/* the code above is auto generated do not remove the tag below */
###END_AUTOCODE
+
+ static $authUser = false;
+
function owner()
{
$sesPrefix = $this->sesPrefix();
+ self::$authUser = false;
$_SESSION[get_class($this)][$sesPrefix .'-auth'] = "";
return false;
$sesPrefix = $this->sesPrefix();
+ if (self::$authUser) {
+ return self::$authUser;
+ }
+
+
if (!empty($_SESSION[get_class($this)][$sesPrefix .'-auth'])) {
// in session...
$a = unserialize($_SESSION[get_class($this)][$sesPrefix .'-auth']);
-
$u = DB_DataObject::factory($this->tableName());
+ $u->autoJoin();
if ($a->id && $u->get($a->id)) { //&& strlen($u->passwd)) {
-
- return $u->verifyAuth(); // got authentication...
-
-
+ if ($u->verifyAuth()) {
+ self::$authUser = $u;
+ return true;
+ }
}
-
unset($_SESSION[get_class($this)][$sesPrefix .'-auth']);
unset($_SESSION[get_class($this)][$sesPrefix .'-timeout']);
setcookie('Pman.timeout', -1, time() + (30*60), '/');
-
+ return false;
}
// http basic auth..
&&
$u->checkPassword($_SERVER['PHP_AUTH_PW'])
) {
- $_SESSION[get_class($this)][$sesPrefix .'-auth'] = serialize($u);
+ // logged in via http auth
+ // http auth will not need session...
+ //$_SESSION[get_class($this)][$sesPrefix .'-auth'] = serialize($u);
+ self::$authUser = $u;
return true;
}
//die("test init");
}
- // local auth -
- $default_admin = false;
- if (!empty($ff->Pman['local_autoauth']) &&
- ($ff->Pman['local_autoauth'] === true) &&
- (!empty($_SERVER['SERVER_ADDR'])) &&
- (
- (
- $_SERVER['SERVER_ADDR'] == '127.0.0.1' &&
- $_SERVER['REMOTE_ADDR'] == '127.0.0.1'
- )
- ||
+ $auto_auth_allow = false;
+ if (!empty($ff->Pman['local_autoauth']) && $ff->Pman['local_autoauth'] === true) {
+ $auto_auth_allow = true;
+ }
+ if ( !empty($ff->Pman['local_autoauth'])
+ &&
+ !empty($_SERVER['SERVER_ADDR']) &&
+ !empty($_SERVER['REMOTE_ADDR']) &&
(
- $_SERVER['SERVER_ADDR'] == '::1' &&
- $_SERVER['REMOTE_ADDR'] == '::1'
+ (
+ $_SERVER['SERVER_ADDR'] == '127.0.0.1' &&
+ $_SERVER['REMOTE_ADDR'] == '127.0.0.1'
+ )
+ ||
+ (
+ $_SERVER['SERVER_ADDR'] == '::1' &&
+ $_SERVER['REMOTE_ADDR'] == '::1'
+ )
)
- )
- ) {
+
+ ){
+ $auto_auth_allow = true;
+ }
+
+
+ if (empty($_SERVER['PATH_INFO']) || $_SERVER['PATH_INFO'] == '/Login') {
+ $auto_auth_allow = false;
+ }
+ //var_dump($auto_auth_allow);
+ // local auth -
+ $default_admin = false;
+ if ($auto_auth_allow) {
$group = DB_DataObject::factory('core_group');
$group->get('name', 'Administrators');
");
if($member->find(true)){
$default_admin = DB_DataObject::factory($this->tableName());
+ $default_admin->autoJoin();
if(!$default_admin->get($member->user_id)){
$default_admin = false;
}
//var_dump($ff->Pman['local_autoauth']); var_dump($_SERVER); exit;
$u = DB_DataObject::factory($this->tableName());
+ $u->autoJoin();
$ff = HTML_FlexyFramework::get();
- if (!empty($ff->Pman['local_autoauth']) &&
- (!empty($_SERVER['SERVER_ADDR'])) &&
- (
- (
- $_SERVER['SERVER_ADDR'] == '127.0.0.1' &&
- $_SERVER['REMOTE_ADDR'] == '127.0.0.1'
- )
- ||
- (
- $_SERVER['SERVER_ADDR'] == '::1' &&
- $_SERVER['REMOTE_ADDR'] == '::1'
- )
- ) &&
+ if ($auto_auth_allow &&
($default_admin || $u->get('email', $ff->Pman['local_autoauth']))
) {
$user = $default_admin ? $default_admin->toArray() : $u->toArray();
- $_SESSION[get_class($this)][$sesPrefix .'-auth'] = serialize((object) $user);
+ // if we request other URLS.. then we get auto logged in..
+ self::$authUser = $default_admin ? $default_admin : $u;;
+ //$_SESSION[get_class($this)][$sesPrefix .'-auth'] = serialize((object) $user);
return true;
}
}
}
if (!$n){ // authenticated as there are no users in the system...
- return true;
+ return true;
}
-
- return false;
+ return false;
}
//var_dump(array(get_class($this),$sesPrefix .'-auth'));
- if (!empty($_SESSION[get_class($this)][$sesPrefix .'-auth'])) {
- $a = unserialize($_SESSION[get_class($this)][$sesPrefix .'-auth']);
-
- $u = DB_DataObject::factory($this->tableName()); // allow extending this ...
- $u->autoJoin();
- if ($u->get($a->id)) { /// && strlen($u->passwd)) { // should work out the pid .. really..
-
+ if (self::$authUser) {
+
+ if (isset($_SESSION[get_class($this)][$sesPrefix .'-auth'])) {
$_SESSION[get_class($this)][$sesPrefix .'-auth-timeout'] = time() + (30*60); // eg. 30 minutes
setcookie('Pman.timeout', time() + (30*60), time() + (30*60), '/');
-
- $user = clone ($u);
- return clone($user);
-
}
- unset($_SESSION[get_class($this)][$sesPrefix .'-auth']);
- unset($_SESSION[get_class($this)][$sesPrefix .'-timeout']);
- setcookie('Pman.timeout', -1, time() + (30*60), '/');
+ // not really sure why it's cloned..
+ return clone (self::$authUser);
+
}
//var_dump(array(get_class($this),$sesPrefix .'-auth'));
$_SESSION[get_class($this)][$sesPrefix .'-auth'] = serialize((object)$d);
+
+ $pp = DB_DAtaObject::Factory($this->tableName());
+ $pp->get($this->pid());
+ $pp->autoJoin();
+
+ self::$authUser = $pp;
// ensure it's written so that ajax calls can fetch it..
$_SESSION[get_class($this)][$sesPrefix .'-auth'] = "";
+ self::$authUser = false;
+
}
function genPassKey ($t)
{
return md5(implode(',' , array($month, $this->email , $this->passwd, $this->id)));
}
- function checkTwoFactorAuthentication($val, $oath_key)
+ function checkTwoFactorAuthentication($val)
{
- // also used in login
+
+ // also used in login
require_once 'System.php';
if(
empty($this->id) ||
- empty($oath_key)
+ empty($this->oath_key)
) {
return false;
}
return false;
}
- $cmd = "{$oathtool} --totp --base32 {$oath_key}";
+ $cmd = "{$oathtool} --totp --base32 " . escapeshellarg($this->oath_key);
$password = exec($cmd);
if (!func_num_args()) {
return $this->lang;
}
- $val = array_shift(func_get_args());
+ $ar = func_get_args();
+ $val = array_shift($ar);
if ($val == $this->lang) {
return;
}
$aur['oath_key'] = '';
$aur['oath_key_enable'] = !empty($this->oath_key);
+ $aur['require_oath'] = 1;
$s = DB_DataObject::Factory('core_setting');
- $aur['disable_oath'] = (bool) $s->lookup('core', 'two_factor_authentication') ? 1 : 0;
+ $oath_require = $s->lookup('core', 'two_factor_auth_required');
+ $aur['require_oath'] = $oath_require ? $oath_require->val : 0;
return $aur;
}
{
//DB_DataObject::DebugLevel(1);
if(!empty($q['_to_qr_code'])){
-
$person = DB_DataObject::factory('Core_person');
$person->id = $q['id'];
$hash = $this->generateOathKey();
- $_SESSION[__CLASS__] = isset($_SESSION[__CLASS__]) ? $_SESSION[__CLASS__] : array();
- $_SESSION[__CLASS__]['oath'] = isset($_SESSION[__CLASS__]['oath']) ? $_SESSION[__CLASS__]['oath'] : array();
+ $_SESSION[__CLASS__] =
+ isset($_SESSION[__CLASS__]) ?
+ $_SESSION[__CLASS__] : array();
+ $_SESSION[__CLASS__]['oath'] =
+ isset($_SESSION[__CLASS__]['oath']) ?
+ $_SESSION[__CLASS__]['oath'] : array();
+
$_SESSION[__CLASS__]['oath'][$person->id] = $hash;
$qrcode = $person->generateQRCode($hash);
$roo->jerr('Fail to generate QR Code');
}
- $roo->jok($qrcode);
+ $roo->jdata(array(
+ 'secret' => $hash,
+ 'image' => $qrcode,
+ 'issuer' => $person->qrCodeIssuer()
+ ));
}
if(!empty($q['two_factor_auth_code'])) {
-
$person = DB_DataObject::factory('core_person');
$person->get($q['id']);
+ $o = clone($person);
$person->oath_key = $_SESSION[__CLASS__]['oath'][$person->id];
if($person->checkTwoFactorAuthentication($q['two_factor_auth_code'])) {
-
- $o = clone($person);
- $person->oath_key = $_SESSION[__CLASS__]['oath'][$person->id];
$person->update($o);
-
unset($_SESSION[__CLASS__]['oath'][$person->id]);
-
$roo->jok('DONE');
}
}
if(!empty($q['oath_key_disable'])) {
-
$person = DB_DataObject::factory('core_person');
$person->get($q['id']);
return $sesPrefix;
}
- function loginPublic()
+ function loginPublic() // used where???
{
$this->isAuth(); // force session start..
return false;
}
- $issuer = (empty($this->name)) ?
- rawurlencode('ROOJS') : rawurlencode($this->name);
+ $issuer = rawurlencode($this->qrCodeIssuer());
$uri = "otpauth://totp/{$issuer}:{$this->email}?secret={$hash}&issuer={$issuer}&algorithm=SHA1&digits=6&period=30";
return "data:image/png;base64,{$base64}";
}
+ function qrCodeIssuer()
+ {
+ $pg= HTML_FlexyFramework::get()->page;
+
+ $issuer = (empty($pg->company->name)) ? 'ROOJS' : "{$pg->company->name}";
+
+ return $issuer;
+ }
+
+ static function test_ADMIN_PASSWORD_RESET($pg, $to)
+ {
+ $ff = HTML_FlexyFramework::get();
+ $person = DB_DataObject::Factory('core_person');
+ $person->id = -1;
+
+ return array(
+ 'HTTP_HOST' => $_SERVER['SERVER_NAME'],
+ 'person' => $person,
+ 'authFrom' => 'FAKE_LINK',
+ 'authKey' => 'FAKE_KEY',
+
+ 'rcpts' => $to->email,
+ );
+
+ return $content;
+ }
+
+
}