Skip to content

Commit

Permalink
Merge pull request #74 from mennodekker/2.05
Browse files Browse the repository at this point in the history 
2.05
  • Loading branch information
@mennodekker
mennodekker committed Apr 1, 2013
2 parents 85cc679 + b64114a commit 285c822
Show file tree
Hide file tree
Showing 10 changed files with 558 additions and 184 deletions.
2 changes: 1 addition & 1 deletion application/controllers/AdminController.php
View file
Expand Up @@ -149,7 +149,7 @@ public function run($action)
if (!empty($action) && $action != 'index')
Yii::app()->session['redirect_after_login'] = $this->createUrl('/');

Yii::app()->session['redirectopage'] = Yii::app()->request->requestUri;
App()->user->setReturnUrl(App()->request->requestUri);

$this->redirect(array('/admin/authentication/sa/login'));
}
Expand Down
6 changes: 4 additions & 2 deletions application/controllers/PluginsController.php
View file
Expand Up @@ -69,7 +69,8 @@ public function actionActivate($id)
if ($result->get('success', true)) {
$status = 0;
} else {
App()->user->setFlash('pluginActivation', gT('Failed to deactivate the plugin.'));
$message = $result->get('message', gT('Failed to deactivate the plugin.'));
App()->user->setFlash('pluginActivation', $message);
$this->redirect(array('plugins/'));
}

Expand All @@ -80,7 +81,8 @@ public function actionActivate($id)
if ($result->get('success', true)) {
$status = 1;
} else {
App()->user->setFlash('pluginActivation', $result->get('message', gT('Failed to activate plugin.')));
$message = $result->get('message', gT('Failed to activate the plugin.'));
App()->user->setFlash('pluginActivation', $message);
$this->redirect(array('plugins/'));
}
}
Expand Down
231 changes: 62 additions & 169 deletions application/controllers/admin/authentication.php
View file
Expand Up @@ -32,48 +32,79 @@ class Authentication extends Survey_Common_Action
public function index()
{
$this->_redirectIfLoggedIn();
$bCanLogin = $this->_userCanLogin();

if ($bCanLogin && !is_array($bCanLogin))
{
if (Yii::app()->request->getPost('action') || !is_null(Yii::app()->request->getQuery('onepass')) || Yii::app()->getConfig('auth_webserver') === true)
{

// Make sure after first run / update the authdb plugin is registered and active
// it can not be deactivated
if (!class_exists('Authdb', false)) {
$plugin = Plugin::model()->findByAttributes(array('name'=>'Authdb'));
if (!$plugin) {
$plugin = new Plugin();
$plugin->name = 'Authdb';
$plugin->active = 1;
$plugin->save();
App()->getPluginManager()->loadPlugin('Authdb', $plugin->id);
} else {
$plugin->active = 1;
$plugin->save();
}
}

$aData = $this->_doLogin(Yii::app()->request->getParam('user'), Yii::app()->request->getPost('password'),Yii::app()->request->getQuery('onepass',''));
$beforeLogin = new PluginEvent('beforeLogin');
$beforeLogin->set('identity', new LSUserIdentity('', ''));

if (!isset($aData['errormsg']))
{
Failed_login_attempts::model()->deleteAttempts();
App()->getPluginManager()->dispatchEvent($beforeLogin);
/* @var $identity LSUserIdentity */
$identity = $beforeLogin->get('identity');

$this->getController()->_GetSessionUserRights(Yii::app()->session['loginID']);
Yii::app()->session['just_logged_in'] = true;
Yii::app()->session['loginsummary'] = $this->_getSummary();
$this->_doRedirect();
die();
}
else
{
$this->_renderWrappedTemplate('authentication', 'error', $aData);
}
}
else
if (!$beforeLogin->isStopped() && is_null(App()->getRequest()->getPost('login_submit')))
{
$newLoginForm = new PluginEvent('newLoginForm');
App()->getPluginManager()->dispatchEvent($newLoginForm);
$aData['summary'] = $this->_getSummary('logout');
$aData['pluginContent'] = $newLoginForm->getAllContent();
$this->_renderWrappedTemplate('authentication', 'login', $aData);
} else {
// Handle getting the post and populating the identity there
$authMethod = App()->getRequest()->getPost('authMethod', $identity->plugin);
$identity->plugin = $authMethod;

$event = new PluginEvent('afterLoginFormSubmit');
$event->set('identity', $identity);
App()->getPluginManager()->dispatchEvent($event, array($authMethod));
$identity = $event->get('identity');

// Now authenticate
if ($identity->authenticate())
{
$this->_showLoginForm();
Failed_login_attempts::model()->deleteAttempts();

$this->getController()->_GetSessionUserRights(Yii::app()->session['loginID']);
Yii::app()->session['just_logged_in'] = true;
Yii::app()->session['loginsummary'] = $this->_getSummary();
$this->_doRedirect();

} else {
// Failed
$message = $identity->errorMessage;
if (empty($message)) {
// If no message, return a default message
$clang = $this->getController()->lang;
$message = $clang->gT('Incorrect username and/or password!');
}
App()->user->setFlash('loginError', $message);
$this->getController()->redirect(array('/admin/authentication/sa/login'));
}
}
else
{
$this->_renderWrappedTemplate('authentication', 'error', $bCanLogin);
}
}

/**
* Logout user
*/
public function logout()
{
Yii::app()->user->logout();
$this->_showLoginForm($this->getController()->lang->gT('Logout successful.'));
App()->user->logout();
App()->user->setFlash('loginmessage', gT('Logout successful.'));
$this->getController()->redirect(array('/admin/authentication/sa/login'));
}

/**
Expand Down Expand Up @@ -149,16 +180,6 @@ private function _sendPasswordEmail($sEmailAddr, $aFields)
return $sMessage;
}

/**
* Show login screen
* @param optional message
*/
protected function _showLoginForm($sLogoutSummary = '')
{
$aData['summary'] = $this->_getSummary('logout', $sLogoutSummary);
$this->_renderWrappedTemplate('authentication', 'login', $aData);
}

/**
* Get's the summary
* @param string $sMethod login|logout
Expand Down Expand Up @@ -230,136 +251,8 @@ private function _userCanLogin()
*/
private function _doRedirect()
{
if (strlen(Yii::app()->session['redirectopage']) > 1)
{
$this->getController()->redirect(Yii::app()->session['redirectopage']);
}
else
{
$this->getController()->redirect(array('/admin'));
}
}

/**
* Do the actual login work
* Note: This function is replicated in parts in remotecontrol.php controller - if you change this don't forget to make according changes there, too (which is why we should make a login helper)
* @param string $sUsername The username to login with
* @param string $sPassword The password to login with
* @return Array of data containing errors for the view
*/
private function _doLogin($sUsername, $sPassword, $sOneTimePassword)
{
$identity = new UserIdentity(sanitize_user($sUsername), $sPassword);

if (!$identity->authenticate($sOneTimePassword))
{
return $this->_getAuthenticationFailedErrorMessage();
}
@session_regenerate_id(); // Prevent session fixation
return $this->_setLoginSessions($identity);
}

/**
* Sets the login sessions
* @param UserIdentity $identity
* @return bool True
*/
private function _setLoginSessions($identity)
{
$user = $identity->getUser();

Yii::app()->user->login($identity);
$this->_checkForUsageOfDefaultPassword();
$this->_setSessionData($user);
$this->_setLanguageSettings($user);

return true;
}

/**
* Sets the session data
* @param CActiveRecord $user
*/
private function _setSessionData($user)
{
Yii::app()->session['loginID'] = (int) $user->uid;
Yii::app()->session['user'] = $user->users_name;
Yii::app()->session['full_name'] = $user->full_name;
Yii::app()->session['htmleditormode'] = $user->htmleditormode;
Yii::app()->session['templateeditormode'] = $user->templateeditormode;
Yii::app()->session['questionselectormode'] = $user->questionselectormode;
Yii::app()->session['dateformat'] = $user->dateformat;
Yii::app()->session['session_hash'] = hash('sha256',getGlobalSetting('SessionName').$user->users_name.$user->uid);
}

/**
* Sets the language settings for the user
* @param CActiveRecord $user
*/
private function _setLanguageSettings($user)
{
if (Yii::app()->request->getPost('loginlang','default') != 'default')
{
$user->lang = sanitize_languagecode(Yii::app()->request->getPost('loginlang'));
$user->save();
$sLanguage=$user->lang;
}
else if ($user->lang=='auto' || $user->lang=='')
{
$sLanguage= getBrowserLanguage();
}
else
{
$sLanguage=$user->lang;
}

Yii::app()->session['adminlang'] = $sLanguage;
$this->getController()->lang= new limesurvey_lang($sLanguage);
}

/**
* Checks if the user is using default password
*/
private function _checkForUsageOfDefaultPassword()
{
$clang = $this->getController()->lang;
Yii::app()->session['pw_notify'] = false;
if (strtolower(Yii::app()->request->getPost('password','') ) === 'password')
{
Yii::app()->session['pw_notify'] = true;
Yii::app()->session['flashmessage'] = $clang->gT('Warning: You are still using the default password (\'password\'). Please change your password and re-login again.');
}
}

/**
* Get the authentication failed error messages
* @return array Data
*/
private function _getAuthenticationFailedErrorMessage()
{
$clang = $this->getController()->lang;
$aData = array();

$userHostAddress = Yii::app()->request->getUserHostAddress();
$bUserNotFound = Failed_login_attempts::model()->addAttempt($userHostAddress);

if ($bUserNotFound)
{
$aData['errormsg'] = $clang->gT('Incorrect username and/or password!');
$aData['maxattempts'] = '';
}

$bLockedOut = Failed_login_attempts::model()->isLockedOut($userHostAddress);

if ($bLockedOut)
{
$aData['maxattempts'] = sprintf(
$clang->gT('You have exceeded the number of maximum login attempts. Please wait %d minutes before trying again.'),
Yii::app()->getConfig('timeOutTime') / 60
);
}

return $aData;
$returnUrl = App()->user->getReturnUrl(array('/admin'));
$this->getController()->redirect($returnUrl);
}

/**
Expand Down
9 changes: 3 additions & 6 deletions application/controllers/admin/remotecontrol.php
View file
Expand Up @@ -53,7 +53,8 @@ public function run()
Yii::app()->loadLibrary('LSjsonRPCServer');
if (!isset($_SERVER['CONTENT_TYPE']))
{
$_SERVER['CONTENT_TYPE'] = explode(';', $_SERVER['HTTP_CONTENT_TYPE'])[0];
$serverContentType = explode(';', $_SERVER['HTTP_CONTENT_TYPE']);
$_SERVER['CONTENT_TYPE'] = reset($serverContentType);
}
LSjsonRPCServer::handle($oHandler);
}
Expand Down Expand Up @@ -87,7 +88,7 @@ public function run()
public function test()
{
$RPCType=Yii::app()->getConfig("RPCInterface");
$serverUrl = Yii::app()->getBaseUrl(true).'/'.dirname(Yii::app()->request->getPathInfo());
$serverUrl = App()->createAbsoluteUrl('/admin/remotecontrol');
$sFileToImport=dirname(Yii::app()->basePath).DIRECTORY_SEPARATOR.'docs'.DIRECTORY_SEPARATOR.'demosurveys'.DIRECTORY_SEPARATOR.'limesurvey2_sample_survey_english.lss';

if ($RPCType == 'xml') {
Expand Down Expand Up @@ -2365,14 +2366,10 @@ public function export_responses($sSessionKey, $iSurveyID, $sDocumentType, $sLan
*/
protected function _doLogin($sUsername, $sPassword)
{
if (Failed_login_attempts::model()->isLockedOut())
return false;

$identity = new UserIdentity(sanitize_user($sUsername), $sPassword);

if (!$identity->authenticate())
{
Failed_login_attempts::model()->addAttempt();
return false;
}
else
Expand Down
46 changes: 46 additions & 0 deletions application/core/LSAuthResult.php
View file
@@ -0,0 +1,46 @@
<?php
/*
* LimeSurvey
* Copyright (C) 2007-2013 The LimeSurvey Project Team / Carsten Schmitz
* All rights reserved.
* License: GNU/GPL License v2 or later, see LICENSE.php
* LimeSurvey is free software. This version may have been modified pursuant
* to the GNU General Public License, and as distributed it includes or
* is derivative of works licensed under the GNU General Public License or
* other free or open source software licenses.
* See COPYRIGHT.php for copyright notices and details.
*
*/
class LSAuthResult
{
protected $_code;
protected $_message;

public function __construct($code = 0, $message = '') {
$this->setError($code, $message);
}

public function isValid()
{
if ($this->_code === 0) {
return true;
}

return false;
}

public function getCode()
{
return $this->_code;
}

public function getMessage()
{
return $this->_message;
}

public function setError($code, $message = null) {
$this->_code = $code;
$this->_message = $message;
}
}

0 comments on commit 285c822

Please sign in to comment.