/**
* Logs data to the shibboleth debug log
*
* @param string $msg the message to log
* @param string|object $data additional data to log
* @return void
**/
private static function log($msg, $data = '')
{
static $params;
if (!isset($params)) {
$params = Plugin::params('authentication', 'shibboleth');
}
if ($params->get('debug_enabled', true)) {
if (!\Log::has('shib')) {
$location = $params->get('debug_location', '/var/log/apache2/php/shibboleth.log');
$location = explode(DS, $location);
$file = array_pop($location);
\Log::register('shib', ['path' => implode(DS, $location), 'file' => $file, 'level' => 'info', 'format' => "%datetime% %message%\n"]);
}
// Create a token to identify related log entries
if (!($cookie = Cookie::eat('shib-dbg-token'))) {
$token = base64_encode(uniqid());
Cookie::bake('shib-dbg-token', time() + 60 * 60 * 24, ['shib-dbg-token' => $token]);
} else {
$token = $cookie->{'shib-dbg-token'};
}
$toBeLogged = "{$token} - {$msg}";
if (!empty($data)) {
$toBeLogged .= ":\t" . (is_string($data) ? $data : json_encode($data));
}
\Log::logger('shib')->info("{$toBeLogged}");
}
}
/**
* Return a list of messages
*
* @param array $data
* @param string $domain
* @return array
*/
public function retrieve($domain)
{
if (!($messages = Monster::eat($this->key($domain)))) {
$messages = array();
}
if (count($messages)) {
$this->clear($domain);
}
return $messages;
}
/**
* Method to log out a user.
*
* @since 1.6
*/
public function logout()
{
$app = JFactory::getApplication();
$user = User::getInstance();
$authenticator = Request::getVar('authenticator', '', 'method');
$singleSignOn = Request::getVar('sso', false);
if (empty($authenticator) || $authenticator == '') {
$cookie = \Hubzero\Utility\Cookie::eat('authenticator');
if (isset($cookie->authenticator)) {
$authenticator = $cookie->authenticator;
} else {
$authenticator = null;
}
}
// If a specific authenticator is specified try to call the logout method for that plugin
if (!empty($authenticator)) {
Plugin::import('authentication');
$plugins = Plugin::byType('authentication');
foreach ($plugins as $plugin) {
$className = 'plg' . $plugin->type . $plugin->name;
if ($plugin->name != $authenticator) {
continue;
}
if (class_exists($className)) {
if (method_exists($className, 'logout')) {
$myplugin = new $className($this, (array) $plugin);
// Redirect to user third party signout view
// Only do this for PUCAS for the time being (it's the one that doesn't lose session info after hub logout)
if ($authenticator == 'pucas') {
// Get plugin params
$plugin = Plugin::byType('authentication', $authenticator);
$pparams = new \Hubzero\Config\Registry($plugin->params);
$auto_logoff = $pparams->get('auto_logoff', false);
if ($auto_logoff || $singleSignOn == 'all') {
$result = $myplugin->logout();
break;
} elseif ($singleSignOn === false) {
App::redirect(Route::url('index.php?option=com_users&view=endsinglesignon&authenticator=' . $authenticator, false));
return;
} else {
break;
}
} else {
$result = $myplugin->logout();
break;
}
// Normal path
}
// End verification of logout() method
}
// End plugin check
}
// End foreach
}
// End check for specified authenticator
// Perform the log out
$error = $app->logout();
// Check if the log out succeeded.
if (!$error instanceof Exception) {
// If the authenticator is empty, but they have an active third party session,
// redirect to a page indicating this and offering complete signout
if (isset($user->auth_link_id) && $user->auth_link_id && empty($authenticator)) {
$auth_domain_name = '';
$auth_domain = \Hubzero\Auth\Link::find_by_id($user->auth_link_id);
if (is_object($auth_domain)) {
$auth_domain_id = $auth_domain->auth_domain_id;
$auth_domain_name = \Hubzero\Auth\Domain::find_by_id($auth_domain_id)->authenticator;
}
// Redirect to user third party signout view
// Only do this for PUCAS for the time being (it's the one that doesn't lose session info after hub logout)
if ($auth_domain_name == 'pucas') {
// Get plugin params
$plugin = Plugin::byType('authentication', $auth_domain_name);
$pparams = new \Hubzero\Config\Registry($plugin->params);
$auto_logoff = $pparams->get('auto_logoff', false);
if ($auto_logoff) {
App::redirect(Route::url('index.php?option=com_users&task=user.logout&authenticator=' . $auth_domain_name, false));
return;
} else {
App::redirect(Route::url('index.php?option=com_users&view=endsinglesignon&authenticator=' . $auth_domain_name, false));
return;
}
}
}
// Get the return url from the request and validate that it is internal.
$return = Request::getVar('return', '', 'method', 'base64');
$return = base64_decode($return);
if (!JURI::isInternal($return)) {
$return = '';
}
// Redirect the user.
App::redirect(Route::url($return, false));
} else {
App::redirect(Route::url('index.php?option=com_users&view=login', false));
}
}
/**
* Mark the overlay as having been viewed
*
* @return void
*/
public function _mark()
{
$this->view->setLayout('mark');
$member = $this->view->offering->member(User::get('id'));
if ($member->get('first_visit') && $member->get('first_visit') != '0000-00-00 00:00:00') {
return;
} elseif (!$member->get('id')) {
$cookie = \Hubzero\Utility\Cookie::eat('plugin.courses.guide');
if (!is_object($cookie) || !isset($cookie->first_visit)) {
// Drop cookie
$lifetime = time() + 365 * 24 * 60 * 60;
\Hubzero\Utility\Cookie::bake('plugin.courses.guide', $lifetime, array('first_visit' => Date::toSql()));
}
}
$member->set('first_visit', Date::toSql());
$member->store();
}
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*
* HUBzero is a registered trademark of Purdue University.
*
* @package hubzero-cms
* @author Sam Wilson <*****@*****.**>
* @copyright Copyright 2005-2015 HUBzero Foundation, LLC.
* @license http://opensource.org/licenses/MIT MIT
*/
// no direct access
defined('_HZEXEC_') or die;
$hash = App::hash(App::get('client')->name . ':authenticator');
if (($cookie = \Hubzero\Utility\Cookie::eat('authenticator')) && !Request::getInt('reset', false)) {
$primary = $cookie->authenticator;
$user = User::getInstance($cookie->user_id);
$user_img = $cookie->user_img;
Request::setVar('primary', $primary);
}
$usersConfig = Component::params('com_members');
$primary = Request::getWord('primary', false);
// use some reflections to inspect plugins for special behavior (added for shibboleth)
$refl = array();
foreach ($authenticators as $a) {
$refl[$a['name']] = new \ReflectionClass("plgAuthentication{$a['name']}");
}
$current = Hubzero\Utility\Uri::getInstance()->toString();
$current .= strstr($current, '?') ? '&' : '?';
?>
/**
* Confirm user's registration code
*
* @return void
*/
public function confirmTask()
{
// Incoming
$code = Request::getVar('confirm', false);
if (!$code) {
$code = Request::getVar('code', false);
}
$cookie = \Hubzero\Utility\Cookie::eat('authenticator');
// Check if the user is logged in
if (User::isGuest()) {
$return = base64_encode(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&task=' . $this->_task . '&confirm=' . $code, false, true));
App::redirect(Route::url('index.php?option=com_users&view=login&return=' . $return, false), Lang::txt('Please login in so we can confirm your account.'), 'warning');
}
// @FIXME The session is overriding the activation code
$xprofile = User::oneByActivationToken(-$code);
$user = User::getInstance();
if ($xprofile->get('id') != $user->get('id')) {
// Profile and logged in user does not math
$this->setError('login mismatch');
// Build logout/login/confirm redirect flow
$login_return = base64_encode(Route::url('index.php?option=' . $this->option . '&controller=' . $this->_controller . '&task=' . $this->_task . '&confirm=' . $code));
$logout_return = base64_encode(Route::url('index.php?option=com_users&view=login&return=' . $login_return));
$redirect = Route::url('index.php?option=com_users&view=logout&return=' . $logout_return);
}
$email_confirmed = $xprofile->get('activation');
if ($email_confirmed == 1 || $email_confirmed == 3) {
// The current user is confirmed - check to see if the incoming code is valid at all
if (\Components\Members\Helpers\Utility::isActiveCode($code)) {
$this->setError('login mismatch');
// Build logout/login/confirm redirect flow
$login_return = base64_encode(Route::url('index.php?option=' . $this->option . '&controller=' . $this->_controller . '&task=' . $this->_task . '&confirm=' . $code));
$logout_return = base64_encode(Route::url('index.php?option=com_users&view=login&return=' . $login_return));
$redirect = Route::url('index.php?option=com_users&view=logout&return=' . $logout_return);
}
} elseif ($email_confirmed < 0 && $email_confirmed == -$code) {
//var to hold return path
$return = '';
// get return path
$cReturn = $this->config->get('ConfirmationReturn');
if ($cReturn) {
$return = $cReturn;
}
//check to see if we have a return param
$pReturn = base64_decode(urldecode($xprofile->getParam('return')));
if ($pReturn) {
$return = $pReturn;
$xprofile->setParam('return', '');
}
// make as confirmed
$xprofile->set('activation', 1);
// set public setting
$xprofile->set('access', $this->config->get('privacy', 1));
// upload profile
if (!$xprofile->save()) {
$this->setError(Lang::txt('COM_MEMBERS_REGISTER_ERROR_CONFIRMING'));
}
// if the user just changed their email & confirmed
// reset 'userchangedemail' key
if (Session::get('userchangedemail', 0) == 1) {
Session::set('userchangedemail', 0);
}
// Redirect
if (empty($return)) {
$r = $this->config->get('ConfirmationReturn');
$return = $r ? $r : Route::url('index.php?option=com_members&task=myaccount');
// consume cookie (yum) if available to return to whatever action prompted registration
if (isset($_COOKIE['return'])) {
$return = $_COOKIE['return'];
setcookie('return', '', time() - 3600);
}
}
App::redirect($return, '', 'message', true);
} else {
$this->setError(Lang::txt('COM_MEMBERS_REGISTER_ERROR_INVALID_CONFIRMATION'));
}
// Set the pathway
$this->_buildPathway();
// Set the page title
$this->_buildTitle();
// Instantiate a new view
$this->view->set('title', Lang::txt('COM_MEMBERS_REGISTER_CONFIRM'))->set('login', $xprofile->get('username'))->set('email', $xprofile->get('email'))->set('code', $code)->set('redirect', isset($return) ? $return : '')->set('sitename', Config::get('sitename'))->setErrors($this->getErrors())->display();
}
