public function newUserSession() { /* @var $identity LSUserIdentity */ $sUser = $this->getUserName(); $oUser = $this->api->getUserByName($sUser); if (is_null($oUser)) { if (function_exists("hook_get_auth_webserver_profile")) { // If defined this function returns an array // describing the default profile for this user $aUserProfile = hook_get_auth_webserver_profile($sUser); } elseif ($this->api->getConfigKey('auth_webserver_autocreate_user')) { $aUserProfile = $this->api->getConfigKey('auth_webserver_autocreate_profile'); } } else { $this->setAuthSuccess($oUser); return; } if ($this->api->getConfigKey('auth_webserver_autocreate_user') && isset($aUserProfile) && is_null($oUser)) { // user doesn't exist but auto-create user is set $oUser = new User(); $oUser->users_name = $sUser; $oUser->password = hash('sha256', createPassword()); $oUser->full_name = $aUserProfile['full_name']; $oUser->parent_id = 1; $oUser->lang = $aUserProfile['lang']; $oUser->email = $aUserProfile['email']; if ($oUser->save()) { $permission = new Permission(); $permission->setPermissions($oUser->uid, 0, 'global', $this->api->getConfigKey('auth_webserver_autocreate_permissions'), true); // read again user from newly created entry $this->setAuthSuccess($oUser); return; } else { $this->setAuthFailure(self::ERROR_USERNAME_INVALID); } } }
public function newUserSession() { // Do nothing if this user is not Authwebserver type $identity = $this->getEvent()->get('identity'); if ($identity->plugin != 'Authwebserver') { return; } /* @var $identity LSUserIdentity */ $sUser = $this->getUserName(); $oUser = $this->api->getUserByName($sUser); if (is_null($oUser)) { if (function_exists("hook_get_auth_webserver_profile")) { // If defined this function returns an array // describing the default profile for this user $aUserProfile = hook_get_auth_webserver_profile($sUser); } elseif ($this->api->getConfigKey('auth_webserver_autocreate_user')) { $aUserProfile = $this->api->getConfigKey('auth_webserver_autocreate_profile'); } } else { if (Permission::model()->hasGlobalPermission('auth_webserver', 'read', $oUser->uid)) { $this->setAuthSuccess($oUser); return; } else { $this->setAuthFailure(self::ERROR_AUTH_METHOD_INVALID, gT('Web server authentication method is not allowed for this user')); return; } } if ($this->api->getConfigKey('auth_webserver_autocreate_user') && isset($aUserProfile) && is_null($oUser)) { // user doesn't exist but auto-create user is set $oUser = new User(); $oUser->users_name = $sUser; $oUser->password = hash('sha256', createPassword()); $oUser->full_name = $aUserProfile['full_name']; $oUser->parent_id = 1; $oUser->lang = $aUserProfile['lang']; $oUser->email = $aUserProfile['email']; if ($oUser->save()) { $permission = new Permission(); $permission->setPermissions($oUser->uid, 0, 'global', $this->api->getConfigKey('auth_webserver_autocreate_permissions'), true); Permission::model()->setGlobalPermission($oUser->uid, 'auth_webserver'); // read again user from newly created entry $this->setAuthSuccess($oUser); return; } else { $this->setAuthFailure(self::ERROR_USERNAME_INVALID); } } }
/** * Checks whether this user has correctly entered password or not * * @access public * @return bool */ public function authenticate($sOneTimePassword = '') { if (Yii::app()->getConfig("auth_webserver") == false || $this->username != "") { $user = User::model()->findByAttributes(array('users_name' => $this->username)); if ($user !== null) { if (gettype($user->password) == 'resource') { $sStoredPassword = stream_get_contents($user->password, -1, 0); // Postgres delivers bytea fields as streams :-o } else { $sStoredPassword = $user->password; } } else { $this->errorCode = self::ERROR_USERNAME_INVALID; return !$this->errorCode; } if ($sOneTimePassword != '' && Yii::app()->getConfig("use_one_time_passwords") && md5($sOneTimePassword) == $user->one_time_pw) { $user->one_time_pw = ''; $user->save(); $this->id = $user->uid; $this->user = $user; $this->errorCode = self::ERROR_NONE; } elseif ($sStoredPassword !== hash('sha256', $this->password)) { $this->errorCode = self::ERROR_PASSWORD_INVALID; } else { $this->id = $user->uid; $this->user = $user; $this->errorCode = self::ERROR_NONE; } } elseif (Yii::app()->getConfig("auth_webserver") === true && (isset($_SERVER['PHP_AUTH_USER']) || isset($_SERVER['LOGON_USER']) || isset($_SERVER['REMOTE_USER']))) { if (isset($_SERVER['PHP_AUTH_USER'])) { $sUser = $_SERVER['PHP_AUTH_USER']; } elseif (isset($_SERVER['REMOTE_USER'])) { $sUser = $_SERVER['REMOTE_USER']; } else { $sUser = $_SERVER['LOGON_USER']; } if (strpos($sUser, "\\") !== false) { $sUser = substr($sUser, strrpos($sUser, "\\") + 1); } $aUserMappings = Yii::app()->getConfig("auth_webserver_user_map"); if (isset($aUserMappings[$sUser])) { $sUser = $aUserMappings[$sUser]; } $this->username = $sUser; $oUser = User::model()->findByAttributes(array('users_name' => $sUser)); if (is_null($oUser)) { if (function_exists("hook_get_auth_webserver_profile")) { // If defined this function returns an array // describing the defaukt profile for this user $aUserProfile = hook_get_auth_webserver_profile($sUser); } elseif (Yii::app()->getConfig("auth_webserver_autocreate_user")) { $aUserProfile = Yii::app()->getConfig("auth_webserver_autocreate_profile"); } } else { $this->id = $oUser->uid; $this->user = $oUser; $this->errorCode = self::ERROR_NONE; } if (Yii::app()->getConfig("auth_webserver_autocreate_user") && isset($aUserProfile) && is_null($oUser)) { // user doesn't exist but auto-create user is set $oUser = new User(); $oUser->users_name = $sUser; $oUser->password = hash('sha256', createPassword()); $oUser->full_name = $aUserProfile['full_name']; $oUser->parent_id = 1; $oUser->lang = $aUserProfile['lang']; $oUser->email = $aUserProfile['email']; $oUser->create_survey = $aUserProfile['create_survey']; $oUser->create_user = $aUserProfile['create_user']; $oUser->delete_user = $aUserProfile['delete_user']; $oUser->superadmin = $aUserProfile['superadmin']; $oUser->configurator = $aUserProfile['configurator']; $oUser->manage_template = $aUserProfile['manage_template']; $oUser->manage_label = $aUserProfile['manage_label']; if ($oUser->save()) { $aTemplates = explode(",", $aUserProfile['templatelist']); foreach ($aTemplates as $sTemplateName) { $oRecord = new Templates_rights(); $oRecord->uid = $oUser->uid; $oRecord->folder = trim($sTemplateName); $oRecord->use = 1; $oRecord->save(); } // read again user from newly created entry $this->id = $oUser->uid; $this->user = $oUser; $this->errorCode = self::ERROR_NONE; } else { $this->errorCode = self::ERROR_USERNAME_INVALID; } } } else { $this->errorCode = self::ERROR_USERNAME_INVALID; } return !$this->errorCode; }