[geeklog-cvs] Auth_Enterprise/Enterprise Server.php,1.3,1.4
jellybob at iowaoutdoors.org
jellybob at iowaoutdoors.org
Tue Jul 13 19:07:01 EDT 2004
Update of /var/cvs/Auth_Enterprise/Enterprise
In directory www:/tmp/cvs-serv25196
Modified Files:
Server.php
Log Message:
More refactoring of common code from DB.php to Server.php
Index: Server.php
===================================================================
RCS file: /var/cvs/Auth_Enterprise/Enterprise/Server.php,v
retrieving revision 1.3
retrieving revision 1.4
diff -C2 -d -r1.3 -r1.4
*** Server.php 9 Jul 2004 01:51:03 -0000 1.3
--- Server.php 13 Jul 2004 23:06:57 -0000 1.4
***************
*** 71,78 ****
* @author Tony Bibbs <tony at geeklog.net>
* @access public
! *
*/
public function authenticate($userName, $password)
{
}
--- 71,132 ----
* @author Tony Bibbs <tony at geeklog.net>
* @access public
! * @param string $userName The username to authenticate with.
! * @param string $password The password to authenticate with.
! * @return Auth_Enterprise_ServiceUser|false
*/
public function authenticate($userName, $password)
{
+ $user = $this->getUser($userName);
+ if ($user === false) {
+ throw new AEInvalidUserCredentials();
+ return false;
+ } else {
+ if ($user->getPassword() != $password) {
+ $this->incrementFailedAttempts($userName);
+ throw new AEInvalidUserCredentials();
+ return false;
+ } else {
+ // Ensure the account hasn't been locked
+ if ($user->getAccountLocked()) {
+ throw new AEAccountLocked();
+ }
+
+ // Check to see if password has expired.
+ if ($user->isPasswordExpired()) {
+ throw new AEPasswordExpired();
+ }
+ $user->setAppId($this->options['appId']);
+
+ try {
+ // We get the groups as those will be sent back in user object
+ $user->setGroups($this->getGroups($user->getUserName()));
+ $user->setPrivileges($this->getPrivileges($user->getUserName()));
+ } catch (Exception $e) {
+ throw $e;
+ }
+
+ $this->isAuthenticated = true;
+ $this->_user = $user;
+
+ return $user;
+ }
+ }
+ }
+
+ /**
+ * Gets a user object.
+ *
+ * This methods should be overridden by providers to return a user object.
+ *
+ * Returns false if the user doesn't exist.
+ *
+ * @author Jon Wood <jon at jellybob.co.uk>
+ * @access protected
+ * @param string $username The user to get.
+ * @return Auth_Enterprise_ServiceUser|false Either a user object, or false if the didn't exist.
+ */
+ protected function getUser($username)
+ {
+ throw new AENotImplemented();
}
***************
*** 98,105 ****
* @author Tony Bibbs <tony at geeklog.net>
* @access public
! *
*/
! public function createAccountByAdmin($adminUserName, $adminPassword, $userName, $userPassword)
{
}
--- 152,195 ----
* @author Tony Bibbs <tony at geeklog.net>
* @access public
! * @todo Encrypt the password.
! * @param string $adminUserName The administrator creating the account.
! * @param string $adminUserPass The administrator's password.
! * @param string $userName The new user's username.
! * @param string $userPassword The new user's password.
*/
! public function createAccountByAdmin($adminUserName, $adminUserPass, $userName, $userPassword)
{
+ // Make sure admin is authenticated
+ if (($userObj = $this->isAuthenticated()) === false) {
+ try {
+ $userObj = $this->authenticate($adminUserName, $adminUserPass);
+ } catch (AEAccountLocked $e) {
+ throw new AEAccountLocked('Administrator\'s account is locked');
+ } catch (AEPasswordExpired $e) {
+ throw new AEPasswordExpired('Administrator\'s password has expired');
+ }
+ }
+
+ // Check that the user doesn't already exist.
+ if ($this->getUser($userName) !== false) {
+ throw new AEUserAlreadyExists('The username requested for the new user already exists.');
+ }
+
+ try {
+ $this->createAccount($userName, $userPassword, $userObj->getUserName());
+ } catch (AEBaseException $e) {
+ throw $e;
+ return;
+ }
+
+ // Add password to history
+ try {
+ $this->addPasswordToHistory($userName, $userPassword);
+ } catch (AEBaseException $e) {
+ // Something went wrong, delete the account.
+ $this->deleteAccount($userName);
+ throw $e;
+ return;
+ }
}
***************
*** 113,116 ****
--- 203,236 ----
public function changePassword($userName, $newPassword)
{
+ // Make sure new password is a valid format
+ if (!Auth_Enterprise_PasswordGenerator::isValidPassword($newPassword)) {
+ throw new AEPasswordInvalid();
+ return;
+ }
+
+ // Verify the password isn't in our password history
+ if ($this->passwordInHistory($userName, $newPassword)) {
+ throw new AEPasswordInHistory();
+ return;
+ }
+
+ // Add password to history
+ // This is done before the change in case of problems.
+ try {
+ $this->addPasswordToHistory($userName, $newPassword);
+ } catch (AEBaseException $e) {
+ throw $e;
+ return;
+ }
+
+ // Change the password
+ try {
+ $this->doPasswordChange($userName, $newPassword, $userName);
+ } catch (AEBaseException $e) {
+ throw $e;
+ // The change didn't work, so remove the password from history.
+ $this->removePasswordFromHistory($userName, $newPassword);
+ return;
+ }
}
***************
*** 125,128 ****
--- 245,271 ----
public function changePasswordByAdmin($adminUserName, $adminPassword, $userName, $newPassword)
{
+ // Make sure admin is authenticated
+ if (($userObj = $this->isAuthenticated()) === false) {
+ try {
+ $userObj = $this->authenticate($adminUserName, $adminPassword);
+ } catch (AEBaseException $e) {
+ throw $e;
+ return;
+ }
+ }
+
+ // Need to verify the they have right Auth_Enterprise privilege
+ if (!$userObj->authorize('AE_ACCOUNT_MGR')) {
+ throw new AEUserNotAuthorized("User $adminUserName does not have sufficient privileges
+ to change the password for $userName");
+ return;
+ }
+
+ try {
+ $this->changePassword($userName, $newPassword);
+ } catch (AEBaseException $e) {
+ throw $e;
+ return;
+ }
}
***************
*** 138,141 ****
--- 281,294 ----
public function resetPassword($userName)
{
+ $newPassword = Auth_Enterprise_PasswordGenerator::generatePassword($this->_options['passwords']);
+
+ try {
+ $this->changePassword($userName, $newPassword);
+ } catch (AEBaseException $e) {
+ throw $e;
+ return;
+ }
+
+ return $newPassword;
}
***************
*** 149,152 ****
--- 302,337 ----
public function getUserPrivileges($adminUserName, $adminPassword, $userName)
{
+ throw new AENotImplementedException();
+ }
+
+ /**
+ * Gets the application privileges for a given user
+ *
+ * @author Tony Bibbs <tony at geeklog.net>
+ * @access public
+ * @param string $adminUserName Administrator's Username
+ * @param string $adminPassword Administrator's Password
+ * @param string $userName User to get privileges for
+ * @return array AEPrivilege array
+ *
+ */
+ public function getUserPrivilegesByAdmin($adminUserName, $adminPassword, $userName)
+ {
+ // Make sure admin is authenticated
+ if (($userObj = $this->isAuthenticated()) === false) {
+ try {
+ $userObj = $this->authenticate($adminUserName, $adminPassword);
+ } catch (AEBaseException $e) {
+ throw $e;
+ return;
+ }
+ }
+
+ try {
+ return $this->getPrivileges($userName);
+ } catch (AEBaseException $e) {
+ throw $e;
+ return;
+ }
}
More information about the geeklog-cvs
mailing list