/**
* Shows the forgot password form
*/
public function forgotPasswordAction()
{
$form = new ForgotPasswordForm();
$form->setDI($this->getDI());
if ($this->request->isPost()) {
if ($form->isValid($this->request->getPost()) !== false) {
$user = Users::findFirstByEmail($this->request->getPost('email'));
if (!$user) {
$this->flash->success($this->translate->gettext('There is no account associated with this email.'));
} else {
$resetPassword = new ResetPasswords();
$resetPassword->usersId = $user->id;
if ($resetPassword->save()) {
$this->flash->success($this->translate->gettext('An email has been sent!'));
$this->flash->success($this->translate->gettext('Please check your inbox for a reset password message.'));
return $this->dispatcher->forward(['controller' => 'index', 'action' => 'notification']);
} else {
foreach ($resetPassword->getMessages() as $message) {
$this->flash->error($message);
}
}
}
}
}
$this->view->form = $form;
}
/**
* Checks the OAuth callback for final authentication.
* Throws an exception on fail
*
* @param string $provider
* @param string $code
*/
public function checkOauth($provider, $code)
{
$t = $this->translate;
if (!isset($this->config->services[$provider])) {
throw new AuthException($t->gettext('OAuth signin error'));
}
$configProvider = $this->config->services[$provider];
// This provider scope and end point url is subject to time as providers revise their systems
switch ($provider) {
case 'google':
// $scope = Google::SCOPE_EMAIL;
// $scopeUrl = 'https://www.googleapis.com/oauth2/v1/userinfo';
$scope = Google::SCOPE_EMAIL;
$scopeUrl = 'https://www.googleapis.com/plus/v1/people/me';
break;
// case 'microsoft':
// // TODO:
// // $scope = \OAuth\OAuth2\Service\Microsoft::SCOPE_BASIC;
// // $scopeUrl = \OAuth\OAuth2\Service\Microsoft::SCOPE_BASIC;
// break;
// case 'microsoft':
// // TODO:
// // $scope = \OAuth\OAuth2\Service\Microsoft::SCOPE_BASIC;
// // $scopeUrl = \OAuth\OAuth2\Service\Microsoft::SCOPE_BASIC;
// break;
default:
throw new AuthException('Invalid oauth provider');
break;
}
$redirectUrl = $this->di->getUrl()->get("signin/oauth/{$provider}");
// The web server will send these credentials to the Oauth provider
$credentials = new Credentials($configProvider->clientId, $configProvider->clientSecret, $redirectUrl);
// Session storage
$storage = new OauthSessionStorage();
$service = (new \OAuth\ServiceFactory())->createService($provider, $credentials, $storage, [$scope]);
// There is a possibility that the access token could not be received
try {
$token = $service->requestAccessToken($code);
} catch (\Exception $e) {
// error_log($e->getMessage());
throw new AuthException($t->gettext('OAuth signin error'));
}
try {
$json = $service->request($scopeUrl);
} catch (\Exception $e) {
// error_log('The Oauth request failed.');
throw new AuthException($t->gettext('OAuth signin error'));
}
$result = json_decode($json, true);
if ($result === false) {
// error_log('The Oauth response did not contain valid JSON.');
throw new AuthException($t->gettext('OAuth signin error'));
}
switch ($provider) {
case 'google':
if (!isset($result['emails'][0]['value']) || filter_var($result['emails'][0]['value'], FILTER_VALIDATE_EMAIL) === false) {
// error_log('The Oauth response email is invalid.');
throw new AuthException($t->gettext('Oauth authentication failed'));
}
$email = $result['emails'][0]['value'];
break;
case 'microsoft':
default:
if (!isset($result['email']) || filter_var($result['email'], FILTER_VALIDATE_EMAIL) === false) {
// error_log('The Oauth response email is invalid.');
throw new AuthException($t->gettext('Oauth authentication failed'));
}
if (!isset($result['verified_email']) || $result['verified_email'] !== true) {
throw new AuthException($t->gettext('The email could not be verified.'));
}
$email = $result['email'];
break;
}
$user = Users::findFirstByEmail($email);
if ($user == false) {
$this->registerUserThrottling(0);
throw new AuthException($t->gettext('This email is not registered in the system.'));
}
// Check if the user was flagged
$this->checkUserFlags($user);
// Register the successful signin
$this->saveSuccessSignin($user, 'oauth');
return $user;
}
/**
*
*/
private function getUserByUniqueRef($userRef)
{
if (ctype_digit($userRef)) {
$user = Users::findFirstById($userRef);
} else {
if (($email = filter_var($userRef, FILTER_VALIDATE_EMAIL)) !== false) {
$user = Users::findFirstByEmail($email);
} else {
throw new ArgumentValidationException('The user must be specified as an email or primary key.', 1);
}
}
return $user;
}
