/** * Forgotten password logic (AJAX call) * * @Route(url="/mailing/forgot") * @AnonymousRoute * @param \thebuggenie\core\framework\Request $request */ public function runForgot(framework\Request $request) { $i18n = framework\Context::getI18n(); try { $username = str_replace('%2E', '.', $request['forgot_password_username']); if (!empty($username)) { if (($user = \thebuggenie\core\entities\User::getByUsername($username)) instanceof \thebuggenie\core\entities\User) { if ($user->isActivated() && $user->isEnabled() && !$user->isDeleted()) { if ($user->getEmail()) { framework\Context::getModule('mailing')->sendForgottenPasswordEmail($user); return $this->renderJSON(array('message' => $i18n->__('Please use the link in the email you received'))); } else { throw new \Exception($i18n->__('Cannot find an email address for this user')); } } else { throw new \Exception($i18n->__('Forbidden for this username, please contact your administrator')); } } else { throw new \Exception($i18n->__('This username does not exist')); } } else { throw new \Exception($i18n->__('Please enter an username')); } } catch (\Exception $e) { $this->getResponse()->setHttpStatus(400); return $this->renderJSON(array('error' => $e->getMessage())); } }
public function do_execute() { $hostname = $this->getProvidedArgument('hostname'); $this->cliEcho('Checking scope availability ...'); if (tables\ScopeHostnames::getTable()->getScopeIDForHostname($hostname) === null) { $this->cliEcho("available!\n"); $this->cliEcho("Creating scope ..."); $scope = new entities\Scope(); $scope->addHostname($hostname); $scope->setName($this->getProvidedArgument('shortname')); $uploads_enabled = $this->getProvidedArgument('enable_uploads', 'yes') == 'yes'; $scope->setUploadsEnabled((bool) $uploads_enabled); $scope->setMaxUploadLimit($this->getProvidedArgument('upload_limit', 0)); $scope->setMaxProjects($this->getProvidedArgument('projects', 0)); $scope->setMaxUsers($this->getProvidedArgument('users', 0)); $scope->setMaxTeams($this->getProvidedArgument('teams', 0)); $scope->setMaxWorkflowsLimit($this->getProvidedArgument('workflows', 0)); $scope->setEnabled(); $this->cliEcho("."); $scope->save(); $this->cliEcho(".done!\n"); $admin_user = $this->getProvidedArgument('scope_admin'); if ($admin_user) { $user = entities\User::getByUsername($admin_user); if ($user instanceof entities\User) { $this->cliEcho("Adding user {$admin_user} to scope\n"); $admin_group_id = (int) framework\Settings::get(framework\Settings::SETTING_ADMIN_GROUP, 'core', $scope->getID()); tables\UserScopes::getTable()->addUserToScope($user->getID(), $scope->getID(), $admin_group_id, true); } else { $this->cliEcho("Could not add user {$admin_user} to scope (username not found)\n"); } } if ($this->getProvidedArgument('remove_admin', 'no') == 'yes') { $this->cliEcho("Removing administrator user from scope\n"); tables\UserScopes::getTable()->removeUserFromScope(1, $scope->getID()); } foreach (framework\Context::getModules() as $module) { $module_name = $module->getName(); if ($module_name == 'publish') { continue; } if ($this->getProvidedArgument("install_module_{$module_name}", "no") == 'yes') { $this->cliEcho("Installing module {$module_name}\n"); entities\Module::installModule($module_name, $scope); } } } else { $this->cliEcho("not available\n", 'red'); } $this->cliEcho("\n"); }
public function doLogin($username, $password, $mode = 1) { $validgroups = $this->getSetting('groups'); $base_dn = $this->getSetting('b_dn'); $dn_attr = $this->escape($this->getSetting('dn_attr')); $username_attr = $this->escape($this->getSetting('u_attr')); $fullname_attr = $this->escape($this->getSetting('f_attr')); $buddyname_attr = $this->escape($this->getSetting('b_attr')); $email_attr = $this->escape($this->getSetting('e_attr')); $groups_members_attr = $this->escape($this->getSetting('g_attr')); $user_class = framework\Context::getModule('auth_ldap')->getSetting('u_type'); $group_class = framework\Context::getModule('auth_ldap')->getSetting('g_type'); $email = null; $integrated_auth = $this->getSetting('integrated_auth'); /* * Do the LDAP check here. * * If a connection error or something, throw an exception and log * * If we can, set $mail and $realname to correct values from LDAP * otherwise don't touch those variables. * * To log do: * framework\Logging::log('error goes here', 'ldap', framework\Logging::LEVEL_FATAL); */ try { /* * First job is to connect to our control user (may be an anonymous bind) * so we can find the user we want to log in as/validate. */ $connection = $this->connect(); $control_user = $this->getSetting('control_user'); $control_password = $this->getSetting('control_pass'); $this->bind($connection, $control_user, $control_password); // Assume bind successful, otherwise we would have had an exception /* * Search for a user with the username specified. We search in the base_dn, so we can * find users in multiple parts of the directory, and only return users of a specific * class (default person). * * We want exactly 1 user to be returned. We get the user's full name, email, cn * and dn. */ $fields = array($fullname_attr, $buddyname_attr, $email_attr, 'cn', $dn_attr); $filter = '(&(objectClass=' . $this->escape($user_class) . ')(' . $username_attr . '=' . $this->escape($username) . '))'; $results = ldap_search($connection, $base_dn, $filter, $fields); if (!$results) { framework\Logging::log('failed to search for user: '******'ldap', framework\Logging::LEVEL_FATAL); throw new \Exception(framework\Context::geti18n()->__('Search failed: ') . ldap_error($connection)); } $data = ldap_get_entries($connection, $results); // User does not exist if ($data['count'] == 0) { framework\Logging::log('could not find user ' . $username . ', class ' . $user_class . ', attribute ' . $username_attr, 'ldap', framework\Logging::LEVEL_FATAL); throw new \Exception(framework\Context::geti18n()->__('User does not exist in the directory')); } // If we have more than 1 user, something is seriously messed up... if ($data['count'] > 1) { framework\Logging::log('too many users for ' . $username . ', class ' . $user_class . ', attribute ' . $username_attr, 'ldap', framework\Logging::LEVEL_FATAL); throw new \Exception(framework\Context::geti18n()->__('This user was found multiple times in the directory, please contact your administrator')); } /* * If groups are specified, perform group restriction tests */ if ($validgroups != '') { /* * We will repeat this for every group, but groups are supplied as a comma-separated list */ if (strstr($validgroups, ',')) { $groups = explode(',', $validgroups); } else { $groups = array(); $groups[] = $validgroups; } // Assumed we are initially banned $allowed = false; foreach ($groups as $group) { // No need to carry on looking if we have access if ($allowed == true) { continue; } /* * Find the group we are looking for, we search the entire directory as per users (See that stuff) * We want to find 1 group, if we don't get 1, silently ignore this group. */ $fields2 = array($groups_members_attr); $filter2 = '(&(objectClass=' . $this->escape($group_class) . ')(cn=' . $this->escape($group) . '))'; $results2 = ldap_search($connection, $base_dn, $filter2, $fields2); if (!$results2) { framework\Logging::log('failed to search for user after binding: ' . ldap_error($connection), 'ldap', framework\Logging::LEVEL_FATAL); throw new \Exception(framework\Context::geti18n()->__('Search failed ') . ldap_error($connection)); } $data2 = ldap_get_entries($connection, $results2); if ($data2['count'] != 1) { continue; } /* * Look through the group's member list. If we are found, grant access. */ foreach ($data2[0][strtolower($groups_members_attr)] as $member) { $member = preg_replace('/(?<=,) +(?=[a-zA-Z])/', '', $member); $user_dn = preg_replace('/(?<=,) +(?=[a-zA-Z])/', '', $data[0][strtolower($dn_attr)][0]); if (!is_numeric($member) && strtolower($member) == strtolower($user_dn)) { $allowed = true; } } } if ($allowed == false) { throw new \Exception(framework\Context::getI18n()->__('You are not a member of a group allowed to log in')); } } /* * Set user's properties. * Realname is obtained from directory, if not found we set it to the username * Email is obtained from directory, if not found we set it to blank */ if (!array_key_exists(strtolower($fullname_attr), $data[0])) { $realname = $username; } else { $realname = $data[0][strtolower($fullname_attr)][0]; } if (!array_key_exists(strtolower($buddyname_attr), $data[0])) { $buddyname = $username; } else { $buddyname = $data[0][strtolower($buddyname_attr)][0]; } if (!array_key_exists(strtolower($email_attr), $data[0])) { $email = ''; } else { $email = $data[0][strtolower($email_attr)][0]; } /* * If we are performing a non integrated authentication login, * now bind to the user and see if the credentials * are valid. We bind using the full DN of the user, so no need for DOMAIN\ stuff * on Windows, and more importantly it fixes other servers. * * If the bind fails (exception), we throw a nicer exception and don't continue. */ if ($mode == 1 && !$integrated_auth) { try { if (!is_array($data[0][strtolower($dn_attr)])) { $dn = $data[0][strtolower($dn_attr)]; } else { $dn = $data[0][strtolower($dn_attr)][0]; } $bind = $this->bind($connection, $this->escape($dn), $password); } catch (\Exception $e) { throw new \Exception(framework\Context::geti18n()->__('Your password was not accepted by the server')); } } elseif ($mode == 1) { if (!isset($_SERVER[$this->getSetting('integrated_auth_header')]) || $_SERVER[$this->getSetting('integrated_auth_header')] != $username) { throw new \Exception(framework\Context::geti18n()->__('HTTP authentication internal error.')); } } } catch (\Exception $e) { ldap_unbind($connection); throw $e; } try { /* * Get the user object. If the user exists, update the user's * data from the directory. */ $user = \thebuggenie\core\entities\User::getByUsername($username); if ($user instanceof \thebuggenie\core\entities\User) { $user->setBuddyname($buddyname); $user->setRealname($realname); $user->setPassword($user->getJoinedDate() . $username); // update password $user->setEmail($email); // update email address $user->save(); } else { /* * If not, and we are performing an initial login, create the user object * if we are validating a log in, kick the user out as the session is invalid. */ if ($mode == 1) { // create user $user = new \thebuggenie\core\entities\User(); $user->setUsername($username); $user->setRealname('temporary'); $user->setBuddyname($username); $user->setEmail('temporary'); $user->setEnabled(); $user->setActivated(); $user->setJoined(); $user->setPassword($user->getJoinedDate() . $username); $user->save(); } else { throw new \Exception('User does not exist in TBG'); } } } catch (\Exception $e) { ldap_unbind($connection); throw $e; } ldap_unbind($connection); /* * Set cookies and return user row for general operations. */ framework\Context::getResponse()->setCookie('tbg3_username', $username); framework\Context::getResponse()->setCookie('tbg3_password', \thebuggenie\core\entities\User::hashPassword($user->getJoinedDate() . $username, $user->getSalt())); return \thebuggenie\core\entities\tables\Users::getTable()->getByUsername($username); }
public function runUpdateUser(framework\Request $request) { try { $user = entities\User::getB2DBTable()->selectByID($request['user_id']); if ($user instanceof entities\User) { if (!$user->isConfirmedMemberOfScope(framework\Context::getScope())) { $this->getResponse()->setHttpStatus(400); return $this->renderJSON(array('error' => $this->getI18n()->__('This user is not a confirmed member of this scope'))); } if (!empty($request['username'])) { $testuser = entities\User::getByUsername($request['username']); if (!$testuser instanceof entities\User || $testuser->getID() == $user->getID()) { $user->setUsername($request['username']); } else { $this->getResponse()->setHttpStatus(400); return $this->renderJSON(array('error' => $this->getI18n()->__('This username is already taken'))); } } $password_changed = false; if ($request['password_action'] == 'change' && $request['new_password_1'] && $request['new_password_2']) { if ($request['new_password_1'] == $request['new_password_2']) { $user->setPassword($request['new_password_1']); $password_changed = true; } else { $this->getResponse()->setHttpStatus(400); return $this->renderJSON(array('error' => $this->getI18n()->__('Please enter the new password twice'))); } } elseif ($request['password_action'] == 'random') { $random_password = entities\User::createPassword(); $user->setPassword($random_password); $password_changed = true; } if (isset($request['realname'])) { $user->setRealname($request['realname']); } $return_options = array(); try { if ($group = entities\Group::getB2DBTable()->selectById($request['group'])) { if ($user->getGroupID() != $group->getID()) { $groups = array($user->getGroupID(), $group->getID()); $return_options['update_groups'] = array('ids' => array(), 'membercounts' => array()); } $user->setGroup($group); } } catch (\Exception $e) { throw new \Exception($this->getI18n()->__('Invalid user group')); } $existing_teams = array_keys($user->getTeams()); $new_teams = array(); $new_clients = array(); $user->clearTeams(); try { foreach ($request->getParameter('teams', array()) as $team_id => $team) { if ($team = entities\Team::getB2DBTable()->selectById($team_id)) { $new_teams[] = $team_id; $user->addToTeam($team); } } } catch (\Exception $e) { throw new \Exception($this->getI18n()->__('One or more teams were invalid')); } try { $user->clearClients(); foreach ($request->getParameter('clients', array()) as $client_id => $client) { if ($client = entities\Client::getB2DBTable()->selectById($client_id)) { $new_clients[] = $client_id; $user->addToClient($client); } } } catch (\Exception $e) { throw new \Exception($this->getI18n()->__('One or more clients were invalid')); } if (isset($request['nickname'])) { $user->setBuddyname($request['nickname']); } if (isset($request['email'])) { $user->setEmail($request['email']); } if (isset($request['homepage'])) { $user->setHomepage($request['homepage']); } if (framework\Context::getScope()->isDefault()) { $user->setActivated((bool) $request['activated']); $user->setEnabled((bool) $request['enabled']); } $user->save(); if (isset($groups)) { foreach ($groups as $group_id) { if (!$group_id) { continue; } $return_options['update_groups']['ids'][] = $group_id; $return_options['update_groups']['membercounts'][$group_id] = entities\Group::getB2DBTable()->selectById($group_id)->getNumberOfMembers(); } } if ($new_teams != $existing_teams) { $new_team_ids = array_diff($new_teams, $existing_teams); $existing_team_ids = array_diff($existing_teams, $new_teams); $teams_to_update = array_merge($new_team_ids, $existing_team_ids); $return_options['update_teams'] = array('ids' => array(), 'membercounts' => array()); foreach ($teams_to_update as $team_id) { $return_options['update_teams']['ids'][] = $team_id; $return_options['update_teams']['membercounts'][$team_id] = entities\Team::getB2DBTable()->selectById($team_id)->getNumberOfMembers(); } } $template_options = array('user' => $user); if (isset($random_password)) { $template_options['random_password'] = $random_password; } $return_options['content'] = $this->getComponentHTML('configuration/finduser_row', $template_options); $return_options['title'] = $this->getI18n()->__('User updated!'); if ($password_changed) { $return_options['message'] = $this->getI18n()->__('The password was changed'); } return $this->renderJSON($return_options); } } catch (\Exception $e) { $this->getResponse()->setHttpStatus(400); return $this->renderJSON(array('error' => $this->getI18n()->__('This user could not be updated: %message', array('%message' => $e->getMessage())))); } $this->getResponse()->setHttpStatus(400); return $this->renderJSON(array('error' => $this->getI18n()->__('This user could not be updated'))); }
/** * Reset user password * * @Route(name="reset_password", url="/reset/password/:user/:reset_hash") * @AnonymousRoute * * @param \thebuggenie\core\framework\Request $request The request object */ public function runResetPassword(framework\Request $request) { $i18n = framework\Context::getI18n(); try { if ($request->hasParameter('user') && $request->hasParameter('reset_hash')) { $user = entities\User::getByUsername(str_replace('%2E', '.', $request['user'])); if ($user instanceof entities\User) { if ($request['reset_hash'] == $user->getActivationKey()) { $this->error = false; if ($request->isPost()) { $p1 = trim($request['password_1']); $p2 = trim($request['password_2']); if ($p1 && $p2 && $p1 == $p2) { $user->setPassword($p1); $user->regenerateActivationKey(); $user->save(); framework\Context::setMessage('login_message', $i18n->__('Your password has been reset. Please log in.')); framework\Context::setMessage('login_referer', $this->getRouting()->generate('home')); return $this->forward(framework\Context::getRouting()->generate('login_page')); } else { $this->error = true; } } else { $user->regenerateActivationKey(); } $this->user = $user; } else { throw new \Exception('Your password recovery token is either invalid or has expired'); } } else { throw new \Exception('User is invalid or does not exist'); } } else { throw new \Exception('An internal error has occured'); } } catch (\Exception $e) { framework\Context::setMessage('login_message_err', $i18n->__($e->getMessage())); return $this->forward(framework\Context::getRouting()->generate('login_page')); } }
/** * Import all valid users * * @param \thebuggenie\core\framework\Request $request */ public function runImportUsers(framework\Request $request) { $validgroups = framework\Context::getModule('auth_ldap')->getSetting('groups'); $base_dn = framework\Context::getModule('auth_ldap')->getSetting('b_dn'); $dn_attr = framework\Context::getModule('auth_ldap')->getSetting('dn_attr'); $username_attr = framework\Context::getModule('auth_ldap')->getSetting('u_attr'); $fullname_attr = framework\Context::getModule('auth_ldap')->getSetting('f_attr'); $buddyname_attr = framework\Context::getModule('auth_ldap')->getSetting('b_attr'); $email_attr = framework\Context::getModule('auth_ldap')->getSetting('e_attr'); $groups_members_attr = framework\Context::getModule('auth_ldap')->getSetting('g_attr'); $user_class = framework\Context::getModule('auth_ldap')->getSetting('u_type'); $group_class = framework\Context::getModule('auth_ldap')->getSetting('g_type'); $users = array(); $importcount = 0; $updatecount = 0; try { /* * Connect and bind to the control user */ $connection = framework\Context::getModule('auth_ldap')->connect(); framework\Context::getModule('auth_ldap')->bind($connection, framework\Context::getModule('auth_ldap')->getSetting('control_user'), framework\Context::getModule('auth_ldap')->getSetting('control_pass')); /* * Get a list of all users of a certain objectClass */ $fields = array($fullname_attr, $buddyname_attr, $username_attr, $email_attr, 'cn', $dn_attr); $filter = '(objectClass=' . framework\Context::getModule('auth_ldap')->escape($user_class) . ')'; $results = ldap_search($connection, $base_dn, $filter, $fields); if (!$results) { framework\Logging::log('failed to search for users: ' . ldap_error($connection), 'ldap', framework\Logging::LEVEL_FATAL); throw new \Exception(framework\Context::geti18n()->__('Search failed: ') . ldap_error($connection)); } $data = ldap_get_entries($connection, $results); /* * For every user that exists, process it. */ for ($i = 0; $i != $data['count']; $i++) { $user_dn = $data[$i][strtolower($dn_attr)][0]; /* * If groups are specified, perform group restriction tests */ if ($validgroups != '') { /* * We will repeat this for every group, but groups are supplied as a comma-separated list */ if (strstr($validgroups, ',')) { $groups = explode(',', $validgroups); } else { $groups = array(); $groups[] = $validgroups; } // Assumed we are initially banned $allowed = false; foreach ($groups as $group) { // No need to carry on looking if we have access if ($allowed == true) { continue; } /* * Find the group we are looking for, we search the entire directory * We want to find 1 group, if we don't get 1, silently ignore this group. */ $fields2 = array($groups_members_attr); $filter2 = '(&(cn=' . framework\Context::getModule('auth_ldap')->escape($group) . ')(objectClass=' . framework\Context::getModule('auth_ldap')->escape($group_class) . '))'; $results2 = ldap_search($connection, $base_dn, $filter2, $fields2); if (!$results2) { framework\Logging::log('failed to search for user: '******'ldap', framework\Logging::LEVEL_FATAL); throw new \Exception(framework\Context::geti18n()->__('Search failed: ') . ldap_error($connection)); } $data2 = ldap_get_entries($connection, $results2); if ($data2['count'] != 1) { continue; } /* * Look through the group's member list. If we are found, grant access. */ foreach ($data2[0][strtolower($groups_members_attr)] as $member) { $member = preg_replace('/(?<=,) +(?=[a-zA-Z])/', '', $member); $user_dn = preg_replace('/(?<=,) +(?=[a-zA-Z])/', '', $user_dn); if (!is_numeric($member) && strtolower($member) == strtolower($user_dn)) { $allowed = true; } } } if ($allowed == false) { continue; } } $users[$i] = array(); /* * Set user's properties. * Realname is obtained from directory, if not found we set it to the username * Email is obtained from directory, if not found we set it to blank */ if (!array_key_exists(strtolower($fullname_attr), $data[$i])) { $users[$i]['realname'] = $data[$i]['cn'][0]; } else { $users[$i]['realname'] = $data[$i][strtolower($fullname_attr)][0]; } if (!array_key_exists(strtolower($buddyname_attr), $data[$i])) { $users[$i]['buddyname'] = $data[$i]['cn'][0]; } else { $users[$i]['buddyname'] = $data[$i][strtolower($buddyname_attr)][0]; } if (!array_key_exists(strtolower($email_attr), $data[$i])) { $users[$i]['email'] = ''; } else { $users[$i]['email'] = $data[$i][strtolower($email_attr)][0]; } $users[$i]['username'] = $data[$i][strtolower($username_attr)][0]; } } catch (\Exception $e) { framework\Context::setMessage('module_error', framework\Context::getI18n()->__('Import failed')); framework\Context::setMessage('module_error_details', $e->getMessage()); $this->forward(framework\Context::getRouting()->generate('configure_module', array('config_module' => 'auth_ldap'))); } /* * For every user that was found, either create a new user object, or update * the existing one. This will update the created and updated counts as appropriate. */ foreach ($users as $ldapuser) { $username = $ldapuser['username']; $email = $ldapuser['email']; $realname = $ldapuser['realname']; $buddyname = $ldapuser['buddyname']; try { $user = \thebuggenie\core\entities\User::getByUsername($username); if ($user instanceof \thebuggenie\core\entities\User) { $user->setRealname($realname); $user->setEmail($email); // update email address $user->save(); $updatecount++; } else { // create user $user = new \thebuggenie\core\entities\User(); $user->setUsername($username); $user->setRealname($realname); $user->setBuddyname($buddyname); $user->setEmail($email); $user->setEnabled(); $user->setActivated(); $user->setPassword($user->getJoinedDate() . $username); $user->setJoined(); $user->save(); $importcount++; } } catch (\Exception $e) { ldap_unbind($connection); framework\Context::setMessage('module_error', framework\Context::getI18n()->__('Import failed')); framework\Context::setMessage('module_error_details', $e->getMessage()); $this->forward(framework\Context::getRouting()->generate('configure_module', array('config_module' => 'auth_ldap'))); } } ldap_unbind($connection); framework\Context::setMessage('module_message', framework\Context::getI18n()->__('Import successful! %imp users imported, %upd users updated from LDAP', array('%imp' => $importcount, '%upd' => $updatecount))); $this->forward(framework\Context::getRouting()->generate('configure_module', array('config_module' => 'auth_ldap'))); }