public function authenticateAction()
{
$server = $this->_getOpenIdProvider();
$request = $server->decodeRequest();
$authAttempts = new Users_Model_AuthAttempts();
$attempt = $authAttempts->get();
$form = new Form_OpenidLogin(null, $this->view->base, $attempt && $attempt->surpassedMaxAllowed());
$formData = $this->_request->getPost();
$form->populate($formData);
if (!$form->isValid($formData)) {
$formErrors = $form->getErrors();
// gotta resort to pass errors as params because we don't use the session here
if (@$formErrors['captcha']) {
$this->_forward('login', null, null, array('invalidCaptcha' => true));
} else {
$this->_forward('login');
}
return;
}
$users = new Users_Model_Users();
$result = $users->authenticate($request->idSelect() ? $form->getValue('openIdIdentity') : $request->identity, $this->_config->yubikey->enabled && $this->_config->yubikey->force ? $form->getValue('yubikey') : $form->getValue('password'), true, $this->view);
if ($result) {
if ($attempt) {
$attempt->delete();
}
$sites = new Model_Sites();
$trustRoot = $this->_getTrustRoot($request);
if ($sites->isTrusted($users->getUser(), $trustRoot)) {
$this->_forward('proceed', null, null, array('allow' => true));
} elseif ($sites->isNeverTrusted($users->getUser(), $trustRoot)) {
$this->_forward('proceed', null, null, array('deny' => true));
} else {
$this->_forward('trust');
}
} else {
if (!$attempt) {
$authAttempts->create();
} else {
$attempt->addFailure();
$attempt->save();
}
$this->_forward('login', null, null, array('invalidLogin' => true));
}
}