/** * Loads the access levels for the current user. * * Calls the authentication method to try to log the user in the system. * If the user credentials are not correct we don't load anything. * If the login/password is correct the user is either the SuperUser or a normal user. * We load the access levels for this user for all the websites. * * @param null|Auth $auth Auth adapter * @return bool true on success, false if reloading access failed (when auth object wasn't specified and user is not enforced to be Super User) */ public function reloadAccess(Auth $auth = null) { $this->resetSites(); if (isset($auth)) { $this->auth = $auth; } if ($this->hasSuperUserAccess()) { $this->makeSureLoginNameIsSet(); return true; } $this->token_auth = null; $this->login = null; // if the Auth wasn't set, we may be in the special case of setSuperUser(), otherwise we fail TODO: docs + review if ($this->auth === null) { return false; } // access = array ( idsite => accessIdSite, idsite2 => accessIdSite2) $result = $this->auth->authenticate(); if (!$result->wasAuthenticationSuccessful()) { return false; } $this->login = $result->getIdentity(); $this->token_auth = $result->getTokenAuth(); // case the superUser is logged in if ($result->hasSuperUserAccess()) { $this->setSuperUserAccess(true); } return true; }
/** * Loads the access levels for the current user. * * Calls the authentication method to try to log the user in the system. * If the user credentials are not correct we don't load anything. * If the login/password is correct the user is either the SuperUser or a normal user. * We load the access levels for this user for all the websites. * * @param null|Auth $auth Auth adapter * @return bool true on success, false if reloading access failed (when auth object wasn't specified and user is not enforced to be Super User) */ public function reloadAccess(Auth $auth = null) { if (!is_null($auth)) { $this->auth = $auth; } // if the Auth wasn't set, we may be in the special case of setSuperUser(), otherwise we fail if (is_null($this->auth)) { if ($this->hasSuperUserAccess()) { return $this->reloadAccessSuperUser(); } } if ($this->hasSuperUserAccess()) { return $this->reloadAccessSuperUser(); } // if the Auth wasn't set, we may be in the special case of setSuperUser(), otherwise we fail TODO: docs + review if ($this->auth === null) { return false; } // access = array ( idsite => accessIdSite, idsite2 => accessIdSite2) $result = $this->auth->authenticate(); if (!$result->wasAuthenticationSuccessful()) { return false; } $this->login = $result->getIdentity(); $this->token_auth = $result->getTokenAuth(); // case the superUser is logged in if ($result->hasSuperUserAccess()) { return $this->reloadAccessSuperUser(); } // in case multiple calls to API using different tokens, we ensure we reset it as not SU $this->setSuperUserAccess(false); // we join with site in case there are rows in access for an idsite that doesn't exist anymore // (backward compatibility ; before we deleted the site without deleting rows in _access table) $accessRaw = $this->getRawSitesWithSomeViewAccess($this->login); foreach ($accessRaw as $access) { $this->idsitesByAccess[$access['access']][] = $access['idsite']; } return true; }
/** * Authenticates the user. * * Derived classes can override this method to customize authentication logic or impose * extra requirements on the user trying to login. * * @param AuthInterface $auth The Auth implementation to use when authenticating. * @return AuthResult */ protected function doAuthenticateSession(AuthInterface $auth) { Piwik::postEvent('Login.authenticate', array($auth->getLogin())); return $auth->authenticate(); }
/** * Authenticates the user. * * Derived classes can override this method to customize authentication logic or impose * extra requirements on the user trying to login. * * @param AuthInterface $auth The Auth implementation to use when authenticating. * @return AuthResult */ protected function doAuthenticateSession(AuthInterface $auth) { $login = $auth->getLogin(); $tokenAuthSecret = null; try { $tokenAuthSecret = $auth->getTokenAuthSecret(); } catch (Exception $ex) { Log::debug("SessionInitializer::doAuthenticateSession: token_auth secret for %s not available before user" . " is authenticated.", $login); } $tokenAuth = empty($tokenAuthSecret) ? null : $this->usersManagerAPI->getTokenAuth($login, $tokenAuthSecret); /** * @deprecated Create a custom SessionInitializer instead. */ Piwik::postEvent('Login.authenticate', array($auth->getLogin(), $tokenAuth)); return $auth->authenticate(); }