/**
* Shows the list of logged in users
*/
public function indexAction()
{
$activeUser = new Ot_Model_DbTable_Activeuser();
$otAccount = new Ot_Model_DbTable_Account();
$otRole = new Ot_Model_DbTable_Role();
$allActiveUsers = $activeUser->fetchAll(null, 'dt DESC')->toArray();
foreach ($allActiveUsers as &$a) {
$a['accountInfo'] = $otAccount->getByAccountId($a['accountId']);
}
$this->_helper->pageTitle('ot-activeusers-index:title');
$this->view->assign(array('activeUsers' => $allActiveUsers));
}
/**
* Updates the currently logged in user's account information (the user
* associated with the API key)
*
* Params
* ===========================
* Required:
* - firstName: The first name of the user
* - lastName: The last name of the user
* - emailAddress: The email address of the user
* - timezone: The timezone of the user (America/New_York, etc.)
*
*/
public function put($params)
{
if (!Zend_Auth::getInstance()->hasIdentity()) {
throw new Ot_Exception_Access('msg-error-apiAccessDenied');
}
$this->checkForEmptyParams(array('firstName', 'lastName', 'emailAddress', 'timezone'), $params);
if (!in_array($params['timezone'], Ot_Model_Timezone::getTimezoneList())) {
throw new Ot_Exception_Data('msg-error-invalidTimezone');
}
$otAccount = new Ot_Model_DbTable_Account();
$accountId = Zend_Auth::getInstance()->getIdentity()->accountId;
$data = array('accountId' => $accountId, 'firstName' => $params['firstName'], 'lastName' => $params['lastName'], 'emailAddress' => $params['emailAddress'], 'timezone' => $params['timezone']);
$otAccount->update($data, null);
return true;
}
/**
* Authenticates the user passed by the constructor.
*
* @return new Zend_Auth_Result object
*/
public function authenticate()
{
$account = new Ot_Model_DbTable_Account();
$result = $account->getByUsername($this->_username, 'local');
if (is_null($result)) {
return new Zend_Auth_Result(false, null, array('User "' . $this->_username . '" account was not found.'));
}
if (md5($this->_password) != $result->password) {
return new Zend_Auth_Result(false, null, array('The password you entered was invalid.'));
}
$class = new stdClass();
$class->username = $this->_username;
$class->realm = 'local';
return new Zend_Auth_Result(true, $class, array());
}
/**
* Displays a list of all the api apps registered with application
* regardless of the user who registered the app
*/
public function allAppsAction()
{
$apiApp = new Ot_Model_DbTable_ApiApp();
$account = new Ot_Model_DbTable_Account();
$allApps = $apiApp->fetchAll(null, 'name ASC')->toArray();
foreach ($allApps as &$a) {
$user = $account->find($a['accountId']);
if (!is_null($user)) {
$a['user'] = $user;
}
}
unset($a);
$this->view->allApps = $allApps;
$this->_helper->pageTitle('ot-apiapp-allApps:title', $this->_helper->configVar('appTitle'));
}
/**
* allows a user to signup for an account
*
*/
public function signupAction()
{
$realm = $this->_getParam('realm', null);
if (is_null($realm)) {
throw new Ot_Exception_Input('msg-error-realmNotFound');
}
// Set up the auth adapter
$authAdapter = new Ot_Model_DbTable_AuthAdapter();
$adapter = $authAdapter->find($realm);
if (is_null($adapter)) {
throw new Ot_Exception_Data($this->view->translate('ot-login-signup:realmNotFound', array('<b>' . $realm . '</b>')));
}
if ($adapter->enabled == 0) {
throw new Ot_Exception_Access('msg-error-authNotSupported');
}
$className = (string) $adapter->class;
$auth = new $className();
if (!$auth->manageLocally()) {
throw new Ot_Exception_Access('msg-error-authNotSupported');
}
if (!$auth->allowUserSignUp()) {
throw new Ot_Exception_Access('msg-error-authNotAllowed');
}
$form = new Ot_Form_Signup();
$form->removeElement('realm');
if ($this->_request->isPost()) {
if ($form->isValid($_POST)) {
if ($form->getValue('password') == $form->getValue('passwordConf')) {
$accountData = array('username' => $form->getValue('username'), 'password' => md5($form->getValue('password')), 'realm' => $realm, 'role' => $this->_helper->configVar('newAccountRole'), 'emailAddress' => $form->getValue('emailAddress'), 'firstName' => $form->getValue('firstName'), 'lastName' => $form->getValue('lastName'), 'timezone' => $form->getValue('timezone'));
$account = new Ot_Model_DbTable_Account();
if ($account->accountExists($accountData['username'], $accountData['realm'])) {
$this->_helper->messenger->addError('msg-error-usernameTaken');
} else {
$dba = Zend_Db_Table::getDefaultAdapter();
$dba->beginTransaction();
try {
$accountData['accountId'] = $account->insert($accountData);
$aar = new Ot_Account_Attribute_Register();
$vars = $aar->getVars($accountData['accountId']);
$values = $form->getValues();
foreach ($vars as $varName => $var) {
if (isset($values['accountAttributes'][$varName])) {
$var->setValue($values['accountAttributes'][$varName]);
$aar->save($var, $accountData['accountId']);
}
}
$cahr = new Ot_CustomAttribute_HostRegister();
$thisHost = $cahr->getHost('Ot_Profile');
if (is_null($thisHost)) {
throw new Ot_Exception_Data('msg-error-objectNotSetup');
}
$customAttributes = $thisHost->getAttributes($accountData['accountId']);
foreach ($customAttributes as $attributeName => $a) {
if (array_key_exists($attributeName, $values['customAttributes'])) {
$a['var']->setValue($values['customAttributes'][$attributeName]);
$thisHost->saveAttribute($a['var'], $accountData['accountId'], $a['attributeId']);
}
}
} catch (Exception $e) {
$dba->rollback();
throw $e;
}
$dba->commit();
$loggerOptions = array('attributeName' => 'accountId', 'attributeId' => $accountData['accountId']);
$this->_helper->log(Zend_Log::INFO, 'User ' . $accountData['username'] . ' created an account.', $loggerOptions);
$dt = new Ot_Trigger_Dispatcher();
$dt->setVariables($accountData);
$dt->password = $form->getValue('password');
$dt->loginMethod = $realm;
$dt->dispatch('Login_Index_Signup');
$authAdapterModel = new Ot_Model_DbTable_AuthAdapter();
$adapter = $authAdapterModel->find($realm);
$className = (string) $adapter->class;
// Set up the authentication adapter
$authAdapter = new $className($accountData['username'], $form->getValue('password'));
$auth = Zend_Auth::getInstance();
$authRealm = new Zend_Session_Namespace('authRealm');
$authRealm->setExpirationHops(1);
$authRealm->realm = $realm;
$authRealm->autoLogin = $authAdapter->autoLogin();
// Attempt authentication, saving the result
$result = $auth->authenticate($authAdapter);
$authRealm->unsetAll();
$req = new Zend_Session_Namespace(Zend_Registry::get('siteUrl') . '_request');
$this->_helper->messenger->addSuccess('msg-info-accountCreated');
if ($result->isValid()) {
$account = new Ot_Model_DbTable_Account();
$thisAccount = $account->getByUsername($accountData['username'], $realm);
$auth->getStorage()->write($thisAccount);
if (isset($req->uri) && $req->uri != '') {
$uri = $req->uri;
$req->unsetAll();
$this->_helper->redirector->gotoUrl($uri);
} else {
$this->_helper->redirector->gotoRoute(array(), 'default', true);
}
} else {
$this->_helper->redirector->gotoRoute(array('realm' => $realm), 'login', true);
}
}
} else {
$this->_helper->messenger->addError('msg-error-passwordsNotMatch');
}
} else {
$this->_helper->messenger->addError('msg-error-invalidFormInfo');
}
}
$this->_helper->pageTitle('ot-login-signup:title');
$this->view->headScript()->appendFile($this->view->baseUrl() . '/scripts/ot/jquery.plugin.passStrength.js');
$this->view->assign(array('realm' => $realm, 'form' => $form));
}
public function indexAction()
{
$returnType = 'json';
try {
$apiRegister = new Ot_Api_Register();
$vr = new Ot_Config_Register();
$params = $this->_getAllParams();
if (isset($params['type']) && in_array(strtolower($returnType), array('json', 'php'))) {
$returnType = strtolower($params['type']);
}
if (!isset($params['endpoint']) || empty($params['endpoint'])) {
return $this->_validOutput(array('message' => 'Welcome to the ' . $vr->getVar('appTitle')->getValue() . ' API. You will need an API key to get any further. Visit ' . Zend_Registry::get('siteUrl') . '/account to get one.'), $returnType);
}
$endpoint = $params['endpoint'];
$thisEndpoint = $apiRegister->getApiEndpoint($endpoint);
if (is_null($thisEndpoint)) {
return $this->_errorOutput('Invalid Endpoint', $returnType, 404);
}
if (!isset($params['key']) || empty($params['key'])) {
return $this->_errorOutput('You must provide an API key', $returnType, 403);
}
$apiApp = new Ot_Model_DbTable_ApiApp();
$thisApp = $apiApp->getAppByKey($params['key']);
if (is_null($thisApp)) {
return $this->_errorOutput('Invalid API key', $returnType, 403);
}
$otAccount = new Ot_Model_DbTable_Account();
$thisAccount = $otAccount->getByAccountId($thisApp->accountId);
if (is_null($thisAccount)) {
return $this->_errorOutput('No user found for this API key', $returnType, 403);
}
$acl = new Ot_Acl('remote');
if (count($thisAccount->role) > 1) {
$roles = array();
// Get role names from the list of role Ids
foreach ($thisAccount->role as $r) {
$roles[] = $acl->getRole($r);
}
// Create a new role that inherits from all the returned roles
$roleName = implode(',', $roles);
$thisAccount->role = $roleName;
$acl->addRole(new Zend_Acl_Role($roleName), $roles);
} elseif (count($thisAccount->role) == 1) {
$thisAccount->role = array_pop($thisAccount->role);
}
if (!$acl->hasRole($thisAccount->role)) {
$thisAccount->role = $vr->getVar('defaultRole')->getValue();
}
$role = $thisAccount->role;
if ($role == '' || !$acl->hasRole($role)) {
$role = $vr->getVar('defaultRole')->getValue();
}
// the api "module" here is really a kind of placeholder
$aclResource = 'api_' . strtolower($thisEndpoint->getName());
Zend_Auth::getInstance()->getStorage()->write($thisAccount);
} catch (Exception $e) {
return $this->_errorOutput($e->getMessage(), $returnType);
}
$data = array();
$apiObject = $thisEndpoint->getEndpointObj();
if ($this->_request->isPost()) {
if (!$acl->isAllowed($role, $aclResource, 'post')) {
return $this->_errorOutput('You do not have permission to access this endpoint with POST', $returnType, 403);
}
try {
$data = $apiObject->post($params);
} catch (Exception $e) {
return $this->_errorOutput($e->getMessage(), $returnType);
}
} else {
if ($this->_request->isPut()) {
if (!$acl->isAllowed($role, $aclResource, 'put')) {
return $this->_errorOutput('You do not have permission to access this endpoint with PUT', $returnType, 403);
}
try {
$data = $apiObject->put($params);
} catch (Exception $e) {
return $this->_errorOutput($e->getMessage(), $returnType);
}
} else {
if ($this->_request->isDelete()) {
if (!$acl->isAllowed($role, $aclResource, 'delete')) {
return $this->_errorOutput('You do not have permission to access this endpoint with DELETE', $returnType, 403);
}
try {
$data = $apiObject->delete($params);
} catch (Exception $e) {
return $this->_errorOutput($e->getMessage(), $returnType);
}
} else {
if (!$acl->isAllowed($role, $aclResource, 'get')) {
return $this->_errorOutput('You do not have permission to access this endpoint with GET', $returnType, 403);
}
try {
$data = $apiObject->get($params);
} catch (Exception $e) {
return $this->_errorOutput($e->getMessage(), $returnType);
}
}
}
}
return $this->_validOutput($data, $returnType);
}
/**
* allows a user to change their password
*
*/
public function changePasswordAction()
{
$identity = Zend_Auth::getInstance()->getIdentity();
$account = new Ot_Model_DbTable_Account();
$thisAccount = $account->getByUsername($identity->username, $identity->realm);
if (is_null($thisAccount)) {
throw new Ot_Exception_Data('msg-error-noAccount');
}
$otAuthAdapter = new Ot_Model_DbTable_AuthAdapter();
$thisAdapter = $otAuthAdapter->find($thisAccount->realm);
$auth = new $thisAdapter->class();
if (!$auth->manageLocally()) {
throw new Ot_Exception_Access('msg-error-authAdapterSupport');
}
$form = new Ot_Form_ChangePassword();
if ($this->_request->isPost()) {
if ($form->isValid($_POST)) {
if ($form->getValue('newPassword') != $form->getValue('newPasswordConf')) {
$this->_helper->messenger->addError('msg-error-passwordMismatch');
}
if (md5($form->getValue('oldPassword')) != $thisAccount->password) {
$this->_helper->messenger->addError('msg-error-passwordInvalidOriginal');
}
if ($this->_helper->messenger->count('error') == 0) {
$data = array('accountId' => $thisAccount->accountId, 'password' => md5($form->getValue('newPassword')));
$account->update($data, null);
$this->_helper->messenger->addSuccess('msg-info-passwordChanged');
$loggerOptions = array('attributeName' => 'accountId', 'attributeId' => $thisAccount->accountId);
$this->_helper->log(Zend_Log::INFO, 'User changed Password', $loggerOptions);
$this->_helper->redirector->gotoRoute(array(), 'account', true);
}
} else {
$this->_helper->messenger->addError('msg-error-invalidForm');
}
}
$this->view->headScript()->appendFile($this->view->baseUrl() . '/public/scripts/ot/jquery.plugin.passStrength.js');
$this->_helper->pageTitle('ot-account-changePassword:title');
$this->view->assign(array('form' => $form));
}
/**
* Deletes a role from the ACL
*
*/
public function deleteAction()
{
$roleId = $this->_getParam('roleId', null);
if (is_null($roleId)) {
throw new Ot_Exception_Input('msg-error-roleIdNotSet');
}
$role = new Ot_Model_DbTable_Role();
$thisRole = $role->find($roleId);
if (is_null($thisRole)) {
throw new Ot_Exception_Data('msg-error-noRole');
}
if ($thisRole->editable != 1) {
throw new Ot_Exception_Access('msg-error-unallowedRoleEdit');
}
$availableRoles = $this->_acl->getAvailableRoles();
if (!isset($availableRoles[$roleId])) {
throw new Ot_Exception_Data('msg-error-noRole');
}
$account = new Ot_Model_DbTable_Account();
$affectedAccounts = $account->getAccountsForRole($get->roleId);
$defaultRole = $this->_helper->configVar('defaultRole');
if (!isset($availableRoles[$defaultRole])) {
throw new Ot_Exception_Data('msg-error-noDefaultRole');
}
if ($defaultRole == $roleId) {
throw new Ot_Exception_Data('msg-error-deleteDefaultRole');
}
$inheritedRoles = array();
$inheritedRoles = $this->_acl->getChildrenOfRole($roleId);
if (count($inheritedRoles) > 0) {
throw new Ot_Exception_Data($this->view->translate('msg-error-dependedRoleCannotDelete', $roleList));
}
if ($this->_request->isPost()) {
$role = new Ot_Model_DbTable_Role();
$accountRoles = new Ot_Model_DbTable_AccountRoles();
$dba = $role->getAdapter();
$dba->beginTransaction();
try {
$role->deleteRole($roleId);
} catch (Exception $e) {
$dba->rollback();
throw $e;
}
// aList is an array of all the affected accountIds
$aList = array();
if (count($affectedAccounts) > 0) {
foreach ($affectedAccounts as $a) {
$aList[] = $a->accountId;
}
if (count($aList) > 0) {
// get a list of all the accounts that still have a role after removing one so we can diff()
// it to find the accounts that no longer have a role
$accountRolesDba = $accountRoles->getAdapter();
$where = $accountRolesDba->quoteInto('accountId IN(?)', $aList);
$affectedAccountsStillWithRoles = $accountRoles->fetchAll($where);
$affectedAccountsStillWithRolesIds = array();
foreach ($affectedAccountsStillWithRoles as $a) {
$affectedAccountsStillWithRolesIds[] = $a->accountId;
}
// here's the list of accounts that don't have a role, so we have to add $defaultRole to them.
$affectedAccountsWithNoRoles = array_diff($aList, $affectedAccountsStillWithRolesIds);
try {
foreach ($affectedAccountsWithNoRoles as $a) {
$accountRoles->insert(array('accountId' => $a, 'roleId' => $defaultRole));
}
} catch (Exception $e) {
$dba->rollback();
throw $e;
}
}
}
$dba->commit();
$logOptions = array('attributeName' => 'accessRole', 'attributeId' => $roleId);
$this->_helper->log(Zend_Log::INFO, 'Role ' . $thisRole['name'] . ' was deleted', $logOptions);
$this->_helper->messenger->addWarning('Role was deleted successfully');
$this->_helper->redirector->gotoRoute(array('controller' => 'acl'), 'ot', true);
} else {
throw new Ot_Exception_Access('You can not access this method directly');
}
}
