Misterzym
/
CodeIgniter-Aauth
mirror of https://github.com/misterzym/CodeIgniter-Aauth.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

updated .gitlab-ci.yml & Libraries/Aauth (added UserVar Functions)

v3-dev
REJack 6 years ago
parent
c9161092eb
commit
9b2e1178b3
No known key found for this signature in database
GPG Key ID: 4A44B48700429F46
2 changed files with 476 additions and 334 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      .gitlab-ci.yml
  2. 678
      application/Libraries/Aauth.php

2
.gitlab-ci.yml
Unescape View File

@ -22,7 +22,7 @@ variables:
# Configure mysql environment variables (https://hub.docker.com/r/_/mysql/)
MYSQL_DATABASE: aauth_v3_ci4_testing
MYSQL_ROOT_PASSWORD: root
CODEIGNITER_VERSION: '4.0.0-alpha.3'
CODEIGNITER_VERSION: '4.0.0-alpha.4'
# Run our tests
# If Xdebug was installed you can generate a coverage report and see code coverage metrics.

678
application/Libraries/Aauth.php
Unescape View File

@ -110,6 +110,298 @@ class Aauth
$this->session = $session;
}
//--------------------------------------------------------------------------
// Login Functions
//--------------------------------------------------------------------------
/**
* Login user
*
* Check provided details against the database. Add items to error array on fail
*
* @param string $identifier Identifier
* @param string $password Password
* @param boolean $remember Whether to remember login
* @param string $totpCode TOTP Code
*
* @return boolean
*/
public function login(string $identifier, string $password, bool $remember = null, string $totpCode = null)
{
helper('cookie');
delete_cookie('remember');
$userModel = new UserModel();
$loginAttemptModel = new LoginAttemptModel();
$userVariableModel = new UserVariableModel();
if ($this->config->loginProtection && ! $loginAttemptModel->save())
{
$this->error(lang('Aauth.loginAttemptsExceeded'));
return false;
}
// if ($this->config->ddos_protection && $this->config->recaptcha_active && $loginAttempts->get() > $this->config->recaptcha_login_attempts){
// $this->CI->load->helper('recaptchalib');
// $reCaptcha = new ReCaptcha( $this->config->recaptcha_secret);
// $resp = $reCaptcha->verifyResponse( $this->CI->input->server("REMOTE_ADDR"), $this->CI->input->post("g-recaptcha-response") );
// if( ! $resp->success){
// $this->error(lang('Aauth.aauth_error_recaptcha_not_correct'));
// return false;
// }
// }
if ($this->config->loginUseUsername)
{
if (! $identifier || strlen($password) < $this->config->passwordMin || strlen($password) > $this->config->passwordMax)
{
$this->error(lang('Aauth.loginFailedUsername'));
return false;
}
if (! $user = $userModel->where('username', $identifier)->first())
{
$this->error(lang('Aauth.notFoundUser'));
return false;
}
}
else
{
$validation = \Config\Services::validation();
if (! $validation->check($identifier, 'valid_email') || strlen($password) < $this->config->passwordMin || strlen($password) > $this->config->passwordMax)
{
$this->error(lang('Aauth.loginFailedEmail'));
return false;
}
if (! $user = $userModel->where('email', $identifier)->first())
{
$this->error(lang('Aauth.notFoundUser'));
return false;
}
}
if (! empty($userVariableModel->find($user['id'], 'verification_code', true)))
{
$this->error(lang('Aauth.notVerified'));
return false;
}
else if ($user['banned'])
{
$this->error(lang('Aauth.invalidUserBanned'));
return false;
}
// if ($this->config->totpEnabled && ! $this->config->totpOnIpChange && $this->config->totpLogin)
// {
// if ($this->config->totpLogin == true)
// {
// $this->session->set('totp_required', true);
// }
// $totp_secret = $userVariableModel->find($user['id'], 'totp_secret', true);
// if ( ! empty($totp_secret) && ! $totp_code) {
// $this->error(lang('Aauth.requiredTOTPCode'));
// return false;
// } else {
// if( ! empty($totp_secret)){
// $this->CI->load->helper('googleauthenticator');
// $ga = new PHPGangsta_GoogleAuthenticator();
// $checkResult = $ga->verifyCode($totp_secret, $totp_code, 0);
// if ( ! $checkResult) {
// $this->error(lang('Aauth.invalidTOTPCode'));
// return false;
// }
// }
// }
// }
// else if ($this->config->totpEnabled && $this->config->totpOnIpChange)
// {
// $query = null;
// $query = $this->aauth_db->where($db_identifier, $identifier);
// $query = $this->aauth_db->get($this->config->users);
// $totp_secret = $query->row()->totp_secret;
// $ip_address = $query->row()->ip_address;
// $current_ip_address = $this->CI->input->ip_address();
// if ($query->num_rows() > 0 AND !$totp_code) {
// if($ip_address != $current_ip_address ){
// if($this->config->totpLogin == false){
// $this->error(lang('Aauth.aauth_error_totp_code_required'));
// return false;
// } else if($this->config->totpLogin == true){
// $this->session->set('totp_required', true);
// }
// }
// }else {
// if(!empty($totp_secret)){
// if($ip_address != $current_ip_address ){
// $this->CI->load->helper('googleauthenticator');
// $ga = new PHPGangsta_GoogleAuthenticator();
// $checkResult = $ga->verifyCode($totp_secret, $totp_code, 0);
// if (!$checkResult) {
// $this->error(lang('Aauth.aauth_error_totp_code_invalid'));
// return false;
// }
// }
// }
// }
// }
if (password_verify($password, $user['password']))
{
$data['id'] = $user['id'];
$data['username'] = $user['username'];
$data['email'] = $user['email'];
$data['loggedIn'] = true;
$this->session->set('user', $data);
if ($remember)
{
helper('text');
$loginTokenModel = new LoginTokenModel();
$expire = $this->config->loginRemember;
$userId = base64_encode($user['id']);
$randomString = random_string('alnum', 32);
$selectorString = random_string('alnum', 16);
$cookieData['name'] = 'remember';
$cookieData['value'] = $userId . ';' . $randomString . ';' . $selectorString;
$cookieData['expire'] = YEAR;
$tokenData['user_id'] = $user['id'];
$tokenData['random_hash'] = password_hash($randomString, PASSWORD_DEFAULT);
$tokenData['selector_hash'] = password_hash($selectorString, PASSWORD_DEFAULT);
$tokenData['expires_at'] = date('Y-m-d H:i:s', strtotime($expire));
set_cookie($cookieData);
$loginTokenModel->insert($tokenData);
}
$userModel->updateLastLogin($user['id']);
if ($this->config->loginAttemptRemoveSuccessful)
{
$loginAttemptModel->delete();
}
return true;
}
else
{
$this->error(lang('Aauth.loginFailedAll'));
return false;
}
}
/**
* Logout
*
* Deletes session and cookie
*
* @return void
*/
public function logout()
{
helper('cookie');
set_cookie('remember', '', -3600);
$this->session->remove('user');
@$this->session->destroy();
}
/**
* Fast login
*
* Login with just a user id
*
* @param integer $userId User id
*
* @return boolean
*/
protected function loginFast(int $userId)
{
$userModel = new UserModel();
$userModel->select('id, email, username');
$userModel->where('id', $userId);
$userModel->where('banned', 0);
if ($user = $userModel->get()->getFirstRow())
{
$this->session->set('user', [
'id' => $user->id,
'username' => $user->username,
'email' => $user->email,
'loggedIn' => true,
]);
return true;
}
return false;
}
//--------------------------------------------------------------------------
// Access Functions
//--------------------------------------------------------------------------
/**
* Check user login
*
* Checks if user logged in, also checks remember.
*
* @return boolean
*/
public function isLoggedIn()
{
helper('cookie');
if (isset($this->session->get('user')['loggedIn']))
{
return true;
}
else if ($cookie = get_cookie('remember'))
{
$cookie = explode(';', $cookie);
$cookie[0] = base64_decode($cookie[0]);
if (! is_numeric($cookie[0]) || strlen($cookie[1]) !== 32 || strlen($cookie[2]) !== 16)
{
return false;
}
else
{
$loginTokenModel = new LoginTokenModel();
$loginTokens = $loginTokenModel->findAllByUserId($cookie[0]);
foreach ($loginTokens as $loginToken)
{
if (password_verify($cookie[1], $loginToken['random_hash']) && password_verify($cookie[2], $loginToken['selector_hash']))
{
if (strtotime($loginToken['expires_at']) > strtotime('now'))
{
$loginTokenModel->update($loginToken['id']);
return $this->loginFast($loginToken['user_id']);
}
else
{
$loginTokenModel->deleteExpired($cookie[0]);
delete_cookie('remember');
}
}
}
}
}
return false;
}
//--------------------------------------------------------------------
// User Functions
//--------------------------------------------------------------------
@ -410,7 +702,7 @@ class Aauth
*
* Get user id from email address, if par. not given, return current user's id
*
* @param string|boolean $email Email address for user
* @param string|boolean $email Email address for user,
*
* @return object|boolean User information or false if user not found
*/
@ -438,7 +730,7 @@ class Aauth
/**
* Is banned
*
* @param integer $userId User id
* @param integer $userId User id, can be null to use session user
*
* @return boolean
*/
@ -462,7 +754,7 @@ class Aauth
/**
* Ban User
*
* @param integer $userId User id
* @param integer $userId User id, can be null to use session user
*
* @return boolean
*/
@ -488,7 +780,7 @@ class Aauth
/**
* Unban User
*
* @param integer $userId User id
* @param integer $userId User id, can be null to use session user
*
* @return boolean
*/
@ -557,6 +849,7 @@ class Aauth
return false;
}
/**
* Reset password
*
@ -581,341 +874,190 @@ class Aauth
$userModel = new UserModel();
$password = random_string('alnum', $this->config->passwordMin);
if ($user = $userModel->find($userVariable['user_id']))
{
$emailService = \Config\Services::email();
$data['id'] = $user['id'];
$data['password'] = $password;
$userModel->update($user['id'], $data);
$userVariableModel->delete($user['id'], 'verification_code', true);
if ($this->config->totpEnabled && $this->config->totpResetPassword)
{
$userVariableModel->delete($user['id'], 'totp_secret', true);
}
$messageData['password'] = $password;
$emailService->initialize(isset($this->config->emailConfig) ? $this->config->emailConfig : []);
$emailService->setFrom($this->config->emailFrom, $this->config->emailFromName);
$emailService->setTo($user['email']);
$emailService->setSubject(lang('Aauth.subjectResetSuccess'));
$emailService->setMessage(view('Aauth/ResetPassword', $messageData));
if ($email = $emailService->send())
{
$this->info(lang('Aauth.infoResetSuccess'));
return $email;
}
else
{
$this->error(explode('<br />', $emailService->printDebugger([])));
return false;
}
}
}
$this->error(lang('Aauth.invalidVerficationCode'));
return false;
}
//--------------------------------------------------------------------------
// Login Functions
//--------------------------------------------------------------------------
/**
* Login user
*
* Check provided details against the database. Add items to error array on fail
*
* @param string $identifier Identifier
* @param string $password Password
* @param boolean $remember Whether to remember login
* @param string $totpCode TOTP Code
*
* @return boolean
*/
public function login(string $identifier, string $password, bool $remember = null, string $totpCode = null)
{
helper('cookie');
delete_cookie('remember');
$userModel = new UserModel();
$loginAttemptModel = new LoginAttemptModel();
$userVariableModel = new UserVariableModel();
if ($this->config->loginProtection && ! $loginAttemptModel->save())
{
$this->error(lang('Aauth.loginAttemptsExceeded'));
return false;
}
// if ($this->config->ddos_protection && $this->config->recaptcha_active && $loginAttempts->get() > $this->config->recaptcha_login_attempts){
// $this->CI->load->helper('recaptchalib');
// $reCaptcha = new ReCaptcha( $this->config->recaptcha_secret);
// $resp = $reCaptcha->verifyResponse( $this->CI->input->server("REMOTE_ADDR"), $this->CI->input->post("g-recaptcha-response") );
// if( ! $resp->success){
// $this->error(lang('Aauth.aauth_error_recaptcha_not_correct'));
// return false;
// }
// }
if ($this->config->loginUseUsername)
{
if (! $identifier || strlen($password) < $this->config->passwordMin || strlen($password) > $this->config->passwordMax)
if ($user = $userModel->find($userVariable['user_id']))
{
$this->error(lang('Aauth.loginFailedUsername'));
$emailService = \Config\Services::email();
return false;
$data['id'] = $user['id'];
$data['password'] = $password;
$userModel->update($user['id'], $data);
$userVariableModel->delete($user['id'], 'verification_code', true);
if ($this->config->totpEnabled && $this->config->totpResetPassword)
{
$userVariableModel->delete($user['id'], 'totp_secret', true);
}
if (! $user = $userModel->where('username', $identifier)->first())
$messageData['password'] = $password;
$emailService->initialize(isset($this->config->emailConfig) ? $this->config->emailConfig : []);
$emailService->setFrom($this->config->emailFrom, $this->config->emailFromName);
$emailService->setTo($user['email']);
$emailService->setSubject(lang('Aauth.subjectResetSuccess'));
$emailService->setMessage(view('Aauth/ResetPassword', $messageData));
if ($email = $emailService->send())
{
$this->error(lang('Aauth.notFoundUser'));
$this->info(lang('Aauth.infoResetSuccess'));
return false;
}
return $email;
}
else
{
$validation = \Config\Services::validation();
if (! $validation->check($identifier, 'valid_email') || strlen($password) < $this->config->passwordMin || strlen($password) > $this->config->passwordMax)
{
$this->error(lang('Aauth.loginFailedEmail'));
$this->error(explode('<br />', $emailService->printDebugger([])));
return false;
}
}
}
if (! $user = $userModel->where('email', $identifier)->first())
{
$this->error(lang('Aauth.notFoundUser'));
$this->error(lang('Aauth.invalidVerficationCode'));
return false;
}
}
if (! empty($userVariableModel->find($user['id'], 'verification_code', true)))
/**
* Set User Variable as key value
* if variable not set before, it will ve set
* if set, overwrites the value
*
* @param string $key
* @param string $value
* @param integer $userId User id, can be null to use session user
*
* @return boolean
*/
public function setUserVar(string $key, string $value, int $userId = null)
{
$this->error(lang('Aauth.notVerified'));
return false;
if (! $userId)
{
$userId = $this->session->user['id'];
}
else if ($user['banned'])
$userModel = new UserModel();
if (! $userModel->existsById($userId))
{
$this->error(lang('Aauth.invalidUserBanned'));
return false;
}
// if ($this->config->totpEnabled && ! $this->config->totpOnIpChange && $this->config->totpLogin)
// {
// if ($this->config->totpLogin == true)
// {
// $this->session->set('totp_required', true);
// }
$userVariableModel = new UserVariableModel();
// $totp_secret = $userVariableModel->find($user['id'], 'totp_secret', true);
// if ( ! empty($totp_secret) && ! $totp_code) {
// $this->error(lang('Aauth.requiredTOTPCode'));
// return false;
// } else {
// if( ! empty($totp_secret)){
// $this->CI->load->helper('googleauthenticator');
// $ga = new PHPGangsta_GoogleAuthenticator();
// $checkResult = $ga->verifyCode($totp_secret, $totp_code, 0);
// if ( ! $checkResult) {
// $this->error(lang('Aauth.invalidTOTPCode'));
// return false;
// }
// }
// }
// }
// else if ($this->config->totpEnabled && $this->config->totpOnIpChange)
// {
// $query = null;
// $query = $this->aauth_db->where($db_identifier, $identifier);
// $query = $this->aauth_db->get($this->config->users);
// $totp_secret = $query->row()->totp_secret;
// $ip_address = $query->row()->ip_address;
// $current_ip_address = $this->CI->input->ip_address();
// if ($query->num_rows() > 0 AND !$totp_code) {
// if($ip_address != $current_ip_address ){
// if($this->config->totpLogin == false){
// $this->error(lang('Aauth.aauth_error_totp_code_required'));
// return false;
// } else if($this->config->totpLogin == true){
// $this->session->set('totp_required', true);
// }
// }
// }else {
// if(!empty($totp_secret)){
// if($ip_address != $current_ip_address ){
// $this->CI->load->helper('googleauthenticator');
// $ga = new PHPGangsta_GoogleAuthenticator();
// $checkResult = $ga->verifyCode($totp_secret, $totp_code, 0);
// if (!$checkResult) {
// $this->error(lang('Aauth.aauth_error_totp_code_invalid'));
// return false;
// }
// }
// }
// }
// }
return $userVariableModel->save($userId, $key, $value);
}
if (password_verify($password, $user['password']))
/**
* Unset User Variable as key value
*
* @param string $key
* @param integer $userId User id, can be null to use session user
*
* @return boolean
*/
public function unsetUserVar(string $key, int $userId = null)
{
$data['id'] = $user['id'];
$data['username'] = $user['username'];
$data['email'] = $user['email'];
$data['loggedIn'] = true;
$this->session->set('user', $data);
if ($remember)
if (! $userId)
{
helper('text');
$loginTokenModel = new LoginTokenModel();
$expire = $this->config->loginRemember;
$userId = base64_encode($user['id']);
$randomString = random_string('alnum', 32);
$selectorString = random_string('alnum', 16);
$cookieData['name'] = 'remember';
$cookieData['value'] = $userId . ';' . $randomString . ';' . $selectorString;
$cookieData['expire'] = YEAR;
$tokenData['user_id'] = $user['id'];
$tokenData['random_hash'] = password_hash($randomString, PASSWORD_DEFAULT);
$tokenData['selector_hash'] = password_hash($selectorString, PASSWORD_DEFAULT);
$tokenData['expires_at'] = date('Y-m-d H:i:s', strtotime($expire));
set_cookie($cookieData);
$loginTokenModel->insert($tokenData);
$userId = $this->session->user['id'];
}
$userModel->updateLastLogin($user['id']);
$userModel = new UserModel();
if ($this->config->loginAttemptRemoveSuccessful)
if (! $userModel->existsById($userId))
{
$loginAttemptModel->delete();
return false;
}
return true;
}
else
{
$this->error(lang('Aauth.loginFailedAll'));
$userVariableModel = new UserVariableModel();
return false;
}
return $userVariableModel->delete($userId, $key);
}
/**
* Logout
* Get User Variable by key
*
* Deletes session and cookie
* @param string $key Variable Key
* @param integer $userId User id, can be null to use session user
*
* @return void
* @return boolean|string FALSE if var is not set, the value of var if set
*/
public function logout()
public function getUserVar(string $key, int $userId = null)
{
helper('cookie');
set_cookie('remember', '', -3600);
$this->session->remove('user');
@$this->session->destroy();
if (! $userId)
{
$userId = $this->session->user['id'];
}
/**
* Fast login
*
* Login with just a user id
*
* @param integer $userId User id
*
* @return boolean
*/
protected function loginFast(int $userId)
{
$userModel = new UserModel();
$userModel->select('id, email, username');
$userModel->where('id', $userId);
$userModel->where('banned', 0);
if ($user = $userModel->get()->getFirstRow())
if (! $userModel->existsById($userId))
{
$this->session->set('user', [
'id' => $user->id,
'username' => $user->username,
'email' => $user->email,
'loggedIn' => true,
]);
return false;
}
return true;
$userVariableModel = new UserVariableModel();
if ($variable = $userVariableModel->find($user['id'], 'verification_code', true))
{
return $variable;
}
return false;
}
//--------------------------------------------------------------------------
// Access Functions
//--------------------------------------------------------------------------
/**
* Check user login
* Get User Variables by user id
* Return array with all user keys & variables
*
* Checks if user logged in, also checks remember.
*
* @return boolean
* @param integer $user_id ; if not given current user
* @return boolean|array , FALSE if var is not set, the value of var if set
*/
public function isLoggedIn()
public function getUserVars(int $userId = null)
{
helper('cookie');
if (isset($this->session->get('user')['loggedIn']))
if (! $userId)
{
return true;
$userId = $this->session->user['id'];
}
else if ($cookie = get_cookie('remember'))
{
$cookie = explode(';', $cookie);
$cookie[0] = base64_decode($cookie[0]);
if (! is_numeric($cookie[0]) || strlen($cookie[1]) !== 32 || strlen($cookie[2]) !== 16)
$userModel = new UserModel();
if (! $userModel->existsById($userId))
{
return false;
}
else
{
$loginTokenModel = new LoginTokenModel();
$loginTokens = $loginTokenModel->findAllByUserId($cookie[0]);
foreach ($loginTokens as $loginToken)
{
if (password_verify($cookie[1], $loginToken['random_hash']) && password_verify($cookie[2], $loginToken['selector_hash']))
{
if (strtotime($loginToken['expires_at']) > strtotime('now'))
{
$loginTokenModel->update($loginToken['id']);
$userVariableModel = new UserVariableModel();
return $this->loginFast($loginToken['user_id']);
return $userVariableModel->findAll();
}
else
/**
* List User Variable Keys by UserID
* Return array of variable keys or FALSE
*
* @param integer $user_id ; if not given current user
* @return boolean|array
*/
public function list_user_var_keys($user_id = false)
{
$loginTokenModel->deleteExpired($cookie[0]);
delete_cookie('remember');
}
}
}
}
if (! $userId)
{
$userId = $this->session->user['id'];
}
$userModel = new UserModel();
if (! $userModel->existsById($userId))
{
return false;
}
$userVariableModel = new UserVariableModel();
$userVariableModel->select('data_key as key');
return $userVariableModel->findAll();
}
//--------------------------------------------------------------------------
// Error Functions
//--------------------------------------------------------------------------

Write Preview
Loading…
Cancel
Save