From cd102c6fba0b66a9cbbe3c98ad42d75288962a38 Mon Sep 17 00:00:00 2001 From: Deon George Date: Thu, 1 Sep 2016 14:35:14 +1000 Subject: [PATCH] Moved more components into lnapp/lnauth sub modules --- application/classes/Auth/ORM.php | 21 +- application/classes/Auth/OSB.php | 233 ------------------ .../classes/Controller/TemplateDefault.php | 29 --- .../classes/Database/Query/Builder/Insert.php | 23 -- .../classes/Database/Query/Builder/Join.php | 21 -- application/classes/Minion/Task.php | 25 -- application/classes/Model/Account.php | 41 ++- .../classes/Model/Auth/UserDefault.php | 42 ---- application/classes/Model/Country.php | 31 --- application/classes/Model/Currency.php | 19 -- application/classes/Model/Group.php | 61 +---- application/classes/Model/Language.php | 19 -- application/classes/Model/Module/Method.php | 66 +---- application/classes/Request.php | 47 ---- application/classes/StaticList/Title.php | 28 --- application/config/auth.php | 2 +- modules/lnapp | 2 +- modules/lnauth | 2 +- 18 files changed, 35 insertions(+), 677 deletions(-) delete mode 100644 application/classes/Auth/OSB.php delete mode 100644 application/classes/Controller/TemplateDefault.php delete mode 100644 application/classes/Database/Query/Builder/Insert.php delete mode 100644 application/classes/Database/Query/Builder/Join.php delete mode 100644 application/classes/Minion/Task.php delete mode 100644 application/classes/Model/Auth/UserDefault.php delete mode 100644 application/classes/Model/Country.php delete mode 100644 application/classes/Model/Currency.php delete mode 100644 application/classes/Model/Language.php delete mode 100644 application/classes/Request.php delete mode 100644 application/classes/StaticList/Title.php diff --git a/application/classes/Auth/ORM.php b/application/classes/Auth/ORM.php index 4f44b9b2..aef18ccc 100644 --- a/application/classes/Auth/ORM.php +++ b/application/classes/Auth/ORM.php @@ -1,22 +1,23 @@ _config['hash_method']) { - case '' : return $str; - case 'md5': return md5($str); - default: return hash_hmac($this->_config['hash_method'], $str, $this->_config['hash_key']); - } +class Auth_ORM extends lnAuth_Auth_ORM { + /** + * Determine if a user is authorised to view an account + * + * @param Model_Account Account Ojbect to validate if the current user has access + * @return boolean TRUE if authorised, FALSE if not. + */ + public function authorised(Model_Account $ao) { + return (($uo = $this->get_user()) AND $uo->loaded() AND ($uo == $ao OR in_array($ao->id,$uo->RTM->customers($uo->RTM)))); } } ?> diff --git a/application/classes/Auth/OSB.php b/application/classes/Auth/OSB.php deleted file mode 100644 index 20be1236..00000000 --- a/application/classes/Auth/OSB.php +++ /dev/null @@ -1,233 +0,0 @@ -_config = $config; - - if (PHP_SAPI !== 'cli') - parent::__construct($config); - } - - /** - * Get the user that a token applies to - * - * This will check that the token is valid (not expired and for the request) - * - * @param $token The token - * @return Model_Account|NULL The user that the token is valid for. - */ - private function _get_token_user($token) { - // This has been implemented, as we sometimes we seem to come here twice - static $uo = NULL; - - if (! is_null($uo)) - return $uo; - - $mmto = ORM::factory('Module_Method_Token',array('token'=>$token)); - - // Ignore the token if it doesnt exist. - if ($mmto->loaded()) { - // Check that the token is for this URI - $mo = ORM::factory('Module',array('name'=>Request::current()->controller())); - $mmo = $mo->module_method - ->where_open() - ->where('name','=',strtolower(Request::current()->directory() ? sprintf('%s:%s',Request::current()->directory(),Request::current()->action()) : Request::current()->action())) - // @todo No longer required after all method names have been colon delimited - ->or_where('name','=',strtolower(Request::current()->directory() ? sprintf('%s_%s',Request::current()->directory(),Request::current()->action()) : Request::current()->action())) - ->where_close() - ->find(); - - // Ignore the token if this is not the right method. - if ($mmo->id == $mmto->method_id) { - if (! is_null($mmto->date_expire) AND $mmto->date_expire < time()) { - SystemMessage::add(array( - 'title'=>_('Token Not Valid'), - 'type'=>'warning', - 'body'=>_('Token expired'))); - - Session::instance()->delete('token'); - $mmto->delete(); - - } elseif (! is_null($mmto->uses) AND $mmto->uses < 1) { - SystemMessage::add(array( - 'title'=>_('Token Not Valid'), - 'type'=>'warning', - 'body'=>_('Token expired'))); - - Session::instance()->delete('token'); - $mmto->delete(); - - } else { - // If this is a usage count token, reduce the count. - if (! is_null($mmto->uses)) - $mmto->uses -= 1; - - // Record the date this token was used - $mmto->date_last = time(); - $mmto->save(); - - Session::instance()->set('token',$token); - - $uo = ORM::factory('Account',$mmto->account_id); - $uo->log(sprintf('Token %s used for method %s [%s]',$mmto->token,$mmto->module_method->id,Request::current()->param('id'))); - } - } - } - - return $uo; - } - - /** - * Logs a user in. - * - * @param string username - * @param string password - * @param boolean enable autologin - * @return boolean - */ - protected function _login($user,$password,$remember) { - if (! is_object($user)) { - $username = $user; - - // Load the user - $user = ORM::factory('Account'); - $user->where('username','=',$username)->find(); - - // If no user loaded, return - if (! $user->loaded()) - return FALSE; - } - - // Create a hashed password - if (is_string($password)) - $password = $this->hash($password); - - // If the passwords match, perform a login - if ($user->active AND $user->has_any('group',ORM::factory('Group',array('name'=>'Registered Users'))->list_childgrps(TRUE)) AND $user->password === $password) { - - // @todo This is not currently used. - if ($remember === TRUE) { - // Create a new autologin token - $token = ORM::factory('User_Token'); - - // Set token data - $token->user_id = $user->id; - $token->expires = time() + $this->_config['lifetime']; - $token->save(); - - // Set the autologin cookie - Cookie::set('authautologin', $token->token, $this->_config['lifetime']); - } - - // Record our session ID, we may need to update our DB when we get a new ID - $oldsess = session_id(); - - // Finish the login - $this->complete_login($user); - - // Do we need to update databases with our new sesion ID - $sct = Kohana::$config->load('config')->session_change_trigger; - if (session_id() != $oldsess AND count($sct)) - foreach ($sct as $t => $c) - if (Config::module_exist($t)) - foreach (ORM::factory(ucwords($t))->where($c,'=',$oldsess)->find_all() as $o) - $o->set('session_id',session_id()) - ->update(); - - return TRUE; - } - - // Login failed - return FALSE; - } - - /** - * Determine if a user is authorised to view an account - * - * @param Model_Account Account Ojbect to validate if the current user has access - * @return boolean TRUE if authorised, FALSE if not. - */ - public function authorised(Model_Account $ao) { - return (($uo = $this->get_user()) AND $uo->loaded() AND ($uo == $ao OR in_array($ao->id,$uo->RTM->customers($uo->RTM)))); - } - - /** - * Gets the currently logged in user from the session. - * Returns NULL if no user is currently logged in. - * - * @param boolean Check token users too - * @return mixed - */ - public function get_user($default=NULL,$tokenuser=TRUE) { - // If we are a CLI, we are not logged in - if (PHP_SAPI === 'cli') - throw new Kohana_Exception('Calling :method from the CLI is not allowed!',array(':method'=>__METHOD__)); - - // Get the current user - $uo = parent::get_user($default); - - // If we are not logged in, see if there is token for the user - if (is_null($uo) AND $tokenuser AND ($token=Session::instance()->get('token')) OR ($token=Arr::get($_REQUEST,'token'))) - $uo = $this->_get_token_user($token); - - return $uo; - } - - public function get_groups() { - return is_null($x=$this->get_user()) ? ORM::factory('Group')->where('id','=',0)->find_all() : $x->groups(); - } - - /** - * OSB authentication is controlled via database queries. - * - * This method can be used to test two situations: - * 1) Is the user logged in? ($role == FALSE) - * 2) Can the user run the current controller->action ($role == TRUE) - * - * @param boolean If authentication should be done for this module:method (ie: controller:action). - * @return boolean - */ - public function logged_in($role=NULL,$debug=NULL) { - $status = FALSE; - - // If we are a CLI, we are not logged in - if (PHP_SAPI === 'cli') - return $status; - - // Get the user from the session - $uo = $this->get_user(); - - // If we are not a valid user object, then we are not logged in - if (is_object($uo) AND ($uo instanceof Model_Account) AND $uo->loaded()) - if (! empty($role)) { - if (($x = Request::current()->mmo()) instanceof Model) - // If the role has the authorisation to run the method - foreach ($x->group->find_all() as $go) - if ($go->id == 0 OR $uo->has_any('group',$go->list_childgrps(TRUE))) { - $status = TRUE; - break; - } - - // There is no role, so the method should be allowed to run as anonymous - } else - $status = TRUE; - - return $status; - } -} -?> diff --git a/application/classes/Controller/TemplateDefault.php b/application/classes/Controller/TemplateDefault.php deleted file mode 100644 index 982cc1d7..00000000 --- a/application/classes/Controller/TemplateDefault.php +++ /dev/null @@ -1,29 +0,0 @@ -save(); - - } catch (ORM_Validation_Exception $e) { - SystemMessage::factory() - ->title('Record NOT updated') - ->type('error') - ->body(join('
',array_values($e->errors('models')))); - - return FALSE; - } - } -} -?> diff --git a/application/classes/Database/Query/Builder/Insert.php b/application/classes/Database/Query/Builder/Insert.php deleted file mode 100644 index 527c7dbe..00000000 --- a/application/classes/Database/Query/Builder/Insert.php +++ /dev/null @@ -1,23 +0,0 @@ -_columns = Arr::Merge($this->_columns,['site_id']); - - foreach ($this->_values as $k=>$v) - $this->_values[$k] = Arr::Merge($this->_values[$k],[Site::id()]); - - return parent::compile($db); - } -} -?> diff --git a/application/classes/Database/Query/Builder/Join.php b/application/classes/Database/Query/Builder/Join.php deleted file mode 100644 index 975c95f1..00000000 --- a/application/classes/Database/Query/Builder/Join.php +++ /dev/null @@ -1,21 +0,0 @@ -_on[] = array($this->_table.'.site_id','=',Site::id()); - - return parent::compile($db); - } -} -?> diff --git a/application/classes/Minion/Task.php b/application/classes/Minion/Task.php deleted file mode 100644 index 30a9dce9..00000000 --- a/application/classes/Minion/Task.php +++ /dev/null @@ -1,25 +0,0 @@ -NULL, - ); - - /** - * Override our __construct so that we can specify options in each class file - */ - protected function __construct() { - // Populate $_accepted_options based on keys from $_options - $this->_accepted_options = array_keys(Arr::merge($this->_sysoptions,$this->_options)); - } -} -?> diff --git a/application/classes/Model/Account.php b/application/classes/Model/Account.php index 6c5157f6..1de862ec 100644 --- a/application/classes/Model/Account.php +++ b/application/classes/Model/Account.php @@ -9,7 +9,7 @@ * @copyright (c) 2009-2013 Open Source Billing * @license http://dev.osbill.net/license.html */ -class Model_Account extends lnApp_Model_Account { +class Model_Account extends lnAuth_Model_Account { // Relationships protected $_has_many = array( 'user_tokens'=>array('model'=>'user_token'), @@ -24,32 +24,29 @@ class Model_Account extends lnApp_Model_Account { 'RTM'=>array('far_key'=>'id'), ); - protected $_belongs_to = array( - 'country'=>array(), - 'currency'=>array(), - 'language'=>array(), - ); - - protected $_display_filters = array( - 'active'=>array( - array('StaticList_YesNo::get',array(':value',TRUE)), - ), - 'date_orig'=>array( - array('Site::Date',array(':value')), - ), - 'date_last'=>array( - array('Site::Date',array(':value')), - ), - ); + // Validation rules + public function rules() { + return array( + 'username' => array( + array('not_empty'), + array('min_length', array(':value', 4)), + array('max_length', array(':value', 256)), + ), + 'email' => array( + array('not_empty'), + // @note: cant use unique emails, since multiple accounts may share the same email + // array(array($this, 'unique'), array('email', ':value')), + array('min_length', array(':value', 4)), + array('max_length', array(':value', 127)), + array('email'), + ), + ); + } /** REQUIRED ABSTRACT METHODS **/ /** LOCAL METHODS **/ - public function activated() { - return $this->has('group'); - } - /** * Get a list of all invoices for this account */ diff --git a/application/classes/Model/Auth/UserDefault.php b/application/classes/Model/Auth/UserDefault.php deleted file mode 100644 index 490b513e..00000000 --- a/application/classes/Model/Auth/UserDefault.php +++ /dev/null @@ -1,42 +0,0 @@ - array( - array('not_empty'), - array('min_length', array(':value', 4)), - array('max_length', array(':value', 256)), - ), - 'email' => array( - array('not_empty'), - array('min_length', array(':value', 4)), - array('max_length', array(':value', 127)), - array('email'), - ), - ); - } - - /** - * Complete our login - * - * For some database logins, we may not want to record the user last login - * details in the repository, so we just override that parent function - * here. - * - * We can also do some other post-login actions here. - */ - public function complete_login() { - return $this->log('Logged In'); - } -} -?> diff --git a/application/classes/Model/Country.php b/application/classes/Model/Country.php deleted file mode 100644 index db19fc9a..00000000 --- a/application/classes/Model/Country.php +++ /dev/null @@ -1,31 +0,0 @@ -array('far_key'=>'id'), - ); - - protected $_has_many = array( - 'tax'=>array('far_key'=>'id'), - ); - - protected $_sorting = array( - 'name'=>'ASC', - ); - - protected $_form = array('id'=>'id','value'=>'name'); - - public static function icon() { - return HTML::image(sprintf('media/img/country/%s.png',strtolower($this->two_code)),array('alt'=>$this->currency->symbol)); - } -} -?> diff --git a/application/classes/Model/Currency.php b/application/classes/Model/Currency.php deleted file mode 100644 index 8f612986..00000000 --- a/application/classes/Model/Currency.php +++ /dev/null @@ -1,19 +0,0 @@ -'ASC', - ); - - protected $_form = array('id'=>'id','value'=>'name'); -} -?> diff --git a/application/classes/Model/Group.php b/application/classes/Model/Group.php index 4850f00f..80eedca9 100644 --- a/application/classes/Model/Group.php +++ b/application/classes/Model/Group.php @@ -8,66 +8,7 @@ * @copyright (c) 2009-2013 Open Source Billing * @license http://dev.osbill.net/license.html */ -class Model_Group extends Model_Auth_Role { - // Relationships - protected $_has_many = array( - 'account'=>array('through'=>'account_group'), - 'module_method'=>array('through'=>'group_method','far_key'=>'method_id'), - ); - protected $_sorting = array( - 'name'=>'ASC', - ); - - protected $_display_filters = array( - 'active'=>array( - array('StaticList_YesNo::get',array(':value',TRUE)), - ), - ); - - /** - * This function will, given a group, list all of the children that - * are also related to this group, in the group heirarchy. - */ - public function list_childgrps($incParent=FALSE) { - $result = array(); - - if (! $this->loaded()) - return $result; - - foreach (ORM::factory('Group')->where_active()->and_where('parent_id','=',$this)->find_all() as $go) { - array_push($result,$go); - - $result = array_merge($result,$go->list_childgrps()); - } - - if ($incParent) - array_push($result,$this); - - return $result; - } - - /** - * This function will, given a group, list all of the parent that - * are also related to this group, in the group heirarchy. - */ - public function list_parentgrps($incParent=FALSE) { - $result = array(); - - if (! $this->loaded()) - return $result; - - foreach (ORM::factory('Group')->where_active()->and_where('id','=',$this->parent_id)->find_all() as $go) { - array_push($result,$go); - - $result = array_merge($result,$go->list_parentgrps()); - } - - if ($incParent) - array_push($result,$this); - - return $result; - } - +class Model_Group extends lnAuth_Model_Group { /** * Get a list of groups that have their own pricing */ diff --git a/application/classes/Model/Language.php b/application/classes/Model/Language.php deleted file mode 100644 index 98f4d4d1..00000000 --- a/application/classes/Model/Language.php +++ /dev/null @@ -1,19 +0,0 @@ -'ASC', - ); - - protected $_form = array('id'=>'id','value'=>'name'); -} -?> diff --git a/application/classes/Model/Module/Method.php b/application/classes/Model/Module/Method.php index d91062ba..db517b69 100644 --- a/application/classes/Model/Module/Method.php +++ b/application/classes/Model/Module/Method.php @@ -9,28 +9,7 @@ * @copyright (c) 2009-2013 Open Source Billing * @license http://dev.osbill.net/license.html */ -class Model_Module_Method extends ORM { - // This module doesnt keep track of column updates automatically - protected $_created_column = FALSE; - protected $_updated_column = FALSE; - - // Relationships - protected $_belongs_to = array( - 'module'=>array(), - ); - protected $_has_one = array( - 'record_id'=>array(), - ); - protected $_has_many = array( - 'group'=>array('through'=>'group_method','foreign_key'=>'method_id') - ); - - protected $_sorting = array( - 'name'=>'ASC', - ); - - protected $status; - +class Model_Module_Method extends lnAuth_Model_Module_Method { // Temporarily adjust our name // @todo This is temporary until all our method names are colon delimited. protected function _load_values(array $values) { @@ -43,48 +22,5 @@ class Model_Module_Method extends ORM { return $this; } - - public function controller_sub() { - return substr_count($this->name,'_') ? substr($this->name,($x=strpos($this->name,'_')),strpos($this->name,':')-$x) : ''; - } - - public function controller() { - return Kohana::classname(sprintf('Controller%s_%s',($this->directory() ? '_' : '').$this->directory(),$this->module->name).$this->controller_sub()); - } - - public function directory() { - return substr($this->name,0,substr_count($this->name,'_') ? strpos($this->name,'_') : strpos($this->name,':')); - } - - public function method() { - return substr($this->name,strpos($this->name,':')+1); - } - - /** - * Calculate the description for this method on any menu link - */ - public function menu_display() { - // @todo The test for value equal 1 is for legacy, remove when all updated. - if ($this->menu_display AND $this->menu_display != 1) - return $this->menu_display; - else - return sprintf('%s: %s',$this->module->name,$this->name); - } - - public function status($status=NULL) { - if ($status) - $this->status = $status; - - return $this->status; - } - - public function url() { - if (! preg_match('/:/',$this->name)) - return NULL; - - list($type,$action) = preg_split('/:/',$this->name,2); - - return URL::link($this->directory(),$this->module->name.$this->controller_sub().'/'.$action); - } } ?> diff --git a/application/classes/Request.php b/application/classes/Request.php deleted file mode 100644 index d8cee11a..00000000 --- a/application/classes/Request.php +++ /dev/null @@ -1,47 +0,0 @@ -_controller,'_') ? explode('_',$this->_controller,2) : array($this->_controller,''); - - $mo = ORM::factory('Module',array('name'=>$c)); - - if ($mo->loaded() AND $mo->active) { - $method = strtolower($this->_directory ? sprintf('%s:%s',$this->_directory.($x ? '_'.$x : ''),$this->_action) : $this->_action); - - // Get the method number - $mmo = $mo->module_method - ->where_open() - ->where('name','=',$method) - ->or_where('name','=',str_replace(':','_',$method)) // @todo This is temporary until all our method names have a colon delimiter - ->where_close() - ->find(); - - if ($mmo->loaded()) - $result = $mmo; - } - - return $result; - } -} -?> diff --git a/application/classes/StaticList/Title.php b/application/classes/StaticList/Title.php deleted file mode 100644 index 791d229d..00000000 --- a/application/classes/StaticList/Title.php +++ /dev/null @@ -1,28 +0,0 @@ -_('Mr'), - 'ms'=>_('Ms'), - 'mrs'=>_('Mrs'), - 'miss'=>_('Miss'), - 'dr'=>_('Dr'), - 'prof'=>_('Prof') - ); - } - - public static function get($value) { - return self::factory()->_get($value); - } -} -?> diff --git a/application/config/auth.php b/application/config/auth.php index 0a0001f0..cab3fd95 100644 --- a/application/config/auth.php +++ b/application/config/auth.php @@ -11,7 +11,7 @@ */ return array( - 'driver' => 'OSB', + 'driver' => 'ORM', 'hash_method' => 'md5', ); ?> diff --git a/modules/lnapp b/modules/lnapp index f5bc5dfa..7e632cf7 160000 --- a/modules/lnapp +++ b/modules/lnapp @@ -1 +1 @@ -Subproject commit f5bc5dfa296a1517ebdb29b2dd0f81b09f136b6a +Subproject commit 7e632cf78559fcb0b5e2f9368f65511307d54255 diff --git a/modules/lnauth b/modules/lnauth index 33982a6c..81edc432 160000 --- a/modules/lnauth +++ b/modules/lnauth @@ -1 +1 @@ -Subproject commit 33982a6cecb56069dae94af738541b5b4e4be4ff +Subproject commit 81edc432b4f8e70b389877f234feb610a71672c6