Example #1
0
function unpairLatchAccount($user_id)
{
    if (isset($user_id)) {
        $api = getLatchAPIConnection();
        $accountId = getAccountIdFromStorage($user_id);
        if ($api != NULL && $accountId != null) {
            $pairedCount = unpairUser($user_id, $accountId);
            if ($pairedCount == 0) {
                $api->unpair($accountId);
            }
            return true;
        }
    }
    return false;
}
Example #2
0
    function display()
    {
        global $sugar_config, $current_user;
        if (isset($_POST['csrfToken']) && isset($_SESSION['csrf_token']) && $_SESSION['csrf_token'] == $_POST['csrfToken']) {
            if (isset($_POST['operation']) && $_POST['operation'] == "pair" && isset($_POST['pairingToken'])) {
                pairLatchAccount($_POST['pairingToken'], $current_user->id);
            } else {
                if (isset($_POST['operation']) && $_POST['operation'] == "unpair") {
                    unpairLatchAccount($current_user->id);
                }
            }
        }
        $bytes = openssl_random_pseudo_bytes(20);
        $csrfToken = sha1($bytes);
        $_SESSION['csrf_token'] = $csrfToken;
        if ($sugar_config['authenticationClass'] == "LatchAuthenticate") {
            $accountId = getAccountIdFromStorage($current_user->id);
            ?>
            <form method="POST" action="index.php?module=LatchPairing">
                <div class="group">
                    <h2>Latch Settings</h2>
                    <ul>
                        <?php 
            if (strlen($accountId) == 0 || $accountId == false) {
                ?>
                            <label for="pairingToken">Latch Pairing Token:</label>
                            <input type="text" name="pairingToken" id="pairingToken" />
                            <input type="hidden" name="operation" value="pair"/>
                            <input type="submit" value="Pair" />
                            <?php 
            } else {
                ?>
                            <label for="pairingToken">You are already paired with Latch.</label>
                            <input type="hidden" name="operation" value="unpair"/>
                            <input type="submit" value="Unpair" />
                            <?php 
            }
            ?>
						<input type="hidden" name="csrfToken" id="csrfToken" value="<?php 
            echo htmlentities($csrfToken);
            ?>
">
                    </ul>
                </div>
            </form>
            <?php 
        }
    }
Example #3
0
 function loadUserOnSession($user_id)
 {
     global $current_user;
     require_once 'custom/Latch/LatchWrapper.php';
     if (empty($user_id)) {
         return false;
     }
     if (isset($_POST['otp']) && isset($_SESSION['otp'])) {
         if ($_POST['otp'] == $_SESSION['otp']) {
             $_SESSION['logged_in'] = true;
             return parent::loadUserOnSession($user_id);
         } else {
             return header("Location: ./index.php?module=Users&action=logout");
         }
     }
     if (!(isset($_SESSION['logged_in']) && $_SESSION['logged_in'])) {
         $accountId = getAccountIdFromStorage($user_id);
         if ($accountId && isset($_REQUEST['action']) && strtolower($_REQUEST['action']) != "logout") {
             $status = getLatchStatus($accountId);
             if ($status != null) {
                 if ($status['accountBlocked']) {
                     header("Location: ./index.php?module=Users&action=logout");
                     exit;
                 } else {
                     if (isset($status['twoFactor'])) {
                         $_SESSION['otp'] = $status['twoFactor'];
                         include_once "custom/Latch/secondFactorForm.php";
                         die;
                     }
                 }
             }
         }
     }
     $_SESSION['logged_in'] = true;
     return parent::loadUserOnSession($user_id);
 }