[Gemstracker-svn] SF.net SVN: gemstracker:[263] trunk/library

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 263
          http://gemstracker.svn.sourceforge.net/gemstracker/?rev=263&view=rev
Author:   michieltcs
Date:     2011-11-22 14:29:43 +0000 (Tue, 22 Nov 2011)
Log Message:
-----------
Refs #307 - added ggp_allowed_ip_ranges, load in Gems_User_User and use in Gems_Auth::authenticate()

Modified Paths:
--------------
    trunk/library/classes/Gems/Auth.php
    trunk/library/classes/Gems/Default/GroupAction.php
    trunk/library/classes/Gems/User/OldStaffUserDefinition.php
    trunk/library/classes/Gems/User/ProjectUserDefinition.php
    trunk/library/classes/Gems/User/StaffUserDefinition.php
    trunk/library/classes/Gems/User/User.php
    trunk/library/configs/db/patches.sql

Modified: trunk/library/classes/Gems/Auth.php
===================================================================

--- trunk/library/classes/Gems/Auth.php	2011-11-22 14:29:03 UTC (rev 262)
+++ trunk/library/classes/Gems/Auth.php	2011-11-22 14:29:43 UTC (rev 263)
@@ -54,13 +54,15 @@
      */
     const ERROR_DATABASE_NOT_INSTALLED     = -11;
     const ERROR_PASSWORD_DELAY             = -12;
+    const ERROR_INVALID_IP                 = -13;
 
     /**
      * @var array Message templates
      */
     protected $_messageTemplates = array(
         self::ERROR_DATABASE_NOT_INSTALLED     => 'Installation not complete! Login is not yet possible!',
-        self::ERROR_PASSWORD_DELAY             => 'Your account is temporarily blocked, please wait %s seconds'
+        self::ERROR_PASSWORD_DELAY             => 'Your account is temporarily blocked, please wait %s seconds',
+        self::ERROR_INVALID_IP                 => 'You are not allowed to login from this location.'
     );
 
     /**
@@ -144,7 +146,12 @@
 
         // We only forward to auth adapter when we have no timeout to prevent hammering the auth system
         if (! isset($result) ) {
-            $result = parent::authenticate($adapter);
+            // Check if the client IP address is within allowed IP ranges
+            if (isset($formValues['allowed_ip_ranges']) && !Gems_Util::isAllowedIP($_SERVER['REMOTE_ADDR'], $formValues['allowed_ip_ranges'])) {
+                $result = $this->_error(self::ERROR_INVALID_IP);
+            } else {
+                $result = parent::authenticate($adapter);
+            }
         }
 
         if ($result->isValid()) {

Modified: trunk/library/classes/Gems/Default/GroupAction.php
===================================================================
--- trunk/library/classes/Gems/Default/GroupAction.php	2011-11-22 14:29:03 UTC (rev 262)
+++ trunk/library/classes/Gems/Default/GroupAction.php	2011-11-22 14:29:43 UTC (rev 263)
@@ -66,6 +66,7 @@
         $bridge->addCheckbox('ggp_group_active');
         $bridge->addCheckbox('ggp_staff_members');
         $bridge->addCheckbox('ggp_respondent_members');
+        $bridge->addText('ggp_allowed_ip_ranges');
     }
 
     /**
@@ -91,6 +92,8 @@
         $model->set('ggp_group_active', 'label', $this->_('Active'), 'multiOptions', $yesNo);
         $model->set('ggp_staff_members', 'label', $this->_('Staff'), 'multiOptions', $yesNo);
         $model->set('ggp_respondent_members', 'label', $this->_('Respondents'), 'multiOptions', $yesNo);
+        
+        $model->set('ggp_allowed_ip_ranges', 'label', $this->_('Allowed IP Ranges'));
 
         Gems_Model::setChangeFieldsByPrefix($model, 'ggp');
 

Modified: trunk/library/classes/Gems/User/OldStaffUserDefinition.php
===================================================================
--- trunk/library/classes/Gems/User/OldStaffUserDefinition.php	2011-11-22 14:29:03 UTC (rev 262)
+++ trunk/library/classes/Gems/User/OldStaffUserDefinition.php	2011-11-22 14:29:43 UTC (rev 263)
@@ -147,7 +147,7 @@
         // For a multi-layout project we need to select the appropriate style too,
         // but as PATCHES may not be in effect we have to try two selects
         $select2 = clone $select;
-        $select2->columns(array('user_style' => 'gor_style'), 'gems__organizations');
+        $select2->columns(array('user_style' => 'gor_style', 'user_allowed_ip_ranges' => 'ggp_allowed_ip_ranges'), 'gems__organizations');
 
         try {
             // Fails before patch has run...

Modified: trunk/library/classes/Gems/User/ProjectUserDefinition.php
===================================================================
--- trunk/library/classes/Gems/User/ProjectUserDefinition.php	2011-11-22 14:29:03 UTC (rev 262)
+++ trunk/library/classes/Gems/User/ProjectUserDefinition.php	2011-11-22 14:29:43 UTC (rev 263)
@@ -76,6 +76,7 @@
             'user_style' => 'gems',
             'user_organization_id'   => $organization,
             'user_organization_name' => 'SUPER ADMIN',
+            'user_allowed_ip_ranges' => '',
             'allowedOrgs' => array($organization => 'SUPER ADMIN')
             );
     }

Modified: trunk/library/classes/Gems/User/StaffUserDefinition.php
===================================================================
--- trunk/library/classes/Gems/User/StaffUserDefinition.php	2011-11-22 14:29:03 UTC (rev 262)
+++ trunk/library/classes/Gems/User/StaffUserDefinition.php	2011-11-22 14:29:43 UTC (rev 263)
@@ -190,7 +190,7 @@
                                           'user_locale'=>'gsf_iso_lang',
                                           'user_logout'=>'gsf_logout_on_survey'))
                ->columns(array('user_name'=>"(concat(coalesce(concat(`gems__staff`.`gsf_first_name`,_utf8' '),_utf8''),coalesce(concat(`gems__staff`.`gsf_surname_prefix`,_utf8' '),_utf8''),coalesce(`gems__staff`.`gsf_last_name`,_utf8'')))"))
-               ->join('gems__groups', 'gsf_id_primary_group = ggp_id_group', array('user_role'=>'ggp_role'))
+               ->join('gems__groups', 'gsf_id_primary_group = ggp_id_group', array('user_role'=>'ggp_role', 'user_allowed_ip_ranges' => 'ggp_allowed_ip_ranges'))
                ->join('gems__organizations', 'gul_id_organization = gor_id_organization',
                        array(
                            'user_organization_id'=>'gor_id_organization',

Modified: trunk/library/classes/Gems/User/User.php
===================================================================
--- trunk/library/classes/Gems/User/User.php	2011-11-22 14:29:03 UTC (rev 262)
+++ trunk/library/classes/Gems/User/User.php	2011-11-22 14:29:43 UTC (rev 263)
@@ -204,6 +204,9 @@
     public function authenticate($formValues)
     {
        $auth = Gems_Auth::getInstance();
+       
+       $formValues['allowed_ip_ranges'] = $this->getAllowedIPRanges();
+       
        $adapter = $this->definition->getAuthAdapter($formValues);
        $authResult = $auth->authenticate($adapter, $formValues);
 
@@ -319,6 +322,16 @@
     {
         return $this->_getVar('user_group');
     }
+    
+    /**
+     * Returns the list of allowed IP ranges (separated by colon)
+     * 
+     * @return string
+     */
+    public function getAllowedIPRanges()
+    {
+        return $this->_getVar('user_allowed_ip_ranges');
+    }
 
     /**
      * The locale set for this user..

Modified: trunk/library/configs/db/patches.sql
===================================================================
--- trunk/library/configs/db/patches.sql	2011-11-22 14:29:03 UTC (rev 262)
+++ trunk/library/configs/db/patches.sql	2011-11-22 14:29:43 UTC (rev 263)
@@ -324,4 +324,7 @@
 
 -- PATCH: Log failed logins
 INSERT INTO  `gems__log_actions` (`glac_id_action`, `glac_name`, `glac_change`, `glac_log`, `glac_created`)
-    VALUES (NULL ,  'loginFail',  '0',  '1', CURRENT_TIMESTAMP);
\ No newline at end of file
+    VALUES (NULL ,  'loginFail',  '0',  '1', CURRENT_TIMESTAMP);
+
+-- PATCH: IP ranges for groups
+ALTER TABLE `gems__groups` ADD `ggp_allowed_ip_ranges` TEXT CHARACTER SET 'utf8' COLLATE 'utf8_general_ci' null AFTER `ggp_respondent_members`;

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



