/**
* Function to authenticate user
* @param string $username user name
* @param string $password password
* @return boolean
* **/
public function authenticate($username, $password)
{
$userRow = \R::findOne($this->_name, '(user_name = :un OR email = :un) AND status =1', array(":un" => $username));
if ($userRow) {
// check if password is expired or not
$isPasswordExpired = strtotime($userRow->pwd_exp_time) - time() <= 0;
if ($isPasswordExpired) {
return self::ERROR_USER_PWD_EXPIRED;
}
//check if user is locked or not
$isUserLocked = $userRow->locked == 1 ? true : false;
if ($isUserLocked) {
return self::ERROR_USER_LOCKED;
}
if (md5($password . $userRow->salt) == $userRow->password) {
// clear invalid login attempts
$objInvalidAttempts = new UserLoginAttempts();
$objInvalidAttempts->clearInvalidLoginAttempts($username);
//write user data in session
\utilities\Registry::setRegistry('user', $userRow->export());
return true;
}
return false;
}
return self::IDENTITY_NOT_FOUND;
}
public function actionSso()
{
//logout previous sso session
\utilities\Registry::clearRegistry();
$isRequestPost = $this->_request->isPost();
if ($isRequestPost) {
// check if every required parameter is set or not
$username = $this->_request->getParam('username', null);
$password = $this->_request->getParam('password', null);
$referrer = $this->_request->getParam('spentityid', null);
if (!$username) {
$this->_response->renderJson(array('message' => 'Username is not set'));
}
if (!$password) {
$this->_response->renderJson(array('message' => 'Password is not set'));
}
if (!$referrer) {
$this->_response->renderJson(array('message' => 'Referrer not set'));
}
$objDbUserauth = new \models\Users();
// check if user is authenticated or not
$userAuthenticationStatus = $objDbUserauth->authenticate($username, $password);
// user locked due to 5 invalid attempts
if (\models\Users::ERROR_USER_LOCKED === $userAuthenticationStatus) {
$this->_response->renderJson(array('message' => 'Your account is locked due to 5 invalid attempts', 'authstatus' => $userAuthenticationStatus));
}
//user password is expired
if (\models\Users::ERROR_USER_PWD_EXPIRED === $userAuthenticationStatus) {
$this->_response->renderJson(array('message' => 'Your password is expired', 'authstatus' => $userAuthenticationStatus));
}
//user authentication is successfull
if ($userAuthenticationStatus === true) {
$metadata = \SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
$idp = \SimpleSAML_IdP::getById('saml2:' . $idpEntityId);
\sspmod_saml_IdP_SAML2::receiveAuthnRequest($idp);
assert('FALSE');
} else {
//handle invalid attempts
$objInvalidAttempts = new \models\UserLoginAttempts();
$loginAttemptsLeft = $objInvalidAttempts->handleInvalidLoginAttempts($username);
$invalidAttempt = false;
// if attempt is invalid username is wrong
$message = "Invalid credentials";
if ($loginAttemptsLeft !== false) {
// if last attempt was hit then show that account is locked
if ($loginAttemptsLeft === 0) {
$this->_response->renderJson(array('message' => 'Your account is locked due to 5 invalid attempts', 'authstatus' => \models\Users::ERROR_USER_LOCKED));
}
$invalidAttempt = true;
$message = "Incorrect Password.You have {$loginAttemptsLeft} attempts left";
}
$this->_response->renderJson(array('message' => $message, 'invalidAttempt' => $invalidAttempt));
exit;
}
}
$this->_response->renderJson(array('message' => 'Only post request are accepted'));
}
$objUtilResponse = new Response();
$objUtilFunctions = new utilities\CommonFunctions();
if (isset($_SERVER['HTTP_ORIGIN'])) {
$objUtilResponse->allowCors($_SERVER['HTTP_ORIGIN']);
//allow cross domain ajax request
}
// lets run the application
$url = preg_replace('~^' . preg_quote($baseUrl) . '~', '', $_SERVER['REQUEST_URI']);
$parsedUrl = parse_url($url);
$explodedPath = explode('/', $parsedUrl['path']);
$className = $explodedPath[0] ? ucfirst($explodedPath[0]) : 'index';
$className = $objUtilFunctions->hypenToCamel($className);
$serviceClass = 'controllers\\' . ucfirst($className);
//check if service class exixts or not
if (!class_exists($serviceClass)) {
$objUtilResponse->renderJson(array('message' => 'invalid url request', 'status' => '400'), 400);
}
$objService = new $serviceClass();
// get action name to run
$actionName = isset($explodedPath[1]) && !empty($explodedPath[1]) ? $explodedPath[1] : 'index';
$actionName = $objUtilFunctions->hypenToCamel($actionName);
$serviceAction = 'action' . ucfirst($actionName);
//check if action exists in service or not
if (!method_exists($objService, $serviceAction)) {
$objUtilResponse->renderJson(array('message' => 'invalid url request', 'status' => '400'), 400);
}
//run service
$objService->{$serviceAction}();
// clear app registry for next http call;
Registry::clearRegistry();
public function actionSlo()
{
$returnUrl = $this->_request->getParam('return');
\utilities\Registry::clearRegistry();
$auth = new \SimpleSAML_Auth_Simple('authinstance');
$auth->logout($returnUrl);
assert('FALSE');
}
