/** * @param $auth */ public static function initAuthenticationFromCookie(\Piwik\Auth $auth, $activateCookieAuth) { if (self::isModuleIsAPI() && !$activateCookieAuth) { return; } $authCookieName = Config::getInstance()->General['login_cookie_name']; $authCookieExpiry = 0; $authCookiePath = Config::getInstance()->General['login_cookie_path']; $authCookie = new Cookie($authCookieName, $authCookieExpiry, $authCookiePath); $defaultLogin = '******'; $defaultTokenAuth = 'anonymous'; if ($authCookie->isCookieFound()) { $defaultLogin = $authCookie->get('login'); $defaultTokenAuth = $authCookie->get('token_auth'); } $auth->setLogin($defaultLogin); $auth->setTokenAuth($defaultTokenAuth); $storage = new Storage($defaultLogin); if (!$storage->isActive()) { return; } $secret = $storage->getSecret(); $cookieSecret = $authCookie->get('auth_code'); if ($cookieSecret == SessionInitializer::getHashTokenAuth($defaultLogin, $secret)) { $googleAuth = new PHPGangsta\GoogleAuthenticator(); $auth->setAuthCode($googleAuth->getCode($secret)); $auth->validateAuthCode(); } }
/** * Loads the access levels for the current user. * * Calls the authentication method to try to log the user in the system. * If the user credentials are not correct we don't load anything. * If the login/password is correct the user is either the SuperUser or a normal user. * We load the access levels for this user for all the websites. * * @param null|Auth $auth Auth adapter * @return bool true on success, false if reloading access failed (when auth object wasn't specified and user is not enforced to be Super User) */ public function reloadAccess(Auth $auth = null) { $this->resetSites(); if (isset($auth)) { $this->auth = $auth; } if ($this->hasSuperUserAccess()) { $this->makeSureLoginNameIsSet(); return true; } $this->token_auth = null; $this->login = null; // if the Auth wasn't set, we may be in the special case of setSuperUser(), otherwise we fail TODO: docs + review if ($this->auth === null) { return false; } // access = array ( idsite => accessIdSite, idsite2 => accessIdSite2) $result = $this->auth->authenticate(); if (!$result->wasAuthenticationSuccessful()) { return false; } $this->login = $result->getIdentity(); $this->token_auth = $result->getTokenAuth(); // case the superUser is logged in if ($result->hasSuperUserAccess()) { $this->setSuperUserAccess(true); } return true; }
private function assertAccessReloadedAndRestored($expectedTokenToBeReloaded) { $this->access->expects($this->exactly(2))->method('reloadAccess'); // verify access reloaded $this->auth->expects($this->at(0))->method('setLogin')->with($this->equalTo(null)); $this->auth->expects($this->at(1))->method('setTokenAuth')->with($this->equalTo($expectedTokenToBeReloaded)); $this->auth->expects($this->at(2))->method('authenticate')->will($this->returnValue(new AuthResult(AuthResult::SUCCESS, 'login1', $expectedTokenToBeReloaded))); // verify access restored $this->auth->expects($this->at(3))->method('setLogin')->with($this->equalTo(null)); $this->auth->expects($this->at(4))->method('setTokenAuth')->with($this->equalTo($tokenRestored = $this->userAuthToken)); $this->auth->expects($this->at(5))->method('authenticate')->will($this->returnValue(new AuthResult(AuthResult::SUCCESS, 'login', $this->userAuthToken))); }
/** * @param $auth */ public static function initAuthenticationFromCookie(\Piwik\Auth $auth, $activateCookieAuth) { if (self::isModuleIsAPI() && !$activateCookieAuth) { return; } $authCookieName = Config::getInstance()->General['login_cookie_name']; $authCookieExpiry = 0; $authCookiePath = Config::getInstance()->General['login_cookie_path']; $authCookie = new Cookie($authCookieName, $authCookieExpiry, $authCookiePath); $defaultLogin = '******'; $defaultTokenAuth = 'anonymous'; if ($authCookie->isCookieFound()) { $defaultLogin = $authCookie->get('login'); $defaultTokenAuth = $authCookie->get('token_auth'); } $auth->setLogin($defaultLogin); $auth->setTokenAuth($defaultTokenAuth); }
/** * Loads the access levels for the current user. * * Calls the authentication method to try to log the user in the system. * If the user credentials are not correct we don't load anything. * If the login/password is correct the user is either the SuperUser or a normal user. * We load the access levels for this user for all the websites. * * @param null|Auth $auth Auth adapter * @return bool true on success, false if reloading access failed (when auth object wasn't specified and user is not enforced to be Super User) */ public function reloadAccess(Auth $auth = null) { if (!is_null($auth)) { $this->auth = $auth; } // if the Auth wasn't set, we may be in the special case of setSuperUser(), otherwise we fail if (is_null($this->auth)) { if ($this->hasSuperUserAccess()) { return $this->reloadAccessSuperUser(); } } if ($this->hasSuperUserAccess()) { return $this->reloadAccessSuperUser(); } // if the Auth wasn't set, we may be in the special case of setSuperUser(), otherwise we fail TODO: docs + review if ($this->auth === null) { return false; } // access = array ( idsite => accessIdSite, idsite2 => accessIdSite2) $result = $this->auth->authenticate(); if (!$result->wasAuthenticationSuccessful()) { return false; } $this->login = $result->getIdentity(); $this->token_auth = $result->getTokenAuth(); // case the superUser is logged in if ($result->hasSuperUserAccess()) { return $this->reloadAccessSuperUser(); } // in case multiple calls to API using different tokens, we ensure we reset it as not SU $this->setSuperUserAccess(false); // we join with site in case there are rows in access for an idsite that doesn't exist anymore // (backward compatibility ; before we deleted the site without deleting rows in _access table) $accessRaw = $this->getRawSitesWithSomeViewAccess($this->login); foreach ($accessRaw as $access) { $this->idsitesByAccess[$access['access']][] = $access['idsite']; } return true; }
/** * Authenticates the user. * * Derived classes can override this method to customize authentication logic or impose * extra requirements on the user trying to login. * * @param AuthInterface $auth The Auth implementation to use when authenticating. * @return AuthResult */ protected function doAuthenticateSession(AuthInterface $auth) { Piwik::postEvent('Login.authenticate', array($auth->getLogin())); return $auth->authenticate(); }
/** * Authenticates the user. * * Derived classes can override this method to customize authentication logic or impose * extra requirements on the user trying to login. * * @param AuthInterface $auth The Auth implementation to use when authenticating. * @return AuthResult */ protected function doAuthenticateSession(AuthInterface $auth) { $login = $auth->getLogin(); $tokenAuthSecret = null; try { $tokenAuthSecret = $auth->getTokenAuthSecret(); } catch (Exception $ex) { Log::debug("SessionInitializer::doAuthenticateSession: token_auth secret for %s not available before user" . " is authenticated.", $login); } $tokenAuth = empty($tokenAuthSecret) ? null : $this->usersManagerAPI->getTokenAuth($login, $tokenAuthSecret); /** * @deprecated Create a custom SessionInitializer instead. */ Piwik::postEvent('Login.authenticate', array($auth->getLogin(), $tokenAuth)); return $auth->authenticate(); }
private static function initAuthenticationFromCookie(\Piwik\Auth $auth, $activateCookieAuth) { $authCookieName = Config::getInstance()->General['login_cookie_name']; $authCookieExpiry = 0; $authCookiePath = Config::getInstance()->General['login_cookie_path']; $authCookie = new Cookie($authCookieName, $authCookieExpiry, $authCookiePath); if ($authCookie->isCookieFound()) { $login = $authCookie->get('login'); $tokenAuth = $authCookie->get('token_auth'); \Piwik\Log::debug("Login [" . $login . "] from browser token"); $auth->setLogin($login); $auth->setTokenAuth($tokenAuth); return true; } else { return false; } }