1: <?php
  2: /**
  3:  * Magento
  4:  *
  5:  * NOTICE OF LICENSE
  6:  *
  7:  * This source file is subject to the Open Software License (OSL 3.0)
  8:  * that is bundled with this package in the file LICENSE.txt.
  9:  * It is also available through the world-wide-web at this URL:
 10:  * http://opensource.org/licenses/osl-3.0.php
 11:  * If you did not receive a copy of the license and are unable to
 12:  * obtain it through the world-wide-web, please send an email
 13:  * to license@magentocommerce.com so we can send you a copy immediately.
 14:  *
 15:  * DISCLAIMER
 16:  *
 17:  * Do not edit or add to this file if you wish to upgrade Magento to newer
 18:  * versions in the future. If you wish to customize Magento for your
 19:  * needs please refer to http://www.magentocommerce.com for more information.
 20:  *
 21:  * @category    Mage
 22:  * @package     Mage_Admin
 23:  * @copyright   Copyright (c) 2012 Magento Inc. (http://www.magentocommerce.com)
 24:  * @license     http://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
 25:  */
 26: 
 27: /**
 28:  * Admin user model
 29:  *
 30:  * @method Mage_Admin_Model_Resource_User _getResource()
 31:  * @method Mage_Admin_Model_Resource_User getResource()
 32:  * @method string getFirstname()
 33:  * @method Mage_Admin_Model_User setFirstname(string $value)
 34:  * @method string getLastname()
 35:  * @method Mage_Admin_Model_User setLastname(string $value)
 36:  * @method string getEmail()
 37:  * @method Mage_Admin_Model_User setEmail(string $value)
 38:  * @method string getUsername()
 39:  * @method Mage_Admin_Model_User setUsername(string $value)
 40:  * @method string getPassword()
 41:  * @method Mage_Admin_Model_User setPassword(string $value)
 42:  * @method string getCreated()
 43:  * @method Mage_Admin_Model_User setCreated(string $value)
 44:  * @method string getModified()
 45:  * @method Mage_Admin_Model_User setModified(string $value)
 46:  * @method string getLogdate()
 47:  * @method Mage_Admin_Model_User setLogdate(string $value)
 48:  * @method int getLognum()
 49:  * @method Mage_Admin_Model_User setLognum(int $value)
 50:  * @method int getReloadAclFlag()
 51:  * @method Mage_Admin_Model_User setReloadAclFlag(int $value)
 52:  * @method int getIsActive()
 53:  * @method Mage_Admin_Model_User setIsActive(int $value)
 54:  * @method string getExtra()
 55:  * @method Mage_Admin_Model_User setExtra(string $value)
 56:  *
 57:  * @category    Mage
 58:  * @package     Mage_Admin
 59:  * @author      Magento Core Team <core@magentocommerce.com>
 60:  */
 61: class Mage_Admin_Model_User extends Mage_Core_Model_Abstract
 62: {
 63:     /**
 64:      * Configuration paths for email templates and identities
 65:      */
 66:     const XML_PATH_FORGOT_EMAIL_TEMPLATE    = 'admin/emails/forgot_email_template';
 67:     const XML_PATH_FORGOT_EMAIL_IDENTITY    = 'admin/emails/forgot_email_identity';
 68:     const XML_PATH_STARTUP_PAGE             = 'admin/startup/page';
 69: 
 70:     /**
 71:      * Minimum length of admin password
 72:      */
 73:     const MIN_PASSWORD_LENGTH = 7;
 74: 
 75:     /**
 76:      * Model event prefix
 77:      *
 78:      * @var string
 79:      */
 80:     protected $_eventPrefix = 'admin_user';
 81: 
 82:     /**
 83:      * Admin role
 84:      *
 85:      * @var Mage_Admin_Model_Roles
 86:      */
 87:     protected $_role;
 88: 
 89:     /**
 90:      * Available resources flag
 91:      *
 92:      * @var boolean
 93:      */
 94:     protected $_hasAvailableResources = true;
 95: 
 96:     /**
 97:      * Initialize user model
 98:      */
 99:     protected function _construct()
100:     {
101:         $this->_init('admin/user');
102:     }
103: 
104:     /**
105:      * Processing data before model save
106:      *
107:      * @return Mage_Admin_Model_User
108:      */
109:     protected function _beforeSave()
110:     {
111:         $data = array(
112:             'firstname' => $this->getFirstname(),
113:             'lastname'  => $this->getLastname(),
114:             'email'     => $this->getEmail(),
115:             'modified'  => now(),
116:             'extra'     => serialize($this->getExtra())
117:         );
118: 
119:         if($this->getId() > 0) {
120:             $data['user_id'] = $this->getId();
121:         }
122: 
123:         if( $this->getUsername() ) {
124:             $data['username'] = $this->getUsername();
125:         }
126: 
127:         if ($this->getNewPassword()) {
128:             // Change password
129:             $data['password'] = $this->_getEncodedPassword($this->getNewPassword());
130:         } elseif ($this->getPassword() && $this->getPassword() != $this->getOrigData('password')) {
131:             // New user password
132:             $data['password'] = $this->_getEncodedPassword($this->getPassword());
133:         }
134: 
135:         if (!is_null($this->getIsActive())) {
136:             $data['is_active'] = intval($this->getIsActive());
137:         }
138: 
139:         $this->addData($data);
140: 
141:         return parent::_beforeSave();
142:     }
143: 
144:     /**
145:      * Save admin user extra data (like configuration sections state)
146:      *
147:      * @param   array $data
148:      * @return  Mage_Admin_Model_User
149:      */
150:     public function saveExtra($data)
151:     {
152:         if (is_array($data)) {
153:             $data = serialize($data);
154:         }
155:         $this->_getResource()->saveExtra($this, $data);
156:         return $this;
157:     }
158: 
159:     /**
160:      * Save user roles
161:      *
162:      * @return Mage_Admin_Model_User
163:      */
164:     public function saveRelations()
165:     {
166:         $this->_getResource()->_saveRelations($this);
167:         return $this;
168:     }
169: 
170:     /**
171:      * Retrieve user roles
172:      *
173:      * @return array
174:      */
175:     public function getRoles()
176:     {
177:         return $this->_getResource()->getRoles($this);
178:     }
179: 
180:     /**
181:      * Get admin role model
182:      *
183:      * @return Mage_Admin_Model_Roles
184:      */
185:     public function getRole()
186:     {
187:         if (null === $this->_role) {
188:             $this->_role = Mage::getModel('admin/roles');
189:             $roles = $this->getRoles();
190:             if ($roles && isset($roles[0]) && $roles[0]) {
191:                 $this->_role->load($roles[0]);
192:             }
193:         }
194:         return $this->_role;
195:     }
196: 
197:     /**
198:      * Unassign user from his current role
199:      *
200:      * @return Mage_Admin_Model_User
201:      */
202:     public function deleteFromRole()
203:     {
204:         $this->_getResource()->deleteFromRole($this);
205:         return $this;
206:     }
207: 
208:     /**
209:      * Check if such combination role/user exists
210:      *
211:      * @return boolean
212:      */
213:     public function roleUserExists()
214:     {
215:         $result = $this->_getResource()->roleUserExists($this);
216:         return (is_array($result) && count($result) > 0) ? true : false;
217:     }
218: 
219:     /**
220:      * Assign user to role
221:      *
222:      * @return Mage_Admin_Model_User
223:      */
224:     public function add()
225:     {
226:         $this->_getResource()->add($this);
227:         return $this;
228:     }
229: 
230:     /**
231:      * Check if user exists based on its id, username and email
232:      *
233:      * @return boolean
234:      */
235:     public function userExists()
236:     {
237:         $result = $this->_getResource()->userExists($this);
238:         return (is_array($result) && count($result) > 0) ? true : false;
239:     }
240: 
241:     /**
242:      * Retrieve admin user collection
243:      *
244:      * @return Mage_Admin_Model_Resource_User_Collection
245:      */
246:     public function getCollection() {
247:         return Mage::getResourceModel('admin/user_collection');
248:     }
249: 
250:     /**
251:      * Send email with new user password
252:      *
253:      * @return Mage_Admin_Model_User
254:      * @deprecated deprecated since version 1.6.1.0
255:      */
256:     public function sendNewPasswordEmail()
257:     {
258:         return $this;
259:     }
260: 
261:     /**
262:      * Send email with reset password confirmation link
263:      *
264:      * @return Mage_Admin_Model_User
265:      */
266:     public function sendPasswordResetConfirmationEmail()
267:     {
268:         /** @var $mailer Mage_Core_Model_Email_Template_Mailer */
269:         $mailer = Mage::getModel('core/email_template_mailer');
270:         $emailInfo = Mage::getModel('core/email_info');
271:         $emailInfo->addTo($this->getEmail(), $this->getName());
272:         $mailer->addEmailInfo($emailInfo);
273: 
274:         // Set all required params and send emails
275:         $mailer->setSender(Mage::getStoreConfig(self::XML_PATH_FORGOT_EMAIL_IDENTITY));
276:         $mailer->setStoreId(0);
277:         $mailer->setTemplateId(Mage::getStoreConfig(self::XML_PATH_FORGOT_EMAIL_TEMPLATE));
278:         $mailer->setTemplateParams(array(
279:             'user' => $this
280:         ));
281:         $mailer->send();
282: 
283:         return $this;
284:     }
285: 
286:     /**
287:      * Retrieve user name
288:      *
289:      * @param string $separator
290:      * @return string
291:      */
292:     public function getName($separator = ' ')
293:     {
294:         return $this->getFirstname() . $separator . $this->getLastname();
295:     }
296: 
297:     /**
298:      * Retrieve user identifier
299:      *
300:      * @return mixed
301:      */
302:     public function getId()
303:     {
304:         return $this->getUserId();
305:     }
306: 
307:     /**
308:      * Get user ACL role
309:      *
310:      * @return string
311:      */
312:     public function getAclRole()
313:     {
314:         return 'U' . $this->getUserId();
315:     }
316: 
317:     /**
318:      * Authenticate user name and password and save loaded record
319:      *
320:      * @param string $username
321:      * @param string $password
322:      * @return boolean
323:      * @throws Mage_Core_Exception
324:      */
325:     public function authenticate($username, $password)
326:     {
327:         $config = Mage::getStoreConfigFlag('admin/security/use_case_sensitive_login');
328:         $result = false;
329: 
330:         try {
331:             Mage::dispatchEvent('admin_user_authenticate_before', array(
332:                 'username' => $username,
333:                 'user'     => $this
334:             ));
335:             $this->loadByUsername($username);
336:             $sensitive = ($config) ? $username == $this->getUsername() : true;
337: 
338:             if ($sensitive && $this->getId() && Mage::helper('core')->validateHash($password, $this->getPassword())) {
339:                 if ($this->getIsActive() != '1') {
340:                     Mage::throwException(Mage::helper('adminhtml')->__('This account is inactive.'));
341:                 }
342:                 if (!$this->hasAssigned2Role($this->getId())) {
343:                     Mage::throwException(Mage::helper('adminhtml')->__('Access denied.'));
344:                 }
345:                 $result = true;
346:             }
347: 
348:             Mage::dispatchEvent('admin_user_authenticate_after', array(
349:                 'username' => $username,
350:                 'password' => $password,
351:                 'user'     => $this,
352:                 'result'   => $result,
353:             ));
354:         }
355:         catch (Mage_Core_Exception $e) {
356:             $this->unsetData();
357:             throw $e;
358:         }
359: 
360:         if (!$result) {
361:             $this->unsetData();
362:         }
363:         return $result;
364:     }
365: 
366:     /**
367:      * Login user
368:      *
369:      * @param   string $login
370:      * @param   string $password
371:      * @return  Mage_Admin_Model_User
372:      */
373:     public function login($username, $password)
374:     {
375:         if ($this->authenticate($username, $password)) {
376:             $this->getResource()->recordLogin($this);
377:         }
378:         return $this;
379:     }
380: 
381:     /**
382:      * Reload current user
383:      *
384:      * @return Mage_Admin_Model_User
385:      */
386:     public function reload()
387:     {
388:         $id = $this->getId();
389:         $this->setId(null);
390:         $this->load($id);
391:         return $this;
392:     }
393: 
394:     /**
395:      * Load user by its username
396:      *
397:      * @param string $username
398:      * @return Mage_Admin_Model_User
399:      */
400:     public function loadByUsername($username)
401:     {
402:         $this->setData($this->getResource()->loadByUsername($username));
403:         return $this;
404:     }
405: 
406:     /**
407:      * Check if user is assigned to any role
408:      *
409:      * @param int|Mage_Core_Admin_Model_User $user
410:      * @return null|boolean|array
411:      */
412:     public function hasAssigned2Role($user)
413:     {
414:         return $this->getResource()->hasAssigned2Role($user);
415:     }
416: 
417:     /**
418:      * Retrieve encoded password
419:      *
420:      * @param string $password
421:      * @return string
422:      */
423:     protected function _getEncodedPassword($password)
424:     {
425:         return Mage::helper('core')->getHash($password, 2);
426:     }
427: 
428:     /**
429:      * Find first menu item that user is able to access
430:      *
431:      * @param Mage_Core_Model_Config_Element $parent
432:      * @param string $path
433:      * @param integer $level
434:      * @return string
435:      */
436:     public function findFirstAvailableMenu($parent = null, $path = '', $level = 0)
437:     {
438:         if ($parent == null) {
439:             $parent = Mage::getSingleton('admin/config')->getAdminhtmlConfig()->getNode('menu');
440:         }
441:         foreach ($parent->children() as $childName => $child) {
442:             $aclResource = 'admin/' . $path . $childName;
443:             if (Mage::getSingleton('admin/session')->isAllowed($aclResource)) {
444:                 if (!$child->children) {
445:                     return (string)$child->action;
446:                 } else if ($child->children) {
447:                     $action = $this->findFirstAvailableMenu($child->children, $path . $childName . '/', $level + 1);
448:                     return $action ? $action : (string)$child->action;
449:                 }
450:             }
451:         }
452:         $this->_hasAvailableResources = false;
453:         return '*/*/denied';
454:     }
455: 
456:     /**
457:      * Check if user has available resources
458:      *
459:      * @return bool
460:      */
461:     public function hasAvailableResources()
462:     {
463:         return $this->_hasAvailableResources;
464:     }
465: 
466:     /**
467:      * Find admin start page url
468:      *
469:      * @deprecated Please use getStartupPageUrl() method instead
470:      * @see getStartupPageUrl()
471:      * @return string
472:      */
473:     public function getStatrupPageUrl()
474:     {
475:         return $this->getStartupPageUrl();
476:     }
477: 
478:     /**
479:      * Find admin start page url
480:      *
481:      * @return string
482:      */
483:     public function getStartupPageUrl()
484:     {
485:         $startupPage = Mage::getStoreConfig(self::XML_PATH_STARTUP_PAGE);
486:         $aclResource = 'admin/' . $startupPage;
487:         if (Mage::getSingleton('admin/session')->isAllowed($aclResource)) {
488:             $nodePath = 'menu/' . join('/children/', explode('/', $startupPage)) . '/action';
489:             $url = Mage::getSingleton('admin/config')->getAdminhtmlConfig()->getNode($nodePath);
490:             if ($url) {
491:                 return $url;
492:             }
493:         }
494:         return $this->findFirstAvailableMenu();
495:     }
496: 
497:     /**
498:      * Validate user attribute values.
499:      * Returns TRUE or array of errors.
500:      *
501:      * @return mixed
502:      */
503:     public function validate()
504:     {
505:         $errors = array();
506: 
507:         if (!Zend_Validate::is($this->getUsername(), 'NotEmpty')) {
508:             $errors[] = Mage::helper('adminhtml')->__('User Name is required field.');
509:         }
510: 
511:         if (!Zend_Validate::is($this->getFirstname(), 'NotEmpty')) {
512:             $errors[] = Mage::helper('adminhtml')->__('First Name is required field.');
513:         }
514: 
515:         if (!Zend_Validate::is($this->getLastname(), 'NotEmpty')) {
516:             $errors[] = Mage::helper('adminhtml')->__('Last Name is required field.');
517:         }
518: 
519:         if (!Zend_Validate::is($this->getEmail(), 'EmailAddress')) {
520:             $errors[] = Mage::helper('adminhtml')->__('Please enter a valid email.');
521:         }
522: 
523:         if ($this->hasNewPassword()) {
524:             if (Mage::helper('core/string')->strlen($this->getNewPassword()) < self::MIN_PASSWORD_LENGTH) {
525:                 $errors[] = Mage::helper('adminhtml')->__('Password must be at least of %d characters.', self::MIN_PASSWORD_LENGTH);
526:             }
527: 
528:             if (!preg_match('/[a-z]/iu', $this->getNewPassword())
529:                 || !preg_match('/[0-9]/u', $this->getNewPassword())
530:             ) {
531:                 $errors[] = Mage::helper('adminhtml')->__('Password must include both numeric and alphabetic characters.');
532:             }
533: 
534:             if ($this->hasPasswordConfirmation() && $this->getNewPassword() != $this->getPasswordConfirmation()) {
535:                 $errors[] = Mage::helper('adminhtml')->__('Password confirmation must be same as password.');
536:             }
537:         }
538: 
539:         if ($this->userExists()) {
540:             $errors[] = Mage::helper('adminhtml')->__('A user with the same user name or email aleady exists.');
541:         }
542: 
543:         if (empty($errors)) {
544:             return true;
545:         }
546:         return $errors;
547:     }
548: 
549:     /**
550:      * Change reset password link token
551:      *
552:      * Stores new reset password link token and its creation time
553:      *
554:      * @param string $newResetPasswordLinkToken
555:      * @return Mage_Admin_Model_User
556:      * @throws Mage_Core_Exception
557:      */
558:     public function changeResetPasswordLinkToken($newResetPasswordLinkToken) {
559:         if (!is_string($newResetPasswordLinkToken) || empty($newResetPasswordLinkToken)) {
560:             throw Mage::exception('Mage_Core', Mage::helper('adminhtml')->__('Invalid password reset token.'));
561:         }
562:         $this->setRpToken($newResetPasswordLinkToken);
563:         $currentDate = Varien_Date::now();
564:         $this->setRpTokenCreatedAt($currentDate);
565: 
566:         return $this;
567:     }
568: 
569:     /**
570:      * Check if current reset password link token is expired
571:      *
572:      * @return boolean
573:      */
574:     public function isResetPasswordLinkTokenExpired()
575:     {
576:         $resetPasswordLinkToken = $this->getRpToken();
577:         $resetPasswordLinkTokenCreatedAt = $this->getRpTokenCreatedAt();
578: 
579:         if (empty($resetPasswordLinkToken) || empty($resetPasswordLinkTokenCreatedAt)) {
580:             return true;
581:         }
582: 
583:         $tokenExpirationPeriod = Mage::helper('admin')->getResetPasswordLinkExpirationPeriod();
584: 
585:         $currentDate = Varien_Date::now();
586:         $currentTimestamp = Varien_Date::toTimestamp($currentDate);
587:         $tokenTimestamp = Varien_Date::toTimestamp($resetPasswordLinkTokenCreatedAt);
588:         if ($tokenTimestamp > $currentTimestamp) {
589:             return true;
590:         }
591: 
592:         $dayDifference = floor(($currentTimestamp - $tokenTimestamp) / (24 * 60 * 60));
593:         if ($dayDifference >= $tokenExpirationPeriod) {
594:             return true;
595:         }
596: 
597:         return false;
598:     }
599: 
600: }
601: