From e9fedf3e5cd63aea4da7a71f6647ee427c62fa49 Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Sat, 5 Dec 2015 20:31:27 -0500
Subject: Rewrite of the authentication and authorization system

---
 app/Api/Auth.php | 35 +++++++++++++++++++++++++++++++----
 1 file changed, 31 insertions(+), 4 deletions(-)

(limited to 'app/Api/Auth.php')

diff --git a/app/Api/Auth.php b/app/Api/Auth.php
index a084d6eb..0a911796 100644
--- a/app/Api/Auth.php
+++ b/app/Api/Auth.php
@@ -3,7 +3,6 @@
 namespace Kanboard\Api;
 
 use JsonRPC\AuthenticationFailure;
-use Symfony\Component\EventDispatcher\Event;
 
 /**
  * Base class
@@ -24,15 +23,43 @@ class Auth extends Base
      */
     public function checkCredentials($username, $password, $class, $method)
     {
-        $this->container['dispatcher']->dispatch('api.bootstrap', new Event);
+        $this->container['dispatcher']->dispatch('app.bootstrap');
 
-        if ($username !== 'jsonrpc' && ! $this->authentication->hasCaptcha($username) && $this->authentication->authenticate($username, $password)) {
+        if ($this->isUserAuthenticated($username, $password)) {
             $this->checkProcedurePermission(true, $method);
             $this->userSession->initialize($this->user->getByUsername($username));
-        } elseif ($username === 'jsonrpc' && $password === $this->config->get('api_token')) {
+        } elseif ($this->isAppAuthenticated($username, $password)) {
             $this->checkProcedurePermission(false, $method);
         } else {
             throw new AuthenticationFailure('Wrong credentials');
         }
     }
+
+    /**
+     * Check user credentials
+     *
+     * @access public
+     * @param  string  $username
+     * @param  string  $password
+     * @return boolean
+     */
+    private function isUserAuthenticated($username, $password)
+    {
+        return $username !== 'jsonrpc' &&
+            ! $this->userLocking->isLocked($username) &&
+            $this->authenticationManager->passwordAuthentication($username, $password);
+    }
+
+    /**
+     * Check administrative credentials
+     *
+     * @access public
+     * @param  string  $username
+     * @param  string  $password
+     * @return boolean
+     */
+    private function isAppAuthenticated($username, $password)
+    {
+        return $username === 'jsonrpc' && $password === $this->config->get('api_token');
+    }
 }
-- 
cgit v1.2.3