<?php require 'views/header.php'; $user = BeeHub_Auth::inst()->current_user(); $attributes = $simpleSaml->getAttributes(); ?> <h3>Link SURFconext account</h3> <p> <div>You are about to link your SURFconext account to the BeeHub account with user name '<em><?php echo $user->name; ?> </em>' and display name '<em><?php echo $user->prop(DAV::PROP_DISPLAYNAME); ?> </em>'. To help you determine if you're logged in to the right SURFconext account, here is the information you've shared with BeeHub through SURFconext:</div> <div>Display name: <em><?php echo !empty($attributes['urn:mace:dir:attribute-def:displayName']) ? $attributes['urn:mace:dir:attribute-def:displayName'][0] : 'not provided'; ?> </em></div> <div>E-mail address: <em><?php echo !empty($attributes['urn:mace:dir:attribute-def:mail']) ? $attributes['urn:mace:dir:attribute-def:mail'][0] : 'not provided'; ?> </em></div> <div>Organization: <em><?php echo !empty($attributes['urn:mace:terena.org:attribute-def:schacHomeOrganization']) ? $attributes['urn:mace:terena.org:attribute-def:schacHomeOrganization'][0] : 'not provided'; ?> </em></div> </p> <p>For security reasons, please provide your password.</p> <form class="form-horizontal" method="post"> <input type="hidden" name="POST_auth_code" value="<?php
<?php
} else {
?>
<li><a href="<?php
echo BeeHub::USERS_PATH;
?>
">Sign up</a></li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">Log in <span class="caret"></span></a>
<ul class="dropdown-menu">
<li><a href="<?php
echo BeeHub::urlbase(true) . DAV::getPath() . '?login=passwd';
?>
">With username/password</a></li>
<?php
if (@BeeHub_Auth::inst()->simpleSaml()->isAuthenticated()) {
?>
<li><a href="<?php
echo DAV::getPath() . '?logout=yes';
?>
">Log out from SURFconext</a></li>
<?php
} else {
?>
<li><a href="<?php
echo BeeHub::urlbase(true) . DAV::getPath() . '?login=conext';
?>
">With SURFconext</a></li>
<?php
}
?>
/**
* Get the instance that handles the authentication
*
* @return BeeHub_Auth The instance that handles the authentication
*/
public static function getAuth()
{
if (is_null(self::$auth)) {
self::$auth = BeeHub_Auth::inst();
}
return self::$auth;
}
public function __construct(\SimpleSAML_Auth_Simple $simpleSAML)
{
parent::__construct($simpleSAML);
}
<?php
defined('APPLICATION_ENV') || define('APPLICATION_ENV', getenv('APPLICATION_ENV') ? strtolower(getenv('APPLICATION_ENV')) : 'production');
defined('ENT_HTML5') || define('ENT_HTML5', 0);
require_once dirname(dirname(dirname(__FILE__))) . DIRECTORY_SEPARATOR . 'src' . DIRECTORY_SEPARATOR . 'beehub_bootstrap.php';
if (empty($_SERVER['HTTPS'])) {
header('location: ' . BeeHub::urlbase(true) . $_SERVER['REQUEST_URI']);
die;
}
// You have to be logged in through HTTP Basic authentication
if (empty($_SERVER['PHP_AUTH_PW'])) {
BeeHub_Auth::inst()->unauthorized();
die;
}
$auth = BeeHub_Auth::inst();
$auth->handle_authentication(true, true);
// And through simpleSAML too!
$simpleSaml = $auth->simpleSaml();
if (!$simpleSaml->isAuthenticated()) {
$simpleSaml->login();
}
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
require_once 'views' . DIRECTORY_SEPARATOR . 'saml_connect.php';
exit;
}
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
throw new DAV_Status(DAV::HTTP_METHOD_NOT_ALLOWED);
}
// Get some authentication info
$user = $auth->current_user();
$surfId = $simpleSaml->getAuthData("saml:sp:NameID");
public function testCheckPostAuthCode()
{
$simpleSAML = new \SimpleSAML_Auth_Simple('BeeHub');
$auth = new BeeHub_Auth($simpleSAML);
// Empty codes should not be correct!
$_POST['POST_auth_code'] = null;
$this->assertFalse($auth->checkPostAuthCode(), 'An empty POST authentication code should not be correct');
// A wrong code should not be correct
$postAuthCode = $auth->getPostAuthCode();
$_POST['POST_auth_code'] = $postAuthCode . 'wrong code';
$this->assertFalse($auth->checkPostAuthCode(), 'A wrong code should be considered wrong');
// A good code should be correct
$_POST['POST_auth_code'] = $postAuthCode;
$this->assertTrue($auth->checkPostAuthCode(), 'The correct code should be considered correct');
$newPostAuthCode = $auth->getPostAuthCode();
$this->assertNotSame($postAuthCode, $newPostAuthCode, 'After a successfull check, a new code should be generated');
// And after 5 failed attempts, a new code should be generated
for ($counter = 0; $counter < 5; $counter++) {
$this->assertFalse($auth->checkPostAuthCode(), "All five attempts with a wrong POST authentication code should fail");
}
$this->assertNotSame($newPostAuthCode, $auth->getPostAuthCode(), 'After 5 failed attempts, a new code should be generated');
}
<?php
defined('APPLICATION_ENV') || define('APPLICATION_ENV', getenv('APPLICATION_ENV') ? strtolower(getenv('APPLICATION_ENV')) : 'production');
defined('ENT_HTML5') || define('ENT_HTML5', 0);
require_once dirname(dirname(dirname(__FILE__))) . DIRECTORY_SEPARATOR . 'src' . DIRECTORY_SEPARATOR . 'beehub_bootstrap.php';
$auth = BeeHub_Auth::inst();
$auth->handle_authentication(false);
header('Content-type: application/json');
header('Cache-Control: no-cache, must-revalidate');
$notifications = BeeHub::notifications(BeeHub_Auth::inst());
print json_encode($notifications);
<?php
// Some bootstrapping
defined('APPLICATION_ENV') || define('APPLICATION_ENV', getenv('APPLICATION_ENV') ? strtolower(getenv('APPLICATION_ENV')) : 'production');
defined('ENT_HTML5') || define('ENT_HTML5', 0);
require_once dirname(dirname(dirname(__FILE__))) . DIRECTORY_SEPARATOR . 'src' . DIRECTORY_SEPARATOR . 'beehub_bootstrap.php';
// HTTPS is required for this page!
if (empty($_SERVER['HTTPS'])) {
header('location: ' . BeeHub::urlbase(true) . $_SERVER['REQUEST_URI']);
die;
}
BeeHub_Auth::inst()->handle_authentication(false);
// If you are logged in, you don't need this page, so let's redirect you to the homepage
if (BeeHub_Auth::inst()->is_authenticated()) {
header('location: ' . BeeHub::urlbase(true) . '/system/');
die;
}
header('Content-Type: text/html; charset="UTF-8"');
// A GET requests just gives you the forms
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
require 'views/password_reset_form.php';
} elseif ($_SERVER['REQUEST_METHOD'] === 'POST') {
// POST requests will either send you a reset code or, if a code is given, it will reset your password
//First try to get the username
$username = null;
if (isset($_POST['username']) && !empty($_POST['username'])) {
$username = $_POST['username'];
} elseif (isset($_POST['email']) && !empty($_POST['email'])) {
$collection = BeeHub::getNoSQL()->users;
$result = $collection->findOne(array('email' => $_POST['email']), array('name' => true));
if (!is_null($result)) {
if ($sortResources) {
usort($subResources, 'strnatcasecmp');
} else {
// If we reached the threshold, there are too many resource to sort them.
$subResources = $this;
}
// For all resources, fill table
$writableFiles = false;
$current_user_privilege_set_collection = $this->user_prop_current_user_privilege_set();
foreach ($subResources as $inode) {
$member = DAV::$REGISTRY->resource($this->path . $inode);
if (DAV::unslashify($member->path) === '/system') {
continue;
}
$owner = BeeHub_Registry::inst()->resource($member->user_prop_owner());
$isOwner = $owner instanceof BeeHub_Principal && BeeHub_Auth::inst()->current_user() instanceof BeeHub_User && BeeHub_Auth::inst()->current_user()->path === $owner->path;
$sponsor = BeeHub_Registry::inst()->resource($member->user_prop_sponsor());
// Determine if it is a file and is writable. If so, we'll want to keep the upload button enabled
if (!$writableFiles && $member->prop_resourcetype() !== DAV_Collection::RESOURCETYPE) {
try {
$member->assert(DAVACL::PRIV_WRITE_CONTENT);
$writableFiles = true;
} catch (DAV_Status $e) {
}
}
?>
<tr id="<?php
echo DAV::xmlescape(DAV::unslashify($member->path));
?>
">
<td>
<script src="/system/tests/resources/mock.js"></script>
<?php
}
?>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.9.0/jquery.min.js"></script>
<script type="text/javascript" src="/system/js/jquery-ui.js"></script>
<script type="text/javascript" src="/system/bootstrap/js/bootstrap.js"></script>
<script type="text/javascript" src="/system/js/webdavlib.js"></script>
<script type="text/javascript" src="/system/js/beehub.js"></script>
<script type="text/javascript">
nl.sara.beehub.postAuth = '<?php
echo BeeHub::getAuth()->getPostAuthCode();
?>
';
</script>
<script type="text/javascript" src="/system/js/server/principals.js"></script>
<script type="text/javascript">
nl.sara.beehub.show_notifications(<?php
echo json_encode(BeeHub::notifications(BeeHub_Auth::inst()));
?>
);
<?php
echo intval(@$_GET['show_notifications']) === 1 ? '$("#notification_button").dropdown("toggle");' : '';
?>
</script>
<?php
echo isset($footer) ? $footer : '';
?>
</body>
</html>
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* @package BeeHub
*/
// Bootstrap the application
require_once '../src/beehub_bootstrap.php';
$config = BeeHub::config();
if (@$config['install']['run_install'] === 'true') {
require_once dirname(__DIR__) . DIRECTORY_SEPARATOR . 'scripts' . DIRECTORY_SEPARATOR . 'webserver_install.php';
exit;
}
// If a GET request on the root doesn't have this server as a referer, redirect to the homepage:
if (!isset($_GET['nosystem']) && DAV::getPath() === '/' && $_SERVER['REQUEST_METHOD'] === 'GET' && (!isset($_SERVER['HTTP_REFERER']) || $_SERVER['SERVER_NAME'] !== parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST))) {
DAV::redirect(DAV::HTTP_SEE_OTHER, BeeHub::SYSTEM_PATH);
return;
}
// After bootstrapping, start authentication
if (APPLICATION_ENV === BeeHub::ENVIRONMENT_TEST || !empty($_SERVER['HTTPS'])) {
BeeHub_Auth::inst()->handle_authentication(BeeHub_Auth::is_authentication_required());
}
// And finally handle the request
$request = DAV_Request::inst();
if ($request) {
$request->handleRequest();
}
// End of file