mirror of
https://github.com/nuxsmin/sysPass.git
synced 2026-03-14 04:16:54 +01:00
* [ADD] Improved tracking handling.
* [MOD] Improved login process workflow.
This commit is contained in:
nuxsmin
@@ -25,7 +25,6 @@
|
||||
namespace SP\DataModel;
|
||||
|
||||
use SP\Core\Exceptions\InvalidArgumentException;
|
||||
use SP\Core\Exceptions\SPException;
|
||||
|
||||
/**
|
||||
* Class TrackData
|
||||
@@ -152,9 +151,9 @@ class TrackData extends DataModelBase
|
||||
} elseif (strlen($ip) > 4) {
|
||||
$this->ipv6 = $ip;
|
||||
} elseif ($ip === false) {
|
||||
debugLog(sprintf('%s : %s', __('IP inválida', true), $track_ip));
|
||||
debugLog(sprintf('%s : %s', __('IP inválida'), $track_ip));
|
||||
|
||||
throw new InvalidArgumentException(SPException::ERROR, __('IP inválida'), $track_ip);
|
||||
throw new InvalidArgumentException(__u('IP inválida'), InvalidArgumentException::ERROR, $track_ip);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
164
lib/SP/Repositories/Track/TrackRepository.php
Normal file
164
lib/SP/Repositories/Track/TrackRepository.php
Normal file
@@ -0,0 +1,164 @@
|
||||
<?php
|
||||
|
||||
namespace SP\Repositories\Track;
|
||||
|
||||
use SP\DataModel\TrackData;
|
||||
use SP\Repositories\Repository;
|
||||
use SP\Storage\DbWrapper;
|
||||
use SP\Storage\QueryData;
|
||||
|
||||
/**
|
||||
* Class TrackRepository
|
||||
* @package SP\Repositories\Track
|
||||
*/
|
||||
class TrackRepository extends Repository
|
||||
{
|
||||
/**
|
||||
* @param TrackRequest $trackRequest
|
||||
* @return mixed
|
||||
* @throws \SP\Core\Exceptions\ConstraintException
|
||||
* @throws \SP\Core\Exceptions\QueryException
|
||||
*/
|
||||
public function add(TrackRequest $trackRequest)
|
||||
{
|
||||
$query = /** @lang SQL */
|
||||
'INSERT INTO Track SET
|
||||
userId = ?,
|
||||
source = ?,
|
||||
time = UNIX_TIMESTAMP(),
|
||||
ipv4 = ?,
|
||||
ipv6 = ?';
|
||||
|
||||
$queryData = new QueryData();
|
||||
$queryData->setQuery($query);
|
||||
$queryData->addParam($trackRequest->userId);
|
||||
$queryData->addParam($trackRequest->source);
|
||||
$queryData->addParam($trackRequest->getIpv4());
|
||||
$queryData->addParam($trackRequest->getIpv6());
|
||||
$queryData->setOnErrorMessage(__u('Error al crear track'));
|
||||
|
||||
DbWrapper::getQuery($queryData, $this->db);
|
||||
|
||||
return $this->db->getLastId();
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $id int|array
|
||||
* @return mixed
|
||||
* @throws \SP\Core\Exceptions\QueryException
|
||||
* @throws \SP\Core\Exceptions\ConstraintException
|
||||
*/
|
||||
public function delete($id)
|
||||
{
|
||||
$queryData = new QueryData();
|
||||
$queryData->setQuery('DELETE FROM Track WHERE id = ? LIMIT 1');
|
||||
$queryData->addParam($id);
|
||||
$queryData->setOnErrorMessage(__u('Error al eliminar track'));
|
||||
|
||||
DbWrapper::getQuery($queryData, $this->db);
|
||||
|
||||
return $this->db->getNumRows();
|
||||
}
|
||||
|
||||
/**
|
||||
* @param TrackData $itemData
|
||||
* @return bool
|
||||
* @throws \SP\Core\Exceptions\ConstraintException
|
||||
* @throws \SP\Core\Exceptions\QueryException
|
||||
*/
|
||||
public function update(TrackData $itemData)
|
||||
{
|
||||
$query = /** @lang SQL */
|
||||
'UPDATE Track SET
|
||||
track_userId = ?,
|
||||
source = ?,
|
||||
time = UNIX_TIMESTAMP(),
|
||||
ipv4 = ?,
|
||||
ipv6 = ?
|
||||
WHERE id = ? LIMIT 1';
|
||||
|
||||
$queryData = new QueryData();
|
||||
$queryData->setQuery($query);
|
||||
$queryData->addParam($itemData->getUserId());
|
||||
$queryData->addParam($itemData->getSource());
|
||||
$queryData->addParam($itemData->getTrackIpv4Bin());
|
||||
$queryData->addParam($itemData->getTrackIpv6Bin());
|
||||
$queryData->addParam($itemData->getId());
|
||||
$queryData->setOnErrorMessage(__u('Error al actualizar track'));
|
||||
|
||||
return DbWrapper::getQuery($queryData, $this->db);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $id int
|
||||
* @return TrackData
|
||||
*/
|
||||
public function getById($id)
|
||||
{
|
||||
$query = /** @lang SQL */
|
||||
'SELECT id,
|
||||
userId,
|
||||
source,
|
||||
time,
|
||||
ipv4,
|
||||
ipv6
|
||||
FROM Track
|
||||
WHERE id = ? LIMIT 1';
|
||||
|
||||
$queryData = new QueryData();
|
||||
$queryData->setQuery($query);
|
||||
$queryData->addParam($id);
|
||||
$queryData->setMapClassName(TrackData::class);
|
||||
$queryData->setOnErrorMessage(__u('Error al obtener track'));
|
||||
|
||||
return DbWrapper::getResults($queryData, $this->db);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return TrackData[]
|
||||
*/
|
||||
public function getAll()
|
||||
{
|
||||
$query = /** @lang SQL */
|
||||
'SELECT id,
|
||||
userId,
|
||||
source,
|
||||
time,
|
||||
ipv4,
|
||||
ipv6 FROM Track';
|
||||
|
||||
$queryData = new QueryData();
|
||||
$queryData->setQuery($query);
|
||||
$queryData->setMapClassName(TrackData::class);
|
||||
$queryData->setOnErrorMessage(__u('Error al obtener tracks'));
|
||||
|
||||
return DbWrapper::getResultsArray($queryData);
|
||||
}
|
||||
|
||||
/**
|
||||
* Devuelve los tracks de un cliente desde un tiempo y origen determinados
|
||||
*
|
||||
* @param TrackRequest $trackRequest
|
||||
* @return array
|
||||
*/
|
||||
public function getTracksForClientFromTime(TrackRequest $trackRequest)
|
||||
{
|
||||
$query = /** @lang SQL */
|
||||
'SELECT id, userId
|
||||
FROM Track
|
||||
WHERE `time` >= ?
|
||||
AND (ipv4 = ? OR ipv6 = ?)
|
||||
AND `source` = ?';
|
||||
|
||||
$queryData = new QueryData();
|
||||
$queryData->setQuery($query);
|
||||
$queryData->addParam($trackRequest->time);
|
||||
$queryData->addParam($trackRequest->getIpv4());
|
||||
$queryData->addParam($trackRequest->getIpv6());
|
||||
$queryData->addParam($trackRequest->source);
|
||||
$queryData->setMapClassName(TrackData::class);
|
||||
$queryData->setOnErrorMessage(__u('Error al obtener tracks'));
|
||||
|
||||
return DbWrapper::getResultsArray($queryData, $this->db);
|
||||
}
|
||||
}
|
||||
53
lib/SP/Repositories/Track/TrackRequest.php
Normal file
53
lib/SP/Repositories/Track/TrackRequest.php
Normal file
@@ -0,0 +1,53 @@
|
||||
<?php
|
||||
|
||||
namespace SP\Repositories\Track;
|
||||
|
||||
use SP\Core\Exceptions\InvalidArgumentException;
|
||||
|
||||
/**
|
||||
* Class TrackRequest
|
||||
* @package SP\Repositories\Track
|
||||
*/
|
||||
class TrackRequest
|
||||
{
|
||||
public $time;
|
||||
public $source;
|
||||
public $userId;
|
||||
protected $ipv6;
|
||||
protected $ipv4;
|
||||
|
||||
/**
|
||||
* @param string $address
|
||||
* @throws InvalidArgumentException
|
||||
*/
|
||||
public function setTrackIp($address)
|
||||
{
|
||||
$ip = @inet_pton($address);
|
||||
|
||||
if (strlen($ip) === 4) {
|
||||
$this->ipv4 = $ip;
|
||||
} elseif (strlen($ip) > 4) {
|
||||
$this->ipv6 = $ip;
|
||||
} elseif ($ip === false) {
|
||||
debugLog(sprintf('%s : %s', __('IP inválida'), $address));
|
||||
|
||||
throw new InvalidArgumentException(__u('IP inválida'), InvalidArgumentException::ERROR, $address);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @return string
|
||||
*/
|
||||
public function getIpv6()
|
||||
{
|
||||
return $this->ipv6;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return string
|
||||
*/
|
||||
public function getIpv4()
|
||||
{
|
||||
return $this->ipv4;
|
||||
}
|
||||
}
|
||||
47
lib/SP/Services/Auth/LoginResponse.php
Normal file
47
lib/SP/Services/Auth/LoginResponse.php
Normal file
@@ -0,0 +1,47 @@
|
||||
<?php
|
||||
|
||||
namespace SP\Services\Auth;
|
||||
|
||||
/**
|
||||
* Class LoginResponse
|
||||
*
|
||||
* @package SP\Services\Auth
|
||||
*/
|
||||
class LoginResponse
|
||||
{
|
||||
/**
|
||||
* @var int
|
||||
*/
|
||||
private $status;
|
||||
/**
|
||||
* @var string
|
||||
*/
|
||||
private $redirect;
|
||||
|
||||
/**
|
||||
* LoginResponse constructor.
|
||||
* @param int $status
|
||||
* @param string $redirect
|
||||
*/
|
||||
public function __construct($status, $redirect = null)
|
||||
{
|
||||
$this->status = $status;
|
||||
$this->redirect = $redirect;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return int
|
||||
*/
|
||||
public function getStatus()
|
||||
{
|
||||
return $this->status;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return string
|
||||
*/
|
||||
public function getRedirect()
|
||||
{
|
||||
return $this->redirect;
|
||||
}
|
||||
}
|
||||
@@ -27,34 +27,31 @@ namespace SP\Services\Auth;
|
||||
defined('APP_ROOT') || die();
|
||||
|
||||
use Defuse\Crypto\Exception\CryptoException;
|
||||
use SP\Bootstrap;
|
||||
use SP\Config\ConfigData;
|
||||
use SP\Core\Events\Event;
|
||||
use SP\Core\Events\EventMessage;
|
||||
use SP\Core\Exceptions\SPException;
|
||||
use SP\Core\Language;
|
||||
use SP\Core\UI\Theme;
|
||||
use SP\DataModel\TrackData;
|
||||
use SP\DataModel\UserLoginData;
|
||||
use SP\DataModel\UserPreferencesData;
|
||||
use SP\Http\JsonResponse;
|
||||
use SP\Http\Request;
|
||||
use SP\Mgmt\Tracks\Track;
|
||||
use SP\Providers\Auth\Auth;
|
||||
use SP\Providers\Auth\AuthResult;
|
||||
use SP\Providers\Auth\AuthUtil;
|
||||
use SP\Providers\Auth\Browser\BrowserAuthData;
|
||||
use SP\Providers\Auth\Database\DatabaseAuthData;
|
||||
use SP\Providers\Auth\Ldap\LdapAuthData;
|
||||
use SP\Repositories\Track\TrackRequest;
|
||||
use SP\Services\Crypt\TemporaryMasterPassService;
|
||||
use SP\Services\Service;
|
||||
use SP\Services\Track\TrackService;
|
||||
use SP\Services\User\UserLoginRequest;
|
||||
use SP\Services\User\UserPassService;
|
||||
use SP\Services\User\UserService;
|
||||
use SP\Services\UserPassRecover\UserPassRecoverService;
|
||||
use SP\Services\UserProfile\UserProfileService;
|
||||
use SP\Util\HttpUtil;
|
||||
use SP\Util\Json;
|
||||
use SP\Util\Util;
|
||||
|
||||
/**
|
||||
@@ -72,17 +69,10 @@ class LoginService extends Service
|
||||
const STATUS_USER_DISABLED = 3;
|
||||
const STATUS_NEED_OLD_PASS = 5;
|
||||
const STATUS_MAX_ATTEMPTS_EXCEEDED = 6;
|
||||
const STATUS_PASS_RESET = 7;
|
||||
const STATUS_PASS = 0;
|
||||
const STATUS_NONE = 100;
|
||||
|
||||
/**
|
||||
* Tiempo para contador de intentos
|
||||
*/
|
||||
const TIME_TRACKING = 600;
|
||||
const TIME_TRACKING_MAX_ATTEMPTS = 5;
|
||||
|
||||
/**
|
||||
* @var JsonResponse
|
||||
*/
|
||||
protected $jsonResponse;
|
||||
/**
|
||||
* @var UserLoginData
|
||||
*/
|
||||
@@ -103,10 +93,19 @@ class LoginService extends Service
|
||||
* @var Language
|
||||
*/
|
||||
protected $language;
|
||||
/**
|
||||
* @var TrackService
|
||||
*/
|
||||
protected $trackService;
|
||||
/**
|
||||
* @var TrackRequest
|
||||
*/
|
||||
protected $trackRequest;
|
||||
|
||||
/**
|
||||
* @throws \Psr\Container\ContainerExceptionInterface
|
||||
* @throws \Psr\Container\NotFoundExceptionInterface
|
||||
* @throws \SP\Core\Exceptions\InvalidArgumentException
|
||||
*/
|
||||
public function initialize()
|
||||
{
|
||||
@@ -114,132 +113,125 @@ class LoginService extends Service
|
||||
$this->theme = $this->dic->get(Theme::class);
|
||||
$this->userService = $this->dic->get(UserService::class);
|
||||
$this->language = $this->dic->get(Language::class);
|
||||
$this->trackService = $this->dic->get(TrackService::class);
|
||||
|
||||
$this->jsonResponse = new JsonResponse();
|
||||
$this->userLoginData = new UserLoginData();
|
||||
$this->trackRequest = TrackService::getTrackRequest('login');
|
||||
}
|
||||
|
||||
/**
|
||||
* Ejecutar las acciones de login
|
||||
*
|
||||
* @return JsonResponse
|
||||
* @return LoginResponse
|
||||
* @throws AuthException
|
||||
* @throws SPException
|
||||
* @throws \Defuse\Crypto\Exception\EnvironmentIsBrokenException
|
||||
* @throws \Psr\Container\ContainerExceptionInterface
|
||||
* @throws \Psr\Container\NotFoundExceptionInterface
|
||||
* @throws \SP\Core\Exceptions\ConstraintException
|
||||
* @throws \SP\Core\Exceptions\QueryException
|
||||
*/
|
||||
public function doLogin()
|
||||
{
|
||||
$this->userLoginData->setLoginUser(Request::analyze('user'));
|
||||
$this->userLoginData->setLoginPass(Request::analyzeEncrypted('pass'));
|
||||
|
||||
try {
|
||||
// FIXME: add service
|
||||
// $this->checkTracking();
|
||||
$this->trackRequest->userId = $this->userLoginData->getLoginUser();
|
||||
|
||||
$auth = new Auth($this->userLoginData, $this->configData);
|
||||
$this->checkTracking();
|
||||
|
||||
if (($result = $auth->doAuth()) !== false) {
|
||||
// Ejecutar la acción asociada al tipo de autentificación
|
||||
$auth = new Auth($this->userLoginData, $this->configData);
|
||||
|
||||
if (($result = $auth->doAuth()) !== false) {
|
||||
// Ejecutar la acción asociada al tipo de autentificación
|
||||
foreach ($result as $authResult) {
|
||||
/** @var AuthResult $authResult */
|
||||
foreach ($result as $authResult) {
|
||||
if ($authResult->isAuthGranted() === true
|
||||
&& $this->{$authResult->getAuth()}($authResult->getData()) === true) {
|
||||
break;
|
||||
}
|
||||
if ($authResult->isAuthGranted() === true
|
||||
&& $this->{$authResult->getAuth()}($authResult->getData()) === true) {
|
||||
break;
|
||||
}
|
||||
} else {
|
||||
$this->addTracking();
|
||||
|
||||
throw new AuthException(__u('Login incorrecto'), AuthException::INFO, null, self::STATUS_INVALID_LOGIN);
|
||||
}
|
||||
} else {
|
||||
$this->addTracking();
|
||||
|
||||
$this->checkUser();
|
||||
$this->loadMasterPass();
|
||||
$this->setUserSession();
|
||||
$this->loadUserPreferences();
|
||||
$this->cleanUserData();
|
||||
} catch (SPException $e) {
|
||||
processException($e);
|
||||
|
||||
$this->eventDispatcher->notifyEvent('exception', new Event($e));
|
||||
|
||||
$this->jsonResponse->setDescription($e->getMessage());
|
||||
$this->jsonResponse->setStatus($e->getCode());
|
||||
|
||||
Json::returnJson($this->jsonResponse);
|
||||
}
|
||||
|
||||
$forward = Request::getRequestHeaders('X-Forwarded-For');
|
||||
|
||||
if ($forward) {
|
||||
$this->eventDispatcher->notifyEvent('login.info',
|
||||
new Event($this, EventMessage::factory()
|
||||
->addDetail('X-Forwarded-For', $this->configData->isDemoEnabled() ? '***' : $forward))
|
||||
throw new AuthException(
|
||||
__u('Login incorrecto'),
|
||||
AuthException::INFO,
|
||||
__FUNCTION__,
|
||||
self::STATUS_INVALID_LOGIN
|
||||
);
|
||||
}
|
||||
|
||||
// $data = ['url' => 'index.php' . Request::importUrlParamsToGet()];
|
||||
$data = ['url' => 'index.php?r=index'];
|
||||
$this->jsonResponse->setStatus(JsonResponse::JSON_SUCCESS);
|
||||
$this->jsonResponse->setData($data);
|
||||
if (($loginResponse = $this->checkUser())->getStatus() !== self::STATUS_NONE) {
|
||||
return $loginResponse;
|
||||
}
|
||||
|
||||
return $this->jsonResponse;
|
||||
$this->loadMasterPass();
|
||||
$this->setUserSession();
|
||||
$this->loadUserPreferences();
|
||||
$this->cleanUserData();
|
||||
|
||||
return new LoginResponse(self::STATUS_PASS, 'index.php?r=index');
|
||||
}
|
||||
|
||||
/**
|
||||
* Comprobar los intentos de login
|
||||
*
|
||||
* @throws \SP\Services\Auth\AuthException
|
||||
* @throws AuthException
|
||||
* @throws \Psr\Container\ContainerExceptionInterface
|
||||
* @throws \Psr\Container\NotFoundExceptionInterface
|
||||
*/
|
||||
private function checkTracking()
|
||||
{
|
||||
try {
|
||||
$TrackData = new TrackData();
|
||||
$TrackData->setSource('Login');
|
||||
$TrackData->setTrackIp(HttpUtil::getClientAddress());
|
||||
|
||||
$attempts = count(Track::getItem($TrackData)->getTracksForClientFromTime(time() - self::TIME_TRACKING));
|
||||
} catch (SPException $e) {
|
||||
$attempts = count($this->trackService->getTracksForClientFromTime($this->trackRequest));
|
||||
} catch (\Exception $e) {
|
||||
processException($e);
|
||||
|
||||
throw new AuthException(__u('Error interno'), AuthException::ERROR, null, Service::STATUS_INTERNAL_ERROR);
|
||||
}
|
||||
|
||||
if ($attempts >= self::TIME_TRACKING_MAX_ATTEMPTS) {
|
||||
if ($attempts >= TrackService::TIME_TRACKING_MAX_ATTEMPTS) {
|
||||
$this->addTracking();
|
||||
|
||||
$this->eventDispatcher->notifyEvent('login.track.delay',
|
||||
new Event($this, EventMessage::factory()
|
||||
->addDescription(sprintf(__('Intentos excedidos (%d/%d)'), $attempts, self::TIME_TRACKING_MAX_ATTEMPTS))
|
||||
->addDescription(sprintf(__('Intentos excedidos (%d/%d)'), $attempts, TrackService::TIME_TRACKING_MAX_ATTEMPTS))
|
||||
->addDetail(__u('Segundos'), 0.3 * $attempts))
|
||||
);
|
||||
|
||||
sleep(0.3 * $attempts);
|
||||
sleep(TrackService::TIME_SLEEP * $attempts);
|
||||
|
||||
throw new AuthException(__u('Intentos excedidos'), AuthException::INFO, null, self::STATUS_MAX_ATTEMPTS_EXCEEDED);
|
||||
throw new AuthException(
|
||||
__u('Intentos excedidos'),
|
||||
AuthException::INFO,
|
||||
null,
|
||||
self::STATUS_MAX_ATTEMPTS_EXCEEDED
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Añadir un seguimiento
|
||||
*
|
||||
* @throws \SP\Services\Auth\AuthException
|
||||
* @throws AuthException
|
||||
*/
|
||||
private function addTracking()
|
||||
{
|
||||
try {
|
||||
$TrackData = new TrackData();
|
||||
$TrackData->setSource('Login');
|
||||
$TrackData->setTrackIp(HttpUtil::getClientAddress());
|
||||
|
||||
Track::getItem($TrackData)->add();
|
||||
$this->trackService->add($this->trackRequest);
|
||||
|
||||
$this->eventDispatcher->notifyEvent('login.track.add',
|
||||
new Event($this, EventMessage::factory()->addDescription(HttpUtil::getClientAddress(true)))
|
||||
new Event($this, EventMessage::factory()
|
||||
->addDescription(HttpUtil::getClientAddress(true)))
|
||||
);
|
||||
} catch (\Exception $e) {
|
||||
throw new AuthException(
|
||||
__u('Error interno'),
|
||||
AuthException::ERROR,
|
||||
null,
|
||||
Service::STATUS_INTERNAL_ERROR
|
||||
);
|
||||
} catch (SPException $e) {
|
||||
throw new AuthException(__u('Error interno'), AuthException::ERROR, null, Service::STATUS_INTERNAL_ERROR);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -252,6 +244,7 @@ class LoginService extends Service
|
||||
* @throws \Psr\Container\NotFoundExceptionInterface
|
||||
* @throws \SP\Core\Exceptions\ConstraintException
|
||||
* @throws \SP\Core\Exceptions\QueryException
|
||||
* @return LoginResponse
|
||||
*/
|
||||
protected function checkUser()
|
||||
{
|
||||
@@ -268,7 +261,12 @@ class LoginService extends Service
|
||||
|
||||
$this->addTracking();
|
||||
|
||||
throw new AuthException(__u('Usuario deshabilitado'), AuthException::INFO, null, self::STATUS_USER_DISABLED);
|
||||
throw new AuthException(
|
||||
__u('Usuario deshabilitado'),
|
||||
AuthException::INFO,
|
||||
null,
|
||||
self::STATUS_USER_DISABLED
|
||||
);
|
||||
}
|
||||
|
||||
// Comprobar si se ha forzado un cambio de clave
|
||||
@@ -283,11 +281,10 @@ class LoginService extends Service
|
||||
|
||||
$this->dic->get(UserPassRecoverService::class)->add($userLoginResponse->getId(), $hash);
|
||||
|
||||
$this->jsonResponse->setData(['url' => Bootstrap::$WEBURI . '/index.php?u=userPassReset/change/' . $hash]);
|
||||
$this->jsonResponse->setStatus(0);
|
||||
|
||||
Json::returnJson($this->jsonResponse);
|
||||
return new LoginResponse(self::STATUS_PASS_RESET, 'index.php?r=userPassReset/change/' . $hash);
|
||||
}
|
||||
|
||||
return new LoginResponse(self::STATUS_NONE);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -323,7 +320,12 @@ class LoginService extends Service
|
||||
|
||||
$this->addTracking();
|
||||
|
||||
throw new AuthException(__u('Clave maestra incorrecta'), AuthException::INFO, null, self::STATUS_INVALID_MASTER_PASS);
|
||||
throw new AuthException(
|
||||
__u('Clave maestra incorrecta'),
|
||||
AuthException::INFO,
|
||||
null,
|
||||
self::STATUS_INVALID_MASTER_PASS
|
||||
);
|
||||
}
|
||||
|
||||
$this->eventDispatcher->notifyEvent('login.masterPass',
|
||||
@@ -337,7 +339,12 @@ class LoginService extends Service
|
||||
|
||||
$this->addTracking();
|
||||
|
||||
throw new AuthException(__u('Clave maestra incorrecta'), AuthException::INFO, null, self::STATUS_INVALID_MASTER_PASS);
|
||||
throw new AuthException(
|
||||
__u('Clave maestra incorrecta'),
|
||||
AuthException::INFO,
|
||||
null,
|
||||
self::STATUS_INVALID_MASTER_PASS
|
||||
);
|
||||
}
|
||||
|
||||
$this->eventDispatcher->notifyEvent('login.masterPass',
|
||||
@@ -346,21 +353,37 @@ class LoginService extends Service
|
||||
} else {
|
||||
switch ($userPassService->loadUserMPass($this->userLoginData)->getStatus()) {
|
||||
case UserPassService::MPASS_CHECKOLD:
|
||||
throw new AuthException(__u('Es necesaria su clave anterior'), AuthException::INFO, null, self::STATUS_NEED_OLD_PASS);
|
||||
throw new AuthException(
|
||||
__u('Es necesaria su clave anterior'),
|
||||
AuthException::INFO,
|
||||
null,
|
||||
self::STATUS_NEED_OLD_PASS
|
||||
);
|
||||
break;
|
||||
case UserPassService::MPASS_NOTSET:
|
||||
case UserPassService::MPASS_CHANGED:
|
||||
case UserPassService::MPASS_WRONG:
|
||||
$this->addTracking();
|
||||
|
||||
throw new AuthException(__u('La clave maestra no ha sido guardada o es incorrecta'), AuthException::INFO, null, self::STATUS_INVALID_MASTER_PASS);
|
||||
throw new AuthException(
|
||||
__u('La clave maestra no ha sido guardada o es incorrecta'),
|
||||
AuthException::INFO,
|
||||
null,
|
||||
self::STATUS_INVALID_MASTER_PASS
|
||||
);
|
||||
break;
|
||||
}
|
||||
}
|
||||
} catch (CryptoException $e) {
|
||||
$this->eventDispatcher->notifyEvent('exception', new Event($e));
|
||||
|
||||
throw new AuthException(__u('Error interno'), AuthException::ERROR, $e->getMessage(), Service::STATUS_INTERNAL_ERROR);
|
||||
throw new AuthException(
|
||||
__u('Error interno'),
|
||||
AuthException::ERROR,
|
||||
$e->getMessage(),
|
||||
Service::STATUS_INTERNAL_ERROR,
|
||||
$e
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -437,7 +460,12 @@ class LoginService extends Service
|
||||
|
||||
$this->eventDispatcher->notifyEvent('login.auth.ldap', new Event($this, $eventMessage));
|
||||
|
||||
throw new AuthException(__u('Login incorrecto'), AuthException::INFO, null, self::STATUS_INVALID_LOGIN);
|
||||
throw new AuthException(
|
||||
__u('Login incorrecto'),
|
||||
AuthException::INFO,
|
||||
__FUNCTION__,
|
||||
self::STATUS_INVALID_LOGIN
|
||||
);
|
||||
}
|
||||
|
||||
if ($authData->getStatusCode() === 701) {
|
||||
@@ -445,7 +473,12 @@ class LoginService extends Service
|
||||
|
||||
$this->eventDispatcher->notifyEvent('login.auth.ldap', new Event($this, $eventMessage));
|
||||
|
||||
throw new AuthException(__u('Cuenta expirada'), AuthException::INFO, null, self::STATUS_USER_DISABLED);
|
||||
throw new AuthException(
|
||||
__u('Cuenta expirada'),
|
||||
AuthException::INFO,
|
||||
__FUNCTION__,
|
||||
self::STATUS_USER_DISABLED
|
||||
);
|
||||
}
|
||||
|
||||
if ($authData->getStatusCode() === 702) {
|
||||
@@ -453,7 +486,12 @@ class LoginService extends Service
|
||||
|
||||
$this->eventDispatcher->notifyEvent('login.auth.ldap', new Event($this, $eventMessage));
|
||||
|
||||
throw new AuthException(__u('El usuario no tiene grupos asociados'), AuthException::INFO, null, self::STATUS_USER_DISABLED);
|
||||
throw new AuthException(
|
||||
__u('El usuario no tiene grupos asociados'),
|
||||
AuthException::INFO,
|
||||
__FUNCTION__,
|
||||
self::STATUS_USER_DISABLED
|
||||
);
|
||||
}
|
||||
|
||||
if ($authData->isAuthGranted() === false) {
|
||||
@@ -464,7 +502,12 @@ class LoginService extends Service
|
||||
|
||||
$this->eventDispatcher->notifyEvent('login.auth.ldap', new Event($this, $eventMessage));
|
||||
|
||||
throw new AuthException(__u('Error interno'), AuthException::INFO, null, Service::STATUS_INTERNAL_ERROR);
|
||||
throw new AuthException(
|
||||
__u('Error interno'),
|
||||
AuthException::INFO,
|
||||
__FUNCTION__,
|
||||
Service::STATUS_INTERNAL_ERROR
|
||||
);
|
||||
}
|
||||
|
||||
$this->eventDispatcher->notifyEvent('login.auth.ldap',
|
||||
@@ -492,7 +535,13 @@ class LoginService extends Service
|
||||
$this->userService->createOnLogin($userLoginRequest);
|
||||
}
|
||||
} catch (\Exception $e) {
|
||||
throw new AuthException(__u('Error interno'), AuthException::ERROR, null, Service::STATUS_INTERNAL_ERROR, $e);
|
||||
throw new AuthException(
|
||||
__u('Error interno'),
|
||||
AuthException::ERROR,
|
||||
__FUNCTION__,
|
||||
Service::STATUS_INTERNAL_ERROR,
|
||||
$e
|
||||
);
|
||||
}
|
||||
|
||||
return true;
|
||||
@@ -524,7 +573,12 @@ class LoginService extends Service
|
||||
|
||||
$this->eventDispatcher->notifyEvent('login.auth.database', new Event($this, $eventMessage));
|
||||
|
||||
throw new AuthException(__u('Login incorrecto'), AuthException::INFO, null, self::STATUS_INVALID_LOGIN);
|
||||
throw new AuthException(
|
||||
__u('Login incorrecto'),
|
||||
AuthException::INFO,
|
||||
__FUNCTION__,
|
||||
self::STATUS_INVALID_LOGIN
|
||||
);
|
||||
}
|
||||
|
||||
if ($authData->getAuthenticated() === 1) {
|
||||
@@ -560,7 +614,12 @@ class LoginService extends Service
|
||||
|
||||
$this->eventDispatcher->notifyEvent('login.auth.browser', new Event($this, $eventMessage));
|
||||
|
||||
throw new AuthException(__u('Login incorrecto'), AuthException::INFO, null, self::STATUS_INVALID_LOGIN);
|
||||
throw new AuthException(
|
||||
__u('Login incorrecto'),
|
||||
AuthException::INFO,
|
||||
__FUNCTION__,
|
||||
self::STATUS_INVALID_LOGIN
|
||||
);
|
||||
}
|
||||
|
||||
if ($authData->getAuthenticated() === 1 && $this->configData->isAuthBasicAutoLoginEnabled()) {
|
||||
@@ -579,7 +638,13 @@ class LoginService extends Service
|
||||
|
||||
return true;
|
||||
} catch (\Exception $e) {
|
||||
throw new AuthException(__u('Error interno'), AuthException::ERROR, null, Service::STATUS_INTERNAL_ERROR, $e);
|
||||
throw new AuthException(
|
||||
__u('Error interno'),
|
||||
AuthException::ERROR,
|
||||
__FUNCTION__,
|
||||
Service::STATUS_INTERNAL_ERROR,
|
||||
$e
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
113
lib/SP/Services/Track/TrackService.php
Normal file
113
lib/SP/Services/Track/TrackService.php
Normal file
@@ -0,0 +1,113 @@
|
||||
<?php
|
||||
|
||||
namespace SP\Services\Track;
|
||||
|
||||
use SP\DataModel\TrackData;
|
||||
use SP\Repositories\Track\TrackRepository;
|
||||
use SP\Repositories\Track\TrackRequest;
|
||||
use SP\Services\Service;
|
||||
use SP\Util\HttpUtil;
|
||||
|
||||
/**
|
||||
* Class TrackService
|
||||
* @package SP\Services
|
||||
*/
|
||||
class TrackService extends Service
|
||||
{
|
||||
/**
|
||||
* Tiempo para contador de intentos
|
||||
*/
|
||||
const TIME_TRACKING = 600;
|
||||
const TIME_TRACKING_MAX_ATTEMPTS = 5;
|
||||
const TIME_SLEEP = 0.3;
|
||||
|
||||
/**
|
||||
* @var TrackRepository
|
||||
*/
|
||||
protected $trackRepository;
|
||||
|
||||
/**
|
||||
* @param TrackRequest $trackRequest
|
||||
* @return mixed
|
||||
* @throws \SP\Core\Exceptions\ConstraintException
|
||||
* @throws \SP\Core\Exceptions\QueryException
|
||||
*/
|
||||
public function add(TrackRequest $trackRequest)
|
||||
{
|
||||
return $this->trackRepository->add($trackRequest);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $id int|array
|
||||
* @return mixed
|
||||
* @throws \SP\Core\Exceptions\QueryException
|
||||
* @throws \SP\Core\Exceptions\ConstraintException
|
||||
*/
|
||||
public function delete($id)
|
||||
{
|
||||
return $this->trackRepository->delete($id);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param TrackData $itemData
|
||||
* @return bool
|
||||
* @throws \SP\Core\Exceptions\ConstraintException
|
||||
* @throws \SP\Core\Exceptions\QueryException
|
||||
*/
|
||||
public function update(TrackData $itemData)
|
||||
{
|
||||
return $this->trackRepository->update($itemData);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $id int
|
||||
* @return TrackData
|
||||
*/
|
||||
public function getById($id)
|
||||
{
|
||||
return $this->trackRepository->getById($id);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return TrackData[]
|
||||
*/
|
||||
public function getAll()
|
||||
{
|
||||
return $this->trackRepository->getAll();
|
||||
}
|
||||
|
||||
/**
|
||||
* Devuelve los tracks de un cliente desde un tiempo y origen determinados
|
||||
*
|
||||
* @param TrackRequest $trackRequest
|
||||
* @return array
|
||||
*/
|
||||
public function getTracksForClientFromTime(TrackRequest $trackRequest)
|
||||
{
|
||||
return $this->trackRepository->getTracksForClientFromTime($trackRequest);
|
||||
}
|
||||
|
||||
/**
|
||||
* @throws \Psr\Container\ContainerExceptionInterface
|
||||
* @throws \Psr\Container\NotFoundExceptionInterface
|
||||
*/
|
||||
public function initialize()
|
||||
{
|
||||
$this->trackRepository = $this->dic->get(TrackRepository::class);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param $source
|
||||
* @return TrackRequest
|
||||
* @throws \SP\Core\Exceptions\InvalidArgumentException
|
||||
*/
|
||||
public static function getTrackRequest($source)
|
||||
{
|
||||
$trackRequest = new TrackRequest();
|
||||
$trackRequest->time = time() - self::TIME_TRACKING;
|
||||
$trackRequest->setTrackIp(HttpUtil::getClientAddress());
|
||||
$trackRequest->source = $source;
|
||||
|
||||
return $trackRequest;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user