diff options
| -rw-r--r-- | modules/gallery/tests/Albums_Controller_Test.php | 4 | ||||
| -rw-r--r-- | modules/gallery/tests/Photos_Controller_Test.php | 2 | ||||
| -rw-r--r-- | modules/gallery/tests/controller_auth_data.txt | 10 | ||||
| -rw-r--r-- | modules/gallery_unit_test/controllers/gallery_unit_test.php | 17 | ||||
| -rw-r--r-- | modules/user/helpers/user.php | 195 |
5 files changed, 200 insertions, 28 deletions
diff --git a/modules/gallery/tests/Albums_Controller_Test.php b/modules/gallery/tests/Albums_Controller_Test.php index b85b5258..5974c6f9 100644 --- a/modules/gallery/tests/Albums_Controller_Test.php +++ b/modules/gallery/tests/Albums_Controller_Test.php @@ -43,7 +43,7 @@ class Albums_Controller_Test extends Unit_Test_Case { $_POST["column"] = "weight"; $_POST["direction"] = "ASC"; $_POST["csrf"] = access::csrf_token(); - $_POST["slug"] = "new_name"; + $_POST["slug"] = "new-name"; $_POST["_method"] = "put"; access::allow(identity::everybody(), "edit", $root); @@ -53,7 +53,7 @@ class Albums_Controller_Test extends Unit_Test_Case { ob_end_clean(); $this->assert_equal( - json_encode(array("result" => "success")), + json_encode(array("result" => "success", "location" => "")), $results); $this->assert_equal("new title", $this->_album->title); $this->assert_equal("new description", $this->_album->description); diff --git a/modules/gallery/tests/Photos_Controller_Test.php b/modules/gallery/tests/Photos_Controller_Test.php index 2e5d7fe3..d2404192 100644 --- a/modules/gallery/tests/Photos_Controller_Test.php +++ b/modules/gallery/tests/Photos_Controller_Test.php @@ -47,7 +47,7 @@ class Photos_Controller_Test extends Unit_Test_Case { $results = ob_get_contents(); ob_end_clean(); - $this->assert_equal(json_encode(array("result" => "success")), $results); + $this->assert_equal(json_encode(array("result" => "success", "location" => "")), $results); $this->assert_equal("new-slug", $photo->slug); $this->assert_equal("new title", $photo->title); $this->assert_equal("new description", $photo->description); diff --git a/modules/gallery/tests/controller_auth_data.txt b/modules/gallery/tests/controller_auth_data.txt index fdf00c5e..30102538 100644 --- a/modules/gallery/tests/controller_auth_data.txt +++ b/modules/gallery/tests/controller_auth_data.txt @@ -9,6 +9,11 @@ modules/gallery/controllers/albums.php _form_add modules/gallery/controllers/combined.php javascript DIRTY_AUTH modules/gallery/controllers/combined.php css DIRTY_AUTH modules/gallery/controllers/file_proxy.php __call DIRTY_CSRF|DIRTY_AUTH +modules/gallery/controllers/login.php ajax DIRTY_AUTH +modules/gallery/controllers/login.php auth_ajax DIRTY_AUTH +modules/gallery/controllers/login.php html DIRTY_AUTH +modules/gallery/controllers/login.php auth_html DIRTY_AUTH +modules/gallery/controllers/logout.php index DIRTY_CSRF|DIRTY_AUTH modules/gallery/controllers/maintenance.php index DIRTY_AUTH modules/gallery/controllers/rest.php __construct DIRTY_AUTH modules/gallery/controllers/rest.php __call DIRTY_AUTH @@ -31,10 +36,5 @@ modules/server_add/controllers/admin_server_add.php autocomplete modules/server_add/controllers/server_add.php children DIRTY_CSRF modules/tag/controllers/admin_tags.php index DIRTY_CSRF modules/tag/controllers/tags.php _show DIRTY_CSRF|DIRTY_AUTH -modules/user/controllers/login.php ajax DIRTY_AUTH -modules/user/controllers/login.php auth_ajax DIRTY_AUTH -modules/user/controllers/login.php html DIRTY_AUTH -modules/user/controllers/login.php auth_html DIRTY_AUTH -modules/user/controllers/logout.php index DIRTY_CSRF|DIRTY_AUTH modules/user/controllers/password.php reset DIRTY_AUTH modules/user/controllers/password.php do_reset DIRTY_CSRF|DIRTY_AUTH diff --git a/modules/gallery_unit_test/controllers/gallery_unit_test.php b/modules/gallery_unit_test/controllers/gallery_unit_test.php index 85747884..f72b1b08 100644 --- a/modules/gallery_unit_test/controllers/gallery_unit_test.php +++ b/modules/gallery_unit_test/controllers/gallery_unit_test.php @@ -77,14 +77,6 @@ class Gallery_Unit_Test_Controller extends Controller { } try { - // Find all tests, excluding sample tests that come with the unit_test module. - foreach (glob(MODPATH . "*/tests") as $path) { - if ($path != MODPATH . "unit_test/tests") { - $paths[] = $path; - } - } - Kohana::config_set('unit_test.paths', $paths); - // Clean out the database if ($tables = $db->list_tables()) { foreach ($db->list_tables() as $table) { @@ -107,15 +99,18 @@ class Gallery_Unit_Test_Controller extends Controller { // Rest the cascading class path Kohana::config_set("core", Kohana::config_load("core")); - // Install all modules + // Install the active modules // Force gallery and user to be installed first to resolve dependencies. gallery_installer::install(true); module::load_modules(); module::install("user"); module::activate("user"); - $modules = array(); + $modules = $paths =array(); foreach ($active_modules as $module) { + if (file_exists($path = MODPATH . "{$module->name}/tests")) { + $paths[] = $path; + } if (in_array($module->name, array("gallery", "user"))) { continue; } @@ -123,6 +118,8 @@ class Gallery_Unit_Test_Controller extends Controller { module::activate($module->name); } + Kohana::config_set('unit_test.paths', $paths); + // Trigger late-binding install actions (defined in gallery_event::user_login) graphics::choose_default_toolkit(); diff --git a/modules/user/helpers/user.php b/modules/user/helpers/user.php index 5ef2b726..e7e75d64 100644 --- a/modules/user/helpers/user.php +++ b/modules/user/helpers/user.php @@ -24,22 +24,98 @@ * Note: by design, this class does not do any permission checking. */ class user_Core { + static function get_login_form($url) { + $form = new Forge($url, "", "post", array("id" => "g-login-form")); + $form->set_attr('class', "g-narrow"); + $group = $form->group("login")->label(t("Login")); + $group->input("name")->label(t("Username"))->id("g-username")->class(null); + $group->password("password")->label(t("Password"))->id("g-password")->class(null); + $group->inputs["name"]->error_messages("invalid_login", t("Invalid name or password")); + $group->submit("")->value(t("Login")); + return $form; + } + + /** + * Make sure that we have a session and group_ids cached in the session. + */ + static function load_user() { + $session = Session::instance(); + if (!($user = $session->get("user"))) { + $session->set("user", $user = user::guest()); + } + + // The installer cannot set a user into the session, so it just sets an id which we should + // upconvert into a user. + if ($user === 2) { + $user = model_cache::get("user", 2); + user::login($user); + $session->set("user", $user); + } + + if (!$session->get("group_ids")) { + $ids = array(); + foreach ($user->groups as $group) { + $ids[] = $group->id; + } + $session->set("group_ids", $ids); + } + } + + /** + * Return the array of group ids this user belongs to + * + * @return array + */ + static function group_ids() { + return Session::instance()->get("group_ids", array(1)); + } + + /** + * Return the active user. If there's no active user, return the guest user. + * + * @return User_Model + */ + static function active() { + // @todo (maybe) cache this object so we're not always doing session lookups. + $user = Session::instance()->get("user", null); + if (!isset($user)) { + // Don't do this as a fallback in the Session::get() call because it can trigger unnecessary + // work. + $user = user::guest(); + } + return $user; + } + /** * Return the guest user. * - * @return User_Model the user object + * @todo consider caching + * + * @return User_Model */ static function guest() { return model_cache::get("user", 1); } /** + * Change the active user. + * + * @return User_Model + */ + static function set_active($user) { + $session = Session::instance(); + $session->set("user", $user); + $session->delete("group_ids"); + self::load_user(); + } + + /** * Create a new user. * * @param string $name * @param string $full_name * @param string $password - * @return User_Definition the user object + * @return User_Model */ static function create($name, $full_name, $password) { $user = ORM::factory("user")->where("name", $name)->find(); @@ -60,9 +136,44 @@ class user_Core { } /** - * Hash the password to the internal value - * @param string $password the user password - * @param string The hashed equivalent + * Is the password provided correct? + * + * @param user User Model + * @param string $password a plaintext password + * @return boolean true if the password is correct + */ + static function is_correct_password($user, $password) { + $valid = $user->password; + + // Try phpass first, since that's what we generate. + if (strlen($valid) == 34) { + require_once(MODPATH . "user/lib/PasswordHash.php"); + $hashGenerator = new PasswordHash(10, true); + return $hashGenerator->CheckPassword($password, $valid); + } + + $salt = substr($valid, 0, 4); + // Support both old (G1 thru 1.4.0; G2 thru alpha-4) and new password schemes: + $guess = (strlen($valid) == 32) ? md5($password) : ($salt . md5($salt . $password)); + if (!strcmp($guess, $valid)) { + return true; + } + + // Passwords with <&"> created by G2 prior to 2.1 were hashed with entities + $sanitizedPassword = html::specialchars($password, false); + $guess = (strlen($valid) == 32) ? md5($sanitizedPassword) + : ($salt . md5($salt . $sanitizedPassword)); + if (!strcmp($guess, $valid)) { + return true; + } + + return false; + } + + /** + * Create the hashed passwords. + * @param string $password a plaintext password + * @return string hashed password */ static function hash_password($password) { require_once(MODPATH . "user/lib/PasswordHash.php"); @@ -71,24 +182,88 @@ class user_Core { } /** + * Log in as a given user. + * @param object $user the user object. + */ + static function login($user) { + $user->login_count += 1; + $user->last_login = time(); + $user->save(); + + user::set_active($user); + module::event("user_login", $user); + } + + /** + * Log out the active user and destroy the session. + * @param object $user the user object. + */ + static function logout() { + $user = user::active(); + if (!$user->guest) { + try { + Session::instance()->destroy(); + } catch (Exception $e) { + Kohana::log("error", $e); + } + module::event("user_logout", $user); + } + } + + /** * Look up a user by id. * @param integer $id the user id - * @return User_Definition the user object, or null if the id was invalid. + * @return User_Model the user object, or null if the id was invalid. */ static function lookup($id) { - return self::lookup_by_field("id", $id); + return self::_lookup_user_by_field("id", $id); } /** * Look up a user by name. * @param integer $name the user name - * @return User_Definition the user object, or null if the name was invalid. + * @return User_Model the user object, or null if the name was invalid. */ static function lookup_by_name($name) { - return self::lookup_by_field("name", $name); + return self::_lookup_user_by_field("name", $name); + } + + /** + * Look up a user by hash. + * @param integer $hash the user hash value + * @return User_Model the user object, or null if the name was invalid. + */ + static function lookup_by_hash($hash) { + return self::_lookup_user_by_field("hash", $hash); + } + + /** + * List the users + * @param mixed filters (@see Database.php + * @return array the user list. + */ + static function get_user_list($filter=array()) { + $user = ORM::factory("user"); + + foreach($filter as $method => $args) { + switch ($method) { + case "in": + $user->in($args[0], $args[1]); + break; + default: + $user->$method($args); + } + } + return $user->find_all(); } - static function lookup_by_field($field_name, $value) { + /** + * Look up a user by field value. + * @param string search field + * @param string search value + * @return User_Core the user object, or null if the name was invalid. + */ + private static function _lookup_user_by_field($field_name, $value) { try { $user = model_cache::get("user", $value, $field_name); if ($user->loaded) { |