public function processRequest(MMapRequest $request, MMapResponse $response)
{
ob_start('mb_output_handler');
MMapManager::startSession();
MMapManager::checkSessionExpiration();
$username = $request->issetPOST('username') ? $request->getPOST('username') : '';
$password = $request->issetPOST('password') ? $request->getPOST('password') : '';
$loginPage = $request->issetPOST('loginPage') ? $request->getPOST('loginPage') : '';
$subject = new Subject();
$loginContext = new LoginContext('eyeos-login', $subject);
$cred = new EyeosPasswordCredential();
$cred->setUsername($username);
$cred->setPassword($password, true);
$subject->getPrivateCredentials()->append($cred);
try {
$loginContext->login();
$memoryManager = MemoryManager::getInstance();
Kernel::enterSystemMode();
$memoryManager->set('isExternLogin', 1);
$memoryManager->set('username', $username);
$memoryManager->set('password', $password);
$memoryManager->set('loginPage', $loginPage);
Kernel::exitSystemMode();
header("Location: index.php");
} catch (Exception $e) {
header("Location:" . $loginPage . "?errorLogin=1");
}
}
public function processRequest(MMapRequest $request, MMapResponse $response)
{
$oauth_verifier = null;
$oauth_token = null;
if ($request->issetGET('oauth_verifier')) {
$oauth_verifier = $request->getGET('oauth_verifier');
}
if ($request->issetGET('oauth_token')) {
$oauth_token = $request->getGET('oauth_token');
}
if ($oauth_verifier && $oauth_token) {
$response->getHeaders()->append('Content-type: text/html');
$body = '<html>
<div id="logo_eyeos" style="margin: 0 auto;width:350"> <img src="eyeos/extern/images/logo-eyeos.jpg"/></div>
<div style="margin: 0 auto;width:350;text-align:center"><span style="font-family:Verdana;font-size:20px;">Successful authentication.<br>Back to Eyeos.</span></div>
</html>';
$response->getHeaders()->append('Content-Length: ' . strlen($body));
$response->getHeaders()->append('Accept-Ranges: bytes');
$response->getHeaders()->append('X-Pad: avoid browser bug');
$response->getHeaders()->append('Cache-Control: ');
$response->getHeaders()->append('pragma: ');
$response->setBody($body);
try {
$userRoot = UMManager::getInstance()->getUserByName('root');
} catch (EyeNoSuchUserException $e) {
throw new EyeFailedLoginException('Unknown user root"' . '". Cannot proceed to login.', 0, $e);
}
$subject = new Subject();
$loginContext = new LoginContext('eyeos-login', $subject);
$cred = new EyeosPasswordCredential();
$cred->setUsername('root');
$cred->setPassword($userRoot->getPassword(), false);
$subject->getPrivateCredentials()->append($cred);
$loginContext->login();
Kernel::enterSystemMode();
$appProcess = new Process('stacksync');
$appProcess->setPid('31338');
$mem = MemoryManager::getInstance();
$processTable = $mem->get('processTable', array());
$processTable[31338] = $appProcess;
$mem->set('processTable', $processTable);
$appProcess->setLoginContext($loginContext);
ProcManager::getInstance()->setCurrentProcess($appProcess);
kernel::exitSystemMode();
$token = new stdClass();
$token->oauth_verifier = $oauth_verifier;
$token->oauth_token = $oauth_token;
$group = UMManager::getInstance()->getGroupByName('users');
$users = UMManager::getInstance()->getAllUsersFromGroup($group);
foreach ($users as $user) {
$NetSyncMessage = new NetSyncMessage('cloud', 'token', $user->getId(), $token);
NetSyncController::getInstance()->send($NetSyncMessage);
}
}
}
public function testLogin()
{
$subject = new Subject();
$sharedState = new ArrayList();
$options = array();
/**** wrong password ****/
$cred = new EyeosPasswordCredential();
$cred->setUsername('userLogin0');
$cred->setPassword('wrongPass', true);
$subject->getPrivateCredentials()->append($cred);
$this->fixture->initialize($subject, $sharedState, $options);
try {
$this->fixture->login();
$this->fail();
} catch (EyeLoginException $e) {
// normal situation
}
$this->assertEquals(1, $subject->getPrivateCredentials()->count());
$subject->getPrivateCredentials()->remove($cred);
$this->assertEquals(0, $subject->getPrivateCredentials()->count());
/**** nonexisting user ****/
$cred = new EyeosPasswordCredential();
$cred->setUsername('john');
$cred->setPassword('userPassword0', true);
$subject->getPrivateCredentials()->append($cred);
$this->fixture->initialize($subject, $sharedState, $options);
try {
$this->fixture->login();
$this->fail();
} catch (EyeLoginException $e) {
// normal situation
}
$this->assertEquals(1, $subject->getPrivateCredentials()->count());
$subject->getPrivateCredentials()->remove($cred);
$this->assertEquals(0, $subject->getPrivateCredentials()->count());
/**** no password credential ****/
$this->fixture->initialize($subject, $sharedState, $options);
try {
$this->fixture->login();
$this->fail();
} catch (EyeLoginException $e) {
// normal situation
}
/**** good login/pass ****/
$cred = new EyeosPasswordCredential();
$cred->setUsername('userLogin0');
$cred->setPassword('userPassword0', true);
$subject->getPrivateCredentials()->append($cred);
$this->fixture->initialize($subject, $sharedState, $options);
$this->assertTrue($this->fixture->login());
}
public function processRequest(MMapRequest $request, MMapResponse $response)
{
ob_start('mb_output_handler');
$return = null;
$dataManager = DataManager::getInstance();
$POST = $request->getPOST();
$params = array();
if (isset($POST['params'])) {
$params = $dataManager->doInput($POST['params']);
} else {
if ($request->issetGET('params')) {
$params = $request->getGET('params');
}
}
//login in the system and get a valid login context
$subject = new Subject();
$loginContext = new LoginContext('eyeos-login', $subject);
$cred = new EyeosPasswordCredential();
$cred->setUsername($_REQUEST['username']);
$cred->setPassword($_REQUEST['password'], true);
$subject->getPrivateCredentials()->append($cred);
$loginContext->login();
//now create fake process called api
Kernel::enterSystemMode();
$appProcess = new Process('api');
$appProcess->setPid('31337');
$mem = MemoryManager::getInstance();
$processTable = $mem->get('processTable', array());
$processTable[31337] = $appProcess;
$mem->set('processTable', $processTable);
$appProcess->setLoginContext($loginContext);
ProcManager::getInstance()->setCurrentProcess($appProcess);
kernel::exitSystemMode();
$return = call_user_func_array(array('EyeosApplicationExecutable', '__callModule'), array($request->getPOST('module'), $request->getPOST('name'), $params));
//try to force mime type. If there is a previous mime type defined at application level
//this have no effect
if (!headers_sent()) {
$response->getHeaders()->append('Content-type:text/plain');
}
if ($response->getBodyRenderer() === null && $response->getBody() == '') {
$response->setBodyRenderer(new DataManagerBodyRenderer($return));
}
}
/**
* @param array $params(0 => username, 1 => password)
*/
public static function login($params)
{
$username = $params[0];
$password = $params[1];
$currentProcess = ProcManager::getInstance()->getCurrentProcess();
$currentLoginContextName = $currentProcess->getLoginContext()->getName();
$subject = new Subject();
$newLoginContext = new LoginContext($currentLoginContextName, $subject);
$cred = new EyeosPasswordCredential($username, $password);
$subject->getPrivateCredentials()->append($cred);
try {
$newLoginContext->login();
} catch (EyeLoginException $e) {
return false;
}
//login succeeded, we can replace our current login context by the new one
//which will be used by the target application to run
ProcManager::getInstance()->setProcessLoginContext($currentProcess->getPid(), $newLoginContext);
return true;
}
public static function register($params)
{
/* verify permissions again */
$meta = MetaManager::getInstance()->retrieveMeta(kernel::getInstance('SecurityManager'))->getAll();
if (isset($meta['register']) && $meta['register'] == 'false') {
return 'unable to register';
}
$procManager = ProcManager::getInstance();
$savedLoginContext = $procManager->getCurrentProcess()->getLoginContext();
try {
$name = $params[0];
$surname = $params[1];
$username = $params[2];
$password = $params[3];
$email = $params[4];
if (!$name || !$surname || !$username || !$password || !$email) {
return 'incomplete';
}
$myUManager = UMManager::getInstance();
// check existence
$exists = false;
try {
$myUManager->getUserByName($username);
$exists = true;
} catch (EyeNoSuchUserException $e) {
}
if ($exists) {
throw new EyeUserAlreadyExistsException('User with name "' . $username . '" already exists.');
}
$meta = new BasicMetaData();
$meta->set('eyeos.user.email', $email);
$userIds = MetaManager::getInstance()->searchMeta(new EyeosUser(), $meta);
if (count($userIds) != 0) {
throw new EyeUserAlreadyExistsException('User with email "' . $email . '" already exists.');
}
//create the user
$user = $myUManager->getNewUserInstance();
$user->setName($username);
$user->setPassword($password, true);
$user->setPrimaryGroupId($myUManager->getGroupByName(SERVICE_UM_DEFAULTUSERSGROUP)->getId());
$myUManager->createUser($user);
//login in the system with new user, if this works, for sure the user exists, even with the
//most complex and strange errors
$myUManager = UMManager::getInstance();
$subject = new Subject();
$loginContext = new LoginContext('eyeos-login', $subject);
$cred = new EyeosPasswordCredential();
$cred->setUsername($username);
$cred->setPassword($password, true);
$subject->getPrivateCredentials()->append($cred);
$loginContext->login();
//we are logged in, so we are going to change the credentials of login
$procManager = ProcManager::getInstance();
$procList = $procManager->getProcessesList();
$currentProcess = $procManager->getCurrentProcess();
$procManager->setProcessLoginContext($currentProcess->getPid(), $loginContext);
foreach ($procList as $key => $value) {
if (strtolower($value) == 'login') {
//we are in another login in execution, this is a refresh, lets see
//if the login was correct with the old login.
$loginProcess = $procManager->getProcessByPid($key);
$procManager->setProcessLoginContext($loginProcess->getPid(), $loginContext);
}
}
// save basic metadata from form
$userMeta = MetaManager::getInstance()->retrieveMeta($user);
$userMeta->set('eyeos.user.firstname', strip_tags($name));
$userMeta->set('eyeos.user.lastname', strip_tags($surname));
$userMeta->set('eyeos.user.email', $email);
$userMeta = MetaManager::getInstance()->storeMeta($user, $userMeta);
return 'success';
} catch (Exception $e) {
// ROLLBACK
// restore login context (root probably)
$procManager->setProcessLoginContext($procManager->getCurrentProcess()->getPid(), $savedLoginContext);
//// delete invalid user created
// if (isset($user) && $user instanceof IPrincipal) {
// try {
// UMManager::getInstance()->deletePrincipal($user);
// } catch (Exception $e2) {}
// }
throw $e;
}
}
function __shutdown_test()
{
try {
// We need to be root to delete test principals
$myUManager = UMManager::getInstance();
$subject = new Subject();
$loginContext = new LoginContext('init', $subject);
$subject->getPrivateCredentials()->append(new EyeosPasswordCredential('root', 'root'));
$loginContext->login();
// we need a fake shutdown process
$procManager = ProcManager::getInstance();
$myProcess = new Process('shutdown');
$procManager->execute($myProcess);
$procManager->setProcessLoginContext($myProcess->getPid(), $loginContext);
// clean deletion of users
foreach (UMManager::getInstance()->getAllUsers() as $user) {
UMManager::getInstance()->deletePrincipal($user);
}
AdvancedPathLib::rmdirs(USERS_PATH, true);
} catch (Exception $e) {
echo 'Uncaught exception on shutdown!' . "\n";
ExceptionStackUtil::printStackTrace($e, false);
}
}
private function startProcess(AppExecutionContext $appContext)
{
$appProcess = $appContext->getProcess();
// if no process is already present in the context, create a new one
if ($appProcess === null) {
$appMeta = $appContext->getApplicationDescriptor()->getMeta();
if ($appMeta === null) {
throw new EyeNullPointerException('Missing metadata for application "' . $appContext->getApplicationDescriptor()->getName() . '"');
}
$sysParams = $appMeta->get('eyeos.application.systemParameters');
if ($appContext->getParentProcess() === null) {
// TODO should we also prevent anonymous execution to JS-only apps?
if (!isset($sysParams['anonymous']) || $sysParams['anonymous'] != 'true') {
self::$Logger->warn('Execution without checknum denied for application "' . $appContext->getApplicationDescriptor()->getName() . '".');
throw new EyeMMapException($appContext->getApplicationDescriptor()->getName() . ' application cannot be executed without a checknum.');
}
}
// execute new process
$appProcess = new Process($appContext->getApplicationDescriptor()->getName());
ProcManager::getInstance()->execute($appProcess);
$appContext->setProcess($appProcess);
// SUID
if (isset($sysParams['suid']) && $sysParams['suid'] == 'true' && !empty($sysParams['owner'])) {
try {
$owner = UMManager::getInstance()->getUserByName($sysParams['owner']);
// force login with owner
try {
$subject = new Subject();
$subject->getPrivateCredentials()->append(new EyeosPasswordCredential($sysParams['owner'], $owner->getPassword(), false));
$loginContext = new LoginContext('eyeos-login', $subject);
$loginContext->login();
} catch (Exception $e) {
self::$Logger->error('Exception caught while trying to elevate privileges by SUID to owner ' . $sysParams['owner'] . ' in application "' . $appContext->getApplicationDescriptor()->getName() . '".');
// kill unfinished process
ProcManager::getInstance()->kill($appContext->getProcess());
throw $e;
}
if (self::$Logger->isInfoEnabled()) {
self::$Logger->info('Privileges elevation successful with owner ' . $sysParams['owner'] . ' for application "' . $appContext->getApplicationDescriptor()->getName() . '".');
}
ProcManager::getInstance()->setProcessLoginContext($appProcess->getPid(), $loginContext);
} catch (Exception $e) {
self::$Logger->error('Cannot elevate privileges with owner ' . $sysParams['owner'] . ' for application "' . $appContext->getApplicationDescriptor()->getName() . '".');
throw $e;
}
}
}
}
public function testLogout()
{
$subject = new Subject();
$this->fixture = new LoginContext('eyeos-login', $subject, $this->authConfig);
$cred = new EyeosPasswordCredential();
$cred->setUsername('userLogin0');
$cred->setPassword('userPassword0', true);
$subject->getPrivateCredentials()->append($cred);
$this->assertEquals(0, count($this->fixture->getSubject()->getPrincipals()));
$this->fixture->login();
$this->assertEquals(count(self::$DefaultGroups) + 2, count($this->fixture->getSubject()->getPrincipals()));
$this->assertTrue($this->fixture->getSubject()->getPrincipals()->contains($this->user0));
$this->assertTrue($this->fixture->getSubject()->getPrincipals()->contains($this->group0));
$this->assertFalse($this->fixture->getSubject()->getPrincipals()->contains($this->user1));
$this->fixture->logout();
$this->assertEquals(0, count($this->fixture->getSubject()->getPrincipals()));
$this->assertFalse($this->fixture->getSubject()->getPrincipals()->contains($this->user0));
$this->assertFalse($this->fixture->getSubject()->getPrincipals()->contains($this->group0));
$this->assertFalse($this->fixture->getSubject()->getPrincipals()->contains($this->user1));
//TODO: try with combinations of different login modules and check if only the matching principals are removed
}
public static function resendPassword($params)
{
$mail = $params[0];
$meta = new BasicMetaData();
$meta->set('eyeos.user.email', $mail);
$userIds = MetaManager::getInstance()->searchMeta(new EyeosUser(), $meta);
if (count($userIds) == 0) {
return 0;
} else {
for ($i = 0; $i < count($userIds); $i++) {
$myUManager = UMManager::getInstance();
$user = $myUManager->getUserById($userIds[$i]);
$settings = MetaManager::getInstance()->retrieveMeta($user);
if ($settings->get('eyeos.user.email') == $mail) {
$subject = new Subject();
$loginContext = new LoginContext('eyeos-login', $subject);
$cred = new EyeosPasswordCredential();
$cred->setUsername($user->getName());
$cred->setPassword($user->getPassword(), false);
$subject->getPrivateCredentials()->append($cred);
$loginContext->login();
$procManager = ProcManager::getInstance();
$lc = $procManager->getCurrentProcess()->getLoginContext();
if (!$lc) {
$lc = new LoginContext('eyeos-login');
}
$procManager->setProcessLoginContext($procManager->getCurrentProcess()->getPid(), $loginContext);
$password = self::generatePassword();
$user->setPassword($password, true);
$myUManager->updatePrincipal($user);
$procManager->setProcessLoginContext($procManager->getCurrentProcess()->getPid(), $lc);
self::sendMailModificationPassword($mail, $user->getName(), $password);
return 1;
}
}
}
}
private function createUser($username, $password)
{
try {
$userRoot = UMManager::getInstance()->getUserByName('root');
} catch (EyeNoSuchUserException $e) {
throw new EyeFailedLoginException('Unknown user root"' . '". Cannot proceed to login.', 0, $e);
}
$subject = new Subject();
$loginContext = new LoginContext('eyeos-login', $subject);
$cred = new EyeosPasswordCredential();
$cred->setUsername('root');
$cred->setPassword($userRoot->getPassword(), false);
$subject->getPrivateCredentials()->append($cred);
$loginContext->login();
$procManager = ProcManager::getInstance();
$procManager->setProcessLoginContext($procManager->getCurrentProcess()->getPid(), $loginContext);
$myUManager = UMManager::getInstance();
$user = $myUManager->getNewUserInstance();
$user->setName($username);
$user->setPassword($password, true);
$user->setPrimaryGroupId($myUManager->getGroupByName(SERVICE_UM_DEFAULTUSERSGROUP)->getId());
$myUManager->createUser($user, 'default');
// Add Metadata
$user = $myUManager->getUserByName($username);
$meta = MetaManager::getInstance()->retrieveMeta($user);
$meta->set('eyeos.user.firstname', $username);
$meta->set('eyeos.user.lastname', '');
$meta->set('eyeos.user.email', '');
$meta->set('eyeos.user.language', 'es');
MetaManager::getInstance()->storeMeta($user, $meta);
return $user;
}
public static function changePassword($params)
{
$oldPassword = $params[0];
$newPassword = $params[1];
$currentUser = ProcManager::getInstance()->getCurrentProcess()->getLoginContext()->getEyeosUser();
$fakeUser = UMManager::getInstance()->getNewUserInstance();
$fakeUser->setName($currentUser->getName(), true);
$fakeUser->setPassword($oldPassword, true);
try {
$tmpSubject = new Subject();
$tmpSubject->getPrivateCredentials()->append(new EyeosPasswordCredential($currentUser->getName(), $oldPassword));
$tmpLoginContext = new LoginContext('eyeos-login', $tmpSubject);
$tmpLoginContext->login();
unset($tmpSubject);
unset($tmpLoginContext);
} catch (EyeLoginException $e) {
throw new EyeLoginException('The old password supplied is not correct');
//return false;
}
// Here we need to apply the new password on a copy of the object: in case the update fails
// we don't want the login context to be in an inconsistent state (user with unsynchronized password)
$currentUserCopy = clone $currentUser;
$currentUserCopy->setPassword($newPassword, true);
UMManager::getInstance()->updatePrincipal($currentUserCopy);
//If and only if the update process is successful, we can update the object in the login context
$currentUser->setPassword($newPassword, true);
return true;
// return md5($newPassword . $newPassword . $newPassword);
}
