public function login($username, $password)
{
if (method_exists('midgard_connection', 'get_sitegroup')) {
// Midgard 8.09 or 9.03 authentication API with sitegroups
if (!$this->sitegroup) {
// In Midgard2 we need current SG name for authentication
$this->sitegroup = midgardmvc_core::get_instance()->dispatcher->get_midgard_connection()->get_sitegroup();
}
$this->user = midgard_user::auth($username, $password, $this->sitegroup);
if (!$this->user) {
midgardmvc_core::get_instance()->log(__CLASS__, "Failed authentication attempt for {$username}", 'warning');
return false;
}
return true;
}
// Use Midgard 9.09 authentication API
try {
$user = new midgard_user($this->prepare_tokens($username, $password));
if ($user->login()) {
$this->user = $user;
}
} catch (Exception $e) {
midgardmvc_core::get_instance()->log(__CLASS__, "Failed authentication attempt for {$username}", 'warning');
return false;
}
return true;
}
private function midgard2Login($credentials)
{
// TODO: Handle different authtypes
$tokens = array('login' => $credentials->getUserID(), 'password' => $credentials->getPassword(), 'authtype' => 'Plaintext', 'active' => true);
try {
$user = new \midgard_user($tokens);
$user->login();
} catch (\midgard_error_exception $e) {
throw new \PHPCR\LoginException($e->getMessage());
}
return $user;
}
private function update_account($email, $password)
{
$tokens = array('login' => $email, 'authtype' => 'SHA1', 'active' => true);
try {
$user = new midgard_user($tokens);
if ($user) {
$user->password = sha1($password);
midgardmvc_core::get_instance()->authorization->enter_sudo('fi_openkeidas_registration');
$user->update();
midgardmvc_core::get_instance()->authorization->leave_sudo();
}
} catch (midgard_error_exception $e) {
midgardmvc_core::get_instance()->uimessages->add(array('title' => 'Tunnusta ei löytynyt', 'message' => 'Antamallasi osoitteella ei löytynyt tunnusta.', 'type' => 'ok'));
midgardmvc_core::get_instance()->head->relocate('/rekisterointi/unohtunut');
}
}
/**
* The handler for the own details.
*
* @param mixed $handler_id the array key from the request array
* @param array $args the arguments given to the handler
* @param Array &$data The local request data.
* @return boolean Indicating success.
*/
function _handler_changePassword($handler_id, $args, &$data)
{
$this->_request_data['name'] = "fi.kilonkipinat.account";
$title = $this->_l10n_midcom->get('index');
$_MIDCOM->set_pagetitle(":: {$title}");
$this->_component_data['active_leaf'] = "change_password";
$message = '';
$person = new fi_kilonkipinat_account_person_dba($_MIDGARD['user']);
if (isset($_POST) && isset($_POST['old_pass']) && $_POST['old_pass'] != '') {
$old_pass = trim($_POST['old_pass']);
$auth_user = midgard_user::auth($person->username, $old_pass, self::sitegroup_for_auth(), false);
if (!$auth_user) {
$message = '<h3>Virhe</h3>Väärä vanha salasana!!!';
} elseif (isset($_POST['new_pass']) && isset($_POST['new_pass2']) && strlen(trim($_POST['new_pass'])) >= $this->_config->get('password_min_length')) {
$new_pass = trim($_POST['new_pass']);
$new_pass2 = trim($_POST['new_pass2']);
if ($new_pass == $new_pass2) {
// Enforce crypt mode
$salt = chr(rand(64, 126)) . chr(rand(64, 126));
$crypt_password = crypt($new_pass, $salt);
$person->password = $crypt_password;
$person->update();
$message = '<h3>Salasana vaihdettu</h3>';
$_MIDCOM->auth->_auth_backend->create_login_session($person->username, $new_pass);
} else {
$message = '<h3>Virhe</h3>Varmistussalasana ei täsmää';
}
} else {
$message = '<h3>Virhe</h3>Uusi salasana liian lyhyt';
}
}
$this->_request_data['person'] = $person;
$this->_request_data['messages'] = $message;
return true;
}
public function prepare_storage()
{
// Generate tables
midgard_storage::create_base_storage();
// And update as necessary
$re = new ReflectionExtension('midgard2');
$classes = $re->getClasses();
foreach ($classes as $refclass) {
if ($refclass->isAbstract() || $refclass->isInterface()) {
continue;
}
$type = $refclass->getName();
if (!is_subclass_of($type, 'MidgardDBObject')) {
continue;
}
if (midgard_storage::class_storage_exists($type)) {
// FIXME: Skip updates until http://trac.midgard-project.org/ticket/1426 is fixed
continue;
if (!midgard_storage::update_class_storage($type)) {
$this->markTestSkipped('Could not update ' . $type . ' tables in test database');
}
continue;
}
if (!midgard_storage::create_class_storage($type)) {
$this->markTestSkipped('Could not create ' . $type . ' tables in test database');
}
}
// And update as necessary
return;
if (!midgard_user::auth('root', 'password')) {
echo "auth failed\n";
$this->markTestSkipped('Could not authenticate as ROOT');
}
}
public function login($username, $password)
{
if (extension_loaded('midgard2')) {
// FIXME: Remove this once midgard_user::auth works in Midgard 2.x
return true;
}
$this->user = midgard_user::auth($username, $password, null);
if (!$this->user) {
return false;
}
return true;
}
public function get_avatar(array $args)
{
$ar = array('login' => $args['username'], 'authtype' => midgardmvc_core::get_instance()->configuration->services_authentication_authtype);
try {
$user = new midgard_user($ar);
} catch (Exception $e) {
//User does not exist, send 404.
throw new midgardmvc_exception_notfound("Avatar not found");
}
if ($user) {
$attachments = $user->get_person()->list_attachments();
//Check if attachement exists
if (count($attachments) == 0) {
//fetch avatar from meego.com
$employeenumber = $user->get_person()->get_parameter('midgardmvc_core_services_authentication_ldap', 'employeenumber');
$file = 'http://meego.com/sites/all/files/imagecache/user_pics/user_pics/picture-' . $employeenumber . '.png';
$opts = array();
if ($this->proxy) {
$opts = array('http' => array('proxy' => $this->proxy, 'request_fulluri' => true));
}
$context = stream_context_create($opts);
$src = fopen($file, 'rb', false, $context);
if ($src) {
$attachment = $user->get_person()->create_attachment('meego:avatar', 'meego:avatar', 'image/png');
//Does not work through proxy as is.
$this->copy_file_to_attachment($src, $attachment, $context);
$attachments[0] = $attachment;
}
}
if (count($attachments) > 0) {
//serve attachment
$this->serve_attachment($attachments[0]);
}
}
//redirect to default avatar
midgardmvc_core::get_instance()->head->relocate('http://meego.com/sites/all/themes/meego/images/user_picture_blank.png');
}
private function _load_person($username)
{
if (!$this->user) {
debug_add("Failed to authenticate the given user: " . midcom_connection::get_error_string(), MIDCOM_LOG_INFO);
return false;
}
$this->person = $this->user->get_person();
$person_class = new $GLOBALS['midcom_config']['person_class']();
if (get_class($this->person) != $person_class) {
// Cast the person object to correct person class
$this->person = new $person_class($this->person->guid);
$this->person->username = $username;
}
return true;
}
private function create_account(array $ldapuser, array $tokens)
{
midgardmvc_core::get_instance()->authorization->enter_sudo('midgardmvc_core');
$transaction = new midgard_transaction();
$transaction->begin();
$qb = new midgard_query_builder('midgard_person');
$qb->add_constraint('firstname', '=', $ldapuser['firstname']);
$qb->add_constraint('lastname', '=', $ldapuser['lastname']);
$persons = $qb->execute();
if (count($persons) == 0) {
$person = new midgard_person();
$person->firstname = $ldapuser['firstname'];
$person->lastname = $ldapuser['lastname'];
if (!$person->create()) {
midgardmvc_core::get_instance()->log(__CLASS__, "Creating midgard_person for LDAP user failed: " . midgard_connection::get_instance()->get_error_string(), 'warning');
$transaction->rollback();
midgardmvc_core::get_instance()->authorization->leave_sudo();
return false;
}
} else {
$person = $persons[0];
}
$person->set_parameter('midgardmvc_core_services_authentication_ldap', 'employeenumber', $ldapuser['employeenumber']);
$user = new midgard_user();
$user->login = $tokens['login'];
$user->password = '';
$user->usertype = 1;
$user->authtype = 'LDAP';
$user->active = true;
$user->set_person($person);
if (!$user->create()) {
midgardmvc_core::get_instance()->log(__CLASS__, "Creating midgard_user for LDAP user failed: " . midgard_connection::get_instance()->get_error_string(), 'warning');
$transaction->rollback();
midgardmvc_core::get_instance()->authorization->leave_sudo();
return false;
}
if (!$transaction->commit()) {
midgardmvc_core::get_instance()->authorization->leave_sudo();
return false;
}
midgardmvc_core::get_instance()->authorization->leave_sudo();
return true;
}
/**
* Perform a login against the midgard backend
*
* @param string $username The username as entered
* @param string $password The password as entered
* @param boolean $trusted Use trusted auth (mgd1 only, ATM)
* @return mixed The appropriate object or false
*/
public static function login($username, $password, $trusted = false)
{
if (method_exists('midgard_user', 'login')) {
// Ratatoskr
$login_tokens = array('login' => $username, 'authtype' => $GLOBALS['midcom_config']['auth_type']);
if (!$trusted) {
$login_tokens['password'] = self::prepare_password($password);
}
try {
$user = new midgard_user($login_tokens);
} catch (midgard_error_exception $e) {
return false;
}
if (!$user->login()) {
return false;
}
return $user;
} else {
// Ragnaroek
$sg_name = '';
$mode = $GLOBALS['midcom_config']['auth_sitegroup_mode'];
if ($mode == 'auto') {
$mode = self::_get('sitegroup') == 0 ? 'not-sitegrouped' : 'sitegrouped';
}
if ($mode == 'sitegrouped') {
$sitegroup = new midgard_sitegroup(self::_get('sitegroup'));
$sg_name = $sitegroup->name;
}
$stat = midgard_user::auth($username, $password, $sg_name, $trusted);
if (!$stat && $GLOBALS['midcom_config']['auth_type'] == 'Plaintext' && strlen($password) > 11) {
//mgd1 has the password field defined with length 13, but it doesn't complain
//when saving a longer password, it just sometimes shortens it, so we try the
//shortened version here (we cut at 11 because the first two characters are **)
$stat = midgard_user::auth($username, substr($password, 0, 11), $sg_name, $trusted);
}
return $stat;
}
}
private function create_account(fi_openkeidas_registration_user $user, $password)
{
if (!$this->check_email($user->email)) {
midgardmvc_core::get_instance()->uimessages->add(array('title' => 'Käyttäjätunnus olemassa', 'message' => 'Antamallasi sähköpostiosoitteella on jo käyttäjätunnus. Ole hyvä ja kirjaudu sisään.', 'type' => 'ok'));
midgardmvc_core::get_instance()->head->relocate('/mgd:login');
}
midgardmvc_core::get_instance()->authorization->enter_sudo('fi_openkeidas_registration');
$transaction = new midgard_transaction();
$transaction->begin();
$method = 'create';
if ($user->guid) {
$method = 'update';
}
if (!$user->{$method}()) {
$transaction->rollback();
midgardmvc_core::get_instance()->authorization->leave_sudo();
throw new midgardmvc_exception_httperror('Failed to create user');
}
// Typecast to midgard_person
$person = new midgard_person($user->guid);
$account = new midgard_user();
$account->login = $user->email;
$account->password = sha1($password);
$account->usertype = 1;
$account->authtype = 'SHA1';
$account->active = true;
$account->set_person($person);
if (!$account->create()) {
$transaction->rollback();
midgardmvc_core::get_instance()->authorization->leave_sudo();
throw new midgardmvc_exception_httperror('Failed to create user');
}
if (!$transaction->commit()) {
$transaction->rollback();
midgardmvc_core::get_instance()->authorization->leave_sudo();
throw new midgardmvc_exception_httperror('Failed to create user');
}
midgardmvc_core::get_instance()->authorization->leave_sudo();
return $account;
}
function _migrate_account($person)
{
$user = new midgard_user();
$db_password = $person->password;
if (substr($person->password, 0, 2) == '**') {
$db_password = substr($db_password, 2);
} else {
echo ' Legacy password detected for user ' . $person->username . ". Resetting to 'password', please change ASAP\n";
$db_password = '******';
}
$user->authtype = $GLOBALS['midcom_config']['auth_type'];
$user->password = midcom_connection::prepare_password($db_password);
$user->login = $person->username;
if ($GLOBALS['midcom_config']['person_class'] != 'midgard_person') {
$mgd_person = new midgard_person($person->guid);
} else {
$mgd_person = $person;
}
$user->set_person($mgd_person);
$user->active = true;
try {
$user->create();
} catch (midgard_error_exception $e) {
return false;
}
return true;
}
/**
* Executes the login to midgard.
* @param username
* @param password
* @return bool
*/
private function do_midgard_login($username, $password)
{
if (method_exists('midgard_connection', 'get_sitegroup')) {
// Midgard 8.09 or 9.03 authentication API with sitegroups
if (!$this->sitegroup) {
// Sitegroups are only used in Midgard 9.03 and older
$this->sitegroup = midgardmvc_core::get_instance()->dispatcher->get_midgard_connection()->get_sitegroup();
}
if ($this->sitegroup) {
$this->user = midgard_user::auth($username, '', $this->sitegroup, $this->trusted_auth);
} else {
$this->user = midgard_user::auth($username, '', $this->trusted_auth);
}
// Don't allow trusted auth for admin users
if ($this->trusted_auth && !empty($this->user) && $this->user->is_admin()) {
// Re-check using password for admin users
$this->user = midgard_user::auth($username, $password, $this->sitegroup, false);
}
if (!$this->user) {
midgardmvc_core::get_instance()->log(__CLASS__, "Failed authentication attempt for {$username}", 'warning');
$this->session_cookie->delete_login_session_cookie();
return false;
}
return true;
}
// Use Midgard 9.09 authentication API
try {
$user = new midgard_user($this->prepare_tokens($username, $password));
if ($user->login()) {
$this->user = $user;
}
} catch (Exception $e) {
midgardmvc_core::get_instance()->log(__CLASS__, "Failed authentication attempt for {$username}", 'warning');
$this->session_cookie->delete_login_session_cookie();
return false;
}
return true;
}
/**
* Creates an account
*/
private function create_account(array $ldapuser, array $tokens)
{
$user = null;
$person = null;
midgardmvc_core::get_instance()->authorization->enter_sudo('midgardmvc_core');
$transaction = new midgard_transaction();
$transaction->begin();
$persons = $this->get_persons($ldapuser);
if (count($persons) == 0) {
$person = $this->create_person($ldapuser, $tokens);
} else {
// we have multiple persons with the same firstname and lastname
// let's see the corresponding midgard_user object and its login field
foreach ($persons as $person) {
$user = com_meego_packages_utils::get_user_by_person_guid($person->guid);
if ($user->login == $tokens['login']) {
break;
} else {
$user = null;
$person = null;
}
}
}
if (!$user) {
if (!$person) {
$person = $this->create_person($ldapuser, $tokens);
}
if ($person) {
$user = new midgard_user();
$user->login = $tokens['login'];
$user->password = '';
$user->usertype = 1;
$user->authtype = 'LDAP';
$user->active = true;
$user->set_person($person);
if (!$user->create()) {
midgardmvc_core::get_instance()->log(__CLASS__, "Creating midgard_user for LDAP user failed: " . midgard_connection::get_instance()->get_error_string(), 'warning');
$transaction->rollback();
midgardmvc_core::get_instance()->authorization->leave_sudo();
return false;
}
}
}
midgardmvc_core::get_instance()->authorization->leave_sudo();
if (!$transaction->commit()) {
return false;
}
return true;
}
/**
* Creates and returns a midgard_person object
*
*/
private function createUser($login)
{
# create the person object
$person = new midgard_person();
$person->firstname = $login;
$person->lastname = $login;
if (!$person->create()) {
$error = midgard_connection::get_instance()->get_error_string();
midgard_error::error(__CLASS__ . " Failed to create midgard person: " . $error);
return false;
} else {
midgard_error::info(__CLASS__ . " Created midgard person: " . $person->guid);
$user = new midgard_user();
$user->login = $login;
$user->password = '';
$user->usertype = 1;
$user->authtype = $this->config['default_auth_type'] ? $this->config['default_auth_type'] : 'SHA1';
$user->active = true;
$user->set_person($person);
if (!$user->create()) {
$error = midgard_connection::get_instance()->get_error_string();
midgard_error::error(__CLASS__ . "Failed to create midgard user: "******" Created midgard user: " . $user->login);
}
// @todo: not sure if this is the best solution;
// but it is simple to create midgardmvc_account objects
// this does not work, as we are not an MVC app
/*
$dummy_session = new midgardmvc_core_login_session();
$dummy_session->userid = '';
$dummy_session->username = $user->login;
$dummy_session->authtype = $user->authtype;
midgardmvc_account_injector::create_account_from_session($dummy_session);
unset($dummy_session);
*/
return $user;
}
/**
* Executes the login to Midgard2.
*/
protected function do_midgard_login(array $tokens)
{
try {
$tokens = $this->prepare_tokens($tokens);
$user = new midgard_user($tokens);
if ($user->login()) {
$this->user = $user;
}
} catch (midgard_error_exception $e) {
midgardmvc_core::get_instance()->log(__CLASS__, "Failed authentication attempt for {$tokens['login']}: " . $e->getMessage(), 'warning');
midgardmvc_core::get_instance()->context->get_request()->set_data_item('midgardmvc_core_services_authentication_message', midgardmvc_core::get_instance()->i18n->get('authentication failed', 'midgardmvc_core'));
return false;
} catch (Exception $e) {
midgardmvc_core::get_instance()->log(__CLASS__, "Failed authentication attempt for {$tokens['login']}: " . $e->getMessage(), 'warning');
midgardmvc_core::get_instance()->context->get_request()->set_data_item('midgardmvc_core_services_authentication_message', midgardmvc_core::get_instance()->i18n->get('authentication failed: ' . $e->getMessage(), 'midgardmvc_core'));
return false;
}
return true;
}
