X-Git-Url: http://git.roojs.org/?a=blobdiff_plain;f=DataObjects%2FCore_person.php;h=df2eaf8d2814f78c926b48f65d9183c2c6b194fb;hb=a3aee94f26d113c118d2fc75eea8a75fa99d8098;hp=be6380a46280d70d4940e9d69a871877c14802d4;hpb=11365b55d6f7f61e9eaae93cf50fb1f237564ded;p=Pman.Core diff --git a/DataObjects/Core_person.php b/DataObjects/Core_person.php index be6380a4..df2eaf8d 100644 --- a/DataObjects/Core_person.php +++ b/DataObjects/Core_person.php @@ -50,6 +50,9 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject /* the code above is auto generated do not remove the tag below */ ###END_AUTOCODE + + static $authUser = false; + function owner() { @@ -172,18 +175,13 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject // h embeds images here.. $body = $mime->get(); $headers = $mime->headers($headers); - } - - return array( 'recipients' => $recipents, 'headers' => $headers, 'body' => $body ); - - } @@ -195,10 +193,8 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject */ function sendTemplate($templateFile, $args) { - $ar = $this->buildMail($templateFile, $args); - //print_r($recipents);exit; $mailOptions = PEAR::getStaticProperty('Mail','options'); $mail = Mail::factory("SMTP",$mailOptions); @@ -211,7 +207,6 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject error_reporting($oe); return $ret; - } @@ -240,6 +235,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject $sesPrefix = $this->sesPrefix(); + self::$authUser = false; $_SESSION[get_class($this)][$sesPrefix .'-auth'] = ""; return false; @@ -260,22 +256,26 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject $sesPrefix = $this->sesPrefix(); + if (self::$authUser) { + return self::$authUser; + } + + if (!empty($_SESSION[get_class($this)][$sesPrefix .'-auth'])) { // in session... $a = unserialize($_SESSION[get_class($this)][$sesPrefix .'-auth']); - $u = DB_DataObject::factory($this->tableName()); + $u->autoJoin(); if ($a->id && $u->get($a->id)) { //&& strlen($u->passwd)) { - - return $u->verifyAuth(); // got authentication... - - + if ($u->verifyAuth()) { + self::$authUser = $u; + return true; + } } - unset($_SESSION[get_class($this)][$sesPrefix .'-auth']); unset($_SESSION[get_class($this)][$sesPrefix .'-timeout']); setcookie('Pman.timeout', -1, time() + (30*60), '/'); - + return false; } // http basic auth.. @@ -289,7 +289,10 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject && $u->checkPassword($_SERVER['PHP_AUTH_PW']) ) { + // logged in via http auth + $_SESSION[get_class($this)][$sesPrefix .'-auth'] = serialize($u); + self::$authUser = $u; return true; } //die("test init"); @@ -299,12 +302,12 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject } - // local auth - - $default_admin = false; - if (!empty($ff->Pman['local_autoauth']) && - ($ff->Pman['local_autoauth'] === true) && - (!empty($_SERVER['SERVER_ADDR'])) && - ( + $auto_auth_allow = false; + if (!empty($ff->Pman['local_autoauth']) && $ff->Pman['local_autoauth'] === true) { + $auto_auth_allow = true; + } + if ( + (!empty($_SERVER['SERVER_ADDR'])) && ( $_SERVER['SERVER_ADDR'] == '127.0.0.1' && $_SERVER['REMOTE_ADDR'] == '127.0.0.1' @@ -314,8 +317,19 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject $_SERVER['SERVER_ADDR'] == '::1' && $_SERVER['REMOTE_ADDR'] == '::1' ) - ) - ) { + + ){ + $auto_auth_allow = true; + } + + + if (empty($_SERVER['PATH_INFO']) || $_SERVER['PATH_INFO'] == '/Login') { + $auto_auth_allow = false; + } + //var_dump($auto_auth_allow); + // local auth - + $default_admin = false; + if ($auto_auth_allow) { $group = DB_DataObject::factory('core_group'); $group->get('name', 'Administrators'); @@ -337,25 +351,15 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject $u = DB_DataObject::factory($this->tableName()); $ff = HTML_FlexyFramework::get(); - if (!empty($ff->Pman['local_autoauth']) && - (!empty($_SERVER['SERVER_ADDR'])) && - ( - ( - $_SERVER['SERVER_ADDR'] == '127.0.0.1' && - $_SERVER['REMOTE_ADDR'] == '127.0.0.1' - ) - || - ( - $_SERVER['SERVER_ADDR'] == '::1' && - $_SERVER['REMOTE_ADDR'] == '::1' - ) - ) && + if ($auto_auth_allow && ($default_admin || $u->get('email', $ff->Pman['local_autoauth'])) ) { $user = $default_admin ? $default_admin->toArray() : $u->toArray(); - $_SESSION[get_class($this)][$sesPrefix .'-auth'] = serialize((object) $user); + // if we request other URLS.. then we get auto logged in.. + self::$authUser = $u; + //$_SESSION[get_class($this)][$sesPrefix .'-auth'] = serialize((object) $user); return true; } @@ -378,10 +382,9 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject } } if (!$n){ // authenticated as there are no users in the system... - return true; + return true; } - - return false; + return false; } @@ -403,23 +406,15 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject //var_dump(array(get_class($this),$sesPrefix .'-auth')); - if (!empty($_SESSION[get_class($this)][$sesPrefix .'-auth'])) { - $a = unserialize($_SESSION[get_class($this)][$sesPrefix .'-auth']); - - $u = DB_DataObject::factory($this->tableName()); // allow extending this ... - $u->autoJoin(); - if ($u->get($a->id)) { /// && strlen($u->passwd)) { // should work out the pid .. really.. - + if (self::$authUser) { + + if (isset($_SESSION[get_class($this)][$sesPrefix .'-auth'])) { $_SESSION[get_class($this)][$sesPrefix .'-auth-timeout'] = time() + (30*60); // eg. 30 minutes setcookie('Pman.timeout', time() + (30*60), time() + (30*60), '/'); - - $user = clone ($u); - return clone($user); - } - unset($_SESSION[get_class($this)][$sesPrefix .'-auth']); - unset($_SESSION[get_class($this)][$sesPrefix .'-timeout']); - setcookie('Pman.timeout', -1, time() + (30*60), '/'); + + return clone (self::$authUser); + } @@ -499,6 +494,12 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject //var_dump(array(get_class($this),$sesPrefix .'-auth')); $_SESSION[get_class($this)][$sesPrefix .'-auth'] = serialize((object)$d); + + $pp = DB_DAtaObject::Factory($this->tableName()); + $pp->get($this->pid()); + $pp->autoJoin(); + + self::$authUser = $pp; // ensure it's written so that ajax calls can fetch it.. @@ -514,6 +515,8 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject $_SESSION[get_class($this)][$sesPrefix .'-auth'] = ""; + self::$authUser = false; + } function genPassKey ($t) { @@ -528,9 +531,15 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject function checkTwoFactorAuthentication($val) { + + + // also used in login require_once 'System.php'; - if(empty($this->id)) { + if( + empty($this->id) || + empty($this->oath_key) + ) { return false; } @@ -540,13 +549,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject return false; } - $oath_key = $_SESSION[__CLASS__]['oath'][$this->id]; - - if(empty($oath_key)) { - return false; - } - - $cmd = "{$oathtool} --totp --base32 {$oath_key}"; + $cmd = "{$oathtool} --totp --base32 " . escapeshellarg($this->oath_key); $password = exec($cmd); @@ -681,9 +684,11 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject $aur['oath_key'] = ''; $aur['oath_key_enable'] = !empty($this->oath_key); + $aur['require_oath'] = 1; $s = DB_DataObject::Factory('core_setting'); - $aur['disable_oath'] = empty($s->lookup('core', 'two_factor_authentication')) ? 1 : 0; + $oath_require = $s->lookup('core', 'two_factor_authentication_requirement'); + $aur['require_oath'] = $oath_require ? $oath_require->val : 0; return $aur; } @@ -775,15 +780,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject function applyFilters($q, $au, $roo) { //DB_DataObject::DebugLevel(1); - if(!empty($q['_generate_oath_key'])){ - $o = clone($this); - $this->oath_key = $this->getOathKey(); - $this->update($o); - $roo->jok('OK'); - } - if(!empty($q['_to_qr_code'])){ - $person = DB_DataObject::factory('Core_person'); $person->id = $q['id']; @@ -791,8 +788,15 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject $roo->jerr('_invalid_person'); } - $hash = $this->getOathKey(); + $hash = $this->generateOathKey(); + $_SESSION[__CLASS__] = + isset($_SESSION[__CLASS__]) ? + $_SESSION[__CLASS__] : array(); + $_SESSION[__CLASS__]['oath'] = + isset($_SESSION[__CLASS__]['oath']) ? + $_SESSION[__CLASS__]['oath'] : array(); + $_SESSION[__CLASS__]['oath'][$person->id] = $hash; $qrcode = $person->generateQRCode($hash); @@ -805,18 +809,14 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject } if(!empty($q['two_factor_auth_code'])) { - $person = DB_DataObject::factory('core_person'); $person->get($q['id']); + $o = clone($person); + $person->oath_key = $_SESSION[__CLASS__]['oath'][$person->id]; if($person->checkTwoFactorAuthentication($q['two_factor_auth_code'])) { - - $o = clone($person); - $person->oath_key = $_SESSION[__CLASS__]['oath'][$person->id]; $person->update($o); - unset($_SESSION[__CLASS__]['oath'][$person->id]); - $roo->jok('DONE'); } @@ -824,7 +824,6 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject } if(!empty($q['oath_key_disable'])) { - $person = DB_DataObject::factory('core_person'); $person->get($q['id']); @@ -1125,7 +1124,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject $this->setFrom($ar); if(!empty($ar['_enable_oath_key'])){ - $oath_key = $this->getOathKey(); + $oath_key = $this->generateOathKey(); } if (!empty($ar['passwd1'])) { @@ -1420,7 +1419,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject return $sesPrefix; } - function loginPublic() + function loginPublic() // used where??? { $this->isAuth(); // force session start.. @@ -1447,7 +1446,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject $this->email = trim($this->email); } - function getOathKey() + function generateOathKey() { require 'Base32.php';