public static function isPersonaAvailable() { if (TBGSettings::isUsingExternalAuthenticationBackend()) { return false; // No openID when using external auth } return (bool) self::isPersonaEnabled(); }
/** * Returns the logged in user, or default user if not logged in * * @param TBGRequest $request * @param TBGAction $action * * @return TBGUser */ public static function loginCheck(TBGRequest $request, TBGAction $action) { try { $authentication_method = $action->getAuthenticationMethodForAction(TBGContext::getRouting()->getCurrentRouteAction()); $user = null; $external = false; switch ($authentication_method) { case TBGAction::AUTHENTICATION_METHOD_ELEVATED: case TBGAction::AUTHENTICATION_METHOD_CORE: $username = $request['tbg3_username']; $password = $request['tbg3_password']; if ($authentication_method == TBGAction::AUTHENTICATION_METHOD_ELEVATED) { $elevated_password = $request['tbg3_elevated_password']; } $raw = true; // If no username and password specified, check if we have a session that exists already if ($username === null && $password === null) { if (TBGContext::getRequest()->hasCookie('tbg3_username') && TBGContext::getRequest()->hasCookie('tbg3_password')) { $username = TBGContext::getRequest()->getCookie('tbg3_username'); $password = TBGContext::getRequest()->getCookie('tbg3_password'); $user = TBGUsersTable::getTable()->getByUsername($username); if ($authentication_method == TBGAction::AUTHENTICATION_METHOD_ELEVATED) { $elevated_password = TBGContext::getRequest()->getCookie('tbg3_elevated_password'); if ($user instanceof TBGUser && !$user->hasPasswordHash($password)) { $user = null; } else { if ($user instanceof TBGUser && !$user->hasPasswordHash($elevated_password)) { TBGContext::setUser($user); TBGContext::getRouting()->setCurrentRouteName('elevated_login_page'); throw new TBGElevatedLoginException('reenter'); } } } else { if ($user instanceof TBGUser && !$user->hasPasswordHash($password)) { $user = null; } } $raw = false; if (!$user instanceof TBGUser) { TBGContext::logout(); throw new Exception('No such login'); } } } // If we have authentication details, validate them if (TBGSettings::isUsingExternalAuthenticationBackend() && $username !== null && $password !== null) { $external = true; TBGLogging::log('Authenticating with backend: ' . TBGSettings::getAuthenticationBackend(), 'auth', TBGLogging::LEVEL_INFO); try { $mod = TBGContext::getModule(TBGSettings::getAuthenticationBackend()); if ($mod->getType() !== TBGModule::MODULE_AUTH) { TBGLogging::log('Auth module is not the right type', 'auth', TBGLogging::LEVEL_FATAL); } if (TBGContext::getRequest()->hasCookie('tbg3_username') && TBGContext::getRequest()->hasCookie('tbg3_password')) { $user = $mod->verifyLogin($username, $password); } else { $user = $mod->doLogin($username, $password); } if (!$user instanceof TBGUser) { // Invalid TBGContext::logout(); throw new Exception('No such login'); //TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login')); } } catch (Exception $e) { throw $e; } } elseif (TBGSettings::isUsingExternalAuthenticationBackend()) { $external = true; TBGLogging::log('Authenticating without credentials with backend: ' . TBGSettings::getAuthenticationBackend(), 'auth', TBGLogging::LEVEL_INFO); try { $mod = TBGContext::getModule(TBGSettings::getAuthenticationBackend()); if ($mod->getType() !== TBGModule::MODULE_AUTH) { TBGLogging::log('Auth module is not the right type', 'auth', TBGLogging::LEVEL_FATAL); } $user = $mod->doAutoLogin(); if ($user == false) { // Invalid TBGContext::logout(); throw new Exception('No such login'); //TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login')); } } catch (Exception $e) { throw $e; } } elseif ($username !== null && $password !== null && !$user instanceof TBGUser) { $external = false; TBGLogging::log('Using internal authentication', 'auth', TBGLogging::LEVEL_INFO); $user = TBGUsersTable::getTable()->getByUsername($username); if (!$user->hasPassword($password)) { $user = null; } if (!$user instanceof TBGUser) { TBGContext::logout(); } } break; case TBGAction::AUTHENTICATION_METHOD_DUMMY: $user = TBGUsersTable::getTable()->getByUserID(TBGSettings::getDefaultUserID()); break; case TBGAction::AUTHENTICATION_METHOD_CLI: $user = TBGUsersTable::getTable()->getByUsername(TBGContext::getCurrentCLIusername()); break; case TBGAction::AUTHENTICATION_METHOD_RSS_KEY: $user = TBGUsersTable::getTable()->getByRssKey($request['rsskey']); break; case TBGAction::AUTHENTICATION_METHOD_APPLICATION_PASSWORD: $user = TBGUsersTable::getTable()->getByUsername($request['api_username']); if (!$user->authenticateApplicationPassword($request['api_token'])) { $user = null; } break; default: if (!TBGSettings::isLoginRequired()) { $user = TBGUsersTable::getTable()->getByUserID(TBGSettings::getDefaultUserID()); } } if ($user instanceof TBGUser) { if (!$user->isActivated()) { throw new Exception('This account has not been activated yet'); } elseif (!$user->isEnabled()) { throw new Exception('This account has been suspended'); } elseif (!$user->isConfirmedMemberOfScope(TBGContext::getScope())) { if (!TBGSettings::isRegistrationAllowed()) { throw new Exception('This account does not have access to this scope'); } } if ($external == false && $authentication_method == TBGAction::AUTHENTICATION_METHOD_CORE) { $password = $user->getHashPassword(); if (!$request->hasCookie('tbg3_username')) { if ($request->getParameter('tbg3_rememberme')) { TBGContext::getResponse()->setCookie('tbg3_username', $user->getUsername()); TBGContext::getResponse()->setCookie('tbg3_password', $user->getPassword()); } else { TBGContext::getResponse()->setSessionCookie('tbg3_username', $user->getUsername()); TBGContext::getResponse()->setSessionCookie('tbg3_password', $user->getPassword()); } } } } elseif (TBGSettings::isLoginRequired()) { throw new Exception('Login required'); } else { throw new Exception('No such login'); } } catch (Exception $e) { throw $e; } return $user; }
?> _random"><?php echo __("Generate random new password"); ?> </label> <?php } ?> </td> </tr> <tr id="edit_user_<?php echo $user->getID(); ?> _password_container" style="display: none;"> <?php if (TBGSettings::isUsingExternalAuthenticationBackend()) { ?> <td colspan="2"> </td> <?php } else { ?> <td style="vertical-align: top; padding-top: 4px; line-height: 20px;"> <label for="new_password_<?php echo $user->getID(); ?> _1"><?php echo __('New password'); ?> </label><br> <label for="new_password_<?php
/** * Log out the current user (does not work when auth method is set to http) */ public static function logout() { if (TBGSettings::isUsingExternalAuthenticationBackend()) { $mod = TBGContext::getModule(TBGSettings::getAuthenticationBackend()); $mod->logout(); } TBGEvent::createNew('core', 'pre_logout')->trigger(); self::getResponse()->deleteCookie('tbg3_username'); self::getResponse()->deleteCookie('tbg3_password'); self::getResponse()->deleteCookie('tbg3_elevated_password'); self::getResponse()->deleteCookie('tbg3_persona_session'); self::getResponse()->deleteCookie('THEBUGGENIE'); session_regenerate_id(true); TBGEvent::createNew('core', 'post_logout')->trigger(); }