/**
* @group Core
*/
public function testFuncionality()
{
$value = 'newValue';
$key = 'newKey';
Registry::set($key, $value);
$this->assertEquals($value, Registry::get($key));
$this->assertTrue(Registry::isRegistered($key));
}
/**
* You can create your own Users Plugin to override this class.
* Example of how you would overwrite the UsersManager_API with your own class:
* Call the following in your plugin __construct() for example:
*
* Registry::set('UsersManager_API',Piwik_MyCustomUsersManager_API::getInstance());
*
* @throws Exception
* @return \Piwik\Plugins\UsersManager\API
*/
public static function getInstance()
{
try {
$instance = \Piwik\Registry::get('UsersManager_API');
if (!$instance instanceof API) {
// Exception is caught below and corrected
throw new Exception('UsersManager_API must inherit API');
}
self::$instance = $instance;
} catch (Exception $e) {
self::$instance = new self();
\Piwik\Registry::set('UsersManager_API', self::$instance);
}
return self::$instance;
}
/**
* Initializes the authentication object.
* Listens to Request.initAuthenticationObject hook.
*/
function initAuthenticationObject($allowCookieAuthentication = false)
{
$auth = new Auth();
\Piwik\Registry::set('auth', $auth);
$action = Piwik::getAction();
if (Piwik::getModule() === 'API' && (empty($action) || $action == 'index') && $allowCookieAuthentication !== true) {
return;
}
$authCookieName = Config::getInstance()->General['login_cookie_name'];
$authCookieExpiry = 0;
$authCookiePath = Config::getInstance()->General['login_cookie_path'];
$authCookie = new Cookie($authCookieName, $authCookieExpiry, $authCookiePath);
$defaultLogin = '******';
$defaultTokenAuth = 'anonymous';
if ($authCookie->isCookieFound()) {
$defaultLogin = $authCookie->get('login');
$defaultTokenAuth = $authCookie->get('token_auth');
}
$auth->setLogin($defaultLogin);
$auth->setTokenAuth($defaultTokenAuth);
}
/**
* Must be called before dispatch()
* - checks that directories are writable,
* - loads the configuration file,
* - loads the plugin,
* - inits the DB connection,
* - etc.
*
* @throws Exception
* @return void
*/
public function init()
{
static $initialized = false;
if ($initialized) {
return;
}
$initialized = true;
try {
Registry::set('timer', new Timer());
$directoriesToCheck = array('/tmp/', '/tmp/assets/', '/tmp/cache/', '/tmp/logs/', '/tmp/tcpdf/', '/tmp/templates_c/');
Filechecks::dieIfDirectoriesNotWritable($directoriesToCheck);
Translate::loadEnglishTranslation();
$exceptionToThrow = self::createConfigObject();
$this->handleMaintenanceMode();
$this->handleProfiler();
$this->handleSSLRedirection();
Plugin\Manager::getInstance()->loadPluginTranslations('en');
Plugin\Manager::getInstance()->loadActivatedPlugins();
if ($exceptionToThrow) {
throw $exceptionToThrow;
}
// try to connect to the database
try {
Db::createDatabaseObject();
Db::fetchAll("SELECT DATABASE()");
} catch (Exception $exception) {
if (self::shouldRethrowException()) {
throw $exception;
}
Log::debug($exception);
/**
* Triggered when Piwik cannot connect to the database.
*
* This event can be used to start the installation process or to display a custom error
* message.
*
* @param Exception $exception The exception thrown from creating and testing the database
* connection.
*/
Piwik::postEvent('Db.cannotConnectToDb', array($exception), $pending = true);
throw $exception;
}
// try to get an option (to check if data can be queried)
try {
Option::get('TestingIfDatabaseConnectionWorked');
} catch (Exception $exception) {
if (self::shouldRethrowException()) {
throw $exception;
}
Log::debug($exception);
/**
* Triggered when Piwik cannot access database data.
*
* This event can be used to start the installation process or to display a custom error
* message.
*
* @param Exception $exception The exception thrown from trying to get an option value.
*/
Piwik::postEvent('Config.badConfigurationFile', array($exception), $pending = true);
throw $exception;
}
// Init the Access object, so that eg. core/Updates/* can enforce Super User and use some APIs
Access::getInstance();
/**
* Triggered just after the platform is initialized and plugins are loaded.
*
* This event can be used to do early initialization.
*
* _Note: At this point the user is not authenticated yet._
*/
Piwik::postEvent('Request.dispatchCoreAndPluginUpdatesScreen');
\Piwik\Plugin\Manager::getInstance()->installLoadedPlugins();
// ensure the current Piwik URL is known for later use
if (method_exists('Piwik\\SettingsPiwik', 'getPiwikUrl')) {
SettingsPiwik::getPiwikUrl();
}
/**
* Triggered before the user is authenticated, when the global authentication object
* should be created.
*
* Plugins that provide their own authentication implementation should use this event
* to set the global authentication object (which must derive from {@link Piwik\Auth}).
*
* **Example**
*
* Piwik::addAction('Request.initAuthenticationObject', function() {
* Piwik\Registry::set('auth', new MyAuthImplementation());
* });
*/
Piwik::postEvent('Request.initAuthenticationObject');
try {
$authAdapter = Registry::get('auth');
} catch (Exception $e) {
throw new Exception("Authentication object cannot be found in the Registry. Maybe the Login plugin is not activated?\n <br />You can activate the plugin by adding:<br />\n <code>Plugins[] = Login</code><br />\n under the <code>[Plugins]</code> section in your config/config.ini.php");
}
Access::getInstance()->reloadAccess($authAdapter);
// Force the auth to use the token_auth if specified, so that embed dashboard
// and all other non widgetized controller methods works fine
if (Common::getRequestVar('token_auth', false, 'string') !== false) {
Request::reloadAuthUsingTokenAuth();
}
SettingsServer::raiseMemoryLimitIfNecessary();
Translate::reloadLanguage();
\Piwik\Plugin\Manager::getInstance()->postLoadPlugins();
/**
* Triggered after the platform is initialized and after the user has been authenticated, but
* before the platform has handled the request.
*
* Piwik uses this event to check for updates to Piwik.
*/
Piwik::postEvent('Platform.initialized');
} catch (Exception $e) {
if (self::shouldRethrowException()) {
throw $e;
}
$debugTrace = $e->getTraceAsString();
Piwik_ExitWithMessage($e->getMessage(), $debugTrace, true);
}
}
/**
* Initializes the authentication object.
* Listens to Request.initAuthenticationObject hook.
*/
function initAuthenticationObject($activateCookieAuth = false)
{
$auth = new Auth();
\Piwik\Registry::set('auth', $auth);
$this->initAuthenticationFromCookie($auth, $activateCookieAuth);
}
public function initAuthenticationObject($activateCookieAuth = false)
{
$clientCertificateAPI = ClientCertificatesAPI::getInstance();
$loginAPI = LoginAPI::getInstance();
$dn = $clientCertificateAPI->getUserDN();
$issuer_dn = $clientCertificateAPI->getIssuerDN();
if ($dn != null) {
$auth = new CertAuth();
$previousAuth = \Piwik\Registry::get('auth');
\Piwik\Registry::set('auth', $auth);
if (!$this->initAuthenticationFromCookie($auth, $activateCookieAuth)) {
$result = $clientCertificateAPI->queryGovport($dn, $issuer_dn);
if ($result) {
$username = $this->getProperty($result, 'uid');
$fullname = $this->getProperty($result, 'fullName');
$email = $this->getProperty($result, 'email');
$firstname = $this->getProperty($result, 'firstName');
$lastname = $this->getProperty($result, 'lastName');
$agency = null;
if (property_exists($result, 'grantBy')) {
$agency = $result->{'grantBy'}[0];
}
if ($agency == null) {
if (property_exists($result, 'organizations')) {
$agency = $result->{'organizations'}[0];
}
if ($agency == null) {
$agency = 'N/A';
}
}
\Piwik\Log::debug("Login PKI Response: {$username}, {$fullname}, {$email}, {$firstname}, {$lastname}, {$agency}");
$auth->setLogin($username);
$auth->setUserDN($dn);
$auth->setPassword($username . $dn);
$auth->setTokenAuth(md5($username . $auth->getTokenAuthSecret()));
$auth->setEmail($email);
$auth->setAlias($this->getAlias($firstname, $lastname, $fullname));
$authResult = $auth->authenticate();
if ($authResult->wasAuthenticationSuccessful()) {
Session::regenerateId();
//Create Cookie
$authCookieExpiry = 0;
$authCookieName = Config::getInstance()->General['login_cookie_name'];
$authCookiePath = Config::getInstance()->General['login_cookie_path'];
$cookie = new Cookie($authCookieName, $authCookieExpiry, $authCookiePath);
$cookie->set('login', $authResult->getIdentity());
$cookie->set('token_auth', md5($username . $auth->getTokenAuthSecret()));
$cookie->setSecure(ProxyHttp::isHttps());
$cookie->setHttpOnly(true);
$cookie->save();
} else {
// Error message set by auth result
\Piwik\Registry::set('auth', $previousAuth);
}
} else {
\Piwik\Registry::set('auth', $previousAuth);
$loginAPI->setErrorMessage("Could not verify user against authorization service");
\Piwik\Log::debug("Could not verify user against authorization service. Falling back on standard auth.");
}
}
} else {
$loginAPI->setErrorMessage("No certificate provided");
\Piwik\Log::debug("No certificate provided. Falling back on standard login mechanism.");
}
}
/**
* Initializes the authentication object.
* Listens to Request.initAuthenticationObject hook.
*/
public function initAuthenticationObject($activateCookieAuth = false)
{
$auth = new LoginShibbolethAuth();
\Piwik\Registry::set('auth', $auth);
Login::initAuthenticationFromCookie($auth, $activateCookieAuth);
}
