File indexing completed on 2025-02-09 07:14:37
0001 <?php 0002 0003 /** 0004 * ocs-webserver 0005 * 0006 * Copyright 2016 by pling GmbH. 0007 * 0008 * This file is part of ocs-webserver. 0009 * 0010 * This program is free software: you can redistribute it and/or modify 0011 * it under the terms of the GNU Affero General Public License as 0012 * published by the Free Software Foundation, either version 3 of the 0013 * License, or (at your option) any later version. 0014 * 0015 * This program is distributed in the hope that it will be useful, 0016 * but WITHOUT ANY WARRANTY; without even the implied warranty of 0017 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 0018 * GNU Affero General Public License for more details. 0019 * 0020 * You should have received a copy of the GNU Affero General Public License 0021 * along with this program. If not, see <http://www.gnu.org/licenses/>. 0022 **/ 0023 class Default_Model_Authorization 0024 { 0025 0026 const LOGIN_REMEMBER_ME = 'infinity'; 0027 0028 /** @var string */ 0029 protected $_dataModelName; 0030 /** @var Zend_Db_Table_Abstract */ 0031 protected $_dataTable; 0032 0033 /** @var string */ 0034 protected $_loginMethod; 0035 /** @var object */ 0036 protected $_authUserData; 0037 0038 /** 0039 * @param string $_dataModelName 0040 */ 0041 function __construct($_dataModelName = 'Default_Model_DbTable_Member') 0042 { 0043 $this->_dataModelName = $_dataModelName; 0044 $this->_dataTable = new $this->_dataModelName; 0045 } 0046 0047 /** 0048 * @throws Zend_Session_Exception 0049 * @throws Zend_Exception 0050 */ 0051 public function logout() 0052 { 0053 $auth = Zend_Auth::getInstance(); 0054 $auth->clearIdentity(); 0055 0056 $session = new Zend_Session_Namespace(); 0057 //$session->unsetAll(); 0058 //Zend_Session::forgetMe(); 0059 Zend_Session::rememberUntil(Zend_Registry::get('config')->resources->session->cookie_lifetime); 0060 //Zend_Session::destroy(); 0061 0062 $modelRememberMe = new Default_Model_RememberMe(); 0063 $modelRememberMe->deleteSession(); 0064 } 0065 0066 /** 0067 * @param string $userId 0068 * @param string $userSecret 0069 * @param bool $setRememberMe 0070 * @param string $loginMethod 0071 * 0072 * @return Zend_Auth_Result 0073 * @throws Zend_Auth_Storage_Exception 0074 * @throws Zend_Session_Exception 0075 * @throws exception 0076 */ 0077 public function authenticateUser($userId, $userSecret, $setRememberMe = false, $loginMethod = null) 0078 { 0079 if (false === empty($loginMethod)) { 0080 $this->_loginMethod = $loginMethod; 0081 } 0082 0083 $authResult = $this->authenticateCredentials($userId, $userSecret, $loginMethod); 0084 if ($authResult->isValid()) { 0085 $this->updateRememberMe($setRememberMe); 0086 Zend_Session::regenerateId(); 0087 Zend_Session::rememberMe(); 0088 $this->_storeAuthSessionData(); 0089 $this->updateUserLastOnline('member_id', $this->_authUserData->member_id); 0090 } 0091 0092 return $authResult; 0093 } 0094 0095 /** 0096 * @param $identity 0097 * @param $credential 0098 * @param null $loginMethod 0099 * 0100 * @return Zend_Auth_Result 0101 * @throws Zend_Auth_Adapter_Exception 0102 * @throws Zend_Exception 0103 */ 0104 protected function authenticateCredentials($identity, $credential, $loginMethod = null) 0105 { 0106 /** @var Local_Auth_Adapter_Ocs $authAdapter */ 0107 $authAdapter = Local_Auth_AdapterFactory::getAuthAdapter($identity, $credential, $loginMethod); 0108 $authAdapter->setIdentity($identity); 0109 $authAdapter->setCredential($credential); 0110 $authResult = $authAdapter->authenticate(); 0111 0112 if ($authResult->isValid()) { 0113 $this->_authUserData = $authAdapter->getResultRowObject(null, 'password'); 0114 } 0115 0116 return $authResult; 0117 } 0118 0119 /** 0120 * @param bool $setRememberMe 0121 * 0122 * @throws Zend_Db_Statement_Exception 0123 * @throws Zend_Exception 0124 */ 0125 public function updateRememberMe($setRememberMe = false) 0126 { 0127 $modelRememberMe = new Default_Model_RememberMe(); 0128 if (false == $setRememberMe) { 0129 $modelRememberMe->deleteSession(); 0130 0131 return; 0132 } 0133 if ($modelRememberMe->hasValidCookie()) { 0134 $modelRememberMe->updateSession($this->_authUserData->member_id); 0135 } else { 0136 $modelRememberMe->createSession($this->_authUserData->member_id); 0137 } 0138 } 0139 0140 /** 0141 * @throws Zend_Auth_Storage_Exception 0142 * @throws exception 0143 */ 0144 protected function _storeAuthSessionData() 0145 { 0146 $extendedAuthData = $this->getExtendedAuthUserData($this->_authUserData); 0147 0148 $auth = Zend_Auth::getInstance(); 0149 $auth->getStorage()->write($extendedAuthData); 0150 } 0151 0152 /** 0153 * @param object $authUserData 0154 * 0155 * @return object 0156 * @throws exception 0157 */ 0158 protected function getExtendedAuthUserData($authUserData) 0159 { 0160 $extendedAuthUserData = new stdClass(); 0161 if (isset($this->_loginMethod) AND $this->_loginMethod == self::LOGIN_REMEMBER_ME) { 0162 $modelMember = new Default_Model_Member(); 0163 $memberData = $modelMember->fetchMemberData($authUserData->member_id); 0164 $extendedAuthUserData->external_id = $memberData->external_id; 0165 $extendedAuthUserData->username = $memberData->username; 0166 $extendedAuthUserData->roleId = $memberData->roleId; 0167 $extendedAuthUserData->avatar = $memberData->avatar; 0168 $extendedAuthUserData->profile_image_url = $memberData->profile_image_url; 0169 $extendedAuthUserData->is_active = $memberData->is_active; 0170 $extendedAuthUserData->is_deleted = $memberData->is_deleted; 0171 $extendedAuthUserData->roleName = $this->getRoleNameForUserRole($memberData->roleId); 0172 } else { 0173 $extendedAuthUserData->roleName = $this->getRoleNameForUserRole($authUserData->roleId); 0174 } 0175 $extendedAuthUserData->projects = $this->getProjectIdsForUser($authUserData->member_id); 0176 0177 return (object)array_merge((array)$authUserData, (array)$extendedAuthUserData); 0178 } 0179 0180 /** 0181 * @param int $roleId 0182 * 0183 * @return string 0184 * @throws exception 0185 */ 0186 protected function getRoleNameForUserRole($roleId) 0187 { 0188 $database = Zend_Db_Table::getDefaultAdapter(); 0189 0190 $sql = " 0191 SELECT `shortname` 0192 FROM `member_role` 0193 WHERE `member_role_id` = ?; 0194 "; 0195 $sql = $database->quoteInto($sql, $roleId, 'INTEGER', 1); 0196 $resultSet = $database->query($sql)->fetchAll(); 0197 if (count($resultSet) > 0) { 0198 return $resultSet[0]['shortname']; 0199 } else { 0200 throw new Exception('undefined member role'); 0201 } 0202 } 0203 0204 /** 0205 * @param int $identifier 0206 * 0207 * @return array 0208 * @throws Zend_Db_Statement_Exception 0209 */ 0210 protected function getProjectIdsForUser($identifier) 0211 { 0212 $database = Zend_Db_Table::getDefaultAdapter(); 0213 $sql = " 0214 SELECT `p`.`project_id` 0215 FROM `project` AS `p` 0216 WHERE `p`.`member_id` = ?; 0217 "; 0218 $sql = $database->quoteInto($sql, $identifier, 'INTEGER', 1); 0219 $resultSet = $database->query($sql)->fetchAll(); 0220 0221 return $this->generateArrayWithKeyProjectId($resultSet); 0222 } 0223 0224 /** 0225 * @param array $inputArray 0226 * 0227 * @return array 0228 */ 0229 protected function generateArrayWithKeyProjectId($inputArray) 0230 { 0231 $arrayWithKeyProjectId = array(); 0232 foreach ($inputArray as $element) { 0233 $arrayWithKeyProjectId[$element['project_id']] = $element; 0234 } 0235 0236 return $arrayWithKeyProjectId; 0237 } 0238 0239 /** 0240 * @param string $identifier 0241 * @param string|int $identity 0242 * 0243 * @return int 0244 */ 0245 public function updateUserLastOnline($identifier, $identity) 0246 { 0247 /** @var Zend_Db_Table_Abstract $dataTable */ 0248 $dataTable = $this->_dataTable; 0249 0250 return $dataTable->update(array('last_online' => new Zend_Db_Expr('NOW()')), 0251 $dataTable->getAdapter()->quoteIdentifier($identifier, true) . ' = ' . $identity); 0252 } 0253 0254 /** 0255 * @return object 0256 */ 0257 public function getAuthData() 0258 { 0259 return $this->_authUserData; 0260 } 0261 0262 /** 0263 * @param int $identity 0264 * 0265 * @throws Zend_Auth_Storage_Exception 0266 * @throws exception 0267 */ 0268 public function storeAuthSessionDataByIdentity($identity) 0269 { 0270 $authDataAll = $this->getAllAuthUserData('member_id', $identity); 0271 0272 $auth = Zend_Auth::getInstance(); 0273 $auth->getStorage()->write($authDataAll); 0274 } 0275 0276 /** 0277 * @param string $identifier 0278 * @param string|int $identity 0279 * 0280 * @return object 0281 * @throws exception 0282 */ 0283 protected function getAllAuthUserData($identifier, $identity) 0284 { 0285 $this->_authUserData = $this->getAuthUserData($identifier, $identity); 0286 0287 return $this->getExtendedAuthUserData($this->_authUserData); 0288 } 0289 0290 /** 0291 * @param string $identifier 0292 * @param string|int $identity 0293 * 0294 * @return object 0295 * @throws Zend_Exception 0296 */ 0297 protected function getAuthUserData($identifier, $identity) 0298 { 0299 $dataTable = $this->_dataTable; 0300 $where = $dataTable->select()->where($dataTable->getAdapter()->quoteIdentifier($identifier, true) . ' = ?', $identity); 0301 $resultRow = $dataTable->fetchRow($where)->toArray(); 0302 unset($resultRow['password']); 0303 0304 return (object)$resultRow; 0305 } 0306 0307 /** 0308 * @param string $identity 0309 * 0310 * @return null|object 0311 * @throws Zend_Exception 0312 */ 0313 public function getAuthUserDataFromUnverified($identity) 0314 { 0315 $sql = " 0316 SELECT `m`.*, `member_email`.`email_verification_value`, `member_email`.`email_checked`, `mei`.`external_id` 0317 FROM `member_email` 0318 JOIN `member` AS `m` ON `m`.`member_id` = `member_email`.`email_member_id` 0319 LEFT JOIN `member_external_id` AS `mei` ON `mei`.`member_id` = `m`.`member_id` 0320 WHERE `member_email`.`email_deleted` = 0 AND `member_email`.`email_verification_value` = :verification AND `m`.`is_deleted` = 0 0321 "; 0322 $resultRow = $this->_dataTable->getAdapter()->fetchRow($sql, array('verification' => $identity)); 0323 if ($resultRow) { 0324 unset($resultRow['password']); 0325 0326 return (object)$resultRow; 0327 } 0328 0329 return null; 0330 } 0331 0332 /** 0333 * ppload and OCS 0334 * 0335 * @param string $identity 0336 * @param string $credential 0337 * @param string $loginMethod 0338 * 0339 * @return mixed 0340 * @throws Zend_Auth_Adapter_Exception 0341 * @throws Zend_Exception 0342 */ 0343 public function getAuthDataFromApi($identity, $credential, $loginMethod = null) 0344 { 0345 $authResult = $this->authenticateCredentials($identity, $credential, $loginMethod); 0346 0347 if ($authResult->isValid()) { 0348 Zend_Session::regenerateId(); 0349 $this->_storeAuthSessionData(); 0350 return $this->_authUserData; 0351 } 0352 0353 return false; 0354 } 0355 0356 /** 0357 * @param string $identifier 0358 * @param string|int $identity 0359 * 0360 * @return int 0361 */ 0362 public function removeAllCookieInformation($identifier, $identity) 0363 { 0364 $dataTable = new Default_Model_DbTable_Session(); 0365 $where = $dataTable->getAdapter()->quoteInto($dataTable->getAdapter()->quoteIdentifier($identifier, true) . ' = ?', $identity); 0366 0367 return $dataTable->delete($where); 0368 } 0369 0370 }