public function do_execute()
{
$this->cliEcho("\n");
$this->cliEcho("Revert authentication backend\n", 'white', 'bold');
$this->cliEcho("This command is useful if you've managed to lock yourself.\n");
$this->cliEcho("out due to an authentication backend change gone bad.\n\n");
if (TBGSettings::getAuthenticationBackend() == 'tbg' || TBGSettings::getAuthenticationBackend() == null) {
$this->cliEcho("You are currently using the default authentication backend.\n\n");
} else {
$this->cliEcho("Please type 'yes' if you want to revert to the default authentication backend: ");
$this->cliEcho("\n");
if ($this->getInput() == 'yes') {
TBGSettings::saveSetting(TBGSettings::SETTING_AUTH_BACKEND, 'tbg');
$this->cliEcho("Authentication backend reverted.\n\n");
} else {
$this->cliEcho("No changes made.\n\n");
}
}
}
', 'account_tabs');" href="javascript:void(0);"><?php
echo image_tag($module->getAccountSettingsLogo(), array('style' => 'float: left;'), false, $module_name) . $module->getAccountSettingsName();
?>
</a></li>
<?php
}
?>
<?php
}
?>
</ul>
</div>
<div id="account_tabs_panes">
<div id="tab_profile_pane">
<?php
if (TBGSettings::getAuthenticationBackend() != 'tbg' && TBGSettings::getAuthenticationBackend() != null) {
echo tbg_parse_text(TBGSettings::get('changedetails_message'), null, null, array('embedded' => true));
} else {
?>
<form accept-charset="<?php
echo TBGContext::getI18n()->getCharset();
?>
" action="<?php
echo make_url('account_save_information');
?>
" onsubmit="updateProfileInformation('<?php
echo make_url('account_save_information');
?>
'); return false;" method="post" id="profile_information_form">
<div class="rounded_box borderless lightgrey cut_bottom" style="margin: 5px 0 0 0; width: 690px; border-bottom: 0;">
<p class="content"><?php
public static function isUsingExternalAuthenticationBackend()
{
if (TBGSettings::getAuthenticationBackend() !== null && TBGSettings::getAuthenticationBackend() !== 'tbg') {
return true;
} else {
return false;
}
}
<td>
<select name="auth_backend" id="auth_backend">
<option value="tbg"<?php
if (TBGSettings::getAuthenticationBackend() == 'tbg' || TBGSettings::getAuthenticationBackend() == null) {
?>
selected="selected"<?php
}
?>
><?php
echo __('The Bug Genie authentication (use internal user mechanisms)');
?>
</option>
<?php
foreach ($modules as $module) {
$selected = null;
if (TBGSettings::getAuthenticationBackend() == $module->getTabKey()) {
$selected = ' selected="selected"';
}
echo '<option value="' . $module->getTabKey() . '"' . $selected . '>' . $module->getLongName() . '</option>';
}
?>
</select>
</td>
</tr>
<tr>
<td class="config_explanation" colspan="2"><?php
echo __('All modules which provide authentication are shown here. Please ensure your chosen backend is configured first, and please read the warnings included with your chosen backend to ensure that you do not lose administrator access.');
?>
</td>
</tr>
<tr>
/**
* Returns the logged in user, or default user if not logged in
*
* @param TBGRequest $request
* @param TBGAction $action
*
* @return TBGUser
*/
public static function loginCheck(TBGRequest $request, TBGAction $action)
{
try {
$authentication_method = $action->getAuthenticationMethodForAction(TBGContext::getRouting()->getCurrentRouteAction());
$user = null;
$external = false;
switch ($authentication_method) {
case TBGAction::AUTHENTICATION_METHOD_ELEVATED:
case TBGAction::AUTHENTICATION_METHOD_CORE:
$username = $request['tbg3_username'];
$password = $request['tbg3_password'];
if ($authentication_method == TBGAction::AUTHENTICATION_METHOD_ELEVATED) {
$elevated_password = $request['tbg3_elevated_password'];
}
$raw = true;
// If no username and password specified, check if we have a session that exists already
if ($username === null && $password === null) {
if (TBGContext::getRequest()->hasCookie('tbg3_username') && TBGContext::getRequest()->hasCookie('tbg3_password')) {
$username = TBGContext::getRequest()->getCookie('tbg3_username');
$password = TBGContext::getRequest()->getCookie('tbg3_password');
$user = TBGUsersTable::getTable()->getByUsername($username);
if ($authentication_method == TBGAction::AUTHENTICATION_METHOD_ELEVATED) {
$elevated_password = TBGContext::getRequest()->getCookie('tbg3_elevated_password');
if ($user instanceof TBGUser && !$user->hasPasswordHash($password)) {
$user = null;
} else {
if ($user instanceof TBGUser && !$user->hasPasswordHash($elevated_password)) {
TBGContext::setUser($user);
TBGContext::getRouting()->setCurrentRouteName('elevated_login_page');
throw new TBGElevatedLoginException('reenter');
}
}
} else {
if ($user instanceof TBGUser && !$user->hasPasswordHash($password)) {
$user = null;
}
}
$raw = false;
if (!$user instanceof TBGUser) {
TBGContext::logout();
throw new Exception('No such login');
}
}
}
// If we have authentication details, validate them
if (TBGSettings::isUsingExternalAuthenticationBackend() && $username !== null && $password !== null) {
$external = true;
TBGLogging::log('Authenticating with backend: ' . TBGSettings::getAuthenticationBackend(), 'auth', TBGLogging::LEVEL_INFO);
try {
$mod = TBGContext::getModule(TBGSettings::getAuthenticationBackend());
if ($mod->getType() !== TBGModule::MODULE_AUTH) {
TBGLogging::log('Auth module is not the right type', 'auth', TBGLogging::LEVEL_FATAL);
}
if (TBGContext::getRequest()->hasCookie('tbg3_username') && TBGContext::getRequest()->hasCookie('tbg3_password')) {
$user = $mod->verifyLogin($username, $password);
} else {
$user = $mod->doLogin($username, $password);
}
if (!$user instanceof TBGUser) {
// Invalid
TBGContext::logout();
throw new Exception('No such login');
//TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login'));
}
} catch (Exception $e) {
throw $e;
}
} elseif (TBGSettings::isUsingExternalAuthenticationBackend()) {
$external = true;
TBGLogging::log('Authenticating without credentials with backend: ' . TBGSettings::getAuthenticationBackend(), 'auth', TBGLogging::LEVEL_INFO);
try {
$mod = TBGContext::getModule(TBGSettings::getAuthenticationBackend());
if ($mod->getType() !== TBGModule::MODULE_AUTH) {
TBGLogging::log('Auth module is not the right type', 'auth', TBGLogging::LEVEL_FATAL);
}
$user = $mod->doAutoLogin();
if ($user == false) {
// Invalid
TBGContext::logout();
throw new Exception('No such login');
//TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login'));
}
} catch (Exception $e) {
throw $e;
}
} elseif ($username !== null && $password !== null && !$user instanceof TBGUser) {
$external = false;
TBGLogging::log('Using internal authentication', 'auth', TBGLogging::LEVEL_INFO);
$user = TBGUsersTable::getTable()->getByUsername($username);
if (!$user->hasPassword($password)) {
$user = null;
}
if (!$user instanceof TBGUser) {
TBGContext::logout();
}
}
break;
case TBGAction::AUTHENTICATION_METHOD_DUMMY:
$user = TBGUsersTable::getTable()->getByUserID(TBGSettings::getDefaultUserID());
break;
case TBGAction::AUTHENTICATION_METHOD_CLI:
$user = TBGUsersTable::getTable()->getByUsername(TBGContext::getCurrentCLIusername());
break;
case TBGAction::AUTHENTICATION_METHOD_RSS_KEY:
$user = TBGUsersTable::getTable()->getByRssKey($request['rsskey']);
break;
case TBGAction::AUTHENTICATION_METHOD_APPLICATION_PASSWORD:
$user = TBGUsersTable::getTable()->getByUsername($request['api_username']);
if (!$user->authenticateApplicationPassword($request['api_token'])) {
$user = null;
}
break;
default:
if (!TBGSettings::isLoginRequired()) {
$user = TBGUsersTable::getTable()->getByUserID(TBGSettings::getDefaultUserID());
}
}
if ($user instanceof TBGUser) {
if (!$user->isActivated()) {
throw new Exception('This account has not been activated yet');
} elseif (!$user->isEnabled()) {
throw new Exception('This account has been suspended');
} elseif (!$user->isConfirmedMemberOfScope(TBGContext::getScope())) {
if (!TBGSettings::isRegistrationAllowed()) {
throw new Exception('This account does not have access to this scope');
}
}
if ($external == false && $authentication_method == TBGAction::AUTHENTICATION_METHOD_CORE) {
$password = $user->getHashPassword();
if (!$request->hasCookie('tbg3_username')) {
if ($request->getParameter('tbg3_rememberme')) {
TBGContext::getResponse()->setCookie('tbg3_username', $user->getUsername());
TBGContext::getResponse()->setCookie('tbg3_password', $user->getPassword());
} else {
TBGContext::getResponse()->setSessionCookie('tbg3_username', $user->getUsername());
TBGContext::getResponse()->setSessionCookie('tbg3_password', $user->getPassword());
}
}
}
} elseif (TBGSettings::isLoginRequired()) {
throw new Exception('Login required');
} else {
throw new Exception('No such login');
}
} catch (Exception $e) {
throw $e;
}
return $user;
}
/**
* Returns the logged in user, or default user if not logged in
*
* @param string $uname
* @param string $upwd
*
* @return TBGUser
*/
public static function loginCheck($username = null, $password = null)
{
try {
$row = null;
// If no username and password specified, check if we have a session that exists already
if ($username === null && $password === null) {
if (TBGContext::getRequest()->hasCookie('tbg3_username') && TBGContext::getRequest()->hasCookie('tbg3_password')) {
$username = TBGContext::getRequest()->getCookie('tbg3_username');
$password = TBGContext::getRequest()->getCookie('tbg3_password');
$row = TBGUsersTable::getTable()->getByUsernameAndPassword($username, $password);
if (!$row) {
TBGContext::getResponse()->deleteCookie('tbg3_username');
TBGContext::getResponse()->deleteCookie('tbg3_password');
throw new Exception('No such login');
//TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login'));
}
}
}
// If we have authentication details, validate them
if (TBGSettings::getAuthenticationBackend() !== null && TBGSettings::getAuthenticationBackend() !== 'tbg' && $username !== null && $password !== null) {
TBGLogging::log('Authenticating with backend: ' . TBGSettings::getAuthenticationBackend(), 'auth', TBGLogging::LEVEL_INFO);
try {
$mod = TBGContext::getModule(TBGSettings::getAuthenticationBackend());
if ($mod->getType() !== TBGModule::MODULE_AUTH) {
TBGLogging::log('Auth module is not the right type', 'auth', TBGLogging::LEVEL_FATAL);
throw new Exception('Invalid module type');
}
if (TBGContext::getRequest()->hasCookie('tbg3_username') && TBGContext::getRequest()->hasCookie('tbg3_password')) {
$row = $mod->verifyLogin($username, $password);
} else {
$row = $mod->doLogin($username, $password);
}
if (!$row) {
// Invalid
TBGContext::getResponse()->deleteCookie('tbg3_username');
TBGContext::getResponse()->deleteCookie('tbg3_password');
throw new Exception('No such login');
//TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login'));
}
} catch (Exception $e) {
throw $e;
}
} elseif ($username !== null && $password !== null) {
TBGLogging::log('Using internal authentication', 'auth', TBGLogging::LEVEL_INFO);
// First test a pre-encrypted password
$row = TBGUsersTable::getTable()->getByUsernameAndPassword($username, $password);
if (!$row) {
// Then test an unencrypted password
$row = TBGUsersTable::getTable()->getByUsernameAndPassword($username, self::hashPassword($password));
if (!$row) {
// This is a legacy account from a 2.1 upgrade - try md5
$row = TBGUsersTable::getTable()->getByUsernameAndPassword($username, md5($password));
if (!$row) {
// Invalid
TBGContext::getResponse()->deleteCookie('tbg3_username');
TBGContext::getResponse()->deleteCookie('tbg3_password');
throw new Exception('No such login');
//TBGContext::getResponse()->headerRedirect(TBGContext::getRouting()->generate('login'));
} else {
// convert md5 to new password type
$user = new TBGUser($row->get(TBGUsersTable::ID), $row);
$user->changePassword($password);
$user->save();
unset($user);
}
}
}
} elseif (TBGContext::isCLI()) {
$row = TBGUsersTable::getTable()->getByUsername(TBGContext::getCurrentCLIusername());
} elseif (!TBGSettings::isLoginRequired()) {
$row = TBGUsersTable::getTable()->getByUserID(TBGSettings::getDefaultUserID());
}
if ($row) {
if (!$row->get(TBGScopesTable::ENABLED)) {
throw new Exception('This account belongs to a scope that is not active');
} elseif (!$row->get(TBGUsersTable::ACTIVATED)) {
throw new Exception('This account has not been activated yet');
} elseif (!$row->get(TBGUsersTable::ENABLED)) {
throw new Exception('This account has been suspended');
}
$user = TBGContext::factory()->TBGUser($row->get(TBGUsersTable::ID), $row);
} elseif (TBGSettings::isLoginRequired()) {
throw new Exception('Login required');
} else {
throw new Exception('No such login');
}
} catch (Exception $e) {
throw $e;
}
return $user;
}
/**
* Log out the current user (does not work when auth method is set to http)
*/
public static function logout()
{
if (TBGSettings::isUsingExternalAuthenticationBackend()) {
$mod = TBGContext::getModule(TBGSettings::getAuthenticationBackend());
$mod->logout();
}
TBGEvent::createNew('core', 'pre_logout')->trigger();
self::getResponse()->deleteCookie('tbg3_username');
self::getResponse()->deleteCookie('tbg3_password');
self::getResponse()->deleteCookie('tbg3_elevated_password');
self::getResponse()->deleteCookie('tbg3_persona_session');
self::getResponse()->deleteCookie('THEBUGGENIE');
session_regenerate_id(true);
TBGEvent::createNew('core', 'post_logout')->trigger();
}