/** * Logs data to the shibboleth debug log * * @param string $msg the message to log * @param string|object $data additional data to log * @return void **/ private static function log($msg, $data = '') { static $params; if (!isset($params)) { $params = Plugin::params('authentication', 'shibboleth'); } if ($params->get('debug_enabled', true)) { if (!\Log::has('shib')) { $location = $params->get('debug_location', '/var/log/apache2/php/shibboleth.log'); $location = explode(DS, $location); $file = array_pop($location); \Log::register('shib', ['path' => implode(DS, $location), 'file' => $file, 'level' => 'info', 'format' => "%datetime% %message%\n"]); } // Create a token to identify related log entries if (!($cookie = Cookie::eat('shib-dbg-token'))) { $token = base64_encode(uniqid()); Cookie::bake('shib-dbg-token', time() + 60 * 60 * 24, ['shib-dbg-token' => $token]); } else { $token = $cookie->{'shib-dbg-token'}; } $toBeLogged = "{$token} - {$msg}"; if (!empty($data)) { $toBeLogged .= ":\t" . (is_string($data) ? $data : json_encode($data)); } \Log::logger('shib')->info("{$toBeLogged}"); } }
/** * Return a list of messages * * @param array $data * @param string $domain * @return array */ public function retrieve($domain) { if (!($messages = Monster::eat($this->key($domain)))) { $messages = array(); } if (count($messages)) { $this->clear($domain); } return $messages; }
/** * Method to log out a user. * * @since 1.6 */ public function logout() { $app = JFactory::getApplication(); $user = User::getInstance(); $authenticator = Request::getVar('authenticator', '', 'method'); $singleSignOn = Request::getVar('sso', false); if (empty($authenticator) || $authenticator == '') { $cookie = \Hubzero\Utility\Cookie::eat('authenticator'); if (isset($cookie->authenticator)) { $authenticator = $cookie->authenticator; } else { $authenticator = null; } } // If a specific authenticator is specified try to call the logout method for that plugin if (!empty($authenticator)) { Plugin::import('authentication'); $plugins = Plugin::byType('authentication'); foreach ($plugins as $plugin) { $className = 'plg' . $plugin->type . $plugin->name; if ($plugin->name != $authenticator) { continue; } if (class_exists($className)) { if (method_exists($className, 'logout')) { $myplugin = new $className($this, (array) $plugin); // Redirect to user third party signout view // Only do this for PUCAS for the time being (it's the one that doesn't lose session info after hub logout) if ($authenticator == 'pucas') { // Get plugin params $plugin = Plugin::byType('authentication', $authenticator); $pparams = new \Hubzero\Config\Registry($plugin->params); $auto_logoff = $pparams->get('auto_logoff', false); if ($auto_logoff || $singleSignOn == 'all') { $result = $myplugin->logout(); break; } elseif ($singleSignOn === false) { App::redirect(Route::url('index.php?option=com_users&view=endsinglesignon&authenticator=' . $authenticator, false)); return; } else { break; } } else { $result = $myplugin->logout(); break; } // Normal path } // End verification of logout() method } // End plugin check } // End foreach } // End check for specified authenticator // Perform the log out $error = $app->logout(); // Check if the log out succeeded. if (!$error instanceof Exception) { // If the authenticator is empty, but they have an active third party session, // redirect to a page indicating this and offering complete signout if (isset($user->auth_link_id) && $user->auth_link_id && empty($authenticator)) { $auth_domain_name = ''; $auth_domain = \Hubzero\Auth\Link::find_by_id($user->auth_link_id); if (is_object($auth_domain)) { $auth_domain_id = $auth_domain->auth_domain_id; $auth_domain_name = \Hubzero\Auth\Domain::find_by_id($auth_domain_id)->authenticator; } // Redirect to user third party signout view // Only do this for PUCAS for the time being (it's the one that doesn't lose session info after hub logout) if ($auth_domain_name == 'pucas') { // Get plugin params $plugin = Plugin::byType('authentication', $auth_domain_name); $pparams = new \Hubzero\Config\Registry($plugin->params); $auto_logoff = $pparams->get('auto_logoff', false); if ($auto_logoff) { App::redirect(Route::url('index.php?option=com_users&task=user.logout&authenticator=' . $auth_domain_name, false)); return; } else { App::redirect(Route::url('index.php?option=com_users&view=endsinglesignon&authenticator=' . $auth_domain_name, false)); return; } } } // Get the return url from the request and validate that it is internal. $return = Request::getVar('return', '', 'method', 'base64'); $return = base64_decode($return); if (!JURI::isInternal($return)) { $return = ''; } // Redirect the user. App::redirect(Route::url($return, false)); } else { App::redirect(Route::url('index.php?option=com_users&view=login', false)); } }
/** * Mark the overlay as having been viewed * * @return void */ public function _mark() { $this->view->setLayout('mark'); $member = $this->view->offering->member(User::get('id')); if ($member->get('first_visit') && $member->get('first_visit') != '0000-00-00 00:00:00') { return; } elseif (!$member->get('id')) { $cookie = \Hubzero\Utility\Cookie::eat('plugin.courses.guide'); if (!is_object($cookie) || !isset($cookie->first_visit)) { // Drop cookie $lifetime = time() + 365 * 24 * 60 * 60; \Hubzero\Utility\Cookie::bake('plugin.courses.guide', $lifetime, array('first_visit' => Date::toSql())); } } $member->set('first_visit', Date::toSql()); $member->store(); }
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. * * HUBzero is a registered trademark of Purdue University. * * @package hubzero-cms * @author Sam Wilson <*****@*****.**> * @copyright Copyright 2005-2015 HUBzero Foundation, LLC. * @license http://opensource.org/licenses/MIT MIT */ // no direct access defined('_HZEXEC_') or die; $hash = App::hash(App::get('client')->name . ':authenticator'); if (($cookie = \Hubzero\Utility\Cookie::eat('authenticator')) && !Request::getInt('reset', false)) { $primary = $cookie->authenticator; $user = User::getInstance($cookie->user_id); $user_img = $cookie->user_img; Request::setVar('primary', $primary); } $usersConfig = Component::params('com_members'); $primary = Request::getWord('primary', false); // use some reflections to inspect plugins for special behavior (added for shibboleth) $refl = array(); foreach ($authenticators as $a) { $refl[$a['name']] = new \ReflectionClass("plgAuthentication{$a['name']}"); } $current = Hubzero\Utility\Uri::getInstance()->toString(); $current .= strstr($current, '?') ? '&' : '?'; ?>
/** * Confirm user's registration code * * @return void */ public function confirmTask() { // Incoming $code = Request::getVar('confirm', false); if (!$code) { $code = Request::getVar('code', false); } $cookie = \Hubzero\Utility\Cookie::eat('authenticator'); // Check if the user is logged in if (User::isGuest()) { $return = base64_encode(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&task=' . $this->_task . '&confirm=' . $code, false, true)); App::redirect(Route::url('index.php?option=com_users&view=login&return=' . $return, false), Lang::txt('Please login in so we can confirm your account.'), 'warning'); } // @FIXME The session is overriding the activation code $xprofile = User::oneByActivationToken(-$code); $user = User::getInstance(); if ($xprofile->get('id') != $user->get('id')) { // Profile and logged in user does not math $this->setError('login mismatch'); // Build logout/login/confirm redirect flow $login_return = base64_encode(Route::url('index.php?option=' . $this->option . '&controller=' . $this->_controller . '&task=' . $this->_task . '&confirm=' . $code)); $logout_return = base64_encode(Route::url('index.php?option=com_users&view=login&return=' . $login_return)); $redirect = Route::url('index.php?option=com_users&view=logout&return=' . $logout_return); } $email_confirmed = $xprofile->get('activation'); if ($email_confirmed == 1 || $email_confirmed == 3) { // The current user is confirmed - check to see if the incoming code is valid at all if (\Components\Members\Helpers\Utility::isActiveCode($code)) { $this->setError('login mismatch'); // Build logout/login/confirm redirect flow $login_return = base64_encode(Route::url('index.php?option=' . $this->option . '&controller=' . $this->_controller . '&task=' . $this->_task . '&confirm=' . $code)); $logout_return = base64_encode(Route::url('index.php?option=com_users&view=login&return=' . $login_return)); $redirect = Route::url('index.php?option=com_users&view=logout&return=' . $logout_return); } } elseif ($email_confirmed < 0 && $email_confirmed == -$code) { //var to hold return path $return = ''; // get return path $cReturn = $this->config->get('ConfirmationReturn'); if ($cReturn) { $return = $cReturn; } //check to see if we have a return param $pReturn = base64_decode(urldecode($xprofile->getParam('return'))); if ($pReturn) { $return = $pReturn; $xprofile->setParam('return', ''); } // make as confirmed $xprofile->set('activation', 1); // set public setting $xprofile->set('access', $this->config->get('privacy', 1)); // upload profile if (!$xprofile->save()) { $this->setError(Lang::txt('COM_MEMBERS_REGISTER_ERROR_CONFIRMING')); } // if the user just changed their email & confirmed // reset 'userchangedemail' key if (Session::get('userchangedemail', 0) == 1) { Session::set('userchangedemail', 0); } // Redirect if (empty($return)) { $r = $this->config->get('ConfirmationReturn'); $return = $r ? $r : Route::url('index.php?option=com_members&task=myaccount'); // consume cookie (yum) if available to return to whatever action prompted registration if (isset($_COOKIE['return'])) { $return = $_COOKIE['return']; setcookie('return', '', time() - 3600); } } App::redirect($return, '', 'message', true); } else { $this->setError(Lang::txt('COM_MEMBERS_REGISTER_ERROR_INVALID_CONFIRMATION')); } // Set the pathway $this->_buildPathway(); // Set the page title $this->_buildTitle(); // Instantiate a new view $this->view->set('title', Lang::txt('COM_MEMBERS_REGISTER_CONFIRM'))->set('login', $xprofile->get('username'))->set('email', $xprofile->get('email'))->set('code', $code)->set('redirect', isset($return) ? $return : '')->set('sitename', Config::get('sitename'))->setErrors($this->getErrors())->display(); }