/**
* Logs a user in.
*
* @param string email
* @param string password
* @param boolean enable autologin
* @return boolean
*/
protected function _login($email, $password, $remember)
{
$riverid_api = RiverID_API::instance();
// Fallback to local auth if user is in the exemption list
if (in_array($email, Kohana::$config->load('auth.exempt'))) {
return parent::_login($email, $password, $remember);
}
// Check if the email is registered on RiverID
if ($riverid_api->is_registered($email)) {
// Success! Proceed to sign in into RiverID
$login_response = $riverid_api->signin($email, $password);
if ($login_response and $login_response['status']) {
// Get the user object that matches the provided email and RiverID
$user = ORM::factory('user')->where('email', '=', $email)->where('riverid', '=', $login_response['user_id'])->find();
// User does not exist locally but authenticates via RiverID, create user
if (!$user->loaded()) {
// Check if the email is already registered locally
// If so, this will simply append a riverid
$user = ORM::factory('user')->where('email', '=', $email)->find();
// Only auto register if the site allows it
if (!(bool) Model_Setting::get_setting('public_registration_enabled') and !$user->loaded()) {
return FALSE;
}
$user->username = $user->email = $email;
$user->riverid = $login_response['user_id'];
$user->save();
// Allow the user be able to login immediately
$login_role = ORM::factory('role', array('name' => 'login'));
if (!$user->has('roles', $login_role)) {
$user->add('roles', $login_role);
}
}
// User exists locally and authenticates via RiverID so complete the login
if ($user->has('roles', ORM::factory('role', array('name' => 'login')))) {
if ($remember === TRUE) {
// Token data
$data = array('user_id' => $user->id, 'expires' => time() + $this->_config['lifetime'], 'user_agent' => sha1(Request::$user_agent));
// Create a new autologin token
$token = ORM::factory('user_token')->values($data)->create();
// Set the autologin cookie
Cookie::set('authautologin', $token->token, $this->_config['lifetime']);
}
// Finish the login
$this->complete_login($user);
return TRUE;
}
}
}
return FALSE;
}
/**
* Change email address
*
* @return void
*/
public function action_changeemail()
{
$this->template->content = View::factory('pages/login/landing');
$this->template->header->meta = '<meta HTTP-EQUIV="REFRESH" content="5; url=' . URL::site() . '">';
// Force logout
Auth::instance()->logout();
$session = Session::instance();
$old_email = $this->request->param('old_email');
$new_email = $this->request->param('new_email');
$token = $this->request->param('token');
$user = ORM::factory('user', array('email' => $old_email));
if ($this->riverid_auth) {
$riverid_api = RiverID_API::instance();
$resp = $riverid_api->confirm_email($new_email, $token);
if (!$resp['status']) {
$errors = array($resp['error']);
}
} else {
$token = Model_Auth_Token::get_token($token, 'change_email');
if ($token) {
$data = json_decode($token->data);
$token->delete();
if ($new_email != $data->new_email or $old_email != $data->old_email) {
// The emails in the request does not match
// the emails in the token
$errors = array(__('Invalid email'));
}
} else {
$errors = array(__('Error'));
}
}
if (empty($errors)) {
// Email change was validated, make the change to the user object
$user->email = $user->username = $new_email;
$user->save();
// Auto login
Auth::instance()->force_login($user);
$this->template->content->messages = array(__('Email changed successfully.'));
} else {
$this->template->content->errors = $errors;
}
}
/**
* Send a river id password reset request
*
*/
private static function password_reset_riverid($email)
{
$riverid_api = RiverID_API::instance();
$mail_body = View::factory('emails/resetpassword')->bind('secret_url', $secret_url);
$secret_url = url::site('login/reset/' . urlencode($email) . '/%token%', TRUE, TRUE);
$site_email = Kohana::$config->load('useradmin.email_address');
$mail_subject = __(':sitename: Password Reset', array(':sitename' => Model_Setting::get_setting('site_name')));
$response = $riverid_api->request_password($email, $mail_body, $mail_subject, $site_email);
$ret = array();
if ($response['status']) {
$ret['messages'] = array(__('An email has been sent with instructions to complete the password reset process.'));
} else {
$ret['errors'] = array($response['error']);
}
return $ret;
}
private function _update_settings()
{
// Validate current password
$validated = FALSE;
$current_password = $_POST['current_password'];
if ($this->riverid_auth) {
$response = RiverID_API::instance()->signin($this->user->email, $_POST['current_password']);
$validated = ($response and $response['status']);
} else {
$validated = Auth::instance()->hash($current_password) == $this->user->password;
}
if (!$validated) {
$this->errors = __('Current password is incorrect');
return;
}
$messages = array();
// Password is changing and we are using RiverID authentication
if (!empty($_POST['password']) or !empty($_POST['password_confirm'])) {
$post = Model_Auth_User::get_password_validation($_POST);
if (!$post->check()) {
$this->errors = $post->errors('user');
return;
}
// Are we using RiverID?
if ($this->riverid_auth) {
$resp = RiverID_API::instance()->change_password($this->user->email, $_POST['current_password'], $_POST['password']);
if (!$resp['status']) {
$this->errors = $resp['error'];
return;
}
// For API calls below, use this new password
$current_password = $_POST['password'];
unset($_POST['password'], $_POST['password_confirm']);
}
}
// Email address is changing
if ($_POST['email'] != $this->user->email) {
$new_email = $_POST['email'];
if (!Valid::email($new_email)) {
$this->errors = __('Invalid email address');
return;
}
if ($this->riverid_auth) {
// RiverID email change process
$mail_body = View::factory('emails/changeemail')->bind('secret_url', $secret_url);
$secret_url = url::site('login/changeemail/' . urlencode($this->user->email) . '/' . urlencode($new_email) . '/%token%', TRUE, TRUE);
$site_email = Kohana::$config->load('useradmin.email_address');
$mail_subject = __(':sitename: Email Change', array(':sitename' => Model_Setting::get_setting('site_name')));
$resp = RiverID_API::instance()->change_email($this->user->email, $new_email, $current_password, $mail_body, $mail_subject, $site_email);
if (!$resp['status']) {
$this->errors = $resp['error'];
return;
}
} else {
// Make sure the new email address is not yet registered
$user = ORM::factory('user', array('email' => $new_email));
if ($user->loaded()) {
$this->errors = __('The new email address has already been registered');
return;
}
$auth_token = Model_Auth_Token::create_token('change_email', array('new_email' => $new_email, 'old_email' => $this->user->email));
if ($auth_token->loaded()) {
// Send an email with a secret token URL
$mail_body = View::factory('emails/changeemail')->bind('secret_url', $secret_url);
$secret_url = URL::site('login/changeemail/' . urlencode($this->user->email) . '/' . urlencode($new_email) . '/' . $auth_token->token, TRUE, TRUE);
// Send email to the user using the new address
$mail_subject = __(':sitename: Email Change', array(':sitename' => Model_Setting::get_setting('site_name')));
Swiftriver_Mail::send($new_email, $mail_subject, $mail_body);
} else {
$this->errors = __('Error');
return;
}
$messages[] = __("A confirmation email has been sent to :email", array(':email' => $new_email));
}
// Don't change email address immediately.
// Only do so after the tokens sent above are validated
unset($_POST['email']);
}
// END if - email address change
// Nickname is changing
if ($_POST['nickname'] != $this->user->account->account_path) {
$nickname = $_POST['nickname'];
// Make sure the account path is not already taken
$account = ORM::factory('account', array('account_path' => $nickname));
if ($account->loaded()) {
$this->errors = __('Nickname is already taken');
return;
}
// Update
$this->user->account->account_path = $nickname;
$this->user->account->save();
}
$this->user->update_user($_POST, array('name', 'password', 'email'));
$messages[] = __("Account settings were saved successfully.");
Session::instance()->set("messages", $messages);
$this->request->redirect(URL::site($this->user->account->account_path . '/settings'));
}