protected final function _prepare()
{
if ($this->hasProvidedArgument('server')) {
$this->_current_remote_server = $this->getProvidedArgument('server');
} elseif (file_exists(THEBUGGENIE_PATH . '.remote_server')) {
$this->_current_remote_server = file_get_contents(THEBUGGENIE_PATH . '.remote_server');
} else {
throw new Exception("Please specify an installation of The Bug Genie to connect to by running the set_remote command first.");
}
if ($this->hasProvidedArgument('username')) {
$this->_current_remote_user = $this->getProvidedArgument('username');
} elseif (file_exists(THEBUGGENIE_PATH . '.remote_username')) {
$this->_current_remote_user = file_get_contents(THEBUGGENIE_PATH . '.remote_username');
} else {
$this->_current_remote_user = TBGContext::getCurrentCLIusername();
}
if (file_exists(THEBUGGENIE_PATH . '.remote_password_hash')) {
$this->_current_remote_password_hash = file_get_contents(THEBUGGENIE_PATH . '.remote_password_hash');
} else {
$this->cliEcho('Please enter the password for user ');
$this->cliEcho($this->_getCurrentRemoteUser(), 'white', 'bold');
$this->cliEcho(' (the password will not be stored): ');
$this->_current_remote_password_hash = TBGUser::hashPassword($this->_getCliInput());
}
}
public function do_execute()
{
$this->cliEcho('Authenticating with server: ');
$this->cliEcho($this->getProvidedArgument('server_url'), 'white', 'bold');
$this->cliEcho("\n");
$path = THEBUGGENIE_CONFIG_PATH;
try {
file_put_contents($path . '.remote_server', $this->getProvidedArgument('server_url'));
} catch (Exception $e) {
$path = getenv('HOME') . DS;
file_put_contents($path . '.remote_server', $this->getProvidedArgument('server_url'));
}
$this->cliEcho('Authenticating as user: '******'username', TBGContext::getCurrentCLIusername());
$this->cliEcho($username, 'white', 'bold');
$this->cliEcho("\n");
file_put_contents($path . '.remote_username', $username);
$this->_current_remote_server = file_get_contents($path . '.remote_server');
$this->cliEcho("\n");
$this->cliEcho('You need to authenticate using an application-specific password.');
$this->cliEcho("\n");
$this->cliEcho("Create an application password from your account's 'Security' tab.");
$this->cliEcho("\n");
$this->cliEcho("Enter the application-specific password: "******"Authentication successful!\n", 'white', 'bold');
}
/**
* Returns the logged in user, or default user if not logged in
*
* @param TBGRequest $request
* @param TBGAction $action
*
* @return TBGUser
*/
public static function loginCheck(TBGRequest $request, TBGAction $action)
{
try {
$authentication_method = $action->getAuthenticationMethodForAction(TBGContext::getRouting()->getCurrentRouteAction());
$user = null;
$external = false;
switch ($authentication_method) {
case TBGAction::AUTHENTICATION_METHOD_ELEVATED:
case TBGAction::AUTHENTICATION_METHOD_CORE:
$username = $request['tbg3_username'];
$password = $request['tbg3_password'];
if ($authentication_method == TBGAction::AUTHENTICATION_METHOD_ELEVATED) {
$elevated_password = $request['tbg3_elevated_password'];
}
$raw = true;
// If no username and password specified, check if we have a session that exists already
if ($username === null && $password === null) {
if (TBGContext::getRequest()->hasCookie('tbg3_username') && TBGContext::getRequest()->hasCookie('tbg3_password')) {
$username = TBGContext::getRequest()->getCookie('tbg3_username');
$password = TBGContext::getRequest()->getCookie('tbg3_password');
$user = TBGUsersTable::getTable()->getByUsername($username);
if ($authentication_method == TBGAction::AUTHENTICATION_METHOD_ELEVATED) {
$elevated_password = TBGContext::getRequest()->getCookie('tbg3_elevated_password');
if ($user instanceof TBGUser && !$user->hasPasswordHash($password)) {
$user = null;
} else {
if ($user instanceof TBGUser && !$user->hasPasswordHash($elevated_password)) {
TBGContext::setUser($user);
TBGContext::getRouting()->setCurrentRouteName('elevated_login_page');
throw new TBGElevatedLoginException('reenter');
}
}
} else {
if ($user instanceof TBGUser && !$user->hasPasswordHash($password)) {
$user = null;
}
}
$raw = false;
if (!$user instanceof TBGUser) {
TBGContext::logout();
throw new Exception('No such login');
}
}
}
// If we have authentication details, validate them
if (TBGSettings::isUsingExternalAuthenticationBackend() && $username !== null && $password !== null) {
$external = true;
TBGLogging::log('Authenticating with backend: ' . TBGSettings::getAuthenticationBackend(), 'auth', TBGLogging::LEVEL_INFO);
try {
$mod = TBGContext::getModule(TBGSettings::getAuthenticationBackend());
if ($mod->getType() !== TBGModule::MODULE_AUTH) {
TBGLogging::log('Auth module is not the right type', 'auth', TBGLogging::LEVEL_FATAL);
}
if (TBGContext::getRequest()->hasCookie('tbg3_username') && TBGContext::getRequest()->hasCookie('tbg3_password')) {
$user = $mod->verifyLogin($username, $password);
} else {
$user = $mod->doLogin($username, $password);
}
if (!$user instanceof TBGUser) {
// Invalid
TBGContext::logout();
throw new Exception('No such login');
//TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login'));
}
} catch (Exception $e) {
throw $e;
}
} elseif (TBGSettings::isUsingExternalAuthenticationBackend()) {
$external = true;
TBGLogging::log('Authenticating without credentials with backend: ' . TBGSettings::getAuthenticationBackend(), 'auth', TBGLogging::LEVEL_INFO);
try {
$mod = TBGContext::getModule(TBGSettings::getAuthenticationBackend());
if ($mod->getType() !== TBGModule::MODULE_AUTH) {
TBGLogging::log('Auth module is not the right type', 'auth', TBGLogging::LEVEL_FATAL);
}
$user = $mod->doAutoLogin();
if ($user == false) {
// Invalid
TBGContext::logout();
throw new Exception('No such login');
//TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login'));
}
} catch (Exception $e) {
throw $e;
}
} elseif ($username !== null && $password !== null && !$user instanceof TBGUser) {
$external = false;
TBGLogging::log('Using internal authentication', 'auth', TBGLogging::LEVEL_INFO);
$user = TBGUsersTable::getTable()->getByUsername($username);
if (!$user->hasPassword($password)) {
$user = null;
}
if (!$user instanceof TBGUser) {
TBGContext::logout();
}
}
break;
case TBGAction::AUTHENTICATION_METHOD_DUMMY:
$user = TBGUsersTable::getTable()->getByUserID(TBGSettings::getDefaultUserID());
break;
case TBGAction::AUTHENTICATION_METHOD_CLI:
$user = TBGUsersTable::getTable()->getByUsername(TBGContext::getCurrentCLIusername());
break;
case TBGAction::AUTHENTICATION_METHOD_RSS_KEY:
$user = TBGUsersTable::getTable()->getByRssKey($request['rsskey']);
break;
case TBGAction::AUTHENTICATION_METHOD_APPLICATION_PASSWORD:
$user = TBGUsersTable::getTable()->getByUsername($request['api_username']);
if (!$user->authenticateApplicationPassword($request['api_token'])) {
$user = null;
}
break;
default:
if (!TBGSettings::isLoginRequired()) {
$user = TBGUsersTable::getTable()->getByUserID(TBGSettings::getDefaultUserID());
}
}
if ($user instanceof TBGUser) {
if (!$user->isActivated()) {
throw new Exception('This account has not been activated yet');
} elseif (!$user->isEnabled()) {
throw new Exception('This account has been suspended');
} elseif (!$user->isConfirmedMemberOfScope(TBGContext::getScope())) {
if (!TBGSettings::isRegistrationAllowed()) {
throw new Exception('This account does not have access to this scope');
}
}
if ($external == false && $authentication_method == TBGAction::AUTHENTICATION_METHOD_CORE) {
$password = $user->getHashPassword();
if (!$request->hasCookie('tbg3_username')) {
if ($request->getParameter('tbg3_rememberme')) {
TBGContext::getResponse()->setCookie('tbg3_username', $user->getUsername());
TBGContext::getResponse()->setCookie('tbg3_password', $user->getPassword());
} else {
TBGContext::getResponse()->setSessionCookie('tbg3_username', $user->getUsername());
TBGContext::getResponse()->setSessionCookie('tbg3_password', $user->getPassword());
}
}
}
} elseif (TBGSettings::isLoginRequired()) {
throw new Exception('Login required');
} else {
throw new Exception('No such login');
}
} catch (Exception $e) {
throw $e;
}
return $user;
}
/**
* Returns the logged in user, or default user if not logged in
*
* @param string $uname
* @param string $upwd
*
* @return TBGUser
*/
public static function loginCheck($username = null, $password = null)
{
try {
$row = null;
// If no username and password specified, check if we have a session that exists already
if ($username === null && $password === null) {
if (TBGContext::getRequest()->hasCookie('tbg3_username') && TBGContext::getRequest()->hasCookie('tbg3_password')) {
$username = TBGContext::getRequest()->getCookie('tbg3_username');
$password = TBGContext::getRequest()->getCookie('tbg3_password');
$row = TBGUsersTable::getTable()->getByUsernameAndPassword($username, $password);
if (!$row) {
TBGContext::getResponse()->deleteCookie('tbg3_username');
TBGContext::getResponse()->deleteCookie('tbg3_password');
throw new Exception('No such login');
//TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login'));
}
}
}
// If we have authentication details, validate them
if (TBGSettings::getAuthenticationBackend() !== null && TBGSettings::getAuthenticationBackend() !== 'tbg' && $username !== null && $password !== null) {
TBGLogging::log('Authenticating with backend: ' . TBGSettings::getAuthenticationBackend(), 'auth', TBGLogging::LEVEL_INFO);
try {
$mod = TBGContext::getModule(TBGSettings::getAuthenticationBackend());
if ($mod->getType() !== TBGModule::MODULE_AUTH) {
TBGLogging::log('Auth module is not the right type', 'auth', TBGLogging::LEVEL_FATAL);
throw new Exception('Invalid module type');
}
if (TBGContext::getRequest()->hasCookie('tbg3_username') && TBGContext::getRequest()->hasCookie('tbg3_password')) {
$row = $mod->verifyLogin($username, $password);
} else {
$row = $mod->doLogin($username, $password);
}
if (!$row) {
// Invalid
TBGContext::getResponse()->deleteCookie('tbg3_username');
TBGContext::getResponse()->deleteCookie('tbg3_password');
throw new Exception('No such login');
//TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login'));
}
} catch (Exception $e) {
throw $e;
}
} elseif ($username !== null && $password !== null) {
TBGLogging::log('Using internal authentication', 'auth', TBGLogging::LEVEL_INFO);
// First test a pre-encrypted password
$row = TBGUsersTable::getTable()->getByUsernameAndPassword($username, $password);
if (!$row) {
// Then test an unencrypted password
$row = TBGUsersTable::getTable()->getByUsernameAndPassword($username, self::hashPassword($password));
if (!$row) {
// This is a legacy account from a 2.1 upgrade - try md5
$row = TBGUsersTable::getTable()->getByUsernameAndPassword($username, md5($password));
if (!$row) {
// Invalid
TBGContext::getResponse()->deleteCookie('tbg3_username');
TBGContext::getResponse()->deleteCookie('tbg3_password');
throw new Exception('No such login');
//TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login'));
} else {
// convert md5 to new password type
$user = new TBGUser($row->get(TBGUsersTable::ID), $row);
$user->changePassword($password);
$user->save();
unset($user);
}
}
}
} elseif (TBGContext::isCLI()) {
$row = TBGUsersTable::getTable()->getByUsername(TBGContext::getCurrentCLIusername());
} elseif (!TBGSettings::isLoginRequired()) {
$row = TBGUsersTable::getTable()->getByUserID(TBGSettings::getDefaultUserID());
}
if ($row) {
if (!$row->get(TBGScopesTable::ENABLED)) {
throw new Exception('This account belongs to a scope that is not active');
} elseif (!$row->get(TBGUsersTable::ACTIVATED)) {
throw new Exception('This account has not been activated yet');
} elseif (!$row->get(TBGUsersTable::ENABLED)) {
throw new Exception('This account has been suspended');
}
$user = TBGContext::factory()->TBGUser($row->get(TBGUsersTable::ID), $row);
} elseif (TBGSettings::isLoginRequired()) {
throw new Exception('Login required');
} else {
throw new Exception('No such login');
}
} catch (Exception $e) {
throw $e;
}
return $user;
}
