/**
* @inheritdoc
*/
public function authenticate()
{
$record = User::model()->findByAttributes(array('username' => $this->username));
$authenticated = $record !== null && $record->verifyPassword($this->password);
$attempt = new UserLoginAttempt();
$attempt->username = $this->username;
$attempt->user_id = $record === null ? null : $record->id;
$attempt->is_successful = $authenticated;
$attempt->save();
if (UserLoginAttempt::hasTooManyFailedAttempts($this->username, self::MAX_FAILED_LOGIN_ATTEMPTS, self::LOGIN_ATTEMPTS_COUNT_SECONDS)) {
// this is the first check not to reveal if the specified user account exists or not
$this->errorCode = self::ERROR_USER_LOCKED;
$this->errorMessage = Yii::t('UsrModule.usr', 'User account has been locked due to too many failed login attempts. Try again later.');
} elseif (!$authenticated) {
$this->errorCode = self::ERROR_USERNAME_INVALID;
$this->errorMessage = Yii::t('UsrModule.usr', 'Invalid username or password.');
} elseif ($record->is_disabled) {
$this->errorCode = self::ERROR_USER_DISABLED;
$this->errorMessage = Yii::t('UsrModule.usr', 'User account has been disabled.');
} else {
if (!$record->is_active) {
$this->errorCode = self::ERROR_USER_INACTIVE;
$this->errorMessage = Yii::t('UsrModule.usr', 'User account has not been activated yet.');
} else {
$this->errorCode = self::ERROR_NONE;
$this->errorMessage = '';
$this->initFromUser($record);
$record->saveAttributes(array('last_visit_on' => date('Y-m-d H:i:s')));
}
}
return $this->getIsAuthenticated();
}
/**
* Checks if there are not too many login attempts using specified username in the specified number of seconds until now.
* @param string $username
* @param integer $count_limit number of login attempts
* @param integer $time_limit number of seconds
* @return boolean
*/
public static function hasTooManyFailedAttempts($username, $count_limit = 5, $time_limit = 1800)
{
$since = new DateTime();
$since->sub(new DateInterval("PT{$time_limit}S"));
$subquery = UserLoginAttempt::model()->dbConnection->createCommand()->select('is_successful')->from(UserLoginAttempt::model()->tableName())->where('username = :username AND performed_on > :since')->order('performed_on DESC')->limit($count_limit)->getText();
return $count_limit <= (int) UserLoginAttempt::model()->dbConnection->createCommand()->select('COUNT(NOT is_successful OR NULL)')->from("({$subquery}) AS t")->queryScalar(array(':username' => $username, ':since' => $since->format('Y-m-d H:i:s')));
}
public function getUserLoginAttempts()
{
return $this->hasMany(UserLoginAttempt::className(), ['user_id' => 'id'])->orderBy('performed_on DESC');
}
/**
* @inheritdoc
*/
public function authenticate()
{
$record = Usuarios::model()->findByAttributes(array('usuario' => $this->usuario));
$authenticated = $record !== null && $record->verificarContrasena($this->contrasena);
$attempt = new UserLoginAttempt();
$attempt->username = $this->usuario;
$attempt->user_id = $record === null ? null : $record->usuario_id;
$attempt->is_successful = $authenticated;
$attempt->save();
if (UserLoginAttempt::hasTooManyFailedAttempts($this->usuario, self::MAX_FAILED_LOGIN_ATTEMPTS, self::LOGIN_ATTEMPTS_COUNT_SECONDS)) {
// this is the first check not to reveal if the specified user account exists or not
$this->errorCode = self::ERROR_USER_LOCKED;
$this->errorMessage = Yii::t('UsrModule.usr', 'La cuenta de usuario ha sido bloqueada temporalmente debido a demasiados intentos fallidos. Por favor intenta de nuevo más tarde.');
} elseif (!$authenticated) {
$this->errorCode = self::ERROR_USERNAME_INVALID;
$this->errorMessage = Yii::t('UsrModule.usr', 'Usuario o contraseña invalido.');
} elseif ($record->esta_deshabilitado) {
$this->errorCode = self::ERROR_USER_DISABLED;
$this->errorMessage = Yii::t('UsrModule.usr', 'Esta cuenta de usuario ha sido deshabilitada.');
} else {
if (!$record->esta_activo) {
$this->errorCode = self::ERROR_USER_INACTIVE;
$this->errorMessage = Yii::t('UsrModule.usr', 'Esta cuenta de usuario se encuentra inactiva.');
} else {
$this->errorCode = self::ERROR_NONE;
$this->errorMessage = '';
$this->initFromUser($record);
$record->saveAttributes(array('ultima_visita_el' => date('Y-m-d H:i:s')));
$auth = Yii::app()->authManager;
$role = 'ente';
switch ($record->enteOrgano->tipo) {
case 'S':
$role = 'admin';
break;
case 'O':
$role = 'organo';
break;
case 'E':
$role = 'ente';
break;
default:
# code...
break;
}
switch ($record->rol) {
case 'uel':
$role = 'uel';
break;
case 'presupuesto':
$role = 'presupuesto';
break;
case 'producto':
$role = 'producto';
break;
default:
# code...
break;
}
//echo print_r($record);
//Yii::app()->end();
if (!$auth->isAssigned($role, $this->_id)) {
if ($auth->assign($role, $this->_id)) {
Yii::app()->authManager->save();
}
}
}
}
return $this->getIsAuthenticated();
}
