6543/CommunityID
1
0
Fork 0
Code Issues 3 Pull Requests Releases Wiki Activity

import v2.0.0.0_RC3 | 2012-07-01

Browse Source 
https://github.com/lucanos/CommunityID -> http://www.itadmins.net/archives/357
This commit is contained in:
6543
2019-07-17 22:31:04 +02:00
parent 38c146901c
commit 2f397f01f7
2677 changed files with 296182 additions and 45159 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/users/models/AuthAttempt.php
View File

@ -1,7 +1,7 @@
<?php
/*
* @copyright Copyright (C) 2005-2009 Keyboard Monkeys Ltd. http://www.kb-m.com
* @copyright Copyright (C) 2005-2010 Keyboard Monkeys Ltd. http://www.kb-m.com
* @license http://creativecommons.org/licenses/BSD/ BSD License
* @author Keyboard Monkeys Ltd.
* @since CommunityID 0.9

2
modules/users/models/AuthAttempts.php
View File

@ -1,7 +1,7 @@
<?php
/*
* @copyright Copyright (C) 2005-2009 Keyboard Monkeys Ltd. http://www.kb-m.com
* @copyright Copyright (C) 2005-2010 Keyboard Monkeys Ltd. http://www.kb-m.com
* @license http://creativecommons.org/licenses/BSD/ BSD License
* @author Keyboard Monkeys Ltd.
* @since CommunityID 0.9

20
modules/users/models/Profile.php Normal file
View File

@ -0,0 +1,20 @@
<?php
/*
* @copyright Copyright (C) 2005-2010 Keyboard Monkeys Ltd. http://www.kb-m.com
* @license http://creativecommons.org/licenses/BSD/ BSD License
* @author Keyboard Monkeys Ltd.
* @since CommunityID 0.9
* @package CommunityID
* @packager Keyboard Monkeys
*/
class Users_Model_Profile extends Zend_Db_Table_Row_Abstract
{
public function getFields()
{
$fields = new Model_Fields();
return $fields->getValues($this);
}
}

26
modules/users/models/Profiles.php Normal file
View File

@ -0,0 +1,26 @@
<?php
/*
* @copyright Copyright (C) 2005-2010 Keyboard Monkeys Ltd. http://www.kb-m.com
* @license http://creativecommons.org/licenses/BSD/ BSD License
* @author Keyboard Monkeys Ltd.
* @since CommunityID 0.9
* @package CommunityID
* @packager Keyboard Monkeys
*/
class Users_Model_Profiles extends Monkeys_Db_Table_Gateway
{
protected $_name = 'profiles';
protected $_primary = 'id';
protected $_rowClass = 'Users_Model_Profile';
public function getForUser(Users_Model_User $user)
{
$select = $this->select()
->where('user_id=?', $user->id);
return $this->fetchAll($select);
}
}

59
modules/users/models/SigninImage.php Normal file
View File

@ -0,0 +1,59 @@
<?php
/*
* @copyright Copyright (C) 2005-2010 Keyboard Monkeys Ltd. http://www.kb-m.com
* @license http://creativecommons.org/licenses/BSD/ BSD License
* @author Keyboard Monkeys Ltd.
* @since CommunityID 0.9
* @package CommunityID
* @packager Keyboard Monkeys
*/
class Users_Model_SigninImage extends Zend_Db_Table_Row_Abstract
{
const MAX_WIDTH = 165;
const MAX_HEIGHT = 195;
private $_width;
private $_height;
public function getHeight()
{
list (,$height) = $this->_getDimensions();
return $height;
}
public function getWidth()
{
list ($width,) = $this->_getDimensions();
return $width;
}
private function _getDimensions()
{
if (!isset($this->_width) || !isset($this->_height)) {
$image = imagecreatefromstring($this->image);
$this->_width = imagesx($image);
$this->_height = imagesy($image);
if ($this->_height >= $this->_width * self::MAX_HEIGHT / self::MAX_WIDTH
&& $this->_height > self::MAX_HEIGHT) {
$newHeight = self::MAX_HEIGHT;
$newWidth = floor($width * $newHeight / $height);
$this->_height = $newHeight;
$this->_width = $newWidth;
} elseif ($this->_height < $this->_width * self::MAX_HEIGHT / self::MAX_WIDTH
&& $this->_width > self::MAX_WIDTH) {
$newWidth = self::MAX_WIDTH;
$newHeight = floor($newWidth * $this->_height / $this->_width);
$this->_height = $newHeight;
$this->_width = $newWidth;
}
}
return array($this->_width, $this->_height);
}
}

53
modules/users/models/SigninImages.php Normal file
View File

@ -0,0 +1,53 @@
<?php
/*
* @copyright Copyright (C) 2005-2010 Keyboard Monkeys Ltd. http://www.kb-m.com
* @license http://creativecommons.org/licenses/BSD/ BSD License
* @author Keyboard Monkeys Ltd.
* @since CommunityID 0.9
* @package CommunityID
* @packager Keyboard Monkeys
*/
class Users_Model_SigninImages extends Monkeys_Db_Table_Gateway
{
protected $_name = 'users_images';
protected $_primary = 'id';
protected $_rowClass = 'Users_Model_SigninImage';
public function getForUser(Users_Model_User $user)
{
$select = $this->select()
->where('user_id=?', $user->id);
return $this->fetchRow($select);
}
public function getByCookie($cookie)
{
$select = $this->select()
->where('cookie=?', $cookie);
return $this->fetchRow($select);
}
public function deleteForUser(Users_Model_User $user)
{
$where = $this->getAdapter()->quoteInto('user_id=?', $user->id);
$this->delete($where);
}
public function generateCookieId(Users_Model_User $user)
{
do {
$cookie = md5($user->username . rand(1, 1000));
$select = $this->select()
->where('cookie=?', $cookie);
$row = $this->fetchRow($select);
} while($row);
return $cookie;
}
}

156
modules/users/models/User.php Executable file → Normal file
View File

@ -1,7 +1,7 @@
<?php
/*
* @copyright Copyright (C) 2005-2009 Keyboard Monkeys Ltd. http://www.kb-m.com
* @copyright Copyright (C) 2005-2010 Keyboard Monkeys Ltd. http://www.kb-m.com
* @license http://creativecommons.org/licenses/BSD/ BSD License
* @author Keyboard Monkeys Ltd.
* @since CommunityID 0.9
@ -15,6 +15,11 @@ class Users_Model_User extends Zend_Db_Table_Row_Abstract
const ROLE_GUEST = 'guest';
const ROLE_REGISTERED = 'registered';
const ROLE_ADMIN = 'admin';
const AUTH_PASSWORD = 0;
const AUTH_YUBIKEY = 1;
private $_image;
/**
* To identify the app that owns the user obj in the session.
@ -35,10 +40,15 @@ class Users_Model_User extends Zend_Db_Table_Row_Abstract
* Password is stored using md5($this->openid.$password) because
* that's what's used in Zend_OpenId
*/
public function setPassword($password)
{
$this->password = $password;
$this->password_changed = date('Y-m-d');
}
public function setClearPassword($password)
{
$this->password = md5($this->openid.$password);
$this->password_changed = date('Y-m-d');
$this->setPassword(md5($this->openid.$password));
}
public function isAllowed($resource, $privilege)
@ -56,4 +66,144 @@ class Users_Model_User extends Zend_Db_Table_Row_Abstract
return md5($token.time());
}
public function overrideWithLdapData(Array $ldapData, $syncDb = false)
{
$acceptedEula = 1;
$username = $ldapData['cn'][0];
$firstname = $ldapData['givenname'][0];
$lastname = $ldapData['sn'][0];
$email = $ldapData['mail'][0];
if (Zend_Registry::get('config')->ldap->admin == $username) {
$role = Users_Model_User::ROLE_ADMIN;
} else {
$role = Users_Model_User::ROLE_REGISTERED;
}
if ($this->accepted_eula != $acceptedEula
|| $this->username != $username
|| $this->firstname != $firstname
|| $this->lastname != $lastname
|| $this->email != $email
|| $this->role != $role) {
$userChanged = true;
} else {
$userChanged = false;
}
$this->accepted_eula = $acceptedEula;
$this->username = $username;
$this->firstname = $firstname;
$this->lastname = $lastname;
$this->email = $email;
$this->role = $role;
if ($syncDb && $userChanged) {
$this->save();
}
}
public function generateOpenId($baseUrl)
{
$config = Zend_Registry::get('config');
if ($config->subdomain->enabled) {
$openid = Monkeys_Controller_Action::getProtocol() . '://' . $this->username . '.' . $config->subdomain->hostname;
} else {
$openid = $baseUrl . '/identity/' . $this->username;
}
if ($config->SSL->enable_mixed_mode) {
$openid = str_replace('http://', 'https://', $openid);
}
Zend_OpenId::normalizeUrl($openid);
$this->openid = $openid;
}
public function createDefaultProfile(Zend_View $view)
{
$profiles = new Users_Model_Profiles();
$profile = $profiles->createRow();
$profile->user_id = $this->id;
$profile->name = $view->translate('Default profile');
$profile->save();
return $profile->id;
}
public function generatePersonalInfo(Array $ldapData, $profileId)
{
if (!$this->id) {
throw new Exception('Can\'t call User::generatePersonalInfo() on an empty User object');
}
$ldapConfig = Zend_Registry::get('config')->ldap;
if (!isset($ldapConfig->fields)) {
return;
}
$fieldValues = new Model_FieldsValues();
$fields = new Model_Fields();
foreach ($ldapConfig->fields->toArray() as $openIdField => $ldapField) {
if (!$fieldRow = $fields->getByOpenIdIdentifier($openIdField)) {
continue;
}
if (!isset($ldapData[$ldapField])) {
if (strpos($ldapField, '+') == false) {
continue;
}
$subfields = explode('+', $ldapField);
array_walk($subfields, 'trim');
$value = array();
foreach ($subfields as $subfield) {
if (!isset($ldapData[$subfield])) {
continue;
}
$value[] = $ldapData[$subfield][0];
}
$value = implode(' ', $value);
} else {
$value = $ldapData[$ldapField][0];
}
$fieldsValue = $fieldValues->createRow();
$fieldsValue->user_id = $this->id;
$fieldsValue->profile_id = $profileId;
$fieldsValue->field_id = $fieldRow->id;
$fieldsValue->value = $value;
$fieldsValue->save();
}
}
public function getImage()
{
if (!isset($this->_image)) {
$images = new Users_Model_SigninImages();
if (!$row = $images->getForUser($this)) {
$this->_image = false;
} else {
$this->_image = $row;
}
}
return $this->_image;
}
public function markSuccessfullLogin()
{
$this->last_login = date('Y-m-d H:i:s');
}
public function getLastLoginUtc()
{
$time = strtotime($this->last_login);
return gmdate('Y-m-d\TH:i:s\Z', $time);
}
public function getSecondsSinceLastLogin()
{
return time() - strtotime($this->last_login);
}
}

240
modules/users/models/Users.php Executable file → Normal file
View File

@ -1,7 +1,7 @@
<?php
/*
* @copyright Copyright (C) 2005-2009 Keyboard Monkeys Ltd. http://www.kb-m.com
* @copyright Copyright (C) 2005-2010 Keyboard Monkeys Ltd. http://www.kb-m.com
* @license http://creativecommons.org/licenses/BSD/ BSD License
* @author Keyboard Monkeys Ltd.
* @since CommunityID 0.9
@ -54,43 +54,128 @@ class Users_Model_Users extends Monkeys_Db_Table_Gateway
*
* @return Zend_Auth_Result
*/
public function authenticate($identity, $password, $isOpenId = false)
public function authenticate($identity, $password, $isOpenId = false, Zend_View $view = null, $bypassMarkSuccessfullLogin = false)
{
$auth = Zend_Auth::getInstance();
$db = $this->getAdapter();
$config = Zend_Registry::get('config');
$useYubikey = false;
$result = $db->query("SHOW VARIABLES LIKE 'character_set_client'")->fetch();
$clientCharset = $result['Value'];
if ($isOpenId) {
if (!Zend_OpenId::normalize($identity)) {
return false;
}
$authAdapter = new Zend_Auth_Adapter_DbTable($db, 'users', 'openid', 'password',
'MD5(CONCAT(CONVERT(openid using ' . $clientCharset . '), CONVERT(? using ' . $clientCharset . ')))');
if (!$this->_user = $this->getUserWithOpenId($identity)) {
return false;
}
$cn = $this->_user->username;
} else {
$authAdapter = new Zend_Auth_Adapter_DbTable($db, 'users', 'username', 'password',
'MD5(CONCAT(CONVERT(openid using ' . $clientCharset . '), CONVERT(? using ' . $clientCharset . ')))');
$cn = $identity;
$this->_user = $this->getUserWithUsername($identity, false, $view);
}
$authAdapter->setIdentity($identity);
$authAdapter->setCredential($password);
if ($this->_user
&& $config->yubikey->enabled
&& ($this->_user->auth_type == Users_Model_User::AUTH_YUBIKEY
|| $config->yubikey->force)) {
$parts = Yubico_Auth::parsePasswordOTP($password);
if (!$parts || $this->_user->yubikey_publicid != $parts['prefix']) {
return false;
}
$useYubikey = true;
}
$config = Zend_Registry::get('config');
$ldapConfig = $config->ldap;
if ($useYubikey) {
if (!@$config->yubikey->api_id || !@$config->yubikey->api_key) {
throw new Zend_Exception('Admin must set the yubikey configuration options before attempting to log in using this method');
}
$authAdapter = new Monkeys_Auth_Adapter_Yubikey(
array(
'api_id' => $config->yubikey->api_id,
'api_key' => $config->yubikey->api_key
),
$identity,
$password
);
} else if ($ldapConfig->enabled) {
$ldapOptions = $ldapConfig->toArray();
$ldapOptions['accountCanonicalForm'] = Zend_Ldap::ACCTNAME_FORM_USERNAME;
unset($ldapOptions['enabled']);
unset($ldapOptions['admin']);
unset($ldapOptions['fields']);
unset($ldapOptions['keepRecordsSynced']);
unset($ldapOptions['canChangePassword']);
unset($ldapOptions['passwordHashing']);
// we'll try to bind directly as the user to be authenticated, so we're unsetting
// the LDAP admin credentials
unset($ldapOptions['username']);
unset($ldapOptions['password']);
$username = "cn=$cn,{$ldapOptions['baseDn']}";
$authAdapter = new Zend_Auth_Adapter_Ldap(
array('server1' => $ldapOptions),
$username,
$password
);
} else {
$db = $this->getAdapter();
$result = $db->query("SHOW VARIABLES LIKE 'character_set_client'")->fetch();
$clientCharset = $result['Value'];
if ($isOpenId) {
$authAdapter = new Zend_Auth_Adapter_DbTable($db, 'users', 'openid', 'password',
'MD5(CONCAT(CONVERT(openid using ' . $clientCharset . '), CONVERT(? using ' . $clientCharset . ')))');
} else {
$authAdapter = new Zend_Auth_Adapter_DbTable($db, 'users', 'username', 'password',
'MD5(CONCAT(CONVERT(openid using ' . $clientCharset . '), CONVERT(? using ' . $clientCharset . ')))');
}
$authAdapter->setIdentity($identity);
$authAdapter->setCredential($password);
}
$auth = Zend_Auth::getInstance();
$result = $auth->authenticate($authAdapter);
if ($result->isValid()) {
if ($isOpenId) {
$this->_user = $this->getUserWithOpenId($identity);
} else {
$this->_user = $this->getUserWithUsername($identity);
if (!$isOpenId) {
try {
$this->_user = $this->getUserWithUsername($identity, true, $view);
} catch (Exception $e) {
// avoid leaving in the session an empty user object
Zend_Auth::getInstance()->clearIdentity();
Zend_Session::forgetMe();
throw $e;
}
}
if (!$bypassMarkSuccessfullLogin) {
$this->_user->markSuccessfullLogin();
}
$this->_user->save();
$auth->getStorage()->write($this->_user);
Zend_Registry::set('user', $this->_user);
return true;
}
// this is ugly, logging should be done in the controller, not here
$logger = Zend_Registry::get('logger');
$logger->log("Invalid authentication: " . implode(' - ', $result->getMessages()), Zend_Log::DEBUG);
if (is_a($authAdapter, 'Monkeys_Auth_Adapter_Yubikey')) {
$authOptions = $authAdapter->getOptions();
if ($yubi = @$authOptions['yubiClient']) {
$logger->log("Yubi request was: " . $yubi->getlastQuery(), Zend_Log::DEBUG);
}
}
return false;
}
@ -152,18 +237,80 @@ class Users_Model_Users extends Monkeys_Db_Table_Gateway
public function getUserWithEmail($email)
{
$select = $this->select()
->where('email=?', $email);
$ldapOptions = Zend_Registry::get('config')->ldap;
if ($ldapOptions->enabled) {
$ldap = Monkeys_Ldap::getInstance();
try {
$ldapUserData = $ldap->search($ldapOptions->baseDn, 'mail', $email);
} catch (Exception $e) {
if ($e->getCode() == Monkeys_Ldap::EXCEPTION_GET_ENTRIES) {
return false;
}
return $this->fetchRow($select);
throw $e;
}
$select = $this->select()
->where('username=?', $ldapUserData['cn'][0]);
$user = $this->fetchRow($select);
if (!$user) {
// user is registered in LDAP, but not in CID's db
$user = $this->createRow();
$user->registration_date = date('Y-m-d');
}
// this fields are always overridden from what comes from LDAP, because they might change
$user->overrideWithLdapData($ldapUserData);
} else {
$select = $this->select()
->where('email=?', $email);
$user = $this->fetchRow($select);
}
return $user;
}
public function getUserWithUsername($username)
public function getUserWithUsername($username, $generateNewIfMissing = false, Zend_View $view = null)
{
$select = $this->select()
->where('username=?', $username);
$user = $this->fetchRow($select);
return $this->fetchRow($select);
$ldapOptions = Zend_Registry::get('config')->ldap;
if ($ldapOptions->enabled) {
$ldap = Monkeys_Ldap::getInstance();
try {
$ldapUserData = $ldap->get("cn=$username,{$ldapOptions->baseDn}");
} catch (Exception $e) {
if ($e->getCode() == Monkeys_Ldap::EXCEPTION_SEARCH) {
return false;
}
throw $e;
}
if ($user) {
// this fields are always overridden from what comes from LDAP, because they might change
$user->overrideWithLdapData($ldapUserData);
} else {
// user is registered in LDAP, but not in CID's db
$user = $this->createRow();
$user->registration_date = date('Y-m-d');
$user->overrideWithLdapData($ldapUserData);
if ($user->role != Users_Model_User::ROLE_ADMIN) {
preg_match('#(.*)/users/login/authenticate#', Zend_OpenId::selfURL(), $matches);
$user->generateOpenId($matches[1]);
}
if ($generateNewIfMissing) {
$user->save();
$profileId = $user->createDefaultProfile($view);
$user->generatePersonalInfo($ldapUserData, $profileId);
}
}
}
return $user;
}
public function getUserWithOpenId($openid)
@ -305,6 +452,40 @@ class Users_Model_Users extends Monkeys_Db_Table_Gateway
'PRIMARY_POSITION' => NULL,
'IDENTITY' => false,
),
'last_login' =>
array(
'SCHEMA_NAME' => NULL,
'TABLE_NAME' => 'users',
'COLUMN_NAME' => 'last_login',
'COLUMN_POSITION' => 7,
'DATA_TYPE' => 'datetime',
'DEFAULT' => NULL,
'NULLABLE' => false,
'LENGTH' => NULL,
'SCALE' => NULL,
'PRECISION' => NULL,
'UNSIGNED' => NULL,
'PRIMARY' => false,
'PRIMARY_POSITION' => NULL,
'IDENTITY' => false,
),
'auth_type' =>
array (
'SCHEMA_NAME' => NULL,
'TABLE_NAME' => 'users',
'COLUMN_NAME' => 'auth_type',
'COLUMN_POSITION' => 7,
'DATA_TYPE' => 'tinyint',
'DEFAULT' => '0',
'NULLABLE' => false,
'LENGTH' => NULL,
'SCALE' => NULL,
'PRECISION' => NULL,
'UNSIGNED' => NULL,
'PRIMARY' => false,
'PRIMARY_POSITION' => NULL,
'IDENTITY' => false,
),
'password' =>
array (
'SCHEMA_NAME' => NULL,
@ -339,6 +520,23 @@ class Users_Model_Users extends Monkeys_Db_Table_Gateway
'PRIMARY_POSITION' => NULL,
'IDENTITY' => false,
),
'yubikey_publicid' =>
array (
'SCHEMA_NAME' => NULL,
'TABLE_NAME' => 'users',
'COLUMN_NAME' => 'yubikey_publicid',
'COLUMN_POSITION' => 9,
'DATA_TYPE' => 'varchar',
'DEFAULT' => NULL,
'NULLABLE' => false,
'LENGTH' => '50',
'SCALE' => NULL,
'PRECISION' => NULL,
'UNSIGNED' => NULL,
'PRIMARY' => false,
'PRIMARY_POSITION' => NULL,
'IDENTITY' => false,
),
'firstname' =>
array (
'SCHEMA_NAME' => NULL,