public function do_execute() { $this->cliEcho("\n"); $this->cliEcho("Revert authentication backend\n", 'white', 'bold'); $this->cliEcho("This command is useful if you've managed to lock yourself.\n"); $this->cliEcho("out due to an authentication backend change gone bad.\n\n"); if (TBGSettings::getAuthenticationBackend() == 'tbg' || TBGSettings::getAuthenticationBackend() == null) { $this->cliEcho("You are currently using the default authentication backend.\n\n"); } else { $this->cliEcho("Please type 'yes' if you want to revert to the default authentication backend: "); $this->cliEcho("\n"); if ($this->getInput() == 'yes') { TBGSettings::saveSetting(TBGSettings::SETTING_AUTH_BACKEND, 'tbg'); $this->cliEcho("Authentication backend reverted.\n\n"); } else { $this->cliEcho("No changes made.\n\n"); } } }
', 'account_tabs');" href="javascript:void(0);"><?php echo image_tag($module->getAccountSettingsLogo(), array('style' => 'float: left;'), false, $module_name) . $module->getAccountSettingsName(); ?> </a></li> <?php } ?> <?php } ?> </ul> </div> <div id="account_tabs_panes"> <div id="tab_profile_pane"> <?php if (TBGSettings::getAuthenticationBackend() != 'tbg' && TBGSettings::getAuthenticationBackend() != null) { echo tbg_parse_text(TBGSettings::get('changedetails_message'), null, null, array('embedded' => true)); } else { ?> <form accept-charset="<?php echo TBGContext::getI18n()->getCharset(); ?> " action="<?php echo make_url('account_save_information'); ?> " onsubmit="updateProfileInformation('<?php echo make_url('account_save_information'); ?> '); return false;" method="post" id="profile_information_form"> <div class="rounded_box borderless lightgrey cut_bottom" style="margin: 5px 0 0 0; width: 690px; border-bottom: 0;"> <p class="content"><?php
public static function isUsingExternalAuthenticationBackend() { if (TBGSettings::getAuthenticationBackend() !== null && TBGSettings::getAuthenticationBackend() !== 'tbg') { return true; } else { return false; } }
<td> <select name="auth_backend" id="auth_backend"> <option value="tbg"<?php if (TBGSettings::getAuthenticationBackend() == 'tbg' || TBGSettings::getAuthenticationBackend() == null) { ?> selected="selected"<?php } ?> ><?php echo __('The Bug Genie authentication (use internal user mechanisms)'); ?> </option> <?php foreach ($modules as $module) { $selected = null; if (TBGSettings::getAuthenticationBackend() == $module->getTabKey()) { $selected = ' selected="selected"'; } echo '<option value="' . $module->getTabKey() . '"' . $selected . '>' . $module->getLongName() . '</option>'; } ?> </select> </td> </tr> <tr> <td class="config_explanation" colspan="2"><?php echo __('All modules which provide authentication are shown here. Please ensure your chosen backend is configured first, and please read the warnings included with your chosen backend to ensure that you do not lose administrator access.'); ?> </td> </tr> <tr>
/** * Returns the logged in user, or default user if not logged in * * @param TBGRequest $request * @param TBGAction $action * * @return TBGUser */ public static function loginCheck(TBGRequest $request, TBGAction $action) { try { $authentication_method = $action->getAuthenticationMethodForAction(TBGContext::getRouting()->getCurrentRouteAction()); $user = null; $external = false; switch ($authentication_method) { case TBGAction::AUTHENTICATION_METHOD_ELEVATED: case TBGAction::AUTHENTICATION_METHOD_CORE: $username = $request['tbg3_username']; $password = $request['tbg3_password']; if ($authentication_method == TBGAction::AUTHENTICATION_METHOD_ELEVATED) { $elevated_password = $request['tbg3_elevated_password']; } $raw = true; // If no username and password specified, check if we have a session that exists already if ($username === null && $password === null) { if (TBGContext::getRequest()->hasCookie('tbg3_username') && TBGContext::getRequest()->hasCookie('tbg3_password')) { $username = TBGContext::getRequest()->getCookie('tbg3_username'); $password = TBGContext::getRequest()->getCookie('tbg3_password'); $user = TBGUsersTable::getTable()->getByUsername($username); if ($authentication_method == TBGAction::AUTHENTICATION_METHOD_ELEVATED) { $elevated_password = TBGContext::getRequest()->getCookie('tbg3_elevated_password'); if ($user instanceof TBGUser && !$user->hasPasswordHash($password)) { $user = null; } else { if ($user instanceof TBGUser && !$user->hasPasswordHash($elevated_password)) { TBGContext::setUser($user); TBGContext::getRouting()->setCurrentRouteName('elevated_login_page'); throw new TBGElevatedLoginException('reenter'); } } } else { if ($user instanceof TBGUser && !$user->hasPasswordHash($password)) { $user = null; } } $raw = false; if (!$user instanceof TBGUser) { TBGContext::logout(); throw new Exception('No such login'); } } } // If we have authentication details, validate them if (TBGSettings::isUsingExternalAuthenticationBackend() && $username !== null && $password !== null) { $external = true; TBGLogging::log('Authenticating with backend: ' . TBGSettings::getAuthenticationBackend(), 'auth', TBGLogging::LEVEL_INFO); try { $mod = TBGContext::getModule(TBGSettings::getAuthenticationBackend()); if ($mod->getType() !== TBGModule::MODULE_AUTH) { TBGLogging::log('Auth module is not the right type', 'auth', TBGLogging::LEVEL_FATAL); } if (TBGContext::getRequest()->hasCookie('tbg3_username') && TBGContext::getRequest()->hasCookie('tbg3_password')) { $user = $mod->verifyLogin($username, $password); } else { $user = $mod->doLogin($username, $password); } if (!$user instanceof TBGUser) { // Invalid TBGContext::logout(); throw new Exception('No such login'); //TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login')); } } catch (Exception $e) { throw $e; } } elseif (TBGSettings::isUsingExternalAuthenticationBackend()) { $external = true; TBGLogging::log('Authenticating without credentials with backend: ' . TBGSettings::getAuthenticationBackend(), 'auth', TBGLogging::LEVEL_INFO); try { $mod = TBGContext::getModule(TBGSettings::getAuthenticationBackend()); if ($mod->getType() !== TBGModule::MODULE_AUTH) { TBGLogging::log('Auth module is not the right type', 'auth', TBGLogging::LEVEL_FATAL); } $user = $mod->doAutoLogin(); if ($user == false) { // Invalid TBGContext::logout(); throw new Exception('No such login'); //TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login')); } } catch (Exception $e) { throw $e; } } elseif ($username !== null && $password !== null && !$user instanceof TBGUser) { $external = false; TBGLogging::log('Using internal authentication', 'auth', TBGLogging::LEVEL_INFO); $user = TBGUsersTable::getTable()->getByUsername($username); if (!$user->hasPassword($password)) { $user = null; } if (!$user instanceof TBGUser) { TBGContext::logout(); } } break; case TBGAction::AUTHENTICATION_METHOD_DUMMY: $user = TBGUsersTable::getTable()->getByUserID(TBGSettings::getDefaultUserID()); break; case TBGAction::AUTHENTICATION_METHOD_CLI: $user = TBGUsersTable::getTable()->getByUsername(TBGContext::getCurrentCLIusername()); break; case TBGAction::AUTHENTICATION_METHOD_RSS_KEY: $user = TBGUsersTable::getTable()->getByRssKey($request['rsskey']); break; case TBGAction::AUTHENTICATION_METHOD_APPLICATION_PASSWORD: $user = TBGUsersTable::getTable()->getByUsername($request['api_username']); if (!$user->authenticateApplicationPassword($request['api_token'])) { $user = null; } break; default: if (!TBGSettings::isLoginRequired()) { $user = TBGUsersTable::getTable()->getByUserID(TBGSettings::getDefaultUserID()); } } if ($user instanceof TBGUser) { if (!$user->isActivated()) { throw new Exception('This account has not been activated yet'); } elseif (!$user->isEnabled()) { throw new Exception('This account has been suspended'); } elseif (!$user->isConfirmedMemberOfScope(TBGContext::getScope())) { if (!TBGSettings::isRegistrationAllowed()) { throw new Exception('This account does not have access to this scope'); } } if ($external == false && $authentication_method == TBGAction::AUTHENTICATION_METHOD_CORE) { $password = $user->getHashPassword(); if (!$request->hasCookie('tbg3_username')) { if ($request->getParameter('tbg3_rememberme')) { TBGContext::getResponse()->setCookie('tbg3_username', $user->getUsername()); TBGContext::getResponse()->setCookie('tbg3_password', $user->getPassword()); } else { TBGContext::getResponse()->setSessionCookie('tbg3_username', $user->getUsername()); TBGContext::getResponse()->setSessionCookie('tbg3_password', $user->getPassword()); } } } } elseif (TBGSettings::isLoginRequired()) { throw new Exception('Login required'); } else { throw new Exception('No such login'); } } catch (Exception $e) { throw $e; } return $user; }
/** * Returns the logged in user, or default user if not logged in * * @param string $uname * @param string $upwd * * @return TBGUser */ public static function loginCheck($username = null, $password = null) { try { $row = null; // If no username and password specified, check if we have a session that exists already if ($username === null && $password === null) { if (TBGContext::getRequest()->hasCookie('tbg3_username') && TBGContext::getRequest()->hasCookie('tbg3_password')) { $username = TBGContext::getRequest()->getCookie('tbg3_username'); $password = TBGContext::getRequest()->getCookie('tbg3_password'); $row = TBGUsersTable::getTable()->getByUsernameAndPassword($username, $password); if (!$row) { TBGContext::getResponse()->deleteCookie('tbg3_username'); TBGContext::getResponse()->deleteCookie('tbg3_password'); throw new Exception('No such login'); //TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login')); } } } // If we have authentication details, validate them if (TBGSettings::getAuthenticationBackend() !== null && TBGSettings::getAuthenticationBackend() !== 'tbg' && $username !== null && $password !== null) { TBGLogging::log('Authenticating with backend: ' . TBGSettings::getAuthenticationBackend(), 'auth', TBGLogging::LEVEL_INFO); try { $mod = TBGContext::getModule(TBGSettings::getAuthenticationBackend()); if ($mod->getType() !== TBGModule::MODULE_AUTH) { TBGLogging::log('Auth module is not the right type', 'auth', TBGLogging::LEVEL_FATAL); throw new Exception('Invalid module type'); } if (TBGContext::getRequest()->hasCookie('tbg3_username') && TBGContext::getRequest()->hasCookie('tbg3_password')) { $row = $mod->verifyLogin($username, $password); } else { $row = $mod->doLogin($username, $password); } if (!$row) { // Invalid TBGContext::getResponse()->deleteCookie('tbg3_username'); TBGContext::getResponse()->deleteCookie('tbg3_password'); throw new Exception('No such login'); //TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login')); } } catch (Exception $e) { throw $e; } } elseif ($username !== null && $password !== null) { TBGLogging::log('Using internal authentication', 'auth', TBGLogging::LEVEL_INFO); // First test a pre-encrypted password $row = TBGUsersTable::getTable()->getByUsernameAndPassword($username, $password); if (!$row) { // Then test an unencrypted password $row = TBGUsersTable::getTable()->getByUsernameAndPassword($username, self::hashPassword($password)); if (!$row) { // This is a legacy account from a 2.1 upgrade - try md5 $row = TBGUsersTable::getTable()->getByUsernameAndPassword($username, md5($password)); if (!$row) { // Invalid TBGContext::getResponse()->deleteCookie('tbg3_username'); TBGContext::getResponse()->deleteCookie('tbg3_password'); throw new Exception('No such login'); //TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login')); } else { // convert md5 to new password type $user = new TBGUser($row->get(TBGUsersTable::ID), $row); $user->changePassword($password); $user->save(); unset($user); } } } } elseif (TBGContext::isCLI()) { $row = TBGUsersTable::getTable()->getByUsername(TBGContext::getCurrentCLIusername()); } elseif (!TBGSettings::isLoginRequired()) { $row = TBGUsersTable::getTable()->getByUserID(TBGSettings::getDefaultUserID()); } if ($row) { if (!$row->get(TBGScopesTable::ENABLED)) { throw new Exception('This account belongs to a scope that is not active'); } elseif (!$row->get(TBGUsersTable::ACTIVATED)) { throw new Exception('This account has not been activated yet'); } elseif (!$row->get(TBGUsersTable::ENABLED)) { throw new Exception('This account has been suspended'); } $user = TBGContext::factory()->TBGUser($row->get(TBGUsersTable::ID), $row); } elseif (TBGSettings::isLoginRequired()) { throw new Exception('Login required'); } else { throw new Exception('No such login'); } } catch (Exception $e) { throw $e; } return $user; }
/** * Log out the current user (does not work when auth method is set to http) */ public static function logout() { if (TBGSettings::isUsingExternalAuthenticationBackend()) { $mod = TBGContext::getModule(TBGSettings::getAuthenticationBackend()); $mod->logout(); } TBGEvent::createNew('core', 'pre_logout')->trigger(); self::getResponse()->deleteCookie('tbg3_username'); self::getResponse()->deleteCookie('tbg3_password'); self::getResponse()->deleteCookie('tbg3_elevated_password'); self::getResponse()->deleteCookie('tbg3_persona_session'); self::getResponse()->deleteCookie('THEBUGGENIE'); session_regenerate_id(true); TBGEvent::createNew('core', 'post_logout')->trigger(); }