示例#1
0
 /**
  * Get user permissions and restrictions
  *
  * @param   User $user
  *
  * @return  array
  */
 public function getPermissionsAndRestrictions(User $user)
 {
     $permissions = array();
     $restrictions = array();
     $username = $user->getUsername();
     try {
         $roles = Config::app('roles');
     } catch (NotReadableError $e) {
         Logger::error('Can\'t get permissions and restrictions for user \'%s\'. An exception was thrown:', $username, $e);
         return array($permissions, $restrictions);
     }
     $userGroups = $user->getGroups();
     foreach ($roles as $role) {
         if ($this->match($username, $userGroups, $role)) {
             $permissions = array_merge($permissions, array_diff(String::trimSplit($role->permissions), $permissions));
             $restrictionsFromRole = $role->toArray();
             unset($restrictionsFromRole['users']);
             unset($restrictionsFromRole['groups']);
             unset($restrictionsFromRole['permissions']);
             foreach ($restrictionsFromRole as $name => $restriction) {
                 if (!isset($restrictions[$name])) {
                     $restrictions[$name] = array();
                 }
                 $restrictions[$name][] = $restriction;
             }
         }
     }
     return array($permissions, $restrictions);
 }
 public function testWhetherSearchProvidesHintWhenSearchStringIsEmpty()
 {
     $user = new User('test');
     $user->setPermissions(array('*' => '*'));
     $dashboard = new SearchDashboard();
     $dashboard->setUser($user);
     $dashboard = $dashboard->search();
     $result = $dashboard->getPane('search')->hasDashlet('Ready to search');
     $this->assertTrue($result, 'Dashboard::search() could not get hint for search');
 }
示例#3
0
 /**
  * Get config file
  *
  * @return string
  */
 public function getConfigFile()
 {
     if ($this->user === null) {
         throw new ProgrammingError('Can\'t load dashboards. User is not set');
     }
     return Config::resolvePath('dashboards/' . $this->user->getUsername() . '/dashboard.ini');
 }
示例#4
0
 /**
  * Whether an authenticated user has a given permission
  *
  * @param  string  $permission  Permission name
  *
  * @return bool                 True if the user owns the given permission, false if not or if not authenticated
  */
 public function hasPermission($permission)
 {
     if (!$this->isAuthenticated()) {
         return false;
     }
     return $this->user->can($permission);
 }
 /**
  * Authenticate the given user and return true on success, false on failure and null on error
  *
  * @param   User        $user
  * @param   string      $password
  *
  * @return  bool|null
  * @throws  AuthenticationException
  */
 public function authenticate(User $user, $password)
 {
     try {
         $salt = $this->getSalt($user->getUsername());
         if ($salt === null) {
             return false;
         }
         if ($salt === '') {
             throw new Exception('Cannot find salt for user ' . $user->getUsername());
         }
         $select = new Zend_Db_Select($this->conn->getConnection());
         $row = $select->from('account', array(new Zend_Db_Expr(1)))->where('username = ?', $user->getUsername())->where('active = ?', true)->where('password = ?', $this->hashPassword($password, $salt))->query()->fetchObject();
         return $row !== false ? true : false;
     } catch (Exception $e) {
         throw new AuthenticationException(sprintf('Failed to authenticate user "%s" against backend "%s". An exception was thrown:', $user->getUsername(), $this->getName()), 0, $e);
     }
 }
 /**
  * Authenticate the given user and return true on success, false on failure and null on error
  *
  * @param   User    $user
  * @param   string  $password
  *
  * @return  bool|null
  * @throws  AuthenticationException
  */
 public function authenticate(User $user, $password)
 {
     try {
         return $this->conn->testCredentials($this->conn->fetchDN($this->createQuery($user->getUsername())), $password);
     } catch (Exception $e) {
         throw new AuthenticationException(sprintf('Failed to authenticate user "%s" against backend "%s". An exception was thrown:', $user->getUsername(), $this->getName()), 0, $e);
     }
 }
示例#7
0
 /**
  * List all dashboard configuration files that match the given user
  *
  * @param   User    $user
  *
  * @return  string[]
  */
 public static function listConfigFilesForUser(User $user)
 {
     $files = array();
     $dashboards = static::resolvePath('dashboards');
     if ($handle = @opendir($dashboards)) {
         while (false !== ($entry = readdir($handle))) {
             if ($entry[0] === '.' || !is_dir($dashboards . '/' . $entry)) {
                 continue;
             }
             if (strtolower($entry) === strtolower($user->getUsername())) {
                 $files[] = $dashboards . '/' . $entry . '/dashboard.ini';
             }
         }
         closedir($handle);
     }
     return $files;
 }
示例#8
0
 /**
  * Authenticate the given user
  *
  * @param   User        $user
  * @param   string      $password
  *
  * @return  bool                        True on success, false on failure
  *
  * @throws  AuthenticationException     In case authentication is not possible due to an error
  */
 public function authenticate(User $user, $password = null)
 {
     if (isset($_SERVER['REMOTE_USER'])) {
         $username = $_SERVER['REMOTE_USER'];
         $user->setRemoteUserInformation($username, 'REMOTE_USER');
         if ($this->stripUsernameRegexp) {
             $stripped = preg_replace($this->stripUsernameRegexp, '', $username);
             if ($stripped !== false) {
                 // TODO(el): PHP issues a warning when PHP cannot compile the regular expression. Should we log an
                 // additional message in that case?
                 $username = $stripped;
             }
         }
         $user->setUsername($username);
         return true;
     }
     return false;
 }
示例#9
0
文件: Web.php 项目: NerdGZ/icingaweb2
 /**
  * Instantiate front controller
  *
  * @return $this
  */
 private function setupFrontController()
 {
     $this->frontController = Zend_Controller_Front::getInstance();
     $this->frontController->setRequest($this->getRequest());
     $this->frontController->setControllerDirectory($this->getApplicationDir('/controllers'));
     $displayExceptions = $this->config->get('global', 'show_stacktraces', true);
     if ($this->user !== null && $this->user->can('application/stacktraces')) {
         $displayExceptions = $this->user->getPreferences()->getValue('icingaweb', 'show_stacktraces', $displayExceptions);
     }
     $this->frontController->setParams(array('displayExceptions' => $displayExceptions));
     return $this;
 }
示例#10
0
 /**
  * Return the groups the given user is a member of
  *
  * @param   User    $user
  *
  * @return  array
  */
 public function getMemberships(User $user)
 {
     $result = $this->select()->fetchAll();
     $groups = array();
     foreach ($result as $group) {
         $groups[$group->group_name] = $group->parent;
     }
     $username = strtolower($user->getUsername());
     $memberships = array();
     foreach ($result as $group) {
         if ($group->users && !in_array($group->group_name, $memberships)) {
             $users = array_map('strtolower', String::trimSplit($group->users));
             if (in_array($username, $users)) {
                 $memberships[] = $group->group_name;
                 $parent = $groups[$group->group_name];
                 while ($parent !== null) {
                     $memberships[] = $parent;
                     $parent = isset($groups[$parent]) ? $groups[$parent] : null;
                 }
             }
         }
     }
     return $memberships;
 }
示例#11
0
 /**
  * Tries to authenticate the user from the session, and then from the REMOTE_USER superglobal, that can be set by
  * an external authentication provider.
  */
 public function authenticateFromRemoteUser()
 {
     $this->fromRemoteUser = true;
     $this->authenticateFromSession();
     if ($this->user !== null) {
         if (array_key_exists('REMOTE_USER', $_SERVER) && $this->user->getUsername() !== $_SERVER["REMOTE_USER"]) {
             // Remote user has changed, clear all sessions
             $this->removeAuthorization();
         }
         return;
     }
     if (array_key_exists('REMOTE_USER', $_SERVER) && $_SERVER["REMOTE_USER"]) {
         $this->user = new User($_SERVER["REMOTE_USER"]);
         $this->persistCurrentUser();
     }
 }
示例#12
0
 /**
  * {@inheritdoc}
  */
 public function authenticate(User $user, $password = null)
 {
     if (!empty($_SERVER['HTTP_FROM'])) {
         $email = $_SERVER['HTTP_FROM'];
         $user->setUsername($email);
         $user->setEmail($email);
         $user->setExternalUserInformation($email, 'HTTP_FROM');
         if (!empty($_SERVER['HTTP_X_GIVEN_NAME'])) {
             $user->setFirstname($_SERVER['HTTP_X_GIVEN_NAME']);
         }
         if (!empty($_SERVER['HTTP_X_GROUPS'])) {
             $user->setGroups(explode(',', $_SERVER['HTTP_X_GROUPS']));
         }
         if (!empty($_SERVER['HTTP_X_FAMILY_NAME'])) {
             $user->setLastname($_SERVER['HTTP_X_FAMILY_NAME']);
         }
         return true;
     }
     return false;
 }
示例#13
0
 public function testPermissions()
 {
     $user = new User('test');
     $user->setPermissions(array('test', 'test/some/specific', 'test/more/*', 'test/wildcard-with-wildcard/*', 'test/even-more/specific-with-wildcard/*'));
     $this->assertTrue($user->can('test'));
     $this->assertTrue($user->can('test/some/specific'));
     $this->assertTrue($user->can('test/more/everything'));
     $this->assertTrue($user->can('test/wildcard-with-wildcard/*'));
     $this->assertTrue($user->can('test/wildcard-with-wildcard/sub/sub'));
     $this->assertTrue($user->can('test/even-more/*'));
     $this->assertFalse($user->can('not/test'));
     $this->assertFalse($user->can('test/some/not/so/specific'));
     $this->assertFalse($user->can('test/wildcard2/*'));
 }
示例#14
0
 /**
  * {@inheritdoc}
  */
 public function authenticate(User $user, $password = null)
 {
     list($username, $field) = static::getRemoteUserInformation();
     if ($username !== null) {
         $user->setExternalUserInformation($username, $field);
         if ($this->stripUsernameRegexp) {
             $stripped = @preg_replace($this->stripUsernameRegexp, '', $username);
             if ($stripped === false) {
                 Logger::error('Failed to strip external username. The configured regular expression is invalid.');
                 return false;
             }
             $username = $stripped;
         }
         $user->setUsername($username);
         return true;
     }
     return false;
 }
示例#15
0
 /**
  * Return the groups the given user is a member of
  *
  * @param   User    $user
  *
  * @return  array
  */
 public function getMemberships(User $user)
 {
     $groupQuery = $this->ds->select()->from(array('g' => $this->prependTablePrefix('group')), array('group_name' => 'g.name', 'parent_name' => 'gg.name'))->joinLeft(array('gg' => $this->prependTablePrefix('group')), 'g.parent = gg.id', array());
     $groups = array();
     foreach ($groupQuery as $group) {
         $groups[$group->group_name] = $group->parent_name;
     }
     $membershipQuery = $this->select()->from('group_membership', array('group_name'))->where('user_name', $user->getUsername());
     $memberships = array();
     foreach ($membershipQuery as $membership) {
         $memberships[] = $membership->group_name;
         $parent = $groups[$membership->group_name];
         while ($parent !== null) {
             $memberships[] = $parent;
             // Usually a parent is an existing group, but since we do not have a constraint on our table..
             $parent = isset($groups[$parent]) ? $groups[$parent] : null;
         }
     }
     return $memberships;
 }
示例#16
0
 /**
  * @depends testWhetherCreatePaneCreatesAPane
  */
 public function testLoadPaneItemsProvidedByEnabledModules()
 {
     $user = new User('test');
     $user->setPermissions(array('*' => '*'));
     $dashboard = new Dashboard();
     $dashboard->setUser($user);
     $dashboard->load();
     $this->assertCount(1, $dashboard->getPanes(), 'Dashboard::load() could not load panes from enabled modules');
 }
示例#17
0
 /**
  * Return the groups the given user is a member of
  *
  * @param   User    $user
  *
  * @return  array
  */
 public function getMemberships(User $user)
 {
     if ($this->isMemberAttributeAmbiguous()) {
         $queryValue = $user->getUsername();
     } elseif (($queryValue = $user->getAdditional('ldap_dn')) === null) {
         $userQuery = $this->ds->select()->from($this->userClass)->where($this->userNameAttribute, $user->getUsername())->setBase($this->userBaseDn)->setUsePagedResults(false);
         if ($this->userFilter) {
             $userQuery->setNativeFilter($this->userFilter);
         }
         if (($queryValue = $userQuery->fetchDn()) === null) {
             return array();
         }
     }
     if ($this->nestedGroupSearch) {
         $groupMemberAttribute = $this->groupMemberAttribute . ':1.2.840.113556.1.4.1941:';
     } else {
         $groupMemberAttribute = $this->groupMemberAttribute;
     }
     $groupQuery = $this->ds->select()->from($this->groupClass, array($this->groupNameAttribute))->where($groupMemberAttribute, $queryValue)->setBase($this->groupBaseDn);
     if ($this->groupFilter) {
         $groupQuery->setNativeFilter($this->groupFilter);
     }
     $groups = array();
     foreach ($groupQuery as $row) {
         $groups[] = $row->{$this->groupNameAttribute};
     }
     return $groups;
 }
示例#18
0
 /**
  * Setup internationalization using gettext
  *
  * Uses the preferred user language or the configured default and system default, respectively.
  *
  * @return  self
  */
 protected function setupInternationalization()
 {
     parent::setupInternationalization();
     if ($this->user !== null && $this->user->getPreferences() !== null && ($locale = $this->user->getPreferences()->get('app.language') !== null)) {
         try {
             Translator::setupLocale($locale);
         } catch (Exception $error) {
             Logger::warning('Cannot set locale "' . $locale . '" configured in ' . 'preferences of user "' . $this->user->getUsername() . '"');
         }
     }
     return $this;
 }
示例#19
0
 /**
  * Unshare the given navigation item
  *
  * @param   string  $name
  * @param   string  $parent
  *
  * @return  Config              The new config of the given navigation item
  *
  * @throws  NotFoundError       In case no navigation item with the given name is found
  * @throws  IcingaException     In case the navigation item has a parent assigned to it
  */
 public function unshare($name, $parent = null)
 {
     $config = $this->getShareConfig();
     if (!$config->hasSection($name)) {
         throw new NotFoundError('No navigation item called "%s" found', $name);
     }
     $itemConfig = $config->getSection($name);
     if ($parent === null) {
         $parent = $itemConfig->parent;
     }
     if ($parent && $this->hasBeenShared($parent)) {
         throw new IcingaException($this->translate('Unable to unshare navigation item "%s". It is dependent from item "%s".' . ' Dependent items can only be unshared by unsharing their parent'), $name, $parent);
     }
     $children = $this->getFlattenedChildren($name);
     $config->removeSection($name);
     $this->secondaryConfig = $config;
     if (!$itemConfig->owner || $itemConfig->owner === $this->getUser()->getUsername()) {
         $config = $this->getUserConfig();
     } else {
         $owner = new User($itemConfig->owner);
         $config = $owner->loadNavigationConfig();
     }
     foreach ($children as $child) {
         $childConfig = $this->secondaryConfig->getSection($child);
         unset($childConfig->owner);
         $this->secondaryConfig->removeSection($child);
         $config->setSection($child, $childConfig);
     }
     unset($itemConfig->owner);
     unset($itemConfig->users);
     unset($itemConfig->groups);
     $config->setSection($name, $itemConfig);
     $this->setIniConfig($config);
     return $config;
 }
示例#20
0
 /**
  * Getter for groups belonged to authenticated user
  *
  * @return  array
  * @see     User::getGroups
  */
 public function getGroups()
 {
     return $this->user->getGroups();
 }
示例#21
0
 /**
  * Authenticate the given user
  *
  * @param   User        $user
  * @param   string      $password
  *
  * @return  bool                        True on success, false on failure
  *
  * @throws  AuthenticationException     In case authentication is not possible due to an error
  */
 public function authenticate(User $user, $password)
 {
     try {
         $passwordHash = $this->getPasswordHash($user->getUsername());
         $passwordSalt = $this->getSalt($passwordHash);
         $hashToCompare = $this->hashPassword($password, $passwordSalt);
         return $hashToCompare === $passwordHash;
     } catch (Exception $e) {
         throw new AuthenticationException('Failed to authenticate user "%s" against backend "%s". An exception was thrown:', $user->getUsername(), $this->getName(), $e);
     }
 }
示例#22
0
 /**
  * Authenticate the given user
  *
  * @param   User        $user
  * @param   string      $password
  *
  * @return  bool                        True on success, false on failure
  *
  * @throws  AuthenticationException     In case authentication is not possible due to an error
  */
 public function authenticate(User $user, $password)
 {
     try {
         $userDn = $this->select()->where('user_name', str_replace('*', '', $user->getUsername()))->getQuery()->setUsePagedResults(false)->fetchDn();
         if ($userDn === null) {
             return false;
         }
         return $this->ds->testCredentials($userDn, $password);
     } catch (LdapException $e) {
         throw new AuthenticationException('Failed to authenticate user "%s" against backend "%s". An exception was thrown:', $user->getUsername(), $this->getName(), $e);
     }
 }
 /**
  * Return the groups the given user is a member of
  *
  * @param   User    $user
  *
  * @return  array
  */
 public function getMemberships(User $user)
 {
     if ($this->isAmbiguous($this->groupClass, $this->groupMemberAttribute)) {
         $queryValue = $user->getUsername();
     } elseif (($queryValue = $user->getAdditional('ldap_dn')) === null) {
         $userQuery = $this->ds->select()->from($this->userClass)->where($this->userNameAttribute, $user->getUsername())->setBase($this->userBaseDn)->setUsePagedResults(false);
         if ($this->userFilter) {
             $userQuery->where(new Expression($this->userFilter));
         }
         if (($queryValue = $userQuery->fetchDn()) === null) {
             return array();
         }
     }
     $groupQuery = $this->ds->select()->from($this->groupClass, array($this->groupNameAttribute))->where($this->groupMemberAttribute, $queryValue)->setBase($this->groupBaseDn);
     if ($this->groupFilter) {
         $groupQuery->where(new Expression($this->groupFilter));
     }
     $groups = array();
     foreach ($groupQuery as $row) {
         $groups[] = $row->{$this->groupNameAttribute};
     }
     return $groups;
 }
示例#24
0
 /**
  * Return the groups the given user is a member of
  *
  * @param   User    $user
  *
  * @return  array
  */
 public function getMemberships(User $user)
 {
     if ($this->groupClass === 'posixGroup') {
         // Posix group only uses simple user name
         $userDn = $user->getUsername();
     } else {
         // LDAP groups use the complete DN
         if (($userDn = $user->getAdditional('ldap_dn')) === null) {
             $userQuery = $this->ds->select()->from($this->userClass)->where($this->userNameAttribute, $user->getUsername())->setBase($this->userBaseDn)->setUsePagedResults(false);
             if ($this->userFilter) {
                 $userQuery->where(new Expression($this->userFilter));
             }
             if (($userDn = $userQuery->fetchDn()) === null) {
                 return array();
             }
         }
     }
     $groupQuery = $this->ds->select()->from($this->groupClass, array($this->groupNameAttribute))->where($this->groupMemberAttribute, $userDn)->setBase($this->groupBaseDn);
     if ($this->groupFilter) {
         $groupQuery->where(new Expression($this->groupFilter));
     }
     Logger::debug('Fetching groups for user %s using filter %s.', $user->getUsername(), $groupQuery->__toString());
     $groups = array();
     foreach ($groupQuery as $row) {
         $groups[] = $row->{$this->groupNameAttribute};
     }
     Logger::debug('Fetched %d groups: %s.', count($groups), join(', ', $groups));
     return $groups;
 }