fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BUG 000 Add hook for the SSO plugin

Browse Source
This commit is contained in:
Julio Cesar Laura
2011-08-24 19:30:03 -04:00
parent 513e485c0e
commit 78a400d851
3 changed files with 226 additions and 205 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
gulliver/system/class.rbac.php
View File

@@ -64,6 +64,8 @@ class RBAC
var $aRbacPlugins = array(); var $aRbacPlugins = array();
var $sSystem = ''; var $sSystem = '';
var $singleSignOn = false;
static private $instance = NULL; static private $instance = NULL;
private function __construct() { private function __construct() {

257
workflow/engine/methods/login/authentication.php
View File

@@ -23,111 +23,112 @@
* *
*/ */
if (!isset($_POST['form']) ) {
G::SendTemporalMessage ('ID_USER_HAVENT_RIGHTS_SYSTEM', "error");
G::header ("location: login.html");die;
}
try { try {
$frm = $_POST['form']; if (!$RBAC->singleSignOn) {
$usr = ''; $frm = $_POST['form'];
$pwd = ''; $usr = '';
if (isset($frm['USR_USERNAME'])) { $pwd = '';
$usr = strtolower(trim($frm['USR_USERNAME'])); if (isset($frm['USR_USERNAME'])) {
$pwd = trim($frm['USR_PASSWORD']); $usr = strtolower(trim($frm['USR_USERNAME']));
} $pwd = trim($frm['USR_PASSWORD']);
$uid = $RBAC->VerifyLogin($usr , $pwd); }
//cleaning session files older than 72 hours $uid = $RBAC->VerifyLogin($usr , $pwd);
$RBAC->cleanSessionFiles(72); //cleaning session files older than 72 hours
$sPwd = 'currentPwd'; $RBAC->cleanSessionFiles(72);
switch ($uid) { $sPwd = 'currentPwd';
//The user does doesn't exist switch ($uid) {
case -1: //The user does doesn't exist
case -1:
G::SendTemporalMessage ('ID_USER_NOT_REGISTERED', "warning");
break;
//The password is incorrect
case -2:
G::SendTemporalMessage ('ID_WRONG_PASS', "warning");
if(isset($_SESSION['__AUTH_ERROR__'])){
G::SendMessageText($_SESSION['__AUTH_ERROR__'], "warning");
unset($_SESSION['__AUTH_ERROR__']);
}
break;
//The user is inactive
case -3:
require_once 'classes/model/Users.php';
$user = new Users;
$aUser = $user->loadByUsernameInArray($usr);
switch($aUser['USR_STATUS']){
case 'VACATION':
G::SendTemporalMessage ('ID_USER_ONVACATION', "warning");
break;
CASE 'INACTIVE':
G::SendTemporalMessage ('ID_USER_INACTIVE', "warning");
break;
}
break;
//The Due date is finished
case -4:
G::SendTemporalMessage ('ID_USER_INACTIVE_BY_DATE', "warning");
break;
case -5:
G::SendTemporalMessage ('ID_AUTHENTICATION_SOURCE_INVALID', "warning");
break;
}
$$sPwd= $pwd;
//to avoid empty string in user field. This will avoid a weird message "this row doesn't exist"
if ( !isset($uid) ) {
$uid = -1;
G::SendTemporalMessage ('ID_USER_NOT_REGISTERED', "warning"); G::SendTemporalMessage ('ID_USER_NOT_REGISTERED', "warning");
break;
//The password is incorrect
case -2:
G::SendTemporalMessage ('ID_WRONG_PASS', "warning");
if(isset($_SESSION['__AUTH_ERROR__'])){
G::SendMessageText($_SESSION['__AUTH_ERROR__'], "warning");
unset($_SESSION['__AUTH_ERROR__']);
}
break;
//The user is inactive
case -3:
require_once 'classes/model/Users.php';
$user = new Users;
$aUser = $user->loadByUsernameInArray($usr);
switch($aUser['USR_STATUS']){
case 'VACATION':
G::SendTemporalMessage ('ID_USER_ONVACATION', "warning");
break;
CASE 'INACTIVE':
G::SendTemporalMessage ('ID_USER_INACTIVE', "warning");
break;
}
break;
//The Due date is finished
case -4:
G::SendTemporalMessage ('ID_USER_INACTIVE_BY_DATE', "warning");
break;
case -5:
G::SendTemporalMessage ('ID_AUTHENTICATION_SOURCE_INVALID', "warning");
break;
} }
$$sPwd= $pwd;
//to avoid empty string in user field. This will avoid a weird message "this row doesn't exist" if ( !isset($uid) || $uid < 0 ) {
if ( !isset($uid) ) { if(isset($_SESSION['FAILED_LOGINS']))
$uid = -1; $_SESSION['FAILED_LOGINS']++;
G::SendTemporalMessage ('ID_USER_NOT_REGISTERED', "warning"); if (!defined('PPP_FAILED_LOGINS')) {
} define('PPP_FAILED_LOGINS', 0);
}
if ( !isset($uid) || $uid < 0 ) { if (PPP_FAILED_LOGINS > 0) {
if(isset($_SESSION['FAILED_LOGINS'])) if ($_SESSION['FAILED_LOGINS'] >= PPP_FAILED_LOGINS) {
$_SESSION['FAILED_LOGINS']++;
if (!defined('PPP_FAILED_LOGINS')) {
define('PPP_FAILED_LOGINS', 0);
}
if (PPP_FAILED_LOGINS > 0) {
if ($_SESSION['FAILED_LOGINS'] >= PPP_FAILED_LOGINS) {
$oConnection = Propel::getConnection('rbac');
$oStatement = $oConnection->prepareStatement("SELECT USR_UID FROM USERS WHERE USR_USERNAME = '" . $usr . "'");
$oDataset = $oStatement->executeQuery();
if ($oDataset->next()) {
$sUserUID = $oDataset->getString('USR_UID');
$oConnection = Propel::getConnection('rbac'); $oConnection = Propel::getConnection('rbac');
$oStatement = $oConnection->prepareStatement("UPDATE USERS SET USR_STATUS = 0 WHERE USR_UID = '" . $sUserUID . "'"); $oStatement = $oConnection->prepareStatement("SELECT USR_UID FROM USERS WHERE USR_USERNAME = '" . $usr . "'");
$oStatement->executeQuery(); $oDataset = $oStatement->executeQuery();
$oConnection = Propel::getConnection('workflow'); if ($oDataset->next()) {
$oStatement = $oConnection->prepareStatement("UPDATE USERS SET USR_STATUS = 'INACTIVE' WHERE USR_UID = '" . $sUserUID . "'"); $sUserUID = $oDataset->getString('USR_UID');
$oStatement->executeQuery(); $oConnection = Propel::getConnection('rbac');
unset($_SESSION['FAILED_LOGINS']); $oStatement = $oConnection->prepareStatement("UPDATE USERS SET USR_STATUS = 0 WHERE USR_UID = '" . $sUserUID . "'");
G::SendMessageText(G::LoadTranslation('ID_ACCOUNT') . ' "' . $usr . '" ' . G::LoadTranslation('ID_ACCOUNT_DISABLED_CONTACT_ADMIN'), 'warning'); $oStatement->executeQuery();
} $oConnection = Propel::getConnection('workflow');
else { $oStatement = $oConnection->prepareStatement("UPDATE USERS SET USR_STATUS = 'INACTIVE' WHERE USR_UID = '" . $sUserUID . "'");
//Nothing $oStatement->executeQuery();
unset($_SESSION['FAILED_LOGINS']);
G::SendMessageText(G::LoadTranslation('ID_ACCOUNT') . ' "' . $usr . '" ' . G::LoadTranslation('ID_ACCOUNT_DISABLED_CONTACT_ADMIN'), 'warning');
}
else {
//Nothing
}
} }
} }
G::header ("location: login.html");
die;
} }
G::header ("location: login.html"); if(!isset( $_SESSION['WORKSPACE'] ) ) $_SESSION['WORKSPACE'] = SYS_SYS;
die;
}
if(!isset( $_SESSION['WORKSPACE'] ) ) $_SESSION['WORKSPACE'] = SYS_SYS;
//Execute the SSO Script from plugin //Execute the SSO Script from plugin
$oPluginRegistry =& PMPluginRegistry::getSingleton(); $oPluginRegistry =& PMPluginRegistry::getSingleton();
if ( $oPluginRegistry->existsTrigger ( PM_LOGIN ) ) { if ( $oPluginRegistry->existsTrigger ( PM_LOGIN ) ) {
$lSession=""; $lSession="";
$loginInfo = new loginInfo ($usr, $pwd, $lSession ); $loginInfo = new loginInfo ($usr, $pwd, $lSession );
$oPluginRegistry->executeTriggers ( PM_LOGIN , $loginInfo ); $oPluginRegistry->executeTriggers ( PM_LOGIN , $loginInfo );
} }
$_SESSION['USER_LOGGED'] = $uid;
$_SESSION['USR_USERNAME'] = $usr;
}
else {
$uid = $RBAC->userObj->fields['USR_UID'];
$usr = $RBAC->userObj->fields['USR_USERNAME'];
$_SESSION['USER_LOGGED'] = $uid;
$_SESSION['USR_USERNAME'] = $usr;
}
$_SESSION['USER_LOGGED'] = $uid;
$_SESSION['USR_USERNAME'] = $usr;
$aUser = $RBAC->userObj->load($_SESSION['USER_LOGGED']); $aUser = $RBAC->userObj->load($_SESSION['USER_LOGGED']);
$RBAC->loadUserRolePermission($RBAC->sSystem, $_SESSION['USER_LOGGED']); $RBAC->loadUserRolePermission($RBAC->sSystem, $_SESSION['USER_LOGGED']);
//$rol = $RBAC->rolesObj->load($RBAC->aUserInfo['PROCESSMAKER']['ROLE']['ROL_UID']); //$rol = $RBAC->rolesObj->load($RBAC->aUserInfo['PROCESSMAKER']['ROLE']['ROL_UID']);
@@ -204,48 +205,54 @@ try {
/* Check password using policy - Start */ /* Check password using policy - Start */
require_once 'classes/model/UsersProperties.php'; require_once 'classes/model/UsersProperties.php';
$oUserProperty = new UsersProperties(); $oUserProperty = new UsersProperties();
$aUserProperty = $oUserProperty->loadOrCreateIfNotExists($_SESSION['USER_LOGGED'], array('USR_PASSWORD_HISTORY' => serialize(array(md5($currentPwd))))); if (!$RBAC->singleSignOn) {
$aErrors = $oUserProperty->validatePassword($_POST['form']['USR_PASSWORD'], $aUserProperty['USR_LAST_UPDATE_DATE'], $aUserProperty['USR_LOGGED_NEXT_TIME']); $aUserProperty = $oUserProperty->loadOrCreateIfNotExists($_SESSION['USER_LOGGED'], array('USR_PASSWORD_HISTORY' => serialize(array(md5($currentPwd)))));
$aErrors = $oUserProperty->validatePassword($_POST['form']['USR_PASSWORD'], $aUserProperty['USR_LAST_UPDATE_DATE'], $aUserProperty['USR_LOGGED_NEXT_TIME']);
if (!empty($aErrors)) { if (!empty($aErrors)) {
if (!defined('NO_DISPLAY_USERNAME')) { if (!defined('NO_DISPLAY_USERNAME')) {
define('NO_DISPLAY_USERNAME', 1); define('NO_DISPLAY_USERNAME', 1);
}
$aFields = array();
$aFields['DESCRIPTION'] = '<span style="font-weight:normal;">';
$aFields['DESCRIPTION'] .= G::LoadTranslation('ID_POLICY_ALERT').':<br /><br />';
foreach ($aErrors as $sError) {
switch ($sError) {
case 'ID_PPP_MINIMUN_LENGTH':
$aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError).': ' . PPP_MINIMUN_LENGTH . '<br />';
$aFields[substr($sError, 3)] = PPP_MINIMUN_LENGTH;
break;
case 'ID_PPP_MAXIMUN_LENGTH':
$aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError).': ' . PPP_MAXIMUN_LENGTH . '<br />';
$aFields[substr($sError, 3)] = PPP_MAXIMUN_LENGTH;
break;
case 'ID_PPP_EXPIRATION_IN':
$aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError).' ' . PPP_EXPIRATION_IN . ' ' . G::LoadTranslation('ID_DAYS') . '<br />';
$aFields[substr($sError, 3)] = PPP_EXPIRATION_IN;
break;
default:
$aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError).'<br />';
$aFields[substr($sError, 3)] = 1;
break;
} }
$aFields = array();
$aFields['DESCRIPTION'] = '<span style="font-weight:normal;">';
$aFields['DESCRIPTION'] .= G::LoadTranslation('ID_POLICY_ALERT').':<br /><br />';
foreach ($aErrors as $sError) {
switch ($sError) {
case 'ID_PPP_MINIMUN_LENGTH':
$aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError).': ' . PPP_MINIMUN_LENGTH . '<br />';
$aFields[substr($sError, 3)] = PPP_MINIMUN_LENGTH;
break;
case 'ID_PPP_MAXIMUN_LENGTH':
$aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError).': ' . PPP_MAXIMUN_LENGTH . '<br />';
$aFields[substr($sError, 3)] = PPP_MAXIMUN_LENGTH;
break;
case 'ID_PPP_EXPIRATION_IN':
$aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError).' ' . PPP_EXPIRATION_IN . ' ' . G::LoadTranslation('ID_DAYS') . '<br />';
$aFields[substr($sError, 3)] = PPP_EXPIRATION_IN;
break;
default:
$aFields['DESCRIPTION'] .= ' - ' . G::LoadTranslation($sError).'<br />';
$aFields[substr($sError, 3)] = 1;
break;
}
}
$aFields['DESCRIPTION'] .= '<br />' . G::LoadTranslation('ID_PLEASE_CHANGE_PASSWORD_POLICY') . '<br /><br /></span>';
$G_PUBLISH = new Publisher;
$G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/changePassword', '', $aFields, 'changePassword');
G::RenderPage('publish');
die;
}
/* Check password using policy - End */
if ( isset($_POST['form']['URL']) && $_POST['form']['URL'] != '') {
$sLocation = $_POST['form']['URL'];
}
else {
$sLocation = $oUserProperty->redirectTo($_SESSION['USER_LOGGED'], $lang);
} }
$aFields['DESCRIPTION'] .= '<br />' . G::LoadTranslation('ID_PLEASE_CHANGE_PASSWORD_POLICY') . '<br /><br /></span>';
$G_PUBLISH = new Publisher;
$G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/changePassword', '', $aFields, 'changePassword');
G::RenderPage('publish');
die;
}
/* Check password using policy - End */
if ( isset($_POST['form']['URL']) && $_POST['form']['URL'] != '') {
$sLocation = $_POST['form']['URL'];
} }
else { else {
$sLocation = $oUserProperty->redirectTo($_SESSION['USER_LOGGED'], $lang); G::header('Location: ' . $oUserProperty->redirectTo($_SESSION['USER_LOGGED'], $lang));
die();
} }
$oHeadPublisher =& headPublisher::getSingleton(); $oHeadPublisher =& headPublisher::getSingleton();

12
workflow/engine/methods/login/login.php
View File

@@ -82,6 +82,18 @@
session_start (); session_start ();
session_regenerate_id (); session_regenerate_id ();
// Execute SSO trigger - Start
$pluginRegistry =& PMPluginRegistry::getSingleton();
if (defined('PM_SINGLE_SIGN_ON')) {
if ($pluginRegistry->existsTrigger(PM_SINGLE_SIGN_ON)) {
if ($pluginRegistry->executeTriggers(PM_SINGLE_SIGN_ON, null)) {
require_once 'authentication.php';
die();
}
}
}
// Execute SSO trigger - End
if (strlen ( $msg ) > 0) { if (strlen ( $msg ) > 0) {
$_SESSION ['G_MESSAGE'] = $msg; $_SESSION ['G_MESSAGE'] = $msg;
} }