2011-12-22 01:01:29 +01:00
|
|
|
<?php
|
|
|
|
|
|
2012-07-16 03:17:13 +02:00
|
|
|
class Application_Model_Auth
|
|
|
|
|
{
|
2021-10-11 16:10:47 +02:00
|
|
|
public const TOKEN_LIFETIME = 'P2D'; // DateInterval syntax
|
2012-07-11 00:51:32 +02:00
|
|
|
|
|
|
|
|
private function generateToken($action, $user_id)
|
|
|
|
|
{
|
2021-10-11 16:10:47 +02:00
|
|
|
$salt = md5('pro');
|
|
|
|
|
$token = self::generateRandomString();
|
2012-07-11 00:51:32 +02:00
|
|
|
|
2021-10-11 16:10:47 +02:00
|
|
|
$info = new CcSubjsToken();
|
|
|
|
|
$info->setDbUserId($user_id);
|
|
|
|
|
$info->setDbAction($action);
|
|
|
|
|
$info->setDbToken(sha1($token . $salt));
|
|
|
|
|
$info->setDbCreated(gmdate(DEFAULT_TIMESTAMP_FORMAT));
|
|
|
|
|
$info->save();
|
2012-07-11 00:51:32 +02:00
|
|
|
|
2021-10-11 16:10:47 +02:00
|
|
|
Logging::debug("generated token {$token}");
|
2012-07-11 00:51:32 +02:00
|
|
|
|
2021-10-11 16:10:47 +02:00
|
|
|
return $token;
|
2012-07-11 00:51:32 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function sendPasswordRestoreLink($user, $view)
|
|
|
|
|
{
|
2022-08-09 20:24:09 +02:00
|
|
|
$public_url = Config::getPublicUrl();
|
2012-07-11 00:51:32 +02:00
|
|
|
|
2022-08-09 20:24:09 +02:00
|
|
|
$token = $this->generateToken('password.restore', $user->getDbId());
|
|
|
|
|
$link_path = $view->url(['user_id' => $user->getDbId(), 'token' => $token], 'password-change');
|
2012-07-11 00:51:32 +02:00
|
|
|
|
2015-08-07 19:57:42 +02:00
|
|
|
$message = sprintf(_("Hi %s, \n\nPlease click this link to reset your password: "), $user->getDbLogin());
|
2022-08-09 20:24:09 +02:00
|
|
|
$message .= "{$public_url}{$link_path}";
|
2017-03-13 20:39:21 +01:00
|
|
|
$message .= sprintf(_("\n\nIf you have any problems, please contact our support team: %s"), SUPPORT_ADDRESS);
|
|
|
|
|
$message .= sprintf(_("\n\nThank you,\nThe %s Team"), SAAS_PRODUCT_BRANDING_NAME);
|
2012-07-11 00:51:32 +02:00
|
|
|
|
2015-08-07 19:57:42 +02:00
|
|
|
$str = sprintf(_('%s Password Reset'), SAAS_PRODUCT_BRANDING_NAME);
|
2021-10-11 16:10:47 +02:00
|
|
|
|
2015-07-22 19:48:47 +02:00
|
|
|
return Application_Model_Email::send($str, $message, $user->getDbEmail());
|
2012-07-11 00:51:32 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function invalidateTokens($user, $action)
|
|
|
|
|
{
|
2021-10-11 16:10:47 +02:00
|
|
|
CcSubjsTokenQuery::create()
|
|
|
|
|
->filterByDbAction($action)
|
|
|
|
|
->filterByDbUserId($user->getDbId())
|
2022-01-23 19:15:55 +01:00
|
|
|
->delete();
|
2012-07-11 00:51:32 +02:00
|
|
|
}
|
|
|
|
|
|
2011-12-22 01:01:29 +01:00
|
|
|
public function checkToken($user_id, $token, $action)
|
|
|
|
|
{
|
2021-10-11 16:10:47 +02:00
|
|
|
$salt = md5('pro');
|
2012-07-11 00:51:32 +02:00
|
|
|
|
2011-12-22 01:01:29 +01:00
|
|
|
$token_info = CcSubjsTokenQuery::create()
|
2021-10-11 16:10:47 +02:00
|
|
|
->filterByDbAction($action)
|
|
|
|
|
->filterByDbUserId($user_id)
|
|
|
|
|
->filterByDbToken(sha1($token . $salt))
|
2022-01-23 19:15:55 +01:00
|
|
|
->findOne();
|
2011-12-22 01:01:29 +01:00
|
|
|
|
|
|
|
|
if (empty($token_info)) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$now = new DateTime();
|
|
|
|
|
$token_life = new DateInterval(self::TOKEN_LIFETIME);
|
2021-10-11 16:10:47 +02:00
|
|
|
$token_created = new DateTime($token_info->getDbCreated(), new DateTimeZone('UTC'));
|
2012-07-11 00:51:32 +02:00
|
|
|
|
2011-12-22 01:01:29 +01:00
|
|
|
return $now->sub($token_life)->getTimestamp() < $token_created->getTimestamp();
|
2012-07-11 00:51:32 +02:00
|
|
|
}
|
|
|
|
|
|
2011-12-22 01:01:29 +01:00
|
|
|
/**
|
2021-10-11 16:10:47 +02:00
|
|
|
* Gets the adapter for authentication against a database table.
|
2011-12-22 01:01:29 +01:00
|
|
|
*
|
|
|
|
|
* @return object
|
|
|
|
|
*/
|
|
|
|
|
public static function getAuthAdapter()
|
|
|
|
|
{
|
2014-05-02 21:50:37 +02:00
|
|
|
$CC_CONFIG = Config::getConfig();
|
2017-03-18 19:15:20 +01:00
|
|
|
if ($CC_CONFIG['auth'] !== 'local') {
|
|
|
|
|
return self::getCustomAuthAdapter($CC_CONFIG['auth']);
|
|
|
|
|
}
|
2021-10-11 16:10:47 +02:00
|
|
|
|
|
|
|
|
// Database config
|
|
|
|
|
$db = Zend_Db::factory('PDO_' . $CC_CONFIG['dsn']['phptype'], [
|
2022-02-04 15:03:01 +01:00
|
|
|
'host' => $CC_CONFIG['dsn']['host'],
|
|
|
|
|
'port' => $CC_CONFIG['dsn']['port'],
|
2014-05-02 21:50:37 +02:00
|
|
|
'username' => $CC_CONFIG['dsn']['username'],
|
|
|
|
|
'password' => $CC_CONFIG['dsn']['password'],
|
2021-10-11 16:10:47 +02:00
|
|
|
'dbname' => $CC_CONFIG['dsn']['database'],
|
|
|
|
|
]);
|
2014-05-02 21:50:37 +02:00
|
|
|
Zend_Db_Table_Abstract::setDefaultAdapter($db);
|
|
|
|
|
$authAdapter = new Zend_Auth_Adapter_DbTable($db);
|
2011-12-22 01:01:29 +01:00
|
|
|
|
|
|
|
|
$authAdapter->setTableName('cc_subjs')
|
2021-10-11 16:10:47 +02:00
|
|
|
->setIdentityColumn('login')
|
|
|
|
|
->setCredentialColumn('pass')
|
2022-01-23 19:15:55 +01:00
|
|
|
->setCredentialTreatment('MD5(?)');
|
2012-07-11 00:51:32 +02:00
|
|
|
|
2011-12-22 01:01:29 +01:00
|
|
|
return $authAdapter;
|
|
|
|
|
}
|
2012-07-11 00:51:32 +02:00
|
|
|
|
2017-03-18 19:15:20 +01:00
|
|
|
/**
|
2021-10-11 16:10:47 +02:00
|
|
|
* Gets an alternative Adapter that does not need to auth agains a databse table.
|
|
|
|
|
*
|
|
|
|
|
* @param mixed $adaptor
|
2017-03-18 19:15:20 +01:00
|
|
|
*
|
|
|
|
|
* @return object
|
|
|
|
|
*/
|
2021-10-11 16:10:47 +02:00
|
|
|
public static function getCustomAuthAdapter($adaptor)
|
|
|
|
|
{
|
2017-03-18 19:15:20 +01:00
|
|
|
return new $adaptor();
|
|
|
|
|
}
|
|
|
|
|
|
2011-12-22 01:01:29 +01:00
|
|
|
/**
|
2021-10-11 16:10:47 +02:00
|
|
|
* Get random string.
|
|
|
|
|
*
|
|
|
|
|
* @param int $length
|
|
|
|
|
* @param string $allowed_chars
|
2011-12-22 01:01:29 +01:00
|
|
|
*
|
|
|
|
|
* @return string
|
|
|
|
|
*/
|
|
|
|
|
final public function generateRandomString($length = 12, $allowed_chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789')
|
|
|
|
|
{
|
|
|
|
|
$string = '';
|
2021-10-11 16:10:47 +02:00
|
|
|
for ($i = 0; $i < $length; ++$i) {
|
Feature: Support php7.4 (#1354)
* Run CI tests against php 7.4
* Sort composer dependencies
* Remove unused Aws S3 php library
* Pin simplepie dependency to ^1.5
* Pin getid3 dependency to ^1.9
* Pin composer semver to ^3.2
* Pin php-amqplib to ^2.12
* Drop sentry logging support
* Update composer dependencies
* Move propel regenerate to Makefile
* Regenerate propel files with v1.7.0
* Pin propel orm to ^1.7
* Regenerate propel files with v1.7.2
* fix: generator_version in airtime-conf-production.php
* Replace propel/propel1 with jooola/propel1
* Regenerate propel files with v1.7.3-dev
* Fix php7.4 compatibility
Using php-cs-fixer:
'@PhpCsFixer' => true,
'concat_space' => ['spacing' => 'one'],
'ordered_class_elements' => false,
'yoda_style' => false,
'@PHP74Migration' => true,
'assign_null_coalescing_to_coalesce_equal' => false,
'ternary_to_null_coalescing' => false,
'heredoc_indentation' => false,
'@PHP74Migration:risky' => true,
'declare_strict_types' => false,
'void_return' => false,
'use_arrow_functions' => false,
* Fix pre-commit
2021-10-17 17:19:53 +02:00
|
|
|
$string .= $allowed_chars[random_int(0, strlen($allowed_chars) - 1)];
|
2011-12-22 01:01:29 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $string;
|
|
|
|
|
}
|
2021-10-11 16:10:47 +02:00
|
|
|
|
2014-06-23 21:22:44 +02:00
|
|
|
/** It is essential to do this before interacting with Zend_Auth otherwise sessions could be shared between
|
2014-06-25 17:15:14 +02:00
|
|
|
* different copies of Airtime on the same webserver. This essentially pins this session to:
|
2022-08-09 20:24:09 +02:00
|
|
|
* - The server public url.
|
2021-10-11 16:10:47 +02:00
|
|
|
*
|
|
|
|
|
* @param Zend_Auth $auth get this with Zend_Auth::getInstance()
|
2014-06-23 21:22:44 +02:00
|
|
|
*/
|
|
|
|
|
public static function pinSessionToClient($auth)
|
|
|
|
|
{
|
2023-05-30 22:25:50 +02:00
|
|
|
$auth->setStorage(new Zend_Auth_Storage_Session('libretime'));
|
2014-06-23 21:22:44 +02:00
|
|
|
}
|
2012-06-13 22:04:57 +02:00
|
|
|
}
|
