/**
* Logs with an arbitrary level.
*
* @param mixed $level
* @param string $message
* @param array $context
*
* @return null
*/
public function log($level, $message, array $context = [])
{
$logDateTime = new \DateTime();
$userId = $this->getAndRemoveContextValue($context, "UzivatelID", $this->user->id);
$presenter = $this->getAndRemoveContextValue($context, "presenter");
$function = $this->getAndRemoveContextValue($context, "function");
$ip = $this->httpRequest->getRemoteAddress();
$message = $this->interpolate($message, $context);
$this->database->table("syslog")->insert(["userId" => $userId, "ip" => $ip, "presenter" => $presenter, "function" => $function, "level" => $level, "logDateTime" => $logDateTime, "message" => $message]);
}
/**
* Performs an authentication against e.g. database.
* and returns IIdentity on success or throws AuthenticationException
* @return IIdentity
* @throws AuthenticationException
*/
public function authenticate(array $credentials)
{
list($email, $password) = $credentials;
$user = $this->entityManager->getRepository(User::class)->findOneBy(['email' => $email]);
if ($user === null) {
throw new AuthenticationException('Špatná E-mailová adresa');
}
if (!Passwords::verify($password, $user->getPassword())) {
throw new AuthenticationException('Špatné heslo');
} elseif (Passwords::needsRehash($user->getPassword())) {
$user->password = Passwords::hash($password);
}
$this->onLoggedIn($user, $this->httpRequest->getRemoteAddress());
return new FakeIdentity($user->getId(), get_class($user));
}
/**
* @return bool
* @throws \lookyman\ReCaptcha\Exception\ClientException
* @throws \lookyman\ReCaptcha\Exception\BadResponseException
*/
public function validateControl(ReCaptchaControl $control)
{
if (!$control->isFilled()) {
return FALSE;
}
try {
$response = $this->client->validate($this->config->getVerificationUrl(), $this->config->getSecretKey(), $control->getValue(), $this->config->getValidateRemoteIp() ? $this->request->getRemoteAddress() : NULL);
} catch (\Exception $e) {
throw new ClientException('There was an error while contacting the verification API.', NULL, $e);
}
$code = $response->getStatusCode();
if ($code !== 200) {
throw new BadResponseException('The verification API did not respond correctly.', $code);
}
$answer = Json::decode($response->getBody()->getContents());
return isset($answer->success) && $answer->success === TRUE;
}
/**
* Listener for {@link User::EVENT_ON_LOGGED_IN}
*
* Resets the counters.
*
* @param vBuilder\Security\User user service
* @param string user id (depending on authentication method)
*
* @return void
*/
public function onLoggedIn(vBuilder\Security\User $userService, $uid)
{
// If user is logged in by direct assignment of IIdentity
if ($uid === NULL) {
return;
}
$this->logger->logSuccess(self::EVENT_IP_LOGIN_ATTEMPT, $this->httpRequest->getRemoteAddress());
$this->logger->logSuccess(self::EVENT_USER_LOGIN_ATTEMPT, $uid);
}
/**
* Performs an authentication against e.g. database.
* and returns IIdentity on success or throws AuthenticationException
* @return IIdentity
* @throws AuthenticationException
*/
public function authenticate(array $credentials)
{
list($email, $password) = $credentials;
try {
$user = $this->userManager->findUserByEmail($email);
} catch (\Exceptions\Runtime\UserNotFoundException $u) {
throw new AuthenticationException('Zadali jste špatný email.');
}
if (!Passwords::verify($password, $user->password)) {
throw new AuthenticationException('Zadali jste špatné heslo.');
} elseif (Passwords::needsRehash($user->password)) {
$user->password = Passwords::hash($password);
$this->userManager->saveUser($user);
}
$info = array('lastLogin' => new \DateTime(), 'lastIP' => $this->httpRequest->getRemoteAddress());
$user->assign($info);
$this->userManager->saveUser($user);
$arr = $user->getData();
unset($arr['password']);
return new Identity($user->userID, $user->role, $arr);
}
/**
* Returns the IP address of the remote client.
*
* @return string|NULL
*/
public function getRemoteIP()
{
return $this->request->getRemoteAddress();
}
public function onLoggedIn(User $user)
{
$user->setLastLogin(new \DateTime('now'));
$user->setLastIP($this->httpRequest->getRemoteAddress());
$this->entityManager->persist($user)->flush();
}
/**
* @inheritdoc
*/
public function getRemoteAddress()
{
return $this->current->getRemoteAddress();
}
/**
* @return Nette\Application\IResponse
*/
protected function process(Nette\Application\Request $request)
{
// Query output content type -------------------------------------------
// Accept header is comma separated fallback sequence
// @todo sequence should be actually sorted by the degree of specificity
// @todo make support for version options (ie. application/json;version=2)
// see: RESTful Web Services Cookbook page 250
$cTypes = preg_split('/,/', $this->httpRequest->getHeader('Accept'), 0, PREG_SPLIT_NO_EMPTY);
foreach ($cTypes as $cType) {
// We ignore all the options
$cType = preg_replace('/;.*/', '', $cType);
if (strcasecmp($cType, 'text/html') === 0 || strcmp($cType, '*/*') === 0) {
$this->outputContentType = 'text/html';
$this->httpResponse->setContentType('text/html', 'utf-8');
break;
} elseif (strcasecmp($cType, 'application/json') === 0) {
$this->outputContentType = 'application/json';
$this->httpResponse->setContentType('application/json', 'utf-8');
break;
}
}
if ($this->outputContentType === NULL) {
$this->terminateWithError(self::ERROR_INVALID_REQUEST, "Accept header is missing or not satisfiable.", 406);
}
// Process Content-Language header -------------------------------------
// Process Authorization header ----------------------------------------
if (($authHeader = $this->httpRequest->getHeader('Authorization')) !== NULL) {
if (preg_match('/^Bearer\\s([^\\s,;]+)/i', $authHeader, $matches)) {
$tokenHash = $matches[1];
// If connection is not secured return error and invalidate sent token
// just in case
if (!$request->hasFlag(Nette\Application\Request::SECURED) && $this->isInProductionMode()) {
$this->tokenManager->invalidateToken($tokenHash);
$this->terminateWithError(self::ERROR_INVALID_REQUEST, "Secured connection required", 400);
}
if (!$this->attemptLogger->getRemainingAttempts(self::ATTEMPT_IP_TOKEN, $this->httpRequest->getRemoteAddress())) {
$this->terminateWithError(OAuth2ResourceProvider::ERROR_MAXIMUM_ATTEMPTS_EXCEEDED, 'Maximum number of authorization attempts exceeded.', 403);
}
$token = $this->tokenManager->getToken($tokenHash);
if (!$token) {
$this->attemptLogger->logFail(self::ATTEMPT_IP_TOKEN, $this->httpRequest->getRemoteAddress());
$this->httpResponse->addHeader('WWW-Authenticate', 'Bearer realm="' . $this->link() . '"');
$this->terminateWithError(OAuth2ResourceProvider::ERROR_INVALID_GRANT, 'Given authorization token is not valid.', 401);
}
$this->attemptLogger->logSuccess(self::ATTEMPT_IP_TOKEN, $this->httpRequest->getRemoteAddress());
if (isset($token->parameters->userIdentity)) {
$this->user->login(User::AUTHN_METHOD_INVALID, User::AUTHN_SOURCE_ALL, $token->parameters->userIdentity);
}
if (isset($token->parameters->client)) {
$this->client = $token->parameters->client;
}
}
}
// Find request handler ------------------------------------------------
// Gather resource path
$parameters = $request->getParameters();
$resourcePath = isset($parameters[self::PARAM_KEY_PATH]) ? trim($parameters[self::PARAM_KEY_PATH]) : NULL;
if (!$resourcePath) {
$this->terminateWithError(self::ERROR_INVALID_REQUEST, "No resource path given.", 400);
}
// Request router expects leading slash
if ($resourcePath[0] != '/') {
$resourcePath = "/{$resourcePath}";
}
// Request router: find resource handler
try {
/** @var vBuilder\RestApi\Request */
$this->resourceRequest = $handlerRequest = $this->requestRouter->createRequest($this->httpRequest->getMethod(), $resourcePath);
} catch (RequestException $e) {
$this->terminateWithError(self::ERROR_INVALID_REQUEST, $e->getMessage(), $e->getCode() == RequestException::METHOD_NOT_ALLOWED ? 405 : 404);
}
// Request authorization -----------------------------------------------
$handlerMethodAnnotations = $handlerRequest->getMethodReflection()->getAnnotations();
if (!isset($handlerMethodAnnotations['NoAuthorization']) || !$handlerMethodAnnotations['NoAuthorization'][0]) {
if (!$this->client) {
$this->httpResponse->addHeader('WWW-Authenticate', 'Bearer realm="' . $this->link() . '"');
$this->terminateWithError(self::ERROR_UNAUTHORIZED, 'Requested resource requires authorization. Please add Authorization header with correct security token.', 401);
}
}
// Decode POST data ----------------------------------------------------
if ($this->httpRequest->isPost()) {
$cType = $this->httpRequest->getHeader('Content-Type');
if (strcasecmp($cType, 'application/json') === 0) {
try {
$this->postData = Nette\Utils\Json::decode(file_get_contents('php://input'), Nette\Utils\Json::FORCE_ARRAY);
} catch (Nette\Utils\JsonException $e) {
$this->terminateWithError(self::ERROR_INVALID_REQUEST, "Malformed POST data (JSON expected).", 400);
}
} elseif (strcasecmp($cType, 'application/x-www-form-urlencoded') === 0) {
$this->postData = $this->httpRequest->getPost();
} elseif ($cType === NULL) {
$this->terminateWithError(self::ERROR_INVALID_REQUEST, "Missing Content-Type header, which is mandatory for POST requests.", 400);
} else {
$this->terminateWithError(self::ERROR_INVALID_REQUEST, "Request content type of POST data is not supported.", 415);
}
}
// Create resource instance and prepare all dependencies ---------------
$class = $handlerRequest->getResourceClassName();
$resource = new $class();
$resource->presenter = $this;
$this->systemContainer->callInjects($resource);
// Prepare and order invoke parameters ---------------------------------
$mReflection = $handlerRequest->getMethodReflection();
$invokeParams = array();
$requestParams = $handlerRequest->getParameters();
$definedParams = $mReflection->getParameters();
$index = 0;
foreach ($definedParams as $pReflection) {
$index++;
// Parameter not given in URL?
if (!isset($requestParams[$pReflection->getName()])) {
// Default value where available
if ($pReflection->isDefaultValueAvailable()) {
$invokeParams[$pReflection->getName()] = $pReflection->getDefaultValue();
continue;
}
$this->terminateWithError(self::ERROR_INVALID_REQUEST, "Missing #{$index} parameter for resource handler {$class}::" . $mReflection->getName() . '().', 400);
}
$invokeParams[$pReflection->getName()] = $requestParams[$pReflection->getName()];
}
// Perform startup
$resource->startup();
// Invoke handler method on resource instance
$responsePayload = $mReflection->invokeArgs($resource, $invokeParams);
// Automatically set HTTP 204 No Content if necessary
if ($responsePayload === NULL && $this->httpResponse->getCode() == 200) {
$this->httpResponse->setCode(204);
}
return $responsePayload === NULL ? $this->createResponse() : $this->createResponse($responsePayload);
}