/** * Creates a native user in Omegaup and returns the DAO populated * * @param string $username optional * @param string $password optional * @param string $email optional * @return user (DAO) */ public static function createUser($username = null, $password = null, $email = null, $verify = true) { // If data is not provided, generate it randomly if (is_null($username)) { $username = Utils::CreateRandomString(); } if (is_null($password)) { $password = Utils::CreateRandomString(); } if (is_null($email)) { $email = Utils::CreateRandomString() . '@mail.com'; } // Populate a new Request to pass to the API UserController::$permissionKey = uniqid(); $r = new Request(array('username' => $username, 'name' => $username, 'password' => $password, 'email' => $email, 'permission_key' => UserController::$permissionKey)); // Call the API $response = UserController::apiCreate($r); // If status is not OK if (strcasecmp($response['status'], 'ok') !== 0) { throw new Exception('UserFactory::createUser failed'); } // Get user from db $user = UsersDAO::FindByUsername($username); if ($verify) { UserController::$redirectOnVerify = false; $user = self::verifyUser($user); } else { $user->verified = 0; UsersDAO::save($user); } // Password came hashed from DB. Set password in plaintext $user->setPassword($password); return $user; }
/** * * @param Request $r * @return array * @throws ForbiddenAccessException */ public static function apiGenerateOmiUsers(Request $r) { self::authenticateRequest($r); $response = array(); $is_system_admin = Authorization::IsSystemAdmin($r['current_user_id']); if ($r['contest_type'] == 'OMI') { if (!$is_system_admin) { throw new ForbiddenAccessException(); } // Arreglo de estados de MX $keys = array('OMI2015-AGU' => 4, 'OMI2015-BCN' => 4, 'OMI2015-BCS' => 4, 'OMI2015-CAM' => 4, 'OMI2015-COA' => 4, 'OMI2015-COL' => 4, 'OMI2015-CHP' => 4, 'OMI2015-CHH' => 8, 'OMI2015-DIF' => 4, 'OMI2015-DUR' => 4, 'OMI2015-GUA' => 4, 'OMI2015-GRO' => 4, 'OMI2015-HID' => 4, 'OMI2015-JAL' => 4, 'OMI2015-MEX' => 4, 'OMI2015-MIC' => 4, 'OMI2015-MOR' => 4, 'OMI2015-NAY' => 4, 'OMI2015-NLE' => 4, 'OMI2015-OAX' => 4, 'OMI2015-PUE' => 4, 'OMI2015-QUE' => 4, 'OMI2015-ROO' => 4, 'OMI2015-SLP' => 4, 'OMI2015-SIN' => 4, 'OMI2015-SON' => 4, 'OMI2015-TAB' => 4, 'OMI2015-TAM' => 4, 'OMI2015-TLA' => 4, 'OMI2015-VER' => 4, 'OMI2015-YUC' => 4, 'OMI2015-ZAC' => 4, 'OMI2015-INV' => 4); } elseif ($r['contest_type'] == 'OMIPS') { if ($r['current_user']->getUsername() != 'andreasantillana' && !$is_system_admin) { throw new ForbiddenAccessException(); } $keys = array('OMIPS2015-P' => 25, 'OMIPS2015-S' => 25); } elseif ($r['contest_type'] == 'ORIG') { if ($r['current_user']->getUsername() != 'kuko.coder' && !$is_system_admin) { throw new ForbiddenAccessException(); } $keys = array('ORIG1516-CEL' => 38, 'ORIG1516-DHI' => 15, 'ORIG1516-GTO' => 14, 'ORIG1516-IRA' => 37, 'ORIG1516-PEN' => 22, 'ORIG1516-LEO' => 43, 'ORIG1516-SLP' => 14, 'ORIG1516-SLV' => 14, 'ORIG1516-URI' => 17, 'ORIG1516-VDS' => 15); } elseif ($r['contest_type'] == 'OMIAGS') { if ($r['current_user']->getUsername() != 'andreasantillana' && !$is_system_admin) { throw new ForbiddenAccessException(); } $keys = array('OMIAGS' => 35); } elseif ($r['contest_type'] == 'OSI') { if ($r['current_user']->getUsername() != 'cope_quintana' && !$is_system_admin) { throw new ForbiddenAccessException(); } $keys = array('OSI16' => 120); } elseif ($r['contest_type'] == 'UNAMFC') { if ($r['current_user']->getUsername() != 'manuelalcantara52' && $r['current_user']->getUsername() != 'manuel52' && !$is_system_admin) { throw new ForbiddenAccessException(); } $keys = array('UNAMFC15' => 30); } elseif ($r['contest_type'] == 'OVI') { if ($r['current_user']->getUsername() != 'covi.academico' && !$is_system_admin) { throw new ForbiddenAccessException(); } $keys = array('OVI15' => 200); } else { throw new InvalidParameterException('parameterNotInExpectedSet', 'contest_type', array('bad_elements' => $r['contest_type'], 'expected_set' => 'OMI, OMIAGS, ORIG, OSI, OVI')); } self::$permissionKey = $r['permission_key'] = self::randomString(32); foreach ($keys as $k => $n) { $digits = floor(log10($n) + 1); for ($i = 1; $i <= $n; $i++) { $username = $k . '-' . str_pad($i, $digits, '0', STR_PAD_LEFT); $password = self::randomString(8); if (self::omiPrepareUser($r, $username, $password)) { $response[$username] = $password; } // Add user to contest if needed if (!is_null($r['contest_alias'])) { $addUserRequest = new Request(); $addUserRequest['auth_token'] = $r['auth_token']; $addUserRequest['usernameOrEmail'] = $username; $addUserRequest['contest_alias'] = $r['contest_alias']; ContestController::apiAddUser($addUserRequest); } } } return $response; }
public function LoginViaFacebook() { //ok, the user does not have any auth token //if he wants to test facebook login //Facebook must send me the state=something //query, so i dont have to be testing //facebook sessions on every single petition //made from the front-end if (!isset($_GET['state'])) { return false; } //if that is not true, may still be logged with //facebook, lets test that $facebook = self::getFacebookInstance(); // Get User ID $fb_user = $facebook->getUser(); if ($fb_user == 0) { self::$log->info('FB session unavailable.'); return false; } // We may or may not have this data based on whether the user is logged in. // If we have a $fb_user id here, it means we know the user is logged into // Facebook, but we don't know if the access token is valid. An access // token is invalid if the user logged out of Facebook. try { // Proceed knowing you have a logged in user who's authenticated. $fb_user_profile = $facebook->api('/me'); } catch (FacebookApiException $e) { $fb_user = null; self::$log->error('FacebookException:' . $e); return false; } //ok we know the user is logged in, //lets look for his information on the database //if there is none, it means that its the first //time the user has been here, lets register his info self::$log->info('User is logged in via facebook !!'); $results = UsersDAO::FindByEmail($fb_user_profile['email']); if (!is_null($results)) { //user has been here before with facebook! $vo_User = $results; self::$log->info('user has been here before with facebook!'); } else { // The user has never been here before, let's register him // I have a problem with this: $username = self::getUniqueUsernameFromEmail($fb_user_profile['email']); // Even if the user gave us his/her email, we should not // just go ahead and assume its ok to share with the world // maybe we could do: // $username = str_replace(" ", "_", $fb_user_profile["name"] ), UserController::$permissionKey = uniqid(); $r = new Request(array('name' => $fb_user_profile['name'], 'username' => $username, 'email' => $fb_user_profile['email'], 'facebook_user_id' => $fb_user_profile['id'], 'password' => null, 'permission_key' => UserController::$permissionKey, 'ignore_password' => true)); try { $res = UserController::apiCreate($r); } catch (ApiException $e) { self::$log->error('Unable to login via Facebook ' . $e); return false; } $vo_User = UsersDAO::getByPK($res['user_id']); } //since we got here, this user does not have //any auth token, lets give him one //so we dont have to call facebook to see //if he is still logged in, and he can call //the api $this->RegisterSession($vo_User); }
/** * Tests usernames with invalid chars. Exception is expected * * @expectedException InvalidParameterException */ public function testUsernameWithInvalidChars() { UserController::$permissionKey = uniqid(); // Inflate request $r = new Request(array('username' => 'ínvalid username', 'password' => Utils::CreateRandomString(), 'email' => Utils::CreateRandomString() . '@' . Utils::CreateRandomString() . '.com', 'permission_key' => UserController::$permissionKey)); // Call API $response = UserController::apiCreate($r); }
/** * Tests usernames with invalid chars. Exception is expected * * @expectedException InvalidParameterException */ public function testUsernameWithInvalidChars() { UserController::$permissionKey = uniqid(); // Inflate request $r = new Request(array("username" => "ínvalid username", "password" => Utils::CreateRandomString(), "email" => Utils::CreateRandomString() . "@" . Utils::CreateRandomString() . ".com", "permission_key" => UserController::$permissionKey)); // Call API $response = UserController::apiCreate($r); }
/** * * @param Request $r * @return array * @throws ForbiddenAccessException */ public static function apiGenerateOmiUsers(Request $r) { self::authenticateRequest($r); $response = array(); if ($r["contest_type"] == "OMI") { if (!Authorization::IsSystemAdmin($r["current_user_id"])) { throw new ForbiddenAccessException(); } // Arreglo de estados de MX $keys = array("OMI2015-AGU" => 4, "OMI2015-BCN" => 4, "OMI2015-BCS" => 4, "OMI2015-CAM" => 4, "OMI2015-COA" => 4, "OMI2015-COL" => 4, "OMI2015-CHP" => 4, "OMI2015-CHH" => 8, "OMI2015-DIF" => 4, "OMI2015-DUR" => 4, "OMI2015-GUA" => 4, "OMI2015-GRO" => 4, "OMI2015-HID" => 4, "OMI2015-JAL" => 4, "OMI2015-MEX" => 4, "OMI2015-MIC" => 4, "OMI2015-MOR" => 4, "OMI2015-NAY" => 4, "OMI2015-NLE" => 4, "OMI2015-OAX" => 4, "OMI2015-PUE" => 4, "OMI2015-QUE" => 4, "OMI2015-ROO" => 4, "OMI2015-SLP" => 4, "OMI2015-SIN" => 4, "OMI2015-SON" => 4, "OMI2015-TAB" => 4, "OMI2015-TAM" => 4, "OMI2015-TLA" => 4, "OMI2015-VER" => 4, "OMI2015-YUC" => 4, "OMI2015-ZAC" => 4, "OMI2015-INV" => 4); } else { if ($r["contest_type"] == "OMIPS") { if (!Authorization::IsSystemAdmin($r["current_user_id"])) { throw new ForbiddenAccessException(); } $keys = array("OMIPS2015-P" => 25, "OMIPS2015-S" => 25); } else { if ($r["contest_type"] == "ORIG") { if (!($r["current_user"]->getUsername() == "kuko.coder" || Authorization::IsSystemAdmin($r["current_user_id"]))) { throw new ForbiddenAccessException(); } $keys = array("ORIG1516-CEL" => 38, "ORIG1516-DHI" => 15, "ORIG1516-GTO" => 14, "ORIG1516-IRA" => 37, "ORIG1516-PEN" => 22, "ORIG1516-LEO" => 43, "ORIG1516-SLP" => 14, "ORIG1516-SLV" => 14, "ORIG1516-URI" => 17, "ORIG1516-VDS" => 15); } else { if ($r["contest_type"] == "OMIAGS") { if (!($r["current_user"]->getUsername() == "andreasantillana" || Authorization::IsSystemAdmin($r["current_user_id"]))) { throw new ForbiddenAccessException(); } $keys = array("OMIAGS" => 35); } else { if ($r["contest_type"] == "OSI") { if (!($r["current_user"]->getUsername() == "cope_quintana" || Authorization::IsSystemAdmin($r["current_user_id"]))) { throw new ForbiddenAccessException(); } $keys = array("OSI16" => 120); } else { if ($r["contest_type"] == "UNAMFC") { if (!($r["current_user"]->getUsername() == "manuelalcantara52" || $r["current_user"]->getUsername() == "manuel52" || Authorization::IsSystemAdmin($r["current_user_id"]))) { throw new ForbiddenAccessException(); } $keys = array("UNAMFC15" => 30); } else { if ($r["contest_type"] == "OVI") { if (!($r["current_user"]->getUsername() == "covi.academico" || Authorization::IsSystemAdmin($r["current_user_id"]))) { throw new ForbiddenAccessException(); } $keys = array("OVI15" => 200); } else { throw new InvalidParameterException("parameterNotInExpectedSet", "contest_type", array("bad_elements" => $r["contest_type"], "expected_set" => "OMI, OMIAGS, ORIG, OSI, OVI")); } } } } } } } self::$permissionKey = $r['permission_key'] = self::randomString(32); foreach ($keys as $k => $n) { $digits = floor(log10($n) + 1); for ($i = 1; $i <= $n; $i++) { $username = $k . "-" . str_pad($i, $digits, '0', STR_PAD_LEFT); $password = self::randomString(8); if (self::omiPrepareUser($r, $username, $password)) { $response[$username] = $password; } // Add user to contest if needed if (!is_null($r["contest_alias"])) { $addUserRequest = new Request(); $addUserRequest["auth_token"] = $r["auth_token"]; $addUserRequest["usernameOrEmail"] = $username; $addUserRequest["contest_alias"] = $r["contest_alias"]; ContestController::apiAddUser($addUserRequest); } } } return $response; }