public function newUserSession()
{
/* @var $identity LSUserIdentity */
$sUser = $this->getUserName();
$oUser = $this->api->getUserByName($sUser);
if (is_null($oUser)) {
if (function_exists("hook_get_auth_webserver_profile")) {
// If defined this function returns an array
// describing the default profile for this user
$aUserProfile = hook_get_auth_webserver_profile($sUser);
} elseif ($this->api->getConfigKey('auth_webserver_autocreate_user')) {
$aUserProfile = $this->api->getConfigKey('auth_webserver_autocreate_profile');
}
} else {
$this->setAuthSuccess($oUser);
return;
}
if ($this->api->getConfigKey('auth_webserver_autocreate_user') && isset($aUserProfile) && is_null($oUser)) {
// user doesn't exist but auto-create user is set
$oUser = new User();
$oUser->users_name = $sUser;
$oUser->password = hash('sha256', createPassword());
$oUser->full_name = $aUserProfile['full_name'];
$oUser->parent_id = 1;
$oUser->lang = $aUserProfile['lang'];
$oUser->email = $aUserProfile['email'];
if ($oUser->save()) {
$permission = new Permission();
$permission->setPermissions($oUser->uid, 0, 'global', $this->api->getConfigKey('auth_webserver_autocreate_permissions'), true);
// read again user from newly created entry
$this->setAuthSuccess($oUser);
return;
} else {
$this->setAuthFailure(self::ERROR_USERNAME_INVALID);
}
}
}
public function newUserSession()
{
// Do nothing if this user is not Authwebserver type
$identity = $this->getEvent()->get('identity');
if ($identity->plugin != 'Authwebserver') {
return;
}
/* @var $identity LSUserIdentity */
$sUser = $this->getUserName();
$oUser = $this->api->getUserByName($sUser);
if (is_null($oUser)) {
if (function_exists("hook_get_auth_webserver_profile")) {
// If defined this function returns an array
// describing the default profile for this user
$aUserProfile = hook_get_auth_webserver_profile($sUser);
} elseif ($this->api->getConfigKey('auth_webserver_autocreate_user')) {
$aUserProfile = $this->api->getConfigKey('auth_webserver_autocreate_profile');
}
} else {
if (Permission::model()->hasGlobalPermission('auth_webserver', 'read', $oUser->uid)) {
$this->setAuthSuccess($oUser);
return;
} else {
$this->setAuthFailure(self::ERROR_AUTH_METHOD_INVALID, gT('Web server authentication method is not allowed for this user'));
return;
}
}
if ($this->api->getConfigKey('auth_webserver_autocreate_user') && isset($aUserProfile) && is_null($oUser)) {
// user doesn't exist but auto-create user is set
$oUser = new User();
$oUser->users_name = $sUser;
$oUser->password = hash('sha256', createPassword());
$oUser->full_name = $aUserProfile['full_name'];
$oUser->parent_id = 1;
$oUser->lang = $aUserProfile['lang'];
$oUser->email = $aUserProfile['email'];
if ($oUser->save()) {
$permission = new Permission();
$permission->setPermissions($oUser->uid, 0, 'global', $this->api->getConfigKey('auth_webserver_autocreate_permissions'), true);
Permission::model()->setGlobalPermission($oUser->uid, 'auth_webserver');
// read again user from newly created entry
$this->setAuthSuccess($oUser);
return;
} else {
$this->setAuthFailure(self::ERROR_USERNAME_INVALID);
}
}
}
/**
* Checks whether this user has correctly entered password or not
*
* @access public
* @return bool
*/
public function authenticate($sOneTimePassword = '')
{
if (Yii::app()->getConfig("auth_webserver") == false || $this->username != "") {
$user = User::model()->findByAttributes(array('users_name' => $this->username));
if ($user !== null) {
if (gettype($user->password) == 'resource') {
$sStoredPassword = stream_get_contents($user->password, -1, 0);
// Postgres delivers bytea fields as streams :-o
} else {
$sStoredPassword = $user->password;
}
} else {
$this->errorCode = self::ERROR_USERNAME_INVALID;
return !$this->errorCode;
}
if ($sOneTimePassword != '' && Yii::app()->getConfig("use_one_time_passwords") && md5($sOneTimePassword) == $user->one_time_pw) {
$user->one_time_pw = '';
$user->save();
$this->id = $user->uid;
$this->user = $user;
$this->errorCode = self::ERROR_NONE;
} elseif ($sStoredPassword !== hash('sha256', $this->password)) {
$this->errorCode = self::ERROR_PASSWORD_INVALID;
} else {
$this->id = $user->uid;
$this->user = $user;
$this->errorCode = self::ERROR_NONE;
}
} elseif (Yii::app()->getConfig("auth_webserver") === true && (isset($_SERVER['PHP_AUTH_USER']) || isset($_SERVER['LOGON_USER']) || isset($_SERVER['REMOTE_USER']))) {
if (isset($_SERVER['PHP_AUTH_USER'])) {
$sUser = $_SERVER['PHP_AUTH_USER'];
} elseif (isset($_SERVER['REMOTE_USER'])) {
$sUser = $_SERVER['REMOTE_USER'];
} else {
$sUser = $_SERVER['LOGON_USER'];
}
if (strpos($sUser, "\\") !== false) {
$sUser = substr($sUser, strrpos($sUser, "\\") + 1);
}
$aUserMappings = Yii::app()->getConfig("auth_webserver_user_map");
if (isset($aUserMappings[$sUser])) {
$sUser = $aUserMappings[$sUser];
}
$this->username = $sUser;
$oUser = User::model()->findByAttributes(array('users_name' => $sUser));
if (is_null($oUser)) {
if (function_exists("hook_get_auth_webserver_profile")) {
// If defined this function returns an array
// describing the defaukt profile for this user
$aUserProfile = hook_get_auth_webserver_profile($sUser);
} elseif (Yii::app()->getConfig("auth_webserver_autocreate_user")) {
$aUserProfile = Yii::app()->getConfig("auth_webserver_autocreate_profile");
}
} else {
$this->id = $oUser->uid;
$this->user = $oUser;
$this->errorCode = self::ERROR_NONE;
}
if (Yii::app()->getConfig("auth_webserver_autocreate_user") && isset($aUserProfile) && is_null($oUser)) {
// user doesn't exist but auto-create user is set
$oUser = new User();
$oUser->users_name = $sUser;
$oUser->password = hash('sha256', createPassword());
$oUser->full_name = $aUserProfile['full_name'];
$oUser->parent_id = 1;
$oUser->lang = $aUserProfile['lang'];
$oUser->email = $aUserProfile['email'];
$oUser->create_survey = $aUserProfile['create_survey'];
$oUser->create_user = $aUserProfile['create_user'];
$oUser->delete_user = $aUserProfile['delete_user'];
$oUser->superadmin = $aUserProfile['superadmin'];
$oUser->configurator = $aUserProfile['configurator'];
$oUser->manage_template = $aUserProfile['manage_template'];
$oUser->manage_label = $aUserProfile['manage_label'];
if ($oUser->save()) {
$aTemplates = explode(",", $aUserProfile['templatelist']);
foreach ($aTemplates as $sTemplateName) {
$oRecord = new Templates_rights();
$oRecord->uid = $oUser->uid;
$oRecord->folder = trim($sTemplateName);
$oRecord->use = 1;
$oRecord->save();
}
// read again user from newly created entry
$this->id = $oUser->uid;
$this->user = $oUser;
$this->errorCode = self::ERROR_NONE;
} else {
$this->errorCode = self::ERROR_USERNAME_INVALID;
}
}
} else {
$this->errorCode = self::ERROR_USERNAME_INVALID;
}
return !$this->errorCode;
}
