/**
* Implements RestfulAuthenticationInterface::authenticate().
*/
public function authenticate(array $request = array(), $method = \RestfulInterface::GET) {
if (!drupal_session_started() && !$this->isCli()) {
return;
}
global $user;
$account = user_load($user->uid);
if (!\RestfulBase::isWriteMethod($method) || empty($request['__application']['rest_call'])) {
// Request is done via API not CURL, or not a write operation, so we don't
// need to check for a CSRF token.
return $account;
}
if (empty($request['__application']['csrf_token'])) {
throw new \RestfulBadRequestException('No CSRF token passed in the HTTP header.');
}
if (!drupal_valid_token($request['__application']['csrf_token'], \RestfulBase::TOKEN_VALUE)) {
throw new \RestfulForbiddenException('CSRF token validation failed.');
}
// CSRF validation passed.
return $account;
}
/**
* {@inheritdoc}
*/
public function authenticate(RequestInterface $request)
{
if (!drupal_session_started() && !$this->isCli($request)) {
return NULL;
}
global $user;
$account = user_load($user->uid);
if (!$request::isWriteMethod($request->getMethod()) || $request->getApplicationData('rest_call')) {
// Request is done via API not CURL, or not a write operation, so we don't
// need to check for a CSRF token.
return $account;
}
if (!RestfulManager::isRestfulPath($request)) {
return $account;
}
if (!$request->getCsrfToken()) {
throw new BadRequestException('No CSRF token passed in the HTTP header.');
}
if (!drupal_valid_token($request->getCsrfToken(), Authentication::TOKEN_VALUE)) {
throw new ForbiddenException('CSRF token validation failed.');
}
// CSRF validation passed.
return $account;
}
/**
* Factory implements session singleton.
* @return \raptor\Context
*/
public static function getInstance($forceReset = FALSE, $bSystemDrivenAction = FALSE)
{
if (session_status() == PHP_SESSION_NONE) {
error_log('CONTEXTgetInstance::Starting session');
session_start();
drupal_session_started(TRUE);
//If we dont do this we risk warning messages elsewhere.
}
if (!isset($_SESSION['CREATED'])) {
$startedtime = time();
error_log('CONTEXTgetInstance::Setting CREATED value of session to ' . $startedtime);
$_SESSION['CREATED'] = $startedtime;
}
global $user;
$bLocalReset = FALSE;
if (user_is_logged_in()) {
$tempUID = $user->uid;
} else {
$tempUID = 0;
}
//error_log('CONTEXTgetInstance::tempUID='.$tempUID);
$bSessionResetFlagDetected = $forceReset || isset($_GET['reset_session']) && $_GET['reset_session'] == 'YES';
if (isset($_SESSION[CONST_NM_RAPTOR_CONTEXT]) && !$bSessionResetFlagDetected) {
//We will return this instance unless ...
$candidate = unserialize($_SESSION[CONST_NM_RAPTOR_CONTEXT]);
$wmodeParam = $candidate->getWorklistMode();
$candidateUID = $candidate->getUID();
if ($candidateUID == 0 && $tempUID != 0 && !$candidate->hasForceLogoutReason()) {
//Convert this session instance into instance for the UID, normal occurrence to do this after a login.
$candidate->m_nUID = $tempUID;
$candidate->serializeNow('Set the uid to the user->uid');
} else {
if ($candidate->m_nUID > -1 && $candidate->getUID() !== $tempUID) {
//This can happen if a user left without proper logout.
$errmsg = 'Must reset because candidate UID[' . $candidate->getUID() . '] != current UID[' . $tempUID . ']';
//drupal_set_message($errmsg, 'error');
error_log('CONTEXTgetInstance::' . $errmsg . "\nCANDIDATE at time of reset=" . print_r($candidate, TRUE));
$bLocalReset = TRUE;
$candidate = NULL;
$wmodeParam = 'P';
//Hardcode assumption for now.
} else {
$bLocalReset = FALSE;
Context::debugDrupalMsg('<h3>Hi from Context: Using existing instance from [' . $candidate->m_nInstanceTimestamp . '] at [' . microtime(TRUE) . "]</h3> " . $candidate->getContextHtmlDebugInfo());
if (!isset($candidate->m_sVistaUserID)) {
Context::debugDrupalMsg(microtime(TRUE) . ') DID NOT FIND USER IN EXISTING SESSION!!!!->' . print_r($candidate, TRUE), 'error');
}
}
}
} else {
//No session already exists, so we will create a new one.
error_log('CONTEXTgetInstance::WORKFLOWDEBUG>>>NO EXISTING SESSION!!! Not using an existing session: bSessionResetFlagDetected=' . $bSessionResetFlagDetected . ' from ' . $_SERVER['REMOTE_ADDR'] . " CALLER==> " . Context::debugGetCallerInfo(10));
Context::debugDrupalMsg('Not using an existing session: bSessionResetFlagDetected=' . $bSessionResetFlagDetected);
$bLocalReset = TRUE;
$candidate = NULL;
$wmodeParam = 'P';
//Hardcode assumption for now.
}
$bAccountConflictDetected = FALSE;
//Set to true if something funny is going on.
if ($candidate == NULL) {
$bLocalReset = TRUE;
} else {
if ($bSystemDrivenAction) {
//Update the session info.
$candidate->m_nInstanceSystemActionTimestamp = time();
$candidate->serializeNow();
//Store this now!!!
} else {
//Update user action tracking in datatabase.
if ($candidate !== NULL) {
$nElapsedSeconds = time() - $candidate->m_nInstanceUserActionTimestamp;
} else {
$nElapsedSeconds = 0;
}
if (isset($tempUID) && $tempUID !== 0 && $nElapsedSeconds > 10) {
try {
//First make sure no one else is logged in as same UID
$resultOther = db_select('raptor_user_recent_activity_tracking', 'u')->fields('u')->condition('uid', $tempUID, '=')->condition('ipaddress', $_SERVER['REMOTE_ADDR'], '<>')->orderBy('most_recent_action_dt', 'DESC')->execute();
if ($resultOther->rowCount() > 0) {
$resultMe = db_select('raptor_user_recent_activity_tracking', 'u')->fields('u')->condition('uid', $tempUID, '=')->condition('ipaddress', $_SERVER['REMOTE_ADDR'], '=')->execute();
if ($resultMe->rowCount() > 0) {
$other = $resultOther->fetchAssoc();
$me = $resultMe->fetchAssoc();
$bAccountConflictDetected = $other['most_recent_action_dt'] >= $me['most_recent_action_dt'];
if ($bAccountConflictDetected) {
error_log('CONTEXTgetInstance::Account conflict has been detected for UID=[' . $tempUID . '] this user at ' . $_SERVER['REMOTE_ADDR'] . ' other user at ' . $other['ipaddress'] . '>>> TIMES = other[' . $other['most_recent_action_dt'] . '] vs this[' . $me['most_recent_action_dt'] . ']');
} else {
error_log('CONTEXTgetInstance::No account conflict detected on check (es=' . $nElapsedSeconds . ') for UID=[' . $tempUID . '] this user at ' . $_SERVER['REMOTE_ADDR'] . ' other user at ' . $other['ipaddress'] . '>>> TIMES = other[' . $other['most_recent_action_dt'] . '] vs this[' . $me['most_recent_action_dt'] . ']');
}
}
}
if (!$forceReset) {
//Log our activity.
$updated_dt = date("Y-m-d H:i:s", time());
db_insert('raptor_user_activity_tracking')->fields(array('uid' => $tempUID, 'action_cd' => UATC_GENERAL, 'ipaddress' => $_SERVER['REMOTE_ADDR'], 'updated_dt' => $updated_dt))->execute();
$updated_dt = date("Y-m-d H:i:s", time());
//Write the recent activity to the single record that tracks it too.
db_merge('raptor_user_recent_activity_tracking')->key(array('uid' => $tempUID, 'ipaddress' => $_SERVER['REMOTE_ADDR']))->fields(array('uid' => $tempUID, 'ipaddress' => $_SERVER['REMOTE_ADDR'], 'most_recent_action_dt' => $updated_dt, 'most_recent_action_cd' => UATC_GENERAL))->execute();
}
//Update the session info.
error_log('WORKFLOWDEBUG>>Updating user activity...' . "\n\tInstance ts = " . $candidate->m_nInstanceTimestamp . "\n\tUserAction ts = " . $candidate->m_nInstanceUserActionTimestamp . "\n\tSystemAction ts = " . $candidate->m_nInstanceSystemActionTimestamp . "\n\tuseridleseconds = " . $candidate->getUserIdleSeconds() . '\\t(Allowed=' . USER_TIMEOUT_SECONDS . ')');
$candidate->m_nInstanceUserActionTimestamp = time();
$candidate->serializeNow();
//Store this now!!!
} catch (\Exception $ex) {
error_log('CONTEXTgetInstance::Trouble updating raptor_user_activity_tracking>>>' . print_r($ex, TRUE));
}
}
}
}
if ($bLocalReset) {
//Clear existing context except for any user login info.
global $user;
$tempUID = $user->uid;
$candidate = new \raptor\Context($tempUID);
if (isset($_SESSION[CONST_NM_RAPTOR_CONTEXT])) {
//Preserve existing credientials.
$current = unserialize($_SESSION[CONST_NM_RAPTOR_CONTEXT]);
error_context_log('CONTEXTgetInstance::Clearing cache except login credentials for VistaUserID=' . $current->m_sVistaUserID);
$candidate->m_sVistaUserID = $current->m_sVistaUserID;
//20140609
$candidate->m_sVAPassword = $current->m_sVAPassword;
//20140609
}
$_SESSION[CONST_NM_RAPTOR_CONTEXT] = serialize($candidate);
$candidate = unserialize($_SESSION[CONST_NM_RAPTOR_CONTEXT]);
Context::debugDrupalMsg('Created new context at ' + $candidate->m_nInstanceTimestamp);
} else {
Context::debugDrupalMsg('[' . $candidate->m_nInstanceTimestamp . '] Got context from cache! UID=' . $candidate->getUID());
}
//Now trigger logout if account conflict was detected.
if ($bAccountConflictDetected) {
//Don't get stuck in an infinite loop.
if (substr($candidate->m_sVistaUserID, 0, 8) !== 'kickout_') {
$candidate->m_aForceLogoutReason = array();
$candidate->m_aForceLogoutReason['code'] = 101;
$candidate->m_aForceLogoutReason['text'] = 'Another workstation has logged in as the same RAPTOR user account "' . $candidate->m_sVistaUserID . '"';
$msg = 'You are kicked out because another workstation has logged in as the same RAPTOR user account "' . $candidate->m_sVistaUserID . '"';
error_log('CONTEXT KICKOUT ACCOUNT CONFLICT DETECTED ON [' . $candidate->m_sVistaUserID . '] >>> ' . time() . "\n\tSESSION>>>>" . print_r($_SESSION, TRUE));
$candidate->m_sVistaUserID = 'kickout_' . $candidate->m_sVistaUserID;
$candidate->m_sVAPassword = NULL;
$candidate->serializeNow();
//Store this now!!!
}
}
if (!isset($candidate->m_mdwsClient)) {
if ($candidate == NULL) {
error_log('CONTEXTgetInstance::WORKFLOWDEBUG>>>getInstance has candidate instance from ' . $_SERVER['REMOTE_ADDR']);
} else {
error_log('CONTEXTgetInstance::WORKFLOWDEBUG>>>getInstance has NO existing Mdws connection for ' . $candidate->m_sVistaUserID . ' from ' . $_SERVER['REMOTE_ADDR'] . ' in ' . $candidate->m_nInstanceTimestamp);
}
}
return $candidate;
}
public function isSessionStarted()
{
return drupal_session_started();
}
/**
* Stores the current transaction session to the Drupal session.
*/
public function storeToSession()
{
if (!drupal_session_started()) {
drupal_session_start();
}
$_SESSION['publisher_transaction_session'] = $this;
}
