protected function logoutSuccessful()
{
$authorityIndex = $this->getArg('authority');
//if they are still logged in return to the login page, otherwise go home.
if ($this->isLoggedIn()) {
$this->redirectTo('index', array('logout' => $authorityIndex));
} elseif ($this->nativeApp) {
$this->assign('message', $this->getLocalizedString("LOGOUT_SUCCESSFUL"));
$this->assign('redirectURL', KurogoWebBridge::getInternalLink($this->configModule, 'logoutComplete', array()));
} else {
$this->redirectToModule($this->getHomeModuleID(), '', array('logout' => $authorityIndex));
}
}
protected function buildBreadcrumbURLForModule($id, $page, $args, $addBreadcrumb = true)
{
KurogoWebBridge::removeAddedParameters($args);
$args = array_merge($args, $this->getBreadcrumbArgs($addBreadcrumb));
if (KurogoWebBridge::shouldRewriteInternalLinks()) {
$url = KurogoWebBridge::getInternalLink($id, $page, $args);
} else {
$url = "/{$id}/{$page}?" . http_build_query($args);
}
return $url;
}
protected function initializeForPage()
{
$this->assign('nativeApp', $this->nativeApp);
// If this is a native app, use the native app GA id
if ($this->nativeApp) {
$this->assign('GOOGLE_ANALYTICS_ID', Kurogo::getOptionalSiteVar('GOOGLE_ANALYTICS_NATIVE_ID'));
}
if (!Kurogo::getSiteVar('AUTHENTICATION_ENABLED')) {
throw new KurogoConfigurationException($this->getLocalizedString("ERROR_AUTHENTICATION_DISABLED"));
}
$session = $this->getSession();
//return URL
$urlArray = $this->extractModuleArray($this->args);
//see if remain logged in is enabled by the administrator, then if the value has been passed (i.e. the user checked the "remember me" box)
$allowRemainLoggedIn = Kurogo::getOptionalSiteVar('AUTHENTICATION_REMAIN_LOGGED_IN_TIME');
if ($allowRemainLoggedIn) {
$remainLoggedIn = $this->getArg('remainLoggedIn', 0);
} else {
$remainLoggedIn = 0;
}
// initialize
$authenticationAuthorities = array('total' => 0, 'direct' => array(), 'indirect' => array(), 'auto' => array());
$invalidAuthorities = array();
// cycle through the defined authorities in the config
foreach (AuthenticationAuthority::getDefinedAuthenticationAuthorities() as $authorityIndex => $authorityData) {
// USER_LOGIN property determines whether the authority is used for logins (or just groups or oauth)
$USER_LOGIN = $this->argVal($authorityData, 'USER_LOGIN', 'NONE');
// trap the exception if the authority is invalid (usually due to misconfiguration)
try {
$authority = AuthenticationAuthority::getAuthenticationAuthority($authorityIndex);
$authorityData['listclass'] = $authority->getAuthorityClass();
$authorityData['title'] = $authorityData['TITLE'];
$authorityData['url'] = $this->buildURL('login', array_merge($urlArray, array('authority' => $authorityIndex, 'remainLoggedIn' => $remainLoggedIn, 'startOver' => 1)));
if ($USER_LOGIN == 'FORM') {
$authenticationAuthorities['direct'][$authorityIndex] = $authorityData;
$authenticationAuthorities['total']++;
} elseif ($USER_LOGIN == 'LINK') {
$authenticationAuthorities['indirect'][$authorityIndex] = $authorityData;
$authenticationAuthorities['total']++;
} elseif ($USER_LOGIN == 'AUTO') {
$authenticationAuthorities['auto'][$authorityIndex] = $authorityData;
$authenticationAuthorities['total']++;
}
} catch (KurogoConfigurationException $e) {
Kurogo::log(LOG_WARNING, sprintf("Invalid authority data for %s: %s", $authorityIndex, $e->getMessage()), 'auth');
$invalidAuthorities[$authorityIndex] = $e->getMessage();
}
}
//see if we have any valid authorities
if ($authenticationAuthorities['total'] == 0) {
$message = $this->getLocalizedString("ERROR_NO_AUTHORITIES");
if (count($invalidAuthorities) > 0) {
$message .= sprintf(" %s invalid authorit%s found:\n", count($invalidAuthorities), count($invalidAuthorities) > 1 ? 'ies' : 'y');
foreach ($invalidAuthorities as $authorityIndex => $invalidAuthority) {
$message .= sprintf("%s: %s\n", $authorityIndex, $invalidAuthority);
}
}
//we don't
throw new KurogoConfigurationException($message);
}
//assign template variables
$this->assign('authenticationAuthorities', $authenticationAuthorities);
$this->assign('allowRemainLoggedIn', $allowRemainLoggedIn);
if ($forgetPasswordURL = $this->getOptionalModuleVar('FORGET_PASSWORD_URL')) {
$this->assign('FORGET_PASSWORD_URL', $this->buildBreadcrumbURL('forgotpassword', array()));
$this->assign('FORGET_PASSWORD_TEXT', $this->getOptionalModuleVar('FORGET_PASSWORD_TEXT', $this->getLocalizedString('FORGET_PASSWORD_TEXT')));
}
$multipleAuthorities = count($authenticationAuthorities['direct']) + count($authenticationAuthorities['indirect']) > 1;
switch ($this->page) {
case 'logoutConfirm':
//this page is presented when a specific authority is chosen and the user is presented the option to actually log out.
$authorityIndex = $this->getArg('authority');
if (!$this->isLoggedIn($authorityIndex)) {
// they aren't logged in
$this->redirectTo('index');
} elseif ($user = $this->getUser($authorityIndex)) {
$authority = $user->getAuthenticationAuthority();
$this->assign('message', $this->getLocalizedString('LOGIN_SIGNED_IN_SINGLE', Kurogo::getSiteString('SITE_NAME'), $authority->getAuthorityTitle(), $user->getFullName()));
$this->assign('url', $this->buildURL('logout', array('authority' => $authorityIndex)));
$this->assign('linkText', $this->getLocalizedString('SIGN_OUT'));
} else {
//This honestly should never happen
$this->redirectTo('index');
}
break;
case 'logout':
$authorityIndex = $this->getArg('authority');
//hard logouts attempt to logout of the indirect service provider (must be implemented by the authority)
$hard = $this->getArg('hard', false);
if (!$this->isLoggedIn($authorityIndex)) {
//not logged in
$this->redirectTo('index');
} elseif ($authority = AuthenticationAuthority::getAuthenticationAuthority($authorityIndex)) {
$user = $this->getUser($authority);
//log them out
$result = $session->logout($authority, $hard);
} else {
//This honestly should never happen
$this->redirectTo('index');
}
if ($result) {
$this->setLogData($user, $user->getFullName());
$this->logView();
//if they are still logged in return to the login page, otherwise go home.
if ($this->isLoggedIn()) {
$this->redirectTo('index', array('logout' => $authorityIndex));
} elseif ($this->nativeApp) {
$this->assign('message', $this->getLocalizedString("LOGOUT_SUCCESSFUL"));
// $this->assign('buttonURL', $this->buildURL('logoutComplete'));
// $this->assign('buttonTitle', $this->getLocalizedString('LOGOUT_DISMISS'));
$this->assign('redirectURL', KurogoWebBridge::getInternalLink($this->configModule, 'logoutComplete', array()));
} else {
$this->redirectToModule($this->getHomeModuleID(), '', array('logout' => $authorityIndex));
}
} else {
//there was an error logging out
$this->assign('message', $this->getLocalizedString("ERROR_SIGN_OUT"));
}
break;
case 'forgotpassword':
//redirect to forgot password url
if ($forgetPasswordURL = $this->getOptionalModuleVar('FORGET_PASSWORD_URL')) {
Kurogo::redirectToURL($forgetPasswordURL);
} else {
$this->redirectTo('index');
}
break;
case 'login':
//get arguments
$login = $this->argVal($_POST, 'loginUser', '');
$password = $this->argVal($_POST, 'loginPassword', '');
$options = array_merge($urlArray, array('remainLoggedIn' => $remainLoggedIn));
$session = $this->getSession();
$session->setRemainLoggedIn($remainLoggedIn);
$authorityIndex = $this->getArg('authority', '');
if (!($authorityData = AuthenticationAuthority::getAuthenticationAuthorityData($authorityIndex))) {
//invalid authority
$this->redirectTo('index', $options);
}
if ($this->isLoggedIn($authorityIndex)) {
//we're already logged in
$this->redirectTo('index', $options);
}
$this->assign('authority', $authorityIndex);
$this->assign('remainLoggedIn', $remainLoggedIn);
$this->assign('authorityTitle', $authorityData['TITLE']);
//if they haven't submitted the form and it's a direct login show the form
if ($authorityData['USER_LOGIN'] == 'FORM' && empty($login)) {
if (!($loginMessage = $this->getOptionalModuleVar('LOGIN_DIRECT_MESSAGE'))) {
$loginMessage = $this->getLocalizedString('LOGIN_DIRECT_MESSAGE', Kurogo::getSiteString('SITE_NAME'));
}
$this->assign('LOGIN_DIRECT_MESSAGE', $loginMessage);
$this->assign('urlArray', $urlArray);
break;
} elseif ($authority = AuthenticationAuthority::getAuthenticationAuthority($authorityIndex)) {
//indirect logins handling the login process themselves. Send a return url so the indirect authority can come back here
if ($authorityData['USER_LOGIN'] == 'LINK') {
$options['return_url'] = FULL_URL_BASE . $this->configModule . '/login?' . http_build_query(array_merge($options, array('authority' => $authorityIndex)));
}
$options['startOver'] = $this->getArg('startOver', 0);
$result = $authority->login($login, $password, $session, $options);
} else {
$this->redirectTo('index', $options);
}
switch ($result) {
case AUTH_OK:
$user = $this->getUser($authority);
$this->setLogData($user, $user->getFullName());
$this->logView();
if ($this->nativeApp) {
$this->assign('showMessage', true);
$this->assign('message', $this->getLocalizedString("LOGIN_SUCCESSFUL"));
$this->assign('redirectURL', KurogoWebBridge::getInternalLink($this->configModule, 'loginComplete', array()));
break 2;
} elseif ($urlArray) {
$this->redirectToArray($urlArray, Kurogo::REDIRECT_SEE_OTHER);
} else {
$this->redirectToModule($this->getHomeModuleID(), '', array('login' => $authorityIndex), Kurogo::REDIRECT_SEE_OTHER);
}
break;
case AUTH_OAUTH_VERIFY:
// authorities that require a manual oauth verification key
$this->assign('verifierKey', $authority->getVerifierKey());
$this->setTemplatePage('oauth_verify.tpl');
break 2;
default:
//there was a problem.
if ($authorityData['USER_LOGIN'] == 'FORM') {
$this->assign('message', $this->getLocalizedString('ERROR_LOGIN_DIRECT'));
break 2;
} else {
$this->redirectTo('index', array_merge(array('messagekey' => 'ERROR_LOGIN_INDIRECT'), $options));
}
}
case 'index':
//sometimes messages are passed. This probably has some
if ($messagekey = $this->getArg('messagekey')) {
$this->assign('messagekey', $this->getLocalizedString($messagekey));
try {
$message = $this->getLocalizedString($messagekey);
$this->assign('message', $message);
} catch (KurogoException $e) {
}
}
if ($this->isLoggedIn()) {
//if the url is set then redirect
if ($urlArray) {
$this->redirectToArray($urlArray);
}
//if there is only 1 authority then redirect to logout confirm
if (!$multipleAuthorities) {
$user = $this->getUser();
$this->redirectTo('logoutConfirm', array('authority' => $user->getAuthenticationAuthorityIndex()));
}
//more than 1 authority. There could be 1 or more actual logged in users
$sessionUsers = $session->getUsers();
$users = array();
//cycle through the logged in users to build a list
foreach ($sessionUsers as $authorityIndex => $user) {
$authority = $user->getAuthenticationAuthority();
$users[] = array('class' => $authority->getAuthorityClass(), 'title' => count($sessionUsers) > 1 ? $this->getLocalizedString("SIGN_OUT_AUTHORITY", $authority->getAuthorityTitle(), $user->getFullName()) : $this->getLocalizedString('SIGN_OUT'), 'subtitle' => count($sessionUsers) > 1 ? $this->getLocalizedString('SIGN_OUT') : '', 'url' => $this->buildBreadcrumbURL('logout', array('authority' => $authorityIndex), false));
//remove the authority from the list of available authorities (since they are logged in)
if (isset($authenticationAuthorities['direct'][$authorityIndex])) {
unset($authenticationAuthorities['direct'][$authorityIndex]);
}
if (isset($authenticationAuthorities['indirect'][$authorityIndex])) {
unset($authenticationAuthorities['indirect'][$authorityIndex]);
}
}
$this->assign('users', $users);
// navlist of users
$this->assign('authenticationAuthorities', $authenticationAuthorities);
//list of authorities not logged in
$this->assign('moreAuthorities', count($authenticationAuthorities['direct']) + count($authenticationAuthorities['indirect']));
//see if there are any left
if (count($sessionUsers) == 1) {
//there's only on logged in user
$user = current($sessionUsers);
$authority = $user->getAuthenticationAuthority();
$this->assign('LOGIN_SIGNED_IN_MESSAGE', $this->getLocalizedString('LOGIN_SIGNED_IN_SINGLE', Kurogo::getSiteString('SITE_NAME'), $authority->getAuthorityTitle(), $user->getFullName()));
} else {
//there are multiple logged in users
$this->assign('LOGIN_SIGNED_IN_MESSAGE', $this->getLocalizedString('LOGIN_SIGNED_IN_MULTIPLE', Kurogo::getSiteString('SITE_NAME')));
}
//use loggedin.tpl
$this->setTemplatePage('loggedin');
} else {
// not logged in
// if there is only 1 direct authority then redirect to the login page for that authority
if (!$multipleAuthorities && count($authenticationAuthorities['direct'])) {
$this->redirectTo('login', array_merge($urlArray, array('authority' => key($authenticationAuthorities['direct']))));
}
// if there is only 1 auto authority then redirect to the login page for that authority
if (!$multipleAuthorities && count($authenticationAuthorities['auto']) && !$messagekey) {
$this->redirectTo('login', array_merge($urlArray, array('authority' => key($authenticationAuthorities['auto']))));
}
// do we have any indirect authorities?
if (count($authenticationAuthorities['indirect'])) {
if (!($indirectMessage = $this->getOptionalModuleVar('LOGIN_INDIRECT_MESSAGE'))) {
$indirectMessage = $this->getLocalizedString('LOGIN_INDIRECT_MESSAGE', Kurogo::getSiteString('SITE_NAME'));
}
$this->assign('LOGIN_INDIRECT_MESSAGE', $indirectMessage);
}
// the site can create their own message at the top, or it will use the default message
if (!($loginMessage = $this->getOptionalModuleVar('LOGIN_INDEX_MESSAGE'))) {
if ($multipleAuthorities) {
$loginMessage = $this->getLocalizedString('LOGIN_INDEX_MESSAGE_MULTIPLE', Kurogo::getSiteString('SITE_NAME'));
} else {
$loginMessage = $this->getLocalizedString('LOGIN_INDEX_MESSAGE_SINGLE', Kurogo::getSiteString('SITE_NAME'));
}
}
$this->assign('LOGIN_INDEX_MESSAGE', $loginMessage);
}
break;
}
}
