| 1: | <?php |
| 2: | |
| 3: | |
| 4: | |
| 5: | |
| 6: | |
| 7: | |
| 8: | namespace Aurora\Modules\StandardAuth; |
| 9: | |
| 10: | use Aurora\Modules\StandardAuth\Models\Account; |
| 11: | |
| 12: | |
| 13: | |
| 14: | |
| 15: | |
| 16: | |
| 17: | |
| 18: | |
| 19: | |
| 20: | |
| 21: | |
| 22: | |
| 23: | class Module extends \Aurora\System\Module\AbstractModule |
| 24: | { |
| 25: | public $oApiAccountsManager = null; |
| 26: | |
| 27: | |
| 28: | |
| 29: | |
| 30: | public static function getInstance() |
| 31: | { |
| 32: | return parent::getInstance(); |
| 33: | } |
| 34: | |
| 35: | |
| 36: | |
| 37: | |
| 38: | public static function Decorator() |
| 39: | { |
| 40: | return parent::Decorator(); |
| 41: | } |
| 42: | |
| 43: | |
| 44: | |
| 45: | |
| 46: | public function getModuleSettings() |
| 47: | { |
| 48: | return $this->oModuleSettings; |
| 49: | } |
| 50: | |
| 51: | public function getAccountsManager() |
| 52: | { |
| 53: | if ($this->oApiAccountsManager === null) { |
| 54: | $this->oApiAccountsManager = new Managers\Accounts\Manager($this); |
| 55: | } |
| 56: | |
| 57: | return $this->oApiAccountsManager; |
| 58: | } |
| 59: | |
| 60: | |
| 61: | |
| 62: | |
| 63: | |
| 64: | |
| 65: | |
| 66: | public function init() |
| 67: | { |
| 68: | $this->subscribeEvent('Login', array($this, 'onLogin'), 90); |
| 69: | $this->subscribeEvent('Register', array($this, 'onRegister')); |
| 70: | $this->subscribeEvent('CheckAccountExists', array($this, 'onCheckAccountExists')); |
| 71: | $this->subscribeEvent('Core::DeleteUser::after', array($this, 'onAfterDeleteUser')); |
| 72: | $this->subscribeEvent('Core::GetAccounts', array($this, 'onGetAccounts')); |
| 73: | $this->subscribeEvent('Core::GetAccountUsedToAuthorize', array($this, 'onGetAccountUsedToAuthorize'), 200); |
| 74: | $this->subscribeEvent('StandardResetPassword::ChangeAccountPassword', array($this, 'onChangeAccountPassword')); |
| 75: | |
| 76: | $this->denyMethodCallByWebApi('CreateAccount'); |
| 77: | $this->denyMethodCallByWebApi('SaveAccount'); |
| 78: | } |
| 79: | |
| 80: | |
| 81: | |
| 82: | |
| 83: | |
| 84: | |
| 85: | |
| 86: | public function onLogin($aArgs, &$mResult) |
| 87: | { |
| 88: | $oAccount = $this->getAccountsManager()->getAccountByCredentials( |
| 89: | $aArgs['Login'], |
| 90: | $aArgs['Password'] |
| 91: | ); |
| 92: | |
| 93: | if ($oAccount) { |
| 94: | $mResult = \Aurora\System\UserSession::getTokenData($oAccount, $aArgs['SignMe']); |
| 95: | return true; |
| 96: | } |
| 97: | } |
| 98: | |
| 99: | |
| 100: | |
| 101: | |
| 102: | |
| 103: | |
| 104: | |
| 105: | public function onRegister($aArgs, &$mResult) |
| 106: | { |
| 107: | $mResult = $this->CreateAccount( |
| 108: | 0, |
| 109: | $aArgs['UserId'], |
| 110: | $aArgs['Login'], |
| 111: | $aArgs['Password'] |
| 112: | ); |
| 113: | } |
| 114: | |
| 115: | |
| 116: | |
| 117: | |
| 118: | |
| 119: | |
| 120: | |
| 121: | public function onCheckAccountExists($aArgs) |
| 122: | { |
| 123: | $oAccount = new Models\Account(); |
| 124: | $oAccount->Login = $aArgs['Login']; |
| 125: | if ($this->getAccountsManager()->isExists($oAccount)) { |
| 126: | throw new \Aurora\System\Exceptions\ApiException(\Aurora\System\Notifications::AccountExists); |
| 127: | } |
| 128: | } |
| 129: | |
| 130: | |
| 131: | |
| 132: | |
| 133: | |
| 134: | |
| 135: | |
| 136: | public function onAfterDeleteUser($aArgs, $mResult) |
| 137: | { |
| 138: | if ($mResult) { |
| 139: | Account::where('IdUser', $aArgs['UserId'])->delete(); |
| 140: | } |
| 141: | } |
| 142: | |
| 143: | |
| 144: | |
| 145: | |
| 146: | |
| 147: | |
| 148: | public function onGetAccounts($aArgs, &$aResult) |
| 149: | { |
| 150: | if (isset($aArgs['UserId'])) { |
| 151: | $mResult = $this->getAccountsManager()->getUserAccounts($aArgs['UserId']); |
| 152: | foreach ($mResult as $oItem) { |
| 153: | $aResult[] = [ |
| 154: | 'Type' => $oItem->getName(), |
| 155: | 'Module' => $this->GetName(), |
| 156: | 'Id' => $oItem->Id, |
| 157: | 'Login' => $oItem->Login |
| 158: | ]; |
| 159: | } |
| 160: | } |
| 161: | } |
| 162: | |
| 163: | public function onGetAccountUsedToAuthorize($aArgs, &$mResult) |
| 164: | { |
| 165: | $oAccount = $this->getAccountsManager()->getAccountUsedToAuthorize($aArgs['Login']); |
| 166: | if ($oAccount) { |
| 167: | $mResult = $oAccount; |
| 168: | return true; |
| 169: | } |
| 170: | } |
| 171: | |
| 172: | |
| 173: | |
| 174: | |
| 175: | |
| 176: | |
| 177: | public function onChangeAccountPassword($aArguments, &$mResult) |
| 178: | { |
| 179: | $bPasswordChanged = false; |
| 180: | $bBreakSubscriptions = false; |
| 181: | $oAccount = $aArguments['Account']; |
| 182: | |
| 183: | if ($oAccount instanceof Account && $oAccount->getPassword() === $aArguments['CurrentPassword']) { |
| 184: | $bPasswordChanged = $this->changePassword($oAccount, $aArguments['NewPassword']); |
| 185: | $bBreakSubscriptions = true; |
| 186: | } |
| 187: | |
| 188: | if (is_array($mResult)) { |
| 189: | $mResult['AccountPasswordChanged'] = $mResult['AccountPasswordChanged'] || $bPasswordChanged; |
| 190: | } |
| 191: | |
| 192: | return $bBreakSubscriptions; |
| 193: | } |
| 194: | |
| 195: | protected function changePassword($oAccount, $sNewPassword) |
| 196: | { |
| 197: | $bResult = false; |
| 198: | |
| 199: | if ($oAccount instanceof Account && $sNewPassword) { |
| 200: | $oAccount->setPassword($sNewPassword); |
| 201: | $bResult = $this->getAccountsManager()->updateAccount($oAccount); |
| 202: | } else { |
| 203: | \Aurora\System\Api::LogEvent('password-change-failed: ' . $oAccount->Login, self::GetName()); |
| 204: | throw new \Aurora\System\Exceptions\ApiException(\Aurora\System\Exceptions\Errs::UserManager_AccountNewPasswordRejected); |
| 205: | } |
| 206: | |
| 207: | return $bResult; |
| 208: | } |
| 209: | |
| 210: | |
| 211: | |
| 212: | |
| 213: | |
| 214: | |
| 215: | |
| 216: | |
| 217: | |
| 218: | |
| 219: | |
| 220: | |
| 221: | |
| 222: | |
| 223: | |
| 224: | public function CreateAccount($iTenantId = 0, $iUserId = 0, $sLogin = '', $sPassword = '') |
| 225: | { |
| 226: | \Aurora\System\Api::checkUserRoleIsAtLeast(\Aurora\System\Enums\UserRole::Anonymous); |
| 227: | |
| 228: | $aArgs = array( |
| 229: | 'Login' => $sLogin |
| 230: | ); |
| 231: | $this->broadcastEvent( |
| 232: | 'CheckAccountExists', |
| 233: | $aArgs |
| 234: | ); |
| 235: | |
| 236: | if ($iUserId > 0) { |
| 237: | $oUser = \Aurora\Modules\Core\Module::Decorator()->GetUserWithoutRoleCheck($iUserId); |
| 238: | } else { |
| 239: | $sPublicId = (string)$sLogin; |
| 240: | $bPrevState = \Aurora\System\Api::skipCheckUserRole(true); |
| 241: | $oUser = \Aurora\Modules\Core\Module::Decorator()->GetUserByPublicId($sPublicId); |
| 242: | |
| 243: | if (!$oUser) { |
| 244: | $iUserId = \Aurora\Modules\Core\Module::Decorator()->CreateUser($iTenantId, $sPublicId); |
| 245: | $oUser = \Aurora\Modules\Core\Module::Decorator()->GetUserWithoutRoleCheck($iUserId); |
| 246: | } |
| 247: | \Aurora\System\Api::skipCheckUserRole($bPrevState); |
| 248: | } |
| 249: | |
| 250: | |
| 251: | |
| 252: | |
| 253: | |
| 254: | |
| 255: | |
| 256: | |
| 257: | |
| 258: | |
| 259: | |
| 260: | |
| 261: | |
| 262: | |
| 263: | if ($oUser instanceof \Aurora\Modules\Core\Models\User) { |
| 264: | $oAccount = new Models\Account(); |
| 265: | |
| 266: | $oAccount->IdUser = $oUser->Id; |
| 267: | $oAccount->Login = $sLogin; |
| 268: | $oAccount->setPassword($sPassword); |
| 269: | |
| 270: | if ($this->getAccountsManager()->isExists($oAccount)) { |
| 271: | throw new \Aurora\System\Exceptions\ApiException(\Aurora\System\Notifications::AccountExists); |
| 272: | } |
| 273: | |
| 274: | $this->getAccountsManager()->createAccount($oAccount); |
| 275: | return $oAccount ? array( |
| 276: | 'EntityId' => $oAccount->Id |
| 277: | ) : false; |
| 278: | } else { |
| 279: | throw new \Aurora\System\Exceptions\ApiException(\Aurora\System\Notifications::CanNotCreateAccount); |
| 280: | } |
| 281: | |
| 282: | return false; |
| 283: | } |
| 284: | |
| 285: | |
| 286: | |
| 287: | |
| 288: | |
| 289: | |
| 290: | |
| 291: | public function SaveAccount($oAccount) |
| 292: | { |
| 293: | \Aurora\System\Api::checkUserRoleIsAtLeast(\Aurora\System\Enums\UserRole::Anonymous); |
| 294: | |
| 295: | if ($oAccount instanceof Models\Account) { |
| 296: | $this->getAccountsManager()->createAccount($oAccount); |
| 297: | |
| 298: | return $oAccount ? array( |
| 299: | 'EntityId' => $oAccount->Id |
| 300: | ) : false; |
| 301: | } else { |
| 302: | throw new \Aurora\System\Exceptions\ApiException(\Aurora\System\Notifications::InvalidInputParameter); |
| 303: | } |
| 304: | |
| 305: | return false; |
| 306: | } |
| 307: | |
| 308: | |
| 309: | |
| 310: | |
| 311: | |
| 312: | |
| 313: | |
| 314: | |
| 315: | |
| 316: | |
| 317: | |
| 318: | |
| 319: | |
| 320: | |
| 321: | |
| 322: | |
| 323: | |
| 324: | |
| 325: | |
| 326: | |
| 327: | |
| 328: | |
| 329: | |
| 330: | |
| 331: | |
| 332: | |
| 333: | |
| 334: | |
| 335: | |
| 336: | |
| 337: | |
| 338: | |
| 339: | |
| 340: | |
| 341: | |
| 342: | |
| 343: | |
| 344: | |
| 345: | |
| 346: | |
| 347: | |
| 348: | |
| 349: | |
| 350: | |
| 351: | |
| 352: | |
| 353: | |
| 354: | |
| 355: | |
| 356: | |
| 357: | |
| 358: | |
| 359: | |
| 360: | |
| 361: | |
| 362: | |
| 363: | |
| 364: | |
| 365: | |
| 366: | |
| 367: | |
| 368: | |
| 369: | |
| 370: | public function CreateAuthenticatedUserAccount($TenantId, $Login, $Password) |
| 371: | { |
| 372: | \Aurora\System\Api::checkUserRoleIsAtLeast(\Aurora\System\Enums\UserRole::TenantAdmin); |
| 373: | |
| 374: | $UserId = \Aurora\System\Api::getAuthenticatedUserId(); |
| 375: | $result = false; |
| 376: | |
| 377: | if ($UserId) { |
| 378: | $result = $this->CreateAccount($TenantId, $UserId, $Login, $Password); |
| 379: | } |
| 380: | |
| 381: | return $result; |
| 382: | } |
| 383: | |
| 384: | |
| 385: | |
| 386: | |
| 387: | |
| 388: | |
| 389: | |
| 390: | |
| 391: | |
| 392: | |
| 393: | |
| 394: | |
| 395: | |
| 396: | |
| 397: | |
| 398: | |
| 399: | |
| 400: | |
| 401: | |
| 402: | |
| 403: | |
| 404: | |
| 405: | |
| 406: | |
| 407: | |
| 408: | |
| 409: | |
| 410: | |
| 411: | |
| 412: | |
| 413: | |
| 414: | |
| 415: | |
| 416: | |
| 417: | |
| 418: | |
| 419: | |
| 420: | |
| 421: | |
| 422: | |
| 423: | |
| 424: | |
| 425: | |
| 426: | |
| 427: | |
| 428: | |
| 429: | |
| 430: | |
| 431: | |
| 432: | |
| 433: | |
| 434: | |
| 435: | |
| 436: | |
| 437: | |
| 438: | |
| 439: | |
| 440: | |
| 441: | |
| 442: | |
| 443: | public function UpdateAccount($AccountId = 0, $CurrentPassword = '', $Password = '') |
| 444: | { |
| 445: | \Aurora\System\Api::checkUserRoleIsAtLeast(\Aurora\System\Enums\UserRole::NormalUser); |
| 446: | |
| 447: | $oUser = \Aurora\System\Api::getAuthenticatedUser(); |
| 448: | |
| 449: | if ($AccountId > 0) { |
| 450: | $oAccount = $this->getAccountsManager()->getAccountById($AccountId); |
| 451: | |
| 452: | if (!empty($oAccount)) { |
| 453: | if ($oAccount->IdUser !== $oUser->Id) { |
| 454: | \Aurora\System\Api::checkUserRoleIsAtLeast(\Aurora\System\Enums\UserRole::TenantAdmin); |
| 455: | } |
| 456: | |
| 457: | if ($oUser->Role !== \Aurora\System\Enums\UserRole::SuperAdmin && $oAccount->getPassword() !== $CurrentPassword) { |
| 458: | \Aurora\System\Api::LogEvent('password-change-failed: ' . $oAccount->Login, self::GetName()); |
| 459: | throw new \Aurora\System\Exceptions\ApiException(\Aurora\System\Exceptions\Errs::UserManager_AccountOldPasswordNotCorrect); |
| 460: | } |
| 461: | |
| 462: | $this->changePassword($oAccount, $Password); |
| 463: | } |
| 464: | |
| 465: | return $oAccount ? array('EntityId' => $oAccount->Id) : false; |
| 466: | } else { |
| 467: | throw new \Aurora\System\Exceptions\ApiException(\Aurora\System\Notifications::InvalidInputParameter); |
| 468: | } |
| 469: | |
| 470: | return false; |
| 471: | } |
| 472: | |
| 473: | |
| 474: | |
| 475: | |
| 476: | |
| 477: | |
| 478: | |
| 479: | |
| 480: | |
| 481: | |
| 482: | |
| 483: | |
| 484: | |
| 485: | |
| 486: | |
| 487: | |
| 488: | |
| 489: | |
| 490: | |
| 491: | |
| 492: | |
| 493: | |
| 494: | |
| 495: | |
| 496: | |
| 497: | |
| 498: | |
| 499: | |
| 500: | |
| 501: | |
| 502: | |
| 503: | |
| 504: | |
| 505: | |
| 506: | |
| 507: | |
| 508: | |
| 509: | |
| 510: | |
| 511: | |
| 512: | |
| 513: | |
| 514: | |
| 515: | |
| 516: | |
| 517: | |
| 518: | |
| 519: | |
| 520: | |
| 521: | |
| 522: | |
| 523: | |
| 524: | |
| 525: | |
| 526: | |
| 527: | public function DeleteAccount($AccountId = 0) |
| 528: | { |
| 529: | \Aurora\System\Api::checkUserRoleIsAtLeast(\Aurora\System\Enums\UserRole::NormalUser); |
| 530: | |
| 531: | $oUser = \Aurora\System\Api::getAuthenticatedUser(); |
| 532: | |
| 533: | $bResult = false; |
| 534: | |
| 535: | if ($AccountId > 0) { |
| 536: | $oAccount = $this->getAccountsManager()->getAccountById($AccountId); |
| 537: | |
| 538: | if (!empty($oAccount) && ($oAccount->IdUser === $oUser->Id || |
| 539: | $oUser->Role === \Aurora\System\Enums\UserRole::SuperAdmin || |
| 540: | $oUser->Role === \Aurora\System\Enums\UserRole::TenantAdmin)) { |
| 541: | $bResult = $this->getAccountsManager()->deleteAccount($oAccount); |
| 542: | } |
| 543: | |
| 544: | return $bResult; |
| 545: | } else { |
| 546: | throw new \Aurora\System\Exceptions\ApiException(\Aurora\System\Notifications::InvalidInputParameter); |
| 547: | } |
| 548: | } |
| 549: | |
| 550: | |
| 551: | |
| 552: | |
| 553: | |
| 554: | |
| 555: | |
| 556: | |
| 557: | |
| 558: | |
| 559: | |
| 560: | |
| 561: | |
| 562: | |
| 563: | |
| 564: | |
| 565: | |
| 566: | |
| 567: | |
| 568: | |
| 569: | |
| 570: | |
| 571: | |
| 572: | |
| 573: | |
| 574: | |
| 575: | |
| 576: | |
| 577: | |
| 578: | |
| 579: | |
| 580: | |
| 581: | |
| 582: | |
| 583: | |
| 584: | |
| 585: | |
| 586: | |
| 587: | |
| 588: | |
| 589: | |
| 590: | |
| 591: | |
| 592: | |
| 593: | |
| 594: | |
| 595: | |
| 596: | |
| 597: | |
| 598: | |
| 599: | |
| 600: | |
| 601: | |
| 602: | |
| 603: | public function GetUserAccounts($UserId) |
| 604: | { |
| 605: | \Aurora\System\Api::checkUserRoleIsAtLeast(\Aurora\System\Enums\UserRole::NormalUser); |
| 606: | |
| 607: | $oUser = \Aurora\System\Api::getAuthenticatedUser(); |
| 608: | if ($oUser->isNormalOrTenant() && $oUser->Id != $UserId) { |
| 609: | throw new \Aurora\System\Exceptions\ApiException(\Aurora\System\Notifications::AccessDenied); |
| 610: | } |
| 611: | |
| 612: | $aAccounts = array(); |
| 613: | $mResult = $this->getAccountsManager()->getUserAccounts($UserId); |
| 614: | |
| 615: | foreach ($mResult as $aItem) { |
| 616: | $aAccounts[] = array( |
| 617: | 'id' => $aItem['Id'], |
| 618: | 'login' => $aItem['Login'] |
| 619: | ); |
| 620: | } |
| 621: | |
| 622: | return $aAccounts; |
| 623: | } |
| 624: | |
| 625: | } |
| 626: | |