summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrédéric Guillot <fguillot@users.noreply.github.com>2014-04-19 22:12:12 -0400
committerFrédéric Guillot <fguillot@users.noreply.github.com>2014-04-19 22:12:12 -0400
commita04ecbde778decfdea7200806a6b1144861ae05f (patch)
treee4670e3013734d9c7bd201f5d6ef1fbaae13d3b5
parent5aacb6a76351889a6ec5ed01c8e80f139c2b2027 (diff)
Add RememberMe feature and authentications history
-rw-r--r--assets/css/app.css16
-rw-r--r--common.php15
-rw-r--r--controllers/action.php2
-rw-r--r--controllers/app.php11
-rw-r--r--controllers/base.php28
-rw-r--r--controllers/config.php19
-rw-r--r--controllers/project.php90
-rw-r--r--controllers/user.php13
-rw-r--r--core/session.php2
-rw-r--r--locales/es_ES/translations.php14
-rw-r--r--locales/fr_FR/translations.php14
-rw-r--r--locales/pl_PL/translations.php14
-rw-r--r--locales/pt_BR/translations.php14
-rw-r--r--models/acl.php111
-rw-r--r--models/action.php11
-rw-r--r--models/base.php1
-rw-r--r--models/last_login.php93
-rw-r--r--models/remember_me.php336
-rw-r--r--models/user.php69
-rw-r--r--schemas/mysql.php32
-rw-r--r--schemas/sqlite.php31
-rw-r--r--templates/config_index.php52
-rw-r--r--templates/user_login.php2
-rw-r--r--tests/AclTest.php14
24 files changed, 949 insertions, 55 deletions
diff --git a/assets/css/app.css b/assets/css/app.css
index 040c77df..f3a44c92 100644
--- a/assets/css/app.css
+++ b/assets/css/app.css
@@ -65,6 +65,7 @@ table {
width: 100%;
border-collapse: collapse;
border-spacing: 0;
+ margin-bottom: 20px;
}
table caption {
@@ -80,7 +81,8 @@ td {
border: 1px solid #ccc;
padding-top: 0.5em;
padding-bottom: 0.5em;
- padding-left: 5px;
+ padding-left: 3px;
+ padding-right: 3px;
}
th {
@@ -89,13 +91,23 @@ th {
}
tr:nth-child(odd) td {
- background: #fcfcfc;
+ background: #f8f8f8;
}
td li {
margin-left: 20px;
}
+.table-small {
+ font-size: 0.85em;
+}
+
+.table-hover tr:hover td {
+ border-top: 2px solid #333;
+ border-bottom: 2px solid #333;
+ background: rgb(219, 235, 255)
+}
+
/* forms */
form {
padding-top: 5px;
diff --git a/common.php b/common.php
index fd19b8ca..f40c83ae 100644
--- a/common.php
+++ b/common.php
@@ -6,7 +6,7 @@ require __DIR__.'/core/translator.php';
$registry = new Core\Registry;
-$registry->db_version = 11;
+$registry->db_version = 12;
$registry->db = function() use ($registry) {
require __DIR__.'/vendor/PicoDb/Database.php';
@@ -95,6 +95,16 @@ $registry->action = function() use ($registry) {
return new \Model\Action($registry->shared('db'), $registry->shared('event'));
};
+$registry->rememberMe = function() use ($registry) {
+ require_once __DIR__.'/models/remember_me.php';
+ return new \Model\RememberMe($registry->shared('db'), $registry->shared('event'));
+};
+
+$registry->lastLogin = function() use ($registry) {
+ require_once __DIR__.'/models/last_login.php';
+ return new \Model\LastLogin($registry->shared('db'), $registry->shared('event'));
+};
+
if (file_exists('config.php')) require 'config.php';
// Auto-refresh frequency in seconds for the public board view
@@ -106,6 +116,9 @@ defined('SESSION_SAVE_PATH') or define('SESSION_SAVE_PATH', '');
// Application version
defined('APP_VERSION') or define('APP_VERSION', 'master');
+// Base directory
+define('BASE_URL_DIRECTORY', dirname($_SERVER['PHP_SELF']));
+
// Database driver: sqlite or mysql
defined('DB_DRIVER') or define('DB_DRIVER', 'sqlite');
diff --git a/controllers/action.php b/controllers/action.php
index 32ec737d..b4006940 100644
--- a/controllers/action.php
+++ b/controllers/action.php
@@ -7,7 +7,7 @@ require_once __DIR__.'/base.php';
/**
* Automatic actions management
*
- * @package controllers
+ * @package controller
* @author Frederic Guillot
*/
class Action extends Base
diff --git a/controllers/app.php b/controllers/app.php
index e72ac9d0..68872a48 100644
--- a/controllers/app.php
+++ b/controllers/app.php
@@ -4,8 +4,19 @@ namespace Controller;
require_once __DIR__.'/base.php';
+/**
+ * Application controller
+ *
+ * @package controller
+ * @author Frederic Guillot
+ */
class App extends Base
{
+ /**
+ * Redirect to the project creation page or the board controller
+ *
+ * @access public
+ */
public function index()
{
if ($this->project->countByStatus(\Model\Project::ACTIVE)) {
diff --git a/controllers/base.php b/controllers/base.php
index cb76cc05..5f482f7e 100644
--- a/controllers/base.php
+++ b/controllers/base.php
@@ -26,6 +26,8 @@ abstract class Base
$this->task = $registry->task;
$this->user = $registry->user;
$this->comment = $registry->comment;
+ $this->rememberMe = $registry->rememberMe;
+ $this->lastLogin = $registry->lastLogin;
$this->event = $registry->shared('event');
}
@@ -37,7 +39,7 @@ abstract class Base
public function beforeAction($controller, $action)
{
// Start the session
- $this->session->open(dirname($_SERVER['PHP_SELF']), SESSION_SAVE_PATH);
+ $this->session->open(BASE_URL_DIRECTORY, SESSION_SAVE_PATH);
// HTTP secure headers
$this->response->csp();
@@ -53,9 +55,27 @@ abstract class Base
// Set timezone
date_default_timezone_set($this->config->get('timezone', 'UTC'));
- // If the user is not authenticated redirect to the login form, if the action is public continue
- if (! isset($_SESSION['user']) && ! $this->acl->isPublicAction($controller, $action)) {
- $this->response->redirect('?controller=user&action=login');
+ // Authentication
+ if (! $this->acl->isLogged() && ! $this->acl->isPublicAction($controller, $action)) {
+
+ // Try the remember me authentication first
+ if (! $this->rememberMe->authenticate()) {
+
+ // Redirect to the login form if not authenticated
+ $this->response->redirect('?controller=user&action=login');
+ }
+ else {
+
+ $this->lastLogin->create(
+ \Model\LastLogin::AUTH_REMEMBER_ME,
+ $this->acl->getUserId(),
+ $this->user->getIpAddress(),
+ $this->user->getUserAgent()
+ );
+ }
+ }
+ else if ($this->rememberMe->hasCookie()) {
+ $this->rememberMe->refresh();
}
// Check if the user is allowed to see this page
diff --git a/controllers/config.php b/controllers/config.php
index 0adf1d54..527c8a4c 100644
--- a/controllers/config.php
+++ b/controllers/config.php
@@ -28,7 +28,9 @@ class Config extends Base
'errors' => array(),
'menu' => 'config',
'title' => t('Settings'),
- 'timezones' => $this->config->getTimezones()
+ 'timezones' => $this->config->getTimezones(),
+ 'remember_me_sessions' => $this->rememberMe->getAll($this->acl->getUserId()),
+ 'last_logins' => $this->lastLogin->getAll($this->acl->getUserId()),
)));
}
@@ -63,7 +65,9 @@ class Config extends Base
'errors' => $errors,
'menu' => 'config',
'title' => t('Settings'),
- 'timezones' => $this->config->getTimezones()
+ 'timezones' => $this->config->getTimezones(),
+ 'remember_me_sessions' => $this->rememberMe->getAll($this->acl->getUserId()),
+ 'last_logins' => $this->lastLogin->getAll($this->acl->getUserId()),
)));
}
@@ -101,4 +105,15 @@ class Config extends Base
$this->session->flash(t('All tokens have been regenerated.'));
$this->response->redirect('?controller=config');
}
+
+ /**
+ * Remove a "RememberMe" token
+ *
+ * @access public
+ */
+ public function removeRememberMeToken()
+ {
+ $this->rememberMe->remove($this->request->getIntegerParam('id'));
+ $this->response->redirect('?controller=config&action=index#remember-me');
+ }
}
diff --git a/controllers/project.php b/controllers/project.php
index 5cc9f5d1..a89c7879 100644
--- a/controllers/project.php
+++ b/controllers/project.php
@@ -4,9 +4,19 @@ namespace Controller;
require_once __DIR__.'/base.php';
+/**
+ * Project controller
+ *
+ * @package controller
+ * @author Frederic Guillot
+ */
class Project extends Base
{
- // Display access forbidden page
+ /**
+ * Display access forbidden page
+ *
+ * @access public
+ */
public function forbidden()
{
$this->response->html($this->template->layout('project_forbidden', array(
@@ -15,7 +25,11 @@ class Project extends Base
)));
}
- // List of completed tasks for a given project
+ /**
+ * List of completed tasks for a given project
+ *
+ * @access public
+ */
public function tasks()
{
$project_id = $this->request->getIntegerParam('project_id');
@@ -40,7 +54,11 @@ class Project extends Base
)));
}
- // List of projects
+ /**
+ * List of projects
+ *
+ * @access public
+ */
public function index()
{
$projects = $this->project->getAll(true, $this->acl->isRegularUser());
@@ -54,7 +72,11 @@ class Project extends Base
)));
}
- // Display a form to create a new project
+ /**
+ * Display a form to create a new project
+ *
+ * @access public
+ */
public function create()
{
$this->response->html($this->template->layout('project_new', array(
@@ -65,7 +87,11 @@ class Project extends Base
)));
}
- // Validate and save a new project
+ /**
+ * Validate and save a new project
+ *
+ * @access public
+ */
public function save()
{
$values = $this->request->getValues();
@@ -90,7 +116,11 @@ class Project extends Base
)));
}
- // Display a form to edit a project
+ /**
+ * Display a form to edit a project
+ *
+ * @access public
+ */
public function edit()
{
$project = $this->project->getById($this->request->getIntegerParam('project_id'));
@@ -108,7 +138,11 @@ class Project extends Base
)));
}
- // Validate and update a project
+ /**
+ * Validate and update a project
+ *
+ * @access public
+ */
public function update()
{
$values = $this->request->getValues() + array('is_active' => 0);
@@ -133,7 +167,11 @@ class Project extends Base
)));
}
- // Confirmation dialog before to remove a project
+ /**
+ * Confirmation dialog before to remove a project
+ *
+ * @access public
+ */
public function confirm()
{
$project = $this->project->getById($this->request->getIntegerParam('project_id'));
@@ -150,7 +188,11 @@ class Project extends Base
)));
}
- // Remove a project
+ /**
+ * Remove a project
+ *
+ * @access public
+ */
public function remove()
{
$project_id = $this->request->getIntegerParam('project_id');
@@ -164,7 +206,11 @@ class Project extends Base
$this->response->redirect('?controller=project');
}
- // Enable a project
+ /**
+ * Enable a project
+ *
+ * @access public
+ */
public function enable()
{
$project_id = $this->request->getIntegerParam('project_id');
@@ -178,7 +224,11 @@ class Project extends Base
$this->response->redirect('?controller=project');
}
- // Disable a project
+ /**
+ * Disable a project
+ *
+ * @access public
+ */
public function disable()
{
$project_id = $this->request->getIntegerParam('project_id');
@@ -192,7 +242,11 @@ class Project extends Base
$this->response->redirect('?controller=project');
}
- // Users list for the selected project
+ /**
+ * Users list for the selected project
+ *
+ * @access public
+ */
public function users()
{
$project = $this->project->getById($this->request->getIntegerParam('project_id'));
@@ -210,7 +264,11 @@ class Project extends Base
)));
}
- // Allow a specific user for the selected project
+ /**
+ * Allow a specific user for the selected project
+ *
+ * @access public
+ */
public function allow()
{
$values = $this->request->getValues();
@@ -229,7 +287,11 @@ class Project extends Base
$this->response->redirect('?controller=project&action=users&project_id='.$values['project_id']);
}
- // Revoke user access
+ /**
+ * Revoke user access
+ *
+ * @access public
+ */
public function revoke()
{
$values = array(
diff --git a/controllers/user.php b/controllers/user.php
index bc5c48fe..9e964a4e 100644
--- a/controllers/user.php
+++ b/controllers/user.php
@@ -32,6 +32,7 @@ class User extends Base
*/
public function logout()
{
+ $this->rememberMe->destroy($this->acl->getUserId());
$this->session->close();
$this->response->redirect('?controller=user&action=login');
}
@@ -63,7 +64,17 @@ class User extends Base
$values = $this->request->getValues();
list($valid, $errors) = $this->user->validateLogin($values);
- if ($valid) $this->response->redirect('?controller=app');
+ if ($valid) {
+
+ $this->lastLogin->create(
+ \Model\LastLogin::AUTH_DATABASE,
+ $this->acl->getUserId(),
+ $this->user->getIpAddress(),
+ $this->user->getUserAgent()
+ );
+
+ $this->response->redirect('?controller=app');
+ }
$this->response->html($this->template->layout('user_login', array(
'errors' => $errors,
diff --git a/core/session.php b/core/session.php
index 7fe8e0c1..aa4b2516 100644
--- a/core/session.php
+++ b/core/session.php
@@ -4,7 +4,7 @@ namespace Core;
class Session
{
- const SESSION_LIFETIME = 2678400; // 31 days
+ const SESSION_LIFETIME = 86400; // 1 day
public function open($base_path = '/', $save_path = '')
{
diff --git a/locales/es_ES/translations.php b/locales/es_ES/translations.php
index 9ae16d20..628e292b 100644
--- a/locales/es_ES/translations.php
+++ b/locales/es_ES/translations.php
@@ -85,7 +85,7 @@ return array(
'Do you really want to remove this column: "%s"?' => '¿Realmente desea eliminar esta columna : « %s » ?',
'This action will REMOVE ALL TASKS associated to this column!' => '¡Esta acción suprimirá todas las tareas asociadas a esta columna!',
'settings' => 'preferencias',
- 'Application Settings' => 'Parámetros de la aplicación',
+ 'Application settings' => 'Parámetros de la aplicación',
'Language' => 'Idioma',
'Webhooks token:' => 'Identificador (token) para los webhooks :',
'More information' => 'Más informaciones',
@@ -94,7 +94,7 @@ return array(
'Optimize the database' => 'Optimisar la base de datos',
'(VACUUM command)' => '(Comando VACUUM)',
'(Gzip compressed Sqlite file)' => '(Archivo Sqlite comprimido en Gzip)',
- 'User Settings' => 'Parámetros de usuario',
+ 'User settings' => 'Parámetros de usuario',
'My default project:' => 'Mi proyecto por defecto : ',
'Close a task' => 'Cerrar una tarea',
'Do you really want to close this task: "%s"?' => '¿Realmente desea cerrar esta tarea: « %s » ?',
@@ -269,4 +269,14 @@ return array(
'Wrong password' => 'contraseña incorrecta',
'Reset all tokens' => 'Reiniciar los identificadores (tokens) de seguridad ',
'All tokens have been regenerated.' => 'Todos los identificadores (tokens) han sido reiniciados.',
+ // 'Unknown' => '',
+ // 'Last logins' => '',
+ // 'Login date' => '',
+ // 'Authentication method' => '',
+ // 'IP address' => '',
+ // 'User agent' => '',
+ // 'Persistent connections' => '',
+ // 'No session' => '',
+ // 'Expiration date' => '',
+ // 'Remember Me' => '',
);
diff --git a/locales/fr_FR/translations.php b/locales/fr_FR/translations.php
index 7a7f8d3e..3529582d 100644
--- a/locales/fr_FR/translations.php
+++ b/locales/fr_FR/translations.php
@@ -85,7 +85,7 @@ return array(
'Do you really want to remove this column: "%s"?' => 'Voulez vraiment supprimer cette colonne : « %s » ?',
'This action will REMOVE ALL TASKS associated to this column!' => 'Cette action va supprimer toutes les tâches associées à cette colonne !',
'settings' => 'préférences',
- 'Application Settings' => 'Paramètres de l\'application',
+ 'Application settings' => 'Paramètres de l\'application',
'Language' => 'Langue',
'Webhooks token:' => 'Jeton de securité pour les webhooks :',
'More information' => 'Plus d\'informations',
@@ -94,7 +94,7 @@ return array(
'Optimize the database' => 'Optimiser la base de données',
'(VACUUM command)' => '(Commande VACUUM)',
'(Gzip compressed Sqlite file)' => '(Fichier Sqlite compressé en Gzip)',
- 'User Settings' => 'Paramètres utilisateur',
+ 'User settings' => 'Paramètres utilisateur',
'My default project:' => 'Mon projet par défaut : ',
'Close a task' => 'Fermer une tâche',
'Do you really want to close this task: "%s"?' => 'Voulez-vous vraiment fermer cettre tâche : « %s » ?',
@@ -269,4 +269,14 @@ return array(
'Wrong password' => 'Mauvais mot de passe',
'Reset all tokens' => 'Réinitialiser tous les jetons de sécurité',
'All tokens have been regenerated.' => 'Tous les jetons de sécurité ont été réinitialisés.',
+ 'Unknown' => 'Inconnu',
+ 'Last logins' => 'Dernières connexions',
+ 'Login date' => 'Date de connexion',
+ 'Authentication method' => 'Méthode d\'authentification',
+ 'IP address' => 'Adresse IP',
+ 'User agent' => 'Agent utilisateur',
+ 'Persistent connections' => 'Connexions persistantes',
+ 'No session' => 'Aucune session',
+ 'Expiration date' => 'Date d\'expiration',
+ 'Remember Me' => 'Connexion automatique',
);
diff --git a/locales/pl_PL/translations.php b/locales/pl_PL/translations.php
index 718611ac..f11a6d8d 100644
--- a/locales/pl_PL/translations.php
+++ b/locales/pl_PL/translations.php
@@ -85,7 +85,7 @@ return array(
'Do you really want to remove this column: "%s"?' => 'Na pewno chcesz usunąć kolumnę: "%s"?',
'This action will REMOVE ALL TASKS associated to this column!' => 'Wszystkie zadania w kolumnie zostaną usunięte!',
'settings' => 'ustawienia',
- 'Application Settings' => 'Ustawienia aplikacji',
+ 'Application settings' => 'Ustawienia aplikacji',
'Language' => 'Język',
'Webhooks token:' => 'Token :',
'More information' => 'Więcej informacji',
@@ -94,7 +94,7 @@ return array(
'Optimize the database' => 'Optymalizuj bazę danych',
'(VACUUM command)' => '(komenda VACUUM)',
'(Gzip compressed Sqlite file)' => '(baza danych spakowana Gzip)',
- 'User Settings' => 'Ustawienia użytkownika',
+ 'User settings' => 'Ustawienia użytkownika',
'My default project:' => 'Mój domyślny projekt:',
'Close a task' => 'Zakończ zadanie',
'Do you really want to close this task: "%s"?' => 'Na pewno chcesz zakończyć to zadanie: "%s"?',
@@ -274,4 +274,14 @@ return array(
'Wrong password' => 'Błędne hasło',
'Reset all tokens' => 'Zresetuj wszystkie tokeny',
'All tokens have been regenerated.' => 'Wszystkie tokeny zostały zresetowane.',
+ // 'Unknown' => '',
+ // 'Last logins' => '',
+ // 'Login date' => '',
+ // 'Authentication method' => '',
+ // 'IP address' => '',
+ // 'User agent' => '',
+ // 'Persistent connections' => '',
+ // 'No session' => '',
+ // 'Expiration date' => '',
+ // 'Remember Me' => '',
);
diff --git a/locales/pt_BR/translations.php b/locales/pt_BR/translations.php
index c5890fa2..b8d80569 100644
--- a/locales/pt_BR/translations.php
+++ b/locales/pt_BR/translations.php
@@ -85,7 +85,7 @@ return array(
'Do you really want to remove this column: "%s"?' => 'Quer realmente remover esta coluna: "%s"?',
'This action will REMOVE ALL TASKS associated to this column!' => 'Esta ação vai REMOVER TODAS AS TAREFAS associadas a esta coluna!',
'settings' => 'preferências',
- 'Application Settings' => 'Preferências da aplicação',
+ 'Application settings' => 'Preferências da aplicação',
'Language' => 'Idioma',
'Webhooks token:' => 'Token de webhooks:',
'More information' => 'Mais informação',
@@ -94,7 +94,7 @@ return array(
'Optimize the database' => 'Otimizar o banco de dados',
'(VACUUM command)' => '(Comando VACUUM)',
'(Gzip compressed Sqlite file)' => '(Arquivo Sqlite comprimido com Gzip)',
- 'User Settings' => 'Configurações do usuário',
+ 'User settings' => 'Configurações do usuário',
'My default project:' => 'Meu projeto default:',
'Close a task' => 'Encerrar uma tarefa',
'Do you really want to close this task: "%s"?' => 'Quer realmente encerrar esta tarefa: "%s"?',
@@ -270,4 +270,14 @@ return array(
// 'Wrong password' => '',
// 'Reset all tokens' => '',
// 'All tokens have been regenerated.' => '',
+ // 'Unknown' => '',
+ // 'Last logins' => '',
+ // 'Login date' => '',
+ // 'Authentication method' => '',
+ // 'IP address' => '',
+ // 'User agent' => '',
+ // 'Persistent connections' => '',
+ // 'No session' => '',
+ // 'Expiration date' => '',
+ // 'Remember Me' => '',
);
diff --git a/models/acl.php b/models/acl.php
index ea7dd5cb..c8a39ee4 100644
--- a/models/acl.php
+++ b/models/acl.php
@@ -4,16 +4,32 @@ namespace Model;
require_once __DIR__.'/base.php';
+/**
+ * Acl model
+ *
+ * @package model
+ * @author Frederic Guillot
+ */
class Acl extends Base
{
- // Controllers and actions allowed from outside
+ /**
+ * Controllers and actions allowed from outside
+ *
+ * @access private
+ * @var array
+ */
private $public_actions = array(
'user' => array('login', 'check'),
'task' => array('add'),
'board' => array('readonly'),
);
- // Controllers and actions allowed for regular users
+ /**
+ * Controllers and actions allowed for regular users
+ *
+ * @access private
+ * @var array
+ */
private $user_actions = array(
'app' => array('index'),
'board' => array('index', 'show', 'assign', 'assigntask', 'save'),
@@ -21,10 +37,18 @@ class Acl extends Base
'task' => array('show', 'create', 'save', 'edit', 'update', 'close', 'confirmclose', 'open', 'confirmopen', 'description', 'duplicate'),
'comment' => array('save', 'confirm', 'remove', 'update', 'edit'),
'user' => array('index', 'edit', 'update', 'forbidden', 'logout', 'index'),
- 'config' => array('index'),
+ 'config' => array('index', 'removeremembermetoken'),
);
- // Return true if the specified controller/action is allowed according to the given acl
+ /**
+ * Return true if the specified controller/action is allowed according to the given acl
+ *
+ * @access public
+ * @param array $acl Acl list
+ * @param string $controller Controller name
+ * @param string $action Action name
+ * @return bool
+ */
public function isAllowedAction(array $acl, $controller, $action)
{
if (isset($acl[$controller])) {
@@ -34,37 +58,100 @@ class Acl extends Base
return false;
}
- // Return true if the given action is public
+ /**
+ * Return true if the given action is public
+ *
+ * @access public
+ * @param string $controller Controller name
+ * @param string $action Action name
+ * @return bool
+ */
public function isPublicAction($controller, $action)
{
return $this->isAllowedAction($this->public_actions, $controller, $action);
}
- // Return true if the given action is allowed for a regular user
+ /**
+ * Return true if the given action is allowed for a regular user
+ *
+ * @access public
+ * @param string $controller Controller name
+ * @param string $action Action name
+ * @return bool
+ */
public function isUserAction($controller, $action)
{
return $this->isAllowedAction($this->user_actions, $controller, $action);
}
- // Return true if the logged user is admin
+ /**
+ * Return true if the logged user is admin
+ *
+ * @access public
+ * @return bool
+ */
public function isAdminUser()
{
- return isset($_SESSION['user']['is_admin']) && $_SESSION['user']['is_admin'] === '1';
+ return isset($_SESSION['user']['is_admin']) && $_SESSION['user']['is_admin'] === true;
}
- // Return true if the logged user is not admin
+ /**
+ * Return true if the logged user is not admin
+ *
+ * @access public
+ * @return bool
+ */
public function isRegularUser()
{
- return isset($_SESSION['user']['is_admin']) && $_SESSION['user']['is_admin'] === '0';
+ return isset($_SESSION['user']['is_admin']) && $_SESSION['user']['is_admin'] === false;
}
- // Get the connected user id
+ /**
+ * Get the connected user id
+ *
+ * @access public
+ * @return bool
+ */
public function getUserId()
{
return isset($_SESSION['user']['id']) ? (int) $_SESSION['user']['id'] : 0;
}
- // Check if an action is allowed for the logged user
+ /**
+ * Check is the user is connected
+ *
+ * @access public
+ * @return bool
+ */
+ public function isLogged()
+ {
+ return ! empty($_SESSION['user']);
+ }
+
+ /**
+ * Check is the user was authenticated with the RememberMe or set the value
+ *
+ * @access public
+ * @param bool $value Set true if the user use the RememberMe
+ * @return bool
+ */
+ public function isRememberMe($value = null)
+ {
+ if ($value !== null) {
+ $_SESSION['is_remember_me'] = $value;
+ }
+
+ return empty($_SESSION['is_remember_me']) ? false : $_SESSION['is_remember_me'];
+ }
+
+ /**
+ * Check if an action is allowed for the logged user
+ *
+ * @access public
+ * @param string $controller Controller name
+ * @param string $action Action name
+ * @return bool
+ */
public function isPageAccessAllowed($controller, $action)
{
return $this->isPublicAction($controller, $action) ||
diff --git a/models/action.php b/models/action.php
index cc8f5cad..a0236eff 100644
--- a/models/action.php
+++ b/models/action.php
@@ -16,7 +16,18 @@ use \SimpleValidator\Validators;
*/
class Action extends Base
{
+ /**
+ * SQL table name for actions
+ *
+ * @var string
+ */
const TABLE = 'actions';
+
+ /**
+ * SQL table name for action parameters
+ *
+ * @var string
+ */
const TABLE_PARAMS = 'action_has_params';
/**
diff --git a/models/base.php b/models/base.php
index 9b5dc67f..70a24321 100644
--- a/models/base.php
+++ b/models/base.php
@@ -54,6 +54,7 @@ abstract class Base
/**
* Generate a random token with different methods: openssl or /dev/urandom or fallback to uniqid()
*
+ * @static
* @access public
* @return string Random token
*/
diff --git a/models/last_login.php b/models/last_login.php
new file mode 100644
index 00000000..96cc6108
--- /dev/null
+++ b/models/last_login.php
@@ -0,0 +1,93 @@
+<?php
+
+namespace Model;
+
+require_once __DIR__.'/base.php';
+
+/**
+ * LastLogin model
+ *
+ * @package model
+ * @author Frederic Guillot
+ */
+class LastLogin extends Base
+{
+ /**
+ * SQL table name
+ *
+ * @var string
+ */
+ const TABLE = 'last_logins';
+
+ /**
+ * Number of connections to keep for history
+ *
+ * @var integer
+ */
+ const NB_LOGINS = 15;
+
+ /**
+ * Authentication methods
+ *
+ * @var string
+ */
+ const AUTH_DATABASE = 'database';
+ const AUTH_REMEMBER_ME = 'remember_me';
+ const AUTH_LDAP = 'ldap';
+ const AUTH_GOOGLE = 'google';
+
+ /**
+ * Create a new record
+ *
+ * @access public
+ * @param string $auth_type Authentication method
+ * @param integer $user_id User id
+ * @param string $ip IP Address
+ * @param string $user_agent User Agent
+ * @return array
+ */
+ public function create($auth_type, $user_id, $ip, $user_agent)
+ {
+ // Cleanup old sessions if necessary
+ $connections = $this->db
+ ->table(self::TABLE)
+ ->eq('user_id', $user_id)
+ ->desc('date_creation')
+ ->findAllByColumn('id');
+
+ if (count($connections) >= self::NB_LOGINS) {
+
+ $this->db->table(self::TABLE)
+ ->eq('user_id', $user_id)
+ ->notin('id', array_slice($connections, 0, self::NB_LOGINS - 1))
+ ->remove();
+ }
+
+ return $this->db
+ ->table(self::TABLE)
+ ->insert(array(
+ 'auth_type' => $auth_type,
+ 'user_id' => $user_id,
+ 'ip' => $ip,
+ 'user_agent' => $user_agent,
+ 'date_creation' => time(),
+ ));
+ }
+
+ /**
+ * Get the last connections for a given user
+ *
+ * @access public
+ * @param integer $user_id User id
+ * @return array
+ */
+ public function getAll($user_id)
+ {
+ return $this->db
+ ->table(self::TABLE)
+ ->eq('user_id', $user_id)
+ ->desc('date_creation')
+ ->columns('id', 'auth_type', 'ip', 'user_agent', 'date_creation')
+ ->findAll();
+ }
+}
diff --git a/models/remember_me.php b/models/remember_me.php
new file mode 100644
index 00000000..2454cc95
--- /dev/null
+++ b/models/remember_me.php
@@ -0,0 +1,336 @@
+<?php
+
+namespace Model;
+
+require_once __DIR__.'/base.php';
+
+/**
+ * RememberMe model
+ *
+ * @package model
+ * @author Frederic Guillot
+ */
+class RememberMe extends Base
+{
+ /**
+ * SQL table name
+ *
+ * @var string
+ */
+ const TABLE = 'remember_me';
+
+ /**
+ * Cookie name
+ *
+ * @var string
+ */
+ const COOKIE_NAME = '__R';
+
+ /**
+ * Expiration (60 days)
+ *
+ * @var integer
+ */
+ const EXPIRATION = 5184000;
+
+ /**
+ * Get a remember me record
+ *
+ * @access public
+ * @param integer $user_id User id
+ * @return mixed
+ */
+ public function find($token, $sequence)
+ {
+ return $this->db
+ ->table(self::TABLE)
+ ->eq('token', $token)
+ ->eq('sequence', $sequence)
+ ->gt('expiration', time())
+ ->findOne();
+ }
+
+ /**
+ * Get all sessions for a given user
+ *
+ * @access public
+ * @param integer $user_id User id
+ * @return array
+ */
+ public function getAll($user_id)
+ {
+ return $this->db
+ ->table(self::TABLE)
+ ->eq('user_id', $user_id)
+ ->desc('date_creation')
+ ->columns('id', 'ip', 'user_agent', 'date_creation', 'expiration')
+ ->findAll();
+ }
+
+ /**
+ * Authenticate the user with the cookie
+ *
+ * @access public
+ * @return bool
+ */
+ public function authenticate()
+ {
+ $credentials = $this->readCookie();
+
+ if ($credentials !== false) {
+
+ $record = $this->find($credentials['token'], $credentials['sequence']);
+
+ if ($record) {
+
+ // Update the sequence
+ $this->writeCookie(
+ $record['token'],
+ $this->update($record['token'], $record['sequence']),
+ $record['expiration']
+ );
+
+ // Create the session
+ $user = new User($this->db, $this->event);
+ $acl = new Acl($this->db, $this->event);
+
+ $user->updateSession($user->getById($record['user_id']));
+ $acl->isRememberMe(true);
+
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ /**
+ * Update the database and the cookie with a new sequence
+ *
+ * @access public
+ */
+ public function refresh()
+ {
+ $credentials = $this->readCookie();
+
+ if ($credentials !== false) {
+
+ $record = $this->find($credentials['token'], $credentials['sequence']);
+
+ if ($record) {
+
+ // Update the sequence
+ $this->writeCookie(
+ $record['token'],
+ $this->update($record['token'], $record['sequence']),
+ $record['expiration']
+ );
+ }
+ }
+ }
+
+ /**
+ * Remove a session record
+ *
+ * @access public
+ * @param integer $session_id Session id
+ * @return mixed
+ */
+ public function remove($session_id)
+ {
+ return $this->db
+ ->table(self::TABLE)
+ ->eq('id', $session_id)
+ ->remove();
+ }
+
+ /**
+ * Remove the current RememberMe session and the cookie
+ *
+ * @access public
+ * @param integer $user_id User id
+ */
+ public function destroy($user_id)
+ {
+ $credentials = $this->readCookie();
+
+ if ($credentials !== false) {
+
+ $this->deleteCookie();
+
+ $this->db
+ ->table(self::TABLE)
+ ->eq('user_id', $user_id)
+ ->eq('token', $credentials['token'])
+ ->remove();
+ }
+ }
+
+ /**
+ * Create a new RememberMe session
+ *
+ * @access public
+ * @param integer $user_id User id
+ * @param string $ip IP Address
+ * @param string $user_agent User Agent
+ * @return array
+ */
+ public function create($user_id, $ip, $user_agent)
+ {
+ $token = hash('sha256', $user_id.$user_agent.$ip.$this->generateToken());
+ $sequence = $this->generateToken();
+ $expiration = time() + self::EXPIRATION;
+
+ $this->cleanup($user_id);
+
+ $this->db
+ ->table(self::TABLE)
+ ->insert(array(
+ 'user_id' => $user_id,
+ 'ip' => $ip,
+ 'user_agent' => $user_agent,
+ 'token' => $token,
+ 'sequence' => $sequence,
+ 'expiration' => $expiration,
+ 'date_creation' => time(),
+ ));
+
+ return array(
+ 'token' => $token,
+ 'sequence' => $sequence,
+ 'expiration' => $expiration,
+ );
+ }
+
+ /**
+ * Remove old sessions for a given user
+ *
+ * @access public
+ * @param integer $user_id User id
+ * @return bool
+ */
+ public function cleanup($user_id)
+ {
+ return $this->db
+ ->table(self::TABLE)
+ ->eq('user_id', $user_id)
+ ->lt('expiration', time())
+ ->remove();
+ }
+
+ /**
+ * Return a new sequence token and update the database
+ *
+ * @access public
+ * @param string $token Session token
+ * @param string $sequence Sequence token
+ * @return string
+ */
+ public function update($token, $sequence)
+ {
+ $new_sequence = $this->generateToken();
+
+ $this->db
+ ->table(self::TABLE)
+ ->eq('token', $token)
+ ->eq('sequence', $sequence)
+ ->update(array('sequence' => $new_sequence));
+
+ return $new_sequence;
+ }
+
+ /**
+ * Encode the cookie
+ *
+ * @access public
+ * @param string $token Session token
+ * @param string $sequence Sequence token
+ * @return string
+ */
+ public function encodeCookie($token, $sequence)
+ {
+ return implode('|', array($token, $sequence));
+ }
+
+ /**
+ * Decode the value of a cookie
+ *
+ * @access public
+ * @param string $value Raw cookie data
+ * @return array
+ */
+ public function decodeCookie($value)
+ {
+ list($token, $sequence) = explode('|', $value);
+
+ return array(
+ 'token' => $token,
+ 'sequence' => $sequence,
+ );
+ }
+
+ /**
+ * Return true if the current user has a RememberMe cookie
+ *
+ * @access public
+ * @return bool
+ */
+ public function hasCookie()
+ {
+ return ! empty($_COOKIE[self::COOKIE_NAME]);
+ }
+
+ /**
+ * Write and encode the cookie
+ *
+ * @access public
+ * @param string $token Session token
+ * @param string $sequence Sequence token
+ * @param string $expiration Cookie expiration
+ */
+ public function writeCookie($token, $sequence, $expiration)
+ {
+ setcookie(
+ self::COOKIE_NAME,
+ $this->encodeCookie($token, $sequence),
+ $expiration,
+ BASE_URL_DIRECTORY,
+ null,
+ ! empty($_SERVER['HTTPS']),
+ true
+ );
+ }
+
+ /**
+ * Read and decode the cookie
+ *
+ * @access public
+ * @return mixed
+ */
+ public function readCookie()
+ {
+ if (empty($_COOKIE[self::COOKIE_NAME])) {
+ return false;
+ }
+
+ return $this->decodeCookie($_COOKIE[self::COOKIE_NAME]);
+ }
+
+ /**
+ * Remove the cookie
+ *
+ * @access public
+ */
+ public function deleteCookie()
+ {
+ setcookie(
+ self::COOKIE_NAME,
+ '',
+ time() - 3600,
+ BASE_URL_DIRECTORY,
+ null,
+ ! empty($_SERVER['HTTPS']),
+ true
+ );
+ }
+}
diff --git a/models/user.php b/models/user.php
index 496ae0da..5815b673 100644
--- a/models/user.php
+++ b/models/user.php
@@ -151,6 +151,10 @@ class User extends Base
unset($user['password']);
}
+ $user['id'] = (int) $user['id'];
+ $user['default_project_id'] = (int) $user['default_project_id'];
+ $user['is_admin'] = (bool) $user['is_admin'];
+
$_SESSION['user'] = $user;
}
@@ -274,7 +278,16 @@ class User extends Base
$user = $this->getByUsername($values['username']);
if ($user !== false && \password_verify($values['password'], $user['password'])) {
+
+ // Create the user session
$this->updateSession($user);
+
+ // Setup the remember me feature
+ if (! empty($values['remember_me'])) {
+ $rememberMe = new RememberMe($this->db, $this->event);
+ $credentials = $rememberMe->create($user['id'], $this->getIpAddress(), $this->getUserAgent());
+ $rememberMe->writeCookie($credentials['token'], $credentials['sequence'], $credentials['expiration']);
+ }
}
else {
$result = false;
@@ -287,4 +300,60 @@ class User extends Base
$errors
);
}
+
+ /**
+ * Get the user agent of the connected user
+ *
+ * @access public
+ * @return string
+ */
+ public function getUserAgent()
+ {
+ return empty($_SERVER['HTTP_USER_AGENT']) ? t('Unknown') : $_SERVER['HTTP_USER_AGENT'];
+ }
+
+ /**
+ * Get the real IP address of the connected user
+ *
+ * @access public
+ * @param bool $only_public Return only public IP address
+ * @return string
+ */
+ public function getIpAddress($only_public = false)
+ {
+ $keys = array(
+ 'HTTP_CLIENT_IP',
+ 'HTTP_X_FORWARDED_FOR',
+ 'HTTP_X_FORWARDED',
+ 'HTTP_X_CLUSTER_CLIENT_IP',
+ 'HTTP_FORWARDED_FOR',
+ 'HTTP_FORWARDED',
+ 'REMOTE_ADDR'
+ );
+
+ foreach ($keys as $key) {
+
+ if (isset($_SERVER[$key])) {
+
+ foreach (explode(',', $_SERVER[$key]) as $ip_address) {
+
+ $ip_address = trim($ip_address);
+
+ if ($only_public) {
+
+ // Return only public IP address
+ if (filter_var($ip_address, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) !== false) {
+ return $ip_address;
+ }
+ }
+ else {
+
+ return $ip_address;
+ }
+ }
+ }
+ }
+
+ return t('Unknown');
+ }
}
diff --git a/schemas/mysql.php b/schemas/mysql.php
index cdd497e3..245232bd 100644
--- a/schemas/mysql.php
+++ b/schemas/mysql.php
@@ -2,6 +2,38 @@
namespace Schema;
+function version_12($pdo)
+{
+ $pdo->exec("
+ CREATE TABLE remember_me (
+ id INT NOT NULL AUTO_INCREMENT,
+ user_id INT,
+ ip VARCHAR(40),
+ user_agent VARCHAR(255),
+ token VARCHAR(255),
+ sequence VARCHAR(255),
+ expiration INT,
+ date_creation INT,
+ FOREIGN KEY(user_id) REFERENCES users(id) ON DELETE CASCADE,
+ PRIMARY KEY (id)
+ ) ENGINE=InnoDB CHARSET=utf8"
+ );
+
+ $pdo->exec("
+ CREATE TABLE last_logins (
+ id INT NOT NULL AUTO_INCREMENT,
+ auth_type VARCHAR(25),
+ user_id INT,
+ ip VARCHAR(40),
+ user_agent VARCHAR(255),
+ date_creation INT,
+ FOREIGN KEY(user_id) REFERENCES users(id) ON DELETE CASCADE,
+ PRIMARY KEY (id),
+ INDEX (user_id)
+ ) ENGINE=InnoDB CHARSET=utf8"
+ );
+}
+
function version_11($pdo)
{
}
diff --git a/schemas/sqlite.php b/schemas/sqlite.php
index 26ae09f7..4a69751c 100644
--- a/schemas/sqlite.php
+++ b/schemas/sqlite.php
@@ -2,6 +2,37 @@
namespace Schema;
+function version_12($pdo)
+{
+ $pdo->exec(
+ 'CREATE TABLE remember_me (
+ id INTEGER PRIMARY KEY,
+ user_id INTEGER,
+ ip TEXT,
+ user_agent TEXT,
+ token TEXT,
+ sequence TEXT,
+ expiration INTEGER,
+ date_creation INTEGER,
+ FOREIGN KEY(user_id) REFERENCES users(id) ON DELETE CASCADE
+ )'
+ );
+
+ $pdo->exec(
+ 'CREATE TABLE last_logins (
+ id INTEGER PRIMARY KEY,
+ auth_type TEXT,
+ user_id INTEGER,
+ ip TEXT,
+ user_agent TEXT,
+ date_creation INTEGER,
+ FOREIGN KEY(user_id) REFERENCES users(id) ON DELETE CASCADE
+ )'
+ );
+
+ $pdo->exec('CREATE INDEX last_logins_user_idx ON last_logins(user_id)');
+}
+
function version_11($pdo)
{
$pdo->exec(
diff --git a/templates/config_index.php b/templates/config_index.php
index ba971b61..899a4b0c 100644
--- a/templates/config_index.php
+++ b/templates/config_index.php
@@ -2,7 +2,7 @@
<?php if ($user['is_admin']): ?>
<div class="page-header">
- <h2><?= t('Application Settings') ?></h2>
+ <h2><?= t('Application settings') ?></h2>
</div>
<section>
<form method="post" action="?controller=config&amp;action=save" autocomplete="off">
@@ -55,7 +55,7 @@
<?php endif ?>
<div class="page-header">
- <h2><?= t('User Settings') ?></h2>
+ <h2><?= t('User settings') ?></h2>
</div>
<section class="settings">
<ul>
@@ -66,4 +66,52 @@
</li>
</ul>
</section>
+
+ <div class="page-header" id="last-logins">
+ <h2><?= t('Last logins') ?></h2>
+ </div>
+ <?php if (! empty($last_logins)): ?>
+ <table class="table-small table-hover">
+ <tr>
+ <th><?= t('Login date') ?></th>
+ <th><?= t('Authentication method') ?></th>
+ <th><?= t('IP address') ?></th>
+ <th><?= t('User agent') ?></th>
+ </tr>
+ <?php foreach($last_logins as $login): ?>
+ <tr>
+ <td><?= dt('%B %e, %G at %k:%M %p', $login['date_creation']) ?></td>
+ <td><?= Helper\escape($login['auth_type']) ?></td>
+ <td><?= Helper\escape($login['ip']) ?></td>
+ <td><?= Helper\escape($login['user_agent']) ?></td>
+ </tr>
+ <?php endforeach ?>
+ </table>
+ <?php endif ?>
+
+ <div class="page-header" id="remember-me">
+ <h2><?= t('Persistent connections') ?></h2>
+ </div>
+ <?php if (empty($remember_me_sessions)): ?>
+ <p class="alert alert-info"><?= t('No session') ?></p>
+ <?php else: ?>
+ <table class="table-small table-hover">
+ <tr>
+ <th><?= t('Creation date') ?></th>
+ <th><?= t('Expiration date') ?></th>
+ <th><?= t('IP address') ?></th>
+ <th><?= t('User agent') ?></th>
+ <th><?= t('Action') ?></th>
+ </tr>
+ <?php foreach($remember_me_sessions as $session): ?>
+ <tr>
+ <td><?= dt('%B %e, %G at %k:%M %p', $session['date_creation']) ?></td>
+ <td><?= dt('%B %e, %G at %k:%M %p', $session['expiration']) ?></td>
+ <td><?= Helper\escape($session['ip']) ?></td>
+ <td><?= Helper\escape($session['user_agent']) ?></td>
+ <td><a href="?controller=config&amp;action=removeRememberMeToken&amp;id=<?= $session['id'] ?>"><?= t('Remove') ?></a></td>
+ </tr>
+ <?php endforeach ?>
+ </table>
+ <?php endif ?>
</section>
diff --git a/templates/user_login.php b/templates/user_login.php
index 0bbd48a1..6a805f14 100644
--- a/templates/user_login.php
+++ b/templates/user_login.php
@@ -14,6 +14,8 @@
<?= Helper\form_label(t('Password'), 'password') ?>
<?= Helper\form_password('password', $values, $errors, array('required')) ?>
+ <?= Helper\form_checkbox('remember_me', t('Remember Me'), 1) ?>
+
<div class="form-actions">
<input type="submit" value="<?= t('Sign in') ?>" class="btn btn-blue"/>
</div>
diff --git a/tests/AclTest.php b/tests/AclTest.php
index 566d7245..6b392a28 100644
--- a/tests/AclTest.php
+++ b/tests/AclTest.php
@@ -30,16 +30,16 @@ class AclTest extends Base
$_SESSION = array('user' => array());
$this->assertFalse($acl->isAdminUser());
- $_SESSION = array('user' => array('is_admin' => true));
+ $_SESSION = array('user' => array('is_admin' => '1'));
$this->assertFalse($acl->isAdminUser());
- $_SESSION = array('user' => array('is_admin' => '0'));
+ $_SESSION = array('user' => array('is_admin' => false));
$this->assertFalse($acl->isAdminUser());
$_SESSION = array('user' => array('is_admin' => '2'));
$this->assertFalse($acl->isAdminUser());
- $_SESSION = array('user' => array('is_admin' => '1'));
+ $_SESSION = array('user' => array('is_admin' => true));
$this->assertTrue($acl->isAdminUser());
}
@@ -56,13 +56,13 @@ class AclTest extends Base
$_SESSION = array('user' => array('is_admin' => true));
$this->assertFalse($acl->isRegularUser());
- $_SESSION = array('user' => array('is_admin' => '1'));
+ $_SESSION = array('user' => array('is_admin' => true));
$this->assertFalse($acl->isRegularUser());
$_SESSION = array('user' => array('is_admin' => '2'));
$this->assertFalse($acl->isRegularUser());
- $_SESSION = array('user' => array('is_admin' => '0'));
+ $_SESSION = array('user' => array('is_admin' => false));
$this->assertTrue($acl->isRegularUser());
}
@@ -84,7 +84,7 @@ class AclTest extends Base
$this->assertTrue($acl->isPageAccessAllowed('board', 'readonly'));
// Regular user
- $_SESSION = array('user' => array('is_admin' => '0'));
+ $_SESSION = array('user' => array('is_admin' => false));
$this->assertFalse($acl->isPageAccessAllowed('user', 'create'));
$this->assertFalse($acl->isPageAccessAllowed('user', 'save'));
$this->assertFalse($acl->isPageAccessAllowed('user', 'remove'));
@@ -97,7 +97,7 @@ class AclTest extends Base
$this->assertTrue($acl->isPageAccessAllowed('board', 'readonly'));
// Admin user
- $_SESSION = array('user' => array('is_admin' => '1'));
+ $_SESSION = array('user' => array('is_admin' => true));
$this->assertTrue($acl->isPageAccessAllowed('user', 'create'));
$this->assertTrue($acl->isPageAccessAllowed('user', 'save'));
$this->assertTrue($acl->isPageAccessAllowed('user', 'remove'));