Menu
▾
▴
[Gemstracker-svn] SF.net SVN: gemstracker:[224] trunk/library
|
From: <gem...@li...> - 2011-11-16 18:18:19
|
Revision: 224
http://gemstracker.svn.sourceforge.net/gemstracker/?rev=224&view=rev
Author: matijsdejong
Date: 2011-11-16 18:18:12 +0000 (Wed, 16 Nov 2011)
Log Message:
-----------
Obfuscated difference between non-existing user and existing user logon attempts.
Modified Paths:
--------------
trunk/library/classes/Gems/Auth/Adapter/Callback.php
trunk/library/classes/Gems/Auth.php
trunk/library/classes/Gems/Default/IndexAction.php
trunk/library/classes/Gems/User/NoLoginDefinition.php
trunk/library/classes/Gems/User/ProjectUserDefinition.php
trunk/library/languages/default-en.mo
trunk/library/languages/default-en.po
trunk/library/languages/default-nl.mo
trunk/library/languages/default-nl.po
Modified: trunk/library/classes/Gems/Auth/Adapter/Callback.php
===================================================================
--- trunk/library/classes/Gems/Auth/Adapter/Callback.php 2011-11-16 17:52:38 UTC (rev 223)
+++ trunk/library/classes/Gems/Auth/Adapter/Callback.php 2011-11-16 18:18:12 UTC (rev 224)
@@ -2,7 +2,7 @@
/**
* Copyright (c) 2011, Erasmus MC
* All rights reserved.
- *
+ *
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* * Redistributions of source code must retain the above copyright
@@ -13,7 +13,7 @@
* * Neither the name of Erasmus MC nor the
* names of its contributors may be used to endorse or promote products
* derived from this software without specific prior written permission.
- *
+ *
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
@@ -24,7 +24,7 @@
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
+ *
* Short description of file
*
* @package Gems
@@ -82,7 +82,7 @@
if ($result === true) {
$result = new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $this->_identity);
} else {
- $result = new Zend_Auth_Result(Zend_Auth_Result::FAILURE, $this->_identity);
+ $result = new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, $this->_identity);
}
}
return $result;
Modified: trunk/library/classes/Gems/Auth.php
===================================================================
--- trunk/library/classes/Gems/Auth.php 2011-11-16 17:52:38 UTC (rev 223)
+++ trunk/library/classes/Gems/Auth.php 2011-11-16 18:18:12 UTC (rev 224)
@@ -48,9 +48,12 @@
{
/**
* Error constants
+ *
+ * These must be numeric constants smaller than zero for
+ * Zend_Auth_Result to work.
*/
- const ERROR_DATABASE_NOT_INSTALLED = 'notInstalled';
- const ERROR_PASSWORD_DELAY = 'blockedDelay';
+ const ERROR_DATABASE_NOT_INSTALLED = -11;
+ const ERROR_PASSWORD_DELAY = -12;
/**
* @var array Message templates
@@ -71,7 +74,8 @@
*/
public $db;
- public function __construct($db = null) {
+ public function __construct($db = null)
+ {
/**
* Check for an adapter being defined. if not, fetch the default adapter.
*/
@@ -86,13 +90,22 @@
}
}
- private function _error($code, $value1 = null, $value2 = null) {
+ private function _error($code, $value1 = null, $value2 = null)
+ {
$messages = func_get_args();
array_splice($messages, 0, 1, $this->_messageTemplates[$code]);
return new Zend_Auth_Result($code, null, (array) $messages);
}
- public function authenticate(Zend_Auth_Adapter_Interface $adapter, $formValues) {
+ /**
+ * Authenticates against the supplied adapter
+ *
+ * @param Zend_Auth_Adapter_Interface $adapter
+ * @param array $formValues We need information not in the adapter.
+ * @return Zend_Auth_Result
+ */
+ public function authenticate(Zend_Auth_Adapter_Interface $adapter, array $formValues = null)
+ {
try {
$login_name = $formValues['userlogin'];
$organization = $formValues['organization'];
@@ -105,22 +118,23 @@
$values['gula_id_organization'] = $organization;
$values['gula_failed_logins'] = 0;
$values['gula_last_failed'] = null;
+
} elseif ($values['gula_failed_logins'] > 0) {
- // Get the datetime
- $last = new MUtil_Date($values['gula_last_failed'], Zend_Date::ISO_8601);
+ // Get the datetime
+ $last = new MUtil_Date($values['gula_last_failed'], Zend_Date::ISO_8601);
- // How long to wait until we can ignore the previous failed attempt
- $delay = pow($values['gula_failed_logins'], GemsEscort::getInstance()->project->getAccountDelayFactor());
+ // How long to wait until we can ignore the previous failed attempt
+ $delay = pow($values['gula_failed_logins'], GemsEscort::getInstance()->project->getAccountDelayFactor());
- if (abs($last->diffSeconds()) <= $delay) {
- // Response gets slowly slower
- $sleepTime = min($values['gula_failed_logins'], 10);
- sleep($sleepTime);
- $remaining = $delay - abs($last->diffSeconds()) - $sleepTime;
- if ($remaining>0) {
- $result = $this->_error(self::ERROR_PASSWORD_DELAY, $remaining);
- }
+ if (abs($last->diffSeconds()) <= $delay) {
+ // Response gets slowly slower
+ $sleepTime = min($values['gula_failed_logins'], 10);
+ sleep($sleepTime);
+ $remaining = $delay - abs($last->diffSeconds()) - $sleepTime;
+ if ($remaining>0) {
+ $result = $this->_error(self::ERROR_PASSWORD_DELAY, $remaining);
}
+ }
}
} catch (Zend_Db_Exception $e) {
// Fall through as this does not work if the database upgrade did not run
@@ -137,11 +151,12 @@
$values['gula_last_failed'] = null;
} else {
if ($values['gula_failed_logins']) {
+ // MUtil_Echo::track($result->getCode(), self::ERROR_PASSWORD_DELAY);
// Only increment when we have no password delay
- if ($result->getCode() <> self::ERROR_PASSWORD_DELAY) {
+ // if ($result->getCode() <> self::ERROR_PASSWORD_DELAY) {
$values['gula_failed_logins'] += 1;
$values['gula_last_failed'] = new Zend_Db_Expr('CURRENT_TIMESTAMP');
- }
+ // }
} else {
$values['gula_failed_logins'] = 1;
$values['gula_last_failed'] = new Zend_Db_Expr('CURRENT_TIMESTAMP');
@@ -195,7 +210,8 @@
* @param Zend_Auth_Result $result
* @return Zend_Auth_Result
*/
- public function localize($result) {
+ public function localize($result)
+ {
$translate = GemsEscort::getInstance()->translate;
$code = $result->getCode();
$identity = $result->getIdentity();
@@ -210,18 +226,23 @@
*/
switch ($code) {
case Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID:
- $message = $translate->_('Wrong password.');
- break;
+ // $message = $translate->_('Wrong password.');
+ // break;
case Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND:
- $message = $translate->_('Combination of username password not found.');
+ $message = $translate->_('Combination of organization, username and password not found.');
break;
}
- //Now recombine with the others, they will be treated as params
- $messages = array_merge((array) $message, (array) $messages);
- //Now do a sprintf if we have 1 or more params
- if (count($messages)>1) $messages = call_user_func_array('sprintf', $messages);
+ // Recombine with the others if any, they will be treated as params
+ if (count($messages)) {
+ $messages = array_merge((array) $message, (array) $messages);
+ //Now do a sprintf if we have 1 or more params
+ $messages = call_user_func_array('sprintf', $messages);
+ } else {
+ $messages = array($message);
+ }
+
return new Zend_Auth_Result($code, $identity, (array) $messages);
}
}
\ No newline at end of file
Modified: trunk/library/classes/Gems/Default/IndexAction.php
===================================================================
--- trunk/library/classes/Gems/Default/IndexAction.php 2011-11-16 17:52:38 UTC (rev 223)
+++ trunk/library/classes/Gems/Default/IndexAction.php 2011-11-16 18:18:12 UTC (rev 224)
@@ -282,46 +282,44 @@
$user = $this->loader->getUser($request->getParam('userlogin'), $request->getParam('organization'));
- if ($user->isActive()) {
- $formValues = $form->getValues();
- $authResult = $user->authenticate($formValues);
+ // NO!!! DO not test! Otherwise it is easy to test which users exist.
+ // if ($user->isActive()) {
+ $formValues = $form->getValues();
+ $authResult = $user->authenticate($formValues);
- if ($authResult->isValid()) {
+ if ($authResult->isValid()) {
- $user->setAsCurrentUser();
+ $user->setAsCurrentUser();
- $user->afterLogin($form->getValues());
+ $user->afterLogin($form->getValues());
- /**
- * Fix current locale / organization in cookies
- */
- Gems_Cookies::setLocale($user->getLocale(), $this->basepath->getBasePath());
- Gems_Cookies::setOrganization($user->getOrganizationId(), $this->basepath->getBasePath());
+ /**
+ * Fix current locale / organization in cookies
+ */
+ Gems_Cookies::setLocale($user->getLocale(), $this->basepath->getBasePath());
+ Gems_Cookies::setOrganization($user->getOrganizationId(), $this->basepath->getBasePath());
- /**
- * Ready
- */
- $this->addMessage(sprintf($this->_('Login successful, welcome %s.'), $user->getFullName()));
+ /**
+ * Ready
+ */
+ $this->addMessage(sprintf($this->_('Login successful, welcome %s.'), $user->getFullName()));
- /**
- * Log the login
- */
- Gems_AccessLog::getLog($this->db)->log("index.login", $this->getRequest(), null, $user->getUserId(), true);
+ /**
+ * Log the login
+ */
+ Gems_AccessLog::getLog($this->db)->log("index.login", $this->getRequest(), null, $user->getUserId(), true);
- if ($previousRequestParameters = $this->session->previousRequestParameters) {
- $this->_reroute(array('controller' => $previousRequestParameters['controller'], 'action' => $previousRequestParameters['action']), false);
- } else {
- // This reroutes to the first available menu page after login
- $this->_reroute(array('controller' => null, 'action' => null), true);
- }
- return;
+ if ($previousRequestParameters = $this->session->previousRequestParameters) {
+ $this->_reroute(array('controller' => $previousRequestParameters['controller'], 'action' => $previousRequestParameters['action']), false);
} else {
- $errors = $authResult->getMessages();
- $this->addMessage($errors);
+ // This reroutes to the first available menu page after login
+ $this->_reroute(array('controller' => null, 'action' => null), true);
}
+ return;
+ } else {
+ $errors = $authResult->getMessages();
+ $this->addMessage($errors);
}
- } else {
- $errors = $form->getErrors();
}
}
$this->view->form = $form;
Modified: trunk/library/classes/Gems/User/NoLoginDefinition.php
===================================================================
--- trunk/library/classes/Gems/User/NoLoginDefinition.php 2011-11-16 17:52:38 UTC (rev 223)
+++ trunk/library/classes/Gems/User/NoLoginDefinition.php 2011-11-16 18:18:12 UTC (rev 224)
@@ -46,14 +46,14 @@
*/
class Gems_User_NoLoginDefinition extends Gems_User_UserDefinitionAbstract
{
- private function alwaysFalse($params) {
- $result = new Zend_Auth_Result(Zend_Auth_Result::FAILURE, $params['userlogin']);
+ public function alwaysFalse($params)
+ {
return false;
}
-
+
public function getAuthAdapter($formValues)
{
- $adapter = new Gems_Auth_Adapter_Callback(array(get_class(),'alwaysFalse'), $formValues['userlogin'], $formValues);
+ $adapter = new Gems_Auth_Adapter_Callback(array($this,'alwaysFalse'), $formValues['userlogin'], $formValues);
return $adapter;
}
Modified: trunk/library/classes/Gems/User/ProjectUserDefinition.php
===================================================================
--- trunk/library/classes/Gems/User/ProjectUserDefinition.php 2011-11-16 17:52:38 UTC (rev 223)
+++ trunk/library/classes/Gems/User/ProjectUserDefinition.php 2011-11-16 18:18:12 UTC (rev 224)
@@ -54,7 +54,7 @@
public function getAuthAdapter($formValues)
{
- $adapter = new Gems_Auth_Adapter_Callback(array($this->project,'checkSuperAdminPassword'), $formValues['userlogin'], $formValues['password']);
+ $adapter = new Gems_Auth_Adapter_Callback(array($this->project,'checkSuperAdminPassword'), $formValues['userlogin'], array($formValues['password']));
return $adapter;
}
Modified: trunk/library/languages/default-en.mo
===================================================================
(Binary files differ)
Modified: trunk/library/languages/default-en.po
===================================================================
--- trunk/library/languages/default-en.po 2011-11-16 17:52:38 UTC (rev 223)
+++ trunk/library/languages/default-en.po 2011-11-16 18:18:12 UTC (rev 224)
@@ -2,7 +2,7 @@
msgstr ""
"Project-Id-Version: Pulse EN\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2011-11-16 18:30+0100\n"
+"POT-Creation-Date: 2011-11-16 19:09+0100\n"
"PO-Revision-Date: \n"
"Last-Translator: Matijs de Jong <mj...@ma...>\n"
"Language-Team: Erasmus MGZ <mat...@ma...>\n"
@@ -77,13 +77,9 @@
msgid "Database needs to be updated!"
msgstr "Database needs to be updated!"
-#: classes/Gems/Auth.php:225
-msgid "Wrong password."
-msgstr "Wrong password."
-
#: classes/Gems/Auth.php:228
-msgid "Combination of username password not found."
-msgstr "Combination of username password not found."
+msgid "Combination of organization, username and password not found."
+msgstr "Combination of organization, username and password not found."
#: classes/Gems/Html.php:154
msgid "<< First"
@@ -3784,6 +3780,9 @@
msgid "This track can be assigned since %s."
msgstr "This track can be assigned since %s."
+#~ msgid "Wrong password."
+#~ msgstr "Wrong password."
+
#~ msgid "Please update the database"
#~ msgstr "Please update the database"
Modified: trunk/library/languages/default-nl.mo
===================================================================
(Binary files differ)
Modified: trunk/library/languages/default-nl.po
===================================================================
--- trunk/library/languages/default-nl.po 2011-11-16 17:52:38 UTC (rev 223)
+++ trunk/library/languages/default-nl.po 2011-11-16 18:18:12 UTC (rev 224)
@@ -2,7 +2,7 @@
msgstr ""
"Project-Id-Version: Pulse NL\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2011-11-16 18:33+0100\n"
+"POT-Creation-Date: 2011-11-16 19:10+0100\n"
"PO-Revision-Date: \n"
"Last-Translator: Matijs de Jong <mj...@ma...>\n"
"Language-Team: Erasmus MGZ <mat...@ma...>\n"
@@ -77,13 +77,9 @@
msgid "Database needs to be updated!"
msgstr "Database dient ververst te worden!"
-#: classes/Gems/Auth.php:225
-msgid "Wrong password."
-msgstr "Verkeerd wachtwoord."
-
#: classes/Gems/Auth.php:228
-msgid "Combination of username password not found."
-msgstr "Combinatie gebruikersnaam en wachtwoord niet gevonden."
+msgid "Combination of organization, username and password not found."
+msgstr "Combinatie van organisatie, gebruikersnaam en wachtwoord niet gevonden."
#: classes/Gems/Html.php:154
msgid "<< First"
@@ -3784,6 +3780,9 @@
msgid "This track can be assigned since %s."
msgstr "Dit traject kan sinds %s aan een patiënt toegewezen worden."
+#~ msgid "Wrong password."
+#~ msgstr "Verkeerd wachtwoord."
+
#~ msgid "Please update the database"
#~ msgstr "Database moet bijgewerkt worden"
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
