diff options
author | robocoder <anthon.pang@gmail.com> | 2010-08-09 14:25:15 +0400 |
---|---|---|
committer | robocoder <anthon.pang@gmail.com> | 2010-08-09 14:25:15 +0400 |
commit | 207e069a8e911234bafc3d457f5cd6107214835a (patch) | |
tree | 2bd8f6010be3810d85ab7385def53c0d9c2fcad9 /plugins/Login/Auth.php | |
parent | 0da8fa6a7f4f77412eb0f8cda966914416fad977 (diff) |
fixes #1419 - hash token_auth in the login cookie; I'm deferring implementation of the Miller/Jaspan recommendations for the time being (at least until we've looked at #906 OAuth and have a better sense of what needs to be refactored)
git-svn-id: http://dev.piwik.org/svn/trunk@2904 59fd770c-687e-43c8-a1e3-f5a4ff64c105
Diffstat (limited to 'plugins/Login/Auth.php')
-rw-r--r-- | plugins/Login/Auth.php | 51 |
1 files changed, 40 insertions, 11 deletions
diff --git a/plugins/Login/Auth.php b/plugins/Login/Auth.php index 2917727414..7567404b92 100644 --- a/plugins/Login/Auth.php +++ b/plugins/Login/Auth.php @@ -30,26 +30,50 @@ class Piwik_Login_Auth implements Piwik_Auth $rootPassword = Zend_Registry::get('config')->superuser->password; $rootToken = Piwik_UsersManager_API::getInstance()->getTokenAuth($rootLogin, $rootPassword); - if(($this->login == $rootLogin || is_null($this->login)) - && $this->token_auth == $rootToken) + if(is_null($this->login)) { - return new Piwik_Auth_Result(Piwik_Auth_Result::SUCCESS_SUPERUSER_AUTH_CODE, $rootLogin, $rootToken ); - } + if($this->token_auth == $rootToken) + { + return new Piwik_Auth_Result(Piwik_Auth_Result::SUCCESS_SUPERUSER_AUTH_CODE, $rootLogin, $this->token_auth ); + } - $login = Piwik_FetchOne( - 'SELECT login + $login = Piwik_FetchOne( + 'SELECT login FROM '.Piwik_Common::prefixTable('user').' WHERE token_auth = ?', array($this->token_auth) - ); - if($login !== false) - { - if(is_null($this->login) - || $this->login == $login) + ); + if(!$login !== false) { return new Piwik_Auth_Result(Piwik_Auth_Result::SUCCESS, $login, $this->token_auth ); } } + else if(!empty($this->login)) + { + if($this->login == $rootLogin + && ($this->getHashTokenAuth($rootLogin, $rootToken) == $this->token_auth) + || $rootToken == $this->token_auth) + { + $this->setTokenAuth($rootToken); + return new Piwik_Auth_Result(Piwik_Auth_Result::SUCCESS_SUPERUSER_AUTH_CODE, $rootLogin, $this->token_auth ); + } + + $login = $this->login; + $userToken = Piwik_FetchOne( + 'SELECT token_auth + FROM '.Piwik_Common::prefixTable('user').' + WHERE login = ?', + array($login) + ); + if($userToken !== false + && ($this->getHashTokenAuth($login, $userToken) == $this->token_auth) + || $userToken == $this->token_auth) + { + $this->setTokenAuth($userToken); + return new Piwik_Auth_Result(Piwik_Auth_Result::SUCCESS, $login, $userToken ); + } + } + return new Piwik_Auth_Result( Piwik_Auth_Result::FAILURE, $this->login, $this->token_auth ); } @@ -62,4 +86,9 @@ class Piwik_Login_Auth implements Piwik_Auth { $this->token_auth = $token_auth; } + + public function getHashTokenAuth($login, $token_auth) + { + return md5($login . $token_auth); + } } |