local-procs.tcl

Does not contain a contract.

Location:
/packages/acs-authentication/tcl/local-procs.tcl

Related Files

[ hide source ] | [ make this the default ]

File Contents

ad_library {
    Procs for local authentication.

    @author Lars Pind (lars@collaobraid.biz)
    @creation-date 2003-05-13
    @cvs-id $Id: local-procs.tcl,v 1.47.2.8 2022/09/19 13:24:22 antoniop Exp $
}

namespace eval auth {}
namespace eval auth::local {}
namespace eval auth::local::authentication {}
namespace eval auth::local::password {}
namespace eval auth::local::registration {}
namespace eval auth::local::user_info {}
namespace eval auth::local::search {}

#####
#
# auth::local
#
#####

ad_proc -private auth::local::install {} {
    Register local service contract implementations,
    and update the local authority with live information.
} {
    db_transaction {
        # Register the local service contract implementations
        set row(auth_impl_id) [auth::local::authentication::register_impl]
        set row(pwd_impl_id) [auth::local::password::register_impl]
        set row(register_impl_id) [auth::local::registration::register_impl]
        set row(user_info_impl_id) [auth::local::user_info::register_impl]

        # Set the authority pretty-name to be the system name
        set row(pretty_name) [ad_system_name]

        auth::authority::edit \
            -authority_id [auth::authority::local] \
            -array row
    }
}

ad_proc -private auth::local::uninstall {} {
    Unregister the local service contract implementation, and update the
    local authority to reflect that.
} {
    db_transaction {
        # Update the local authority to reflect the loss of the implementations
        set row(auth_impl_id) {}
        set row(pwd_impl_id) {}
        set row(register_impl_id) {}

        auth::authority::edit \
            -authority_id [auth::authority::local] \
            -array row

        # Unregister the implementations
        auth::local::authentication::unregister_impl
        auth::local::password::unregister_impl
        auth::local::registration::unregister_impl
    }
}




#####
#
# auth::local::authentication
#
#####
#
# The 'auth_authentication' service contract implementation
#

ad_proc -private auth::local::authentication::register_impl {} {
    Register the 'local' implementation of the 'auth_authentication' service contract.

    @return impl_id of the newly created implementation.
} {
    set spec {
        contract_name "auth_authentication"
        owner "acs-authentication"
        name "local"
        pretty_name "Local"
        aliases {
            MergeUser auth::local::authentication::MergeUser
            Authenticate auth::local::authentication::Authenticate
            GetParameters auth::local::authentication::GetParameters
        }
    }

    return [acs_sc::impl::new_from_spec -spec $spec]
}

ad_proc -private auth::local::authentication::unregister_impl {} {
    Unregister the 'local' implementation of the 'auth_authentication' service contract.
} {
    acs_sc::impl::delete -contract_name "auth_authentication" -impl_name "local"
}

d_proc -private auth::local::authentication::MergeUser {
    from_user_id
    to_user_id
    {authority_id ""}
} {
    Merge Implementation of local authentication. This will
    merge the names, emails, usernames, permissions, etc
    of the two users to merge.
} {
    ns_log Notice "Starting auth::local::authentication::MergeUser"
    db_transaction {
        ns_log Notice "  Merging user portraits"

        ns_log notice "  Merging username, email and basic info in general"

        set new_username "merged_$from_user_id"
        append new_username "_$to_user_id"

        # Shall we keep the domain for email?
        # Actually, the username 'merged_xxx_yyy'
        # won't be an email, so we will keep it without
        # domain
        set new_email $new_username

        set rel_id [db_string getrelid {}]
        membership_rel::change_state -rel_id $rel_id -state "merged"

        acs_user::update -user_id $from_user_id -username "$new_username" -screen_name "$new_username"
        party::update -party_id $from_user_id -email "$new_email"

    }
    ns_log notice "Finishing auth::local::authentication::MergeUser"
}


d_proc -private auth::local::authentication::Authenticate {
    username
    password
    {parameters {}}
    {authority_id {}}
} {
    Implements the Authenticate operation of the auth_authentication
    service contract for the local account implementation.
} {
    array set auth_info [list]

    if {$authority_id eq ""} {
        set authority_id [auth::authority::local]
    }

    set user_id [acs_user::get_by_username -authority_id $authority_id -username $username]
    if { $user_id eq "" } {
        set result(auth_status) "no_account"
        return [array get result]
    }

    if { [ad_check_password $user_id $password] } {
        set auth_info(auth_status) "ok"
    } else {
        set auth_info(auth_status) "bad_password"
        set auth_info(auth_message) [_ acs-authentication.Invalid_username_or_password]
        return [array get auth_info]
    }

    # We set 'external' account status to 'ok', because the
    # local account status will be checked anyways by the framework
    set auth_info(account_status) ok

    return [array get auth_info]
}

ad_proc -private auth::local::authentication::GetParameters {} {
    Implements the GetParameters operation of the auth_authentication
    service contract for the local account implementation.
} {
    # No parameters
    return [list]
}


#####
#
# auth::local::password
#
#####
#
# The 'auth_password' service contract implementation
#

ad_proc -private auth::local::password::register_impl {} {
    Register the 'local' implementation of the 'auth_password' service contract.

    @return impl_id of the newly created implementation.
} {
    set spec {
        contract_name "auth_password"
        owner "acs-authentication"
        name "local"
        pretty_name "Local"
        aliases {
            CanChangePassword auth::local::password::CanChangePassword
            ChangePassword auth::local::password::ChangePassword
            CanRetrievePassword auth::local::password::CanRetrievePassword
            RetrievePassword auth::local::password::RetrievePassword
            CanResetPassword auth::local::password::CanResetPassword
            ResetPassword auth::local::password::ResetPassword
            GetParameters auth::local::password::GetParameters
        }
    }
    return [acs_sc::impl::new_from_spec -spec $spec]
}

ad_proc -private auth::local::password::unregister_impl {} {
    Unregister the 'local' implementation of the 'auth_password' service contract.
} {
    acs_sc::impl::delete -contract_name "auth_password" -impl_name "local"
}


d_proc -private auth::local::password::CanChangePassword {
    {parameters ""}
} {
    Implements the CanChangePassword operation of the auth_password
    service contract for the local account implementation.
} {
    # Yeah, we can change your password
    return 1
}

d_proc -private auth::local::password::CanRetrievePassword {
    {parameters ""}
} {
    Implements the CanRetrievePassword operation of the auth_password
    service contract for the local account implementation.
} {
    # passwords are stored hashed, so we send the hash and let the user choose a new password
    return 1
}

d_proc -private auth::local::password::CanResetPassword {
    {parameters ""}
} {
    Implements the CanResetPassword operation of the auth_password
    service contract for the local account implementation.
} {
    # Yeah, we can reset for you.
    return 1
}

d_proc -private auth::local::password::ChangePassword {
    username
    new_password
    {old_password ""}
    {parameters {}}
    {authority_id {}}
} {
    Implements the ChangePassword operation of the auth_password
    service contract for the local account implementation.
} {
    array set result {
        password_status {}
        password_message {}
    }

    set user_id [acs_user::get_by_username -authority_id $authority_id -username $username]
    if { $user_id eq "" } {
        set result(password_status) "no_account"
        return [array get result]
    }

    if { $old_password ne "" } {
        if { ![ad_check_password $user_id $old_password] } {
            set result(password_status) "old_password_bad"
            return [array get result]
        }
    }

    ad_try {
        ad_change_password $user_id $new_password
    } on error {errorMsg} {
        set result(password_status) "change_error"
        ad_log Error "Error changing local password for username $username, user_id $user_id: $errorMsg"
        return [array get result]
    }

    set result(password_status) "ok"

    if { [parameter::get -parameter EmailAccountOwnerOnPasswordChangeP -package_id [ad_acs_kernel_id] -default 1] } {
        ad_try {
            set user_id [acs_user::get_by_username \
                             -username $username \
                             -authority_id $authority_id]
            set user_email [party::get -party_id $user_id -element email]

            set system_name [ad_system_name]
            set pvt_home_name [ad_pvt_home_name]
            set password_update_link_text [_ acs-subsite.Change_my_Password]

            if { [auth::UseEmailForLoginP] } {
                set account_id_label [_ acs-subsite.Email]
                set account_id $user_email
            } else {
                set account_id_label [_ acs-subsite.Username]
                set account_id [acs_user::get_user_info \
                                    -user_id $user_id \
                                    -element username]
            }

            set subject [_ acs-subsite.Password_changed_subject]
            set body [_ acs-subsite.Password_changed_body]

            acs_mail_lite::send \
                -send_immediately \
                -to_addr $user_email \
                -from_addr [ad_outgoing_sender] \
                -subject $subject \
                -body $body
        } on error {errorMsg} {
            ad_log Error "Error sending out password changed notification to account owner with user_id $user_id, email $user_email: $errorMsg"
        }
    }

    return [array get result]
}

d_proc -private auth::local::password::RetrievePassword {
    username
    parameters
} {
    Implements the RetrievePassword operation of the auth_password
    service contract for the local account implementation.
} {
    set result(password_status) "ok"
    set result(password_message) [_ acs-subsite.Request_Change_Password_token_email]

    db_1row get_usr_id_and_password_hash {SELECT user_id, password as password_hash FROM users WHERE username = :username}

    set email [party::email -party_id $user_id]
    # TODO: This email message text should go in the recipient user language, english or every language supported
    set subject "[ad_system_name]: [_ acs-subsite.change_password_email_subject] $username"
    set body "[_ acs-subsite.change_password_email_body_0]\n\n[export_vars -base "[ad_url]/user/password-reset" {user_id password_hash}]\n\n[_ acs-subsite.change_password_email_body_1]"

    acs_mail_lite::send \
        -send_immediately \
        -to_addr $email \
        -from_addr [ad_outgoing_sender] \
        -subject $subject \
        -body $body

    return [array get result]
}

d_proc -private auth::local::password::ResetPassword {
    username
    parameters
    {authority_id {}}
} {
    Implements the ResetPassword operation of the auth_password
    service contract for the local account implementation.
} {
    array set result {
        password_status ok
        password_message {}
    }

    set user_id [acs_user::get_by_username -authority_id $authority_id -username $username]
    if { $user_id eq "" } {
        set result(password_status) "no_account"
        return [array get result]
    }

    # Reset the password
    set password [ad_generate_random_string]

    ad_change_password $user_id $password

    # We return the new password here and let the OpenACS framework send the email with the new password
    set result(password) $password
    return [array get result]
}

ad_proc -private auth::local::password::GetParameters {} {
    Implements the GetParameters operation of the auth_password
    service contract for the local account implementation.
} {
    # No parameters
    return [list]
}


#####
#
# auth::local::register
#



#####
#
# The 'auth_registration' service contract implementation
#

ad_proc -private auth::local::registration::register_impl {} {
    Register the 'local' implementation of the 'auth_registration' service contract.

    @return impl_id of the newly created implementation.
} {
    set spec {
        contract_name "auth_registration"
        owner "acs-authentication"
        name "local"
        pretty_name "Local"
        aliases {
            GetElements auth::local::registration::GetElements
            Register auth::local::registration::Register
            GetParameters auth::local::registration::GetParameters
        }
    }
    return [acs_sc::impl::new_from_spec -spec $spec]
}

ad_proc -private auth::local::registration::unregister_impl {} {
    Unregister the 'local' implementation of the 'auth_register' service contract.
} {
    acs_sc::impl::delete -contract_name "auth_registration" -impl_name "local"
}

d_proc -private auth::local::registration::GetElements {
    {parameters ""}
} {
    Implements the GetElements operation of the auth_registration
    service contract for the local account implementation.
} {
    set result(required) {}
    if { ![auth::UseEmailForLoginP] } {
        set result(required) username
    }

    lappend result(required) email first_names last_name
    set result(optional) { url }

    if { ![parameter::get -package_id [ad_conn subsite_id] -parameter RegistrationProvidesRandomPasswordP -default 0] } {
        lappend result(optional) password
    }

    if { [parameter::get -package_id [ad_acs_kernel_id] -parameter RequireQuestionForPasswordResetP -default 0] &&
         [parameter::get -package_id [ad_acs_kernel_id] -parameter UseCustomQuestionForPasswordReset -default 0] } {
        lappend result(required) secret_question secret_answer
    }

    return [array get result]
}

d_proc -private auth::local::registration::Register {
    parameters
    username
    authority_id
    first_names
    last_name
    screen_name
    email
    url
    password
    secret_question
    secret_answer
} {
    Implements the Register operation of the auth_registration
    service contract for the local account implementation.
} {
    array set result {
        creation_status "ok"
        creation_message {}
        element_messages {}
        account_status "ok"
        account_message {}
        generated_pwd_p 0
        password {}
    }

    # We don't create anything here, so creation always succeeds
    # And we don't check local account, either

    set subsite_id [ad_conn subsite_id]

    # LARS TODO: Move this out of the local driver and into the auth framework
    # Generate random password?
    set generated_pwd_p 0
    if { $password eq ""
         || [parameter::get \
                 -package_id $subsite_id \
                 -parameter RegistrationProvidesRandomPasswordP \
                 -default 0]
     } {
        set password [ad_generate_random_string]
        set generated_pwd_p 1
    }
    set result(generated_pwd_p) $generated_pwd_p
    set result(password) $password

    # Set user's password
    set user_id [acs_user::get_by_username -authority_id $authority_id -username $username]
    ad_change_password $user_id $password

    # Used in messages below
    set system_name [ad_system_name]
    set system_url [ad_url]

    # LARS TODO: Move this out of the local driver and into the auth framework
    # Send password confirmation email to user
    if { [parameter::get \
              -parameter EmailRegistrationConfirmationToUserP \
              -package_id $subsite_id -default 1] } {
        ad_try {
            auth::password::email_password \
                -username $username \
                -authority_id $authority_id \
                -password $password \
                -from [parameter::get \
                           -parameter NewRegistrationEmailAddress \
                           -package_id $subsite_id \
                           -default [ad_system_owner]] \
                -subject_msg_key "acs-subsite.email_subject_Registration_password" \
                -body_msg_key "acs-subsite.email_body_Registration_password"
        } on error {errorMsg} {
            # We don't fail hard here, just log an error
            ad_log Error "Error sending registration confirmation to $email: $errorMsg"
        }
    }

    # LARS TODO: Move this out of the local driver and into the auth framework
    # Notify admin on new registration
    if { [parameter::get \
              -parameter NotifyAdminOfNewRegistrationsP \
              -package_id $subsite_id \
              -default 0] } {
        ad_try {
            set admin_email [parameter::get \
                                 -parameter NewRegistrationEmailAddress \
                                 -package_id $subsite_id \
                                 -default [ad_system_owner]]
            set admin_id [party::get_by_email -email $admin_email]
            if { $admin_id eq "" } {
                set admin_locale [lang::system::site_wide_locale]
            } else {
                set admin_locale [lang::user::locale -user_id $admin_id]
            }

            set system_url [ad_url]

            acs_mail_lite::send \
                -send_immediately \
                -to_addr $admin_email \
                -from_addr [ad_outgoing_sender] \
                -subject [lang::message::lookup $admin_locale acs-subsite.lt_New_registration_at_s] \
                -body [lang::message::lookup $admin_locale acs-subsite.lt_first_names_last_name]
        } on error {errorMsg} {
            # We don't fail hard here, just log an error
            ad_log Error "Error sending admin notification to $admin_email: $errorMsg"
        }
    }

    return [array get result]
}

ad_proc -private auth::local::registration::GetParameters {} {
    Implements the GetParameters operation of the auth_registration
    service contract for the local account implementation.
} {
    # No parameters
    return [list]
}

#####
#
# The 'auth_user_info' service contract implementation
#

ad_proc -private auth::local::user_info::register_impl {} {
    Register the 'local' implementation of the 'auth_user_info' service contract.

    @return impl_id of the newly created implementation.
} {
    set spec {
        contract_name "auth_user_info"
        owner "acs-authentication"
        name "local"
        pretty_name "Local"
        aliases {
            GetUserInfo auth::local::user_info::GetUserInfo
            GetParameters auth::local::user_info::GetParameters
        }
    }
    return [acs_sc::impl::new_from_spec -spec $spec]
}

ad_proc -private auth::local::user_info::unregister_impl {} {
    Unregister the 'local' implementation of the 'auth_user_info' service contract.
} {
    acs_sc::impl::delete -contract_name "auth_user_info" -impl_name "local"
}

d_proc -private auth::local::user_info::GetUserInfo {
    username
    {parameters ""}
} {
    Implements the GetUserInfo operation of the auth_user_info
    service contract for the local account implementation.
} {
    set user_id [acs_user::get_by_username -username $username]
    set result(info_status) [auth::get_local_account_status -user_id $user_id]
    set result(info_message) ""
    db_1row get_user_info {} -column_array user_info
    set result(user_info) [array get user_info]

    return [array get result]
}

ad_proc -private auth::local::user_info::GetParameters {} {
    Implements the GetParameters operation of the auth_user_info
    service contract for the local account implementation.
} {
    # No parameters
    return [list]
}

d_proc -private auth::local::search::Search {
    search_text
    {parameters ""}
} {
    Implements the Search operation of the auth_search
    service contract for the local account implementation.
} {
    set authority_id [auth::authority::local]
    return [db_list user_search {
        select distinct username
        from   cc_users u
        where  authority_id = :authority_id
               and upper(coalesce(u.first_names || ' ', '')  ||
                         coalesce(u.last_name || ' ', '') ||
                         u.email || ' ' ||
                         u.username || ' ' ||
                         coalesce(u.screen_name, '')) like upper('%'||:search_text||'%')
        order  by username
    }]
}

ad_proc -private auth::local::search::GetParameters {} {
    Implements the GetParameters operation of the auth_search
    service contract for the local account implementation.
} {
    # No parameters
    return [list]
}

# Local variables:
#    mode: tcl
#    tcl-indent-level: 4
#    indent-tabs-mode: nil
# End: