0
0
mirror of https://github.com/salesagility/SuiteCRM.git synced 2024-12-22 20:38:31 +00:00
salesagility_SuiteCRM/modules/Users/authentication/SugarAuthenticate/SugarAuthenticateUser.php
2023-07-18 15:53:09 +01:00

329 lines
11 KiB
PHP
Executable File

<?php
/**
*
* SugarCRM Community Edition is a customer relationship management program developed by
* SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc.
*
* SuiteCRM is an extension to SugarCRM Community Edition developed by SalesAgility Ltd.
* Copyright (C) 2011 - 2018 SalesAgility Ltd.
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU Affero General Public License version 3 as published by the
* Free Software Foundation with the addition of the following permission added
* to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
* IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
* OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
* details.
*
* You should have received a copy of the GNU Affero General Public License along with
* this program; if not, see http://www.gnu.org/licenses or write to the Free
* Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301 USA.
*
* You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
* SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
*
* The interactive user interfaces in modified source and object code versions
* of this program must display Appropriate Legal Notices, as required under
* Section 5 of the GNU Affero General Public License version 3.
*
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
* these Appropriate Legal Notices must retain the display of the "Powered by
* SugarCRM" logo and "Supercharged by SuiteCRM" logo. If the display of the logos is not
* reasonably feasible for technical reasons, the Appropriate Legal Notices must
* display the words "Powered by SugarCRM" and "Supercharged by SuiteCRM".
*/
if (!defined('sugarEntry') || !sugarEntry) {
die('Not A Valid Entry Point');
}
include_once get_custom_file_if_exists('modules/Users/authentication/SugarAuthenticate/FactorAuthFactory.php');
/**
* This file is where the user authentication occurs. No redirection should happen in this file.
*
*/
#[\AllowDynamicProperties]
class SugarAuthenticateUser
{
/**
* Does the actual authentication of the user and returns an id that will be used
* to load the current user (loadUserOnSession)
*
* @param STRING $name
* @param STRING $password
* @param STRING $fallback - is this authentication a fallback from a failed authentication
* @return STRING id - used for loading the user
*/
public function authenticateUser($name, $password, $fallback = false)
{
$row = User::findUserPassword($name, $password, "(portal_only IS NULL OR portal_only !='1') AND (is_group IS NULL OR is_group !='1') AND status !='Inactive'");
// set the ID in the seed user. This can be used for retrieving the full user record later
//if it's falling back on Sugar Authentication after the login failed on an external authentication return empty if the user has external_auth_disabled for them
if (empty($row) || !empty($row['external_auth_only'])) {
return '';
} else {
return $row['id'];
}
}
/**
* Checks if a user is a sugarLogin user
* which implies they should use the sugar authentication to login
*
* @param STRING $name
* @param STRIUNG $password
* @return boolean
*/
public function isSugarLogin($name, $password)
{
$row = User::findUserPassword($name, $password, "(portal_only IS NULL OR portal_only !='1') AND (is_group IS NULL OR is_group !='1') AND status !='Inactive' AND sugar_login=1");
return !empty($row);
}
/**
* this is called when a user logs in
*
* @param STRING $name
* @param STRING $password
* @param STRING $fallback - is this authentication a fallback from a failed authentication
* @return boolean
*/
public function loadUserOnLogin($name, $password, $fallback = false, $PARAMS = array())
{
global $login_error;
$GLOBALS['log']->debug("Starting user load for " . $name);
if (empty($name) || empty($password)) {
return false;
}
$input_hash = $password;
$passwordEncrypted = false;
if (!empty($PARAMS) && isset($PARAMS['passwordEncrypted']) && $PARAMS['passwordEncrypted']) {
$passwordEncrypted = true;
}// if
if (!$passwordEncrypted) {
$input_hash = SugarAuthenticate::encodePassword($password);
} // if
$user_id = $this->authenticateUser($name, $input_hash, $fallback);
if (empty($user_id)) {
$GLOBALS['log']->fatal('SECURITY: User authentication for ' . $name . ' failed');
return false;
}
$this->loadUserOnSession($user_id);
return true;
}
/**
* Loads the current user bassed on the given user_id
*
* @param STRING $user_id
* @return boolean
*/
public function loadUserOnSession($user_id = '')
{
if (!empty($user_id)) {
$_SESSION['authenticated_user_id'] = $user_id;
}
if (!empty($_SESSION['authenticated_user_id']) || !empty($user_id)) {
$GLOBALS['current_user'] = BeanFactory::newBean('Users');
if ($GLOBALS['current_user']->retrieve($_SESSION['authenticated_user_id'])) {
return true;
}
}
return false;
}
/**
* @return bool
*/
public function isUserNeedFactorAuthentication()
{
global $current_user;
$ret = false;
if ($current_user->factor_auth) {
$ret = true;
}
return $ret;
}
/**
* @return bool
*/
public function isUserFactorAuthenticated()
{
$ret = true;
if (!isset($_SESSION['user_factor_authenticated']) || !$_SESSION['user_factor_authenticated']) {
$ret = false;
}
return $ret;
}
/**
* @return bool
*/
public function isUserFactorTokenReceived()
{
$ret = false;
if (isset($_REQUEST['factor_token'])) {
$ret = true;
}
return $ret;
}
public function factorAuthenticateCheck()
{
if ($_SESSION['user_factor_authenticated'] || $_REQUEST['factor_token'] == $_SESSION['factor_token']) {
$_SESSION['user_factor_authenticated'] = true;
} else {
$_SESSION['user_factor_authenticated'] = false;
}
return $_SESSION['user_factor_authenticated'];
}
/**
* @global User $current_user
*/
public function showFactorTokenInput()
{
global $current_user;
$GLOBALS['log']->debug('Redirect to factor token input.....');
$factory = new FactorAuthFactory();
$factorAuth = $factory->getFactorAuth();
if (!$factorAuth->validateTokenMessage()) {
$msg = 'Factor Authentication message is invalid.';
$GLOBALS['log']->warn($msg);
global $app_strings;
SugarApplication::appendErrorMessage($app_strings['ERR_FACTOR_TPL_INVALID']);
SugarAuthenticate::addFactorMessage($app_strings['ERR_FACTOR_TPL_INVALID']);
$factorAuth->showTokenInput();
} else {
$factorAuth->showTokenInput();
}
die();
}
/**
* @return bool
*/
public function isFactorTokenSent()
{
$ret = false;
if (isset($_SESSION['factor_token']) && $_SESSION['factor_token']) {
$ret = true;
}
return $ret;
}
/**
* @return bool
*/
public function sendFactorTokenToUser()
{
global $current_user, $sugar_config;
$ret = true;
$min = 10000;
$max = 99999;
if (function_exists('random_int')) {
$token = random_int($min, $max);
} else {
$token = mt_rand($min, $max);
}
$emailTemplate = BeanFactory::newBean('EmailTemplates');
$emailTemplateId = $sugar_config['passwordsetting']['factoremailtmpl'];
$emailTemplate->retrieve($emailTemplateId);
include_once __DIR__ . '/../../../../include/SugarPHPMailer.php';
$mailer = new SugarPHPMailer();
$mailer->setMailerForSystem();
$emailObj = BeanFactory::newBean('Emails');
$defaults = $emailObj->getSystemDefaultEmail();
$mailer->From = $defaults['email'];
isValidEmailAddress($mailer->From);
$mailer->FromName = $defaults['name'];
$mailer->Subject = from_html($emailTemplate->subject);
$mailer->Body = from_html($emailTemplate->body_html);
$mailer->Body_html = from_html($emailTemplate->body_html);
$mailer->AltBody = from_html($emailTemplate->body);
$mailer->addAddress($current_user->email1, $current_user->full_name);
$mailer->replace('code', $token);
if (!$mailer->send()) {
$ret = false;
$GLOBALS['log']->fatal(
'Email sending for two factor email authentication via Email Code failed. Mailer Error Info: ' .
$mailer->ErrorInfo
);
} else {
$ret = true;
$GLOBALS['log']->debug(
'Token sent to user: ' .
$current_user->id . ', token: ' . $token . ' so we store it in the session'
);
$_SESSION['user_factor_authenticated'] = false;
$_SESSION['factor_token'] = $token;
}
return $ret;
}
/**
*
*/
public function redirectToLogout()
{
$GLOBALS['log']->debug('Session destroy and redirect to logout.....');
session_destroy();
header('Location: index.php?action=Logout&module=Users');
sugar_cleanup(true);
die();
}
/**
* @return bool
*/
public function isUserLogoutRequest()
{
$logout = false;
if (
isset($_REQUEST['module']) && $_REQUEST['module'] == 'Users' &&
isset($_REQUEST['action']) && $_REQUEST['action'] == 'Logout'
) {
$logout = true;
}
return $logout;
}
/**
* Has user has requested to resend the multi/2 factor token?
* @return bool true === yes, false === no
*/
public function isUserRequestedResendToken()
{
return isset($_REQUEST['action']) && $_REQUEST['action'] === 'Resend';
}
}