/** * Implements RestfulAuthenticationInterface::authenticate(). */ public function authenticate(array $request = array(), $method = \RestfulInterface::GET) { if (!drupal_session_started() && !$this->isCli()) { return; } global $user; $account = user_load($user->uid); if (!\RestfulBase::isWriteMethod($method) || empty($request['__application']['rest_call'])) { // Request is done via API not CURL, or not a write operation, so we don't // need to check for a CSRF token. return $account; } if (empty($request['__application']['csrf_token'])) { throw new \RestfulBadRequestException('No CSRF token passed in the HTTP header.'); } if (!drupal_valid_token($request['__application']['csrf_token'], \RestfulBase::TOKEN_VALUE)) { throw new \RestfulForbiddenException('CSRF token validation failed.'); } // CSRF validation passed. return $account; }
/** * {@inheritdoc} */ public function authenticate(RequestInterface $request) { if (!drupal_session_started() && !$this->isCli($request)) { return NULL; } global $user; $account = user_load($user->uid); if (!$request::isWriteMethod($request->getMethod()) || $request->getApplicationData('rest_call')) { // Request is done via API not CURL, or not a write operation, so we don't // need to check for a CSRF token. return $account; } if (!RestfulManager::isRestfulPath($request)) { return $account; } if (!$request->getCsrfToken()) { throw new BadRequestException('No CSRF token passed in the HTTP header.'); } if (!drupal_valid_token($request->getCsrfToken(), Authentication::TOKEN_VALUE)) { throw new ForbiddenException('CSRF token validation failed.'); } // CSRF validation passed. return $account; }
/** * Factory implements session singleton. * @return \raptor\Context */ public static function getInstance($forceReset = FALSE, $bSystemDrivenAction = FALSE) { if (session_status() == PHP_SESSION_NONE) { error_log('CONTEXTgetInstance::Starting session'); session_start(); drupal_session_started(TRUE); //If we dont do this we risk warning messages elsewhere. } if (!isset($_SESSION['CREATED'])) { $startedtime = time(); error_log('CONTEXTgetInstance::Setting CREATED value of session to ' . $startedtime); $_SESSION['CREATED'] = $startedtime; } global $user; $bLocalReset = FALSE; if (user_is_logged_in()) { $tempUID = $user->uid; } else { $tempUID = 0; } //error_log('CONTEXTgetInstance::tempUID='.$tempUID); $bSessionResetFlagDetected = $forceReset || isset($_GET['reset_session']) && $_GET['reset_session'] == 'YES'; if (isset($_SESSION[CONST_NM_RAPTOR_CONTEXT]) && !$bSessionResetFlagDetected) { //We will return this instance unless ... $candidate = unserialize($_SESSION[CONST_NM_RAPTOR_CONTEXT]); $wmodeParam = $candidate->getWorklistMode(); $candidateUID = $candidate->getUID(); if ($candidateUID == 0 && $tempUID != 0 && !$candidate->hasForceLogoutReason()) { //Convert this session instance into instance for the UID, normal occurrence to do this after a login. $candidate->m_nUID = $tempUID; $candidate->serializeNow('Set the uid to the user->uid'); } else { if ($candidate->m_nUID > -1 && $candidate->getUID() !== $tempUID) { //This can happen if a user left without proper logout. $errmsg = 'Must reset because candidate UID[' . $candidate->getUID() . '] != current UID[' . $tempUID . ']'; //drupal_set_message($errmsg, 'error'); error_log('CONTEXTgetInstance::' . $errmsg . "\nCANDIDATE at time of reset=" . print_r($candidate, TRUE)); $bLocalReset = TRUE; $candidate = NULL; $wmodeParam = 'P'; //Hardcode assumption for now. } else { $bLocalReset = FALSE; Context::debugDrupalMsg('<h3>Hi from Context: Using existing instance from [' . $candidate->m_nInstanceTimestamp . '] at [' . microtime(TRUE) . "]</h3> " . $candidate->getContextHtmlDebugInfo()); if (!isset($candidate->m_sVistaUserID)) { Context::debugDrupalMsg(microtime(TRUE) . ') DID NOT FIND USER IN EXISTING SESSION!!!!->' . print_r($candidate, TRUE), 'error'); } } } } else { //No session already exists, so we will create a new one. error_log('CONTEXTgetInstance::WORKFLOWDEBUG>>>NO EXISTING SESSION!!! Not using an existing session: bSessionResetFlagDetected=' . $bSessionResetFlagDetected . ' from ' . $_SERVER['REMOTE_ADDR'] . " CALLER==> " . Context::debugGetCallerInfo(10)); Context::debugDrupalMsg('Not using an existing session: bSessionResetFlagDetected=' . $bSessionResetFlagDetected); $bLocalReset = TRUE; $candidate = NULL; $wmodeParam = 'P'; //Hardcode assumption for now. } $bAccountConflictDetected = FALSE; //Set to true if something funny is going on. if ($candidate == NULL) { $bLocalReset = TRUE; } else { if ($bSystemDrivenAction) { //Update the session info. $candidate->m_nInstanceSystemActionTimestamp = time(); $candidate->serializeNow(); //Store this now!!! } else { //Update user action tracking in datatabase. if ($candidate !== NULL) { $nElapsedSeconds = time() - $candidate->m_nInstanceUserActionTimestamp; } else { $nElapsedSeconds = 0; } if (isset($tempUID) && $tempUID !== 0 && $nElapsedSeconds > 10) { try { //First make sure no one else is logged in as same UID $resultOther = db_select('raptor_user_recent_activity_tracking', 'u')->fields('u')->condition('uid', $tempUID, '=')->condition('ipaddress', $_SERVER['REMOTE_ADDR'], '<>')->orderBy('most_recent_action_dt', 'DESC')->execute(); if ($resultOther->rowCount() > 0) { $resultMe = db_select('raptor_user_recent_activity_tracking', 'u')->fields('u')->condition('uid', $tempUID, '=')->condition('ipaddress', $_SERVER['REMOTE_ADDR'], '=')->execute(); if ($resultMe->rowCount() > 0) { $other = $resultOther->fetchAssoc(); $me = $resultMe->fetchAssoc(); $bAccountConflictDetected = $other['most_recent_action_dt'] >= $me['most_recent_action_dt']; if ($bAccountConflictDetected) { error_log('CONTEXTgetInstance::Account conflict has been detected for UID=[' . $tempUID . '] this user at ' . $_SERVER['REMOTE_ADDR'] . ' other user at ' . $other['ipaddress'] . '>>> TIMES = other[' . $other['most_recent_action_dt'] . '] vs this[' . $me['most_recent_action_dt'] . ']'); } else { error_log('CONTEXTgetInstance::No account conflict detected on check (es=' . $nElapsedSeconds . ') for UID=[' . $tempUID . '] this user at ' . $_SERVER['REMOTE_ADDR'] . ' other user at ' . $other['ipaddress'] . '>>> TIMES = other[' . $other['most_recent_action_dt'] . '] vs this[' . $me['most_recent_action_dt'] . ']'); } } } if (!$forceReset) { //Log our activity. $updated_dt = date("Y-m-d H:i:s", time()); db_insert('raptor_user_activity_tracking')->fields(array('uid' => $tempUID, 'action_cd' => UATC_GENERAL, 'ipaddress' => $_SERVER['REMOTE_ADDR'], 'updated_dt' => $updated_dt))->execute(); $updated_dt = date("Y-m-d H:i:s", time()); //Write the recent activity to the single record that tracks it too. db_merge('raptor_user_recent_activity_tracking')->key(array('uid' => $tempUID, 'ipaddress' => $_SERVER['REMOTE_ADDR']))->fields(array('uid' => $tempUID, 'ipaddress' => $_SERVER['REMOTE_ADDR'], 'most_recent_action_dt' => $updated_dt, 'most_recent_action_cd' => UATC_GENERAL))->execute(); } //Update the session info. error_log('WORKFLOWDEBUG>>Updating user activity...' . "\n\tInstance ts = " . $candidate->m_nInstanceTimestamp . "\n\tUserAction ts = " . $candidate->m_nInstanceUserActionTimestamp . "\n\tSystemAction ts = " . $candidate->m_nInstanceSystemActionTimestamp . "\n\tuseridleseconds = " . $candidate->getUserIdleSeconds() . '\\t(Allowed=' . USER_TIMEOUT_SECONDS . ')'); $candidate->m_nInstanceUserActionTimestamp = time(); $candidate->serializeNow(); //Store this now!!! } catch (\Exception $ex) { error_log('CONTEXTgetInstance::Trouble updating raptor_user_activity_tracking>>>' . print_r($ex, TRUE)); } } } } if ($bLocalReset) { //Clear existing context except for any user login info. global $user; $tempUID = $user->uid; $candidate = new \raptor\Context($tempUID); if (isset($_SESSION[CONST_NM_RAPTOR_CONTEXT])) { //Preserve existing credientials. $current = unserialize($_SESSION[CONST_NM_RAPTOR_CONTEXT]); error_context_log('CONTEXTgetInstance::Clearing cache except login credentials for VistaUserID=' . $current->m_sVistaUserID); $candidate->m_sVistaUserID = $current->m_sVistaUserID; //20140609 $candidate->m_sVAPassword = $current->m_sVAPassword; //20140609 } $_SESSION[CONST_NM_RAPTOR_CONTEXT] = serialize($candidate); $candidate = unserialize($_SESSION[CONST_NM_RAPTOR_CONTEXT]); Context::debugDrupalMsg('Created new context at ' + $candidate->m_nInstanceTimestamp); } else { Context::debugDrupalMsg('[' . $candidate->m_nInstanceTimestamp . '] Got context from cache! UID=' . $candidate->getUID()); } //Now trigger logout if account conflict was detected. if ($bAccountConflictDetected) { //Don't get stuck in an infinite loop. if (substr($candidate->m_sVistaUserID, 0, 8) !== 'kickout_') { $candidate->m_aForceLogoutReason = array(); $candidate->m_aForceLogoutReason['code'] = 101; $candidate->m_aForceLogoutReason['text'] = 'Another workstation has logged in as the same RAPTOR user account "' . $candidate->m_sVistaUserID . '"'; $msg = 'You are kicked out because another workstation has logged in as the same RAPTOR user account "' . $candidate->m_sVistaUserID . '"'; error_log('CONTEXT KICKOUT ACCOUNT CONFLICT DETECTED ON [' . $candidate->m_sVistaUserID . '] >>> ' . time() . "\n\tSESSION>>>>" . print_r($_SESSION, TRUE)); $candidate->m_sVistaUserID = 'kickout_' . $candidate->m_sVistaUserID; $candidate->m_sVAPassword = NULL; $candidate->serializeNow(); //Store this now!!! } } if (!isset($candidate->m_mdwsClient)) { if ($candidate == NULL) { error_log('CONTEXTgetInstance::WORKFLOWDEBUG>>>getInstance has candidate instance from ' . $_SERVER['REMOTE_ADDR']); } else { error_log('CONTEXTgetInstance::WORKFLOWDEBUG>>>getInstance has NO existing Mdws connection for ' . $candidate->m_sVistaUserID . ' from ' . $_SERVER['REMOTE_ADDR'] . ' in ' . $candidate->m_nInstanceTimestamp); } } return $candidate; }
public function isSessionStarted() { return drupal_session_started(); }
/** * Stores the current transaction session to the Drupal session. */ public function storeToSession() { if (!drupal_session_started()) { drupal_session_start(); } $_SESSION['publisher_transaction_session'] = $this; }