Пример #1
1
 public function newUserSession()
 {
     /* @var $identity LSUserIdentity */
     $sUser = $this->getUserName();
     $oUser = $this->api->getUserByName($sUser);
     if (is_null($oUser)) {
         if (function_exists("hook_get_auth_webserver_profile")) {
             // If defined this function returns an array
             // describing the default profile for this user
             $aUserProfile = hook_get_auth_webserver_profile($sUser);
         } elseif ($this->api->getConfigKey('auth_webserver_autocreate_user')) {
             $aUserProfile = $this->api->getConfigKey('auth_webserver_autocreate_profile');
         }
     } else {
         $this->setAuthSuccess($oUser);
         return;
     }
     if ($this->api->getConfigKey('auth_webserver_autocreate_user') && isset($aUserProfile) && is_null($oUser)) {
         // user doesn't exist but auto-create user is set
         $oUser = new User();
         $oUser->users_name = $sUser;
         $oUser->password = hash('sha256', createPassword());
         $oUser->full_name = $aUserProfile['full_name'];
         $oUser->parent_id = 1;
         $oUser->lang = $aUserProfile['lang'];
         $oUser->email = $aUserProfile['email'];
         if ($oUser->save()) {
             $permission = new Permission();
             $permission->setPermissions($oUser->uid, 0, 'global', $this->api->getConfigKey('auth_webserver_autocreate_permissions'), true);
             // read again user from newly created entry
             $this->setAuthSuccess($oUser);
             return;
         } else {
             $this->setAuthFailure(self::ERROR_USERNAME_INVALID);
         }
     }
 }
Пример #2
0
 public function newUserSession()
 {
     // Do nothing if this user is not Authwebserver type
     $identity = $this->getEvent()->get('identity');
     if ($identity->plugin != 'Authwebserver') {
         return;
     }
     /* @var $identity LSUserIdentity */
     $sUser = $this->getUserName();
     $oUser = $this->api->getUserByName($sUser);
     if (is_null($oUser)) {
         if (function_exists("hook_get_auth_webserver_profile")) {
             // If defined this function returns an array
             // describing the default profile for this user
             $aUserProfile = hook_get_auth_webserver_profile($sUser);
         } elseif ($this->api->getConfigKey('auth_webserver_autocreate_user')) {
             $aUserProfile = $this->api->getConfigKey('auth_webserver_autocreate_profile');
         }
     } else {
         if (Permission::model()->hasGlobalPermission('auth_webserver', 'read', $oUser->uid)) {
             $this->setAuthSuccess($oUser);
             return;
         } else {
             $this->setAuthFailure(self::ERROR_AUTH_METHOD_INVALID, gT('Web server authentication method is not allowed for this user'));
             return;
         }
     }
     if ($this->api->getConfigKey('auth_webserver_autocreate_user') && isset($aUserProfile) && is_null($oUser)) {
         // user doesn't exist but auto-create user is set
         $oUser = new User();
         $oUser->users_name = $sUser;
         $oUser->password = hash('sha256', createPassword());
         $oUser->full_name = $aUserProfile['full_name'];
         $oUser->parent_id = 1;
         $oUser->lang = $aUserProfile['lang'];
         $oUser->email = $aUserProfile['email'];
         if ($oUser->save()) {
             $permission = new Permission();
             $permission->setPermissions($oUser->uid, 0, 'global', $this->api->getConfigKey('auth_webserver_autocreate_permissions'), true);
             Permission::model()->setGlobalPermission($oUser->uid, 'auth_webserver');
             // read again user from newly created entry
             $this->setAuthSuccess($oUser);
             return;
         } else {
             $this->setAuthFailure(self::ERROR_USERNAME_INVALID);
         }
     }
 }
 /**
  * Checks whether this user has correctly entered password or not
  *
  * @access public
  * @return bool
  */
 public function authenticate($sOneTimePassword = '')
 {
     if (Yii::app()->getConfig("auth_webserver") == false || $this->username != "") {
         $user = User::model()->findByAttributes(array('users_name' => $this->username));
         if ($user !== null) {
             if (gettype($user->password) == 'resource') {
                 $sStoredPassword = stream_get_contents($user->password, -1, 0);
                 // Postgres delivers bytea fields as streams :-o
             } else {
                 $sStoredPassword = $user->password;
             }
         } else {
             $this->errorCode = self::ERROR_USERNAME_INVALID;
             return !$this->errorCode;
         }
         if ($sOneTimePassword != '' && Yii::app()->getConfig("use_one_time_passwords") && md5($sOneTimePassword) == $user->one_time_pw) {
             $user->one_time_pw = '';
             $user->save();
             $this->id = $user->uid;
             $this->user = $user;
             $this->errorCode = self::ERROR_NONE;
         } elseif ($sStoredPassword !== hash('sha256', $this->password)) {
             $this->errorCode = self::ERROR_PASSWORD_INVALID;
         } else {
             $this->id = $user->uid;
             $this->user = $user;
             $this->errorCode = self::ERROR_NONE;
         }
     } elseif (Yii::app()->getConfig("auth_webserver") === true && (isset($_SERVER['PHP_AUTH_USER']) || isset($_SERVER['LOGON_USER']) || isset($_SERVER['REMOTE_USER']))) {
         if (isset($_SERVER['PHP_AUTH_USER'])) {
             $sUser = $_SERVER['PHP_AUTH_USER'];
         } elseif (isset($_SERVER['REMOTE_USER'])) {
             $sUser = $_SERVER['REMOTE_USER'];
         } else {
             $sUser = $_SERVER['LOGON_USER'];
         }
         if (strpos($sUser, "\\") !== false) {
             $sUser = substr($sUser, strrpos($sUser, "\\") + 1);
         }
         $aUserMappings = Yii::app()->getConfig("auth_webserver_user_map");
         if (isset($aUserMappings[$sUser])) {
             $sUser = $aUserMappings[$sUser];
         }
         $this->username = $sUser;
         $oUser = User::model()->findByAttributes(array('users_name' => $sUser));
         if (is_null($oUser)) {
             if (function_exists("hook_get_auth_webserver_profile")) {
                 // If defined this function returns an array
                 // describing the defaukt profile for this user
                 $aUserProfile = hook_get_auth_webserver_profile($sUser);
             } elseif (Yii::app()->getConfig("auth_webserver_autocreate_user")) {
                 $aUserProfile = Yii::app()->getConfig("auth_webserver_autocreate_profile");
             }
         } else {
             $this->id = $oUser->uid;
             $this->user = $oUser;
             $this->errorCode = self::ERROR_NONE;
         }
         if (Yii::app()->getConfig("auth_webserver_autocreate_user") && isset($aUserProfile) && is_null($oUser)) {
             // user doesn't exist but auto-create user is set
             $oUser = new User();
             $oUser->users_name = $sUser;
             $oUser->password = hash('sha256', createPassword());
             $oUser->full_name = $aUserProfile['full_name'];
             $oUser->parent_id = 1;
             $oUser->lang = $aUserProfile['lang'];
             $oUser->email = $aUserProfile['email'];
             $oUser->create_survey = $aUserProfile['create_survey'];
             $oUser->create_user = $aUserProfile['create_user'];
             $oUser->delete_user = $aUserProfile['delete_user'];
             $oUser->superadmin = $aUserProfile['superadmin'];
             $oUser->configurator = $aUserProfile['configurator'];
             $oUser->manage_template = $aUserProfile['manage_template'];
             $oUser->manage_label = $aUserProfile['manage_label'];
             if ($oUser->save()) {
                 $aTemplates = explode(",", $aUserProfile['templatelist']);
                 foreach ($aTemplates as $sTemplateName) {
                     $oRecord = new Templates_rights();
                     $oRecord->uid = $oUser->uid;
                     $oRecord->folder = trim($sTemplateName);
                     $oRecord->use = 1;
                     $oRecord->save();
                 }
                 // read again user from newly created entry
                 $this->id = $oUser->uid;
                 $this->user = $oUser;
                 $this->errorCode = self::ERROR_NONE;
             } else {
                 $this->errorCode = self::ERROR_USERNAME_INVALID;
             }
         }
     } else {
         $this->errorCode = self::ERROR_USERNAME_INVALID;
     }
     return !$this->errorCode;
 }