $partner = null, $ignorePassword = false)
{
// Validate input fields
if ($partner_name == "") {
throw new SignupException("Please fill in the Partner's name", SignupException::INVALID_FIELD_VALUE);
}
if ($contact == "") {
throw new SignupException('Please fill in Administrator\'s details', SignupException::INVALID_FIELD_VALUE);
}
if ($email == "") {
throw new SignupException('Please fill in Administrator\'s Email Address', SignupException::INVALID_FIELD_VALUE);
}
if (!kString::isEmailString($email)) {
throw new SignupException('Invalid email address', SignupException::INVALID_FIELD_VALUE);
}
if ($description == "") {
throw new SignupException('Please fill in description', SignupException::INVALID_FIELD_VALUE);
}
if ($ID_is_for !== CommercialUseType::COMMERCIAL_USE && $ID_is_for !== CommercialUseType::NON_COMMERCIAL_USE && $ID_is_for !== "commercial_use" && $ID_is_for !== "non-commercial_use") {
//string values left for backward compatibility
throw new SignupException('Invalid field value.\\nSorry.', SignupException::UNKNOWN_ERROR);
}
if ($SDK_terms_agreement != "yes") {
throw new SignupException('You haven`t approved Terms & Conds.', SignupException::INVALID_FIELD_VALUE);
}
$existingLoginData = UserLoginDataPeer::getByEmail($email);
if ($existingLoginData && !$ignorePassword) {
// if a another user already existing with the same adminEmail, new account will be created only if the right password was given
if (!$password) {
throw new SignupException("User with email [{$email}] already exists in system.", SignupException::EMAIL_ALREADY_EXISTS);
} else {
if ($existingLoginData->isPasswordValid($password)) {
KalturaLog::log('Login id [' . $email . '] already used, and given password is valid. Creating new partner with this same login id');
} else {
throw new SignupException("Invalid password for user with email [{$email}].", SignupException::EMAIL_ALREADY_EXISTS);
}
}
}
// TODO: log request
$newPartner = NULL;
$newSubPartner = NULL;
try {
// create the new partner
$newPartner = $this->createNewPartner($partner_name, $contact, $email, $ID_is_for, $SDK_terms_agreement, $description, $website_url, $password, $partner);
// create the sub partner
// TODO: when ready, add here the saving of this value, currently it will be only
// a random value, being passed to the user, and never saved
$newSubPartnerId = $this->createNewSubPartner($newPartner);
// create a new admin_kuser for the user,
// so he will be able to login to the system (including permissions)
list($newAdminKuserPassword, $newPassHashKey, $kuserId) = $this->createNewAdminKuser($newPartner, $password);
$newPartner->setAccountOwnerKuserId($kuserId);
$newPartner->save();
$this->setAllTemplateEntriesToAdminKuser($newPartner->getId(), $kuserId);
return array($newPartner->getId(), $newSubPartnerId, $newAdminKuserPassword, $newPassHashKey);
} catch (Exception $e) {
//TODO: revert all changes, depending where and why we failed
throw $e;
}
}
/**
*
* @action resetUserPassword
* @param string $userId
* @param int $partnerId
* @param string $newPassword
* @throws KalturaAPIException
*/
public function resetUserPasswordAction($userId, $partnerId, $newPassword)
{
if ($partnerId == Partner::ADMIN_CONSOLE_PARTNER_ID || $partnerId == Partner::BATCH_PARTNER_ID) {
throw new KalturaAPIException(KalturaErrors::CANNOT_RESET_PASSWORD_FOR_SYSTEM_PARTNER);
}
//get loginData using userId and PartnerId
$kuser = kuserPeer::getKuserByPartnerAndUid($partnerId, $userId);
if (!$kuser) {
throw new KalturaAPIException(KalturaErrors::USER_NOT_FOUND);
}
$userLoginDataId = $kuser->getLoginDataId();
$userLoginData = UserLoginDataPeer::retrieveByPK($userLoginDataId);
// check if login data exists
if (!$userLoginData) {
throw new KalturaAPIException(KalturaErrors::LOGIN_DATA_NOT_FOUND);
}
try {
UserLoginDataPeer::checkPasswordValidation($newPassword, $userLoginData);
} catch (kUserException $e) {
$code = $e->getCode();
if ($code == kUserException::PASSWORD_STRUCTURE_INVALID) {
$passwordRules = $userLoginData->getInvalidPasswordStructureMessage();
$passwordRules = str_replace("\\n", "<br>", $passwordRules);
$passwordRules = "<br>" . $passwordRules;
// Add a newline prefix
throw new KalturaAPIException(KalturaErrors::PASSWORD_STRUCTURE_INVALID, $passwordRules);
} else {
if ($code == kUserException::PASSWORD_ALREADY_USED) {
throw new KalturaAPIException(KalturaErrors::PASSWORD_ALREADY_USED);
}
}
throw new KalturaAPIException(KalturaErrors::INTERNAL_SERVERL_ERROR);
}
// update password if requested
if ($newPassword) {
$password = $userLoginData->resetPassword($newPassword);
}
$userLoginData->save();
}
/**
* Tests UserService->updateLoginDataAction()
*/
public function testUpdateLoginDataAction()
{
// test that cannot update to existing data
$this->startSession(KalturaSessionType::ADMIN, null);
$this->startSession2(KalturaSessionType::ADMIN, null);
$newUser1 = $this->createUser(true, false, __FUNCTION__);
$newUser2 = $this->createUser(true, true, __FUNCTION__);
$addedUser1 = $this->addUser($newUser1);
$addedUser2 = $this->addUser($newUser2);
$exceptionThrown = false;
try {
$this->client->user->updateLoginData($newUser2->email, $newUser2->password, $newUser1->email, UserLoginDataPeer::generateNewPassword());
} catch (Exception $e) {
$exceptionThrown = $e;
}
$this->checkException($exceptionThrown, 'LOGIN_ID_ALREADY_USED');
// update and try to login with the new data
$newUser3 = $this->createUser(true, false);
$updatedUser = $this->client->user->updateLoginData($newUser2->email, $newUser2->password, $newUser3->email, $newUser3->password);
$newClient = $this->getClient(null);
$ks = $newClient->user->loginByLoginId($newUser3->email, $newUser3->password);
$this->assertNotNull($ks);
$ks = kSessionUtils::crackKs($ks);
$this->assertNotNull($ks);
$this->assertEquals($addedUser2->partnerId, $ks->partner_id);
// test that updaing login data, updates the email on all kusers using it.
$newUser4 = $this->createUser(true, true);
$this->addUser($newUser4);
$this->addUser2($newUser4);
$newEmail = '*****@*****.**';
$this->client->user->updateLogindata($newUser4->email, $newUser4->password, $newEmail);
$getUser1 = $this->client->user->get($newUser4->id);
$getUser2 = $this->client2->user->get($newUser4->id);
$this->assertEquals($newEmail, $getUser1->email);
$this->assertEquals($newEmail, $getUser2->email);
}
public function isPassHashKeyValid($hashKey)
{
// check if same as user's saved hash key
if (base64_decode($hashKey) != base64_decode($this->getPasswordHashKey())) {
throw new kUserException('', kUserException::NEW_PASSWORD_HASH_KEY_INVALID);
}
// decode
$params = UserLoginDataPeer::decodePassHashKey($hashKey);
if (!$params) {
throw new kUserException('', kUserException::NEW_PASSWORD_HASH_KEY_INVALID);
}
// check if user_login_data id is right
if ($params[0] != $this->getId()) {
throw new kUserException('', kUserException::NEW_PASSWORD_HASH_KEY_INVALID);
}
// check if not expired
if ($params[1] < time()) {
throw new kUserException('', kUserException::NEW_PASSWORD_HASH_KEY_EXPIRED);
}
return true;
}
if ($user->getPartnerId() == PartnerPeer::GLOBAL_PARTNER) {
KalturaLog::log('Skipping partner 0');
continue;
}
$new_kuser = new kuser();
$new_login_data = new UserLoginData();
$partner = PartnerPeer::retrieveByPK($user->getPartnerId());
if (!$partner) {
KalturaLog::alert('!!! ERROR - Partner ID [' . $user->getPartnerId() . '] not found on DB but set for admin user id [' . $lastUser . '] !!!');
echo '!!! ERROR - Partner ID [' . $user->getPartnerId() . '] not found on DB but set for admin user id [' . $lastUser . '] !!!';
continue;
}
list($firstName, $lastName) = kString::nameSplit($user->getFullName());
$c = new Criteria();
$c->addAnd(UserLoginDataPeer::LOGIN_EMAIL, $user->getEmail());
$existing_login_data = UserLoginDataPeer::doSelectOne($c);
if ($existing_login_data) {
if ($user->getPartnerId() === $existing_login_data->getConfigPartnerId()) {
$checkKuser = kuserPeer::getByLoginDataAndPartner($existing_login_data->getId(), $user->getPartnerId());
if ($checkKuser && $checkKuser->getIsAdmin()) {
KalturaLog::notice('!!! NOTICE - Existing ADMIN login data found with id [' . $existing_login_data->getId() . '] partner [' . $existing_login_data->getConfigPartnerId() . '] - skipping user id [' . $lastUser . '] of partner [' . $user->getPartnerId() . '] since this was probably caused by a bug');
echo '!!! NOTICE - Existing ADMIN login data found with id [' . $existing_login_data->getId() . '] partner [' . $existing_login_data->getConfigPartnerId() . '] - skipping user id [' . $lastUser . '] of partner [' . $user->getPartnerId() . '] since this was probably caused by a bug';
continue;
}
}
KalturaLog::alert('!!! ERROR - Existing login data found with id [' . $existing_login_data->getId() . '] partner [' . $existing_login_data->getConfigPartnerId() . '] - skipping user id [' . $lastUser . '] of partner [' . $user->getPartnerId() . '] !!!!');
echo '!!! ERROR - Existing login data found with id [' . $existing_login_data->getId() . '] partner [' . $existing_login_data->getConfigPartnerId() . '] - skipping user id [' . $lastUser . '] of partner [' . $user->getPartnerId() . '] !!!!';
continue;
}
$new_login_data->setConfigPartnerId($user->getPartnerId());
$new_login_data->setLoginEmail($user->getEmail());
public function executeImpl($partner_id, $subp_id, $puser_id, $partner_prefix, $puser_kuser)
{
defPartnerservices2baseAction::disableCache();
kuserPeer::setUseCriteriaFilter(false);
$email = trim($this->getPM("email"));
$password = trim($this->getPM("password"));
$loginData = UserLoginDataPeer::getByEmail($email);
// be sure to return the same error if there are no admins in the list and when there are none matched -
// so no hint about existing admin will leak
if (!$loginData) {
$this->addError(APIErrors::ADMIN_KUSER_NOT_FOUND);
return;
}
try {
$adminKuser = UserLoginDataPeer::userLoginByEmail($email, $password, $partner_id);
} catch (kUserException $e) {
$code = $e->getCode();
if ($code == kUserException::USER_NOT_FOUND) {
$this->addError(APIErrors::ADMIN_KUSER_NOT_FOUND);
return null;
}
if ($code == kUserException::LOGIN_DATA_NOT_FOUND) {
$this->addError(APIErrors::ADMIN_KUSER_NOT_FOUND);
return null;
} else {
if ($code == kUserException::LOGIN_RETRIES_EXCEEDED) {
$this->addError(APIErrors::LOGIN_RETRIES_EXCEEDED);
return null;
} else {
if ($code == kUserException::LOGIN_BLOCKED) {
$this->addError(APIErrors::LOGIN_BLOCKED);
return null;
} else {
if ($code == kUserException::PASSWORD_EXPIRED) {
$this->addError(APIErrors::PASSWORD_EXPIRED);
return null;
} else {
if ($code == kUserException::WRONG_PASSWORD) {
$this->addError(APIErrors::USER_WRONG_PASSWORD);
return null;
} else {
if ($code == kUserException::USER_IS_BLOCKED) {
$this->addError(APIErrors::USER_IS_BLOCKED);
return null;
} else {
$this->addError(APIErrors::INTERNAL_SERVERL_ERROR);
return null;
}
}
}
}
}
}
}
if (!$adminKuser || !$adminKuser->getIsAdmin()) {
$this->addError(APIErrors::ADMIN_KUSER_NOT_FOUND);
return null;
}
if ($partner_id && $partner_id != $adminKuser->getPartnerId()) {
$this->addError(APIErrors::UNKNOWN_PARTNER_ID);
return;
}
$partner = PartnerPeer::retrieveByPK($adminKuser->getPartnerId());
if (!$partner) {
$this->addError(APIErrors::UNKNOWN_PARTNER_ID);
return;
}
$partner_id = $partner->getId();
$subp_id = $partner->getSubpId();
$admin_puser_id = $adminKuser->getPuserId();
// get the puser_kuser for this admin if exists, if not - creae it and return it - create a kuser too
$puser_kuser = PuserKuserPeer::createPuserKuser($partner_id, $subp_id, $admin_puser_id, $adminKuser->getScreenName(), $adminKuser->getScreenName(), true);
$uid = $puser_kuser->getPuserId();
$ks = null;
// create a ks for this admin_kuser as if entered the admin_secret using the API
// ALLOW A KS FOR 30 DAYS
kSessionUtils::createKSessionNoValidations($partner_id, $uid, $ks, 30 * 86400, 2, "", "*");
$this->addMsg("partner_id", $partner_id);
$this->addMsg("subp_id", $subp_id);
$this->addMsg("uid", $uid);
$this->addMsg("ks", $ks);
$this->addMsg("screenName", $adminKuser->getFullName());
$this->addMsg("fullName", $adminKuser->getFullName());
$this->addMsg("email", $adminKuser->getEmail());
}
/**
* Tests UserLoginData->passwordUsedBefore() && UserLoginData->addToPreviousPasswords()
*/
public function testPasswordUsedBeforeAddToPreviousPasswords()
{
$this->assertNull($this->UserLoginData->getPreviousPasswords());
$this->dummyPartner->setNumPrevPassToKeep(3);
$this->dummyPartner->save();
$pass2 = UserLoginDataPeer::generateNewPassword();
$pass3 = UserLoginDataPeer::generateNewPassword();
$this->assertFalse($this->UserLoginData->passwordUsedBefore($pass2));
$this->assertFalse($this->UserLoginData->passwordUsedBefore($pass3));
$pass1 = $this->UserLoginData->resetPassword();
$this->UserLoginData->resetPassword($pass1, $pass1);
$this->UserLoginData->resetPassword($pass2, $pass1);
$this->UserLoginData->resetPassword($pass3, $pass2);
$this->assertTrue($this->UserLoginData->passwordUsedBefore($pass1));
$this->assertTrue($this->UserLoginData->passwordUsedBefore($pass2));
$this->assertTrue($this->UserLoginData->passwordUsedBefore($pass3));
$pass4 = uniqid();
$this->UserLoginData->resetPassword($pass4, $pass3);
$this->assertFalse($this->UserLoginData->passwordUsedBefore($pass1));
$this->assertTrue($this->UserLoginData->passwordUsedBefore($pass2));
$this->assertTrue($this->UserLoginData->passwordUsedBefore($pass3));
$this->assertTrue($this->UserLoginData->passwordUsedBefore($pass4));
$pass5 = uniqid();
$this->UserLoginData->resetPassword($pass5, $pass4);
$this->assertFalse($this->UserLoginData->passwordUsedBefore($pass1));
$this->assertFalse($this->UserLoginData->passwordUsedBefore($pass2));
$this->assertTrue($this->UserLoginData->passwordUsedBefore($pass3));
$this->assertTrue($this->UserLoginData->passwordUsedBefore($pass4));
$this->assertTrue($this->UserLoginData->passwordUsedBefore($pass5));
$this->dummyPartner->setNumPrevPassToKeep(2);
$this->dummyPartner->save();
$this->assertFalse($this->UserLoginData->passwordUsedBefore($pass1));
$this->assertFalse($this->UserLoginData->passwordUsedBefore($pass2));
$this->assertFalse($this->UserLoginData->passwordUsedBefore($pass3));
$this->assertTrue($this->UserLoginData->passwordUsedBefore($pass4));
$this->assertTrue($this->UserLoginData->passwordUsedBefore($pass5));
$this->dummyPartner->setNumPrevPassToKeep(0);
$this->dummyPartner->save();
$this->assertFalse($this->UserLoginData->passwordUsedBefore($pass1));
$this->assertFalse($this->UserLoginData->passwordUsedBefore($pass2));
$this->assertFalse($this->UserLoginData->passwordUsedBefore($pass3));
$this->assertFalse($this->UserLoginData->passwordUsedBefore($pass4));
$this->assertFalse($this->UserLoginData->passwordUsedBefore($pass5));
$pass6 = uniqid();
$this->UserLoginData->resetPassword($pass6, $pass5);
$this->assertFalse($this->UserLoginData->passwordUsedBefore($pass1));
$this->assertFalse($this->UserLoginData->passwordUsedBefore($pass2));
$this->assertFalse($this->UserLoginData->passwordUsedBefore($pass3));
$this->assertFalse($this->UserLoginData->passwordUsedBefore($pass4));
$this->assertFalse($this->UserLoginData->passwordUsedBefore($pass5));
$this->assertFalse($this->UserLoginData->passwordUsedBefore($pass6));
}
