/** * @expectedException \Exception * @expectedExceptionMessage token_auth specified does not have Admin permission for idsite=1 */ public function test_authenticateRequests_shouldThrowAnException_IfTokenIsNotValid() { $dummyToken = API::getInstance()->getTokenAuth('test', UsersManager::getPasswordHash('2')); $superUserToken = $this->getSuperUserToken(); $requests = array($this->buildDummyRequest($superUserToken), $this->buildDummyRequest($dummyToken)); $this->requests->authenticateRequests($requests); }
/** * Create a user upon call from frontend * This API method will be called from Controller of this module * * @param String $userLogin * @param String $userPassword * @param String $userEmail * @return Boolean */ public function createUser($userLogin, $userPassword, $userEmail) { if ($userLogin and $userPassword) { $userManager = UserManagerAPI::getInstance(); if (!$this->userManagerModel->userEmailExists($userEmail) and !$this->userManagerModel->userExists($userLogin)) { $password = Common::unsanitizeInputValue($userPassword); UserManager::checkPassword($password); $passwordTransformed = UserManager::getPasswordHash($password); $token_auth = $userManager->getTokenAuth($userEmail, $passwordTransformed); try { $this->userManagerModel->addUser($userEmail, $passwordTransformed, $userEmail, $userLogin, $token_auth, Date::now()->getDatetime()); return true; } catch (Exception $e) { //throw new Exception($e->getMessage()); $this->__errors[] = 'Error in creating the user in database.'; } } else { $this->__errors[] = 'User email already exists or the login name already exists'; } } return false; }
private function createAdminUserForSite($idSite) { $login = '******'; $passwordHash = UsersManager::getPasswordHash('password'); $token = API::getInstance()->getTokenAuth($login, $passwordHash); $user = new Model(); $user->addUser($login, $passwordHash, 'admin@piwik', 'alias', $token, '2014-01-01 00:00:00'); $user->addUserAccess($login, 'admin', array($idSite)); return $token; }
public static function createSuperUser($removeExisting = true) { $login = self::ADMIN_USER_LOGIN; $password = UsersManager::getPasswordHash(self::ADMIN_USER_PASSWORD); $token = self::getTokenAuth(); $model = new \Piwik\Plugins\UsersManager\Model(); if ($removeExisting) { $model->deleteUserOnly($login); } $user = $model->getUser($login); if (empty($user)) { $model->addUser($login, $password, '*****@*****.**', $login, $token, Date::now()->getDatetime()); } else { $model->updateUser($login, $password, '*****@*****.**', $login, $token); } if (empty($user['superuser_access'])) { $model->setSuperUserAccess($login, true); } return $model->getUserByTokenAuth($token); }
/** * Sets the password hash to use when authentication. * * @param string $passwordHash The password hash. */ public function setPasswordHash($passwordHash) { if ($passwordHash === null) { $this->hashedPassword = null; return; } // check that the password hash is valid (sanity check) UsersManager::checkPasswordHash($passwordHash, Piwik::translate('Login_ExceptionPasswordMD5HashExpected')); $this->hashedPassword = $passwordHash; }
/** * Saves password reset info and sends confirmation email. * * @param QuickForm2 $form * @return array Error message(s) if an error occurs. */ private function resetPasswordFirstStep($form) { $loginMail = $form->getSubmitValue('form_login'); $password = $form->getSubmitValue('form_password'); // check the password try { UsersManager::checkPassword($password); } catch (Exception $ex) { return array($ex->getMessage()); } // get the user's login if ($loginMail === 'anonymous') { return array(Piwik::translate('Login_InvalidUsernameEmail')); } $user = self::getUserInformation($loginMail); if ($user === null) { return array(Piwik::translate('Login_InvalidUsernameEmail')); } $login = $user['login']; // if valid, store password information in options table, then... Login::savePasswordResetInfo($login, $password); // ... send email with confirmation link try { $this->sendEmailConfirmationLink($user); } catch (Exception $ex) { // remove password reset info Login::removePasswordResetInfo($login); return array($ex->getMessage() . Piwik::translate('Login_ContactAdmin')); } return null; }
/** * Updates a user in the database. * Only login and password are required (case when we update the password). * When the password changes, the key token for this user will change, which could break * its API calls. * * @see addUser() for all the parameters */ public function updateUser($userLogin, $password = false, $email = false, $alias = false, $_isPasswordHashed = false) { Piwik::checkUserIsSuperUserOrTheUser($userLogin); $this->checkUserIsNotAnonymous($userLogin); $this->checkUserIsNotSuperUser($userLogin); $userInfo = $this->getUser($userLogin); if (empty($password)) { $password = $userInfo['password']; } else { $password = Common::unsanitizeInputValue($password); if (!$_isPasswordHashed) { UsersManager::checkPassword($password); $password = UsersManager::getPasswordHash($password); } } if (empty($alias)) { $alias = $userInfo['alias']; } if (empty($email)) { $email = $userInfo['email']; } if ($email != $userInfo['email']) { $this->checkEmail($email); } $alias = $this->getCleanAlias($alias, $userLogin); $token_auth = $this->getTokenAuth($userLogin, $password); $db = Db::get(); $db->update(Common::prefixTable("user"), array('password' => $password, 'alias' => $alias, 'email' => $email, 'token_auth' => $token_auth), "login = '******'"); Cache::deleteTrackerCache(); /** * Triggered after an existing user has been updated. * * @param string $userLogin The user's login handle. */ Piwik::postEvent('UsersManager.updateUser.end', array($userLogin)); }
private function updateUserPassword() { $user = $this->getUserForLogin(); $passwordHash = UsersManager::getPasswordHash($this->password); $newTokenAuth = $this->usersManagerAPI->getTokenAuth($this->login, $passwordHash); $this->usersModel->updateUser($this->login, $passwordHash, $user['email'], $user['alias'], $newTokenAuth); // make sure cookie has correct token auth $this->userForLogin['password'] = $passwordHash; $this->token_auth = $this->userForLogin['token_auth'] = $newTokenAuth; }
/** * Stores password reset info for a specific login. * * @param string $login The user login for whom a password change was requested. * @param string $password The new password to set. */ public static function savePasswordResetInfo($login, $password) { $optionName = self::getPasswordResetInfoOptionName($login); $optionData = UsersManager::getPasswordHash($password); Option::set($optionName, $optionData); }
/** * Updates a user in the database. * Only login and password are required (case when we update the password). * When the password changes, the key token for this user will change, which could break * its API calls. * * @see addUser() for all the parameters */ public function updateUser($userLogin, $password = false, $email = false, $alias = false, $_isPasswordHashed = false) { Piwik::checkUserHasSuperUserAccessOrIsTheUser($userLogin); $this->checkUserIsNotAnonymous($userLogin); $userInfo = $this->getUser($userLogin); $passwordHasBeenUpdated = false; if (empty($password)) { $password = $userInfo['password']; } else { $password = Common::unsanitizeInputValue($password); if (!$_isPasswordHashed) { UsersManager::checkPassword($password); $password = UsersManager::getPasswordHash($password); } $passwordHasBeenUpdated = true; } if (empty($alias)) { $alias = $userInfo['alias']; } if (empty($email)) { $email = $userInfo['email']; } if ($email != $userInfo['email']) { $this->checkEmail($email); } $alias = $this->getCleanAlias($alias, $userLogin); $token_auth = $this->getTokenAuth($userLogin, $password); $this->model->updateUser($userLogin, $password, $email, $alias, $token_auth); Cache::deleteTrackerCache(); /** * Triggered after an existing user has been updated. * Event notify about password change. * * @param string $userLogin The user's login handle. * @param boolean $passwordHasBeenUpdated Flag containing information about password change. */ Piwik::postEvent('UsersManager.updateUser.end', array($userLogin, $passwordHasBeenUpdated, $email, $password, $alias)); }
/** * Stores password reset info for a specific login. * * @param string $login The user login for whom a password change was requested. * @param string $newPassword The new password to set. */ private function savePasswordResetInfo($login, $newPassword) { $optionName = $this->getPasswordResetInfoOptionName($login); $optionData = UsersManager::getPasswordHash($newPassword); Option::set($optionName, $optionData); }
/** * Generates a unique MD5 for the given login & password * * @param string $userLogin Login * @param string $md5Password hashed string of the password (using current hash function; MD5-named for historical reasons) * @return string */ public function getTokenAuth($userLogin, $md5Password) { UsersManager::checkPasswordHash($md5Password, Piwik::translate('UsersManager_ExceptionPasswordMD5HashExpected')); return md5($userLogin . $md5Password); }
/** * Returns the user's API token. * * If the username/password combination is incorrect an invalid token will be returned. * * @param string $userLogin Login * @param string $md5Password hashed string of the password (using current hash function; MD5-named for historical reasons) * @return string */ public function getTokenAuth($userLogin, $md5Password) { UsersManager::checkPasswordHash($md5Password, Piwik::translate('UsersManager_ExceptionPasswordMD5HashExpected')); $user = $this->model->getUser($userLogin); if (!$this->password->verify($md5Password, $user['password'])) { return md5($userLogin . microtime(true) . Common::generateUniqId()); } if ($this->password->needsRehash($user['password'])) { $this->updateUser($userLogin, $this->password->hash($md5Password)); } return $user['token_auth']; }