AS1024
/
Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add RememberMe feature and authentications history

This commit is contained in:
Frédéric Guillot 2014-04-19 22:12:12 -04:00
parent 5aacb6a763
commit a04ecbde77
24 changed files with 949 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
assets/css/app.css
View File

@ -65,6 +65,7 @@ table {
width: 100%;
border-collapse: collapse;
border-spacing: 0;
margin-bottom: 20px;
}
table caption {
@ -80,7 +81,8 @@ td {
border: 1px solid #ccc;
padding-top: 0.5em;
padding-bottom: 0.5em;
padding-left: 5px;
padding-left: 3px;
padding-right: 3px;
}
th {
@ -89,13 +91,23 @@ th {
}
tr:nth-child(odd) td {
background: #fcfcfc;
background: #f8f8f8;
}
td li {
margin-left: 20px;
}
.table-small {
font-size: 0.85em;
}
.table-hover tr:hover td {
border-top: 2px solid #333;
border-bottom: 2px solid #333;
background: rgb(219, 235, 255)
}
/* forms */
form {
padding-top: 5px;

15
common.php
View File

@ -6,7 +6,7 @@ require __DIR__.'/core/translator.php';
$registry = new Core\Registry;
$registry->db_version = 11;
$registry->db_version = 12;
$registry->db = function() use ($registry) {
require __DIR__.'/vendor/PicoDb/Database.php';
@ -95,6 +95,16 @@ $registry->action = function() use ($registry) {
return new \Model\Action($registry->shared('db'), $registry->shared('event'));
};
$registry->rememberMe = function() use ($registry) {
require_once __DIR__.'/models/remember_me.php';
return new \Model\RememberMe($registry->shared('db'), $registry->shared('event'));
};
$registry->lastLogin = function() use ($registry) {
require_once __DIR__.'/models/last_login.php';
return new \Model\LastLogin($registry->shared('db'), $registry->shared('event'));
};
if (file_exists('config.php')) require 'config.php';
// Auto-refresh frequency in seconds for the public board view
@ -106,6 +116,9 @@ defined('SESSION_SAVE_PATH') or define('SESSION_SAVE_PATH', '');
// Application version
defined('APP_VERSION') or define('APP_VERSION', 'master');
// Base directory
define('BASE_URL_DIRECTORY', dirname($_SERVER['PHP_SELF']));
// Database driver: sqlite or mysql
defined('DB_DRIVER') or define('DB_DRIVER', 'sqlite');

2
controllers/action.php
View File

@ -7,7 +7,7 @@ require_once __DIR__.'/base.php';
/**
* Automatic actions management
*
* @package controllers
* @package controller
* @author Frederic Guillot
*/
class Action extends Base

11
controllers/app.php
View File

@ -4,8 +4,19 @@ namespace Controller;
require_once __DIR__.'/base.php';
/**
* Application controller
*
* @package controller
* @author Frederic Guillot
*/
class App extends Base
{
/**
* Redirect to the project creation page or the board controller
*
* @access public
*/
public function index()
{
if ($this->project->countByStatus(\Model\Project::ACTIVE)) {

28
controllers/base.php
View File

@ -26,6 +26,8 @@ abstract class Base
$this->task = $registry->task;
$this->user = $registry->user;
$this->comment = $registry->comment;
$this->rememberMe = $registry->rememberMe;
$this->lastLogin = $registry->lastLogin;
$this->event = $registry->shared('event');
}
@ -37,7 +39,7 @@ abstract class Base
public function beforeAction($controller, $action)
{
// Start the session
$this->session->open(dirname($_SERVER['PHP_SELF']), SESSION_SAVE_PATH);
$this->session->open(BASE_URL_DIRECTORY, SESSION_SAVE_PATH);
// HTTP secure headers
$this->response->csp();
@ -53,9 +55,27 @@ abstract class Base
// Set timezone
date_default_timezone_set($this->config->get('timezone', 'UTC'));
// If the user is not authenticated redirect to the login form, if the action is public continue
if (! isset($_SESSION['user']) && ! $this->acl->isPublicAction($controller, $action)) {
$this->response->redirect('?controller=user&action=login');
// Authentication
if (! $this->acl->isLogged() && ! $this->acl->isPublicAction($controller, $action)) {
// Try the remember me authentication first
if (! $this->rememberMe->authenticate()) {
// Redirect to the login form if not authenticated
$this->response->redirect('?controller=user&action=login');
}
else {
$this->lastLogin->create(
\Model\LastLogin::AUTH_REMEMBER_ME,
$this->acl->getUserId(),
$this->user->getIpAddress(),
$this->user->getUserAgent()
);
}
}
else if ($this->rememberMe->hasCookie()) {
$this->rememberMe->refresh();
}
// Check if the user is allowed to see this page

19
controllers/config.php
View File

@ -28,7 +28,9 @@ class Config extends Base
'errors' => array(),
'menu' => 'config',
'title' => t('Settings'),
'timezones' => $this->config->getTimezones()
'timezones' => $this->config->getTimezones(),
'remember_me_sessions' => $this->rememberMe->getAll($this->acl->getUserId()),
'last_logins' => $this->lastLogin->getAll($this->acl->getUserId()),
)));
}
@ -63,7 +65,9 @@ class Config extends Base
'errors' => $errors,
'menu' => 'config',
'title' => t('Settings'),
'timezones' => $this->config->getTimezones()
'timezones' => $this->config->getTimezones(),
'remember_me_sessions' => $this->rememberMe->getAll($this->acl->getUserId()),
'last_logins' => $this->lastLogin->getAll($this->acl->getUserId()),
)));
}
@ -101,4 +105,15 @@ class Config extends Base
$this->session->flash(t('All tokens have been regenerated.'));
$this->response->redirect('?controller=config');
}
/**
* Remove a "RememberMe" token
*
* @access public
*/
public function removeRememberMeToken()
{
$this->rememberMe->remove($this->request->getIntegerParam('id'));
$this->response->redirect('?controller=config&action=index#remember-me');
}
}

90
controllers/project.php
View File

@ -4,9 +4,19 @@ namespace Controller;
require_once __DIR__.'/base.php';
/**
* Project controller
*
* @package controller
* @author Frederic Guillot
*/
class Project extends Base
{
// Display access forbidden page
/**
* Display access forbidden page
*
* @access public
*/
public function forbidden()
{
$this->response->html($this->template->layout('project_forbidden', array(
@ -15,7 +25,11 @@ class Project extends Base
)));
}
// List of completed tasks for a given project
/**
* List of completed tasks for a given project
*
* @access public
*/
public function tasks()
{
$project_id = $this->request->getIntegerParam('project_id');
@ -40,7 +54,11 @@ class Project extends Base
)));
}
// List of projects
/**
* List of projects
*
* @access public
*/
public function index()
{
$projects = $this->project->getAll(true, $this->acl->isRegularUser());
@ -54,7 +72,11 @@ class Project extends Base
)));
}
// Display a form to create a new project
/**
* Display a form to create a new project
*
* @access public
*/
public function create()
{
$this->response->html($this->template->layout('project_new', array(
@ -65,7 +87,11 @@ class Project extends Base
)));
}
// Validate and save a new project
/**
* Validate and save a new project
*
* @access public
*/
public function save()
{
$values = $this->request->getValues();
@ -90,7 +116,11 @@ class Project extends Base
)));
}
// Display a form to edit a project
/**
* Display a form to edit a project
*
* @access public
*/
public function edit()
{
$project = $this->project->getById($this->request->getIntegerParam('project_id'));
@ -108,7 +138,11 @@ class Project extends Base
)));
}
// Validate and update a project
/**
* Validate and update a project
*
* @access public
*/
public function update()
{
$values = $this->request->getValues() + array('is_active' => 0);
@ -133,7 +167,11 @@ class Project extends Base
)));
}
// Confirmation dialog before to remove a project
/**
* Confirmation dialog before to remove a project
*
* @access public
*/
public function confirm()
{
$project = $this->project->getById($this->request->getIntegerParam('project_id'));
@ -150,7 +188,11 @@ class Project extends Base
)));
}
// Remove a project
/**
* Remove a project
*
* @access public
*/
public function remove()
{
$project_id = $this->request->getIntegerParam('project_id');
@ -164,7 +206,11 @@ class Project extends Base
$this->response->redirect('?controller=project');
}
// Enable a project
/**
* Enable a project
*
* @access public
*/
public function enable()
{
$project_id = $this->request->getIntegerParam('project_id');
@ -178,7 +224,11 @@ class Project extends Base
$this->response->redirect('?controller=project');
}
// Disable a project
/**
* Disable a project
*
* @access public
*/
public function disable()
{
$project_id = $this->request->getIntegerParam('project_id');
@ -192,7 +242,11 @@ class Project extends Base
$this->response->redirect('?controller=project');
}
// Users list for the selected project
/**
* Users list for the selected project
*
* @access public
*/
public function users()
{
$project = $this->project->getById($this->request->getIntegerParam('project_id'));
@ -210,7 +264,11 @@ class Project extends Base
)));
}
// Allow a specific user for the selected project
/**
* Allow a specific user for the selected project
*
* @access public
*/
public function allow()
{
$values = $this->request->getValues();
@ -229,7 +287,11 @@ class Project extends Base
$this->response->redirect('?controller=project&action=users&project_id='.$values['project_id']);
}
// Revoke user access
/**
* Revoke user access
*
* @access public
*/
public function revoke()
{
$values = array(

13
controllers/user.php
View File

@ -32,6 +32,7 @@ class User extends Base
*/
public function logout()
{
$this->rememberMe->destroy($this->acl->getUserId());
$this->session->close();
$this->response->redirect('?controller=user&action=login');
}
@ -63,7 +64,17 @@ class User extends Base
$values = $this->request->getValues();
list($valid, $errors) = $this->user->validateLogin($values);
if ($valid) $this->response->redirect('?controller=app');
if ($valid) {
$this->lastLogin->create(
\Model\LastLogin::AUTH_DATABASE,
$this->acl->getUserId(),
$this->user->getIpAddress(),
$this->user->getUserAgent()
);
$this->response->redirect('?controller=app');
}
$this->response->html($this->template->layout('user_login', array(
'errors' => $errors,

2
core/session.php
View File

@ -4,7 +4,7 @@ namespace Core;
class Session
{
const SESSION_LIFETIME = 2678400; // 31 days
const SESSION_LIFETIME = 86400; // 1 day
public function open($base_path = '/', $save_path = '')
{

14
locales/es_ES/translations.php
View File

@ -85,7 +85,7 @@ return array(
'Do you really want to remove this column: "%s"?' => '¿Realmente desea eliminar esta columna : « %s » ?',
'This action will REMOVE ALL TASKS associated to this column!' => '¡Esta acción suprimirá todas las tareas asociadas a esta columna!',
'settings' => 'preferencias',
'Application Settings' => 'Parámetros de la aplicación',
'Application settings' => 'Parámetros de la aplicación',
'Language' => 'Idioma',
'Webhooks token:' => 'Identificador (token) para los webhooks :',
'More information' => 'Más informaciones',
@ -94,7 +94,7 @@ return array(
'Optimize the database' => 'Optimisar la base de datos',
'(VACUUM command)' => '(Comando VACUUM)',
'(Gzip compressed Sqlite file)' => '(Archivo Sqlite comprimido en Gzip)',
'User Settings' => 'Parámetros de usuario',
'User settings' => 'Parámetros de usuario',
'My default project:' => 'Mi proyecto por defecto : ',
'Close a task' => 'Cerrar una tarea',
'Do you really want to close this task: "%s"?' => '¿Realmente desea cerrar esta tarea: « %s » ?',
@ -269,4 +269,14 @@ return array(
'Wrong password' => 'contraseña incorrecta',
'Reset all tokens' => 'Reiniciar los identificadores (tokens) de seguridad ',
'All tokens have been regenerated.' => 'Todos los identificadores (tokens) han sido reiniciados.',
// 'Unknown' => '',
// 'Last logins' => '',
// 'Login date' => '',
// 'Authentication method' => '',
// 'IP address' => '',
// 'User agent' => '',
// 'Persistent connections' => '',
// 'No session' => '',
// 'Expiration date' => '',
// 'Remember Me' => '',
);

14
locales/fr_FR/translations.php
View File

@ -85,7 +85,7 @@ return array(
'Do you really want to remove this column: "%s"?' => 'Voulez vraiment supprimer cette colonne : « %s » ?',
'This action will REMOVE ALL TASKS associated to this column!' => 'Cette action va supprimer toutes les tâches associées à cette colonne !',
'settings' => 'préférences',
'Application Settings' => 'Paramètres de l\'application',
'Application settings' => 'Paramètres de l\'application',
'Language' => 'Langue',
'Webhooks token:' => 'Jeton de securité pour les webhooks :',
'More information' => 'Plus d\'informations',
@ -94,7 +94,7 @@ return array(
'Optimize the database' => 'Optimiser la base de données',
'(VACUUM command)' => '(Commande VACUUM)',
'(Gzip compressed Sqlite file)' => '(Fichier Sqlite compressé en Gzip)',
'User Settings' => 'Paramètres utilisateur',
'User settings' => 'Paramètres utilisateur',
'My default project:' => 'Mon projet par défaut : ',
'Close a task' => 'Fermer une tâche',
'Do you really want to close this task: "%s"?' => 'Voulez-vous vraiment fermer cettre tâche : « %s » ?',
@ -269,4 +269,14 @@ return array(
'Wrong password' => 'Mauvais mot de passe',
'Reset all tokens' => 'Réinitialiser tous les jetons de sécurité',
'All tokens have been regenerated.' => 'Tous les jetons de sécurité ont été réinitialisés.',
'Unknown' => 'Inconnu',
'Last logins' => 'Dernières connexions',
'Login date' => 'Date de connexion',
'Authentication method' => 'Méthode d\'authentification',
'IP address' => 'Adresse IP',
'User agent' => 'Agent utilisateur',
'Persistent connections' => 'Connexions persistantes',
'No session' => 'Aucune session',
'Expiration date' => 'Date d\'expiration',
'Remember Me' => 'Connexion automatique',
);

14
locales/pl_PL/translations.php
View File

@ -85,7 +85,7 @@ return array(
'Do you really want to remove this column: "%s"?' => 'Na pewno chcesz usunąć kolumnę: "%s"?',
'This action will REMOVE ALL TASKS associated to this column!' => 'Wszystkie zadania w kolumnie zostaną usunięte!',
'settings' => 'ustawienia',
'Application Settings' => 'Ustawienia aplikacji',
'Application settings' => 'Ustawienia aplikacji',
'Language' => 'Język',
'Webhooks token:' => 'Token :',
'More information' => 'Więcej informacji',
@ -94,7 +94,7 @@ return array(
'Optimize the database' => 'Optymalizuj bazę danych',
'(VACUUM command)' => '(komenda VACUUM)',
'(Gzip compressed Sqlite file)' => '(baza danych spakowana Gzip)',
'User Settings' => 'Ustawienia użytkownika',
'User settings' => 'Ustawienia użytkownika',
'My default project:' => 'Mój domyślny projekt:',
'Close a task' => 'Zakończ zadanie',
'Do you really want to close this task: "%s"?' => 'Na pewno chcesz zakończyć to zadanie: "%s"?',
@ -274,4 +274,14 @@ return array(
'Wrong password' => 'Błędne hasło',
'Reset all tokens' => 'Zresetuj wszystkie tokeny',
'All tokens have been regenerated.' => 'Wszystkie tokeny zostały zresetowane.',
// 'Unknown' => '',
// 'Last logins' => '',
// 'Login date' => '',
// 'Authentication method' => '',
// 'IP address' => '',
// 'User agent' => '',
// 'Persistent connections' => '',
// 'No session' => '',
// 'Expiration date' => '',
// 'Remember Me' => '',
);

14
locales/pt_BR/translations.php
View File

@ -85,7 +85,7 @@ return array(
'Do you really want to remove this column: "%s"?' => 'Quer realmente remover esta coluna: "%s"?',
'This action will REMOVE ALL TASKS associated to this column!' => 'Esta ação vai REMOVER TODAS AS TAREFAS associadas a esta coluna!',
'settings' => 'preferências',
'Application Settings' => 'Preferências da aplicação',
'Application settings' => 'Preferências da aplicação',
'Language' => 'Idioma',
'Webhooks token:' => 'Token de webhooks:',
'More information' => 'Mais informação',
@ -94,7 +94,7 @@ return array(
'Optimize the database' => 'Otimizar o banco de dados',
'(VACUUM command)' => '(Comando VACUUM)',
'(Gzip compressed Sqlite file)' => '(Arquivo Sqlite comprimido com Gzip)',
'User Settings' => 'Configurações do usuário',
'User settings' => 'Configurações do usuário',
'My default project:' => 'Meu projeto default:',
'Close a task' => 'Encerrar uma tarefa',
'Do you really want to close this task: "%s"?' => 'Quer realmente encerrar esta tarefa: "%s"?',
@ -270,4 +270,14 @@ return array(
// 'Wrong password' => '',
// 'Reset all tokens' => '',
// 'All tokens have been regenerated.' => '',
// 'Unknown' => '',
// 'Last logins' => '',
// 'Login date' => '',
// 'Authentication method' => '',
// 'IP address' => '',
// 'User agent' => '',
// 'Persistent connections' => '',
// 'No session' => '',
// 'Expiration date' => '',
// 'Remember Me' => '',
);

111
models/acl.php
View File

@ -4,16 +4,32 @@ namespace Model;
require_once __DIR__.'/base.php';
/**
* Acl model
*
* @package model
* @author Frederic Guillot
*/
class Acl extends Base
{
// Controllers and actions allowed from outside
/**
* Controllers and actions allowed from outside
*
* @access private
* @var array
*/
private $public_actions = array(
'user' => array('login', 'check'),
'task' => array('add'),
'board' => array('readonly'),
);
// Controllers and actions allowed for regular users
/**
* Controllers and actions allowed for regular users
*
* @access private
* @var array
*/
private $user_actions = array(
'app' => array('index'),
'board' => array('index', 'show', 'assign', 'assigntask', 'save'),
@ -21,10 +37,18 @@ class Acl extends Base
'task' => array('show', 'create', 'save', 'edit', 'update', 'close', 'confirmclose', 'open', 'confirmopen', 'description', 'duplicate'),
'comment' => array('save', 'confirm', 'remove', 'update', 'edit'),
'user' => array('index', 'edit', 'update', 'forbidden', 'logout', 'index'),
'config' => array('index'),
'config' => array('index', 'removeremembermetoken'),
);
// Return true if the specified controller/action is allowed according to the given acl
/**
* Return true if the specified controller/action is allowed according to the given acl
*
* @access public
* @param array $acl Acl list
* @param string $controller Controller name
* @param string $action Action name
* @return bool
*/
public function isAllowedAction(array $acl, $controller, $action)
{
if (isset($acl[$controller])) {
@ -34,37 +58,100 @@ class Acl extends Base
return false;
}
// Return true if the given action is public
/**
* Return true if the given action is public
*
* @access public
* @param string $controller Controller name
* @param string $action Action name
* @return bool
*/
public function isPublicAction($controller, $action)
{
return $this->isAllowedAction($this->public_actions, $controller, $action);
}
// Return true if the given action is allowed for a regular user
/**
* Return true if the given action is allowed for a regular user
*
* @access public
* @param string $controller Controller name
* @param string $action Action name
* @return bool
*/
public function isUserAction($controller, $action)
{
return $this->isAllowedAction($this->user_actions, $controller, $action);
}
// Return true if the logged user is admin
/**
* Return true if the logged user is admin
*
* @access public
* @return bool
*/
public function isAdminUser()
{
return isset($_SESSION['user']['is_admin']) && $_SESSION['user']['is_admin'] === '1';
return isset($_SESSION['user']['is_admin']) && $_SESSION['user']['is_admin'] === true;
}
// Return true if the logged user is not admin
/**
* Return true if the logged user is not admin
*
* @access public
* @return bool
*/
public function isRegularUser()
{
return isset($_SESSION['user']['is_admin']) && $_SESSION['user']['is_admin'] === '0';
return isset($_SESSION['user']['is_admin']) && $_SESSION['user']['is_admin'] === false;
}
// Get the connected user id
/**
* Get the connected user id
*
* @access public
* @return bool
*/
public function getUserId()
{
return isset($_SESSION['user']['id']) ? (int) $_SESSION['user']['id'] : 0;
}
// Check if an action is allowed for the logged user
/**
* Check is the user is connected
*
* @access public
* @return bool
*/
public function isLogged()
{
return ! empty($_SESSION['user']);
}
/**
* Check is the user was authenticated with the RememberMe or set the value
*
* @access public
* @param bool $value Set true if the user use the RememberMe
* @return bool
*/
public function isRememberMe($value = null)
{
if ($value !== null) {
$_SESSION['is_remember_me'] = $value;
}
return empty($_SESSION['is_remember_me']) ? false : $_SESSION['is_remember_me'];
}
/**
* Check if an action is allowed for the logged user
*
* @access public
* @param string $controller Controller name
* @param string $action Action name
* @return bool
*/
public function isPageAccessAllowed($controller, $action)
{
return $this->isPublicAction($controller, $action) ||

11
models/action.php
View File

@ -16,7 +16,18 @@ use \SimpleValidator\Validators;
*/
class Action extends Base
{
/**
* SQL table name for actions
*
* @var string
*/
const TABLE = 'actions';
/**
* SQL table name for action parameters
*
* @var string
*/
const TABLE_PARAMS = 'action_has_params';
/**

1
models/base.php
View File

@ -54,6 +54,7 @@ abstract class Base
/**
* Generate a random token with different methods: openssl or /dev/urandom or fallback to uniqid()
*
* @static
* @access public
* @return string Random token
*/

93
models/last_login.php Normal file
View File

@ -0,0 +1,93 @@
<?php
namespace Model;
require_once __DIR__.'/base.php';
/**
* LastLogin model
*
* @package model
* @author Frederic Guillot
*/
class LastLogin extends Base
{
/**
* SQL table name
*
* @var string
*/
const TABLE = 'last_logins';
/**
* Number of connections to keep for history
*
* @var integer
*/
const NB_LOGINS = 15;
/**
* Authentication methods
*
* @var string
*/
const AUTH_DATABASE = 'database';
const AUTH_REMEMBER_ME = 'remember_me';
const AUTH_LDAP = 'ldap';
const AUTH_GOOGLE = 'google';
/**
* Create a new record
*
* @access public
* @param string $auth_type Authentication method
* @param integer $user_id User id
* @param string $ip IP Address
* @param string $user_agent User Agent
* @return array
*/
public function create($auth_type, $user_id, $ip, $user_agent)
{
// Cleanup old sessions if necessary
$connections = $this->db
->table(self::TABLE)
->eq('user_id', $user_id)
->desc('date_creation')
->findAllByColumn('id');
if (count($connections) >= self::NB_LOGINS) {
$this->db->table(self::TABLE)
->eq('user_id', $user_id)
->notin('id', array_slice($connections, 0, self::NB_LOGINS - 1))
->remove();
}
return $this->db
->table(self::TABLE)
->insert(array(
'auth_type' => $auth_type,
'user_id' => $user_id,
'ip' => $ip,
'user_agent' => $user_agent,
'date_creation' => time(),
));
}
/**
* Get the last connections for a given user
*
* @access public
* @param integer $user_id User id
* @return array
*/
public function getAll($user_id)
{
return $this->db
->table(self::TABLE)
->eq('user_id', $user_id)
->desc('date_creation')
->columns('id', 'auth_type', 'ip', 'user_agent', 'date_creation')
->findAll();
}
}

336
models/remember_me.php Normal file
View File

@ -0,0 +1,336 @@
<?php
namespace Model;
require_once __DIR__.'/base.php';
/**
* RememberMe model
*
* @package model
* @author Frederic Guillot
*/
class RememberMe extends Base
{
/**
* SQL table name
*
* @var string
*/
const TABLE = 'remember_me';
/**
* Cookie name
*
* @var string
*/
const COOKIE_NAME = '__R';
/**
* Expiration (60 days)
*
* @var integer
*/
const EXPIRATION = 5184000;
/**
* Get a remember me record
*
* @access public
* @param integer $user_id User id
* @return mixed
*/
public function find($token, $sequence)
{
return $this->db
->table(self::TABLE)
->eq('token', $token)
->eq('sequence', $sequence)
->gt('expiration', time())
->findOne();
}
/**
* Get all sessions for a given user
*
* @access public
* @param integer $user_id User id
* @return array
*/
public function getAll($user_id)
{
return $this->db
->table(self::TABLE)
->eq('user_id', $user_id)
->desc('date_creation')
->columns('id', 'ip', 'user_agent', 'date_creation', 'expiration')
->findAll();
}
/**
* Authenticate the user with the cookie
*
* @access public
* @return bool
*/
public function authenticate()
{
$credentials = $this->readCookie();
if ($credentials !== false) {
$record = $this->find($credentials['token'], $credentials['sequence']);
if ($record) {
// Update the sequence
$this->writeCookie(
$record['token'],
$this->update($record['token'], $record['sequence']),
$record['expiration']
);
// Create the session
$user = new User($this->db, $this->event);
$acl = new Acl($this->db, $this->event);
$user->updateSession($user->getById($record['user_id']));
$acl->isRememberMe(true);
return true;
}
}
return false;
}
/**
* Update the database and the cookie with a new sequence
*
* @access public
*/
public function refresh()
{
$credentials = $this->readCookie();
if ($credentials !== false) {
$record = $this->find($credentials['token'], $credentials['sequence']);
if ($record) {
// Update the sequence
$this->writeCookie(
$record['token'],
$this->update($record['token'], $record['sequence']),
$record['expiration']
);
}
}
}
/**
* Remove a session record
*
* @access public
* @param integer $session_id Session id
* @return mixed
*/
public function remove($session_id)
{
return $this->db
->table(self::TABLE)
->eq('id', $session_id)
->remove();
}
/**
* Remove the current RememberMe session and the cookie
*
* @access public
* @param integer $user_id User id
*/
public function destroy($user_id)
{
$credentials = $this->readCookie();
if ($credentials !== false) {
$this->deleteCookie();
$this->db
->table(self::TABLE)
->eq('user_id', $user_id)
->eq('token', $credentials['token'])
->remove();
}
}
/**
* Create a new RememberMe session
*
* @access public
* @param integer $user_id User id
* @param string $ip IP Address
* @param string $user_agent User Agent
* @return array
*/
public function create($user_id, $ip, $user_agent)
{
$token = hash('sha256', $user_id.$user_agent.$ip.$this->generateToken());
$sequence = $this->generateToken();
$expiration = time() + self::EXPIRATION;
$this->cleanup($user_id);
$this->db
->table(self::TABLE)
->insert(array(
'user_id' => $user_id,
'ip' => $ip,
'user_agent' => $user_agent,
'token' => $token,
'sequence' => $sequence,
'expiration' => $expiration,
'date_creation' => time(),
));
return array(
'token' => $token,
'sequence' => $sequence,
'expiration' => $expiration,
);
}
/**
* Remove old sessions for a given user
*
* @access public
* @param integer $user_id User id
* @return bool
*/
public function cleanup($user_id)
{
return $this->db
->table(self::TABLE)
->eq('user_id', $user_id)
->lt('expiration', time())
->remove();
}
/**
* Return a new sequence token and update the database
*
* @access public
* @param string $token Session token
* @param string $sequence Sequence token
* @return string
*/
public function update($token, $sequence)
{
$new_sequence = $this->generateToken();
$this->db
->table(self::TABLE)
->eq('token', $token)
->eq('sequence', $sequence)
->update(array('sequence' => $new_sequence));
return $new_sequence;
}
/**
* Encode the cookie
*
* @access public
* @param string $token Session token
* @param string $sequence Sequence token
* @return string
*/
public function encodeCookie($token, $sequence)
{
return implode('|', array($token, $sequence));
}
/**
* Decode the value of a cookie
*
* @access public
* @param string $value Raw cookie data
* @return array
*/
public function decodeCookie($value)
{
list($token, $sequence) = explode('|', $value);
return array(
'token' => $token,
'sequence' => $sequence,
);
}
/**
* Return true if the current user has a RememberMe cookie
*
* @access public
* @return bool
*/
public function hasCookie()
{
return ! empty($_COOKIE[self::COOKIE_NAME]);
}
/**
* Write and encode the cookie
*
* @access public
* @param string $token Session token
* @param string $sequence Sequence token
* @param string $expiration Cookie expiration
*/
public function writeCookie($token, $sequence, $expiration)
{
setcookie(
self::COOKIE_NAME,
$this->encodeCookie($token, $sequence),
$expiration,
BASE_URL_DIRECTORY,
null,
! empty($_SERVER['HTTPS']),
true
);
}
/**
* Read and decode the cookie
*
* @access public
* @return mixed
*/
public function readCookie()
{
if (empty($_COOKIE[self::COOKIE_NAME])) {
return false;
}
return $this->decodeCookie($_COOKIE[self::COOKIE_NAME]);
}
/**
* Remove the cookie
*
* @access public
*/
public function deleteCookie()
{
setcookie(
self::COOKIE_NAME,
'',
time() - 3600,
BASE_URL_DIRECTORY,
null,
! empty($_SERVER['HTTPS']),
true
);
}
}

69
models/user.php
View File

@ -151,6 +151,10 @@ class User extends Base
unset($user['password']);
}
$user['id'] = (int) $user['id'];
$user['default_project_id'] = (int) $user['default_project_id'];
$user['is_admin'] = (bool) $user['is_admin'];
$_SESSION['user'] = $user;
}
@ -274,7 +278,16 @@ class User extends Base
$user = $this->getByUsername($values['username']);
if ($user !== false && \password_verify($values['password'], $user['password'])) {
// Create the user session
$this->updateSession($user);
// Setup the remember me feature
if (! empty($values['remember_me'])) {
$rememberMe = new RememberMe($this->db, $this->event);
$credentials = $rememberMe->create($user['id'], $this->getIpAddress(), $this->getUserAgent());
$rememberMe->writeCookie($credentials['token'], $credentials['sequence'], $credentials['expiration']);
}
}
else {
$result = false;
@ -287,4 +300,60 @@ class User extends Base
$errors
);
}
/**
* Get the user agent of the connected user
*
* @access public
* @return string
*/
public function getUserAgent()
{
return empty($_SERVER['HTTP_USER_AGENT']) ? t('Unknown') : $_SERVER['HTTP_USER_AGENT'];
}
/**
* Get the real IP address of the connected user
*
* @access public
* @param bool $only_public Return only public IP address
* @return string
*/
public function getIpAddress($only_public = false)
{
$keys = array(
'HTTP_CLIENT_IP',
'HTTP_X_FORWARDED_FOR',
'HTTP_X_FORWARDED',
'HTTP_X_CLUSTER_CLIENT_IP',
'HTTP_FORWARDED_FOR',
'HTTP_FORWARDED',
'REMOTE_ADDR'
);
foreach ($keys as $key) {
if (isset($_SERVER[$key])) {
foreach (explode(',', $_SERVER[$key]) as $ip_address) {
$ip_address = trim($ip_address);
if ($only_public) {
// Return only public IP address
if (filter_var($ip_address, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false) {
return $ip_address;
}
}
else {
return $ip_address;
}
}
}
}
return t('Unknown');
}
}

32
schemas/mysql.php
View File

@ -2,6 +2,38 @@
namespace Schema;
function version_12($pdo)
{
$pdo->exec("
CREATE TABLE remember_me (
id INT NOT NULL AUTO_INCREMENT,
user_id INT,
ip VARCHAR(40),
user_agent VARCHAR(255),
token VARCHAR(255),
sequence VARCHAR(255),
expiration INT,
date_creation INT,
FOREIGN KEY(user_id) REFERENCES users(id) ON DELETE CASCADE,
PRIMARY KEY (id)
) ENGINE=InnoDB CHARSET=utf8"
);
$pdo->exec("
CREATE TABLE last_logins (
id INT NOT NULL AUTO_INCREMENT,
auth_type VARCHAR(25),
user_id INT,
ip VARCHAR(40),
user_agent VARCHAR(255),
date_creation INT,
FOREIGN KEY(user_id) REFERENCES users(id) ON DELETE CASCADE,
PRIMARY KEY (id),
INDEX (user_id)
) ENGINE=InnoDB CHARSET=utf8"
);
}
function version_11($pdo)
{
}

31
schemas/sqlite.php
View File

@ -2,6 +2,37 @@
namespace Schema;
function version_12($pdo)
{
$pdo->exec(
'CREATE TABLE remember_me (
id INTEGER PRIMARY KEY,
user_id INTEGER,
ip TEXT,
user_agent TEXT,
token TEXT,
sequence TEXT,
expiration INTEGER,
date_creation INTEGER,
FOREIGN KEY(user_id) REFERENCES users(id) ON DELETE CASCADE
)'
);
$pdo->exec(
'CREATE TABLE last_logins (
id INTEGER PRIMARY KEY,
auth_type TEXT,
user_id INTEGER,
ip TEXT,
user_agent TEXT,
date_creation INTEGER,
FOREIGN KEY(user_id) REFERENCES users(id) ON DELETE CASCADE
)'
);
$pdo->exec('CREATE INDEX last_logins_user_idx ON last_logins(user_id)');
}
function version_11($pdo)
{
$pdo->exec(

52
templates/config_index.php
View File

@ -2,7 +2,7 @@
<?php if ($user['is_admin']): ?>
<div class="page-header">
<h2><?= t('Application Settings') ?></h2>
<h2><?= t('Application settings') ?></h2>
</div>
<section>
<form method="post" action="?controller=config&amp;action=save" autocomplete="off">
@ -55,7 +55,7 @@
<?php endif ?>
<div class="page-header">
<h2><?= t('User Settings') ?></h2>
<h2><?= t('User settings') ?></h2>
</div>
<section class="settings">
<ul>
@ -66,4 +66,52 @@
</li>
</ul>
</section>
<div class="page-header" id="last-logins">
<h2><?= t('Last logins') ?></h2>
</div>
<?php if (! empty($last_logins)): ?>
<table class="table-small table-hover">
<tr>
<th><?= t('Login date') ?></th>
<th><?= t('Authentication method') ?></th>
<th><?= t('IP address') ?></th>
<th><?= t('User agent') ?></th>
</tr>
<?php foreach($last_logins as $login): ?>
<tr>
<td><?= dt('%B %e, %G at %k:%M %p', $login['date_creation']) ?></td>
<td><?= Helper\escape($login['auth_type']) ?></td>
<td><?= Helper\escape($login['ip']) ?></td>
<td><?= Helper\escape($login['user_agent']) ?></td>
</tr>
<?php endforeach ?>
</table>
<?php endif ?>
<div class="page-header" id="remember-me">
<h2><?= t('Persistent connections') ?></h2>
</div>
<?php if (empty($remember_me_sessions)): ?>
<p class="alert alert-info"><?= t('No session') ?></p>
<?php else: ?>
<table class="table-small table-hover">
<tr>
<th><?= t('Creation date') ?></th>
<th><?= t('Expiration date') ?></th>
<th><?= t('IP address') ?></th>
<th><?= t('User agent') ?></th>
<th><?= t('Action') ?></th>
</tr>
<?php foreach($remember_me_sessions as $session): ?>
<tr>
<td><?= dt('%B %e, %G at %k:%M %p', $session['date_creation']) ?></td>
<td><?= dt('%B %e, %G at %k:%M %p', $session['expiration']) ?></td>
<td><?= Helper\escape($session['ip']) ?></td>
<td><?= Helper\escape($session['user_agent']) ?></td>
<td><a href="?controller=config&amp;action=removeRememberMeToken&amp;id=<?= $session['id'] ?>"><?= t('Remove') ?></a></td>
</tr>
<?php endforeach ?>
</table>
<?php endif ?>
</section>

2
templates/user_login.php
View File

@ -14,6 +14,8 @@
<?= Helper\form_label(t('Password'), 'password') ?>
<?= Helper\form_password('password', $values, $errors, array('required')) ?>
<?= Helper\form_checkbox('remember_me', t('Remember Me'), 1) ?>
<div class="form-actions">
<input type="submit" value="<?= t('Sign in') ?>" class="btn btn-blue"/>
</div>

14
tests/AclTest.php
View File

@ -30,16 +30,16 @@ class AclTest extends Base
$_SESSION = array('user' => array());
$this->assertFalse($acl->isAdminUser());
$_SESSION = array('user' => array('is_admin' => true));
$_SESSION = array('user' => array('is_admin' => '1'));
$this->assertFalse($acl->isAdminUser());
$_SESSION = array('user' => array('is_admin' => '0'));
$_SESSION = array('user' => array('is_admin' => false));
$this->assertFalse($acl->isAdminUser());
$_SESSION = array('user' => array('is_admin' => '2'));
$this->assertFalse($acl->isAdminUser());
$_SESSION = array('user' => array('is_admin' => '1'));
$_SESSION = array('user' => array('is_admin' => true));
$this->assertTrue($acl->isAdminUser());
}
@ -56,13 +56,13 @@ class AclTest extends Base
$_SESSION = array('user' => array('is_admin' => true));
$this->assertFalse($acl->isRegularUser());
$_SESSION = array('user' => array('is_admin' => '1'));
$_SESSION = array('user' => array('is_admin' => true));
$this->assertFalse($acl->isRegularUser());
$_SESSION = array('user' => array('is_admin' => '2'));
$this->assertFalse($acl->isRegularUser());
$_SESSION = array('user' => array('is_admin' => '0'));
$_SESSION = array('user' => array('is_admin' => false));
$this->assertTrue($acl->isRegularUser());
}
@ -84,7 +84,7 @@ class AclTest extends Base
$this->assertTrue($acl->isPageAccessAllowed('board', 'readonly'));
// Regular user
$_SESSION = array('user' => array('is_admin' => '0'));
$_SESSION = array('user' => array('is_admin' => false));
$this->assertFalse($acl->isPageAccessAllowed('user', 'create'));
$this->assertFalse($acl->isPageAccessAllowed('user', 'save'));
$this->assertFalse($acl->isPageAccessAllowed('user', 'remove'));
@ -97,7 +97,7 @@ class AclTest extends Base
$this->assertTrue($acl->isPageAccessAllowed('board', 'readonly'));
// Admin user
$_SESSION = array('user' => array('is_admin' => '1'));
$_SESSION = array('user' => array('is_admin' => true));
$this->assertTrue($acl->isPageAccessAllowed('user', 'create'));
$this->assertTrue($acl->isPageAccessAllowed('user', 'save'));
$this->assertTrue($acl->isPageAccessAllowed('user', 'remove'));