/**
* Performs an OAuth authentication
*/
public function execute()
{
/** @var \Grav\Common\Language\Language */
$t = $this->grav['language'];
$provider = strtolower($this->action);
$config = $this->grav['config']->get('plugins.login-oauth.providers.' . $this->action, []);
if (isset($config['credentials'])) {
// Setup the credentials for the requests
$credentials = new Credentials($config['credentials']['key'], $config['credentials']['secret'], $this->grav['uri']->url(true));
// Instantiate service using the credentials, http client
// and storage mechanism for the token
$scope = isset($this->scopes[$provider]) ? $this->scopes[$provider] : [];
$this->service = $this->factory->createService($this->action, $credentials, $this->storage, $scope);
}
if (!$this->service || empty($config)) {
$this->setMessage($t->translate(['PLUGIN_LOGIN_OAUTH.OAUTH_PROVIDER_NOT_SUPPORTED', $this->action]));
return true;
}
// Check OAuth authentication status
$authenticated = parent::execute();
if (is_bool($authenticated)) {
$this->reset();
if ($authenticated) {
$this->setMessage($t->translate('PLUGIN_LOGIN.LOGIN_SUCCESSFUL'));
} else {
$this->setMessage($t->translate('PLUGIN_LOGIN.ACCESS_DENIED'));
}
// Redirect to current URI
$redirect = $this->grav['config']->get('plugins.login.redirect_after_login');
if (!$redirect) {
$redirect = $this->grav['session']->redirect_after_login;
}
$this->setRedirect($redirect);
} elseif (!$this->grav['session']->oauth) {
$this->setMessage($t->translate(['PLUGIN_LOGIN_OAUTH.OAUTH_PROVIDER_NOT_SUPPORTED', $this->action]));
}
return true;
}
/**
* Initialize login plugin if path matches.
*/
public function initialize()
{
/** @var Uri $uri */
$uri = $this->grav['uri'];
// Check to ensure sessions are enabled.
if ($this->grav['config']->get('system.session.enabled') === false) {
throw new \RuntimeException('The Login plugin requires "system.session" to be enabled');
}
/** @var Grav\Common\Session */
$session = $this->grav['session'];
// Autoload classes
$autoload = __DIR__ . '/vendor/autoload.php';
if (!is_file($autoload)) {
throw new \Exception('Login Plugin failed to load. Composer dependencies not met.');
}
require_once $autoload;
// Define session message service.
$this->grav['messages'] = function ($c) {
$session = $c['session'];
if (!isset($session->messages)) {
$session->messages = new Message();
}
return $session->messages;
};
// Define current user service.
$this->grav['user'] = function ($c) {
$session = $c['session'];
if (!isset($session->user)) {
$session->user = new User();
if ($c['config']->get('plugins.login.rememberme.enabled')) {
$controller = new Login\Controller($c, '');
$rememberMe = $controller->rememberMe();
// If we can present the correct tokens from the cookie, we are logged in
$username = $rememberMe->login();
if ($username) {
// Normal login process
$user = User::load($username);
if ($user->exists()) {
// There is a chance that an attacker has stolen
// the login token, so we store the fact that
// the user was logged in via RememberMe
// (instead of login form)
$session->remember_me = $rememberMe;
$session->user = $user;
}
}
// Check if the token was invalid
if ($rememberMe->loginTokenWasInvalid()) {
$controller->setMessage($c['language']->translate('PLUGIN_LOGIN.REMEMBER_ME_STOLEN_COOKIE'));
}
}
}
return $session->user;
};
// Manage OAuth login
$task = !empty($_POST['task']) ? $_POST['task'] : $uri->param('task');
if (!$task && isset($_POST['oauth']) || !empty($_GET) && $session->oauth) {
$this->oauthController();
}
// Aborted OAuth authentication (invalidate it)
unset($session->oauth);
$admin_route = $this->config->get('plugins.admin.route');
// Register route to login page if it has been set.
if ($uri->path() != $admin_route && substr($uri->path(), 0, strlen($admin_route) + 1) != $admin_route . '/') {
$this->route = $this->config->get('plugins.login.route');
}
if ($this->route && $this->route == $uri->path()) {
$this->enable(['onPagesInitialized' => ['addLoginPage', 0]]);
}
if ($uri->path() == $this->config->get('plugins.login.route_forgot')) {
$this->enable(['onPagesInitialized' => ['addForgotPage', 0]]);
}
if ($uri->path() == $this->config->get('plugins.login.route_reset')) {
$this->enable(['onPagesInitialized' => ['addResetPage', 0]]);
}
if ($uri->path() == $this->config->get('plugins.login.route_register')) {
$this->enable(['onPagesInitialized' => ['addRegisterPage', 0]]);
}
if ($uri->path() == $this->config->get('plugins.login.route_activate')) {
$this->enable(['onPagesInitialized' => ['handleUserActivation', 0]]);
}
}
/**
* Initialize login controller
*/
public function loginController()
{
/** @var Uri $uri */
$uri = $this->grav['uri'];
$task = !empty($_POST['task']) ? $_POST['task'] : $uri->param('task');
$task = substr($task, strlen('login.'));
$post = !empty($_POST) ? $_POST : [];
if (method_exists('Grav\\Common\\Utils', 'getNonce')) {
switch ($task) {
case 'login':
if (!isset($post['login-form-nonce']) || !Utils::verifyNonce($post['login-form-nonce'], 'login-form')) {
$this->grav['messages']->add($this->grav['language']->translate('PLUGIN_LOGIN.ACCESS_DENIED'), 'info');
$this->authenticated = false;
$twig = $this->grav['twig'];
$twig->twig_vars['notAuthorized'] = true;
return;
}
break;
case 'logout':
$nonce = $this->grav['uri']->param('logout-nonce');
if (!isset($nonce) || !Utils::verifyNonce($nonce, 'logout-form')) {
return;
}
break;
case 'forgot':
if (!isset($post['forgot-form-nonce']) || !Utils::verifyNonce($post['forgot-form-nonce'], 'forgot-form')) {
$this->grav['messages']->add($this->grav['language']->translate('PLUGIN_LOGIN.ACCESS_DENIED'), 'info');
return;
}
break;
case 'reset':
if (!isset($post['reset-form-nonce']) || !Utils::verifyNonce($post['reset-form-nonce'], 'reset-form')) {
//$this->grav['messages']->add($this->grav['language']->translate('PLUGIN_LOGIN.ACCESS_DENIED'), 'info');
//return;
}
break;
}
}
$controller = new Controller($this->grav, $task, $post);
$controller->execute();
$controller->redirect();
}
