/**
* Password reset confirmation action. Finishes the password reset process.
* Users visit this action from a link supplied in an email.
*/
public function confirmResetPassword()
{
$errorMessage = null;
$login = Common::getRequestVar('login', '');
$resetToken = Common::getRequestVar('resetToken', '');
try {
// get password reset info & user info
$user = self::getUserInformation($login);
if ($user === null) {
throw new Exception(Piwik::translate('Login_InvalidUsernameEmail'));
}
// check that the reset token is valid
$resetPassword = Login::getPasswordToResetTo($login);
if ($resetPassword === false || !self::isValidToken($resetToken, $user)) {
throw new Exception(Piwik::translate('Login_InvalidOrExpiredToken'));
}
// reset password of user
$this->setNewUserPassword($user, $resetPassword);
} catch (Exception $ex) {
$errorMessage = $ex->getMessage();
}
if (is_null($errorMessage)) {
$this->redirectToIndex(Piwik::getLoginPluginName(), 'resetPasswordSuccess');
return;
} else {
// show login page w/ error. this will keep the token in the URL
return $this->login($errorMessage);
}
}
/**
* Initializes the authentication object.
* Listens to Request.initAuthenticationObject hook.
*/
function initAuthenticationObject($activateCookieAuth = false)
{
$auth = AuthBase::factory();
StaticContainer::getContainer()->set('Piwik\\Auth', $auth);
Login::initAuthenticationFromCookie($auth, $activateCookieAuth);
}
public function noAccess(Exception $exception)
{
$login = new Login();
return $login->noAccess($exception);
}
/**
* Executed when the session was successfully authenticated
* @param $login
* @param $tokenAuth
* @param $rememberMe
*/
protected function processSuccessfullSession($login, $tokenAuth, $rememberMe)
{
$cookie = $this->getAuthCookie($rememberMe);
$cookie->set('login', $login);
$cookie->set('token_auth', $this->getHashTokenAuth($login, $tokenAuth));
$cookie->setSecure(ProxyHttp::isHttps());
$cookie->setHttpOnly(true);
$cookie->save();
// remove password reset entry if it exists
Login::removePasswordResetInfo($login);
}
/**
* Authenticates the user and initializes the session.
*/
public function initSession($login, $md5Password, $rememberMe)
{
$tokenAuth = API::getInstance()->getTokenAuth($login, $md5Password);
$this->setLogin($login);
$this->setTokenAuth($tokenAuth);
$authResult = $this->authenticate();
$authCookieName = Config::getInstance()->General['login_cookie_name'];
$authCookieExpiry = $rememberMe ? time() + Config::getInstance()->General['login_cookie_expire'] : 0;
$authCookiePath = Config::getInstance()->General['login_cookie_path'];
$cookie = new Cookie($authCookieName, $authCookieExpiry, $authCookiePath);
if (!$authResult->wasAuthenticationSuccessful()) {
$cookie->delete();
throw new Exception(Piwik::translate('Login_LoginPasswordNotCorrect'));
}
$cookie->set('login', $login);
$cookie->set('token_auth', $this->getHashTokenAuth($login, $authResult->getTokenAuth()));
$cookie->setSecure(ProxyHttp::isHttps());
$cookie->setHttpOnly(true);
$cookie->save();
@Session::regenerateId();
// remove password reset entry if it exists
Login::removePasswordResetInfo($login);
}
public function getJsFiles(&$javascriptFiles)
{
parent::getJsFiles($javascriptFiles);
$javascriptFiles[] = "plugins/GoogleAuthenticator/javascripts/settings.js";
}
/**
* Initializes the authentication object.
* Listens to Request.initAuthenticationObject hook.
*/
public function initAuthenticationObject($activateCookieAuth = false)
{
$auth = new LoginShibbolethAuth();
\Piwik\Registry::set('auth', $auth);
Login::initAuthenticationFromCookie($auth, $activateCookieAuth);
}
/**
* Executed when the session was successfully authenticated
* @param $login
* @param $tokenAuth
* @param $rememberMe
*/
protected function processSuccessfulSession($login, $tokenAuth, $rememberMe)
{
/**
* Triggered after successful authenticate, but before cookie creation.
* This event propagate login and token_auth which was used in authenticate process.
*
* This event exists to enable the ability to custom action before the cookie will be created,
* but after a successful authentication.
* For example when user have to fill survey or change password.
*
* **Example**
*
* Piwik::addAction('Login.authenticate.successful', function ($login, $tokenAuth) {
* // redirect to change password action
* });
*
* @param string $login User login.
* @param string $tokenAuth User token auth.
*/
Piwik::postEvent('Login.authenticate.successful', array($login, $tokenAuth));
$cookie = $this->getAuthCookie($rememberMe);
$cookie->set('login', $login);
$cookie->set('token_auth', $this->getHashTokenAuth($login, $tokenAuth));
$cookie->setSecure(ProxyHttp::isHttps());
$cookie->setHttpOnly(true);
$cookie->save();
// remove password reset entry if it exists
Login::removePasswordResetInfo($login);
}
