From bcce2625a8cb0b630d945c6849014049869e10ce Mon Sep 17 00:00:00 2001 From: Igor Scheller Date: Tue, 27 Nov 2018 12:01:36 +0100 Subject: Implemented AuthController for login * Moved /login functionality to AuthController * Refactored password handling logic to use the Authenticator --- includes/controller/users_controller.php | 13 ++-- includes/pages/admin_user.php | 2 +- includes/pages/guest_login.php | 119 +------------------------------ includes/pages/user_settings.php | 5 +- includes/sys_auth.php | 68 ------------------ includes/view/AngelTypes_view.php | 2 +- includes/view/User_view.php | 2 +- 7 files changed, 13 insertions(+), 198 deletions(-) (limited to 'includes') diff --git a/includes/controller/users_controller.php b/includes/controller/users_controller.php index 7c6bde02..214998dc 100644 --- a/includes/controller/users_controller.php +++ b/includes/controller/users_controller.php @@ -47,6 +47,7 @@ function users_controller() function user_delete_controller() { $user = auth()->user(); + $auth = auth(); $request = request(); if ($request->has('user_id')) { @@ -68,14 +69,12 @@ function user_delete_controller() if ($request->hasPostData('submit')) { $valid = true; - if ( - !( + if (!( $request->has('password') - && verify_password($request->postData('password'), $user->password, $user->id) - ) - ) { + && $auth->verifyPassword($user, $request->postData('password')) + )) { $valid = false; - error(__('Your password is incorrect. Please try it again.')); + error(__('Your password is incorrect. Please try it again.')); } if ($valid) { @@ -341,7 +340,7 @@ function user_password_recovery_set_new_controller() } if ($valid) { - set_password($passwordReset->user->id, $request->postData('password')); + auth()->setPassword($passwordReset->user, $request->postData('password')); success(__('Password saved.')); $passwordReset->delete(); redirect(page_link_to('login')); diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php index e6f94180..8482dea5 100644 --- a/includes/pages/admin_user.php +++ b/includes/pages/admin_user.php @@ -291,8 +291,8 @@ function admin_user() $request->postData('new_pw') != '' && $request->postData('new_pw') == $request->postData('new_pw2') ) { - set_password($user_id, $request->postData('new_pw')); $user_source = User::find($user_id); + auth()->setPassword($user_source, $request->postData('new_pw')); engelsystem_log('Set new password for ' . User_Nick_render($user_source, true)); $html .= success('Passwort neu gesetzt.', true); } else { diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php index d152a092..3bc10fc3 100644 --- a/includes/pages/guest_login.php +++ b/includes/pages/guest_login.php @@ -8,14 +8,6 @@ use Engelsystem\Models\User\Settings; use Engelsystem\Models\User\State; use Engelsystem\Models\User\User; -/** - * @return string - */ -function login_title() -{ - return __('Login'); -} - /** * @return string */ @@ -226,7 +218,7 @@ function guest_register() // Assign user-group and set password DB::insert('INSERT INTO `UserGroups` (`uid`, `group_id`) VALUES (?, -20)', [$user->id]); - set_password($user->id, $request->postData('password')); + auth()->setPassword($user, $request->postData('password')); // Assign angel-types $user_angel_types_info = []; @@ -369,112 +361,3 @@ function entry_required() { return ''; } - -/** - * @return string - */ -function guest_login() -{ - $nick = ''; - $request = request(); - $session = session(); - $valid = true; - - $session->remove('uid'); - - if ($request->hasPostData('submit')) { - if ($request->has('nick') && !empty($request->input('nick'))) { - $nickValidation = User_validate_Nick($request->input('nick')); - $nick = $nickValidation->getValue(); - $login_user = User::whereName($nickValidation->getValue())->first(); - if ($login_user) { - if ($request->has('password')) { - if (!verify_password($request->postData('password'), $login_user->password, $login_user->id)) { - $valid = false; - error(__('Your password is incorrect. Please try it again.')); - } - } else { - $valid = false; - error(__('Please enter a password.')); - } - } else { - $valid = false; - error(__('No user was found with that Nickname. Please try again. If you are still having problems, ask a Dispatcher.')); - } - } else { - $valid = false; - error(__('Please enter a nickname.')); - } - - if ($valid && $login_user) { - $session->set('uid', $login_user->id); - $session->set('locale', $login_user->settings->language); - - redirect(page_link_to(config('home_site'))); - } - } - - return page([ - div('col-md-12', [ - div('row', [ - EventConfig_countdown_page() - ]), - div('row', [ - div('col-sm-6 col-sm-offset-3 col-md-4 col-md-offset-4', [ - div('panel panel-primary first', [ - div('panel-heading', [ - ' ' . __('Login') - ]), - div('panel-body', [ - msg(), - form([ - form_text_placeholder('nick', __('Nick'), $nick), - form_password_placeholder('password', __('Password')), - form_submit('submit', __('Login')), - !$valid ? buttons([ - button(page_link_to('user_password_recovery'), __('I forgot my password')) - ]) : '' - ]) - ]), - div('panel-footer', [ - glyph('info-sign') . __('Please note: You have to activate cookies!') - ]) - ]) - ]) - ]), - div('row', [ - div('col-sm-6 text-center', [ - heading(register_title(), 2), - get_register_hint() - ]), - div('col-sm-6 text-center', [ - heading(__('What can I do?'), 2), - '

' . __('Please read about the jobs you can do to help us.') . '

', - buttons([ - button( - page_link_to('angeltypes', ['action' => 'about']), - __('Teams/Job description') . ' »' - ) - ]) - ]) - ]) - ]) - ]); -} - -/** - * @return string - */ -function get_register_hint() -{ - if (auth()->can('register') && config('registration_enabled')) { - return join('', [ - '

' . __('Please sign up, if you want to help us!') . '

', - buttons([ - button(page_link_to('register'), register_title() . ' »') - ]) - ]); - } - - return error(__('Registration is disabled.'), true); -} diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php index ae29e4d8..f6853191 100644 --- a/includes/pages/user_settings.php +++ b/includes/pages/user_settings.php @@ -101,9 +101,10 @@ function user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes) function user_settings_password($user_source) { $request = request(); + $auth = auth(); if ( !$request->has('password') - || !verify_password($request->postData('password'), $user_source->password, $user_source->id) + || !$auth->verifyPassword($user_source, $request->postData('password')) ) { error(__('-> not OK. Please try again.')); } elseif (strlen($request->postData('new_password')) < config('min_password_length')) { @@ -111,7 +112,7 @@ function user_settings_password($user_source) } elseif ($request->postData('new_password') != $request->postData('new_password2')) { error(__('Your passwords don\'t match.')); } else { - set_password($user_source->id, $request->postData('new_password')); + $auth->setPassword($user_source, $request->postData('new_password')); success(__('Password saved.')); } redirect(page_link_to('user_settings')); diff --git a/includes/sys_auth.php b/includes/sys_auth.php index 520b13eb..f0485495 100644 --- a/includes/sys_auth.php +++ b/includes/sys_auth.php @@ -1,74 +1,6 @@ password = crypt($password, config('crypt_alg') . '$' . generate_salt(16) . '$'); - $user->save(); -} - -/** - * verify a password given a precomputed salt. - * if $uid is given and $salt is an old-style salt (plain md5), we convert it automatically - * - * @param string $password - * @param string $salt - * @param int $uid - * @return bool - */ -function verify_password($password, $salt, $uid = null) -{ - $crypt_alg = config('crypt_alg'); - $correct = false; - if (substr($salt, 0, 1) == '$') { - // new-style crypt() - $correct = crypt($password, $salt) == $salt; - } elseif (substr($salt, 0, 7) == '{crypt}') { - // old-style crypt() with DES and static salt - not used anymore - $correct = crypt($password, '77') == $salt; - } elseif (strlen($salt) == 32) { - // old-style md5 without salt - not used anymore - $correct = md5($password) == $salt; - } - - if ($correct && substr($salt, 0, strlen($crypt_alg)) != $crypt_alg && intval($uid)) { - // this password is stored in another format than we want it to be. - // let's update it! - // we duplicate the query from the above set_password() function to have the extra safety of checking - // the old hash - $user = User::find($uid); - if ($user->password == $salt) { - $user->password = crypt($password, $crypt_alg . '$' . generate_salt() . '$'); - $user->save(); - } - } - return $correct; -} /** * @param int $user_id diff --git a/includes/view/AngelTypes_view.php b/includes/view/AngelTypes_view.php index f5434e8f..9f9bd736 100644 --- a/includes/view/AngelTypes_view.php +++ b/includes/view/AngelTypes_view.php @@ -578,7 +578,7 @@ function AngelTypes_about_view($angeltypes, $user_logged_in) $buttons[] = button(page_link_to('register'), register_title()); } - $buttons[] = button(page_link_to('login'), login_title()); + $buttons[] = button(page_link_to('login'), __('Login')); } $faqUrl = config('faq_url'); diff --git a/includes/view/User_view.php b/includes/view/User_view.php index 949bba87..21be0c9f 100644 --- a/includes/view/User_view.php +++ b/includes/view/User_view.php @@ -126,7 +126,7 @@ function User_registration_success_view($event_welcome_message) div('col-md-4', [ '

' . __('Login') . '

', form([ - form_text('nick', __('Nick'), ''), + form_text('login', __('Nick'), ''), form_password('password', __('Password')), form_submit('submit', __('Login')), buttons([ -- cgit v1.2.3-54-g00ecf