/** * Only allow access for users with API keys * These keys are generated in the Manage Users menu * @param string $controller * @param string $action * @param \Jazzee\Entity\User $user * @param \Jazzee\Entity\Program $program * @return bool */ public static function isAllowed($controller, $action, \Jazzee\Entity\User $user = null, \Jazzee\Entity\Program $program = null, \Jazzee\Entity\Application $application = null) { if (in_array($action, array('index', 'updateKey')) and $user and $user->getApiKey()) { return true; } return parent::isAllowed($controller, $action, $user, $program, $application); }
public function loginUser() { $this->_user = $this->_controller->getEntityManager()->getRepository('\\Jazzee\\Entity\\User')->findOneBy(array('uniqueName' => 'previewuser', 'isActive' => true)); $this->_controller->getStore()->expire(); $this->_controller->getStore()->touchAuthentication(); $this->_controller->getStore()->set(self::SESSION_VAR_ID, $this->_user->getId()); }
public function loginUser() { $form = $this->getLoginForm(); if ($form->processInput($_POST)) { if ($this->isAllowedIp($_SERVER['REMOTE_ADDR'])) { $this->_user = $this->_controller->getEntityManager()->getRepository('\\Jazzee\\Entity\\User')->findOneBy(array('id' => $_POST['userid'], 'isActive' => true)); $this->_controller->getStore()->expire(); $this->_controller->getStore()->touchAuthentication(); $this->_controller->getStore()->set(self::SESSION_VAR_ID, $this->_user->getId()); } else { throw new \Jazzee\Exception("{$_SERVER['REMOTE_ADDR']} is not a valid ip address for NoAuthentication. Add it to the noAuthIpAddresses configuration to continue."); } } }
/** * Constructor * * Require authentication and setup the user if a valid session is detected * * @param \Jazzee\Interfaces\AdminController */ public function __construct(\Jazzee\Interfaces\AdminController $controller) { $config = $controller->getConfig(); require_once $config->getSimpleSAMLIncludePath(); $this->_as = new \SimpleSAML_Auth_Simple($config->getSimpleSAMLAuthenticationSource()); $this->_as->requireAuth(); $attrs = $this->_as->getAttributes(); if (!isset($attrs[$config->getSimpleSAMLUsernameAttribute()][0])) { throw new Exception($config->getSimpleSAMLUsernameAttribute() . ' attribute is missing from authentication source.'); } $this->_user = $controller->getEntityManager()->getRepository('\\Jazzee\\Entity\\User')->findOneBy(array('uniqueName' => $attrs[$config->getSimpleSAMLUsernameAttribute()][0], 'isActive' => true)); if ($this->_user) { $this->_user->setFirstName($attrs[$config->getSimpleSAMLFirstNameAttribute()][0]); $this->_user->setLastName($attrs[$config->getSimpleSAMLLastNameAttribute()][0]); $this->_user->setEmail($attrs[$config->getSimpleSAMLEmailAddressAttribute()][0]); $controller->getEntityManager()->persist($this->_user); } }
public function loginUser() { $form = $this->getLoginForm(); if ($input = $form->processInput($_POST)) { $allowedIps = explode(',', $this->_controller->getConfig()->getApiFormAuthenticationIpAddresses()); if (in_array($_SERVER['REMOTE_ADDR'], $allowedIps)) { if ($this->_user = $this->_controller->getEntityManager()->getRepository('\\Jazzee\\Entity\\User')->findOneBy(array('apiKey' => $input->get('apiKey'), 'isActive' => true))) { $this->_controller->getStore()->expire(); $this->_controller->getStore()->touchAuthentication(); $this->_controller->getStore()->set(self::SESSION_VAR_ID, $this->_user->getId()); } else { $form->getElementByName('apiKey')->addMessage('That is not a valid ID'); return false; } } else { throw new \Jazzee\Exception("{$_SERVER['REMOTE_ADDR']} is not a valid ip address for ApiFormAuthentication: {$allowedIps}. Add it to the apiFormAuthenticationIpAddresses configuration to continue."); } } }
/** * @SuppressWarnings(PHPMD.ExitExpression) * @throws \Jazzee\Exception */ public function loginUser() { $config = $this->_controller->getConfig(); if (!isset($_SERVER['Shib-Application-ID'])) { header('Location: ' . $config->getShibbolethLoginUrl()); exit(0); } if (!isset($_SERVER[$config->getShibbolethUsernameAttribute()])) { throw new \Jazzee\Exception($config->getShibbolethUsernameAttribute() . ' attribute is missing from authentication source.'); } $uniqueName = $_SERVER[$config->getShibbolethUsernameAttribute()]; $firstName = isset($_SERVER[$config->getShibbolethFirstNameAttribute()]) ? $_SERVER[$config->getShibbolethFirstNameAttribute()] : null; $lastName = isset($_SERVER[$config->getShibbolethLastNameAttribute()]) ? $_SERVER[$config->getShibbolethLastNameAttribute()] : null; $mail = isset($_SERVER[$config->getShibbolethEmailAddressAttribute()]) ? $_SERVER[$config->getShibbolethEmailAddressAttribute()] : null; $this->_controller->getStore()->expire(); $this->_controller->getStore()->touchAuthentication(); $this->_user = $this->_controller->getEntityManager()->getRepository('\\Jazzee\\Entity\\User')->findOneBy(array('uniqueName' => $uniqueName, 'isActive' => true)); if (!$this->_user) { //creat a new user $this->_user = new \Jazzee\Entity\User(); $this->_user->setUniqueName($uniqueName); //persist and flush a new user early so we get the ID for the authenticaiton logs $this->_controller->getEntityManager()->persist($this->_user); $this->_controller->getEntityManager()->flush(); } $this->_controller->getStore()->set(self::SESSION_VAR_ID, $this->_user->getId()); $this->_controller->getEntityManager()->persist($this->_user); $this->_user->setFirstName($firstName); $this->_user->setLastName($lastName); $this->_user->setEmail($mail); }
protected function getDisplay(array $arr) { $intersection = new \Jazzee\Display\Intersection(); $intersection->addDisplay($this->_user->getMaximumDisplayForApplication($this->_application)); switch ($arr['type']) { case 'user': $display = $this->_em->getRepository('Jazzee\\Entity\\Display')->findOneBy(array('id' => $arr['id'], 'user' => $this->_user)); $intersection->addDisplay($display); return $intersection; break; case 'system': $display = new $arr['class']($this->_application); $intersection->addDisplay($display); return $intersection; break; default: throw new Exception('Unkown display type ' . $arr['type']); } }
/** * Only allow change program if the user is in at least one program * At this top level always return false so nothing is allowed by default * @param string $controller * @param string $action * @param \Jazzee\Entity\User $user * @param \Jazzee\Entity\Program $program * @return bool */ public static function isAllowed($controller, $action, \Jazzee\Entity\User $user = null, \Jazzee\Entity\Program $program = null, \Jazzee\Entity\Application $application = null) { //Several actions are allowed as long as the user is in at least one program $specialActions = array('index', 'getAllowedPrograms', 'changeTo'); if ($user and in_array($action, $specialActions)) { $userPrograms = $user->getPrograms(); return parent::isAllowed($controller, 'anyprogram', $user) or !empty($userPrograms); } return parent::isAllowed($controller, $action, $user, $program, $application); }