/** * Returns the logged in user, or default user if not logged in * * @param \thebuggenie\core\framework\Request $request * @param \thebuggenie\core\framework\Action $action * * @return \thebuggenie\core\entities\User */ public static function loginCheck(framework\Request $request, framework\Action $action) { try { $authentication_method = $action->getAuthenticationMethodForAction(framework\Context::getRouting()->getCurrentRouteAction()); $user = null; $external = false; switch ($authentication_method) { case framework\Action::AUTHENTICATION_METHOD_ELEVATED: case framework\Action::AUTHENTICATION_METHOD_CORE: $username = $request['tbg3_username']; $password = $request['tbg3_password']; if ($authentication_method == framework\Action::AUTHENTICATION_METHOD_ELEVATED) { $elevated_password = $request['tbg3_elevated_password']; } $raw = true; // If no username and password specified, check if we have a session that exists already if ($username === null && $password === null) { if (framework\Context::getRequest()->hasCookie('tbg3_username') && framework\Context::getRequest()->hasCookie('tbg3_password')) { $username = framework\Context::getRequest()->getCookie('tbg3_username'); $password = framework\Context::getRequest()->getCookie('tbg3_password'); $user = self::getB2DBTable()->getByUsername($username); if ($authentication_method == framework\Action::AUTHENTICATION_METHOD_ELEVATED) { $elevated_password = framework\Context::getRequest()->getCookie('tbg3_elevated_password'); if ($user instanceof User && !$user->hasPasswordHash($password)) { $user = null; } else { if ($user instanceof User && !$user->hasPasswordHash($elevated_password)) { framework\Context::setUser($user); framework\Context::getRouting()->setCurrentRouteName('elevated_login_page'); throw new framework\exceptions\ElevatedLoginException('reenter'); } } } else { if ($user instanceof User && !$user->hasPasswordHash($password)) { $user = null; } } if (!$user instanceof User) { framework\Context::logout(); throw new \Exception('No such login'); } } } // If we have authentication details, validate them if (framework\Settings::isUsingExternalAuthenticationBackend() && $username !== null && $password !== null) { $external = true; framework\Logging::log('Authenticating with backend: ' . framework\Settings::getAuthenticationBackend(), 'auth', framework\Logging::LEVEL_INFO); try { $mod = framework\Context::getModule(framework\Settings::getAuthenticationBackend()); if ($mod->getType() !== Module::MODULE_AUTH) { framework\Logging::log('Auth module is not the right type', 'auth', framework\Logging::LEVEL_FATAL); } if (framework\Context::getRequest()->hasCookie('tbg3_username') && framework\Context::getRequest()->hasCookie('tbg3_password')) { $user = $mod->verifyLogin($username, $password); } else { $user = $mod->doLogin($username, $password); } if (!$user instanceof User) { // Invalid framework\Context::logout(); throw new \Exception('No such login'); //framework\Context::getResponse()->headerRedirect(framework\Context::getRouting()->generate('login')); } } catch (\Exception $e) { throw $e; } } elseif (framework\Settings::isUsingExternalAuthenticationBackend()) { $external = true; framework\Logging::log('Authenticating without credentials with backend: ' . framework\Settings::getAuthenticationBackend(), 'auth', framework\Logging::LEVEL_INFO); try { $mod = framework\Context::getModule(framework\Settings::getAuthenticationBackend()); if ($mod->getType() !== Module::MODULE_AUTH) { framework\Logging::log('Auth module is not the right type', 'auth', framework\Logging::LEVEL_FATAL); } $user = $mod->doAutoLogin(); if ($user == false) { // Invalid framework\Context::logout(); throw new \Exception('No such login'); //framework\Context::getResponse()->headerRedirect(framework\Context::getRouting()->generate('login')); } else { if ($user == true) { $user = null; } } } catch (\Exception $e) { throw $e; } } elseif ($username !== null && $password !== null && !$user instanceof User) { $external = false; framework\Logging::log('Using internal authentication', 'auth', framework\Logging::LEVEL_INFO); $user = self::getB2DBTable()->getByUsername($username); if ($user instanceof User && !$user->hasPassword($password)) { $user = null; } if (!$user instanceof User) { framework\Context::logout(); } } break; case framework\Action::AUTHENTICATION_METHOD_DUMMY: $user = self::getB2DBTable()->getByUserID(framework\Settings::getDefaultUserID()); break; case framework\Action::AUTHENTICATION_METHOD_CLI: $user = self::getB2DBTable()->getByUsername(framework\Context::getCurrentCLIusername()); break; case framework\Action::AUTHENTICATION_METHOD_RSS_KEY: $user = self::getB2DBTable()->getByRssKey($request['rsskey']); break; case framework\Action::AUTHENTICATION_METHOD_APPLICATION_PASSWORD: $user = self::getB2DBTable()->getByUsername($request['api_username']); if (!$user->authenticateApplicationPassword($request['api_token'])) { $user = null; } break; } if ($user === null && !framework\Settings::isLoginRequired()) { $user = self::getB2DBTable()->getByUserID(framework\Settings::getDefaultUserID()); } if ($user instanceof User) { if (!$user->isActivated()) { throw new \Exception('This account has not been activated yet'); } elseif (!$user->isEnabled()) { throw new \Exception('This account has been suspended'); } elseif (!$user->isConfirmedMemberOfScope(framework\Context::getScope())) { if (!framework\Settings::isRegistrationAllowed()) { throw new \Exception('This account does not have access to this scope'); } } if ($external == false && $authentication_method == framework\Action::AUTHENTICATION_METHOD_CORE) { $password = $user->getHashPassword(); if (!$request->hasCookie('tbg3_username') && !$user->isGuest()) { if ($request->getParameter('tbg3_rememberme')) { framework\Context::getResponse()->setCookie('tbg3_username', $user->getUsername()); framework\Context::getResponse()->setCookie('tbg3_password', $user->getPassword()); } else { framework\Context::getResponse()->setSessionCookie('tbg3_username', $user->getUsername()); framework\Context::getResponse()->setSessionCookie('tbg3_password', $user->getPassword()); } } } } elseif (framework\Settings::isLoginRequired()) { throw new \Exception('Login required'); } else { throw new \Exception('No such login'); } } catch (\Exception $e) { throw $e; } return $user; }
public static function processCommit(\thebuggenie\core\entities\Project $project, $commit_msg, $old_rev, $new_rev, $date = null, $changed, $author, $branch = null, \Closure $callback = null) { $output = ''; framework\Context::setCurrentProject($project); if ($project->isArchived()) { return; } if (Commits::getTable()->isProjectCommitProcessed($new_rev, $project->getID())) { return; } try { framework\Context::getI18n(); } catch (\Exception $e) { framework\Context::reinitializeI18n(null); } // Is VCS Integration enabled? if (framework\Settings::get('vcs_mode_' . $project->getID(), 'vcs_integration') == self::MODE_DISABLED) { $output .= '[VCS ' . $project->getKey() . '] This project does not use VCS Integration' . "\n"; return $output; } // Parse the commit message, and obtain the issues and transitions for issues. $parsed_commit = \thebuggenie\core\entities\Issue::getIssuesFromTextByRegex($commit_msg); $issues = $parsed_commit["issues"]; $transitions = $parsed_commit["transitions"]; // Build list of affected files $file_lines = preg_split('/[\\n\\r]+/', $changed); $files = array(); foreach ($file_lines as $aline) { $action = mb_substr($aline, 0, 1); if ($action == "A" || $action == "U" || $action == "D" || $action == "M") { $theline = trim(mb_substr($aline, 1)); $files[] = array($action, $theline); } } // Find author of commit, fallback is guest /* * Some VCSes use a different format of storing the committer's name. Systems like bzr, git and hg use the format * Joe Bloggs <*****@*****.**>, instead of a classic username. Therefore a user will be found via 4 queries: * a) First we extract the email if there is one, and find a user with that email * b) If one is not found - or if no email was specified, then instead test against the real name (using the name part if there was an email) * c) the username or full name is checked against the friendly name field * d) and if we still havent found one, then we check against the username * e) and if we STILL havent found one, we use the guest user */ // a) $user = \thebuggenie\core\entities\tables\Users::getTable()->getByEmail($author); if (!$user instanceof \thebuggenie\core\entities\User && preg_match("/(?<=<)(.*)(?=>)/", $author, $matches)) { $email = $matches[0]; // a2) $user = \thebuggenie\core\entities\tables\Users::getTable()->getByEmail($email); if (!$user instanceof \thebuggenie\core\entities\User) { // Not found by email preg_match("/(?<=^)(.*)(?= <)/", $author, $matches); $author = $matches[0]; } } // b) if (!$user instanceof \thebuggenie\core\entities\User) { $user = \thebuggenie\core\entities\tables\Users::getTable()->getByRealname($author); } // c) if (!$user instanceof \thebuggenie\core\entities\User) { $user = \thebuggenie\core\entities\tables\Users::getTable()->getByBuddyname($author); } // d) if (!$user instanceof \thebuggenie\core\entities\User) { $user = \thebuggenie\core\entities\tables\Users::getTable()->getByUsername($author); } // e) if (!$user instanceof \thebuggenie\core\entities\User) { $user = framework\Settings::getDefaultUser(); } framework\Context::setUser($user); framework\Settings::forceSettingsReload(); framework\Context::cacheAllPermissions(); $output .= '[VCS ' . $project->getKey() . '] Commit to be logged by user ' . $user->getName() . "\n"; if ($date == null) { $date = NOW; } // Create the commit data $commit = new Commit(); $commit->setAuthor($user); $commit->setDate($date); $commit->setLog($commit_msg); $commit->setPreviousRevision($old_rev); $commit->setRevision($new_rev); $commit->setProject($project); if ($branch !== null) { $data = 'branch:' . $branch; $commit->setMiscData($data); } if ($callback !== null) { $commit = $callback($commit); } $commit->save(); $output .= '[VCS ' . $project->getKey() . '] Commit logged with revision ' . $commit->getRevision() . "\n"; // Iterate over affected issues and update them. foreach ($issues as $issue) { $inst = new IssueLink(); $inst->setIssue($issue); $inst->setCommit($commit); $inst->save(); // Process all commit-message transitions for an issue. foreach ($transitions[$issue->getFormattedIssueNo()] as $transition) { if (framework\Settings::get('vcs_workflow_' . $project->getID(), 'vcs_integration') == self::WORKFLOW_ENABLED) { framework\Context::setUser($user); framework\Settings::forceSettingsReload(); framework\Context::cacheAllPermissions(); if ($issue->isWorkflowTransitionsAvailable()) { // Go through the list of possible transitions for an issue. Only // process transitions that are applicable to issue's workflow. foreach ($issue->getAvailableWorkflowTransitions() as $possible_transition) { if (mb_strtolower($possible_transition->getName()) == mb_strtolower($transition[0])) { $output .= '[VCS ' . $project->getKey() . '] Running transition ' . $transition[0] . ' on issue ' . $issue->getFormattedIssueNo() . "\n"; // String representation of parameters. Used for log message. $parameters_string = ""; // Iterate over the list of this transition's parameters, and // set them. foreach ($transition[1] as $parameter => $value) { $parameters_string .= "{$parameter}={$value} "; switch ($parameter) { case 'resolution': if (($resolution = \thebuggenie\core\entities\Resolution::getByKeyish($value)) instanceof \thebuggenie\core\entities\Resolution) { framework\Context::getRequest()->setParameter('resolution_id', $resolution->getID()); } break; case 'status': if (($status = \thebuggenie\core\entities\Status::getByKeyish($value)) instanceof \thebuggenie\core\entities\Status) { framework\Context::getRequest()->setParameter('status_id', $status->getID()); } break; } } // Run the transition. $possible_transition->transitionIssueToOutgoingStepWithoutRequest($issue); // Log an informative message about the transition. $output .= '[VCS ' . $project->getKey() . '] Ran transition ' . $possible_transition->getName() . ' with parameters \'' . $parameters_string . '\' on issue ' . $issue->getFormattedIssueNo() . "\n"; } } } } } $issue->addSystemComment(framework\Context::getI18n()->__('This issue has been updated with the latest changes from the code repository.<source>%commit_msg</source>', array('%commit_msg' => $commit_msg)), $user->getID()); $output .= '[VCS ' . $project->getKey() . '] Updated issue ' . $issue->getFormattedIssueNo() . "\n"; } // Create file links foreach ($files as $afile) { // index 0 is action, index 1 is file $inst = new File(); $inst->setAction($afile[0]); $inst->setFile($afile[1]); $inst->setCommit($commit); $inst->save(); $output .= '[VCS ' . $project->getKey() . '] Added with action ' . $afile[0] . ' file ' . $afile[1] . "\n"; } framework\Event::createNew('vcs_integration', 'new_commit')->trigger(array('commit' => $commit)); return $output; }
/** * Do login (AJAX call) * * @Route(name="login", url="/do/login") * @AnonymousRoute * * @param \thebuggenie\core\framework\Request $request */ public function runDoLogin(framework\Request $request) { $i18n = framework\Context::getI18n(); $options = $request->getParameters(); $forward_url = framework\Context::getRouting()->generate('home'); if ($request->hasParameter('persona') && $request['persona'] == 'true') { $url = 'https://verifier.login.persona.org/verify'; $assert = filter_input(INPUT_POST, 'assertion', FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH); //Use the $_POST superglobal array for PHP < 5.2 and write your own filter $params = 'assertion=' . urlencode($assert) . '&audience=' . urlencode(framework\Context::getURLhost() . ':80'); $ch = curl_init(); $options = array(CURLOPT_URL => $url, CURLOPT_RETURNTRANSFER => TRUE, CURLOPT_POST => 2, CURLOPT_POSTFIELDS => $params); curl_setopt_array($ch, $options); $result = curl_exec($ch); curl_close($ch); $details = json_decode($result); $user = null; if ($details->status == 'okay') { $user = entities\User::getByEmail($details->email); if ($user instanceof entities\User) { framework\Context::getResponse()->setCookie('tbg3_password', $user->getPassword()); framework\Context::getResponse()->setCookie('tbg3_username', $user->getUsername()); framework\Context::getResponse()->setCookie('tbg3_persona_session', true); $user->setOnline(); $user->save(); return $this->renderJSON(array('status' => 'login ok', 'redirect' => in_array($request['referer_route'], array('home', 'login')))); } } if (!$user instanceof entities\User) { $this->getResponse()->setHttpStatus(401); $this->renderJSON(array('message' => $this->getI18n()->__('Invalid login'))); } return; } if (framework\Settings::isOpenIDavailable()) { $openid = new \LightOpenID(framework\Context::getRouting()->generate('login_page', array(), false)); } if (framework\Settings::isOpenIDavailable() && !$openid->mode && $request->isPost() && $request->hasParameter('openid_identifier')) { $openid->identity = $request->getRawParameter('openid_identifier'); $openid->required = array('contact/email'); $openid->optional = array('namePerson/first', 'namePerson/friendly'); return $this->forward($openid->authUrl()); } elseif (framework\Settings::isOpenIDavailable() && $openid->mode == 'cancel') { $this->error = framework\Context::getI18n()->__("OpenID authentication cancelled"); } elseif (framework\Settings::isOpenIDavailable() && $openid->mode) { try { if ($openid->validate()) { if ($this->getUser()->isAuthenticated() && !$this->getUser()->isGuest()) { if (tables\OpenIdAccounts::getTable()->getUserIDfromIdentity($openid->identity)) { framework\Context::setMessage('openid_used', true); throw new \Exception('OpenID already in use'); } $user = $this->getUser(); } else { $user = entities\User::getByOpenID($openid->identity); } if ($user instanceof entities\User) { $attributes = $openid->getAttributes(); $email = array_key_exists('contact/email', $attributes) ? $attributes['contact/email'] : null; if (!$user->getEmail()) { if (array_key_exists('contact/email', $attributes)) { $user->setEmail($attributes['contact/email']); } if (array_key_exists('namePerson/first', $attributes)) { $user->setRealname($attributes['namePerson/first']); } if (array_key_exists('namePerson/friendly', $attributes)) { $user->setBuddyname($attributes['namePerson/friendly']); } if (!$user->getNickname() || $user->isOpenIdLocked()) { $user->setBuddyname($user->getEmail()); } if (!$user->getRealname()) { $user->setRealname($user->getBuddyname()); } $user->save(); } if (!$user->hasOpenIDIdentity($openid->identity)) { tables\OpenIdAccounts::getTable()->addIdentity($openid->identity, $user->getID()); } framework\Context::getResponse()->setCookie('tbg3_password', $user->getPassword()); framework\Context::getResponse()->setCookie('tbg3_username', $user->getUsername()); $user->setOnline(); $user->save(); if ($this->checkScopeMembership($user)) { return true; } return $this->forward(framework\Context::getRouting()->generate(framework\Settings::get('returnfromlogin'))); } else { $this->error = framework\Context::getI18n()->__("Didn't recognize this OpenID. Please log in using your username and password, associate it with your user account in your account settings and try again."); } } else { $this->error = framework\Context::getI18n()->__("Could not validate against the OpenID provider"); } } catch (\Exception $e) { $this->error = framework\Context::getI18n()->__("Could not validate against the OpenID provider: %message", array('%message' => htmlentities($e->getMessage(), ENT_COMPAT, framework\Context::getI18n()->getCharset()))); } } elseif ($request->getMethod() == framework\Request::POST) { try { if ($request->hasParameter('tbg3_username') && $request->hasParameter('tbg3_password') && $request['tbg3_username'] != '' && $request['tbg3_password'] != '') { $user = entities\User::loginCheck($request, $this); $user->setOnline(); $user->save(); framework\Context::setUser($user); if ($this->checkScopeMembership($user)) { return true; } if ($request->hasParameter('return_to')) { $forward_url = $request['return_to']; } else { if (framework\Settings::get('returnfromlogin') == 'referer') { $forward_url = $request->getParameter('tbg3_referer', framework\Context::getRouting()->generate('dashboard')); } else { $forward_url = framework\Context::getRouting()->generate(framework\Settings::get('returnfromlogin')); } } $forward_url = htmlentities($forward_url, ENT_COMPAT, framework\Context::getI18n()->getCharset()); } else { throw new \Exception('Please enter a username and password'); } } catch (\Exception $e) { if ($request->isAjaxCall()) { $this->getResponse()->setHttpStatus(401); framework\Logging::log($e->getMessage(), 'openid', framework\Logging::LEVEL_WARNING_RISK); return $this->renderJSON(array("error" => $i18n->__("Invalid login details"))); } else { $this->forward403($e->getMessage()); } } } else { if ($request->isAjaxCall()) { $this->getResponse()->setHttpStatus(401); return $this->renderJSON(array("error" => $i18n->__('Please enter a username and password'))); } else { $this->forward403($i18n->__('Please enter a username and password')); } } if (!isset($user)) { $this->forward403($i18n->__("Invalid login details")); } if ($this->checkScopeMembership($user)) { return true; } $user->setOnline(); $user->save(); if ($request->isAjaxCall()) { return $this->renderJSON(array('forward' => $forward_url)); } else { $this->forward($this->getRouting()->generate('account')); } }