/**
* @expectedException \Exception
* @expectedExceptionMessage token_auth specified does not have Admin permission for idsite=1
*/
public function test_authenticateRequests_shouldThrowAnException_IfTokenIsNotValid()
{
$dummyToken = API::getInstance()->getTokenAuth('test', UsersManager::getPasswordHash('2'));
$superUserToken = $this->getSuperUserToken();
$requests = array($this->buildDummyRequest($superUserToken), $this->buildDummyRequest($dummyToken));
$this->requests->authenticateRequests($requests);
}
/**
* Create a user upon call from frontend
* This API method will be called from Controller of this module
*
* @param String $userLogin
* @param String $userPassword
* @param String $userEmail
* @return Boolean
*/
public function createUser($userLogin, $userPassword, $userEmail)
{
if ($userLogin and $userPassword) {
$userManager = UserManagerAPI::getInstance();
if (!$this->userManagerModel->userEmailExists($userEmail) and !$this->userManagerModel->userExists($userLogin)) {
$password = Common::unsanitizeInputValue($userPassword);
UserManager::checkPassword($password);
$passwordTransformed = UserManager::getPasswordHash($password);
$token_auth = $userManager->getTokenAuth($userEmail, $passwordTransformed);
try {
$this->userManagerModel->addUser($userEmail, $passwordTransformed, $userEmail, $userLogin, $token_auth, Date::now()->getDatetime());
return true;
} catch (Exception $e) {
//throw new Exception($e->getMessage());
$this->__errors[] = 'Error in creating the user in database.';
}
} else {
$this->__errors[] = 'User email already exists or the login name already exists';
}
}
return false;
}
private function createAdminUserForSite($idSite)
{
$login = '******';
$passwordHash = UsersManager::getPasswordHash('password');
$token = API::getInstance()->getTokenAuth($login, $passwordHash);
$user = new Model();
$user->addUser($login, $passwordHash, 'admin@piwik', 'alias', $token, '2014-01-01 00:00:00');
$user->addUserAccess($login, 'admin', array($idSite));
return $token;
}
public static function createSuperUser($removeExisting = true)
{
$login = self::ADMIN_USER_LOGIN;
$password = UsersManager::getPasswordHash(self::ADMIN_USER_PASSWORD);
$token = self::getTokenAuth();
$model = new \Piwik\Plugins\UsersManager\Model();
if ($removeExisting) {
$model->deleteUserOnly($login);
}
$user = $model->getUser($login);
if (empty($user)) {
$model->addUser($login, $password, '*****@*****.**', $login, $token, Date::now()->getDatetime());
} else {
$model->updateUser($login, $password, '*****@*****.**', $login, $token);
}
if (empty($user['superuser_access'])) {
$model->setSuperUserAccess($login, true);
}
return $model->getUserByTokenAuth($token);
}
/**
* Sets the password to authenticate with.
*
* @param string $password
*/
public function setPassword($password)
{
if (empty($password)) {
$this->hashedPassword = null;
} else {
$this->hashedPassword = UsersManager::getPasswordHash($password);
}
}
/**
* Updates a user in the database.
* Only login and password are required (case when we update the password).
* When the password changes, the key token for this user will change, which could break
* its API calls.
*
* @see addUser() for all the parameters
*/
public function updateUser($userLogin, $password = false, $email = false, $alias = false, $_isPasswordHashed = false)
{
Piwik::checkUserIsSuperUserOrTheUser($userLogin);
$this->checkUserIsNotAnonymous($userLogin);
$this->checkUserIsNotSuperUser($userLogin);
$userInfo = $this->getUser($userLogin);
if (empty($password)) {
$password = $userInfo['password'];
} else {
$password = Common::unsanitizeInputValue($password);
if (!$_isPasswordHashed) {
UsersManager::checkPassword($password);
$password = UsersManager::getPasswordHash($password);
}
}
if (empty($alias)) {
$alias = $userInfo['alias'];
}
if (empty($email)) {
$email = $userInfo['email'];
}
if ($email != $userInfo['email']) {
$this->checkEmail($email);
}
$alias = $this->getCleanAlias($alias, $userLogin);
$token_auth = $this->getTokenAuth($userLogin, $password);
$db = Db::get();
$db->update(Common::prefixTable("user"), array('password' => $password, 'alias' => $alias, 'email' => $email, 'token_auth' => $token_auth), "login = '******'");
Cache::deleteTrackerCache();
/**
* Triggered after an existing user has been updated.
*
* @param string $userLogin The user's login handle.
*/
Piwik::postEvent('UsersManager.updateUser.end', array($userLogin));
}
private function updateUserPassword()
{
$user = $this->getUserForLogin();
$passwordHash = UsersManager::getPasswordHash($this->password);
$newTokenAuth = $this->usersManagerAPI->getTokenAuth($this->login, $passwordHash);
$this->usersModel->updateUser($this->login, $passwordHash, $user['email'], $user['alias'], $newTokenAuth);
// make sure cookie has correct token auth
$this->userForLogin['password'] = $passwordHash;
$this->token_auth = $this->userForLogin['token_auth'] = $newTokenAuth;
}
/**
* Stores password reset info for a specific login.
*
* @param string $login The user login for whom a password change was requested.
* @param string $password The new password to set.
*/
public static function savePasswordResetInfo($login, $password)
{
$optionName = self::getPasswordResetInfoOptionName($login);
$optionData = UsersManager::getPasswordHash($password);
Option::set($optionName, $optionData);
}
/**
* Updates a user in the database.
* Only login and password are required (case when we update the password).
* When the password changes, the key token for this user will change, which could break
* its API calls.
*
* @see addUser() for all the parameters
*/
public function updateUser($userLogin, $password = false, $email = false, $alias = false, $_isPasswordHashed = false)
{
Piwik::checkUserHasSuperUserAccessOrIsTheUser($userLogin);
$this->checkUserIsNotAnonymous($userLogin);
$userInfo = $this->getUser($userLogin);
$passwordHasBeenUpdated = false;
if (empty($password)) {
$password = $userInfo['password'];
} else {
$password = Common::unsanitizeInputValue($password);
if (!$_isPasswordHashed) {
UsersManager::checkPassword($password);
$password = UsersManager::getPasswordHash($password);
}
$passwordHasBeenUpdated = true;
}
if (empty($alias)) {
$alias = $userInfo['alias'];
}
if (empty($email)) {
$email = $userInfo['email'];
}
if ($email != $userInfo['email']) {
$this->checkEmail($email);
}
$alias = $this->getCleanAlias($alias, $userLogin);
$token_auth = $this->getTokenAuth($userLogin, $password);
$this->model->updateUser($userLogin, $password, $email, $alias, $token_auth);
Cache::deleteTrackerCache();
/**
* Triggered after an existing user has been updated.
* Event notify about password change.
*
* @param string $userLogin The user's login handle.
* @param boolean $passwordHasBeenUpdated Flag containing information about password change.
*/
Piwik::postEvent('UsersManager.updateUser.end', array($userLogin, $passwordHasBeenUpdated, $email, $password, $alias));
}
/**
* Stores password reset info for a specific login.
*
* @param string $login The user login for whom a password change was requested.
* @param string $newPassword The new password to set.
*/
private function savePasswordResetInfo($login, $newPassword)
{
$optionName = $this->getPasswordResetInfoOptionName($login);
$optionData = UsersManager::getPasswordHash($newPassword);
Option::set($optionName, $optionData);
}
