From 1aab14212729c561244196de30243fe920dd0d8b Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Wed, 29 Jun 2016 21:45:28 -0400
Subject: Fixed identical background color for LetterAvatar on 32bits platforms

---
 app/User/Avatar/LetterAvatarProvider.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/User')

diff --git a/app/User/Avatar/LetterAvatarProvider.php b/app/User/Avatar/LetterAvatarProvider.php
index b7a95f41..727f9109 100644
--- a/app/User/Avatar/LetterAvatarProvider.php
+++ b/app/User/Avatar/LetterAvatarProvider.php
@@ -142,7 +142,7 @@ class LetterAvatarProvider extends Base implements AvatarProviderInterface
 
         // Make hash more sensitive for short string like 'a', 'b', 'c'
         $str .= 'x';
-        $max = intval(9007199254740991 / $seed2);
+        $max = intval(PHP_INT_MAX / $seed2);
 
         for ($i = 0, $ilen = mb_strlen($str, 'UTF-8'); $i < $ilen; $i++) {
             if ($hash > $max) {
-- 
cgit v1.2.3


From 43337d58c0be097ca510f2abd1497f13f25bda5b Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Sat, 2 Jul 2016 17:44:45 -0400
Subject: Preserve role for existing users when using ReverseProxy
 authentication

---
 ChangeLog                                 |   1 +
 app/Auth/ReverseProxyAuth.php             |   3 +-
 app/User/ReverseProxyUserProvider.php     |  21 +++++-
 tests/units/Auth/ReverseProxyAuthTest.php | 111 ++++++++++++++++++++++++++++++
 4 files changed, 133 insertions(+), 3 deletions(-)
 create mode 100644 tests/units/Auth/ReverseProxyAuthTest.php

(limited to 'app/User')

diff --git a/ChangeLog b/ChangeLog
index 000400ae..3d2b0aa7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,7 @@ New features:
 
 Improvements:
 
+* Preserve role for existing users when using ReverseProxy authentication
 * Handle priority for task and project duplication
 * Expose task reference field to the user interface
 * Improve ICal export
diff --git a/app/Auth/ReverseProxyAuth.php b/app/Auth/ReverseProxyAuth.php
index b9730c5c..fdf936b1 100644
--- a/app/Auth/ReverseProxyAuth.php
+++ b/app/Auth/ReverseProxyAuth.php
@@ -45,7 +45,8 @@ class ReverseProxyAuth extends Base implements PreAuthenticationProviderInterfac
         $username = $this->request->getRemoteUser();
 
         if (! empty($username)) {
-            $this->userInfo = new ReverseProxyUserProvider($username);
+            $userProfile = $this->userModel->getByUsername($username);
+            $this->userInfo = new ReverseProxyUserProvider($username, $userProfile ?: array());
             return true;
         }
 
diff --git a/app/User/ReverseProxyUserProvider.php b/app/User/ReverseProxyUserProvider.php
index 723b8155..34d2187d 100644
--- a/app/User/ReverseProxyUserProvider.php
+++ b/app/User/ReverseProxyUserProvider.php
@@ -21,15 +21,24 @@ class ReverseProxyUserProvider implements UserProviderInterface
      */
     protected $username = '';
 
+    /**
+     * User profile if the user already exists
+     *
+     * @access protected
+     * @var array
+     */
+    private $userProfile = array();
+
     /**
      * Constructor
      *
      * @access public
      * @param  string $username
      */
-    public function __construct($username)
+    public function __construct($username, array $userProfile = array())
     {
         $this->username = $username;
+        $this->userProfile = $userProfile;
     }
 
     /**
@@ -84,7 +93,15 @@ class ReverseProxyUserProvider implements UserProviderInterface
      */
     public function getRole()
     {
-        return REVERSE_PROXY_DEFAULT_ADMIN === $this->username ? Role::APP_ADMIN : Role::APP_USER;
+        if (REVERSE_PROXY_DEFAULT_ADMIN === $this->username) {
+            return Role::APP_ADMIN;
+        }
+
+        if (isset($this->userProfile['role'])) {
+            return $this->userProfile['role'];
+        }
+
+        return Role::APP_USER;
     }
 
     /**
diff --git a/tests/units/Auth/ReverseProxyAuthTest.php b/tests/units/Auth/ReverseProxyAuthTest.php
new file mode 100644
index 00000000..cdbc247d
--- /dev/null
+++ b/tests/units/Auth/ReverseProxyAuthTest.php
@@ -0,0 +1,111 @@
+<?php
+
+use Kanboard\Auth\ReverseProxyAuth;
+use Kanboard\Core\Security\Role;
+use Kanboard\Model\UserModel;
+
+require_once __DIR__.'/../Base.php';
+
+class ReverseProxyAuthTest extends Base
+{
+    public function setUp()
+    {
+        parent::setUp();
+
+        $this->container['request'] = $this
+            ->getMockBuilder('\Kanboard\Core\Http\Request')
+            ->setConstructorArgs(array($this->container))
+            ->setMethods(array('getRemoteUser'))
+            ->getMock();
+    }
+
+    public function testGetName()
+    {
+        $provider = new ReverseProxyAuth($this->container);
+        $this->assertEquals('ReverseProxy', $provider->getName());
+    }
+
+    public function testAuthenticateSuccess()
+    {
+        $this->container['request']
+            ->expects($this->once())
+            ->method('getRemoteUser')
+            ->will($this->returnValue('admin'));
+
+        $provider = new ReverseProxyAuth($this->container);
+        $this->assertTrue($provider->authenticate());
+    }
+
+    public function testAuthenticateFailure()
+    {
+        $this->container['request']
+            ->expects($this->once())
+            ->method('getRemoteUser')
+            ->will($this->returnValue(''));
+
+        $provider = new ReverseProxyAuth($this->container);
+        $this->assertFalse($provider->authenticate());
+    }
+
+    public function testValidSession()
+    {
+        $this->container['request']
+            ->expects($this->once())
+            ->method('getRemoteUser')
+            ->will($this->returnValue('admin'));
+
+        $this->container['sessionStorage']->user = array(
+            'username' => 'admin'
+        );
+
+        $provider = new ReverseProxyAuth($this->container);
+        $this->assertTrue($provider->isValidSession());
+    }
+
+    public function testInvalidSession()
+    {
+        $this->container['request']
+            ->expects($this->once())
+            ->method('getRemoteUser')
+            ->will($this->returnValue('foobar'));
+
+        $this->container['sessionStorage']->user = array(
+            'username' => 'admin'
+        );
+
+        $provider = new ReverseProxyAuth($this->container);
+        $this->assertFalse($provider->isValidSession());
+    }
+
+    public function testRoleForNewUser()
+    {
+        $this->container['request']
+            ->expects($this->once())
+            ->method('getRemoteUser')
+            ->will($this->returnValue('someone'));
+
+        $provider = new ReverseProxyAuth($this->container);
+        $this->assertTrue($provider->authenticate());
+
+        $user = $provider->getUser();
+        $this->assertEquals(Role::APP_USER, $user->getRole());
+    }
+
+    public function testRoleIsPreservedForExistingUser()
+    {
+        $this->container['request']
+            ->expects($this->once())
+            ->method('getRemoteUser')
+            ->will($this->returnValue('someone'));
+
+        $provider = new ReverseProxyAuth($this->container);
+        $userModel = new UserModel($this->container);
+
+        $this->assertEquals(2, $userModel->create(array('username' => 'someone', 'role' => Role::APP_MANAGER)));
+
+        $this->assertTrue($provider->authenticate());
+
+        $user = $provider->getUser();
+        $this->assertEquals(Role::APP_MANAGER, $user->getRole());
+    }
+}
-- 
cgit v1.2.3


From 3813acf199a5873c6f5f8ff945e8a83ea745b8af Mon Sep 17 00:00:00 2001
From: Frederic Guillot <fred@kanboard.net>
Date: Sun, 10 Jul 2016 22:05:45 -0400
Subject: Fixed compatibility issue with PHP 5.3 for OAuthUserProvider class

---
 ChangeLog                      |  4 ++++
 app/User/OAuthUserProvider.php | 14 +++-----------
 2 files changed, 7 insertions(+), 11 deletions(-)

(limited to 'app/User')

diff --git a/ChangeLog b/ChangeLog
index 9004af40..8074c3d7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,10 @@ Improvements:
 
 * Display TOTP issuer for 2FA
 
+Bug fixes:
+
+* Fixed compatibility issue with PHP 5.3 for OAuthUserProvider class
+
 Version 1.0.31
 --------------
 
diff --git a/app/User/OAuthUserProvider.php b/app/User/OAuthUserProvider.php
index dec26250..e5fedcca 100644
--- a/app/User/OAuthUserProvider.php
+++ b/app/User/OAuthUserProvider.php
@@ -12,14 +12,6 @@ use Kanboard\Core\User\UserProviderInterface;
  */
 abstract class OAuthUserProvider implements UserProviderInterface
 {
-    /**
-     * Get external id column name
-     *
-     * @access public
-     * @return string
-     */
-    abstract public function getExternalIdColumn();
-
     /**
      * User properties
      *
@@ -69,7 +61,7 @@ abstract class OAuthUserProvider implements UserProviderInterface
      */
     public function getExternalId()
     {
-        return $this->user['id'];
+        return isset($this->user['id']) ? $this->user['id'] : '';
     }
 
     /**
@@ -102,7 +94,7 @@ abstract class OAuthUserProvider implements UserProviderInterface
      */
     public function getName()
     {
-        return $this->user['name'];
+        return isset($this->user['name']) ? $this->user['name'] : '';
     }
 
     /**
@@ -113,7 +105,7 @@ abstract class OAuthUserProvider implements UserProviderInterface
      */
     public function getEmail()
     {
-        return $this->user['email'];
+        return isset($this->user['email']) ? $this->user['email'] : '';
     }
 
     /**
-- 
cgit v1.2.3