GAP-9
This commit is contained in:
Roly Rudy Gutierrez Pinto
@@ -885,6 +885,10 @@ class RBAC
|
||||
foreach ($this->aRbacPlugins as $className) {
|
||||
if (strtolower($className) === strtolower($authType)) {
|
||||
$plugin = new $className();
|
||||
$reflectionClass = new ReflectionClass($plugin);
|
||||
if ($reflectionClass->hasConstant('AUTH_TYPE')) {
|
||||
return $plugin->VerifyLogin($userFields['USR_USERNAME'], $strPass);
|
||||
}
|
||||
$plugin->sAuthSource = $userFields['UID_AUTH_SOURCE'];
|
||||
$plugin->sSystem = $this->sSystem;
|
||||
|
||||
|
||||
93
rbac/engine/classes/plugins/class.Gauth.php
Normal file
93
rbac/engine/classes/plugins/class.Gauth.php
Normal file
@@ -0,0 +1,93 @@
|
||||
<?php
|
||||
|
||||
class Gauth
|
||||
{
|
||||
/**
|
||||
* Defined type authentication.
|
||||
*/
|
||||
const AUTH_TYPE = 'gauth';
|
||||
|
||||
/**
|
||||
* Authentication of a user through the class RBAC_user
|
||||
*
|
||||
* verifies that a user has permission to start an application
|
||||
*
|
||||
* Function verifyLogin
|
||||
*
|
||||
* @access public
|
||||
* @param string $userName UserId (login) de usuario
|
||||
* @param string $password Password
|
||||
* @return type
|
||||
* -1: no user exists
|
||||
* -2: wrong password
|
||||
* -3: inactive user
|
||||
* -4: expired user
|
||||
* -6: role inactive
|
||||
* n : string user uid
|
||||
* @throws Exception
|
||||
*/
|
||||
public function VerifyLogin($userName, $password)
|
||||
{
|
||||
$validationMethod = function($inputPassword, $storedPassword) {
|
||||
return Bootstrap::verifyHashPassword($inputPassword, $storedPassword);
|
||||
};
|
||||
|
||||
if (app()->getProvider(Illuminate\Session\SessionServiceProvider::class) !== null) {
|
||||
if (session()->has(Gauth::AUTH_TYPE) && session(Gauth::AUTH_TYPE) === true) {
|
||||
$user = Socialite::driver('google')->userFromToken($password);
|
||||
$token = $user->token;
|
||||
$validationMethod = function($inputPassword, $storedPassword) use($token) {
|
||||
return $token === $inputPassword;
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
//invalid user
|
||||
if ($userName == '') {
|
||||
return -1;
|
||||
}
|
||||
//invalid password
|
||||
if ($password == '') {
|
||||
return -2;
|
||||
}
|
||||
$con = Propel::getConnection(RbacUsersPeer::DATABASE_NAME);
|
||||
try {
|
||||
$c = new Criteria('rbac');
|
||||
$c->add(RbacUsersPeer::USR_USERNAME, $userName);
|
||||
|
||||
$rs = RbacUsersPeer::doSelect($c, Propel::getDbConnection('rbac_ro'));
|
||||
if (is_array($rs) && isset($rs[0]) && is_object($rs[0]) && get_class($rs[0]) == 'RbacUsers') {
|
||||
$dataFields = $rs[0]->toArray(BasePeer::TYPE_FIELDNAME);
|
||||
//verify password with md5, and md5 format
|
||||
if (mb_strtoupper($userName, 'utf-8') === mb_strtoupper($dataFields['USR_USERNAME'], 'utf-8')) {
|
||||
if ($validationMethod($password, $rs[0]->getUsrPassword())) {
|
||||
if ($dataFields['USR_DUE_DATE'] < date('Y-m-d')) {
|
||||
return -4;
|
||||
}
|
||||
if ($dataFields['USR_STATUS'] != 1 && $dataFields['USR_UID'] !== RBAC::GUEST_USER_UID) {
|
||||
return -3;
|
||||
}
|
||||
|
||||
$rbacUsers = new RbacUsers();
|
||||
$role = $rbacUsers->getUserRole($dataFields['USR_UID']);
|
||||
if ($role['ROL_STATUS'] == 0) {
|
||||
return -6;
|
||||
}
|
||||
|
||||
return $dataFields['USR_UID'];
|
||||
} else {
|
||||
return -2;
|
||||
}
|
||||
} else {
|
||||
return -1;
|
||||
}
|
||||
} else {
|
||||
return -1;
|
||||
}
|
||||
} catch (Exception $error) {
|
||||
throw($error);
|
||||
}
|
||||
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
@@ -9,6 +9,16 @@ class AppEvent
|
||||
*/
|
||||
const XMLFORM_RENDER = 0;
|
||||
|
||||
/**
|
||||
* Identify login action
|
||||
*/
|
||||
const LOGIN = 1;
|
||||
|
||||
/**
|
||||
* Identify scripts with no login
|
||||
*/
|
||||
const SCRIPTS_WITH_NO_LOGIN = 2;
|
||||
|
||||
/**
|
||||
* Represents the AppEvent object.
|
||||
*
|
||||
@@ -50,7 +60,7 @@ class AppEvent
|
||||
* @param object $object
|
||||
* @return $this
|
||||
*/
|
||||
public function dispatch($type, $object)
|
||||
public function dispatch($type, &$object)
|
||||
{
|
||||
foreach ($this->callbacks as $callback) {
|
||||
$callback($type, $object, $this);
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
<?php
|
||||
|
||||
use Illuminate\Foundation\Http\Kernel;
|
||||
use ProcessMaker\Core\AppEvent;
|
||||
/*----------------------------------********---------------------------------*/
|
||||
use ProcessMaker\ChangeLog\ChangeLog;
|
||||
/*----------------------------------********---------------------------------*/
|
||||
@@ -976,6 +977,11 @@ if (!defined('EXECUTE_BY_CRON')) {
|
||||
$noLoginFolders[] = 'services';
|
||||
$noLoginFolders[] = 'tracker';
|
||||
$noLoginFolders[] = 'InstallerModule';
|
||||
|
||||
$data = new stdClass();
|
||||
$data->noLoginFiles = &$noLoginFiles;
|
||||
$data->noLoginFolders = &$noLoginFolders;
|
||||
AppEvent::getAppEvent()->dispatch(AppEvent::SCRIPTS_WITH_NO_LOGIN, $data);
|
||||
|
||||
// This sentence is used when you lost the Session
|
||||
if (!in_array(SYS_TARGET, $noLoginFiles) && !in_array(SYS_COLLECTION,
|
||||
@@ -1024,7 +1030,9 @@ if (!defined('EXECUTE_BY_CRON')) {
|
||||
}
|
||||
|
||||
if (empty($_POST)) {
|
||||
header('location: ' . SYS_URI . $loginUrl . '?u=' . urlencode($_SERVER['REQUEST_URI']));
|
||||
$headerString = 'location: ' . SYS_URI . $loginUrl . '?u=' . urlencode($_SERVER['REQUEST_URI']);
|
||||
AppEvent::getAppEvent()->dispatch(AppEvent::LOGIN, $headerString);
|
||||
header($headerString);
|
||||
} else {
|
||||
if ($isControllerCall) {
|
||||
header("HTTP/1.0 302 session lost in controller");
|
||||
|
||||
Reference in New Issue
Block a user