File indexing completed on 2024-10-13 13:29:13

0001 <?php
0002 
0003 /**
0004  *  ocs-webserver
0005  *
0006  *  Copyright 2016 by pling GmbH.
0007  *
0008  *    This file is part of ocs-webserver.
0009  *
0010  *    This program is free software: you can redistribute it and/or modify
0011  *    it under the terms of the GNU Affero General Public License as
0012  *    published by the Free Software Foundation, either version 3 of the
0013  *    License, or (at your option) any later version.
0014  *
0015  *    This program is distributed in the hope that it will be useful,
0016  *    but WITHOUT ANY WARRANTY; without even the implied warranty of
0017  *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
0018  *    GNU Affero General Public License for more details.
0019  *
0020  *    You should have received a copy of the GNU Affero General Public License
0021  *    along with this program.  If not, see <http://www.gnu.org/licenses/>.
0022  **/
0023 class Application_Model_Authorization
0024 {
0025 
0026     const LOGIN_REMEMBER_ME = 'infinity';
0027 
0028     /** @var string */
0029     protected $_dataModelName;
0030     /** @var  Zend_Db_Table_Abstract */
0031     protected $_dataTable;
0032 
0033     /** @var  string */
0034     protected $_loginMethod;
0035     /** @var  object */
0036     protected $_authUserData;
0037 
0038     /**
0039      * @param string $_dataModelName
0040      */
0041     function __construct($_dataModelName = 'Application_Model_DbTable_Member')
0042     {
0043         $this->_dataModelName = $_dataModelName;
0044         $this->_dataTable = new $this->_dataModelName;
0045     }
0046 
0047     /**
0048      * @throws Zend_Session_Exception
0049      * @throws Zend_Exception
0050      */
0051     public function logout()
0052     {
0053         $auth = Zend_Auth::getInstance();
0054         $auth->clearIdentity();
0055 
0056         $session = new Zend_Session_Namespace();
0057         $session->unsetAll();
0058         Zend_Session::forgetMe();
0059         //        Zend_Session::destroy();
0060 
0061         $modelRememberMe = new Application_Model_RememberMe();
0062         $modelRememberMe->deleteSession();
0063     }
0064 
0065     /**
0066      * @param string $userId
0067      * @param string $userSecret
0068      * @param bool   $setRememberMe
0069      * @param string $loginMethod
0070      *
0071      * @return Zend_Auth_Result
0072      * @throws Zend_Auth_Storage_Exception
0073      * @throws Zend_Session_Exception
0074      * @throws exception
0075      */
0076     public function authenticateUser($userId, $userSecret, $setRememberMe = false, $loginMethod = null)
0077     {
0078         if (false === empty($loginMethod)) {
0079             $this->_loginMethod = $loginMethod;
0080         }
0081 
0082         $authResult = $this->authenticateCredentials($userId, $userSecret, $loginMethod);
0083         if ($authResult->isValid()) {
0084             $this->updateRememberMe($setRememberMe);
0085             Zend_Session::regenerateId();
0086             $this->_storeAuthSessionData();
0087             $this->updateUserLastOnline('member_id', $this->_authUserData->member_id);
0088         }
0089 
0090         return $authResult;
0091     }
0092 
0093     /**
0094      * @param      $identity
0095      * @param      $credential
0096      * @param null $loginMethod
0097      *
0098      * @return Zend_Auth_Result
0099      * @throws Zend_Auth_Adapter_Exception
0100      * @throws Zend_Exception
0101      */
0102     public function authenticateCredentials($identity, $credential, $loginMethod = null)
0103     {
0104         /** @var Local_Auth_Adapter_Ocs $authAdapter */
0105         $authAdapter = Local_Auth_AdapterFactory::getAuthAdapter($identity, $credential, $loginMethod);
0106         $authAdapter->setIdentity($identity);
0107         $authAdapter->setCredential($credential);
0108         $authResult = $authAdapter->authenticate();
0109 
0110         if ($authResult->isValid()) {
0111             $this->_authUserData = $authAdapter->getResultRowObject(null, 'password');
0112         }
0113 
0114         return $authResult;
0115     }
0116 
0117     /**
0118      * @param bool $setRememberMe
0119      *
0120      * @throws Zend_Db_Statement_Exception
0121      * @throws Zend_Exception
0122      */
0123     public function updateRememberMe($setRememberMe = false)
0124     {
0125         $modelRememberMe = new Application_Model_RememberMe();
0126         if (false == $setRememberMe) {
0127             $modelRememberMe->deleteSession();
0128 
0129             return;
0130         }
0131         if ($modelRememberMe->hasValidCookie()) {
0132             $modelRememberMe->updateSession($this->_authUserData->member_id);
0133         } else {
0134             $modelRememberMe->createSession($this->_authUserData->member_id);
0135         }
0136     }
0137 
0138     /**
0139      * @throws Zend_Auth_Storage_Exception
0140      * @throws exception
0141      */
0142     protected function _storeAuthSessionData()
0143     {
0144         $extendedAuthData = $this->getExtendedAuthUserData($this->_authUserData);
0145 
0146         $auth = Zend_Auth::getInstance();
0147         $auth->getStorage()->write($extendedAuthData);
0148     }
0149 
0150     /**
0151      * @param object $authUserData
0152      *
0153      * @return object
0154      * @throws exception
0155      */
0156     protected function getExtendedAuthUserData($authUserData)
0157     {
0158         $extendedAuthUserData = new stdClass();
0159         if (isset($this->_loginMethod) AND $this->_loginMethod == self::LOGIN_REMEMBER_ME) {
0160             $modelMember = new Application_Model_Member();
0161             $memberData = $modelMember->fetchMemberData($authUserData->member_id);
0162             $extendedAuthUserData->external_id = $memberData->external_id;
0163             $extendedAuthUserData->username = $memberData->username;
0164             $extendedAuthUserData->roleId = $memberData->roleId;
0165             $extendedAuthUserData->avatar = $memberData->avatar;
0166             $extendedAuthUserData->profile_image_url = $memberData->profile_image_url;
0167             $extendedAuthUserData->is_active = $memberData->is_active;
0168             $extendedAuthUserData->is_deleted = $memberData->is_deleted;
0169             $extendedAuthUserData->roleName = $this->getRoleNameForUserRole($memberData->roleId);
0170         } else {
0171             $extendedAuthUserData->roleName = $this->getRoleNameForUserRole($authUserData->roleId);
0172         }
0173         $extendedAuthUserData->projects = $this->getProjectIdsForUser($authUserData->member_id);
0174 
0175         return (object)array_merge((array)$authUserData, (array)$extendedAuthUserData);
0176     }
0177 
0178     /**
0179      * @param int $roleId
0180      *
0181      * @return string
0182      * @throws exception
0183      */
0184     protected function getRoleNameForUserRole($roleId)
0185     {
0186         $database = Zend_Db_Table::getDefaultAdapter();
0187 
0188         $sql = "
0189                 SELECT `shortname`
0190                 FROM `member_role`
0191                 WHERE  `member_role_id` = ?;
0192         ";
0193         $sql = $database->quoteInto($sql, $roleId, 'INTEGER', 1);
0194         $resultSet = $database->query($sql)->fetchAll();
0195         if (count($resultSet) > 0) {
0196             return $resultSet[0]['shortname'];
0197         } else {
0198             throw new Exception('undefined member role');
0199         }
0200     }
0201 
0202     /**
0203      * @param int $identifier
0204      *
0205      * @return array
0206      * @throws Zend_Db_Statement_Exception
0207      */
0208     protected function getProjectIdsForUser($identifier)
0209     {
0210         $database = Zend_Db_Table::getDefaultAdapter();
0211         $sql = "
0212                 SELECT `p`.`project_id`
0213                 FROM `project` AS `p`
0214                 WHERE `p`.`member_id` = ?;
0215         ";
0216         $sql = $database->quoteInto($sql, $identifier, 'INTEGER', 1);
0217         $resultSet = $database->query($sql)->fetchAll();
0218 
0219         return $this->generateArrayWithKeyProjectId($resultSet);
0220     }
0221 
0222     /**
0223      * @param array $inputArray
0224      *
0225      * @return array
0226      */
0227     protected function generateArrayWithKeyProjectId($inputArray)
0228     {
0229         $arrayWithKeyProjectId = array();
0230         foreach ($inputArray as $element) {
0231             $arrayWithKeyProjectId[$element['project_id']] = $element;
0232         }
0233 
0234         return $arrayWithKeyProjectId;
0235     }
0236 
0237     /**
0238      * @param string     $identifier
0239      * @param string|int $identity
0240      *
0241      * @return int
0242      */
0243     public function updateUserLastOnline($identifier, $identity)
0244     {
0245         /** @var Zend_Db_Table_Abstract $dataTable */
0246         $dataTable = $this->_dataTable;
0247 
0248         return $dataTable->update(array('last_online' => new Zend_Db_Expr('NOW()')),
0249             $dataTable->getAdapter()->quoteIdentifier($identifier, true) . ' = ' . $identity);
0250     }
0251 
0252     /**
0253      * @return object
0254      */
0255     public function getAuthData()
0256     {
0257         return $this->_authUserData;
0258     }
0259 
0260     /**
0261      * @param int $identity
0262      *
0263      * @throws Zend_Auth_Storage_Exception
0264      * @throws exception
0265      */
0266     public function storeAuthSessionDataByIdentity($identity)
0267     {
0268         $authDataAll = $this->getAllAuthUserData('member_id', $identity);
0269 
0270         $auth = Zend_Auth::getInstance();
0271         $auth->getStorage()->write($authDataAll);
0272     }
0273 
0274     /**
0275      * @param string     $identifier
0276      * @param string|int $identity
0277      *
0278      * @return object
0279      * @throws exception
0280      */
0281     protected function getAllAuthUserData($identifier, $identity)
0282     {
0283         $this->_authUserData = $this->getAuthUserData($identifier, $identity);
0284 
0285         return $this->getExtendedAuthUserData($this->_authUserData);
0286     }
0287 
0288     /**
0289      * @param string     $identifier
0290      * @param string|int $identity
0291      *
0292      * @return object
0293      */
0294     protected function getAuthUserData($identifier, $identity)
0295     {
0296         $dataTable = $this->_dataTable;
0297         $where = $dataTable->select()->where($dataTable->getAdapter()->quoteIdentifier($identifier, true) . ' = ?',
0298             $identity);
0299         $resultRow = $dataTable->fetchRow($where)->toArray();
0300         unset($resultRow['password']);
0301 
0302         return (object)$resultRow;
0303     }
0304 
0305     /**
0306      * @param string $identity
0307      *
0308      * @return null|object
0309      */
0310     public function getAuthUserDataFromUnverified($identity)
0311     {
0312         $sql = "
0313             SELECT `m`.*, `member_email`.`email_verification_value`, `member_email`.`email_checked`, `mei`.`external_id` 
0314             FROM `member_email`
0315             JOIN `member` AS `m` ON `m`.`member_id` = `member_email`.`email_member_id`
0316             LEFT JOIN `member_external_id` AS `mei` ON `mei`.`member_id` = `m`.`member_id`
0317             WHERE `member_email`.`email_deleted` = 0 AND `member_email`.`email_verification_value` = :verification AND `m`.`is_deleted` = 0
0318         ";
0319         $resultRow = $this->_dataTable->getAdapter()->fetchRow($sql, array('verification' => $identity));
0320         if ($resultRow) {
0321             unset($resultRow['password']);
0322 
0323             return (object)$resultRow;
0324         }
0325 
0326         return null;
0327     }
0328 
0329     /**
0330      * ppload and OCS
0331      *
0332      * @param string $identity
0333      * @param string $credential
0334      * @param string $loginMethod
0335      *
0336      * @return mixed
0337      * @throws Zend_Auth_Adapter_Exception
0338      * @throws Zend_Exception
0339      */
0340     public function getAuthDataFromApi($identity, $credential, $loginMethod = null)
0341     {
0342         $authResult = $this->authenticateCredentials($identity, $credential, $loginMethod);
0343 
0344         if ($authResult->isValid()) {
0345             Zend_Session::regenerateId();
0346             $this->_storeAuthSessionData();
0347 
0348             return $this->_authUserData;
0349         }
0350 
0351         return false;
0352     }
0353 
0354     /**
0355      * @param string     $identifier
0356      * @param string|int $identity
0357      *
0358      * @return int
0359      */
0360     public function removeAllCookieInformation($identifier, $identity)
0361     {
0362         $dataTable = new Application_Model_DbTable_Session();
0363         $where = $dataTable->getAdapter()->quoteInto($dataTable->getAdapter()->quoteIdentifier($identifier, true) . ' = ?', $identity);
0364 
0365         return $dataTable->delete($where);
0366     }
0367 
0368 }