diff --git a/lib/SP/Bootstrap.php b/lib/SP/Bootstrap.php index 94c84bcb..301669ab 100644 --- a/lib/SP/Bootstrap.php +++ b/lib/SP/Bootstrap.php @@ -630,7 +630,7 @@ class Bootstrap CryptSession::reKey(); // Recargar los permisos del perfil de usuario - $this->session->setUserProfile(Profile::getItem()->getById($this->session->getUserData()->getUserProfileId())); +// $this->session->setUserProfile(Profile::getItem()->getById($this->session->getUserData()->getUserProfileId())); } catch (CryptoException $e) { debugLog($e->getMessage()); diff --git a/lib/SP/Core/Install/Installer.php b/lib/SP/Core/Install/Installer.php index 7900643f..5c5015d1 100644 --- a/lib/SP/Core/Install/Installer.php +++ b/lib/SP/Core/Install/Installer.php @@ -33,6 +33,7 @@ use SP\Core\Exceptions\InvalidArgumentException; use SP\Core\Exceptions\SPException; use SP\Core\Traits\InjectableTrait; use SP\DataModel\InstallData; +use SP\DataModel\ProfileData; use SP\DataModel\UserData; use SP\DataModel\UserGroupData; use SP\DataModel\UserProfileData; @@ -339,6 +340,7 @@ class Installer $userProfileData = new UserProfileData(); $userProfileData->setName('Admin'); + $userProfileData->setProfile(new ProfileData()); // Datos del usuario $userData = new UserData(); diff --git a/lib/SP/Crypt/TemporaryMasterPass.php b/lib/SP/Crypt/TemporaryMasterPass.php index 889bd1e9..c04db010 100644 --- a/lib/SP/Crypt/TemporaryMasterPass.php +++ b/lib/SP/Crypt/TemporaryMasterPass.php @@ -26,12 +26,13 @@ namespace SP\Crypt; use SP\Core\Crypt\Crypt; use SP\Core\Crypt\Hash; +use SP\Core\Crypt\Session as CryptSession; use SP\Core\Events\EventDispatcher; use SP\Core\Session\Session; use SP\Core\Traits\InjectableTrait; use SP\DataModel\Dto\ConfigRequest; use SP\Services\Config\ConfigService; -use SP\Core\Crypt\Session as CryptSession; +use SP\Services\Config\ParameterNotFoundException; use SP\Services\ServiceException; use SP\Util\Util; @@ -80,33 +81,37 @@ class TemporaryMasterPass */ public function check($pass) { - $passMaxTime = (int)$this->configService->getByParam('tempmaster_maxtime'); + try { + $passMaxTime = (int)$this->configService->getByParam('tempmaster_maxtime'); - // Comprobar si el tiempo de validez o los intentos se han superado - if ($passMaxTime === 0 || time() > $passMaxTime) { - $this->expire(); + // Comprobar si el tiempo de validez o los intentos se han superado + if ($passMaxTime === 0 || time() > $passMaxTime) { + $this->expire(); + return false; + } + + $passTime = (int)$this->configService->getByParam('tempmaster_passtime'); + $attempts = (int)$this->configService->getByParam('tempmaster_attempts'); + + if ($attempts >= self::MAX_ATTEMPTS + || (!empty($passTime) && time() > $passMaxTime) + ) { + $this->expire(); + + return false; + } + + $isValid = Hash::checkHashKey($pass, $this->configService->getByParam('tempmaster_passhash')); + + if (!$isValid) { + $this->configService->save('tempmaster_attempts', $attempts + 1); + } + + return $isValid; + } catch (ParameterNotFoundException $e) { return false; } - - $passTime = (int)$this->configService->getByParam('tempmaster_passtime'); - $attempts = (int)$this->configService->getByParam('tempmaster_attempts'); - - if ($attempts >= self::MAX_ATTEMPTS - || (!empty($passTime) && time() > $passMaxTime) - ) { - $this->expire(); - - return false; - } - - $isValid = Hash::checkHashKey($pass, $this->configService->getByParam('tempmaster_passhash')); - - if (!$isValid) { - $this->configService->save('tempmaster_attempts', $attempts + 1); - } - - return $isValid; } /** diff --git a/lib/SP/DataModel/ProfileData.php b/lib/SP/DataModel/ProfileData.php index 8d60b43b..8c17f30a 100644 --- a/lib/SP/DataModel/ProfileData.php +++ b/lib/SP/DataModel/ProfileData.php @@ -31,7 +31,7 @@ defined('APP_ROOT') || die(); * * @package SP\DataModel */ -class ProfileData extends UserProfileData +class ProfileData { /** * @var bool diff --git a/lib/SP/DataModel/UserProfileData.php b/lib/SP/DataModel/UserProfileData.php index 73533bc9..2184d88d 100644 --- a/lib/SP/DataModel/UserProfileData.php +++ b/lib/SP/DataModel/UserProfileData.php @@ -2,8 +2,8 @@ /** * sysPass * - * @author nuxsmin - * @link http://syspass.org + * @author nuxsmin + * @link http://syspass.org * @copyright 2012-2017, Rubén Domínguez nuxsmin@$syspass.org * * This file is part of sysPass. @@ -89,8 +89,8 @@ class UserProfileData extends DataModelBase implements DataModelInterface /** * @param ProfileData $profile */ - public function setProfile($profile) + public function setProfile(ProfileData $profile) { - $this->profile = $profile; + $this->profile = serialize($profile); } } \ No newline at end of file diff --git a/lib/SP/Repositories/UserProfile/UserProfileRepository.php b/lib/SP/Repositories/UserProfile/UserProfileRepository.php index e950897f..33ea5590 100644 --- a/lib/SP/Repositories/UserProfile/UserProfileRepository.php +++ b/lib/SP/Repositories/UserProfile/UserProfileRepository.php @@ -2,8 +2,8 @@ /** * sysPass * - * @author nuxsmin - * @link http://syspass.org + * @author nuxsmin + * @link http://syspass.org * @copyright 2012-2018, Rubén Domínguez nuxsmin@$syspass.org * * This file is part of sysPass. @@ -35,7 +35,6 @@ use SP\Repositories\RepositoryItemInterface; use SP\Repositories\RepositoryItemTrait; use SP\Storage\DbWrapper; use SP\Storage\QueryData; -use SP\Util\Util; /** * Class UserProfileRepository @@ -118,7 +117,7 @@ class UserProfileRepository extends Repository implements RepositoryItemInterfac * Returns the item for given id * * @param int $id - * @return mixed + * @return UserProfileData */ public function getById($id) { @@ -126,27 +125,17 @@ class UserProfileRepository extends Repository implements RepositoryItemInterfac 'SELECT id, name, profile FROM UserProfile WHERE id = ? LIMIT 1'; $Data = new QueryData(); - $Data->setMapClassName(ProfileData::class); + $Data->setMapClassName(UserProfileData::class); $Data->setQuery($query); $Data->addParam($id); - /** - * @var UserProfileData $queryRes - * @var ProfileData $Profile - */ - $queryRes = DbWrapper::getResults($Data, $this->db); - - $Profile = Util::unserialize(ProfileData::class, $queryRes->getProfile()); - $Profile->setId($queryRes->getId()); - $Profile->setName($queryRes->getName()); - - return $Profile; + return DbWrapper::getResults($Data, $this->db); } /** * Returns all the items * - * @return mixed + * @return UserProfileData[] */ public function getAll() { @@ -230,7 +219,7 @@ class UserProfileRepository extends Repository implements RepositoryItemInterfac /** * Creates an item * - * @param ProfileData $itemData + * @param UserProfileData $itemData * @return int * @throws \SP\Core\Exceptions\ConstraintException * @throws \SP\Core\Exceptions\QueryException @@ -250,8 +239,8 @@ class UserProfileRepository extends Repository implements RepositoryItemInterfac $Data = new QueryData(); $Data->setQuery($query); $Data->addParam($itemData->getName()); - $Data->addParam(serialize($itemData)); - $Data->setOnErrorMessage(__('Error al crear perfil', false)); + $Data->addParam($itemData->getProfile()); + $Data->setOnErrorMessage(__u('Error al crear perfil')); DbWrapper::getQuery($Data, $this->db); @@ -261,7 +250,7 @@ class UserProfileRepository extends Repository implements RepositoryItemInterfac /** * Checks whether the item is duplicated on adding * - * @param ProfileData $itemData + * @param UserProfileData $itemData * @return bool * @throws \SP\Core\Exceptions\ConstraintException * @throws \SP\Core\Exceptions\QueryException @@ -285,7 +274,7 @@ class UserProfileRepository extends Repository implements RepositoryItemInterfac /** * Updates an item * - * @param ProfileData $itemData + * @param UserProfileData $itemData * @return bool * @throws SPException * @throws \SP\Core\Exceptions\ConstraintException @@ -303,7 +292,7 @@ class UserProfileRepository extends Repository implements RepositoryItemInterfac $Data = new QueryData(); $Data->setQuery($query); $Data->addParam($itemData->getName()); - $Data->addParam(serialize($itemData)); + $Data->addParam($itemData->getProfile()); $Data->addParam($itemData->getId()); $Data->setOnErrorMessage(__u('Error al modificar perfil')); @@ -319,7 +308,7 @@ class UserProfileRepository extends Repository implements RepositoryItemInterfac /** * Checks whether the item is duplicated on updating * - * @param ProfileData $itemData + * @param UserProfileData $itemData * @return bool * @throws \SP\Core\Exceptions\ConstraintException * @throws \SP\Core\Exceptions\QueryException diff --git a/lib/SP/Services/Auth/LoginService.php b/lib/SP/Services/Auth/LoginService.php index 7d333760..ff1d9c95 100644 --- a/lib/SP/Services/Auth/LoginService.php +++ b/lib/SP/Services/Auth/LoginService.php @@ -305,6 +305,9 @@ class LoginService * @throws SPException * @throws \Psr\Container\ContainerExceptionInterface * @throws \Psr\Container\NotFoundExceptionInterface + * @throws \ReflectionException + * @throws \SP\Core\Dic\ContainerException + * @throws \SP\Services\Config\ParameterNotFoundException */ protected function loadMasterPass() { diff --git a/lib/SP/Services/UserProfile/UserProfileService.php b/lib/SP/Services/UserProfile/UserProfileService.php index d38cabef..2f456fa9 100644 --- a/lib/SP/Services/UserProfile/UserProfileService.php +++ b/lib/SP/Services/UserProfile/UserProfileService.php @@ -27,8 +27,10 @@ namespace SP\Services\UserProfile; use SP\Core\Exceptions\SPException; use SP\Core\Traits\InjectableTrait; use SP\DataModel\ItemSearchData; +use SP\DataModel\ProfileData; use SP\Repositories\UserProfile\UserProfileRepository; use SP\Services\ServiceItemTrait; +use SP\Util\Util; /** * Class UserProfileService @@ -71,7 +73,7 @@ class UserProfileService */ public function getById($id) { - return $this->userProfileRepository->getById($id); + return Util::unserialize(ProfileData::class, $this->userProfileRepository->getById($id)->getProfile()); } /**