[Gemstracker-svn] SF.net SVN: gemstracker:[665] trunk/library/classes/Gems/User

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 665
          http://gemstracker.svn.sourceforge.net/gemstracker/?rev=665&view=rev
Author:   mennodekker
Date:     2012-05-04 08:52:10 +0000 (Fri, 04 May 2012)
Log Message:
-----------
Implemented ip-check for organizations, project user can always login

Modified Paths:
--------------
    trunk/library/classes/Gems/User/Organization.php
    trunk/library/classes/Gems/User/User.php

Modified: trunk/library/classes/Gems/User/Organization.php
===================================================================

--- trunk/library/classes/Gems/User/Organization.php	2012-05-04 08:29:55 UTC (rev 664)
+++ trunk/library/classes/Gems/User/Organization.php	2012-05-04 08:52:10 UTC (rev 665)
@@ -153,6 +153,16 @@
     }
 
     /**
+     * Get the allowed_ip_ranges attribute.
+     *
+     * @return string
+     */
+    public function getAllowedIpRanges()
+    {
+        return $this->_get('gor_allowed_ip_ranges');
+    }
+
+    /**
      * Get the organizations this organizations can access.
      *
      * @return array Of type orgId => orgName

Modified: trunk/library/classes/Gems/User/User.php
===================================================================
--- trunk/library/classes/Gems/User/User.php	2012-05-04 08:29:55 UTC (rev 664)
+++ trunk/library/classes/Gems/User/User.php	2012-05-04 08:52:10 UTC (rev 665)
@@ -413,6 +413,7 @@
 
     /**
      * Checks if the user is allowed to login using the current IP address
+     * according to the group he is in
      *
      * An adapter authorizes and if the end resultis boolean, string or array
      * it is converted into a Zend_Auth_Result.
@@ -432,6 +433,33 @@
     }
 
     /**
+     * Checks if the user is allowed to login using the current IP address
+     * according to his BASE organization
+     *
+     * An adapter authorizes and if the end resultis boolean, string or array
+     * it is converted into a Zend_Auth_Result.
+     *
+     * @return mixed Zend_Auth_Adapter_Interface|Zend_Auth_Result|boolean|string|array
+     */
+    protected function authorizeOrgIp()
+    {
+        //In unit test REMOTE_ADDR is not available and will return null
+        $request = Zend_Controller_Front::getInstance()->getRequest();
+        $remoteIp = $request->getServer('REMOTE_ADDR');
+        
+        //special case: project user should have no restriction
+        if ($this->project->getSuperAdminName() == $this->getLoginName()) {
+            return true;
+        }
+
+        if ($this->util->isAllowedIP($remoteIp, $this->getBaseOrganization()->getAllowedIpRanges())) {
+            return true;
+        } else {
+            return $this->translate->_('You are not allowed to login from this location.');
+        }
+    }
+
+    /**
      * True when the current url is one where this user is allowed to login.
      *
      * If the url is a fixed organization url and the user is not allowed to
@@ -1048,6 +1076,10 @@
      */
     protected function loadAuthorizers($password)
     {
+        // organization ip restriction
+        $auths['orgip'] = array($this, 'authorizeOrgIp');
+
+        // group ip restriction
         $auths['ip'] = array($this, 'authorizeIp');
 
         if ($this->isBlockable()) {

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



