Merge branch '2.5.x' into cc-5709-airtime-analyzer

Conflicts: airtime_mvc/application/controllers/LoginController.php airtime_mvc/application/controllers/plugins/Acl_plugin.php airtime_mvc/locale/de_AT/LC_MESSAGES/airtime.po airtime_mvc/locale/en_GB/LC_MESSAGES/airtime.po airtime_mvc/locale/pt_BR/LC_MESSAGES/airtime.po
2014-06-23 15:26:53 -04:00 · 2014-06-23 15:26:53 -04:00 · 24d842c4a6
commit 24d842c4a6
parent e5a74e7285 a2bef67d33
16 changed files with 11781 additions and 53 deletions
--- a/airtime_mvc/application/controllers/LoginController.php
+++ b/airtime_mvc/application/controllers/LoginController.php
@ -14,9 +14,11 @@ class LoginController extends Zend_Controller_Action
        $request = $this->getRequest();
        
        Application_Model_Locale::configureLocalization($request->getcookie('airtime_locale', 'en_CA'));
-        if (Zend_Auth::getInstance()->hasIdentity())
+        $auth = Zend_Auth::getInstance();
+        Application_Model_Auth::pinSessionToClient($auth);
+        
+        if ($auth->hasIdentity())
        {
-
            $this->_redirect('Showbuilder');
        }

@ -52,8 +54,7 @@ class LoginController extends Zend_Controller_Action
                    //pass to the adapter the submitted username and password
                    $authAdapter->setIdentity($username)
                                ->setCredential($password);
-
-                    $auth = Zend_Auth::getInstance();
+                    
                    $result = $auth->authenticate($authAdapter);
                    if ($result->isValid()) {
                        //all info about this user from the login table omit only the password
@ -65,15 +66,13 @@ class LoginController extends Zend_Controller_Action

                        Application_Model_LoginAttempts::resetAttempts($_SERVER['REMOTE_ADDR']);
                        Application_Model_Subjects::resetLoginAttempts($username);
-                        
-                        $tempSess = new Zend_Session_Namespace("referrer");
-                        $tempSess->referrer = 'login';
-                        
+
                        //set the user locale in case user changed it in when logging in
                        Application_Model_Preference::SetUserLocale($locale);

                        $this->_redirect('Showbuilder');
                    } else {
+
                        $message = _("Wrong username or password provided. Please try again.");
                        Application_Model_Subjects::increaseLoginAttempts($username);
                        Application_Model_LoginAttempts::increaseAttempts($_SERVER['REMOTE_ADDR']);
@ -96,7 +95,9 @@ class LoginController extends Zend_Controller_Action

    public function logoutAction()
    {
-        Zend_Auth::getInstance()->clearIdentity();
+        $auth = Zend_Auth::getInstance();
+        Application_Model_Auth::pinSessionToClient($auth);
+        $auth->clearIdentity();
        $this->_redirect('showbuilder/index');
    }

@ -188,6 +189,7 @@ class LoginController extends Zend_Controller_Action
            $auth->invalidateTokens($user, 'password.restore');

            $zend_auth = Zend_Auth::getInstance();
+            Application_Model_Auth::pinSessionToClient($zend_auth);
            $zend_auth->clearIdentity();

            $authAdapter = Application_Model_Auth::getAuthAdapter();
--- a/airtime_mvc/application/controllers/plugins/Acl_plugin.php
+++ b/airtime_mvc/application/controllers/plugins/Acl_plugin.php
@ -109,6 +109,7 @@ class Zend_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
    public function preDispatch(Zend_Controller_Request_Abstract $request)
    {
        $controller = strtolower($request->getControllerName());
+        Application_Model_Auth::pinSessionToClient(Zend_Auth::getInstance());

        //Ignore authentication for all access to the rest API. We do auth via API keys for this
        //and/or by OAuth.