This repository has been archived on 2024-04-08. You can view files and clone it, but cannot push or open issues or pull requests.

276 lines
8.6 KiB
PHP
Raw Normal View History

2010-11-30 09:41:08 +11:00
<?php defined('SYSPATH') or die('No direct access allowed.');
/**
* OSB Auth driver.
*
* @package OSB
2013-03-20 09:35:19 +11:00
* @category Helpers
2010-11-30 09:41:08 +11:00
* @author Deon George
2013-03-20 09:35:19 +11:00
* @copyright (c) 2009-2013 Open Source Billing
* @license http://dev.osbill.net/license.html
2010-11-30 09:41:08 +11:00
*/
class Auth_OSB extends Auth_ORM {
/**
* OSB authentication is controlled via database queries.
*
* This method can be used to test two situations:
* 1) Is the user logged in? ($role == FALSE)
* 2) Can the user run the current controller->action ($role == TRUE)
*
* @param boolean If authentication should be done for this module:method (ie: controller:action).
* @return boolean
*/
2013-04-18 18:17:33 +10:00
public function logged_in($role=NULL,$debug=NULL) {
2010-11-30 09:41:08 +11:00
$status = FALSE;
// Get the user from the session
2013-04-18 18:17:33 +10:00
$uo = $this->get_user();
2010-11-30 09:41:08 +11:00
// If we are not a valid user object, then we are not logged in
2013-04-18 18:17:33 +10:00
if (is_object($uo) AND ($uo instanceof Model_Account) AND $uo->loaded()) {
if (Config::sitemode() == Kohana::DEVELOPMENT)
SystemMessage::add(array('title'=>'Debug','type'=>'debug','body'=>Debug::vars(array('user'=>$uo->username,'r'=>$role))));
2010-11-30 09:41:08 +11:00
if (! empty($role)) {
// Get the module details
2012-11-10 10:13:57 +11:00
$mo = ORM::factory('Module',array('name'=>Request::current()->controller()));
2011-09-17 20:45:08 +10:00
if (! $mo->loaded() OR ! $mo->status) {
2010-11-30 09:41:08 +11:00
SystemMessage::add(array(
'title'=>'Module is not defined or active in the Database',
'type'=>'warning',
2011-05-14 17:35:33 +10:00
'body'=>sprintf('Module not defined: %s',Request::current()->controller()),
2010-11-30 09:41:08 +11:00
));
} else {
2011-05-14 17:35:33 +10:00
if (Request::current()->directory())
$method_name = sprintf('%s_%s',Request::current()->directory(),Request::current()->action());
2010-11-30 09:41:08 +11:00
else
2011-05-14 17:35:33 +10:00
$method_name = Request::current()->action();
2010-11-30 09:41:08 +11:00
// Get the method number
2012-11-10 10:13:57 +11:00
$mmo = ORM::factory('Module_Method',array('module_id'=>$mo->id,'name'=>$method_name));
2011-09-17 20:45:08 +10:00
if (! $mmo->loaded()) {
2010-11-30 09:41:08 +11:00
SystemMessage::add(array(
'title'=>'Method is not defined or active in the Database',
'type'=>'warning',
2011-09-17 20:45:08 +10:00
'body'=>sprintf('Method not defined: %s for %s',Request::current()->action(),$mo->name),
2010-11-30 09:41:08 +11:00
));
} else {
// If the role has the authorisation to run the method
2012-11-10 10:13:57 +11:00
$gmo = ORM::factory('Group_Method')
2011-09-17 20:45:08 +10:00
->where('method_id','=',$mmo->id);
2010-11-30 09:41:08 +11:00
$roles = '';
2011-09-17 20:45:08 +10:00
foreach ($gmo->find_all() as $gm) {
2010-11-30 09:41:08 +11:00
$roles .= ($roles ? '|' : '').$gm->group->name;
2011-09-24 23:13:38 +10:00
// $gm->group->id == 0 means all users.
2013-04-18 18:17:33 +10:00
if ($gm->group->id == 0 OR $uo->has_any('group',$gm->group->list_childgrps(TRUE))) {
2010-11-30 09:41:08 +11:00
$status = TRUE;
$roles = '';
2011-09-24 23:13:38 +10:00
2010-11-30 09:41:08 +11:00
break;
}
}
if (! $status) {
if (Config::sitemode() == Kohana::DEVELOPMENT)
SystemMessage::add(array(
'title'=>'User is not authorised in Database',
'type'=>'debug',
2013-04-18 18:17:33 +10:00
'body'=>sprintf('Role(s) checked: %s<br/>User: %s</br>Module: %s<br/>Method: %s',$roles,$uo->username,$mo->name,$mmo->name),
2010-11-30 09:41:08 +11:00
));
}
}
}
if (Config::sitemode() == Kohana::DEVELOPMENT)
SystemMessage::add(array(
'title'=>'Debug',
'type'=>'debug',
2013-04-18 18:17:33 +10:00
'body'=>sprintf('User: <b>%s</b>, Module: <b>%s</b>, Method: <b>%s</b>, Role: <b>%s</b>, Status: <b>%s</b>, Data: <b>%s</b>',
$uo->username,Request::current()->controller(),Request::current()->action(),$role,$status,$debug)));
2010-11-30 09:41:08 +11:00
// There is no role, so the method should be allowed to run as anonymous
} else {
if (Config::sitemode() == Kohana::DEVELOPMENT)
SystemMessage::add(array(
'title'=>'Debug',
'type'=>'debug',
2013-04-18 18:17:33 +10:00
'body'=>sprintf('User: <b>%s</b>, Module: <b>%s</b>, Method: <b>%s</b>, Status: <b>%s</b>, Data: <b>%s</b>',
$uo->username,Request::current()->controller(),Request::current()->action(),'No Role Default Access',$debug)));
2010-11-30 09:41:08 +11:00
$status = TRUE;
}
} else {
if (Config::sitemode() == Kohana::DEVELOPMENT)
SystemMessage::add(array('title'=>'Debug','type'=>'debug','body'=>'No user logged in'));
}
return $status;
}
/**
* Gets the currently logged in user from the session.
2013-04-18 18:17:33 +10:00
* Returns NULL if no user is currently logged in.
2010-11-30 09:41:08 +11:00
*
* @param boolean Check token users too
* @return mixed
*/
2013-04-18 18:17:33 +10:00
public function get_user($default=NULL,$tokenuser=TRUE) {
2013-04-21 23:10:38 +10:00
// Get the current user
2013-04-18 18:17:33 +10:00
$uo = parent::get_user($default);
2010-11-30 09:41:08 +11:00
2013-01-12 11:20:46 +11:00
// If we are not logged in, see if there is token for the user
2013-04-21 23:10:38 +10:00
if (is_null($uo) AND $tokenuser AND ($token=Session::instance()->get('token')) OR (! empty($_REQUEST['token']) AND $token=$_REQUEST['token']))
2013-04-18 18:17:33 +10:00
$uo = $this->_get_token_user($token);
2010-11-30 09:41:08 +11:00
2013-04-18 18:17:33 +10:00
return $uo;
2010-11-30 09:41:08 +11:00
}
/**
* Get the user that a token applies to
*
* This will check that the token is valid (not expired and for the request)
*
* @param $token The token
2013-04-18 18:17:33 +10:00
* @return Model_Account|NULL The user that the token is valid for.
2010-11-30 09:41:08 +11:00
*/
private function _get_token_user($token) {
2011-10-12 14:52:04 +11:00
// This has been implemented, as we sometimes we seem to come here twice
2013-04-18 18:17:33 +10:00
static $uo = NULL;
2011-10-12 14:52:04 +11:00
2013-04-18 18:17:33 +10:00
if (! is_null($uo))
return $uo;
2011-10-12 14:52:04 +11:00
2012-11-10 10:13:57 +11:00
$mmto = ORM::factory('Module_Method_Token',array('token'=>$token));
2010-11-30 09:41:08 +11:00
2011-10-13 09:20:08 +11:00
// Ignore the token if it doesnt exist.
2010-11-30 09:41:08 +11:00
if ($mmto->loaded()) {
2011-10-13 09:20:08 +11:00
// Check that the token is for this URI
2012-11-10 10:13:57 +11:00
$mo = ORM::factory('Module',array('name'=>Request::current()->controller()));
$mmo = ORM::factory('Module_Method',array(
2011-10-13 09:20:08 +11:00
'module_id'=>$mo->id,
'name'=>Request::current()->directory() ? sprintf('%s_%s',Request::current()->directory(),Request::current()->action()) : Request::current()->action()
));
// Ignore the token if this is not the right method.
if ($mmo->id == $mmto->method_id) {
if (! is_null($mmto->date_expire) AND $mmto->date_expire < time()) {
SystemMessage::add(array(
'title'=>_('Token Not Valid'),
'type'=>'warning',
'body'=>_('Token expired')));
2010-11-30 09:41:08 +11:00
2011-10-13 09:20:08 +11:00
// @todo Log the token deletion
Session::instance()->delete('token');
$mmto->delete();
2010-11-30 09:41:08 +11:00
2011-10-13 09:20:08 +11:00
} elseif (! is_null($mmto->uses) AND $mmto->uses < 1) {
SystemMessage::add(array(
'title'=>_('Token Not Valid'),
'type'=>'warning',
'body'=>_('Token expired')));
// @todo Log the token deletion
Session::instance()->delete('token');
$mmto->delete();
} else {
2011-10-12 14:52:04 +11:00
// If this is a usage count token, reduce the count.
if (! is_null($mmto->uses))
$mmto->uses -= 1;
// Record the date this token was used
$mmto->date_last = time();
$mmto->save();
2010-11-30 09:41:08 +11:00
Session::instance()->set('token',$token);
2013-04-18 18:17:33 +10:00
$uo = ORM::factory('Account',$mmto->account_id);
$uo->log(sprintf('Token %s used for method %s [%s]',$mmto->token,$mmto->module_method->name(),Request::current()->param('id')));
2010-11-30 09:41:08 +11:00
}
}
}
2013-04-18 18:17:33 +10:00
return $uo;
2010-11-30 09:41:08 +11:00
}
/**
* Logs a user in.
*
* @param string username
* @param string password
* @param boolean enable autologin
* @return boolean
*/
2013-04-18 18:17:33 +10:00
protected function _login($user,$password,$remember) {
if (! is_object($user)) {
2010-11-30 09:41:08 +11:00
$username = $user;
// Load the user
2012-11-10 10:13:57 +11:00
$user = ORM::factory('Account');
2012-02-22 19:15:46 +11:00
$user->where('username','=',$username)->find();
2013-04-18 18:17:33 +10:00
// If no user loaded, return
if (! $user->loaded())
return FALSE;
2010-11-30 09:41:08 +11:00
}
2013-04-18 18:17:33 +10:00
// Create a hashed password
2012-11-10 10:13:57 +11:00
if (is_string($password))
$password = $this->hash($password);
2010-11-30 09:41:08 +11:00
// If the passwords match, perform a login
2013-04-18 18:17:33 +10:00
if ($user->status AND $user->has_any('group',ORM::factory('Group',array('name'=>'Registered Users'))->list_childgrps(TRUE)) AND $user->password === $password) {
// @todo This is not currently used.
if ($remember === TRUE) {
2010-11-30 09:41:08 +11:00
// Create a new autologin token
2012-11-10 10:13:57 +11:00
$token = ORM::factory('User_Token');
2010-11-30 09:41:08 +11:00
// Set token data
$token->user_id = $user->id;
$token->expires = time() + $this->_config['lifetime'];
$token->save();
// Set the autologin cookie
Cookie::set('authautologin', $token->token, $this->_config['lifetime']);
}
// Record our session ID, we may need to update our DB when we get a new ID
$oldsess = session_id();
// Finish the login
$this->complete_login($user);
// Do we need to update databases with our new sesion ID
$sct = Kohana::$config->load('config')->session_change_trigger;
if (session_id() != $oldsess AND count($sct))
foreach ($sct as $t => $c)
if (Config::module_exist($t))
foreach (ORM::factory(ucwords($t))->where($c,'=',$oldsess)->find_all() as $o)
$o->set('session_id',session_id())
->update();
2010-11-30 09:41:08 +11:00
return TRUE;
}
// Login failed
return FALSE;
}
/**
* Determine if a user is authorised to view an account
*
* @param Model_Account Account Ojbect to validate if the current user has access
2010-11-30 09:41:08 +11:00
* @return boolean TRUE if authorised, FALSE if not.
*/
public function authorised(Model_Account $ao) {
return (($uo = $this->get_user()) AND $uo->loaded() AND ($uo == $ao OR in_array($ao->id,$uo->RTM->customers($uo->RTM))));
2010-11-30 09:41:08 +11:00
}
}
?>