Newer
Older
if (!$user || strcmp($this->getAuthKey($user), $authkey))
return null;
UserAuthenticationBackend::register('AuthTokenAuthentication');
//Simple ticket lookup backend used to recover ticket access link.
// We're using authentication backend so we can guard aganist brute force
// attempts (which doesn't buy much since the link is emailed)
class AccessLinkAuthentication extends UserAuthenticationBackend {
static $name = "Ticket Access Link Authentication";
static $id = "authlink";
function authenticate($email, $number) {
if (!($ticket = Ticket::lookupByNumber($number))
|| !($user=User::lookup(array('emails__address' => $email))))
if ($ticket->getUserId() == $user->getId())
$user = $ticket->getOwner();
// Collaborator?
elseif (!($user = Collaborator::lookup(array(
'userId' => $user->getId(),
'ticketId' => $ticket->getId()))))
return false; //Bro, we don't know you!
return new ClientSession($user);
}
//We are not actually logging in the user....
function login($user, $bk) {
return true;
}
function supportsInteractiveAuthentication() {
return false;
}
}
UserAuthenticationBackend::register('AccessLinkAuthentication');
class osTicketClientAuthentication extends UserAuthenticationBackend {
static $name = "Local Client Authentication";
static $id = "client";
function authenticate($username, $password) {
if (!($acct = ClientAccount::lookupByUsername($username)))
if (($client = new ClientSession(new EndUser($acct->getUser())))
&& !$client->getId())
return false;
elseif (!$acct->checkPassword($password))
return false;
else
return $client;
}
}
UserAuthenticationBackend::register('osTicketClientAuthentication');
class ClientPasswordResetTokenBackend extends UserAuthenticationBackend {
static $id = "pwreset.client";
function supportsInteractiveAuthentication() {
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
return false;
}
function signOn($errors=array()) {
global $ost;
if (!isset($_POST['userid']) || !isset($_POST['token']))
return false;
elseif (!($_config = new Config('pwreset')))
return false;
elseif (!($acct = ClientAccount::lookupByUsername($_POST['userid']))
|| !$acct->getId()
|| !($client = new ClientSession(new EndUser($acct->getUser()))))
$errors['msg'] = 'Invalid user-id given';
elseif (!($id = $_config->get($_POST['token']))
|| $id != $client->getId())
$errors['msg'] = 'Invalid reset token';
elseif (!($ts = $_config->lastModified($_POST['token']))
&& ($ost->getConfig()->getPwResetWindow() < (time() - strtotime($ts))))
$errors['msg'] = 'Invalid reset token';
elseif (!$acct->forcePasswdReset())
$errors['msg'] = 'Unable to reset password';
else
function login($client, $bk) {
$_SESSION['_client']['reset-token'] = $_POST['token'];
Signal::send('auth.pwreset.login', $client);
return parent::login($client, $bk);
}
UserAuthenticationBackend::register('ClientPasswordResetTokenBackend');
class ClientAcctConfirmationTokenBackend extends UserAuthenticationBackend {
static $id = "confirm.client";
function supportsInteractiveAuthentication() {
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
return false;
}
function signOn($errors=array()) {
global $ost;
if (!isset($_GET['token']))
return false;
elseif (!($_config = new Config('pwreset')))
return false;
elseif (!($id = $_config->get($_GET['token'])))
return false;
elseif (!($acct = ClientAccount::lookup(array('user_id'=>$id)))
|| !$acct->getId()
|| $id != $acct->getUserId()
|| !($client = new ClientSession(new EndUser($acct->getUser()))))
return false;
else
return $client;
}
}
UserAuthenticationBackend::register('ClientAcctConfirmationTokenBackend');