From aff5d1cef4cc2514fe6d714788fffcf418d8fc5b Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Sun, 7 Feb 2010 08:45:10 -0800
Subject: Create the concept of a "failed authentication" as semantically
 separate from a successful or failed login.

1) Rename user_login_failed event to user_authenticate_failed

2) Rename failed_logins table to failed_auth (bump Gallery module to
   v27 to rename the table)

3) auth::too_many_failed_logins -> auth::too_many_failures

4) auth::record_failed_auth_attempts -> auth::record_failed_attempts
   auth::clear_failed_auth_attempts  -> auth::clear_failed_attempts
---
 modules/gallery/controllers/login.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/gallery/controllers/login.php')

diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php
index 1426f0d8..fa175ac8 100644
--- a/modules/gallery/controllers/login.php
+++ b/modules/gallery/controllers/login.php
@@ -65,7 +65,7 @@ class Login_Controller extends Controller {
         $form->login->inputs["name"]->add_error("invalid_login", 1);
         $name = $form->login->inputs["name"]->value;
         log::warning("user", t("Failed login for %name", array("name" => $name)));
-        module::event("user_login_failed", $name);
+        module::event("user_authenticate_failed", $name);
         $valid = false;
       }
     }
-- 
cgit v1.2.3


From eda6e3af06aa51281e614ae9a5e7b4ad4fbbae17 Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Sun, 7 Feb 2010 08:49:37 -0800
Subject: Rename user_authenticate_xxx events to user_auth_xxx for brevity.

---
 modules/gallery/controllers/login.php     | 2 +-
 modules/gallery/helpers/gallery_event.php | 4 ++--
 modules/user/controllers/users.php        | 8 ++++----
 3 files changed, 7 insertions(+), 7 deletions(-)

(limited to 'modules/gallery/controllers/login.php')

diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php
index fa175ac8..5a08b693 100644
--- a/modules/gallery/controllers/login.php
+++ b/modules/gallery/controllers/login.php
@@ -65,7 +65,7 @@ class Login_Controller extends Controller {
         $form->login->inputs["name"]->add_error("invalid_login", 1);
         $name = $form->login->inputs["name"]->value;
         log::warning("user", t("Failed login for %name", array("name" => $name)));
-        module::event("user_authenticate_failed", $name);
+        module::event("user_auth_failed", $name);
         $valid = false;
       }
     }
diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index 9ce30929..5fa82160 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -113,11 +113,11 @@ class gallery_event_Core {
     auth::clear_failed_attempts($user);
   }
 
-  static function user_authenticate_failed($name) {
+  static function user_auth_failed($name) {
     auth::record_failed_attempt($name);
   }
 
-  static function user_authenticate($user) {
+  static function user_auth($user) {
     auth::clear_failed_attempts($user);
   }
 
diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php
index 2675d918..1130852b 100644
--- a/modules/user/controllers/users.php
+++ b/modules/user/controllers/users.php
@@ -84,7 +84,7 @@ class Users_Controller extends Controller {
       $user->save();
       module::event("user_change_password_form_completed", $user, $form);
       message::success(t("Password changed"));
-      module::event("user_authenticate", $user);
+      module::event("user_auth", $user);
       module::event("user_password_change", $user);
       print json_encode(
         array("result" => "success",
@@ -92,7 +92,7 @@ class Users_Controller extends Controller {
     } else {
       log::warning("user", t("Failed password change for %name", array("name" => $user->name)));
       $name = $user->name;
-      module::event("user_authenticate_failed", $name);
+      module::event("user_auth_failed", $name);
       print json_encode(array("result" => "error", "form" => (string) $form));
     }
   }
@@ -120,14 +120,14 @@ class Users_Controller extends Controller {
       $user->save();
       module::event("user_change_email_form_completed", $user, $form);
       message::success(t("Email address changed"));
-      module::event("user_authenticate", $user);
+      module::event("user_auth", $user);
       print json_encode(
         array("result" => "success",
               "resource" => url::site("users/{$user->id}")));
     } else {
       log::warning("user", t("Failed email change for %name", array("name" => $user->name)));
       $name = $user->name;
-      module::event("user_authenticate_failed", $name);
+      module::event("user_auth_failed", $name);
       print json_encode(array("result" => "error", "form" => (string) $form));
     }
   }
-- 
cgit v1.2.3


From 17f0a1b10f3df250129188316c14b01f0e3b45f0 Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Wed, 10 Feb 2010 08:45:14 -0800
Subject: If the user does not have permission to view the album, photo or
 movie, redirect to a logon page to allow the user to login.  Pass the target
 url as a session variable to allow the user to be redirected where they want
 to go if the login was successful.  Fixes ticket #1009.

---
 modules/gallery/controllers/albums.php | 21 ++++++++++-----------
 modules/gallery/controllers/login.php  |  3 ++-
 modules/gallery/controllers/movies.php | 11 ++++++++++-
 modules/gallery/controllers/photos.php | 10 +++++++++-
 4 files changed, 31 insertions(+), 14 deletions(-)

(limited to 'modules/gallery/controllers/login.php')

diff --git a/modules/gallery/controllers/albums.php b/modules/gallery/controllers/albums.php
index a378f3ee..1d369b95 100644
--- a/modules/gallery/controllers/albums.php
+++ b/modules/gallery/controllers/albums.php
@@ -28,20 +28,19 @@ class Albums_Controller extends Items_Controller {
       // sure that we're actually receiving an object
       Kohana::show_404();
     }
-    $page_size = module::get_var("gallery", "page_size", 9);
+
     if (!access::can("view", $album)) {
-      if ($album->id == 1) {
-        $view = new Theme_View("page.html", "other", "login");
-        $view->page_title = t("Log in to Gallery");
-        $view->content = new View("login_ajax.html");
-        $view->content->form = auth::get_login_form("login/auth_html");
-        print $view;
-        return;
-      } else {
-        access::forbidden();
-      }
+      $view = new Theme_View("page.html", "other", "login");
+      $view->page_title = t("Log in to Gallery");
+      $view->content = new View("login_ajax.html");
+      $view->content->form = auth::get_login_form("login/auth_html");
+      // Avoid anti-phishing protection by passing the url as session variable.
+      Session::instance()->set("continue_url", url::current(true));
+      print $view;
+      return;
     }
 
+    $page_size = module::get_var("gallery", "page_size", 9);
     $input = Input::instance();
     $show = $input->get("show");
 
diff --git a/modules/gallery/controllers/login.php b/modules/gallery/controllers/login.php
index 5a08b693..093c15da 100644
--- a/modules/gallery/controllers/login.php
+++ b/modules/gallery/controllers/login.php
@@ -44,9 +44,10 @@ class Login_Controller extends Controller {
   public function auth_html() {
     access::verify_csrf();
 
+    $continue_url = Session::instance()->get("continue_url", null);
     list ($valid, $form) = $this->_auth("login/auth_html");
     if ($valid) {
-      url::redirect(item::root()->abs_url());
+      url::redirect($continue_url ? $continue_url : item::root()->abs_url());
     } else {
       $view = new Theme_View("page.html", "other", "login");
       $view->page_title = t("Log in to Gallery");
diff --git a/modules/gallery/controllers/movies.php b/modules/gallery/controllers/movies.php
index b51282b3..9e882ef4 100644
--- a/modules/gallery/controllers/movies.php
+++ b/modules/gallery/controllers/movies.php
@@ -24,7 +24,16 @@ class Movies_Controller extends Items_Controller {
       // sure that we're actually receiving an object
       Kohana::show_404();
     }
-    access::required("view", $movie);
+
+    if (!access::can("view", $movie)) {
+      $view = new Theme_View("page.html", "other", "login");
+      $view->page_title = t("Log in to Gallery");
+      $view->content = new View("login_ajax.html");
+      $view->content->form = auth::get_login_form("login/auth_html");
+
+      print $view;
+      return;
+    }
 
     $where = array(array("type", "!=", "album"));
     $position = $movie->parent()->get_position($movie, $where);
diff --git a/modules/gallery/controllers/photos.php b/modules/gallery/controllers/photos.php
index b5da3884..8beae207 100644
--- a/modules/gallery/controllers/photos.php
+++ b/modules/gallery/controllers/photos.php
@@ -24,7 +24,15 @@ class Photos_Controller extends Items_Controller {
       // sure that we're actually receiving an object
       Kohana::show_404();
     }
-    access::required("view", $photo);
+
+    if (!access::can("view", $photo)) {
+      $view = new Theme_View("page.html", "other", "login");
+      $view->page_title = t("Log in to Gallery");
+      $view->content = new View("login_ajax.html");
+      $view->content->form = auth::get_login_form("login/auth_html");
+      print $view;
+      return;
+    }
 
     $where = array(array("type", "!=", "album"));
     $position = $photo->parent()->get_position($photo, $where);
-- 
cgit v1.2.3