File indexing completed on 2024-10-13 13:29:13
0001 <?php 0002 0003 /** 0004 * ocs-webserver 0005 * 0006 * Copyright 2016 by pling GmbH. 0007 * 0008 * This file is part of ocs-webserver. 0009 * 0010 * This program is free software: you can redistribute it and/or modify 0011 * it under the terms of the GNU Affero General Public License as 0012 * published by the Free Software Foundation, either version 3 of the 0013 * License, or (at your option) any later version. 0014 * 0015 * This program is distributed in the hope that it will be useful, 0016 * but WITHOUT ANY WARRANTY; without even the implied warranty of 0017 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 0018 * GNU Affero General Public License for more details. 0019 * 0020 * You should have received a copy of the GNU Affero General Public License 0021 * along with this program. If not, see <http://www.gnu.org/licenses/>. 0022 **/ 0023 class Application_Model_Authorization 0024 { 0025 0026 const LOGIN_REMEMBER_ME = 'infinity'; 0027 0028 /** @var string */ 0029 protected $_dataModelName; 0030 /** @var Zend_Db_Table_Abstract */ 0031 protected $_dataTable; 0032 0033 /** @var string */ 0034 protected $_loginMethod; 0035 /** @var object */ 0036 protected $_authUserData; 0037 0038 /** 0039 * @param string $_dataModelName 0040 */ 0041 function __construct($_dataModelName = 'Application_Model_DbTable_Member') 0042 { 0043 $this->_dataModelName = $_dataModelName; 0044 $this->_dataTable = new $this->_dataModelName; 0045 } 0046 0047 /** 0048 * @throws Zend_Session_Exception 0049 * @throws Zend_Exception 0050 */ 0051 public function logout() 0052 { 0053 $auth = Zend_Auth::getInstance(); 0054 $auth->clearIdentity(); 0055 0056 $session = new Zend_Session_Namespace(); 0057 $session->unsetAll(); 0058 Zend_Session::forgetMe(); 0059 // Zend_Session::destroy(); 0060 0061 $modelRememberMe = new Application_Model_RememberMe(); 0062 $modelRememberMe->deleteSession(); 0063 } 0064 0065 /** 0066 * @param string $userId 0067 * @param string $userSecret 0068 * @param bool $setRememberMe 0069 * @param string $loginMethod 0070 * 0071 * @return Zend_Auth_Result 0072 * @throws Zend_Auth_Storage_Exception 0073 * @throws Zend_Session_Exception 0074 * @throws exception 0075 */ 0076 public function authenticateUser($userId, $userSecret, $setRememberMe = false, $loginMethod = null) 0077 { 0078 if (false === empty($loginMethod)) { 0079 $this->_loginMethod = $loginMethod; 0080 } 0081 0082 $authResult = $this->authenticateCredentials($userId, $userSecret, $loginMethod); 0083 if ($authResult->isValid()) { 0084 $this->updateRememberMe($setRememberMe); 0085 Zend_Session::regenerateId(); 0086 $this->_storeAuthSessionData(); 0087 $this->updateUserLastOnline('member_id', $this->_authUserData->member_id); 0088 } 0089 0090 return $authResult; 0091 } 0092 0093 /** 0094 * @param $identity 0095 * @param $credential 0096 * @param null $loginMethod 0097 * 0098 * @return Zend_Auth_Result 0099 * @throws Zend_Auth_Adapter_Exception 0100 * @throws Zend_Exception 0101 */ 0102 public function authenticateCredentials($identity, $credential, $loginMethod = null) 0103 { 0104 /** @var Local_Auth_Adapter_Ocs $authAdapter */ 0105 $authAdapter = Local_Auth_AdapterFactory::getAuthAdapter($identity, $credential, $loginMethod); 0106 $authAdapter->setIdentity($identity); 0107 $authAdapter->setCredential($credential); 0108 $authResult = $authAdapter->authenticate(); 0109 0110 if ($authResult->isValid()) { 0111 $this->_authUserData = $authAdapter->getResultRowObject(null, 'password'); 0112 } 0113 0114 return $authResult; 0115 } 0116 0117 /** 0118 * @param bool $setRememberMe 0119 * 0120 * @throws Zend_Db_Statement_Exception 0121 * @throws Zend_Exception 0122 */ 0123 public function updateRememberMe($setRememberMe = false) 0124 { 0125 $modelRememberMe = new Application_Model_RememberMe(); 0126 if (false == $setRememberMe) { 0127 $modelRememberMe->deleteSession(); 0128 0129 return; 0130 } 0131 if ($modelRememberMe->hasValidCookie()) { 0132 $modelRememberMe->updateSession($this->_authUserData->member_id); 0133 } else { 0134 $modelRememberMe->createSession($this->_authUserData->member_id); 0135 } 0136 } 0137 0138 /** 0139 * @throws Zend_Auth_Storage_Exception 0140 * @throws exception 0141 */ 0142 protected function _storeAuthSessionData() 0143 { 0144 $extendedAuthData = $this->getExtendedAuthUserData($this->_authUserData); 0145 0146 $auth = Zend_Auth::getInstance(); 0147 $auth->getStorage()->write($extendedAuthData); 0148 } 0149 0150 /** 0151 * @param object $authUserData 0152 * 0153 * @return object 0154 * @throws exception 0155 */ 0156 protected function getExtendedAuthUserData($authUserData) 0157 { 0158 $extendedAuthUserData = new stdClass(); 0159 if (isset($this->_loginMethod) AND $this->_loginMethod == self::LOGIN_REMEMBER_ME) { 0160 $modelMember = new Application_Model_Member(); 0161 $memberData = $modelMember->fetchMemberData($authUserData->member_id); 0162 $extendedAuthUserData->external_id = $memberData->external_id; 0163 $extendedAuthUserData->username = $memberData->username; 0164 $extendedAuthUserData->roleId = $memberData->roleId; 0165 $extendedAuthUserData->avatar = $memberData->avatar; 0166 $extendedAuthUserData->profile_image_url = $memberData->profile_image_url; 0167 $extendedAuthUserData->is_active = $memberData->is_active; 0168 $extendedAuthUserData->is_deleted = $memberData->is_deleted; 0169 $extendedAuthUserData->roleName = $this->getRoleNameForUserRole($memberData->roleId); 0170 } else { 0171 $extendedAuthUserData->roleName = $this->getRoleNameForUserRole($authUserData->roleId); 0172 } 0173 $extendedAuthUserData->projects = $this->getProjectIdsForUser($authUserData->member_id); 0174 0175 return (object)array_merge((array)$authUserData, (array)$extendedAuthUserData); 0176 } 0177 0178 /** 0179 * @param int $roleId 0180 * 0181 * @return string 0182 * @throws exception 0183 */ 0184 protected function getRoleNameForUserRole($roleId) 0185 { 0186 $database = Zend_Db_Table::getDefaultAdapter(); 0187 0188 $sql = " 0189 SELECT `shortname` 0190 FROM `member_role` 0191 WHERE `member_role_id` = ?; 0192 "; 0193 $sql = $database->quoteInto($sql, $roleId, 'INTEGER', 1); 0194 $resultSet = $database->query($sql)->fetchAll(); 0195 if (count($resultSet) > 0) { 0196 return $resultSet[0]['shortname']; 0197 } else { 0198 throw new Exception('undefined member role'); 0199 } 0200 } 0201 0202 /** 0203 * @param int $identifier 0204 * 0205 * @return array 0206 * @throws Zend_Db_Statement_Exception 0207 */ 0208 protected function getProjectIdsForUser($identifier) 0209 { 0210 $database = Zend_Db_Table::getDefaultAdapter(); 0211 $sql = " 0212 SELECT `p`.`project_id` 0213 FROM `project` AS `p` 0214 WHERE `p`.`member_id` = ?; 0215 "; 0216 $sql = $database->quoteInto($sql, $identifier, 'INTEGER', 1); 0217 $resultSet = $database->query($sql)->fetchAll(); 0218 0219 return $this->generateArrayWithKeyProjectId($resultSet); 0220 } 0221 0222 /** 0223 * @param array $inputArray 0224 * 0225 * @return array 0226 */ 0227 protected function generateArrayWithKeyProjectId($inputArray) 0228 { 0229 $arrayWithKeyProjectId = array(); 0230 foreach ($inputArray as $element) { 0231 $arrayWithKeyProjectId[$element['project_id']] = $element; 0232 } 0233 0234 return $arrayWithKeyProjectId; 0235 } 0236 0237 /** 0238 * @param string $identifier 0239 * @param string|int $identity 0240 * 0241 * @return int 0242 */ 0243 public function updateUserLastOnline($identifier, $identity) 0244 { 0245 /** @var Zend_Db_Table_Abstract $dataTable */ 0246 $dataTable = $this->_dataTable; 0247 0248 return $dataTable->update(array('last_online' => new Zend_Db_Expr('NOW()')), 0249 $dataTable->getAdapter()->quoteIdentifier($identifier, true) . ' = ' . $identity); 0250 } 0251 0252 /** 0253 * @return object 0254 */ 0255 public function getAuthData() 0256 { 0257 return $this->_authUserData; 0258 } 0259 0260 /** 0261 * @param int $identity 0262 * 0263 * @throws Zend_Auth_Storage_Exception 0264 * @throws exception 0265 */ 0266 public function storeAuthSessionDataByIdentity($identity) 0267 { 0268 $authDataAll = $this->getAllAuthUserData('member_id', $identity); 0269 0270 $auth = Zend_Auth::getInstance(); 0271 $auth->getStorage()->write($authDataAll); 0272 } 0273 0274 /** 0275 * @param string $identifier 0276 * @param string|int $identity 0277 * 0278 * @return object 0279 * @throws exception 0280 */ 0281 protected function getAllAuthUserData($identifier, $identity) 0282 { 0283 $this->_authUserData = $this->getAuthUserData($identifier, $identity); 0284 0285 return $this->getExtendedAuthUserData($this->_authUserData); 0286 } 0287 0288 /** 0289 * @param string $identifier 0290 * @param string|int $identity 0291 * 0292 * @return object 0293 */ 0294 protected function getAuthUserData($identifier, $identity) 0295 { 0296 $dataTable = $this->_dataTable; 0297 $where = $dataTable->select()->where($dataTable->getAdapter()->quoteIdentifier($identifier, true) . ' = ?', 0298 $identity); 0299 $resultRow = $dataTable->fetchRow($where)->toArray(); 0300 unset($resultRow['password']); 0301 0302 return (object)$resultRow; 0303 } 0304 0305 /** 0306 * @param string $identity 0307 * 0308 * @return null|object 0309 */ 0310 public function getAuthUserDataFromUnverified($identity) 0311 { 0312 $sql = " 0313 SELECT `m`.*, `member_email`.`email_verification_value`, `member_email`.`email_checked`, `mei`.`external_id` 0314 FROM `member_email` 0315 JOIN `member` AS `m` ON `m`.`member_id` = `member_email`.`email_member_id` 0316 LEFT JOIN `member_external_id` AS `mei` ON `mei`.`member_id` = `m`.`member_id` 0317 WHERE `member_email`.`email_deleted` = 0 AND `member_email`.`email_verification_value` = :verification AND `m`.`is_deleted` = 0 0318 "; 0319 $resultRow = $this->_dataTable->getAdapter()->fetchRow($sql, array('verification' => $identity)); 0320 if ($resultRow) { 0321 unset($resultRow['password']); 0322 0323 return (object)$resultRow; 0324 } 0325 0326 return null; 0327 } 0328 0329 /** 0330 * ppload and OCS 0331 * 0332 * @param string $identity 0333 * @param string $credential 0334 * @param string $loginMethod 0335 * 0336 * @return mixed 0337 * @throws Zend_Auth_Adapter_Exception 0338 * @throws Zend_Exception 0339 */ 0340 public function getAuthDataFromApi($identity, $credential, $loginMethod = null) 0341 { 0342 $authResult = $this->authenticateCredentials($identity, $credential, $loginMethod); 0343 0344 if ($authResult->isValid()) { 0345 Zend_Session::regenerateId(); 0346 $this->_storeAuthSessionData(); 0347 0348 return $this->_authUserData; 0349 } 0350 0351 return false; 0352 } 0353 0354 /** 0355 * @param string $identifier 0356 * @param string|int $identity 0357 * 0358 * @return int 0359 */ 0360 public function removeAllCookieInformation($identifier, $identity) 0361 { 0362 $dataTable = new Application_Model_DbTable_Session(); 0363 $where = $dataTable->getAdapter()->quoteInto($dataTable->getAdapter()->quoteIdentifier($identifier, true) . ' = ?', $identity); 0364 0365 return $dataTable->delete($where); 0366 } 0367 0368 }