AS1024/Kanboard-Prod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Rewrite of the authentication and authorization system

Browse Source
This commit is contained in:
Frederic Guillot
2015-12-05 20:31:27 -05:00
parent 346b8312e5
commit e9fedf3e5c
255 changed files with 14114 additions and 9820 deletions
Download Patch File Download Diff File Expand all files Collapse all files

129
app/Model/User.php
View File

@@ -7,6 +7,7 @@ use SimpleValidator\Validator;
use SimpleValidator\Validators;
use Kanboard\Core\Session\SessionManager;
use Kanboard\Core\Security\Token;
use Kanboard\Core\Security\Role;
/**
* User model
@@ -57,8 +58,7 @@ class User extends Base
'username',
'name',
'email',
'is_admin',
'is_project_admin',
'role',
'is_ldap_user',
'notifications_enabled',
'google_id',
@@ -91,7 +91,7 @@ class User extends Base
$this->db
->table(User::TABLE)
->eq('id', $user_id)
->eq('is_admin', 1)
->eq('role', Role::APP_ADMIN)
->exists();
}
@@ -111,48 +111,17 @@ class User extends Base
* Get a specific user by the Google id
*
* @access public
* @param string $google_id Google unique id
* @param string $column
* @param string $id
* @return array|boolean
*/
public function getByGoogleId($google_id)
public function getByExternalId($column, $id)
{
if (empty($google_id)) {
if (empty($id)) {
return false;
}
return $this->db->table(self::TABLE)->eq('google_id', $google_id)->findOne();
}
/**
* Get a specific user by the Github id
*
* @access public
* @param string $github_id Github user id
* @return array|boolean
*/
public function getByGithubId($github_id)
{
if (empty($github_id)) {
return false;
}
return $this->db->table(self::TABLE)->eq('github_id', $github_id)->findOne();
}
/**
* Get a specific user by the Gitlab id
*
* @access public
* @param string $gitlab_id Gitlab user id
* @return array|boolean
*/
public function getByGitlabId($gitlab_id)
{
if (empty($gitlab_id)) {
return false;
}
return $this->db->table(self::TABLE)->eq('gitlab_id', $gitlab_id)->findOne();
return $this->db->table(self::TABLE)->eq($column, $id)->findOne();
}
/**
@@ -289,7 +258,7 @@ class User extends Base
}
$this->removeFields($values, array('confirmation', 'current_password'));
$this->resetFields($values, array('is_admin', 'is_ldap_user', 'is_project_admin', 'disable_login_form'));
$this->resetFields($values, array('is_ldap_user', 'disable_login_form'));
$this->convertNullFields($values, array('gitlab_id'));
$this->convertIntegerFields($values, array('gitlab_id'));
}
@@ -355,10 +324,10 @@ class User extends Base
// All private projects are removed
$project_ids = $db->table(Project::TABLE)
->eq('is_private', 1)
->eq(ProjectPermission::TABLE.'.user_id', $user_id)
->join(ProjectPermission::TABLE, 'project_id', 'id')
->findAllByColumn(Project::TABLE.'.id');
->eq('is_private', 1)
->eq(ProjectUserRole::TABLE.'.user_id', $user_id)
->join(ProjectUserRole::TABLE, 'project_id', 'id')
->findAllByColumn(Project::TABLE.'.id');
if (! empty($project_ids)) {
$db->table(Project::TABLE)->in('id', $project_ids)->remove();
@@ -401,71 +370,6 @@ class User extends Base
->save(array('token' => ''));
}
/**
* Get the number of failed login for the user
*
* @access public
* @param string $username
* @return integer
*/
public function getFailedLogin($username)
{
return (int) $this->db->table(self::TABLE)->eq('username', $username)->findOneColumn('nb_failed_login');
}
/**
* Reset to 0 the counter of failed login
*
* @access public
* @param string $username
* @return boolean
*/
public function resetFailedLogin($username)
{
return $this->db->table(self::TABLE)->eq('username', $username)->update(array('nb_failed_login' => 0, 'lock_expiration_date' => 0));
}
/**
* Increment failed login counter
*
* @access public
* @param string $username
* @return boolean
*/
public function incrementFailedLogin($username)
{
return $this->db->execute('UPDATE '.self::TABLE.' SET nb_failed_login=nb_failed_login+1 WHERE username=?', array($username)) !== false;
}
/**
* Check if the account is locked
*
* @access public
* @param string $username
* @return boolean
*/
public function isLocked($username)
{
return $this->db->table(self::TABLE)
->eq('username', $username)
->neq('lock_expiration_date', 0)
->gte('lock_expiration_date', time())
->exists();
}
/**
* Lock the account for the specified duration
*
* @access public
* @param string $username Username
* @param integer $duration Duration in minutes
* @return boolean
*/
public function lock($username, $duration = 15)
{
return $this->db->table(self::TABLE)->eq('username', $username)->update(array('lock_expiration_date' => time() + $duration * 60));
}
/**
* Common validation rules
*
@@ -475,11 +379,10 @@ class User extends Base
private function commonValidationRules()
{
return array(
new Validators\MaxLength('role', t('The maximum length is %d characters', 25), 25),
new Validators\MaxLength('username', t('The maximum length is %d characters', 50), 50),
new Validators\Unique('username', t('The username must be unique'), $this->db->getConnection(), self::TABLE, 'id'),
new Validators\Email('email', t('Email address invalid')),
new Validators\Integer('is_admin', t('This value must be an integer')),
new Validators\Integer('is_project_admin', t('This value must be an integer')),
new Validators\Integer('is_ldap_user', t('This value must be an integer')),
);
}
@@ -585,9 +488,7 @@ class User extends Base
$v = new Validator($values, array_merge($rules, $this->commonPasswordValidationRules()));
if ($v->execute()) {
// Check password
if ($this->authentication->authenticate($this->userSession->getUsername(), $values['current_password'])) {
if ($this->authenticationManager->passwordAuthentication($this->userSession->getUsername(), $values['current_password'], false)) {
return array(true, array());
} else {
return array(false, array('current_password' => array(t('Wrong password'))));