handle empty companies

[Pman.Core] / DataObjects / Core_person.php
diff --git a/DataObjects/Core_person.php b/DataObjects/Core_person.php

index 0e720ef..5160b4e 100644 (file)
--- a/DataObjects/Core_person.php
+++ b/DataObjects/Core_person.php
@@ -50,10 +50,14 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
      
      /* the code above is auto generated do not remove the tag below */
      ###END_AUTOCODE
+    
+    static $authUser = false;
+    
   
      function owner()
      {
-        $p = DB_DataObject::Factory($this->tableName());
+        // this might be a Person in some old code? 
+        $p = DB_DataObject::Factory('core_person');
          $p->get($this->owner_id);
          return $p;
      }
@@ -232,6 +236,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
              
              $sesPrefix = $this->sesPrefix();
         
+            self::$authUser = false;
              $_SESSION[get_class($this)][$sesPrefix .'-auth'] = "";
              
              return false;
@@ -252,22 +257,26 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
         
          $sesPrefix = $this->sesPrefix();
          
+        if (self::$authUser) {
+            return self::$authUser;
+        }
+        
+        
          if (!empty($_SESSION[get_class($this)][$sesPrefix .'-auth'])) {
              // in session...
              $a = unserialize($_SESSION[get_class($this)][$sesPrefix .'-auth']);
-             
              $u = DB_DataObject::factory($this->tableName());
+            $u->autoJoin();
              if ($a->id && $u->get($a->id)) { //&& strlen($u->passwd)) {
-              
-                return $u->verifyAuth();  // got authentication...
-                
-    
+                if ($u->verifyAuth()) {
+                    self::$authUser = $u;
+                    return true;
+                }
              }
-            
              unset($_SESSION[get_class($this)][$sesPrefix .'-auth']);
              unset($_SESSION[get_class($this)][$sesPrefix .'-timeout']);
              setcookie('Pman.timeout', -1, time() + (30*60), '/');
-            
+            return false;
          }
          
          // http basic auth..
@@ -281,7 +290,10 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
              &&
              $u->checkPassword($_SERVER['PHP_AUTH_PW'])
             ) {
-            $_SESSION[get_class($this)][$sesPrefix .'-auth'] = serialize($u);
+            // logged in via http auth
+            // http auth will not need session... 
+            //$_SESSION[get_class($this)][$sesPrefix .'-auth'] = serialize($u);
+            self::$authUser = $u;
              return true; 
          }
          //die("test init");
@@ -291,23 +303,38 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
          }
          
          
-        // local auth - 
-        $default_admin = false;
-        if (!empty($ff->Pman['local_autoauth']) && 
-            ($ff->Pman['local_autoauth'] === true) &&
-            (!empty($_SERVER['SERVER_ADDR'])) &&
-            (
-                (
-                    $_SERVER['SERVER_ADDR'] == '127.0.0.1' &&
-                    $_SERVER['REMOTE_ADDR'] == '127.0.0.1'
-                )
-                ||
+        $auto_auth_allow = false;
+        if (!empty($ff->Pman['local_autoauth']) && $ff->Pman['local_autoauth'] === true) {
+            $auto_auth_allow  = true;
+        }
+        if  ( !empty($ff->Pman['local_autoauth'])
+             &&
+                !empty($_SERVER['SERVER_ADDR']) &&
+                !empty($_SERVER['REMOTE_ADDR']) &&
                  (
-                    $_SERVER['SERVER_ADDR'] == '::1' &&
-                    $_SERVER['REMOTE_ADDR'] == '::1'
+                    (
+                       $_SERVER['SERVER_ADDR'] == '127.0.0.1' &&
+                       $_SERVER['REMOTE_ADDR'] == '127.0.0.1'
+                   )
+                   ||
+                   (
+                       $_SERVER['SERVER_ADDR'] == '::1' &&
+                       $_SERVER['REMOTE_ADDR'] == '::1'
+                   )
                  )
-            )
-        ) {
+                
+            ){
+            $auto_auth_allow  = true;
+        }
+        
+        
+        if (empty($_SERVER['PATH_INFO']) ||  $_SERVER['PATH_INFO'] == '/Login') {
+            $auto_auth_allow  = false;
+        }
+        //var_dump($auto_auth_allow);
+        // local auth - 
+        $default_admin = false;
+        if ($auto_auth_allow) {
              $group = DB_DataObject::factory('core_group');
              $group->get('name', 'Administrators');
              
@@ -319,6 +346,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
              ");
              if($member->find(true)){
                  $default_admin = DB_DataObject::factory($this->tableName());
+                $default_admin->autoJoin();
                  if(!$default_admin->get($member->user_id)){
                      $default_admin = false;
                  }
@@ -327,27 +355,18 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
          
          //var_dump($ff->Pman['local_autoauth']);         var_dump($_SERVER); exit;
          $u = DB_DataObject::factory($this->tableName());
+        $u->autoJoin();
          $ff = HTML_FlexyFramework::get();
          
-        if (!empty($ff->Pman['local_autoauth']) && 
-            (!empty($_SERVER['SERVER_ADDR'])) &&
-            (
-                (
-                    $_SERVER['SERVER_ADDR'] == '127.0.0.1' &&
-                    $_SERVER['REMOTE_ADDR'] == '127.0.0.1'
-                )
-                ||
-                (
-                    $_SERVER['SERVER_ADDR'] == '::1' &&
-                    $_SERVER['REMOTE_ADDR'] == '::1'
-                )
-            ) &&
+        if ($auto_auth_allow && 
              ($default_admin ||  $u->get('email', $ff->Pman['local_autoauth']))
          ) {
              
              $user = $default_admin ? $default_admin->toArray() : $u->toArray();
              
-            $_SESSION[get_class($this)][$sesPrefix .'-auth'] = serialize((object) $user);
+            // if we request other URLS.. then we get auto logged in..
+            self::$authUser = $default_admin ? $default_admin : $u;;
+            //$_SESSION[get_class($this)][$sesPrefix .'-auth'] = serialize((object) $user);
              return true;
          }
          
@@ -370,10 +389,9 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
              }
          }
          if (!$n){ // authenticated as there are no users in the system...
-            return true;
+             return true;
          }
-        
-        return false;
+         return false;
          
      }
      
@@ -395,23 +413,15 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
          
          //var_dump(array(get_class($this),$sesPrefix .'-auth'));
         
-        if (!empty($_SESSION[get_class($this)][$sesPrefix .'-auth'])) {
-            $a = unserialize($_SESSION[get_class($this)][$sesPrefix .'-auth']);
-            
-            $u = DB_DataObject::factory($this->tableName()); // allow extending this ...
-            $u->autoJoin();
-            if ($u->get($a->id)) { /// && strlen($u->passwd)) {  // should work out the pid .. really..
-                
+        if (self::$authUser) {
+             
+            if (isset($_SESSION[get_class($this)][$sesPrefix .'-auth'])) {
                  $_SESSION[get_class($this)][$sesPrefix .'-auth-timeout'] = time() + (30*60); // eg. 30 minutes
                  setcookie('Pman.timeout', time() + (30*60), time() + (30*60), '/');
-                
-                $user = clone ($u);
-                return clone($user);
-            
              }
-            unset($_SESSION[get_class($this)][$sesPrefix .'-auth']);
-            unset($_SESSION[get_class($this)][$sesPrefix .'-timeout']);
-            setcookie('Pman.timeout', -1, time() + (30*60), '/');
+            // not really sure why it's cloned..
+            return   clone (self::$authUser);
+             
              
          }
          
@@ -491,6 +501,12 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
          
          //var_dump(array(get_class($this),$sesPrefix .'-auth'));
          $_SESSION[get_class($this)][$sesPrefix .'-auth'] = serialize((object)$d);
+        
+        $pp = DB_DAtaObject::Factory($this->tableName());
+        $pp->get($this->pid());
+        $pp->autoJoin();
+        
+        self::$authUser = $pp;
          // ensure it's written so that ajax calls can fetch it..
          
          
@@ -506,6 +522,8 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
          
          $_SESSION[get_class($this)][$sesPrefix .'-auth'] = "";
          
+        self::$authUser = false;
+        
      }    
      function genPassKey ($t) 
      {
@@ -520,10 +538,9 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
      
      function checkTwoFactorAuthentication($val)
      {
-        // also used in login
          
-        return true;
          
+        // also used in login
          require_once 'System.php';
          
          if(
@@ -539,7 +556,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
              return false;
          }
          
-        $cmd = "{$oathtool} --totp --base32 {$this->oath_key}";
+        $cmd = "{$oathtool} --totp --base32 " . escapeshellarg($this->oath_key);
          
          $password = exec($cmd);
          
@@ -585,6 +602,9 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
      
      function company()
      {
+        if (empty($this->company_id)) {
+            return false;
+        }
          $x = DB_DataObject::factory('core_company');
          $x->autoJoin();
          $x->get($this->company_id);
@@ -610,7 +630,8 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
          if (!func_num_args()) {
              return $this->lang;
          }
-        $val = array_shift(func_get_args());
+        $ar = func_get_args();
+        $val = array_shift($ar);
          if ($val == $this->lang) {
              return;
          }
@@ -623,14 +644,12 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
      
      function authUserArray()
      {
-        
          $aur = $this->toArray();
          
          if ($this->id < 1) {
              return $aur;
          }
          
-        
          //DB_DataObject::debugLevel(1);
          $c = DB_Dataobject::factory('core_company');
          $im = DB_Dataobject::factory('Images');
@@ -672,14 +691,22 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
          $aur['passwd'] = '';
          $aur['dailykey'] = '';
          $aur['oath_key'] = '';
-        $aur['require_oath'] =  0;
+        
+        $aur['oath_key_enable'] = !empty($this->oath_key);
+        $aur['require_oath'] = 1;
          
          $s = DB_DataObject::Factory('core_setting');
-        $oath_require = $s->lookup('core', 'two_factor_authentication_requirement');
-        if(empty($oath_require) || $oath_require == 1) {
-            $aur['oath_key_enable'] = !empty($this->oath_key);
-        }
+        $oath_require = $s->lookup('core', 'two_factor_auth_required');
+        $aur['require_oath'] = $oath_require ?  $oath_require->val : 0;
          
+        $aur['core_person_settings'] = array();
+                
+        $core_person_settings = DB_DataObject::factory('core_person_settings');
+        $core_person_settings->setFrom(array(
+            'person_id' => $this->id
+        ));
+        
+        $aur['core_person_settings'] = $core_person_settings->fetchAll('scope', 'data');
          
          return $aur;
      }
@@ -796,7 +823,11 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
                  $roo->jerr('Fail to generate QR Code');
              }
              
-            $roo->jok($qrcode);
+            $roo->jdata(array(
+                'secret' => $hash,
+                'image' => $qrcode,
+                'issuer' => $person->qrCodeIssuer()
+            ));
          }
          
          if(!empty($q['two_factor_auth_code'])) {
@@ -1106,13 +1137,33 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
                  LENGTH({$this->tableName()}.oath_key) AS length_oath_key
              ");
          }
+        if (isset($q['_with_group_membership'])) {
+            $this->selectAddGroupMemberships();
+        }
          
-        
+    }
+    
+    function selectAddGroupMemberships()
+    {
+        $this->selectAdd("
+            
+            COALESCE((
+                SELECT
+                    GROUP_CONCAT(  core_group.name separator  '\n')
+                FROM
+                    core_group_member
+                LEFT JOIN
+                    core_group
+                ON
+                    core_group.id = core_group_member.group_id
+                WHERE
+                    core_group_member.user_id = core_person.id
+            ), '')  as member_of");
      }
      
      function setFromRoo($ar, $roo)
      {
-        $this->setFrom($ar);
+        $this->setFrom($ar); 
          
          if(!empty($ar['_enable_oath_key'])){
              $oath_key = $this->generateOathKey();
@@ -1133,7 +1184,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
          }
          // this only applies to our owner company..
          $c = $this->company();
-        if (empty($c->comptype_name) || $c->comptype_name != 'OWNER') {
+        if (empty($c) || empty($c->comptype_name) || $c->comptype_name != 'OWNER') {
              return true;
          }
          
@@ -1410,7 +1461,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
          return $sesPrefix;
      }
      
-    function loginPublic()
+    function loginPublic() // used where???
      {
          $this->isAuth(); // force session start..
           
@@ -1455,8 +1506,7 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
              return false;
          }
          
-        $issuer = (empty($this->name)) ? 
-            rawurlencode('ROOJS') : rawurlencode($this->name);
+        $issuer = rawurlencode($this->qrCodeIssuer());
          
          $uri = "otpauth://totp/{$issuer}:{$this->email}?secret={$hash}&issuer={$issuer}&algorithm=SHA1&digits=6&period=30";
          
@@ -1476,4 +1526,32 @@ class Pman_Core_DataObjects_Core_person extends DB_DataObject
          return "data:image/png;base64,{$base64}";
      }
      
+    function qrCodeIssuer()
+    {
+        $pg= HTML_FlexyFramework::get()->page;
+        
+        $issuer = (empty($pg->company->name)) ?  'ROOJS' : "{$pg->company->name}";
+        
+        return $issuer;
+    }
+    
+    static function test_ADMIN_PASSWORD_RESET($pg, $to)
+    {
+        $ff = HTML_FlexyFramework::get();
+        $person = DB_DataObject::Factory('core_person');
+        $person->id = -1;
+        
+        return array(
+            'HTTP_HOST' => $_SERVER['SERVER_NAME'],
+            'person' => $person,
+            'authFrom' => 'FAKE_LINK',
+            'authKey' => 'FAKE_KEY',
+
+            'rcpts' => $to->email,
+        );
+        
+        return $content;
+    }
+    
+    
   }