private function authenticateWithTokenOrHashToken($token, $login) { $user = $this->userModel->getUser($login); if (!empty($user['token_auth']) && (SessionInitializer::getHashTokenAuth($login, $user['token_auth']) === $token || $user['token_auth'] === $token)) { return $this->authenticationSuccess($user); } return new AuthResult(AuthResult::FAILURE, $login, $token); }
/** * Authenticates user * * @return \Piwik\AuthResult */ public function authenticate() { $httpLogin = $this->getHttpAuthLogin(); if (!empty($httpLogin)) { $user = $this->userModel->getUser($httpLogin); if (empty($user)) { return new AuthResult(AuthResult::FAILURE, $httpLogin, null); } $code = !empty($user['superuser_access']) ? AuthResult::SUCCESS_SUPERUSER_AUTH_CODE : AuthResult::SUCCESS; return new AuthResult($code, $httpLogin, $user['token_auth']); } return parent::authenticate(); }
/** * Checks if the provided CURRENT password is correct and calls the parent * class function if so. Otherwise provides error message. * * @see the parent class function for parameters and return value */ public function recordUserSettings() { try { $passwordCurrent = Common::getRequestvar('passwordCurrent', false); $passwordCurrent = Crypto::decrypt($passwordCurrent); // Note: Compare loosely, so both, "" (password input empty; forms send strings) // and "password input not sent" are covered - see // https://secure.php.net/manual/en/types.comparisons.php if ($passwordCurrent != "") { $userName = Piwik::getCurrentUserLogin(); // gets username as string or "anonymous" // see Piwik\Plugins\Login\Auth for used password hash function // (in setPassword()) and access to hashed password (in getTokenAuthSecret()) if ($userName != 'anonymous') { $model = new Model(); $user = $model->getUser($userName); if (UsersManagerEncrypted::getPasswordHash($passwordCurrent) === $user['password']) { $toReturn = parent::recordUserSettings(); } else { throw new Exception(Piwik::translate('UsersManagerEncrypted_CurrentPasswordIncorrect')); } } else { throw new Exception(Piwik::translate('UsersManagerEncrypted_UserNotAuthenticated')); } } else { throw new Exception(Piwik::translate('UsersManagerEncrypted_CurrentPasswordNotProvided')); } } catch (Exception $e) { $response = new ResponseBuilder(Common::getRequestVar('format')); $toReturn = $response->getResponseException($e); } return $toReturn; }
/** * Returns the user information (login, password md5, alias, email, date_registered, etc.) * * @param string $userLogin the user login * * @return array the user information */ public function getUser($userLogin) { Piwik::checkUserHasSuperUserAccessOrIsTheUser($userLogin); $this->checkUserExists($userLogin); $user = $this->model->getUser($userLogin); return $this->userFilter->filterUser($user); }
/** * Authenticates user * * @return AuthResult */ public function authenticate() { if (!empty($this->md5Password)) { // favor authenticating by password $this->token_auth = UsersManagerAPI::getInstance()->getTokenAuth($this->login, $this->getTokenAuthSecret()); } if (is_null($this->login)) { $model = new Model(); $user = $model->getUserByTokenAuth($this->token_auth); if (!empty($user['login'])) { $code = $user['superuser_access'] ? AuthResult::SUCCESS_SUPERUSER_AUTH_CODE : AuthResult::SUCCESS; return new AuthResult($code, $user['login'], $this->token_auth); } } else { if (!empty($this->login)) { $model = new Model(); $user = $model->getUser($this->login); if (!empty($user['token_auth']) && (SessionInitializer::getHashTokenAuth($this->login, $user['token_auth']) === $this->token_auth || $user['token_auth'] === $this->token_auth)) { $this->setTokenAuth($user['token_auth']); $code = !empty($user['superuser_access']) ? AuthResult::SUCCESS_SUPERUSER_AUTH_CODE : AuthResult::SUCCESS; return new AuthResult($code, $this->login, $user['token_auth']); } } } return new AuthResult(AuthResult::FAILURE, $this->login, $this->token_auth); }
/** * Authenticates user * * @return AuthResult */ public function authenticate() { $logger = StaticContainer::get('Psr\\Log\\LoggerInterface'); $model = new Model(); $user = $model->getUser($this->login); if (!$user) { $user = $model->getUserByTokenAuth($this->token_auth); if (!$user) { $logger->info("Creating user " . $this->login); $model->addUser($this->login, $this->getTokenAuthSecret(), $this->email, $this->alias, $this->token_auth, Date::now()->getDatetime()); $user = $model->getUser($this->login); } } $accessCode = $user['superuser_access'] ? AuthResult::SUCCESS_SUPERUSER_AUTH_CODE : AuthResult::SUCCESS; $this->login = $user['login']; if ($this->getViewableUserStatus() || $this->getSuperUserStatus()) { $site_ids = $this->getDefaultSiteIds(); $current_accesses = array(); foreach ($site_ids as $site_id) { $accesses = $model->getUsersAccessFromSite($site_id); foreach ($accesses as $user => $access) { if ($this->login == $user && ($access == "view" || $access == 'admin')) { $current_accesses[] = $site_id; } } } $new_accesses = array(); foreach ($site_ids as $site_id) { if (!in_array($site_id, $current_accesses)) { $new_accesses[] = $site_id; } } if (count($new_accesses) > 0) { $logger->info("Adding default site ids to " . $this->login); $model->addUserAccess($this->login, "view", $new_accesses); } } $is_superuser = $this->getSuperUserStatus(); $model->setSuperUserAccess($this->login, $is_superuser); return new AuthResult($accessCode, $this->login, $this->token_auth); }
/** * Returns the user's API token. * * If the username/password combination is incorrect an invalid token will be returned. * * @param string $userLogin Login * @param string $md5Password hashed string of the password (using current hash function; MD5-named for historical reasons) * @return string */ public function getTokenAuth($userLogin, $md5Password) { UsersManager::checkPasswordHash($md5Password, Piwik::translate('UsersManager_ExceptionPasswordMD5HashExpected')); $user = $this->model->getUser($userLogin); if (!$this->password->verify($md5Password, $user['password'])) { return md5($userLogin . microtime(true) . Common::generateUniqId()); } if ($this->password->needsRehash($user['password'])) { $this->updateUser($userLogin, $this->password->hash($md5Password)); } return $user['token_auth']; }
protected function getUserForLogin() { if (empty($this->userForLogin)) { if (!empty($this->login)) { $this->userForLogin = $this->usersModel->getUser($this->login); } else { if (!empty($this->token_auth)) { $this->userForLogin = $this->usersModel->getUserByTokenAuth($this->token_auth); } else { throw new Exception("Cannot get user details, neither login nor token auth are set."); } } } return $this->userForLogin; }
/** * Authenticates user * * @return AuthResult */ public function authenticate() { if (is_null($this->login)) { $model = new Model(); $user = $model->getUserByTokenAuth($this->token_auth); if (!empty($user['login'])) { $code = $user['superuser_access'] ? AuthResult::SUCCESS_SUPERUSER_AUTH_CODE : AuthResult::SUCCESS; return new AuthResult($code, $user['login'], $this->token_auth); } } else { if (!empty($this->login)) { $model = new Model(); $user = $model->getUser($this->login); if (!empty($user['token_auth']) && ($this->getHashTokenAuth($this->login, $user['token_auth']) === $this->token_auth || $user['token_auth'] === $this->token_auth)) { $this->setTokenAuth($user['token_auth']); $code = !empty($user['superuser_access']) ? AuthResult::SUCCESS_SUPERUSER_AUTH_CODE : AuthResult::SUCCESS; return new AuthResult($code, $this->login, $user['token_auth']); } } } return new AuthResult(AuthResult::FAILURE, $this->login, $this->token_auth); }
protected function setReplyToAsSender(Mail $mail, array $report) { if (Config::getInstance()->General['scheduled_reports_replyto_is_user_email_and_alias']) { if (isset($report['login'])) { $userModel = new UserModel(); $user = $userModel->getUser($report['login']); $mail->setReplyTo($user['email'], $user['alias']); } } }