protected final function _prepare() { if ($this->hasProvidedArgument('server')) { $this->_current_remote_server = $this->getProvidedArgument('server'); } elseif (file_exists(THEBUGGENIE_PATH . '.remote_server')) { $this->_current_remote_server = file_get_contents(THEBUGGENIE_PATH . '.remote_server'); } else { throw new Exception("Please specify an installation of The Bug Genie to connect to by running the set_remote command first."); } if ($this->hasProvidedArgument('username')) { $this->_current_remote_user = $this->getProvidedArgument('username'); } elseif (file_exists(THEBUGGENIE_PATH . '.remote_username')) { $this->_current_remote_user = file_get_contents(THEBUGGENIE_PATH . '.remote_username'); } else { $this->_current_remote_user = TBGContext::getCurrentCLIusername(); } if (file_exists(THEBUGGENIE_PATH . '.remote_password_hash')) { $this->_current_remote_password_hash = file_get_contents(THEBUGGENIE_PATH . '.remote_password_hash'); } else { $this->cliEcho('Please enter the password for user '); $this->cliEcho($this->_getCurrentRemoteUser(), 'white', 'bold'); $this->cliEcho(' (the password will not be stored): '); $this->_current_remote_password_hash = TBGUser::hashPassword($this->_getCliInput()); } }
public function do_execute() { $this->cliEcho('Saving remote server: '); $this->cliEcho($this->getProvidedArgument('server_url'), 'white', 'bold'); $this->cliEcho("\n"); file_put_contents(THEBUGGENIE_PATH . '.remote_server', $this->getProvidedArgument('server_url')); if ($this->hasProvidedArgument('username')) { $this->cliEcho('Saving remote username: '******'username'), 'white', 'bold'); $this->cliEcho("\n"); file_put_contents(THEBUGGENIE_PATH . '.remote_username', $this->getProvidedArgument('username')); $this->cliEcho("\n"); $this->cliEcho('To avoid being asked for a password, please enter the password for the remote user '); $this->cliEcho($this->getProvidedArgument('username'), 'white', 'bold'); $this->cliEcho(" (a hash of the password will be stored).\nIf you don't want to store this, simply press enter:\n"); $this->cliEcho("Enter the password for the {$this->getProvidedArgument('username')} user: "******"Please enter the remote security key: ", 'white', 'bold'); $salt = $this->_getCliInput(); if ($password != '' && $salt != '') { file_put_contents(THEBUGGENIE_PATH . '.remote_password_hash', TBGUser::hashPassword($password, $salt)); $this->cliEcho("Authentication details saved.\n", 'white', 'bold'); } else { $this->cliEcho("\n"); $this->cliEcho("Please provide both password and security key.\n"); $this->cliEcho("If you haven't received the security key, please contact the remote server administrator.\n\n"); $this->cliEcho("Password hash not saved.\n", 'white', 'bold'); } } }
public function addIdentity($identity, $email, $user_id) { $user = TBGUsersTable::getTable()->selectById($user_id); $crit = $this->getCriteria(); $crit->addInsert(self::IDENTITY, $identity); $crit->addInsert(self::IDENTITY_HASH, TBGUser::hashPassword($identity, $user->getSalt())); $crit->addInsert(self::UID, $user_id); $type = 'openid'; foreach (self::getProviders() as $provider => $string) { if (stripos($identity, $string) !== false) { $type = $provider; break; } } $crit->addInsert(self::TYPE, $type); $this->doInsert($crit); }
public function runAuthenticate(TBGRequest $request) { $username = trim($request['username']); $password = trim($request['password']); if ($username) { $user = TBGUsersTable::getTable()->getByUsername($username); if ($password && $user instanceof TBGUser) { foreach ($user->getApplicationPasswords() as $app_password) { if (!$app_password->isUsed()) { if ($app_password->getHashPassword() == TBGUser::hashPassword($password, $user->getSalt())) { $app_password->useOnce(); $app_password->save(); return $this->renderJSON(array('token' => $app_password->getHashPassword())); } } } } } $this->getResponse()->setHttpStatus(400); return $this->renderJSON(array('error' => 'Incorrect username or application password')); }
public function runAddUser(TBGRequest $request) { try { if (!TBGContext::getScope()->hasUsersAvailable()) { throw new Exception(TBGContext::getI18n()->__('This instance of The Bug Genie cannot add more users')); } if ($username = $request->getParameter('username')) { $user = new TBGUser(); $user->setUsername($username); $user->setRealname($username); $user->setBuddyname($username); $user->setEnabled(); $user->setActivated(); $user->setPassword(TBGUser::hashPassword(TBGUser::createPassword())); $user->setJoined(); $user->save(); } else { throw new Exception(TBGContext::getI18n()->__('Please enter a username')); } $this->getResponse()->setTemplate('configuration/findusers'); $this->too_short = false; $this->created_user = true; $this->users = array($user); $this->total_results = 1; $this->title = TBGContext::getI18n()->__('User %username% created', array('%username%' => $username)); $this->total_count = TBGUser::getUsersCount(); $this->more_available = TBGContext::getScope()->hasUsersAvailable(); } catch (Exception $e) { $this->getResponse()->setHttpStatus(400); return $this->renderJSON(array('failed' => true, 'error' => $e->getMessage())); } }
/** * Set password * * @param string $newpassword * * @see TBGUser::changePassword */ public function setPassword($newpassword) { $this->_password = TBGUser::hashPassword($newpassword, $this->getUser()->getSalt()); }
public function doLogin($username, $password, $mode = 1) { $validgroups = $this->getSetting('groups'); $base_dn = $this->getSetting('b_dn'); $dn_attr = $this->escape($this->getSetting('dn_attr')); $username_attr = $this->escape($this->getSetting('u_attr')); $fullname_attr = $this->escape($this->getSetting('f_attr')); $buddyname_attr = $this->escape($this->getSetting('b_attr')); $email_attr = $this->escape($this->getSetting('e_attr')); $groups_members_attr = $this->escape($this->getSetting('g_attr')); $user_class = TBGContext::getModule('auth_ldap')->getSetting('u_type'); $group_class = TBGContext::getModule('auth_ldap')->getSetting('g_type'); $email = null; $integrated_auth = $this->getSetting('integrated_auth'); /* * Do the LDAP check here. * * If a connection error or something, throw an exception and log * * If we can, set $mail and $realname to correct values from LDAP * otherwise don't touch those variables. * * To log do: * TBGLogging::log('error goes here', 'ldap', TBGLogging::LEVEL_FATAL); */ try { /* * First job is to connect to our control user (may be an anonymous bind) * so we can find the user we want to log in as/validate. */ $connection = $this->connect(); $control_user = $this->getSetting('control_user'); $control_password = $this->getSetting('control_pass'); $this->bind($connection, $control_user, $control_password); // Assume bind successful, otherwise we would have had an exception /* * Search for a user with the username specified. We search in the base_dn, so we can * find users in multiple parts of the directory, and only return users of a specific * class (default person). * * We want exactly 1 user to be returned. We get the user's full name, email, cn * and dn. */ $fields = array($fullname_attr, $buddyname_attr, $email_attr, 'cn', $dn_attr); $filter = '(&(objectClass=' . TBGLDAPAuthentication::getModule()->escape($user_class) . ')(' . $username_attr . '=' . $this->escape($username) . '))'; $results = ldap_search($connection, $base_dn, $filter, $fields); if (!$results) { TBGLogging::log('failed to search for user: '******'ldap', TBGLogging::LEVEL_FATAL); throw new Exception(TBGContext::geti18n()->__('Search failed: ') . ldap_error($connection)); } $data = ldap_get_entries($connection, $results); // User does not exist if ($data['count'] == 0) { TBGLogging::log('could not find user ' . $username . ', class ' . $user_class . ', attribute ' . $username_attr, 'ldap', TBGLogging::LEVEL_FATAL); throw new Exception(TBGContext::geti18n()->__('User does not exist in the directory')); } // If we have more than 1 user, something is seriously messed up... if ($data['count'] > 1) { TBGLogging::log('too many users for ' . $username . ', class ' . $user_class . ', attribute ' . $username_attr, 'ldap', TBGLogging::LEVEL_FATAL); throw new Exception(TBGContext::geti18n()->__('This user was found multiple times in the directory, please contact your admimistrator')); } /* * If groups are specified, perform group restriction tests */ if ($validgroups != '') { /* * We will repeat this for every group, but groups are supplied as a comma-separated list */ if (strstr($validgroups, ',')) { $groups = explode(',', $validgroups); } else { $groups = array(); $groups[] = $validgroups; } // Assumed we are initially banned $allowed = false; foreach ($groups as $group) { // No need to carry on looking if we have access if ($allowed == true) { continue; } /* * Find the group we are looking for, we search the entire directory as per users (See that stuff) * We want to find 1 group, if we don't get 1, silently ignore this group. */ $fields2 = array($groups_members_attr); $filter2 = '(&(objectClass=' . TBGLDAPAuthentication::getModule()->escape($group_class) . ')(cn=' . $this->escape($group) . '))'; $results2 = ldap_search($connection, $base_dn, $filter2, $fields2); if (!$results2) { TBGLogging::log('failed to search for user after binding: ' . ldap_error($connection), 'ldap', TBGLogging::LEVEL_FATAL); throw new Exception(TBGContext::geti18n()->__('Search failed ') . ldap_error($connection)); } $data2 = ldap_get_entries($connection, $results2); if ($data2['count'] != 1) { continue; } /* * Look through the group's member list. If we are found, grant access. */ foreach ($data2[0][strtolower($groups_members_attr)] as $member) { $member = preg_replace('/(?<=,) +(?=[a-zA-Z])/', '', $member); $user_dn = preg_replace('/(?<=,) +(?=[a-zA-Z])/', '', $data[0][strtolower($dn_attr)][0]); if (!is_numeric($member) && strtolower($member) == strtolower($user_dn)) { $allowed = true; } } } if ($allowed == false) { throw new Exception(TBGContext::getI18n()->__('You are not a member of a group allowed to log in')); } } /* * Set user's properties. * Realname is obtained from directory, if not found we set it to the username * Email is obtained from directory, if not found we set it to blank */ if (!array_key_exists(strtolower($fullname_attr), $data[0])) { $realname = $username; } else { $realname = $data[0][strtolower($fullname_attr)][0]; } if (!array_key_exists(strtolower($buddyname_attr), $data[0])) { $buddyname = $username; } else { $buddyname = $data[0][strtolower($buddyname_attr)][0]; } if (!array_key_exists(strtolower($email_attr), $data[0])) { $email = ''; } else { $email = $data[0][strtolower($email_attr)][0]; } /* * If we are performing a non integrated authentication login, * now bind to the user and see if the credentials * are valid. We bind using the full DN of the user, so no need for DOMAIN\ stuff * on Windows, and more importantly it fixes other servers. * * If the bind fails (exception), we throw a nicer exception and don't continue. */ if ($mode == 1 && !$integrated_auth) { try { if (!is_array($data[0][strtolower($dn_attr)])) { $dn = $data[0][strtolower($dn_attr)]; } else { $dn = $data[0][strtolower($dn_attr)][0]; } $bind = $this->bind($connection, $this->escape($dn), $password); } catch (Exception $e) { throw new Exception(TBGContext::geti18n()->__('Your password was not accepted by the server')); } } elseif ($mode == 1) { if (!isset($_SERVER[$this->getSetting('integrated_auth_header')]) || $_SERVER[$this->getSetting('integrated_auth_header')] != $username) { throw new Exception(TBGContext::geti18n()->__('HTTP authentication internal error.')); } } } catch (Exception $e) { ldap_unbind($connection); throw $e; } try { /* * Get the user object. If the user exists, update the user's * data from the directory. */ $user = TBGUser::getByUsername($username); if ($user instanceof TBGUser) { $user->setBuddyname($buddyname); $user->setRealname($realname); $user->setPassword($user->getJoinedDate() . $username); // update password $user->setEmail($email); // update email address $user->save(); } else { /* * If not, and we are performing an initial login, create the user object * if we are validating a log in, kick the user out as the session is invalid. */ if ($mode == 1) { // create user $user = new TBGUser(); $user->setUsername($username); $user->setRealname('temporary'); $user->setBuddyname($username); $user->setEmail('temporary'); $user->setEnabled(); $user->setActivated(); $user->setJoined(); $user->setPassword($user->getJoinedDate() . $username); $user->save(); } else { throw new Exception('User does not exist in TBG'); } } } catch (Exception $e) { ldap_unbind($connection); throw $e; } ldap_unbind($connection); /* * Set cookies and return user row for general operations. */ TBGContext::getResponse()->setCookie('tbg3_username', $username); TBGContext::getResponse()->setCookie('tbg3_password', TBGUser::hashPassword($user->getJoinedDate() . $username, $user->getSalt())); return TBGUsersTable::getTable()->getByUsername($username); }
/** * Login (AJAX call) * * @param TBGRequest $request */ public function runLogin(TBGRequest $request) { $i18n = TBGContext::getI18n(); $this->login_referer = array_key_exists('HTTP_REFERER', $_SERVER) && isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''; $options = $request->getParameters(); $forward_url = TBGContext::getRouting()->generate('home'); try { if ($request->getMethod() == TBGRequest::POST) { if ($request->hasParameter('tbg3_username') && $request->hasParameter('tbg3_password')) { $username = $request->getParameter('tbg3_username'); $password = $request->getParameter('tbg3_password'); $user = TBGUser::loginCheck($username, $password, true); $this->getResponse()->setCookie('tbg3_username', $username); $this->getResponse()->setCookie('tbg3_password', TBGUser::hashPassword($password)); TBGContext::setUser($user); if ($request->hasParameter('return_to')) { $forward_url = $request->getParameter('return_to'); } else { if (TBGSettings::get('returnfromlogin') == 'referer') { if ($request->getParameter('tbg3_referer')) { $forward_url = $request->getParameter('tbg3_referer'); } else { $forward_url = TBGContext::getRouting()->generate('dashboard'); } } else { $forward_url = TBGContext::getRouting()->generate(TBGSettings::get('returnfromlogin')); } } } else { throw new Exception($i18n->__('Please enter a username and password')); } } elseif (TBGSettings::isLoginRequired()) { throw new Exception($i18n->__('You need to log in to access this site')); } elseif (!TBGContext::getUser()->isAuthenticated()) { throw new Exception($i18n->__('Please log in')); } elseif (TBGContext::hasMessage('forward')) { throw new Exception($i18n->__(TBGContext::getMessageAndClear('forward'))); } } catch (Exception $e) { if (TBGContext::getRequest()->isAjaxCall() || TBGContext::getRequest()->getRequestedFormat() == 'json') { return $this->renderJSON(array('failed' => true, "error" => $i18n->__($e->getMessage()), 'referer' => $request->getParameter('tbg3_referer'))); } else { $options['error'] = $e->getMessage(); } } if (TBGContext::getRequest()->isAjaxCall() || TBGContext::getRequest()->getRequestedFormat() == 'json') { return $this->renderJSON(array('forward' => $forward_url)); } elseif ($forward_url !== null && $request->getParameter('continue') != true) { $this->forward($forward_url); } $this->options = $options; }