/**
* Test for issue #16322: eZTextFileUser makes user names with newline (with patch)
*/
public function testLoginWrongUsername()
{
$userClass = eZUserLoginHandler::instance('textfile');
$user = $userClass->loginUser('wrong username', 'wrong password');
// the username and password were not accepted
$this->assertEquals(false, $user instanceof eZUser);
}
/**
* Checks authentication for the given $user.
*
* This method checks the given user/password credentials encapsulated in
* $data. Returns true if the user was succesfully recognized and the
* password is valid for him, false otherwise. In case no username and/or
* password was provided in the request, empty strings are provided as the
* parameters of this method.
*
* @param ezcWebdavBasicAuth $data
* @return bool
*/
public function authenticateBasic(ezcWebdavBasicAuth $data)
{
$loginHandler = 'standard';
eZWebDAVContentBackend::appendLogEntry("Got username: {$data->username}");
// added by @ds to fix problems with IE6 SP2
if (preg_match('(^' . preg_quote($_SERVER['SERVER_NAME']) . '(.+))', $data->username, $matches) > 0) {
$data->username = $matches[1];
}
eZWebDAVContentBackend::appendLogEntry("Processed to username: {$data->username}");
$userClass = eZUserLoginHandler::instance($loginHandler);
$user = $userClass->loginUser($data->username, $data->password);
if (!$user instanceof eZUser) {
return false;
}
eZWebDAVContentBackend::appendLogEntry("AuthenticatedBasic");
return true;
}
function ezp_authandexec($user, $password, $functionName, $params)
{
$server = $GLOBALS['ggws_server'];
// replicate here logic found in user/login
$ini = eZINI::instance();
if ($ini->hasVariable('UserSettings', 'LoginHandler')) {
$loginHandlers = $ini->variable('UserSettings', 'LoginHandler');
} else {
$loginHandlers = array('standard');
}
foreach ($loginHandlers as $loginHandler) {
$userClass = eZUserLoginHandler::instance($loginHandler);
$user = $userClass->loginUser($user, $password);
if ($user instanceof eZUser) {
// do we need to check this, really?
//$hasAccessToSite = $user->canLoginToSiteAccess( $GLOBALS['eZCurrentAccess'] );
//if ( $hasAccessToSite )
//{
// check if new user has access to the actual ws
$access = ggeZWebservices::checkAccess($functionName, $user);
if (!$access) {
return new ggWebservicesFault(ggWebservicesServer::INVALIDAUTHERROR, ggWebservicesServer::INVALIDAUTHSTRING);
}
if ($server->isInternalRequest($functionName)) {
return $server->handleInternalRequest($functionName, $params);
} else {
return $server->handleRequest($functionName, $params);
}
//}
//else
//{
// $user->logoutCurrent();
// // @todo ...
// //return $module->handleError( eZError::KERNEL_ACCESS_DENIED, 'kernel' );
// return new ggWebservicesFault( ggWebservicesServer::INVALIDAUTHERROR, ggWebservicesServer::INVALIDAUTHSTRING );
//}
}
}
return new ggWebservicesFault(ggWebservicesServer::INVALIDAUTHERROR, ggWebservicesServer::INVALIDAUTHSTRING);
}
/**
* Test for issue #16328: Wrong hash stored in database on hash update in ezUser.php
*/
public function testPasswordHashSamePasswordToUser()
{
// Get the password_hash
$db = eZDB::instance();
$rows = $db->arrayQuery("SELECT * FROM ezuser where login = '******'");
if (count($rows) !== 1) {
$this->fail("User {$this->username} is not in database.");
}
// Not used in this test
$passwordHashMD5Password = $rows[0]['password_hash'];
// Above it was only the setup for the test, the real test begins now
// Set HashType to md5_user (password_hash in the ezuser table is updated again)
ezpINIHelper::setINISetting('site.ini', 'UserSettings', 'HashType', 'md5_user');
// Login the user with email instead of username
$userClass = eZUserLoginHandler::instance('standard');
$user = $userClass->loginUser($this->email, $this->password);
// Verify that the email and password were accepted
if (!$user instanceof eZUser) {
$this->fail("User {$this->email} is not in database.");
}
// Get the password_hash
$db = eZDB::instance();
$rows = $db->arrayQuery("SELECT * FROM ezuser where login = '******'");
$passwordHashMD5User = $rows[0]['password_hash'];
// The value that is expected to be saved in the ezuser table after updating the HashType to md5_user
// (using the username and not the email address, which caused issue #16328)
$hashMD5Expected = md5("{$this->username}\n{$this->password}");
// Verify that the 2 password hashes saved above are the same
$this->assertEquals($hashMD5Expected, $passwordHashMD5User);
// Verify that the user can still login with username
$userClass = eZUserLoginHandler::instance('standard');
$user = $userClass->loginUser($this->username, $this->password);
// Verify that the username and password were accepted
if (!$user instanceof eZUser) {
$this->fail("User {$this->username} is not in database.");
}
}
static function checkUser(&$siteBasics, &$url)
{
$http = eZHTTPTool::instance();
if (!$http->hasSessionVariable(self::STEP)) {
$http->setSessionVariable(self::STEP, self::STEP_PRE_CHECK_USER_INFO);
}
$loginStep =& $http->sessionVariable(self::STEP);
if ($http->hasSessionVariable(self::FORCE_LOGIN) && $loginStep < self::STEP_PRE_COLLECT_USER_INFO) {
$loginStep = self::STEP_PRE_COLLECT_USER_INFO;
}
switch ($loginStep) {
case self::STEP_PRE_CHECK_USER_INFO:
$ini = eZINI::instance();
$handlerList = array('standard');
if ($ini->hasVariable('UserSettings', 'LoginHandler')) {
$handlerList = $ini->variable('UserSettings', 'LoginHandler');
}
if ($http->hasSessionVariable(self::LAST_HANDLER_NAME)) {
$http->removeSessionVariable(self::LAST_HANDLER_NAME);
}
foreach ($handlerList as $handler) {
$userObject = eZUserLoginHandler::instance($handler);
if ($userObject) {
$check = $userObject->checkUser($siteBasics, $url);
if ($check === null) {
eZUserLoginHandler::sessionCleanup();
return null;
}
$http->setSessionVariable(self::LAST_CHECK_REDIRECT, $check);
$http->setSessionVariable(self::LAST_HANDLER_NAME, $handler);
}
}
$http->setSessionVariable(self::STEP, self::STEP_PRE_COLLECT_USER_INFO);
return eZUserLoginHandler::checkUser($siteBasics, $url);
break;
case self::STEP_PRE_COLLECT_USER_INFO:
$http->setSessionVariable(self::STEP, self::STEP_POST_COLLECT_USER_INFO);
$handler = null;
if ($http->hasSessionVariable(self::LAST_HANDLER_NAME)) {
$handlerName = $http->sessionVariable(self::LAST_HANDLER_NAME);
$handler = eZUserLoginHandler::instance($handlerName);
}
if ($handler) {
return $handler->preCollectUserInfo();
} else {
$redirect =& $http->sessionVariable(self::LAST_CHECK_REDIRECT);
if (!$redirect) {
$redirect = array('module' => 'user', 'function' => 'login');
}
return $redirect;
}
break;
case self::STEP_POST_COLLECT_USER_INFO:
$http->setSessionVariable(self::STEP, self::STEP_LOGIN_USER);
$handler = null;
if ($http->hasSessionVariable(self::LAST_HANDLER_NAME)) {
$handlerName = $http->sessionVariable(self::LAST_HANDLER_NAME);
$handler = eZUserLoginHandler::instance($handlerName);
}
if ($handler) {
// Use specified login handler to handle Login info input
if (!$handler->postCollectUserInfo()) {
eZUserLoginHandler::sessionCleanup();
eZHTTPTool::redirect('/');
eZExecution::cleanExit();
}
}
return eZUserLoginHandler::checkUser($siteBasics, $url);
break;
case self::STEP_LOGIN_USER:
$ini = eZINI::instance();
$handlerList = array('standard');
if ($ini->hasVariable('UserSettings', 'LoginHandler')) {
$handlerList = $ini->variable('UserSettings', 'LoginHandler');
}
$userInfoArray =& $http->sessionVariable(self::USER_INFO);
$http->removeSessionVariable(self::USER_INFO);
if ($http->hasSessionVariable(self::FORCE_LOGIN)) {
$http->removeSessionVariable(self::FORCE_LOGIN);
}
$user = null;
if (is_array($userInfoArray) and $userInfoArray['login'] and $userInfoArray['password']) {
foreach ($handlerList as $handler) {
$userObject = eZUserLoginHandler::instance($handler);
if ($userObject) {
$user = $userObject->loginUser($userInfoArray['login'], $userInfoArray['password']);
if (is_subclass_of($user, 'eZUser')) {
eZUserLoginHandler::sessionCleanup();
return null;
} else {
if (is_array($user)) {
eZUserLoginHandler::sessionCleanup();
return $user;
}
}
}
}
}
$http->setSessionVariable(self::STEP, self::STEP_PRE_CHECK_USER_INFO);
return eZUserLoginHandler::checkUser($siteBasics, $url);
break;
}
}
if ($userLogin != '') {
if ($http->hasSessionVariable("RedirectAfterLogin", false)) {
$http->removeSessionVariable('RedirectAfterLogin');
}
if ($ini->hasVariable('UserSettings', 'LoginHandler')) {
$loginHandlers = $ini->variable('UserSettings', 'LoginHandler');
} else {
$loginHandlers = array('standard');
}
$hasAccessToSite = true;
if ($http->hasPostVariable('Cookie') && $ini->hasVariable('Session', 'RememberMeTimeout') && ($rememberMeTimeout = $ini->variable('Session', 'RememberMeTimeout'))) {
eZSession::setCookieParams($rememberMeTimeout);
}
foreach (array_keys($loginHandlers) as $key) {
$loginHandler = $loginHandlers[$key];
$userClass = eZUserLoginHandler::instance($loginHandler);
if (!is_object($userClass)) {
continue;
}
$user = $userClass->loginUser($userLogin, $userPassword);
if ($user instanceof eZUser) {
$hasAccessToSite = $user->canLoginToSiteAccess($GLOBALS['eZCurrentAccess']);
if (!$hasAccessToSite) {
$user->logoutCurrent();
$user = null;
$siteAccessName = $GLOBALS['eZCurrentAccess']['name'];
$siteAccessAllowed = false;
}
break;
}
}
/**
* Logins with $username and $password and returns the userID.
*
* @param string $username
* @param string $password
* @return int
*/
public function loginEZPUser($username, $password)
{
$userClass = eZUserLoginHandler::instance('standard');
$user = $userClass->loginUser('admin', 'publish');
if (!$user instanceof eZUser) {
return false;
}
$user = eZUser::currentUser();
$userId = $user->attribute("contentobject_id");
return $userId;
}
