/** * @param Request $req */ public function __construct(Request $req) { $this->request = $req; // exclude parameter $exclude = $req->query('exclude'); if (is_string($exclude) && !empty($exclude)) { $exclude = explode(',', $exclude); } if (is_array($exclude)) { $this->setExclude(array_filter($exclude)); } // include parameter $include = $req->query('include'); if (is_string($include) && !empty($include)) { $include = explode(',', $include); } if (is_array($include)) { $this->setInclude(array_filter($include)); } // expand parameter $expand = $req->query('expand'); if (is_string($expand) && !empty($expand)) { $expand = explode(',', $expand); } if (is_array($expand)) { $this->setExpand(array_filter($expand)); } }
public function authenticate(Request $req, Response $res) { $username = $req->request('username'); $password = $req->request('password'); $remember = (bool) $req->request('remember'); return $this->login($username, $password, $remember); }
public function __invoke(Request $req, Response $res, callable $next) { $config = $this->app['config']; if (!$config->get('sessions.enabled') || $req->isApi()) { return $next($req, $res); } $lifetime = $config->get('sessions.lifetime'); $hostname = $config->get('app.hostname'); ini_set('session.use_trans_sid', false); ini_set('session.use_only_cookies', true); ini_set('url_rewriter.tags', ''); ini_set('session.gc_maxlifetime', $lifetime); // set the session name $defaultSessionTitle = $config->get('app.title') . '-' . $hostname; $sessionTitle = $config->get('sessions.name', $defaultSessionTitle); $safeSessionTitle = str_replace(['.', ' ', "'", '"'], ['', '_', '', ''], $sessionTitle); session_name($safeSessionTitle); // set the session cookie parameters session_set_cookie_params($lifetime, '/', '.' . $hostname, $req->isSecure(), true); // register session_write_close as a shutdown function session_register_shutdown(); // install any custom session handlers $class = $config->get('sessions.driver'); if ($class) { $handler = new $class($this->app); $handler::registerHandler($handler); } session_start(); // fix the session cookie Utility::setCookieFixDomain(session_name(), session_id(), time() + $lifetime, '/', $hostname, $req->isSecure(), true); // make the newly started session in our request $req->setSession($_SESSION); return $next($req, $res); }
/** * Gets the decoded remember me cookie from the request. * * @param Request $req * * @return RememberMeCookie */ private function getRememberMeCookie(Request $req) { $encoded = $req->cookies($this->rememberMeCookieName()); return RememberMeCookie::decode($encoded); }
/** * Step 2 in the forgot password process. Resets the password * given a valid token. * * @param string $token token * @param array $password new password * * @throws AuthException when the step cannot be completed. * * @return bool */ public function forgotStep2($token, array $password) { $ip = $this->request->ip(); return $this->getPasswordReset()->step2($token, $password, $ip); }
/** * Builds a request not recognized error. * * @return InvalidRequest */ protected function requestNotRecognizedError() { return new InvalidRequest('Request was not recognized: ' . $this->request->method() . ' ' . $this->request->path(), 404); }
/** * Verifies the cookie against an incoming request. * * @param Request $req * @param AuthManager $auth * * @return bool */ public function verify(Request $req, AuthManager $auth) { if (!$this->isValid()) { return false; } // verify the user agent matches the one in the request if ($this->userAgent != $req->agent()) { return false; } // look up the user with a matching email address $userClass = $auth->getUserClass(); $user = $userClass::where('email', $this->email)->first(); if (!$user) { return false; } // hash series for matching with the db $seriesHash = $this->hash($this->series); // First, make sure all of the parameters match, except the token. // We match the token separately to detect if an older session is // being used, in which case we cowardly run away. $expiration = time() - $this->getExpires(); $db = $auth->getApp()['db']; $query = $db->select('token,two_factor_verified')->from('PersistentSessions')->where('email', $this->email)->where('created_at', U::unixToDb($expiration), '>')->where('series', $seriesHash); $persistentSession = $query->one(); if ($query->rowCount() !== 1) { return false; } // if there is a match, sign the user in $tokenHash = $this->hash($this->token); // Same series, but different token, meaning the user is trying // to use an older token. It's most likely an attack, so flush // all sessions. if (!hash_equals($persistentSession['token'], $tokenHash)) { $db->delete('PersistentSessions')->where('email', $this->email)->execute(); return false; } // remove the token once used $db->delete('PersistentSessions')->where('email', $this->email)->where('series', $seriesHash)->where('token', $tokenHash)->execute(); // mark the user as 2fa verified if ($persistentSession['two_factor_verified']) { $user->markTwoFactorVerified(); } return $user; }
/** * @param Request $req */ public function __construct(Request $req) { if ($req->query('compact')) { $this->compactPrint(); } }