/**
* Allows for easy swapping out of nonce generator.
* @return string One unique nonce
*/
private function makeNonce()
{
do {
$nonce = StringUtils::randomString();
} while ($this->nonceExists($nonce));
return $nonce;
}
protected function createDriver($parameters)
{
$driver = parent::createDriver($parameters);
$driverName = strtolower($parameters['driver']);
if (StringUtils::startsWith($driverName, 'pdo_')) {
$driverName = substr($driverName, 4);
}
$this->driverName = $driverName;
return $driver;
}
/**
* Change the password of a user given their e-mail address
*
* The function will change the password of a user given their e-mail
* address. If there are multiple users with the same e-mail address, and
* this should never be the case, all of their passwords would be changed.
*
* The function will generate a new salt for every password change.
*
* @param string $email The e-mail of the user whose password is being
* changed.
* @param string $password The new password.
*
* @return void
*
* @throws PasswordChangeException Thrown when password change has failed.
*
*/
public function changePassword($email, $password)
{
$salt = StringUtils::random();
$hash = Provider::hashPassword($password, $salt);
$user = $this->usersTableGateway->select(['email' => $email])->current();
if (!$user) {
throw new \InvalidArgumentException(__t('User not found'));
}
try {
$update = ['password' => $hash, 'salt' => $salt, 'access_token' => sha1($user->id . StringUtils::random())];
$changed = $this->usersTableGateway->update($update, ['email' => $email]);
if ($changed == 0) {
throw new PasswordChangeException(__t('Could not change password for ') . $email . ': ' . __t('e-mail not found.'));
}
} catch (\PDOException $ex) {
throw new PasswordChangeException(__t('Failed to change password') . ': ' . str($ex));
}
}
/**
* Add Directus default user
*
* @param array $data
* @return array
*/
public static function addDefaultUser($data)
{
$db = Bootstrap::get('ZendDb');
$tableGateway = new TableGateway('directus_users', $db);
$hash = password_hash($data['directus_password'], PASSWORD_DEFAULT, ['cost' => 12]);
$data['user_salt'] = StringUtils::randomString();
$data['user_token'] = StringUtils::randomString(32);
$data['avatar'] = get_gravatar($data['directus_email']);
$tableGateway->insert(['active' => 1, 'first_name' => 'Admin', 'last_name' => 'User', 'email' => $data['directus_email'], 'password' => $hash, 'salt' => $data['user_salt'], 'avatar' => $data['avatar'], 'group' => 1, 'token' => $data['user_token'], 'language' => ArrayUtils::get($data, 'default_language', 'en')]);
return $data;
}
public function testReplacePlaceholder()
{
$string = 'I went to {{place}}';
$data = ['place' => 'Portland'];
$expected = 'I went to Portland';
$this->assertEquals($expected, StringUtils::replacePlaceholder($string, $data));
$this->assertEquals($expected, StringUtils::replacePlaceholder($string, $data, StringUtils::PLACEHOLDER_DOUBLE_MUSTACHE));
$string = 'I went to %{place}';
$this->assertEquals($expected, StringUtils::replacePlaceholder($string, $data, StringUtils::PLACEHOLDER_PERCENTAGE_MUSTACHE));
$string = 'Took a flight from {{from_airport}} to {{to_airport}}';
$data = ['from_airport' => 'SFO', 'to_airport' => 'PDX'];
$expected = 'Took a flight from SFO to PDX';
$this->assertEquals($expected, StringUtils::replacePlaceholder($string, $data));
$this->assertEquals($expected, StringUtils::replacePlaceholder($string, $data, StringUtils::PLACEHOLDER_DOUBLE_MUSTACHE));
$string = 'Took a flight from %{from_airport} to %{to_airport}';
$this->assertEquals($expected, StringUtils::replacePlaceholder($string, $data, StringUtils::PLACEHOLDER_PERCENTAGE_MUSTACHE));
}
})->name('auth_permissions');
$app->post("/{$v}/hash/?", function () use($app) {
if (!(isset($_POST['password']) && !empty($_POST['password']))) {
return JsonView::render(['success' => false, 'message' => __t('hash_must_provide_string')]);
}
$salt = isset($_POST['salt']) && !empty($_POST['salt']) ? $_POST['salt'] : '';
$hashedPassword = Auth::hashPassword($_POST['password'], $salt);
return JsonView::render(['success' => true, 'password' => $hashedPassword]);
});
$app->post("/{$v}/random/?", function () use($app) {
// default random string length
$length = 32;
if (array_key_exists('length', $_POST)) {
$length = (int) $_POST['length'];
}
$randomString = StringUtils::randomString($length);
return JsonView::render(['random' => $randomString]);
});
$app->get("/{$v}/privileges/:groupId(/:tableName)/?", function ($groupId, $tableName = null) use($acl, $ZendDb, $params, $requestPayload, $app) {
$currentUser = Auth::getUserRecord();
$myGroupId = $currentUser['group'];
if ($myGroupId != 1) {
throw new Exception(__t('permission_denied'));
}
$privileges = new DirectusPrivilegesTableGateway($acl, $ZendDb);
$response = $privileges->fetchPerTable($groupId, $tableName);
if (!$response) {
$app->response()->setStatus(404);
$response = ['message' => __t('unable_to_find_privileges_for_x_in_group_x', ['table' => $tableName, 'group_id' => $groupId]), 'success' => false];
}
return JsonView::render($response);
/**
* After a successful login attempt, registers the user in the session.
* @param int $uid The User account's ID.
* @return null
* @throws \Directus\Auth\UserAlreadyLoggedInException
*/
private static function completeLogin($uid)
{
self::prependSessionKey();
if (self::loggedIn()) {
throw new UserAlreadyLoggedInException(__t('attempting_to_authenticate_a_user_when_a_user_is_already_authenticated'));
}
$user = ['id' => $uid, 'access_token' => sha1($uid . StringUtils::randomString())];
$_SESSION[self::$SESSION_KEY] = $user;
self::$authenticated = true;
}
/**
* @inheritDoc
*/
public function getCode($data)
{
return StringUtils::replacePlaceholder($this->getFormatTemplate(), $data);
}
function __t($key, $data = [])
{
static $phrases;
if (!$phrases) {
$phrases = get_phrases(get_user_locale());
}
$phrase = isset($phrases[$key]) ? $phrases[$key] : $key;
$phrase = \Directus\Util\StringUtils::replacePlaceholder($phrase, $data, \Directus\Util\StringUtils::PLACEHOLDER_PERCENTAGE_MUSTACHE);
return $phrase;
}
private function updatePassword()
{
$data = [];
$options = $this->options;
foreach ($options as $key => $value) {
switch ($key) {
case 'uid':
case 'u':
$data['id'] = $value;
unset($options[$key]);
break;
case 'upass':
case 'p':
$data['password'] = $value;
unset($options[$key]);
break;
}
}
if (!isset($data['password']) || !isset($data['id'])) {
echo PHP_EOL . __t('Missing User ID or Password') . PHP_EOL;
exit;
}
$zendDb = Bootstrap::get('zendDb');
$userTableGateway = new TableGateway('directus_users', $zendDb);
$result = $userTableGateway->update(['password' => \Directus\Auth\Provider::hashPassword($data['password']), 'access_token' => sha1($data['id'] . \Directus\Util\StringUtils::random())], ['id' => $data['id']]);
$message = 'Error trying to update the password.';
if ($result) {
$message = 'Password updated successfully';
}
echo PHP_EOL . __t($message) . PHP_EOL;
}
