/** * @inheritdoc */ public function authenticate() { $record = User::model()->findByAttributes(array('username' => $this->username)); $authenticated = $record !== null && $record->verifyPassword($this->password); $attempt = new UserLoginAttempt(); $attempt->username = $this->username; $attempt->user_id = $record === null ? null : $record->id; $attempt->is_successful = $authenticated; $attempt->save(); if (UserLoginAttempt::hasTooManyFailedAttempts($this->username, self::MAX_FAILED_LOGIN_ATTEMPTS, self::LOGIN_ATTEMPTS_COUNT_SECONDS)) { // this is the first check not to reveal if the specified user account exists or not $this->errorCode = self::ERROR_USER_LOCKED; $this->errorMessage = Yii::t('UsrModule.usr', 'User account has been locked due to too many failed login attempts. Try again later.'); } elseif (!$authenticated) { $this->errorCode = self::ERROR_USERNAME_INVALID; $this->errorMessage = Yii::t('UsrModule.usr', 'Invalid username or password.'); } elseif ($record->is_disabled) { $this->errorCode = self::ERROR_USER_DISABLED; $this->errorMessage = Yii::t('UsrModule.usr', 'User account has been disabled.'); } else { if (!$record->is_active) { $this->errorCode = self::ERROR_USER_INACTIVE; $this->errorMessage = Yii::t('UsrModule.usr', 'User account has not been activated yet.'); } else { $this->errorCode = self::ERROR_NONE; $this->errorMessage = ''; $this->initFromUser($record); $record->saveAttributes(array('last_visit_on' => date('Y-m-d H:i:s'))); } } return $this->getIsAuthenticated(); }
/** * Checks if there are not too many login attempts using specified username in the specified number of seconds until now. * @param string $username * @param integer $count_limit number of login attempts * @param integer $time_limit number of seconds * @return boolean */ public static function hasTooManyFailedAttempts($username, $count_limit = 5, $time_limit = 1800) { $since = new DateTime(); $since->sub(new DateInterval("PT{$time_limit}S")); $subquery = UserLoginAttempt::model()->dbConnection->createCommand()->select('is_successful')->from(UserLoginAttempt::model()->tableName())->where('username = :username AND performed_on > :since')->order('performed_on DESC')->limit($count_limit)->getText(); return $count_limit <= (int) UserLoginAttempt::model()->dbConnection->createCommand()->select('COUNT(NOT is_successful OR NULL)')->from("({$subquery}) AS t")->queryScalar(array(':username' => $username, ':since' => $since->format('Y-m-d H:i:s'))); }
public function getUserLoginAttempts() { return $this->hasMany(UserLoginAttempt::className(), ['user_id' => 'id'])->orderBy('performed_on DESC'); }
/** * @inheritdoc */ public function authenticate() { $record = Usuarios::model()->findByAttributes(array('usuario' => $this->usuario)); $authenticated = $record !== null && $record->verificarContrasena($this->contrasena); $attempt = new UserLoginAttempt(); $attempt->username = $this->usuario; $attempt->user_id = $record === null ? null : $record->usuario_id; $attempt->is_successful = $authenticated; $attempt->save(); if (UserLoginAttempt::hasTooManyFailedAttempts($this->usuario, self::MAX_FAILED_LOGIN_ATTEMPTS, self::LOGIN_ATTEMPTS_COUNT_SECONDS)) { // this is the first check not to reveal if the specified user account exists or not $this->errorCode = self::ERROR_USER_LOCKED; $this->errorMessage = Yii::t('UsrModule.usr', 'La cuenta de usuario ha sido bloqueada temporalmente debido a demasiados intentos fallidos. Por favor intenta de nuevo más tarde.'); } elseif (!$authenticated) { $this->errorCode = self::ERROR_USERNAME_INVALID; $this->errorMessage = Yii::t('UsrModule.usr', 'Usuario o contraseña invalido.'); } elseif ($record->esta_deshabilitado) { $this->errorCode = self::ERROR_USER_DISABLED; $this->errorMessage = Yii::t('UsrModule.usr', 'Esta cuenta de usuario ha sido deshabilitada.'); } else { if (!$record->esta_activo) { $this->errorCode = self::ERROR_USER_INACTIVE; $this->errorMessage = Yii::t('UsrModule.usr', 'Esta cuenta de usuario se encuentra inactiva.'); } else { $this->errorCode = self::ERROR_NONE; $this->errorMessage = ''; $this->initFromUser($record); $record->saveAttributes(array('ultima_visita_el' => date('Y-m-d H:i:s'))); $auth = Yii::app()->authManager; $role = 'ente'; switch ($record->enteOrgano->tipo) { case 'S': $role = 'admin'; break; case 'O': $role = 'organo'; break; case 'E': $role = 'ente'; break; default: # code... break; } switch ($record->rol) { case 'uel': $role = 'uel'; break; case 'presupuesto': $role = 'presupuesto'; break; case 'producto': $role = 'producto'; break; default: # code... break; } //echo print_r($record); //Yii::app()->end(); if (!$auth->isAssigned($role, $this->_id)) { if ($auth->assign($role, $this->_id)) { Yii::app()->authManager->save(); } } } } return $this->getIsAuthenticated(); }