public function login($username, $password) { if (method_exists('midgard_connection', 'get_sitegroup')) { // Midgard 8.09 or 9.03 authentication API with sitegroups if (!$this->sitegroup) { // In Midgard2 we need current SG name for authentication $this->sitegroup = midgardmvc_core::get_instance()->dispatcher->get_midgard_connection()->get_sitegroup(); } $this->user = midgard_user::auth($username, $password, $this->sitegroup); if (!$this->user) { midgardmvc_core::get_instance()->log(__CLASS__, "Failed authentication attempt for {$username}", 'warning'); return false; } return true; } // Use Midgard 9.09 authentication API try { $user = new midgard_user($this->prepare_tokens($username, $password)); if ($user->login()) { $this->user = $user; } } catch (Exception $e) { midgardmvc_core::get_instance()->log(__CLASS__, "Failed authentication attempt for {$username}", 'warning'); return false; } return true; }
private function midgard2Login($credentials) { // TODO: Handle different authtypes $tokens = array('login' => $credentials->getUserID(), 'password' => $credentials->getPassword(), 'authtype' => 'Plaintext', 'active' => true); try { $user = new \midgard_user($tokens); $user->login(); } catch (\midgard_error_exception $e) { throw new \PHPCR\LoginException($e->getMessage()); } return $user; }
private function update_account($email, $password) { $tokens = array('login' => $email, 'authtype' => 'SHA1', 'active' => true); try { $user = new midgard_user($tokens); if ($user) { $user->password = sha1($password); midgardmvc_core::get_instance()->authorization->enter_sudo('fi_openkeidas_registration'); $user->update(); midgardmvc_core::get_instance()->authorization->leave_sudo(); } } catch (midgard_error_exception $e) { midgardmvc_core::get_instance()->uimessages->add(array('title' => 'Tunnusta ei löytynyt', 'message' => 'Antamallasi osoitteella ei löytynyt tunnusta.', 'type' => 'ok')); midgardmvc_core::get_instance()->head->relocate('/rekisterointi/unohtunut'); } }
/** * The handler for the own details. * * @param mixed $handler_id the array key from the request array * @param array $args the arguments given to the handler * @param Array &$data The local request data. * @return boolean Indicating success. */ function _handler_changePassword($handler_id, $args, &$data) { $this->_request_data['name'] = "fi.kilonkipinat.account"; $title = $this->_l10n_midcom->get('index'); $_MIDCOM->set_pagetitle(":: {$title}"); $this->_component_data['active_leaf'] = "change_password"; $message = ''; $person = new fi_kilonkipinat_account_person_dba($_MIDGARD['user']); if (isset($_POST) && isset($_POST['old_pass']) && $_POST['old_pass'] != '') { $old_pass = trim($_POST['old_pass']); $auth_user = midgard_user::auth($person->username, $old_pass, self::sitegroup_for_auth(), false); if (!$auth_user) { $message = '<h3>Virhe</h3>Väärä vanha salasana!!!'; } elseif (isset($_POST['new_pass']) && isset($_POST['new_pass2']) && strlen(trim($_POST['new_pass'])) >= $this->_config->get('password_min_length')) { $new_pass = trim($_POST['new_pass']); $new_pass2 = trim($_POST['new_pass2']); if ($new_pass == $new_pass2) { // Enforce crypt mode $salt = chr(rand(64, 126)) . chr(rand(64, 126)); $crypt_password = crypt($new_pass, $salt); $person->password = $crypt_password; $person->update(); $message = '<h3>Salasana vaihdettu</h3>'; $_MIDCOM->auth->_auth_backend->create_login_session($person->username, $new_pass); } else { $message = '<h3>Virhe</h3>Varmistussalasana ei täsmää'; } } else { $message = '<h3>Virhe</h3>Uusi salasana liian lyhyt'; } } $this->_request_data['person'] = $person; $this->_request_data['messages'] = $message; return true; }
public function prepare_storage() { // Generate tables midgard_storage::create_base_storage(); // And update as necessary $re = new ReflectionExtension('midgard2'); $classes = $re->getClasses(); foreach ($classes as $refclass) { if ($refclass->isAbstract() || $refclass->isInterface()) { continue; } $type = $refclass->getName(); if (!is_subclass_of($type, 'MidgardDBObject')) { continue; } if (midgard_storage::class_storage_exists($type)) { // FIXME: Skip updates until http://trac.midgard-project.org/ticket/1426 is fixed continue; if (!midgard_storage::update_class_storage($type)) { $this->markTestSkipped('Could not update ' . $type . ' tables in test database'); } continue; } if (!midgard_storage::create_class_storage($type)) { $this->markTestSkipped('Could not create ' . $type . ' tables in test database'); } } // And update as necessary return; if (!midgard_user::auth('root', 'password')) { echo "auth failed\n"; $this->markTestSkipped('Could not authenticate as ROOT'); } }
public function login($username, $password) { if (extension_loaded('midgard2')) { // FIXME: Remove this once midgard_user::auth works in Midgard 2.x return true; } $this->user = midgard_user::auth($username, $password, null); if (!$this->user) { return false; } return true; }
public function get_avatar(array $args) { $ar = array('login' => $args['username'], 'authtype' => midgardmvc_core::get_instance()->configuration->services_authentication_authtype); try { $user = new midgard_user($ar); } catch (Exception $e) { //User does not exist, send 404. throw new midgardmvc_exception_notfound("Avatar not found"); } if ($user) { $attachments = $user->get_person()->list_attachments(); //Check if attachement exists if (count($attachments) == 0) { //fetch avatar from meego.com $employeenumber = $user->get_person()->get_parameter('midgardmvc_core_services_authentication_ldap', 'employeenumber'); $file = 'http://meego.com/sites/all/files/imagecache/user_pics/user_pics/picture-' . $employeenumber . '.png'; $opts = array(); if ($this->proxy) { $opts = array('http' => array('proxy' => $this->proxy, 'request_fulluri' => true)); } $context = stream_context_create($opts); $src = fopen($file, 'rb', false, $context); if ($src) { $attachment = $user->get_person()->create_attachment('meego:avatar', 'meego:avatar', 'image/png'); //Does not work through proxy as is. $this->copy_file_to_attachment($src, $attachment, $context); $attachments[0] = $attachment; } } if (count($attachments) > 0) { //serve attachment $this->serve_attachment($attachments[0]); } } //redirect to default avatar midgardmvc_core::get_instance()->head->relocate('http://meego.com/sites/all/themes/meego/images/user_picture_blank.png'); }
private function _load_person($username) { if (!$this->user) { debug_add("Failed to authenticate the given user: " . midcom_connection::get_error_string(), MIDCOM_LOG_INFO); return false; } $this->person = $this->user->get_person(); $person_class = new $GLOBALS['midcom_config']['person_class'](); if (get_class($this->person) != $person_class) { // Cast the person object to correct person class $this->person = new $person_class($this->person->guid); $this->person->username = $username; } return true; }
private function create_account(array $ldapuser, array $tokens) { midgardmvc_core::get_instance()->authorization->enter_sudo('midgardmvc_core'); $transaction = new midgard_transaction(); $transaction->begin(); $qb = new midgard_query_builder('midgard_person'); $qb->add_constraint('firstname', '=', $ldapuser['firstname']); $qb->add_constraint('lastname', '=', $ldapuser['lastname']); $persons = $qb->execute(); if (count($persons) == 0) { $person = new midgard_person(); $person->firstname = $ldapuser['firstname']; $person->lastname = $ldapuser['lastname']; if (!$person->create()) { midgardmvc_core::get_instance()->log(__CLASS__, "Creating midgard_person for LDAP user failed: " . midgard_connection::get_instance()->get_error_string(), 'warning'); $transaction->rollback(); midgardmvc_core::get_instance()->authorization->leave_sudo(); return false; } } else { $person = $persons[0]; } $person->set_parameter('midgardmvc_core_services_authentication_ldap', 'employeenumber', $ldapuser['employeenumber']); $user = new midgard_user(); $user->login = $tokens['login']; $user->password = ''; $user->usertype = 1; $user->authtype = 'LDAP'; $user->active = true; $user->set_person($person); if (!$user->create()) { midgardmvc_core::get_instance()->log(__CLASS__, "Creating midgard_user for LDAP user failed: " . midgard_connection::get_instance()->get_error_string(), 'warning'); $transaction->rollback(); midgardmvc_core::get_instance()->authorization->leave_sudo(); return false; } if (!$transaction->commit()) { midgardmvc_core::get_instance()->authorization->leave_sudo(); return false; } midgardmvc_core::get_instance()->authorization->leave_sudo(); return true; }
/** * Perform a login against the midgard backend * * @param string $username The username as entered * @param string $password The password as entered * @param boolean $trusted Use trusted auth (mgd1 only, ATM) * @return mixed The appropriate object or false */ public static function login($username, $password, $trusted = false) { if (method_exists('midgard_user', 'login')) { // Ratatoskr $login_tokens = array('login' => $username, 'authtype' => $GLOBALS['midcom_config']['auth_type']); if (!$trusted) { $login_tokens['password'] = self::prepare_password($password); } try { $user = new midgard_user($login_tokens); } catch (midgard_error_exception $e) { return false; } if (!$user->login()) { return false; } return $user; } else { // Ragnaroek $sg_name = ''; $mode = $GLOBALS['midcom_config']['auth_sitegroup_mode']; if ($mode == 'auto') { $mode = self::_get('sitegroup') == 0 ? 'not-sitegrouped' : 'sitegrouped'; } if ($mode == 'sitegrouped') { $sitegroup = new midgard_sitegroup(self::_get('sitegroup')); $sg_name = $sitegroup->name; } $stat = midgard_user::auth($username, $password, $sg_name, $trusted); if (!$stat && $GLOBALS['midcom_config']['auth_type'] == 'Plaintext' && strlen($password) > 11) { //mgd1 has the password field defined with length 13, but it doesn't complain //when saving a longer password, it just sometimes shortens it, so we try the //shortened version here (we cut at 11 because the first two characters are **) $stat = midgard_user::auth($username, substr($password, 0, 11), $sg_name, $trusted); } return $stat; } }
private function create_account(fi_openkeidas_registration_user $user, $password) { if (!$this->check_email($user->email)) { midgardmvc_core::get_instance()->uimessages->add(array('title' => 'Käyttäjätunnus olemassa', 'message' => 'Antamallasi sähköpostiosoitteella on jo käyttäjätunnus. Ole hyvä ja kirjaudu sisään.', 'type' => 'ok')); midgardmvc_core::get_instance()->head->relocate('/mgd:login'); } midgardmvc_core::get_instance()->authorization->enter_sudo('fi_openkeidas_registration'); $transaction = new midgard_transaction(); $transaction->begin(); $method = 'create'; if ($user->guid) { $method = 'update'; } if (!$user->{$method}()) { $transaction->rollback(); midgardmvc_core::get_instance()->authorization->leave_sudo(); throw new midgardmvc_exception_httperror('Failed to create user'); } // Typecast to midgard_person $person = new midgard_person($user->guid); $account = new midgard_user(); $account->login = $user->email; $account->password = sha1($password); $account->usertype = 1; $account->authtype = 'SHA1'; $account->active = true; $account->set_person($person); if (!$account->create()) { $transaction->rollback(); midgardmvc_core::get_instance()->authorization->leave_sudo(); throw new midgardmvc_exception_httperror('Failed to create user'); } if (!$transaction->commit()) { $transaction->rollback(); midgardmvc_core::get_instance()->authorization->leave_sudo(); throw new midgardmvc_exception_httperror('Failed to create user'); } midgardmvc_core::get_instance()->authorization->leave_sudo(); return $account; }
function _migrate_account($person) { $user = new midgard_user(); $db_password = $person->password; if (substr($person->password, 0, 2) == '**') { $db_password = substr($db_password, 2); } else { echo ' Legacy password detected for user ' . $person->username . ". Resetting to 'password', please change ASAP\n"; $db_password = '******'; } $user->authtype = $GLOBALS['midcom_config']['auth_type']; $user->password = midcom_connection::prepare_password($db_password); $user->login = $person->username; if ($GLOBALS['midcom_config']['person_class'] != 'midgard_person') { $mgd_person = new midgard_person($person->guid); } else { $mgd_person = $person; } $user->set_person($mgd_person); $user->active = true; try { $user->create(); } catch (midgard_error_exception $e) { return false; } return true; }
/** * Executes the login to midgard. * @param username * @param password * @return bool */ private function do_midgard_login($username, $password) { if (method_exists('midgard_connection', 'get_sitegroup')) { // Midgard 8.09 or 9.03 authentication API with sitegroups if (!$this->sitegroup) { // Sitegroups are only used in Midgard 9.03 and older $this->sitegroup = midgardmvc_core::get_instance()->dispatcher->get_midgard_connection()->get_sitegroup(); } if ($this->sitegroup) { $this->user = midgard_user::auth($username, '', $this->sitegroup, $this->trusted_auth); } else { $this->user = midgard_user::auth($username, '', $this->trusted_auth); } // Don't allow trusted auth for admin users if ($this->trusted_auth && !empty($this->user) && $this->user->is_admin()) { // Re-check using password for admin users $this->user = midgard_user::auth($username, $password, $this->sitegroup, false); } if (!$this->user) { midgardmvc_core::get_instance()->log(__CLASS__, "Failed authentication attempt for {$username}", 'warning'); $this->session_cookie->delete_login_session_cookie(); return false; } return true; } // Use Midgard 9.09 authentication API try { $user = new midgard_user($this->prepare_tokens($username, $password)); if ($user->login()) { $this->user = $user; } } catch (Exception $e) { midgardmvc_core::get_instance()->log(__CLASS__, "Failed authentication attempt for {$username}", 'warning'); $this->session_cookie->delete_login_session_cookie(); return false; } return true; }
/** * Creates an account */ private function create_account(array $ldapuser, array $tokens) { $user = null; $person = null; midgardmvc_core::get_instance()->authorization->enter_sudo('midgardmvc_core'); $transaction = new midgard_transaction(); $transaction->begin(); $persons = $this->get_persons($ldapuser); if (count($persons) == 0) { $person = $this->create_person($ldapuser, $tokens); } else { // we have multiple persons with the same firstname and lastname // let's see the corresponding midgard_user object and its login field foreach ($persons as $person) { $user = com_meego_packages_utils::get_user_by_person_guid($person->guid); if ($user->login == $tokens['login']) { break; } else { $user = null; $person = null; } } } if (!$user) { if (!$person) { $person = $this->create_person($ldapuser, $tokens); } if ($person) { $user = new midgard_user(); $user->login = $tokens['login']; $user->password = ''; $user->usertype = 1; $user->authtype = 'LDAP'; $user->active = true; $user->set_person($person); if (!$user->create()) { midgardmvc_core::get_instance()->log(__CLASS__, "Creating midgard_user for LDAP user failed: " . midgard_connection::get_instance()->get_error_string(), 'warning'); $transaction->rollback(); midgardmvc_core::get_instance()->authorization->leave_sudo(); return false; } } } midgardmvc_core::get_instance()->authorization->leave_sudo(); if (!$transaction->commit()) { return false; } return true; }
/** * Creates and returns a midgard_person object * */ private function createUser($login) { # create the person object $person = new midgard_person(); $person->firstname = $login; $person->lastname = $login; if (!$person->create()) { $error = midgard_connection::get_instance()->get_error_string(); midgard_error::error(__CLASS__ . " Failed to create midgard person: " . $error); return false; } else { midgard_error::info(__CLASS__ . " Created midgard person: " . $person->guid); $user = new midgard_user(); $user->login = $login; $user->password = ''; $user->usertype = 1; $user->authtype = $this->config['default_auth_type'] ? $this->config['default_auth_type'] : 'SHA1'; $user->active = true; $user->set_person($person); if (!$user->create()) { $error = midgard_connection::get_instance()->get_error_string(); midgard_error::error(__CLASS__ . "Failed to create midgard user: "******" Created midgard user: " . $user->login); } // @todo: not sure if this is the best solution; // but it is simple to create midgardmvc_account objects // this does not work, as we are not an MVC app /* $dummy_session = new midgardmvc_core_login_session(); $dummy_session->userid = ''; $dummy_session->username = $user->login; $dummy_session->authtype = $user->authtype; midgardmvc_account_injector::create_account_from_session($dummy_session); unset($dummy_session); */ return $user; }
/** * Executes the login to Midgard2. */ protected function do_midgard_login(array $tokens) { try { $tokens = $this->prepare_tokens($tokens); $user = new midgard_user($tokens); if ($user->login()) { $this->user = $user; } } catch (midgard_error_exception $e) { midgardmvc_core::get_instance()->log(__CLASS__, "Failed authentication attempt for {$tokens['login']}: " . $e->getMessage(), 'warning'); midgardmvc_core::get_instance()->context->get_request()->set_data_item('midgardmvc_core_services_authentication_message', midgardmvc_core::get_instance()->i18n->get('authentication failed', 'midgardmvc_core')); return false; } catch (Exception $e) { midgardmvc_core::get_instance()->log(__CLASS__, "Failed authentication attempt for {$tokens['login']}: " . $e->getMessage(), 'warning'); midgardmvc_core::get_instance()->context->get_request()->set_data_item('midgardmvc_core_services_authentication_message', midgardmvc_core::get_instance()->i18n->get('authentication failed: ' . $e->getMessage(), 'midgardmvc_core')); return false; } return true; }