/**
* authenticate user by username and password
*
* @param string $username the username
* @param string $password the password
* @return array
*/
public function login($username, $password)
{
Setup_Core::startSetupSession();
if (Setup_Controller::getInstance()->login($username, $password)) {
$response = array('success' => TRUE, 'welcomeMessage' => "Welcome to Tine 2.0 Setup!");
} else {
$response = array('success' => FALSE, 'errorMessage' => "Wrong username or password!");
}
return $response;
}
/**
* (non-PHPdoc)
* @see Tinebase_Server_Interface::handle()
*/
public function handle(\Zend\Http\Request $request = null, $body = null)
{
Tinebase_Session_Abstract::setSessionEnabled('TINE20SETUPSESSID');
if (Tinebase_Session::sessionExists()) {
Setup_Core::startSetupSession();
}
Setup_Core::initFramework();
if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' is http request. method: ' . $this->getRequestMethod());
}
$server = new Tinebase_Http_Server();
$server->setClass('Setup_Frontend_Http', 'Setup');
$server->setClass('Tinebase_Frontend_Http', 'Tinebase');
// needed for fetching translation in DEVELOPMENT mode
if (empty($_REQUEST['method'])) {
$_REQUEST['method'] = 'Setup.mainScreen';
}
$server->handle($_REQUEST);
}
/**
* (non-PHPdoc)
* @see Tinebase_Server_Interface::handle()
*/
public function handle(\Zend\Http\Request $request = null, $body = null)
{
try {
// init server and request first
$server = new Zend_Json_Server();
$server->setClass('Setup_Frontend_Json', 'Setup');
$server->setClass('Tinebase_Frontend_Json', 'Tinebase');
$server->setAutoHandleExceptions(false);
$server->setAutoEmitResponse(false);
$request = new Zend_Json_Server_Request_Http();
if (Tinebase_Session::sessionExists()) {
Setup_Core::startSetupSession();
}
Setup_Core::initFramework();
$method = $request->getMethod();
$jsonKey = isset($_SERVER['HTTP_X_TINE20_JSONKEY']) ? $_SERVER['HTTP_X_TINE20_JSONKEY'] : '';
Tinebase_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ . ' is JSON request. method: ' . $method);
$anonymnousMethods = array('Setup.getAllRegistryData', 'Setup.login', 'Tinebase.getAvailableTranslations', 'Tinebase.getTranslations', 'Tinebase.setLocale');
if (!Setup_Core::configFileExists()) {
$anonymnousMethods = array_merge($anonymnousMethods, array('Setup.envCheck'));
}
// check json key for all methods but some exceptions
if (!in_array($method, $anonymnousMethods) && Setup_Core::configFileExists() && (empty($jsonKey) || $jsonKey != Setup_Core::get('jsonKey') || !Setup_Core::isRegistered(Setup_Core::USER))) {
if (!Setup_Core::isRegistered(Setup_Core::USER)) {
Setup_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ . ' Attempt to request a privileged Json-API method without authorisation from "' . $_SERVER['REMOTE_ADDR'] . '". (session timeout?)');
throw new Tinebase_Exception_AccessDenied('Not Authorised', 401);
} else {
Setup_Core::getLogger()->warn(__METHOD__ . '::' . __LINE__ . ' Fatal: got wrong json key! (' . $jsonKey . ') Possible CSRF attempt!' . ' affected account: ' . print_r(Setup_Core::getUser(), true) . ' request: ' . print_r($_REQUEST, true));
throw new Tinebase_Exception_AccessDenied('Not Authorised', 401);
}
}
$response = $server->handle($request);
} catch (Exception $exception) {
$response = $this->_handleException($request, $exception);
}
echo $response;
}
