protected final function _prepare() { if ($this->hasProvidedArgument('server')) { $this->_current_remote_server = $this->getProvidedArgument('server'); } elseif (file_exists(THEBUGGENIE_PATH . '.remote_server')) { $this->_current_remote_server = file_get_contents(THEBUGGENIE_PATH . '.remote_server'); } else { throw new Exception("Please specify an installation of The Bug Genie to connect to by running the set_remote command first."); } if ($this->hasProvidedArgument('username')) { $this->_current_remote_user = $this->getProvidedArgument('username'); } elseif (file_exists(THEBUGGENIE_PATH . '.remote_username')) { $this->_current_remote_user = file_get_contents(THEBUGGENIE_PATH . '.remote_username'); } else { $this->_current_remote_user = TBGContext::getCurrentCLIusername(); } if (file_exists(THEBUGGENIE_PATH . '.remote_password_hash')) { $this->_current_remote_password_hash = file_get_contents(THEBUGGENIE_PATH . '.remote_password_hash'); } else { $this->cliEcho('Please enter the password for user '); $this->cliEcho($this->_getCurrentRemoteUser(), 'white', 'bold'); $this->cliEcho(' (the password will not be stored): '); $this->_current_remote_password_hash = TBGUser::hashPassword($this->_getCliInput()); } }
public function do_execute() { $this->cliEcho('Authenticating with server: '); $this->cliEcho($this->getProvidedArgument('server_url'), 'white', 'bold'); $this->cliEcho("\n"); $path = THEBUGGENIE_CONFIG_PATH; try { file_put_contents($path . '.remote_server', $this->getProvidedArgument('server_url')); } catch (Exception $e) { $path = getenv('HOME') . DS; file_put_contents($path . '.remote_server', $this->getProvidedArgument('server_url')); } $this->cliEcho('Authenticating as user: '******'username', TBGContext::getCurrentCLIusername()); $this->cliEcho($username, 'white', 'bold'); $this->cliEcho("\n"); file_put_contents($path . '.remote_username', $username); $this->_current_remote_server = file_get_contents($path . '.remote_server'); $this->cliEcho("\n"); $this->cliEcho('You need to authenticate using an application-specific password.'); $this->cliEcho("\n"); $this->cliEcho("Create an application password from your account's 'Security' tab."); $this->cliEcho("\n"); $this->cliEcho("Enter the application-specific password: "******"Authentication successful!\n", 'white', 'bold'); }
/** * Returns the logged in user, or default user if not logged in * * @param TBGRequest $request * @param TBGAction $action * * @return TBGUser */ public static function loginCheck(TBGRequest $request, TBGAction $action) { try { $authentication_method = $action->getAuthenticationMethodForAction(TBGContext::getRouting()->getCurrentRouteAction()); $user = null; $external = false; switch ($authentication_method) { case TBGAction::AUTHENTICATION_METHOD_ELEVATED: case TBGAction::AUTHENTICATION_METHOD_CORE: $username = $request['tbg3_username']; $password = $request['tbg3_password']; if ($authentication_method == TBGAction::AUTHENTICATION_METHOD_ELEVATED) { $elevated_password = $request['tbg3_elevated_password']; } $raw = true; // If no username and password specified, check if we have a session that exists already if ($username === null && $password === null) { if (TBGContext::getRequest()->hasCookie('tbg3_username') && TBGContext::getRequest()->hasCookie('tbg3_password')) { $username = TBGContext::getRequest()->getCookie('tbg3_username'); $password = TBGContext::getRequest()->getCookie('tbg3_password'); $user = TBGUsersTable::getTable()->getByUsername($username); if ($authentication_method == TBGAction::AUTHENTICATION_METHOD_ELEVATED) { $elevated_password = TBGContext::getRequest()->getCookie('tbg3_elevated_password'); if ($user instanceof TBGUser && !$user->hasPasswordHash($password)) { $user = null; } else { if ($user instanceof TBGUser && !$user->hasPasswordHash($elevated_password)) { TBGContext::setUser($user); TBGContext::getRouting()->setCurrentRouteName('elevated_login_page'); throw new TBGElevatedLoginException('reenter'); } } } else { if ($user instanceof TBGUser && !$user->hasPasswordHash($password)) { $user = null; } } $raw = false; if (!$user instanceof TBGUser) { TBGContext::logout(); throw new Exception('No such login'); } } } // If we have authentication details, validate them if (TBGSettings::isUsingExternalAuthenticationBackend() && $username !== null && $password !== null) { $external = true; TBGLogging::log('Authenticating with backend: ' . TBGSettings::getAuthenticationBackend(), 'auth', TBGLogging::LEVEL_INFO); try { $mod = TBGContext::getModule(TBGSettings::getAuthenticationBackend()); if ($mod->getType() !== TBGModule::MODULE_AUTH) { TBGLogging::log('Auth module is not the right type', 'auth', TBGLogging::LEVEL_FATAL); } if (TBGContext::getRequest()->hasCookie('tbg3_username') && TBGContext::getRequest()->hasCookie('tbg3_password')) { $user = $mod->verifyLogin($username, $password); } else { $user = $mod->doLogin($username, $password); } if (!$user instanceof TBGUser) { // Invalid TBGContext::logout(); throw new Exception('No such login'); //TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login')); } } catch (Exception $e) { throw $e; } } elseif (TBGSettings::isUsingExternalAuthenticationBackend()) { $external = true; TBGLogging::log('Authenticating without credentials with backend: ' . TBGSettings::getAuthenticationBackend(), 'auth', TBGLogging::LEVEL_INFO); try { $mod = TBGContext::getModule(TBGSettings::getAuthenticationBackend()); if ($mod->getType() !== TBGModule::MODULE_AUTH) { TBGLogging::log('Auth module is not the right type', 'auth', TBGLogging::LEVEL_FATAL); } $user = $mod->doAutoLogin(); if ($user == false) { // Invalid TBGContext::logout(); throw new Exception('No such login'); //TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login')); } } catch (Exception $e) { throw $e; } } elseif ($username !== null && $password !== null && !$user instanceof TBGUser) { $external = false; TBGLogging::log('Using internal authentication', 'auth', TBGLogging::LEVEL_INFO); $user = TBGUsersTable::getTable()->getByUsername($username); if (!$user->hasPassword($password)) { $user = null; } if (!$user instanceof TBGUser) { TBGContext::logout(); } } break; case TBGAction::AUTHENTICATION_METHOD_DUMMY: $user = TBGUsersTable::getTable()->getByUserID(TBGSettings::getDefaultUserID()); break; case TBGAction::AUTHENTICATION_METHOD_CLI: $user = TBGUsersTable::getTable()->getByUsername(TBGContext::getCurrentCLIusername()); break; case TBGAction::AUTHENTICATION_METHOD_RSS_KEY: $user = TBGUsersTable::getTable()->getByRssKey($request['rsskey']); break; case TBGAction::AUTHENTICATION_METHOD_APPLICATION_PASSWORD: $user = TBGUsersTable::getTable()->getByUsername($request['api_username']); if (!$user->authenticateApplicationPassword($request['api_token'])) { $user = null; } break; default: if (!TBGSettings::isLoginRequired()) { $user = TBGUsersTable::getTable()->getByUserID(TBGSettings::getDefaultUserID()); } } if ($user instanceof TBGUser) { if (!$user->isActivated()) { throw new Exception('This account has not been activated yet'); } elseif (!$user->isEnabled()) { throw new Exception('This account has been suspended'); } elseif (!$user->isConfirmedMemberOfScope(TBGContext::getScope())) { if (!TBGSettings::isRegistrationAllowed()) { throw new Exception('This account does not have access to this scope'); } } if ($external == false && $authentication_method == TBGAction::AUTHENTICATION_METHOD_CORE) { $password = $user->getHashPassword(); if (!$request->hasCookie('tbg3_username')) { if ($request->getParameter('tbg3_rememberme')) { TBGContext::getResponse()->setCookie('tbg3_username', $user->getUsername()); TBGContext::getResponse()->setCookie('tbg3_password', $user->getPassword()); } else { TBGContext::getResponse()->setSessionCookie('tbg3_username', $user->getUsername()); TBGContext::getResponse()->setSessionCookie('tbg3_password', $user->getPassword()); } } } } elseif (TBGSettings::isLoginRequired()) { throw new Exception('Login required'); } else { throw new Exception('No such login'); } } catch (Exception $e) { throw $e; } return $user; }
/** * Returns the logged in user, or default user if not logged in * * @param string $uname * @param string $upwd * * @return TBGUser */ public static function loginCheck($username = null, $password = null) { try { $row = null; // If no username and password specified, check if we have a session that exists already if ($username === null && $password === null) { if (TBGContext::getRequest()->hasCookie('tbg3_username') && TBGContext::getRequest()->hasCookie('tbg3_password')) { $username = TBGContext::getRequest()->getCookie('tbg3_username'); $password = TBGContext::getRequest()->getCookie('tbg3_password'); $row = TBGUsersTable::getTable()->getByUsernameAndPassword($username, $password); if (!$row) { TBGContext::getResponse()->deleteCookie('tbg3_username'); TBGContext::getResponse()->deleteCookie('tbg3_password'); throw new Exception('No such login'); //TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login')); } } } // If we have authentication details, validate them if (TBGSettings::getAuthenticationBackend() !== null && TBGSettings::getAuthenticationBackend() !== 'tbg' && $username !== null && $password !== null) { TBGLogging::log('Authenticating with backend: ' . TBGSettings::getAuthenticationBackend(), 'auth', TBGLogging::LEVEL_INFO); try { $mod = TBGContext::getModule(TBGSettings::getAuthenticationBackend()); if ($mod->getType() !== TBGModule::MODULE_AUTH) { TBGLogging::log('Auth module is not the right type', 'auth', TBGLogging::LEVEL_FATAL); throw new Exception('Invalid module type'); } if (TBGContext::getRequest()->hasCookie('tbg3_username') && TBGContext::getRequest()->hasCookie('tbg3_password')) { $row = $mod->verifyLogin($username, $password); } else { $row = $mod->doLogin($username, $password); } if (!$row) { // Invalid TBGContext::getResponse()->deleteCookie('tbg3_username'); TBGContext::getResponse()->deleteCookie('tbg3_password'); throw new Exception('No such login'); //TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login')); } } catch (Exception $e) { throw $e; } } elseif ($username !== null && $password !== null) { TBGLogging::log('Using internal authentication', 'auth', TBGLogging::LEVEL_INFO); // First test a pre-encrypted password $row = TBGUsersTable::getTable()->getByUsernameAndPassword($username, $password); if (!$row) { // Then test an unencrypted password $row = TBGUsersTable::getTable()->getByUsernameAndPassword($username, self::hashPassword($password)); if (!$row) { // This is a legacy account from a 2.1 upgrade - try md5 $row = TBGUsersTable::getTable()->getByUsernameAndPassword($username, md5($password)); if (!$row) { // Invalid TBGContext::getResponse()->deleteCookie('tbg3_username'); TBGContext::getResponse()->deleteCookie('tbg3_password'); throw new Exception('No such login'); //TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login')); } else { // convert md5 to new password type $user = new TBGUser($row->get(TBGUsersTable::ID), $row); $user->changePassword($password); $user->save(); unset($user); } } } } elseif (TBGContext::isCLI()) { $row = TBGUsersTable::getTable()->getByUsername(TBGContext::getCurrentCLIusername()); } elseif (!TBGSettings::isLoginRequired()) { $row = TBGUsersTable::getTable()->getByUserID(TBGSettings::getDefaultUserID()); } if ($row) { if (!$row->get(TBGScopesTable::ENABLED)) { throw new Exception('This account belongs to a scope that is not active'); } elseif (!$row->get(TBGUsersTable::ACTIVATED)) { throw new Exception('This account has not been activated yet'); } elseif (!$row->get(TBGUsersTable::ENABLED)) { throw new Exception('This account has been suspended'); } $user = TBGContext::factory()->TBGUser($row->get(TBGUsersTable::ID), $row); } elseif (TBGSettings::isLoginRequired()) { throw new Exception('Login required'); } else { throw new Exception('No such login'); } } catch (Exception $e) { throw $e; } return $user; }