public function executeImpl($partner_id, $subp_id, $puser_id, $partner_prefix, $puser_kuser)
{
// make sure the secret fits the one in the partner's table
$partner_adminEmail = trim($this->getPM("partner_adminEmail"));
$cms_password = trim($this->getPM("cms_password"));
$detailed = trim($this->getP("detailed", "true", true));
if ($detailed === "0" || $detailed === "false") {
$detailed = false;
}
if (empty($partner_id)) {
$this->addError(APIErrors::MANDATORY_PARAMETER_MISSING, "partner_id");
return;
}
$login_data = UserLoginDataPeer::getByEmail($partner_adminEmail);
if (!$login_data) {
$this->addError(APIErrors::ADMIN_KUSER_NOT_FOUND);
return;
}
if (!$login_data->isPasswordValid($cms_password)) {
$this->addError(APIErrors::ADMIN_KUSER_NOT_FOUND);
return;
}
$c = new Criteria();
$c->add(kuserPeer::EMAIL, $partner_adminEmail);
$c->add(kuserPeer::PARTNER_ID, $partner_id);
$c->add(kuserPeer::LOGIN_DATA_ID, $login_data->getId());
$c->add(kuserPeer::IS_ADMIN, true);
$c->setLimit(20);
// just to limit the number of partners returned
$admin = kuserPeer::doSelectOne($c);
// be sure to return the same error if there are no admins in the list and when there are none matched -
// so no hint about existing admin will leak
if (count($admin) < 1) {
$this->addError(APIErrors::ADMIN_KUSER_NOT_FOUND);
return;
}
$partner = PartnerPeer::retrieveByPK($partner_id);
$partner_registration = new myPartnerRegistration();
$partner_registration->sendRegistrationInformationForPartner($partner, true, true);
$subpid = $partner_id * 100;
$level = $detailed ? objectWrapperBase::DETAIL_LEVEL_DETAILED : objectWrapperBase::DETAIL_LEVEL_REGULAR;
$wrapper = objectWrapperBase::getWrapperClass($partner, $level);
$this->addMsg("partner", $wrapper);
$this->addMsg("html_message", "");
$this->addMsg("subp_id", $partner->getSubp());
}
/**
* @dataProvider providerTestMigration
*/
public function testMigration($kuserId)
{
$this->assertNull($this->kuser);
$this->kuser = kuserPeer::retrieveByPK($kuserId);
$this->assertNotNull($this->kuser);
$this->assertEquals($this->kuser->getFullName(), trim($this->kuser->getFirstName() . ' ' . $this->kuser->getLastName()));
if ($this->kuser->getSalt() && $this->kuser->getSha1Password() && in_array($this->kuser->getPartnerId(), $this->loginPartnerIds)) {
$this->assertTrue($this->kuser->getLoginDataId());
$loginData1 = UserLoginDataPeer::retrieveByPK($this->kuser->getLoginDataId());
$this->assertNotNull($loginData1);
$loginData2 = UserLoginDataPeer::getByEmail($this->kuser->getEmail());
$this->assertNotNull($loginData2);
$this->assertEquals($loginData1->getId(), $loginData2->getId());
$this->assertEquals($this->kuser->getSalt(), $loginData2->getSalt());
$this->assertEquals($this->kuser->getSha1Password(), $loginData2->getSha1Password());
$this->assertEquals($this->kuser->getEmail(), $loginData2->getLoginEmail());
$c = new Criteria();
$c->addAnd(UserLoginDataPeer::LOGIN_EMAIL, $this->kuser->getEmail());
$loginDatas = UserLoginDataPeer::doSelect($c);
$this->assertEquals(count($loginDatas), 1);
$this->assertEquals($loginDatas[0]->getId(), $loginData1->getId());
$allKusers = kuserPeer::getByLoginDataAndPartner($this->kuser->getLoginDataId(), $this->kuser->getPartnerId());
$this->assertEquals(count($allKusers), 1);
} else {
if ($this->kuser->getPartnerId() != $this->adminConsolePartnerId && substr($this->kuser->getPuserId(), 0, 9) != '__ADMIN__') {
$this->assertNull($this->kuser->getLoginDataId());
}
}
if ($this->kuser->getPartnerId() == $this->adminConsolePartnerId || substr($this->kuser->getPuserId(), 0, 9) == '__ADMIN__') {
$this->assertTrue($this->kuser->getIsAdmin());
} else {
$this->assertFalse($this->kuser->getIsAdmin());
}
if ($this->kuser->getIsAdmin()) {
$this->assertTrue($this->kuser->getIsAdmin());
}
}
public static function updateLoginData($oldLoginEmail, $oldPassword, $newLoginEmail = null, $newPassword = null, $newFirstName = null, $newLastName = null)
{
// if email is null, no need to do any DB queries
if (!$oldLoginEmail) {
throw new kUserException('', kUserException::LOGIN_DATA_NOT_FOUND);
}
$c = new Criteria();
$c->add(UserLoginDataPeer::LOGIN_EMAIL, $oldLoginEmail);
$loginData = UserLoginDataPeer::doSelectOne($c);
// check if login data exists
if (!$loginData) {
throw new kUserException('', kUserException::LOGIN_DATA_NOT_FOUND);
}
// if this is an update request (and not just password reset), check that old password is valid
if (($newPassword || $newLoginEmail || $newFirstName || $newLastName) && (!$oldPassword || !$loginData->isPasswordValid($oldPassword))) {
throw new kUserException('', kUserException::WRONG_PASSWORD);
}
// no need to query the DB if login email is the same
if ($newLoginEmail === $oldLoginEmail) {
$newLoginEmail = null;
}
// check if the email string is a valid email
if ($newLoginEmail && !kString::isEmailString($newLoginEmail)) {
throw new kUserException('', kUserException::INVALID_EMAIL);
}
// check if a user with the new email already exists
if ($newLoginEmail && UserLoginDataPeer::getByEmail($newLoginEmail)) {
throw new kUserException('', kUserException::LOGIN_ID_ALREADY_USED);
}
// check that new password structure is valid
if ($newPassword && !UserLoginDataPeer::isPasswordStructureValid($newPassword) || stripos($newPassword, $loginData->getFirstName()) !== false || stripos($newPassword, $loginData->getLastName()) !== false || stripos($newPassword, $loginData->getFullName()) !== false) {
throw new kUserException('', kUserException::PASSWORD_STRUCTURE_INVALID);
}
// check that password hasn't been used before by this user
if ($newPassword && $loginData->passwordUsedBefore($newPassword)) {
throw new kUserException('', kUserException::PASSWORD_ALREADY_USED);
}
// update password if requested
if ($newPassword && $newPassword != $oldPassword) {
$password = $loginData->resetPassword($newPassword, $oldPassword);
}
// update email if requested
if ($newLoginEmail || $newFirstName || $newLastName) {
if ($newLoginEmail) {
$loginData->setLoginEmail($newLoginEmail);
}
// update login email
if ($newFirstName) {
$loginData->setFirstName($newFirstName);
}
// update first name
if ($newLastName) {
$loginData->setLastName($newLastName);
}
// update last name
// update all kusers using this login data, in all partners
$c = new Criteria();
$c->addAnd(kuserPeer::LOGIN_DATA_ID, $loginData->getId(), Criteria::EQUAL);
$c->addAnd(kuserPeer::STATUS, KuserStatus::DELETED, Criteria::NOT_EQUAL);
kuserPeer::setUseCriteriaFilter(false);
$kusers = kuserPeer::doSelect($c);
kuserPeer::setUseCriteriaFilter(true);
foreach ($kusers as $kuser) {
if ($newLoginEmail) {
$kuser->setEmail($newLoginEmail);
}
// update login email
if ($newFirstName) {
$kuser->setFirstName($newFirstName);
}
// update first name
if ($newLastName) {
$kuser->setLastName($newLastName);
}
// update last name
$kuser->save();
}
}
$loginData->save();
return $loginData;
}
/**
* Disallow user to login with an id/password.
* Passing either a loginId or a userId is allowed.
*
* @action disableLogin
*
* @param string $userId
* @param string $loginId
*
* @return KalturaUser
*
* @throws KalturaErrors::USER_LOGIN_ALREADY_DISABLED
* @throws KalturaErrors::PROPERTY_VALIDATION_CANNOT_BE_NULL
* @throws KalturaErrors::USER_NOT_FOUND
* @throws KalturaErrors::CANNOT_DISABLE_LOGIN_FOR_ADMIN_USER
*
*/
public function disableLoginAction($userId = null, $loginId = null)
{
if (!$loginId && !userId) {
throw new KalturaAPIException(KalturaErrors::PROPERTY_VALIDATION_CANNOT_BE_NULL, 'userId');
}
$user = null;
try {
if ($loginId) {
$loginData = UserLoginDataPeer::getByEmail($loginId);
if (!$loginData) {
throw new KalturaAPIException(KalturaErrors::USER_NOT_FOUND);
}
$user = kuserPeer::getByLoginDataAndPartner($loginData->getId(), $this->getPartnerId());
} else {
$user = kuserPeer::getKuserByPartnerAndUid($this->getPArtnerId(), $userId);
}
if (!$user) {
throw new KalturaAPIException(KalturaErrors::USER_NOT_FOUND);
}
$user->disableLogin();
} catch (Exception $e) {
$code = $e->getCode();
if ($code == kUserException::USER_LOGIN_ALREADY_DISABLED) {
throw new KalturaAPIException(KalturaErrors::USER_LOGIN_ALREADY_DISABLED);
}
if ($code == kUserException::CANNOT_DISABLE_LOGIN_FOR_ADMIN_USER) {
throw new KalturaAPIException(KalturaErrors::CANNOT_DISABLE_LOGIN_FOR_ADMIN_USER);
}
throw $e;
}
$apiUser = new KalturaUser();
$apiUser->fromObject($user);
return $apiUser;
}
protected function validateApiAccessControlByEmail($email)
{
$loginData = UserLoginDataPeer::getByEmail($email);
if ($loginData) {
$this->validateApiAccessControl($loginData->getLastLoginPartnerId());
}
}
public function initNewPartner($partner_name, $contact, $email, $ID_is_for, $SDK_terms_agreement, $description, $website_url, $password = null, $partner = null, $ignorePassword = false)
{
// Validate input fields
if ($partner_name == "") {
throw new SignupException("Please fill in the Partner's name", SignupException::INVALID_FIELD_VALUE);
}
if ($contact == "") {
throw new SignupException('Please fill in Administrator\'s details', SignupException::INVALID_FIELD_VALUE);
}
if ($email == "") {
throw new SignupException('Please fill in Administrator\'s Email Address', SignupException::INVALID_FIELD_VALUE);
}
if (!kString::isEmailString($email)) {
throw new SignupException('Invalid email address', SignupException::INVALID_FIELD_VALUE);
}
if ($description == "") {
throw new SignupException('Please fill in description', SignupException::INVALID_FIELD_VALUE);
}
if ($ID_is_for !== CommercialUseType::COMMERCIAL_USE && $ID_is_for !== CommercialUseType::NON_COMMERCIAL_USE && $ID_is_for !== "commercial_use" && $ID_is_for !== "non-commercial_use") {
//string values left for backward compatibility
throw new SignupException('Invalid field value.\\nSorry.', SignupException::UNKNOWN_ERROR);
}
if ($SDK_terms_agreement != "yes") {
throw new SignupException('You haven`t approved Terms & Conds.', SignupException::INVALID_FIELD_VALUE);
}
$existingLoginData = UserLoginDataPeer::getByEmail($email);
if ($existingLoginData && !$ignorePassword) {
// if a another user already existing with the same adminEmail, new account will be created only if the right password was given
if (!$password) {
throw new SignupException("User with email [{$email}] already exists in system.", SignupException::EMAIL_ALREADY_EXISTS);
} else {
if ($existingLoginData->isPasswordValid($password)) {
KalturaLog::log('Login id [' . $email . '] already used, and given password is valid. Creating new partner with this same login id');
} else {
throw new SignupException("Invalid password for user with email [{$email}].", SignupException::EMAIL_ALREADY_EXISTS);
}
}
}
// TODO: log request
$newPartner = NULL;
$newSubPartner = NULL;
try {
// create the new partner
$newPartner = $this->createNewPartner($partner_name, $contact, $email, $ID_is_for, $SDK_terms_agreement, $description, $website_url, $password, $partner);
// create the sub partner
// TODO: when ready, add here the saving of this value, currently it will be only
// a random value, being passed to the user, and never saved
$newSubPartnerId = $this->createNewSubPartner($newPartner);
// create a new admin_kuser for the user,
// so he will be able to login to the system (including permissions)
list($newAdminKuserPassword, $newPassHashKey, $kuserId) = $this->createNewAdminKuser($newPartner, $password);
$newPartner->setAccountOwnerKuserId($kuserId);
$newPartner->save();
$this->setAllTemplateEntriesToAdminKuser($newPartner->getId(), $kuserId);
return array($newPartner->getId(), $newSubPartnerId, $newAdminKuserPassword, $newPassHashKey);
} catch (Exception $e) {
//TODO: revert all changes, depending where and why we failed
throw $e;
}
}
public function executeImpl($partner_id, $subp_id, $puser_id, $partner_prefix, $puser_kuser)
{
defPartnerservices2baseAction::disableCache();
kuserPeer::setUseCriteriaFilter(false);
$email = trim($this->getPM("email"));
$password = trim($this->getPM("password"));
$loginData = UserLoginDataPeer::getByEmail($email);
// be sure to return the same error if there are no admins in the list and when there are none matched -
// so no hint about existing admin will leak
if (!$loginData) {
$this->addError(APIErrors::ADMIN_KUSER_NOT_FOUND);
return;
}
try {
$adminKuser = UserLoginDataPeer::userLoginByEmail($email, $password, $partner_id);
} catch (kUserException $e) {
$code = $e->getCode();
if ($code == kUserException::USER_NOT_FOUND) {
$this->addError(APIErrors::ADMIN_KUSER_NOT_FOUND);
return null;
}
if ($code == kUserException::LOGIN_DATA_NOT_FOUND) {
$this->addError(APIErrors::ADMIN_KUSER_NOT_FOUND);
return null;
} else {
if ($code == kUserException::LOGIN_RETRIES_EXCEEDED) {
$this->addError(APIErrors::LOGIN_RETRIES_EXCEEDED);
return null;
} else {
if ($code == kUserException::LOGIN_BLOCKED) {
$this->addError(APIErrors::LOGIN_BLOCKED);
return null;
} else {
if ($code == kUserException::PASSWORD_EXPIRED) {
$this->addError(APIErrors::PASSWORD_EXPIRED);
return null;
} else {
if ($code == kUserException::WRONG_PASSWORD) {
$this->addError(APIErrors::USER_WRONG_PASSWORD);
return null;
} else {
if ($code == kUserException::USER_IS_BLOCKED) {
$this->addError(APIErrors::USER_IS_BLOCKED);
return null;
} else {
$this->addError(APIErrors::INTERNAL_SERVERL_ERROR);
return null;
}
}
}
}
}
}
}
if (!$adminKuser || !$adminKuser->getIsAdmin()) {
$this->addError(APIErrors::ADMIN_KUSER_NOT_FOUND);
return null;
}
if ($partner_id && $partner_id != $adminKuser->getPartnerId()) {
$this->addError(APIErrors::UNKNOWN_PARTNER_ID);
return;
}
$partner = PartnerPeer::retrieveByPK($adminKuser->getPartnerId());
if (!$partner) {
$this->addError(APIErrors::UNKNOWN_PARTNER_ID);
return;
}
$partner_id = $partner->getId();
$subp_id = $partner->getSubpId();
$admin_puser_id = $adminKuser->getPuserId();
// get the puser_kuser for this admin if exists, if not - creae it and return it - create a kuser too
$puser_kuser = PuserKuserPeer::createPuserKuser($partner_id, $subp_id, $admin_puser_id, $adminKuser->getScreenName(), $adminKuser->getScreenName(), true);
$uid = $puser_kuser->getPuserId();
$ks = null;
// create a ks for this admin_kuser as if entered the admin_secret using the API
// ALLOW A KS FOR 30 DAYS
kSessionUtils::createKSessionNoValidations($partner_id, $uid, $ks, 30 * 86400, 2, "", "*");
$this->addMsg("partner_id", $partner_id);
$this->addMsg("subp_id", $subp_id);
$this->addMsg("uid", $uid);
$this->addMsg("ks", $ks);
$this->addMsg("screenName", $adminKuser->getFullName());
$this->addMsg("fullName", $adminKuser->getFullName());
$this->addMsg("email", $adminKuser->getEmail());
}
}
$newTempEmail = 'kuser_' . $user->getId() . '_' . $user->getEmail();
$msg = 'NOTICE - kuser [' . $lastUser . '] of partner [' . $user->getPartnerId() . '] is set with email [' . $user->getEmail() . '] already used by admin_kuser id [' . $adminKuser->getId() . '] of partner [' . $adminKuser->getPartnerId() . '] - setting kusers login email to [' . $newTempEmail . ']!';
KalturaLog::notice($msg);
}
if (!kString::isEmailString($user->getEmail())) {
$newTempEmail = 'kuser_' . $user->getId() . '_' . $user->getEmail();
$msg = 'NOTICE - kuser [' . $lastUser . '] of partner [' . $user->getPartnerId() . '] is set with invalid email [' . $user->getEmail() . '] - setting kusers login email to [' . $newTempEmail . ']!';
KalturaLog::notice($msg);
}
// user can login - add a user_login_data record
$existingLoginData = UserLoginDataPeer::getByEmail($newTempEmail);
if ($existingLoginData) {
$msg = 'NOTICE - login data for the same email [' . $newTempEmail . '] partner id [' . $existingLoginData->getConfigPartnerId() . '] already exists - setting kusers login email to';
$newTempEmail = 'kuser_' . $user->getId() . '_' . $user->getEmail();
while ($temp = UserLoginDataPeer::getByEmail($newTempEmail)) {
$newTempEmail = '_' . $newTempEmail;
}
$msg .= ' [' . $newTempEmail . ']!';
KalturaLog::notice($msg);
}
$new_login_data = new UserLoginData();
$new_login_data->setConfigPartnerId($user->getPartnerId());
$new_login_data->setLoginEmail($newTempEmail);
$new_login_data->setFirstName($user->getFirstName());
$new_login_data->setLastName($user->getLastName());
$new_login_data->setSalt($user->getSalt());
$new_login_data->setSha1Password($user->getSha1Password());
$new_login_data->setCreatedAt($user->getCreatedAt());
$new_login_data->setUpdatedAt($user->getUpdatedAt());
}