1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
<?php
/**
* Piwik - Open source web analytics
*
* @link http://piwik.org
* @license http://www.gnu.org/licenses/gpl-3.0.html GPL v3 or later
*
*/
namespace Piwik\Plugins\Login;
use Exception;
use Piwik\AuthResult;
use Piwik\Common;
use Piwik\Config;
use Piwik\Cookie;
use Piwik\Db;
use Piwik\Piwik;
use Piwik\Plugins\UsersManager\API;
use Piwik\Plugins\UsersManager\Model;
use Piwik\ProxyHttp;
use Piwik\Session;
/**
*
*/
class Auth implements \Piwik\Auth
{
protected $login = null;
protected $token_auth = null;
/**
* Authentication module's name, e.g., "Login"
*
* @return string
*/
public function getName()
{
return 'Login';
}
/**
* Authenticates user
*
* @return AuthResult
*/
public function authenticate()
{
if (is_null($this->login)) {
$model = new Model();
$user = $model->getUserByTokenAuth($this->token_auth);
if (!empty($user['login'])) {
$code = $user['superuser_access'] ? AuthResult::SUCCESS_SUPERUSER_AUTH_CODE : AuthResult::SUCCESS;
return new AuthResult($code, $user['login'], $this->token_auth);
}
} else if (!empty($this->login)) {
$model = new Model();
$user = $model->getUser($this->login);
if (!empty($user['token_auth'])
&& (($this->getHashTokenAuth($this->login, $user['token_auth']) === $this->token_auth)
|| $user['token_auth'] === $this->token_auth)
) {
$this->setTokenAuth($user['token_auth']);
$code = !empty($user['superuser_access']) ? AuthResult::SUCCESS_SUPERUSER_AUTH_CODE : AuthResult::SUCCESS;
return new AuthResult($code, $this->login, $user['token_auth']);
}
}
return new AuthResult(AuthResult::FAILURE, $this->login, $this->token_auth);
}
/**
* Authenticates the user and initializes the session.
*/
public function initSession($login, $md5Password, $rememberMe)
{
$tokenAuth = API::getInstance()->getTokenAuth($login, $md5Password);
$this->setLogin($login);
$this->setTokenAuth($tokenAuth);
$authResult = $this->authenticate();
$authCookieName = Config::getInstance()->General['login_cookie_name'];
$authCookieExpiry = $rememberMe ? time() + Config::getInstance()->General['login_cookie_expire'] : 0;
$authCookiePath = Config::getInstance()->General['login_cookie_path'];
$cookie = new Cookie($authCookieName, $authCookieExpiry, $authCookiePath);
if (!$authResult->wasAuthenticationSuccessful()) {
$cookie->delete();
throw new Exception(Piwik::translate('Login_LoginPasswordNotCorrect'));
}
$cookie->set('login', $login);
$cookie->set('token_auth', $this->getHashTokenAuth($login, $authResult->getTokenAuth()));
$cookie->setSecure(ProxyHttp::isHttps());
$cookie->setHttpOnly(true);
$cookie->save();
@Session::regenerateId();
// remove password reset entry if it exists
Login::removePasswordResetInfo($login);
}
/**
* Accessor to set login name
*
* @param string $login user login
*/
public function setLogin($login)
{
$this->login = $login;
}
/**
* Accessor to set authentication token
*
* @param string $token_auth authentication token
*/
public function setTokenAuth($token_auth)
{
$this->token_auth = $token_auth;
}
/**
* Accessor to compute the hashed authentication token
*
* @param string $login user login
* @param string $token_auth authentication token
* @return string hashed authentication token
*/
public function getHashTokenAuth($login, $token_auth)
{
return md5($login . $token_auth);
}
}
|
