/** * Shows the list of logged in users */ public function indexAction() { $activeUser = new Ot_Model_DbTable_Activeuser(); $otAccount = new Ot_Model_DbTable_Account(); $otRole = new Ot_Model_DbTable_Role(); $allActiveUsers = $activeUser->fetchAll(null, 'dt DESC')->toArray(); foreach ($allActiveUsers as &$a) { $a['accountInfo'] = $otAccount->getByAccountId($a['accountId']); } $this->_helper->pageTitle('ot-activeusers-index:title'); $this->view->assign(array('activeUsers' => $allActiveUsers)); }
/** * Updates the currently logged in user's account information (the user * associated with the API key) * * Params * =========================== * Required: * - firstName: The first name of the user * - lastName: The last name of the user * - emailAddress: The email address of the user * - timezone: The timezone of the user (America/New_York, etc.) * */ public function put($params) { if (!Zend_Auth::getInstance()->hasIdentity()) { throw new Ot_Exception_Access('msg-error-apiAccessDenied'); } $this->checkForEmptyParams(array('firstName', 'lastName', 'emailAddress', 'timezone'), $params); if (!in_array($params['timezone'], Ot_Model_Timezone::getTimezoneList())) { throw new Ot_Exception_Data('msg-error-invalidTimezone'); } $otAccount = new Ot_Model_DbTable_Account(); $accountId = Zend_Auth::getInstance()->getIdentity()->accountId; $data = array('accountId' => $accountId, 'firstName' => $params['firstName'], 'lastName' => $params['lastName'], 'emailAddress' => $params['emailAddress'], 'timezone' => $params['timezone']); $otAccount->update($data, null); return true; }
/** * Authenticates the user passed by the constructor. * * @return new Zend_Auth_Result object */ public function authenticate() { $account = new Ot_Model_DbTable_Account(); $result = $account->getByUsername($this->_username, 'local'); if (is_null($result)) { return new Zend_Auth_Result(false, null, array('User "' . $this->_username . '" account was not found.')); } if (md5($this->_password) != $result->password) { return new Zend_Auth_Result(false, null, array('The password you entered was invalid.')); } $class = new stdClass(); $class->username = $this->_username; $class->realm = 'local'; return new Zend_Auth_Result(true, $class, array()); }
/** * Displays a list of all the api apps registered with application * regardless of the user who registered the app */ public function allAppsAction() { $apiApp = new Ot_Model_DbTable_ApiApp(); $account = new Ot_Model_DbTable_Account(); $allApps = $apiApp->fetchAll(null, 'name ASC')->toArray(); foreach ($allApps as &$a) { $user = $account->find($a['accountId']); if (!is_null($user)) { $a['user'] = $user; } } unset($a); $this->view->allApps = $allApps; $this->_helper->pageTitle('ot-apiapp-allApps:title', $this->_helper->configVar('appTitle')); }
/** * allows a user to signup for an account * */ public function signupAction() { $realm = $this->_getParam('realm', null); if (is_null($realm)) { throw new Ot_Exception_Input('msg-error-realmNotFound'); } // Set up the auth adapter $authAdapter = new Ot_Model_DbTable_AuthAdapter(); $adapter = $authAdapter->find($realm); if (is_null($adapter)) { throw new Ot_Exception_Data($this->view->translate('ot-login-signup:realmNotFound', array('<b>' . $realm . '</b>'))); } if ($adapter->enabled == 0) { throw new Ot_Exception_Access('msg-error-authNotSupported'); } $className = (string) $adapter->class; $auth = new $className(); if (!$auth->manageLocally()) { throw new Ot_Exception_Access('msg-error-authNotSupported'); } if (!$auth->allowUserSignUp()) { throw new Ot_Exception_Access('msg-error-authNotAllowed'); } $form = new Ot_Form_Signup(); $form->removeElement('realm'); if ($this->_request->isPost()) { if ($form->isValid($_POST)) { if ($form->getValue('password') == $form->getValue('passwordConf')) { $accountData = array('username' => $form->getValue('username'), 'password' => md5($form->getValue('password')), 'realm' => $realm, 'role' => $this->_helper->configVar('newAccountRole'), 'emailAddress' => $form->getValue('emailAddress'), 'firstName' => $form->getValue('firstName'), 'lastName' => $form->getValue('lastName'), 'timezone' => $form->getValue('timezone')); $account = new Ot_Model_DbTable_Account(); if ($account->accountExists($accountData['username'], $accountData['realm'])) { $this->_helper->messenger->addError('msg-error-usernameTaken'); } else { $dba = Zend_Db_Table::getDefaultAdapter(); $dba->beginTransaction(); try { $accountData['accountId'] = $account->insert($accountData); $aar = new Ot_Account_Attribute_Register(); $vars = $aar->getVars($accountData['accountId']); $values = $form->getValues(); foreach ($vars as $varName => $var) { if (isset($values['accountAttributes'][$varName])) { $var->setValue($values['accountAttributes'][$varName]); $aar->save($var, $accountData['accountId']); } } $cahr = new Ot_CustomAttribute_HostRegister(); $thisHost = $cahr->getHost('Ot_Profile'); if (is_null($thisHost)) { throw new Ot_Exception_Data('msg-error-objectNotSetup'); } $customAttributes = $thisHost->getAttributes($accountData['accountId']); foreach ($customAttributes as $attributeName => $a) { if (array_key_exists($attributeName, $values['customAttributes'])) { $a['var']->setValue($values['customAttributes'][$attributeName]); $thisHost->saveAttribute($a['var'], $accountData['accountId'], $a['attributeId']); } } } catch (Exception $e) { $dba->rollback(); throw $e; } $dba->commit(); $loggerOptions = array('attributeName' => 'accountId', 'attributeId' => $accountData['accountId']); $this->_helper->log(Zend_Log::INFO, 'User ' . $accountData['username'] . ' created an account.', $loggerOptions); $dt = new Ot_Trigger_Dispatcher(); $dt->setVariables($accountData); $dt->password = $form->getValue('password'); $dt->loginMethod = $realm; $dt->dispatch('Login_Index_Signup'); $authAdapterModel = new Ot_Model_DbTable_AuthAdapter(); $adapter = $authAdapterModel->find($realm); $className = (string) $adapter->class; // Set up the authentication adapter $authAdapter = new $className($accountData['username'], $form->getValue('password')); $auth = Zend_Auth::getInstance(); $authRealm = new Zend_Session_Namespace('authRealm'); $authRealm->setExpirationHops(1); $authRealm->realm = $realm; $authRealm->autoLogin = $authAdapter->autoLogin(); // Attempt authentication, saving the result $result = $auth->authenticate($authAdapter); $authRealm->unsetAll(); $req = new Zend_Session_Namespace(Zend_Registry::get('siteUrl') . '_request'); $this->_helper->messenger->addSuccess('msg-info-accountCreated'); if ($result->isValid()) { $account = new Ot_Model_DbTable_Account(); $thisAccount = $account->getByUsername($accountData['username'], $realm); $auth->getStorage()->write($thisAccount); if (isset($req->uri) && $req->uri != '') { $uri = $req->uri; $req->unsetAll(); $this->_helper->redirector->gotoUrl($uri); } else { $this->_helper->redirector->gotoRoute(array(), 'default', true); } } else { $this->_helper->redirector->gotoRoute(array('realm' => $realm), 'login', true); } } } else { $this->_helper->messenger->addError('msg-error-passwordsNotMatch'); } } else { $this->_helper->messenger->addError('msg-error-invalidFormInfo'); } } $this->_helper->pageTitle('ot-login-signup:title'); $this->view->headScript()->appendFile($this->view->baseUrl() . '/scripts/ot/jquery.plugin.passStrength.js'); $this->view->assign(array('realm' => $realm, 'form' => $form)); }
public function indexAction() { $returnType = 'json'; try { $apiRegister = new Ot_Api_Register(); $vr = new Ot_Config_Register(); $params = $this->_getAllParams(); if (isset($params['type']) && in_array(strtolower($returnType), array('json', 'php'))) { $returnType = strtolower($params['type']); } if (!isset($params['endpoint']) || empty($params['endpoint'])) { return $this->_validOutput(array('message' => 'Welcome to the ' . $vr->getVar('appTitle')->getValue() . ' API. You will need an API key to get any further. Visit ' . Zend_Registry::get('siteUrl') . '/account to get one.'), $returnType); } $endpoint = $params['endpoint']; $thisEndpoint = $apiRegister->getApiEndpoint($endpoint); if (is_null($thisEndpoint)) { return $this->_errorOutput('Invalid Endpoint', $returnType, 404); } if (!isset($params['key']) || empty($params['key'])) { return $this->_errorOutput('You must provide an API key', $returnType, 403); } $apiApp = new Ot_Model_DbTable_ApiApp(); $thisApp = $apiApp->getAppByKey($params['key']); if (is_null($thisApp)) { return $this->_errorOutput('Invalid API key', $returnType, 403); } $otAccount = new Ot_Model_DbTable_Account(); $thisAccount = $otAccount->getByAccountId($thisApp->accountId); if (is_null($thisAccount)) { return $this->_errorOutput('No user found for this API key', $returnType, 403); } $acl = new Ot_Acl('remote'); if (count($thisAccount->role) > 1) { $roles = array(); // Get role names from the list of role Ids foreach ($thisAccount->role as $r) { $roles[] = $acl->getRole($r); } // Create a new role that inherits from all the returned roles $roleName = implode(',', $roles); $thisAccount->role = $roleName; $acl->addRole(new Zend_Acl_Role($roleName), $roles); } elseif (count($thisAccount->role) == 1) { $thisAccount->role = array_pop($thisAccount->role); } if (!$acl->hasRole($thisAccount->role)) { $thisAccount->role = $vr->getVar('defaultRole')->getValue(); } $role = $thisAccount->role; if ($role == '' || !$acl->hasRole($role)) { $role = $vr->getVar('defaultRole')->getValue(); } // the api "module" here is really a kind of placeholder $aclResource = 'api_' . strtolower($thisEndpoint->getName()); Zend_Auth::getInstance()->getStorage()->write($thisAccount); } catch (Exception $e) { return $this->_errorOutput($e->getMessage(), $returnType); } $data = array(); $apiObject = $thisEndpoint->getEndpointObj(); if ($this->_request->isPost()) { if (!$acl->isAllowed($role, $aclResource, 'post')) { return $this->_errorOutput('You do not have permission to access this endpoint with POST', $returnType, 403); } try { $data = $apiObject->post($params); } catch (Exception $e) { return $this->_errorOutput($e->getMessage(), $returnType); } } else { if ($this->_request->isPut()) { if (!$acl->isAllowed($role, $aclResource, 'put')) { return $this->_errorOutput('You do not have permission to access this endpoint with PUT', $returnType, 403); } try { $data = $apiObject->put($params); } catch (Exception $e) { return $this->_errorOutput($e->getMessage(), $returnType); } } else { if ($this->_request->isDelete()) { if (!$acl->isAllowed($role, $aclResource, 'delete')) { return $this->_errorOutput('You do not have permission to access this endpoint with DELETE', $returnType, 403); } try { $data = $apiObject->delete($params); } catch (Exception $e) { return $this->_errorOutput($e->getMessage(), $returnType); } } else { if (!$acl->isAllowed($role, $aclResource, 'get')) { return $this->_errorOutput('You do not have permission to access this endpoint with GET', $returnType, 403); } try { $data = $apiObject->get($params); } catch (Exception $e) { return $this->_errorOutput($e->getMessage(), $returnType); } } } } return $this->_validOutput($data, $returnType); }
/** * allows a user to change their password * */ public function changePasswordAction() { $identity = Zend_Auth::getInstance()->getIdentity(); $account = new Ot_Model_DbTable_Account(); $thisAccount = $account->getByUsername($identity->username, $identity->realm); if (is_null($thisAccount)) { throw new Ot_Exception_Data('msg-error-noAccount'); } $otAuthAdapter = new Ot_Model_DbTable_AuthAdapter(); $thisAdapter = $otAuthAdapter->find($thisAccount->realm); $auth = new $thisAdapter->class(); if (!$auth->manageLocally()) { throw new Ot_Exception_Access('msg-error-authAdapterSupport'); } $form = new Ot_Form_ChangePassword(); if ($this->_request->isPost()) { if ($form->isValid($_POST)) { if ($form->getValue('newPassword') != $form->getValue('newPasswordConf')) { $this->_helper->messenger->addError('msg-error-passwordMismatch'); } if (md5($form->getValue('oldPassword')) != $thisAccount->password) { $this->_helper->messenger->addError('msg-error-passwordInvalidOriginal'); } if ($this->_helper->messenger->count('error') == 0) { $data = array('accountId' => $thisAccount->accountId, 'password' => md5($form->getValue('newPassword'))); $account->update($data, null); $this->_helper->messenger->addSuccess('msg-info-passwordChanged'); $loggerOptions = array('attributeName' => 'accountId', 'attributeId' => $thisAccount->accountId); $this->_helper->log(Zend_Log::INFO, 'User changed Password', $loggerOptions); $this->_helper->redirector->gotoRoute(array(), 'account', true); } } else { $this->_helper->messenger->addError('msg-error-invalidForm'); } } $this->view->headScript()->appendFile($this->view->baseUrl() . '/public/scripts/ot/jquery.plugin.passStrength.js'); $this->_helper->pageTitle('ot-account-changePassword:title'); $this->view->assign(array('form' => $form)); }
/** * Deletes a role from the ACL * */ public function deleteAction() { $roleId = $this->_getParam('roleId', null); if (is_null($roleId)) { throw new Ot_Exception_Input('msg-error-roleIdNotSet'); } $role = new Ot_Model_DbTable_Role(); $thisRole = $role->find($roleId); if (is_null($thisRole)) { throw new Ot_Exception_Data('msg-error-noRole'); } if ($thisRole->editable != 1) { throw new Ot_Exception_Access('msg-error-unallowedRoleEdit'); } $availableRoles = $this->_acl->getAvailableRoles(); if (!isset($availableRoles[$roleId])) { throw new Ot_Exception_Data('msg-error-noRole'); } $account = new Ot_Model_DbTable_Account(); $affectedAccounts = $account->getAccountsForRole($get->roleId); $defaultRole = $this->_helper->configVar('defaultRole'); if (!isset($availableRoles[$defaultRole])) { throw new Ot_Exception_Data('msg-error-noDefaultRole'); } if ($defaultRole == $roleId) { throw new Ot_Exception_Data('msg-error-deleteDefaultRole'); } $inheritedRoles = array(); $inheritedRoles = $this->_acl->getChildrenOfRole($roleId); if (count($inheritedRoles) > 0) { throw new Ot_Exception_Data($this->view->translate('msg-error-dependedRoleCannotDelete', $roleList)); } if ($this->_request->isPost()) { $role = new Ot_Model_DbTable_Role(); $accountRoles = new Ot_Model_DbTable_AccountRoles(); $dba = $role->getAdapter(); $dba->beginTransaction(); try { $role->deleteRole($roleId); } catch (Exception $e) { $dba->rollback(); throw $e; } // aList is an array of all the affected accountIds $aList = array(); if (count($affectedAccounts) > 0) { foreach ($affectedAccounts as $a) { $aList[] = $a->accountId; } if (count($aList) > 0) { // get a list of all the accounts that still have a role after removing one so we can diff() // it to find the accounts that no longer have a role $accountRolesDba = $accountRoles->getAdapter(); $where = $accountRolesDba->quoteInto('accountId IN(?)', $aList); $affectedAccountsStillWithRoles = $accountRoles->fetchAll($where); $affectedAccountsStillWithRolesIds = array(); foreach ($affectedAccountsStillWithRoles as $a) { $affectedAccountsStillWithRolesIds[] = $a->accountId; } // here's the list of accounts that don't have a role, so we have to add $defaultRole to them. $affectedAccountsWithNoRoles = array_diff($aList, $affectedAccountsStillWithRolesIds); try { foreach ($affectedAccountsWithNoRoles as $a) { $accountRoles->insert(array('accountId' => $a, 'roleId' => $defaultRole)); } } catch (Exception $e) { $dba->rollback(); throw $e; } } } $dba->commit(); $logOptions = array('attributeName' => 'accessRole', 'attributeId' => $roleId); $this->_helper->log(Zend_Log::INFO, 'Role ' . $thisRole['name'] . ' was deleted', $logOptions); $this->_helper->messenger->addWarning('Role was deleted successfully'); $this->_helper->redirector->gotoRoute(array('controller' => 'acl'), 'ot', true); } else { throw new Ot_Exception_Access('You can not access this method directly'); } }