Code Coverage for /home/runner/work/tao-community/tao-community/generis/core/kernel/users/class.AuthAdapter.php

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	0.00% covered (danger)	0.00%	0 / 24	0.00% covered (danger)	0.00%	0 / 3	CRAP	0.00% covered (danger)	0.00%	0 / 1
core_kernel_users_AuthAdapter	0.00% covered (danger)	0.00%	0 / 24	0.00% covered (danger)	0.00%	0 / 3	56	0.00% covered (danger)	0.00%	0 / 1
getPasswordHash	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 1	2
__construct	0.00% covered (danger)	0.00%	0 / 2	0.00% covered (danger)	0.00%	0 / 1	2
authenticate	0.00% covered (danger)	0.00%	0 / 21	0.00% covered (danger)	0.00%	0 / 1	30

1	<?php
2
3	/**
4	* This program is free software; you can redistribute it and/or
5	* modify it under the terms of the GNU General Public License
6	* as published by the Free Software Foundation; under version 2
7	* of the License (non-upgradable).
8	*
9	* This program is distributed in the hope that it will be useful,
10	* but WITHOUT ANY WARRANTY; without even the implied warranty of
11	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12	* GNU General Public License for more details.
13	*
14	* You should have received a copy of the GNU General Public License
15	* along with this program; if not, write to the Free Software
16	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17	*
18	* Copyright (c) 2017 (original work) Open Assessment Technologies SA (under the project TAO-PRODUCT);
19	*
20	*/
21
22	use oat\generis\model\GenerisRdf;
23	use oat\generis\model\OntologyRdfs;
24	use oat\oatbox\user\auth\LoginAdapter;
25
26	/**
27	* Authentication adapter interface to be implemented by authentication methodes
28	*
29	* @access public
30	* @author Joel Bout, <joel@taotesting.com>
31	* @package generis
32	*/
33	class core_kernel_users_AuthAdapter implements common_user_auth_Adapter
34	{
35	/**
36	* Returns the hashing algorithm defined in generis configuration
37	* use core_kernel_users_Service::getPasswordHash() instead
38	*
39	* @return helpers_PasswordHash
40	* @deprecated
41	*/
42	public static function getPasswordHash()
43	{
44	return core_kernel_users_Service::getPasswordHash();
45	}
46
47	/**
48	* Username to verify
49	*
50	* @var string
51	*/
52	private $username;
53
54	/**
55	* Password to verify
56	*
57	* @var $password
58	*/
59	private $password;
60
61	/**
62	*
63	* @param unknown $login
64	* @param unknown $password
65	*/
66	public function __construct($login, $password)
67	{
68	$this->username = $login;
69	$this->password = $password;
70	}
71
72	/**
73	* (non-PHPdoc)
74	* @see common_user_auth_Adapter::authenticate()
75	*/
76	public function authenticate()
77	{
78
79	$userClass = new core_kernel_classes_Class(GenerisRdf::CLASS_GENERIS_USER);
80	$filters = [GenerisRdf::PROPERTY_USER_LOGIN => $this->username];
81	$options = ['like' => false, 'recursive' => true];
82	$users = $userClass->searchInstances($filters, $options);
83
84
85	if (count($users) > 1) {
86	// Multiple users matching
87	throw new common_exception_InconsistentData(
88	"Multiple Users found with the same login '" . $this->username . "'."
89	);
90	}
91	if (empty($users)) {
92	// fake code execution to prevent timing attacks
93	$label = new core_kernel_classes_Property(OntologyRdfs::RDFS_LABEL);
94	$hash = $label->getUniquePropertyValue($label);
95	if (!core_kernel_users_Service::getPasswordHash()->verify($this->password, $hash)) {
96	throw new core_kernel_users_InvalidLoginException();
97	}
98	// should never happen, added for integrity
99	throw new core_kernel_users_InvalidLoginException();
100	}
101
102	$userResource = current($users);
103	$hash = $userResource->getUniquePropertyValue(
104	new core_kernel_classes_Property(GenerisRdf::PROPERTY_USER_PASSWORD)
105	);
106	if (!core_kernel_users_Service::getPasswordHash()->verify($this->password, $hash)) {
107	throw new core_kernel_users_InvalidLoginException();
108	}
109
110	return new core_kernel_users_GenerisUser($userResource);
111	}
112	}