6543/CommunityID
1
0
Fork 0
Code Issues 3 Pull Requests Releases Wiki Activity

import v2.0.0.0_RC3 | 2012-07-01

Browse Source 
https://github.com/lucanos/CommunityID -> http://www.itadmins.net/archives/357
This commit is contained in:
6543
2019-07-17 22:31:04 +02:00
parent 38c146901c
commit 2f397f01f7
2677 changed files with 296182 additions and 45159 deletions
Download Patch File Download Diff File Expand all files Collapse all files

240
modules/users/models/Users.php Executable file → Normal file
View File

@ -1,7 +1,7 @@
<?php
/*
* @copyright Copyright (C) 2005-2009 Keyboard Monkeys Ltd. http://www.kb-m.com
* @copyright Copyright (C) 2005-2010 Keyboard Monkeys Ltd. http://www.kb-m.com
* @license http://creativecommons.org/licenses/BSD/ BSD License
* @author Keyboard Monkeys Ltd.
* @since CommunityID 0.9
@ -54,43 +54,128 @@ class Users_Model_Users extends Monkeys_Db_Table_Gateway
*
* @return Zend_Auth_Result
*/
public function authenticate($identity, $password, $isOpenId = false)
public function authenticate($identity, $password, $isOpenId = false, Zend_View $view = null, $bypassMarkSuccessfullLogin = false)
{
$auth = Zend_Auth::getInstance();
$db = $this->getAdapter();
$config = Zend_Registry::get('config');
$useYubikey = false;
$result = $db->query("SHOW VARIABLES LIKE 'character_set_client'")->fetch();
$clientCharset = $result['Value'];
if ($isOpenId) {
if (!Zend_OpenId::normalize($identity)) {
return false;
}
$authAdapter = new Zend_Auth_Adapter_DbTable($db, 'users', 'openid', 'password',
'MD5(CONCAT(CONVERT(openid using ' . $clientCharset . '), CONVERT(? using ' . $clientCharset . ')))');
if (!$this->_user = $this->getUserWithOpenId($identity)) {
return false;
}
$cn = $this->_user->username;
} else {
$authAdapter = new Zend_Auth_Adapter_DbTable($db, 'users', 'username', 'password',
'MD5(CONCAT(CONVERT(openid using ' . $clientCharset . '), CONVERT(? using ' . $clientCharset . ')))');
$cn = $identity;
$this->_user = $this->getUserWithUsername($identity, false, $view);
}
$authAdapter->setIdentity($identity);
$authAdapter->setCredential($password);
if ($this->_user
&& $config->yubikey->enabled
&& ($this->_user->auth_type == Users_Model_User::AUTH_YUBIKEY
|| $config->yubikey->force)) {
$parts = Yubico_Auth::parsePasswordOTP($password);
if (!$parts || $this->_user->yubikey_publicid != $parts['prefix']) {
return false;
}
$useYubikey = true;
}
$config = Zend_Registry::get('config');
$ldapConfig = $config->ldap;
if ($useYubikey) {
if (!@$config->yubikey->api_id || !@$config->yubikey->api_key) {
throw new Zend_Exception('Admin must set the yubikey configuration options before attempting to log in using this method');
}
$authAdapter = new Monkeys_Auth_Adapter_Yubikey(
array(
'api_id' => $config->yubikey->api_id,
'api_key' => $config->yubikey->api_key
),
$identity,
$password
);
} else if ($ldapConfig->enabled) {
$ldapOptions = $ldapConfig->toArray();
$ldapOptions['accountCanonicalForm'] = Zend_Ldap::ACCTNAME_FORM_USERNAME;
unset($ldapOptions['enabled']);
unset($ldapOptions['admin']);
unset($ldapOptions['fields']);
unset($ldapOptions['keepRecordsSynced']);
unset($ldapOptions['canChangePassword']);
unset($ldapOptions['passwordHashing']);
// we'll try to bind directly as the user to be authenticated, so we're unsetting
// the LDAP admin credentials
unset($ldapOptions['username']);
unset($ldapOptions['password']);
$username = "cn=$cn,{$ldapOptions['baseDn']}";
$authAdapter = new Zend_Auth_Adapter_Ldap(
array('server1' => $ldapOptions),
$username,
$password
);
} else {
$db = $this->getAdapter();
$result = $db->query("SHOW VARIABLES LIKE 'character_set_client'")->fetch();
$clientCharset = $result['Value'];
if ($isOpenId) {
$authAdapter = new Zend_Auth_Adapter_DbTable($db, 'users', 'openid', 'password',
'MD5(CONCAT(CONVERT(openid using ' . $clientCharset . '), CONVERT(? using ' . $clientCharset . ')))');
} else {
$authAdapter = new Zend_Auth_Adapter_DbTable($db, 'users', 'username', 'password',
'MD5(CONCAT(CONVERT(openid using ' . $clientCharset . '), CONVERT(? using ' . $clientCharset . ')))');
}
$authAdapter->setIdentity($identity);
$authAdapter->setCredential($password);
}
$auth = Zend_Auth::getInstance();
$result = $auth->authenticate($authAdapter);
if ($result->isValid()) {
if ($isOpenId) {
$this->_user = $this->getUserWithOpenId($identity);
} else {
$this->_user = $this->getUserWithUsername($identity);
if (!$isOpenId) {
try {
$this->_user = $this->getUserWithUsername($identity, true, $view);
} catch (Exception $e) {
// avoid leaving in the session an empty user object
Zend_Auth::getInstance()->clearIdentity();
Zend_Session::forgetMe();
throw $e;
}
}
if (!$bypassMarkSuccessfullLogin) {
$this->_user->markSuccessfullLogin();
}
$this->_user->save();
$auth->getStorage()->write($this->_user);
Zend_Registry::set('user', $this->_user);
return true;
}
// this is ugly, logging should be done in the controller, not here
$logger = Zend_Registry::get('logger');
$logger->log("Invalid authentication: " . implode(' - ', $result->getMessages()), Zend_Log::DEBUG);
if (is_a($authAdapter, 'Monkeys_Auth_Adapter_Yubikey')) {
$authOptions = $authAdapter->getOptions();
if ($yubi = @$authOptions['yubiClient']) {
$logger->log("Yubi request was: " . $yubi->getlastQuery(), Zend_Log::DEBUG);
}
}
return false;
}
@ -152,18 +237,80 @@ class Users_Model_Users extends Monkeys_Db_Table_Gateway
public function getUserWithEmail($email)
{
$select = $this->select()
->where('email=?', $email);
$ldapOptions = Zend_Registry::get('config')->ldap;
if ($ldapOptions->enabled) {
$ldap = Monkeys_Ldap::getInstance();
try {
$ldapUserData = $ldap->search($ldapOptions->baseDn, 'mail', $email);
} catch (Exception $e) {
if ($e->getCode() == Monkeys_Ldap::EXCEPTION_GET_ENTRIES) {
return false;
}
return $this->fetchRow($select);
throw $e;
}
$select = $this->select()
->where('username=?', $ldapUserData['cn'][0]);
$user = $this->fetchRow($select);
if (!$user) {
// user is registered in LDAP, but not in CID's db
$user = $this->createRow();
$user->registration_date = date('Y-m-d');
}
// this fields are always overridden from what comes from LDAP, because they might change
$user->overrideWithLdapData($ldapUserData);
} else {
$select = $this->select()
->where('email=?', $email);
$user = $this->fetchRow($select);
}
return $user;
}
public function getUserWithUsername($username)
public function getUserWithUsername($username, $generateNewIfMissing = false, Zend_View $view = null)
{
$select = $this->select()
->where('username=?', $username);
$user = $this->fetchRow($select);
return $this->fetchRow($select);
$ldapOptions = Zend_Registry::get('config')->ldap;
if ($ldapOptions->enabled) {
$ldap = Monkeys_Ldap::getInstance();
try {
$ldapUserData = $ldap->get("cn=$username,{$ldapOptions->baseDn}");
} catch (Exception $e) {
if ($e->getCode() == Monkeys_Ldap::EXCEPTION_SEARCH) {
return false;
}
throw $e;
}
if ($user) {
// this fields are always overridden from what comes from LDAP, because they might change
$user->overrideWithLdapData($ldapUserData);
} else {
// user is registered in LDAP, but not in CID's db
$user = $this->createRow();
$user->registration_date = date('Y-m-d');
$user->overrideWithLdapData($ldapUserData);
if ($user->role != Users_Model_User::ROLE_ADMIN) {
preg_match('#(.*)/users/login/authenticate#', Zend_OpenId::selfURL(), $matches);
$user->generateOpenId($matches[1]);
}
if ($generateNewIfMissing) {
$user->save();
$profileId = $user->createDefaultProfile($view);
$user->generatePersonalInfo($ldapUserData, $profileId);
}
}
}
return $user;
}
public function getUserWithOpenId($openid)
@ -305,6 +452,40 @@ class Users_Model_Users extends Monkeys_Db_Table_Gateway
'PRIMARY_POSITION' => NULL,
'IDENTITY' => false,
),
'last_login' =>
array(
'SCHEMA_NAME' => NULL,
'TABLE_NAME' => 'users',
'COLUMN_NAME' => 'last_login',
'COLUMN_POSITION' => 7,
'DATA_TYPE' => 'datetime',
'DEFAULT' => NULL,
'NULLABLE' => false,
'LENGTH' => NULL,
'SCALE' => NULL,
'PRECISION' => NULL,
'UNSIGNED' => NULL,
'PRIMARY' => false,
'PRIMARY_POSITION' => NULL,
'IDENTITY' => false,
),
'auth_type' =>
array (
'SCHEMA_NAME' => NULL,
'TABLE_NAME' => 'users',
'COLUMN_NAME' => 'auth_type',
'COLUMN_POSITION' => 7,
'DATA_TYPE' => 'tinyint',
'DEFAULT' => '0',
'NULLABLE' => false,
'LENGTH' => NULL,
'SCALE' => NULL,
'PRECISION' => NULL,
'UNSIGNED' => NULL,
'PRIMARY' => false,
'PRIMARY_POSITION' => NULL,
'IDENTITY' => false,
),
'password' =>
array (
'SCHEMA_NAME' => NULL,
@ -339,6 +520,23 @@ class Users_Model_Users extends Monkeys_Db_Table_Gateway
'PRIMARY_POSITION' => NULL,
'IDENTITY' => false,
),
'yubikey_publicid' =>
array (
'SCHEMA_NAME' => NULL,
'TABLE_NAME' => 'users',
'COLUMN_NAME' => 'yubikey_publicid',
'COLUMN_POSITION' => 9,
'DATA_TYPE' => 'varchar',
'DEFAULT' => NULL,
'NULLABLE' => false,
'LENGTH' => '50',
'SCALE' => NULL,
'PRECISION' => NULL,
'UNSIGNED' => NULL,
'PRIMARY' => false,
'PRIMARY_POSITION' => NULL,
'IDENTITY' => false,
),
'firstname' =>
array (
'SCHEMA_NAME' => NULL,