Login/Activation tested

classes/lnApp/Auth/ORM.php

@@ -23,6 +23,22 @@ abstract class lnApp_Auth_ORM extends Kohana_Auth_ORM {
 			parent::__construct($config);
 	}
 
+	/**
+	 * Get the user that a token applies to
+	 *
+	 * This will check that the token is valid (not expired and for the request)
+	 *
+	 * @param $token The token
+	 * @return Model_Account|NULL The user that the token is valid for.
+	 */
+	private function _get_token_user($token) {
+		list($id,$key) = explode(':',$token,2);
+
+		$uo = ORM::factory('Account',$id);
+
+		return ($uo->token(NULL,NULL,NULL,NULL) == $token) ? $uo : NULL;
+	}
+
 	/**
 	 * Logs a user in.
 	 *
@@ -50,6 +66,9 @@ abstract class lnApp_Auth_ORM extends Kohana_Auth_ORM {
 
 		// If we have the right password, we'll check the status of the account
 		if ($user->password === $password AND $user->active) {
+			if (! $user->activated())
+				HTTP::redirect(URL::link('user','account/activate'));
+
 			// Record our session ID, we may need to update our DB when we get a new ID
 			$oldsess = session_id();
 
@@ -65,10 +84,6 @@ abstract class lnApp_Auth_ORM extends Kohana_Auth_ORM {
 							$o->set('session_id',session_id())
 								->update();
 
-//@TODO
-			if (! $user->has_any('group',ORM::factory('Group',array('name'=>'Registered Users'))->list_childgrps(TRUE)))
-				HTTP::redirect(URL::link('user','account/activate'));
-
 			return TRUE;
 		}
 
@@ -90,6 +105,28 @@ abstract class lnApp_Auth_ORM extends Kohana_Auth_ORM {
 		return is_null($x=$this->get_user()) ? ORM::factory('Group')->where('id','=',0)->find_all() : $x->groups();
 	}
 
+	/**
+	 * Gets the currently logged in user from the session.
+	 * Returns NULL if no user is currently logged in.
+	 *
+	 * @param boolean Check token users too
+	 * @return  mixed
+	 */
+	public function get_user($default=NULL,$tokenuser=TRUE) {
+		// If we are a CLI, we are not logged in
+		if (PHP_SAPI === 'cli')
+			throw new Kohana_Exception('Calling :method from the CLI is not allowed!',array(':method'=>__METHOD__));
+
+		// Get the current user
+		$uo = parent::get_user($default);
+
+		// If we are not logged in, see if there is token for the user
+		if (is_null($uo) AND $tokenuser AND ($token=Session::instance()->get('token')) OR (! empty($_REQUEST['token']) AND $token=$_REQUEST['token']))
+			$uo = $this->_get_token_user($token);
+
+		return $uo;
+	}
+
 	// Override Kohana Auth requirement to have a hash_key
 	public function hash($str) {
 		switch ($this->_config['hash_method']) {
@@ -100,7 +137,7 @@ abstract class lnApp_Auth_ORM extends Kohana_Auth_ORM {
 	}
 
 	/**
-	 * OSB authentication is controlled via database queries.
+	 * lnApp authentication is controlled via database queries.
 	 *
 	 * This method can be used to test two situations:
 	 * 1) Is the user logged in? ($role == FALSE)
@@ -121,18 +158,7 @@ abstract class lnApp_Auth_ORM extends Kohana_Auth_ORM {
 
 		// If we are not a valid user object, then we are not logged in
 		if (is_object($uo) AND ($uo instanceof Model_Account) AND $uo->loaded())
-			if (! empty($role)) {
-				if (($x = Request::current()->mmo()) instanceof Model)
-					// If the role has the authorisation to run the method
-					foreach ($x->group->find_all() as $go)
-						if ($go->id == 0 OR $uo->has_any('group',$go->list_childgrps(TRUE))) {
-							$status = TRUE;
-							break;
-						}
-
-			// There is no role, so the method should be allowed to run as anonymous
-			} else
-				$status = TRUE;
+			$status = TRUE;
 
 		return $status;
 	}