Beispiel #1
0
 /**
  * Do login (AJAX call)
  *  
  * @param TBGRequest $request
  */
 public function runDoLogin(TBGRequest $request)
 {
     $i18n = TBGContext::getI18n();
     $options = $request->getParameters();
     $forward_url = TBGContext::getRouting()->generate('home');
     if ($request->hasParameter('persona') && $request['persona'] == 'true') {
         $url = 'https://verifier.login.persona.org/verify';
         $assert = filter_input(INPUT_POST, 'assertion', FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
         //Use the $_POST superglobal array for PHP < 5.2 and write your own filter
         $params = 'assertion=' . urlencode($assert) . '&audience=' . urlencode(TBGContext::getURLhost() . ':80');
         $ch = curl_init();
         $options = array(CURLOPT_URL => $url, CURLOPT_RETURNTRANSFER => TRUE, CURLOPT_POST => 2, CURLOPT_POSTFIELDS => $params);
         curl_setopt_array($ch, $options);
         $result = curl_exec($ch);
         curl_close($ch);
         $details = json_decode($result);
         $user = null;
         if ($details->status == 'okay') {
             $user = TBGUser::getByEmail($details->email);
             if ($user instanceof TBGUser) {
                 TBGContext::getResponse()->setCookie('tbg3_password', $user->getPassword());
                 TBGContext::getResponse()->setCookie('tbg3_username', $user->getUsername());
                 TBGContext::getResponse()->setCookie('tbg3_persona_session', true);
                 return $this->renderJSON(array('status' => 'login ok', 'redirect' => in_array($request['referrer_route'], array('home', 'login'))));
             }
         }
         if (!$user instanceof TBGUser) {
             $this->getResponse()->setHttpStatus(401);
             $this->renderJSON(array('message' => $this->getI18n()->__('Invalid login')));
         }
         return;
     }
     if (TBGSettings::isOpenIDavailable()) {
         $openid = new LightOpenID(TBGContext::getRouting()->generate('login_page', array(), false));
     }
     if (TBGSettings::isOpenIDavailable() && !$openid->mode && $request->isPost() && $request->hasParameter('openid_identifier')) {
         $openid->identity = $request->getRawParameter('openid_identifier');
         $openid->required = array('contact/email');
         $openid->optional = array('namePerson/first', 'namePerson/friendly');
         return $this->forward($openid->authUrl());
     } elseif (TBGSettings::isOpenIDavailable() && $openid->mode == 'cancel') {
         $this->error = TBGContext::getI18n()->__("OpenID authentication cancelled");
     } elseif (TBGSettings::isOpenIDavailable() && $openid->mode) {
         try {
             if ($openid->validate()) {
                 if ($this->getUser()->isAuthenticated() && !$this->getUser()->isGuest()) {
                     if (TBGOpenIdAccountsTable::getTable()->getUserIDfromIdentity($openid->identity)) {
                         TBGContext::setMessage('openid_used', true);
                         throw new Exception('OpenID already in use');
                     }
                     $user = $this->getUser();
                 } else {
                     $user = TBGUser::getByOpenID($openid->identity);
                 }
                 if ($user instanceof TBGUser) {
                     $attributes = $openid->getAttributes();
                     $email = array_key_exists('contact/email', $attributes) ? $attributes['contact/email'] : null;
                     if (!$user->getEmail()) {
                         if (array_key_exists('contact/email', $attributes)) {
                             $user->setEmail($attributes['contact/email']);
                         }
                         if (array_key_exists('namePerson/first', $attributes)) {
                             $user->setRealname($attributes['namePerson/first']);
                         }
                         if (array_key_exists('namePerson/friendly', $attributes)) {
                             $user->setBuddyname($attributes['namePerson/friendly']);
                         }
                         if (!$user->getNickname() || $user->isOpenIdLocked()) {
                             $user->setBuddyname($user->getEmail());
                         }
                         if (!$user->getRealname()) {
                             $user->setRealname($user->getBuddyname());
                         }
                         $user->save();
                     }
                     if (!$user->hasOpenIDIdentity($openid->identity)) {
                         TBGOpenIdAccountsTable::getTable()->addIdentity($openid->identity, $email, $user->getID());
                     }
                     TBGContext::getResponse()->setCookie('tbg3_password', $user->getPassword());
                     TBGContext::getResponse()->setCookie('tbg3_username', $user->getUsername());
                     if ($this->checkScopeMembership($user)) {
                         return true;
                     }
                     return $this->forward(TBGContext::getRouting()->generate(TBGSettings::get('returnfromlogin')));
                 } else {
                     $this->error = TBGContext::getI18n()->__("Didn't recognize this OpenID. Please log in using your username and password, associate it with your user account in your account settings and try again.");
                 }
             } else {
                 $this->error = TBGContext::getI18n()->__("Could not validate against the OpenID provider");
             }
         } catch (Exception $e) {
             $this->error = TBGContext::getI18n()->__("Could not validate against the OpenID provider: %message", array('%message' => htmlentities($e->getMessage(), ENT_COMPAT, TBGContext::getI18n()->getCharset())));
         }
     } elseif ($request->getMethod() == TBGRequest::POST) {
         try {
             if ($request->hasParameter('tbg3_username') && $request->hasParameter('tbg3_password') && $request['tbg3_username'] != '' && $request['tbg3_password'] != '') {
                 $user = TBGUser::loginCheck($request, $this);
                 TBGContext::setUser($user);
                 if ($this->checkScopeMembership($user)) {
                     return true;
                 }
                 if ($request->hasParameter('return_to')) {
                     $forward_url = $request['return_to'];
                 } else {
                     if (TBGSettings::get('returnfromlogin') == 'referer') {
                         $forward_url = $request->getParameter('tbg3_referer', TBGContext::getRouting()->generate('dashboard'));
                     } else {
                         $forward_url = TBGContext::getRouting()->generate(TBGSettings::get('returnfromlogin'));
                     }
                 }
                 $forward_url = htmlentities($forward_url, ENT_COMPAT, TBGContext::getI18n()->getCharset());
             } else {
                 throw new Exception('Please enter a username and password');
             }
         } catch (Exception $e) {
             if ($request->isAjaxCall()) {
                 $this->getResponse()->setHttpStatus(401);
                 TBGLogging::log($e->getMessage(), 'openid', TBGLogging::LEVEL_WARNING_RISK);
                 return $this->renderJSON(array("error" => $i18n->__("Invalid login details")));
             } else {
                 $this->forward403($e->getMessage());
             }
         }
     } else {
         if ($request->isAjaxCall()) {
             $this->getResponse()->setHttpStatus(401);
             return $this->renderJSON(array("error" => $i18n->__('Please enter a username and password')));
         } else {
             $this->forward403($i18n->__('Please enter a username and password'));
         }
     }
     if ($this->checkScopeMembership($user)) {
         return true;
     }
     if ($request->isAjaxCall()) {
         return $this->renderJSON(array('forward' => $forward_url));
     } else {
         $this->forward($this->getRouting()->generate('account'));
     }
 }