Example #1
0
 /**
  * @see \Ableron\Core\Session\SessionHandlerInterface::runGarbageCollector()
  */
 public function runGarbageCollector(DateInterval $inactivityTimeout)
 {
     //TODO tblasche: Implement correctly und use it
     $query = Application::getPersistenceManager()->getEntityManager()->createQuery('DELETE Core:SessionEntity s WHERE s.lastActivityTime < ?1');
     $query->setParameter(1, DateUtil::getCurrentUtcDateTime()->sub($inactivityTimeout)->format('Y-m-d H:i:s'));
     $query->execute();
 }
Example #2
0
 /**
  * Installs the given extension.
  *
  * This operation is transaction save. The extension is either installed
  * completely or not at all.
  *
  * Throws an exception in case the extension could not be installed.
  *
  * @param \Ableron\Core\Extension\ExtensionInterface $extension The extension to install
  * @param string $extensionDirectory Directory of the extension
  * @throws \Ableron\Core\Exception\SystemException
  * @return void
  */
 protected function installExtension(ExtensionInterface $extension, $extensionDirectory)
 {
     // get entity manager
     $entityManager = Application::getPersistenceManager()->getEntityManager();
     try {
         // begin transaction
         $entityManager->beginTransaction();
         // set up database schema (generate proxies + database schema)
         $this->setUpDatabaseSchema($extension::getNamespace(), sprintf('%s/Model/Entities', $extensionDirectory), $entityManager);
         // write initial database entities to database
         foreach ($extension->getInitialDatabaseEntities() as $entity) {
             $entityManager->persist($entity);
         }
         // flush entity manager and commit transaction
         $entityManager->flush();
         $entityManager->commit();
     } catch (Exception $e) {
         // rollback transaction
         $entityManager->rollback();
         // throw exception
         throw new SystemException(sprintf('Unable to install extension "%s"', $extension::getNamespace()), 0, E_USER_WARNING, __FILE__, __LINE__, $e);
     }
     // close global entity manager because of possible schema changes (necessary to prevent problems)
     Application::getPersistenceManager()->closeEntityManager();
 }
Example #3
0
 /**
  * @see \Ableron\Lib\Event\EventHandlerInterface::handle()
  */
 public function handle(EventInterface $event)
 {
     // clear failed login attempts
     /** @var \Ableron\Modules\Core\Events\LoginAttemptSuccessfulEvent $event */
     if (($loginAttemptsEntity = BruteForceProtectionService::getLoginAttemptsByUsername($event->getUsername())) !== null) {
         Application::getPersistenceManager()->getEntityManager()->remove($loginAttemptsEntity);
     }
 }
Example #4
0
 /**
  * @see \Ableron\Core\Extension\ExtensionInterface::getInitialDatabaseEntities()
  */
 public function getInitialDatabaseEntities()
 {
     $initialDatabaseEntities = array();
     // get relevant locales
     $localeDeDe = Application::getPersistenceManager()->getRepository('LocaleEntity')->findOneBy(array('localeCode' => 'de-DE'));
     $localeEnUs = Application::getPersistenceManager()->getRepository('LocaleEntity')->findOneBy(array('localeCode' => 'en-US'));
     // add messages
     $initialDatabaseEntities[] = new TranslationEntity($localeDeDe, 'sysInfo.navTitle', 'System Informationen');
     $initialDatabaseEntities[] = new TranslationEntity($localeEnUs, 'sysInfo.navTitle', 'System Information');
     $initialDatabaseEntities[] = new TranslationEntity($localeDeDe, 'sysInfo.systemInfo.title', 'System');
     $initialDatabaseEntities[] = new TranslationEntity($localeEnUs, 'sysInfo.systemInfo.title', 'System');
     $initialDatabaseEntities[] = new TranslationEntity($localeDeDe, 'sysInfo.systemInfo.category.ableronCore', 'Ableron Core');
     $initialDatabaseEntities[] = new TranslationEntity($localeEnUs, 'sysInfo.systemInfo.category.ableronCore', 'Ableron Core');
     $initialDatabaseEntities[] = new TranslationEntity($localeDeDe, 'sysInfo.systemInfo.category.database', 'Datenbank');
     $initialDatabaseEntities[] = new TranslationEntity($localeEnUs, 'sysInfo.systemInfo.category.database', 'Database');
     $initialDatabaseEntities[] = new TranslationEntity($localeDeDe, 'sysInfo.systemInfo.category.php', 'PHP');
     $initialDatabaseEntities[] = new TranslationEntity($localeEnUs, 'sysInfo.systemInfo.category.php', 'PHP');
     $initialDatabaseEntities[] = new TranslationEntity($localeDeDe, 'sysInfo.systemInfo.category.server', 'Server');
     $initialDatabaseEntities[] = new TranslationEntity($localeEnUs, 'sysInfo.systemInfo.category.server', 'Server');
     $initialDatabaseEntities[] = new TranslationEntity($localeDeDe, 'sysInfo.systemInfo.label.ableronCore.version', 'Version');
     $initialDatabaseEntities[] = new TranslationEntity($localeEnUs, 'sysInfo.systemInfo.label.ableronCore.version', 'Version');
     $initialDatabaseEntities[] = new TranslationEntity($localeDeDe, 'sysInfo.systemInfo.label.ableronCore.installationTime', 'Installationszeitpunkt');
     $initialDatabaseEntities[] = new TranslationEntity($localeEnUs, 'sysInfo.systemInfo.label.ableronCore.installationTime', 'Installation Time');
     $initialDatabaseEntities[] = new TranslationEntity($localeDeDe, 'sysInfo.systemInfo.label.database.dbms', 'Datenbank Management System');
     $initialDatabaseEntities[] = new TranslationEntity($localeEnUs, 'sysInfo.systemInfo.label.database.dbms', 'Database Management System');
     $initialDatabaseEntities[] = new TranslationEntity($localeDeDe, 'sysInfo.systemInfo.label.php.serverApi', 'Server API');
     $initialDatabaseEntities[] = new TranslationEntity($localeEnUs, 'sysInfo.systemInfo.label.php.serverApi', 'Server API');
     $initialDatabaseEntities[] = new TranslationEntity($localeDeDe, 'sysInfo.systemInfo.label.php.version', 'PHP Version');
     $initialDatabaseEntities[] = new TranslationEntity($localeEnUs, 'sysInfo.systemInfo.label.php.version', 'PHP Version');
     $initialDatabaseEntities[] = new TranslationEntity($localeDeDe, 'sysInfo.systemInfo.label.php.zendEngineVersion', 'Zend Engine Version');
     $initialDatabaseEntities[] = new TranslationEntity($localeEnUs, 'sysInfo.systemInfo.label.php.zendEngineVersion', 'Zend Engine Version');
     $initialDatabaseEntities[] = new TranslationEntity($localeDeDe, 'sysInfo.systemInfo.label.server.operatingSystem', 'Betriebssystem');
     $initialDatabaseEntities[] = new TranslationEntity($localeEnUs, 'sysInfo.systemInfo.label.server.operatingSystem', 'Operating System');
     $initialDatabaseEntities[] = new TranslationEntity($localeDeDe, 'sysInfo.systemInfo.label.server.webServer', 'Webserver');
     $initialDatabaseEntities[] = new TranslationEntity($localeEnUs, 'sysInfo.systemInfo.label.server.webServer', 'Web Server');
     $initialDatabaseEntities[] = new TranslationEntity($localeDeDe, 'sysInfo.phpInfo.title', 'PHP');
     $initialDatabaseEntities[] = new TranslationEntity($localeEnUs, 'sysInfo.phpInfo.title', 'PHP');
     // add backend menu items
     $initialDatabaseEntities[] = new BackendMenuItemEntity('', 'fa-cogs', 'sysInfo.navTitle', 2);
     $initialDatabaseEntities[] = new BackendMenuItemEntity('/sysinfo/system', 'fa-cogs', 'sysInfo.systemInfo.title', 1);
     $initialDatabaseEntities[] = new BackendMenuItemEntity('/sysinfo/php', 'fa-cogs', 'sysInfo.phpInfo.title', 2);
     // add module
     $initialDatabaseEntities[] = new ModuleEntity('Ableron System Information', 'System Information Module of Ableron', 'SysInfo', '/sysinfo', '/sysinfo', true, false);
     // add permissions
     $initialDatabaseEntities[] = $permissionCanViewSystemInfo = new PermissionEntity('SysInfo.System.Backend.canViewSystemInfo', 'Grants access to the system information overview of the backend.');
     //TODO tblasche: New permissions should be added to roles automatically
     // get default roles
     $roleRoot = Application::getPersistenceManager()->getRepository('RoleEntity')->findOneBy(array('name' => 'Root'));
     $roleBackendRoot = Application::getPersistenceManager()->getRepository('RoleEntity')->findOneBy(array('name' => 'Backend Root'));
     // add new permissions to default roles
     $roleRoot->getPermissions()->add($permissionCanViewSystemInfo);
     $roleBackendRoot->getPermissions()->add($permissionCanViewSystemInfo);
     // return initial database entities
     return $initialDatabaseEntities;
 }
Example #5
0
 /**
  * Returns the text with the given key for the currently set locale.
  *
  * TODO: Use MessageFormatter correctly (use object to get access to getErrorMessage()
  * TODO: Formatting messages may return FALSE on errors
  *
  * @param string $textKey Key of the text to return
  * @param array $parameters List of parameters to pass to the message formatter
  * @return string
  */
 public function translate($textKey, $parameters = array())
 {
     $query = Application::getPersistenceManager()->getEntityManager()->createQuery('SELECT t.text FROM Core:TranslationEntity t WHERE t.textKey = ?1 AND t.locale = ?2');
     $query->setParameter(1, $textKey);
     $query->setParameter(2, $this->getLocale());
     try {
         return MessageFormatter::formatMessage($this->getLocale()->getLocaleCode(), $query->getSingleScalarResult(), $parameters);
     } catch (NoResultException $e) {
         Application::getLogManager()->warning(sprintf('Unable to translate text key "%s": No translation found', $textKey));
         return '';
     }
 }
Example #6
0
 /**
  * @see \Ableron\Lib\Event\EventHandlerInterface::handle()
  */
 public function handle(EventInterface $event)
 {
     // only take care of login attempts where both username and password are set
     /** @var \Ableron\Modules\Core\Events\LoginAttemptFailedEvent $event */
     if ($event->getUsername() !== '' && $event->getPassword() !== '') {
         // log failed login attempt
         if (($loginAttemptsEntity = BruteForceProtectionService::getLoginAttemptsByUsername($event->getUsername())) !== null) {
             $loginAttemptsEntity->addFailedAttempt();
         } else {
             Application::getPersistenceManager()->getEntityManager()->persist(new LoginAttemptsEntity($event->getUsername()));
         }
     }
 }
Example #7
0
 /**
  * @see \Ableron\Core\Extension\ExtensionInterface::getInitialDatabaseEntities()
  */
 public function getInitialDatabaseEntities()
 {
     $initialDatabaseEntities = array();
     // get relevant locales
     $localeDeDe = Application::getPersistenceManager()->getRepository('LocaleEntity')->findOneBy(array('localeCode' => 'de-DE'));
     $localeEnUs = Application::getPersistenceManager()->getRepository('LocaleEntity')->findOneBy(array('localeCode' => 'en-US'));
     // add messages
     $initialDatabaseEntities[] = new TranslationEntity($localeDeDe, 'bruteForceProtector.backend.message.possibleBruteForceDetected', 'Für diesen Benutzer wurde mehrfach ein falsches Passwort angegeben. Aus Sicherheitsgründen ist ein erneuter Login-Versuch erst in 2min wieder möglich.');
     $initialDatabaseEntities[] = new TranslationEntity($localeEnUs, 'bruteForceProtector.backend.message.possibleBruteForceDetected', 'An invalid password has been provided for this user multiple times. For security reasons further login attempts are not possible for a period of 2 minutes.');
     // register event handlers
     $initialDatabaseEntities[] = new EventHandlerEntity('core-login-attemptFailed', 'Ableron\\Plugins\\BruteForceProtector\\EventHandlers\\LoginAttemptFailedEventHandler');
     $initialDatabaseEntities[] = new EventHandlerEntity('core-login-attemptSuccessful', 'Ableron\\Plugins\\BruteForceProtector\\EventHandlers\\LoginAttemptSuccessfulEventHandler');
     $initialDatabaseEntities[] = new EventHandlerEntity('core-login-validatingData', 'Ableron\\Plugins\\BruteForceProtector\\EventHandlers\\LoginValidatingDataEventHandler');
     // return initial database entities
     return $initialDatabaseEntities;
 }
Example #8
0
 /**
  * @see \Ableron\Modules\Core\Services\Authentication\AuthenticationInterface::authenticateManually()
  */
 public static function authenticateManually($username, $password)
 {
     // get user in case username exists
     $user = Application::getPersistenceManager()->getRepository('UserEntity')->findByUsername($username);
     // check password
     if ($user !== null && Password::verify($password, $user->getPasswordHash())) {
         // rehash password if necessary
         if (Password::needsRehash($user->getPasswordHash())) {
             $user->setPasswordHash(Password::hash($password));
         }
         // return the user object
         return $user;
     }
     // credentials invalid
     return null;
 }
Example #9
0
 /**
  * Tests whether findByUsername works as expected.
  *
  * @return void
  */
 public function testFindByUsername()
 {
     // define username
     $username = '******';
     // create user entity
     $user = new UserEntity($username, '', '', '', '');
     // verify user does not exist
     $this->assertNull(Application::getPersistenceManager()->getRepository('UserEntity')->findByUsername($user->getUsername()));
     // create user
     Application::getPersistenceManager()->getEntityManager()->persist($user);
     Application::getPersistenceManager()->getEntityManager()->flush();
     // verify user exist
     $userFromDb = Application::getPersistenceManager()->getRepository('UserEntity')->findByUsername($user->getUsername());
     $this->assertNotNull($userFromDb);
     $this->assertSame($username, $userFromDb->getUsername());
     $this->assertNotNull($username, $userFromDb->getId());
     // remove user
     Application::getPersistenceManager()->getEntityManager()->remove($user);
     Application::getPersistenceManager()->getEntityManager()->flush();
 }
Example #10
0
 /**
  * Creates an admin account.
  *
  * @return void
  */
 private function createAdminAccount()
 {
     // create user entity
     $user = new UserEntity($this->getInstaller()->getInstallationParameter('admin.username'), Password::hash($this->getInstaller()->getInstallationParameter('admin.password')), $this->getInstaller()->getInstallationParameter('admin.emailAddress'), $this->getInstaller()->getInstallationParameter('admin.firstName'), $this->getInstaller()->getInstallationParameter('admin.lastName'));
     // assign root role
     $user->getRoles()->add(Application::getPersistenceManager()->getRepository('RoleEntity')->findOneBy(array('name' => 'Root')));
     // write changes to database
     Application::getPersistenceManager()->getEntityManager()->persist($user);
     Application::getPersistenceManager()->getEntityManager()->flush();
 }
Example #11
0
 /**
  * Returns the login attempts for the given username.
  *
  * Returns NULL in case there are no current failed login attempts for the given user.
  *
  * @param string $username Username to return the login attempts for
  * @return \Ableron\Plugins\BruteForceProtector\Model\Entities\LoginAttemptsEntity|null
  */
 public static function getLoginAttemptsByUsername($username)
 {
     return Application::getPersistenceManager()->getRepository('LoginAttemptsEntity', BruteForceProtectorPlugin::getNamespace())->findOneBy(array('username' => $username));
 }
Example #12
0
 /**
  * Returns an internal URL based on the current base URL and the given
  * module namespace.
  *
  * E.g. EnvironmentUtil::getInternalUrl('/foo', 'Bar') -> http://example.com/acp/Bar/foo
  *
  * @param string $moduleInternalPath Path within the module
  * @param string $moduleNamespace Namespace of the module to return the URL for
  * @return \Ableron\Lib\Net\Uri
  */
 public static function getInternalUrl(string $moduleInternalPath, string $moduleNamespace = null)
 {
     // get module repository
     /** @var \Ableron\Modules\Core\Model\Repositories\ModuleRepository $moduleRepository */
     $moduleRepository = Application::getPersistenceManager()->getRepository('ModuleEntity');
     // get module
     $module = $moduleRepository->findModuleByNamespace($moduleNamespace === null ? CoreModule::getNamespace() : $moduleNamespace);
     // build and return URL
     return new Uri(rtrim(self::getBaseUrl()->toString() . (Application::getRequestHandler()->isFrontendRequest() ? $module->getFrontendBasePath() : $module->getBackendBasePath()), '/') . $moduleInternalPath);
 }
Example #13
0
 /**
  * Returns the version of the used database management system.
  *
  * Returns NULL in case the DBMS version could not be determined.
  *
  * @return string|null
  */
 public static function getDatabaseManagementSystemVersion()
 {
     // get wrapped database connection
     $dbConnection = Application::getPersistenceManager()->getEntityManager()->getConnection()->getWrappedConnection();
     // return database version or null if not present
     return $dbConnection instanceof ServerInfoAwareConnection ? $dbConnection->getServerVersion() : null;
 }
Example #14
0
 /**
  * Checks whether the current user is authorized to access the controller
  * and displays an error page in case permission has been denied.
  *
  * @throws \Ableron\Core\Controller\Exception\AccessDeniedException
  * @return void
  */
 protected function checkAuthorization()
 {
     foreach ($this->getRequiredPermissions() as $permissionName) {
         if (!UserService::hasPermission(Application::getUser(), Application::getPersistenceManager()->getRepository('PermissionEntity')->findByName($permissionName))) {
             throw new AccessDeniedException();
         }
     }
 }
Example #15
0
 private function getSettingEntityRepository()
 {
     return Application::getPersistenceManager()->getRepository('SettingEntity');
 }
Example #16
0
 /**
  * Finds all supported locales.
  *
  * @return void
  */
 private function findSupportedLocales()
 {
     foreach (Application::getPersistenceManager()->getRepository('LocaleEntity')->findAll() as $localeEntity) {
         $this->supportedLocales[$localeEntity->getLocaleCode()] = $localeEntity;
     }
 }
Example #17
0
 /**
  * Takes care of possible CSRF attacks.
  *
  * Logs the possible attack and changes the current CSRF token.
  *
  * @return void
  */
 private function handlePossibleCsrfAttack()
 {
     // log possible attack
     Application::getPersistenceManager()->getEntityManager()->persist(new CsrfAttemptEntity());
     // invalidate session token by setting a new one
     Application::getSession()->setData($this->csrfTokensSessionKey, StringUtil::getRandomString($this->tokenLength));
 }
Example #18
0
 /**
  * Returns the ModuleEntity of the module with the given base path.
  *
  * Returns NULL in case no module has been found with the given criteria.
  *
  * @param string $basePath Base path of the module
  * @param bool $isFrontendBasePath Whether base path is a frontend or a backend base path
  * @return \Ableron\Modules\Core\Model\Entities\ModuleEntity
  */
 public function findModuleByBasePath($basePath, $isFrontendBasePath)
 {
     return Application::getPersistenceManager()->getRepository('ModuleEntity')->findModuleByBasePath($basePath, $isFrontendBasePath);
 }
Example #19
0
 private function getEventHandlerEntityRepository()
 {
     return Application::getPersistenceManager()->getRepository('EventHandlerEntity');
 }