/** * Authenticates the user and initializes the session. */ public function initSession($login, $md5Password, $rememberMe) { $tokenAuth = API::getInstance()->getTokenAuth($login, $md5Password); $this->setLogin($login); $this->setTokenAuth($tokenAuth); $authResult = $this->authenticate(); $authCookieName = Config::getInstance()->General['login_cookie_name']; $authCookieExpiry = $rememberMe ? time() + Config::getInstance()->General['login_cookie_expire'] : 0; $authCookiePath = Config::getInstance()->General['login_cookie_path']; $cookie = new Cookie($authCookieName, $authCookieExpiry, $authCookiePath); if (!$authResult->wasAuthenticationSuccessful()) { $cookie->delete(); throw new Exception(Piwik::translate('Login_LoginPasswordNotCorrect')); } $cookie->set('login', $login); $cookie->set('token_auth', $this->getHashTokenAuth($login, $authResult->getTokenAuth())); $cookie->setSecure(ProxyHttp::isHttps()); $cookie->setHttpOnly(true); $cookie->save(); @Session::regenerateId(); // remove password reset entry if it exists Login::removePasswordResetInfo($login); }
/** * Set the language for the session * * @param string $languageCode ISO language code * @return bool */ public static function setLanguageForSession($languageCode) { if (!API::getInstance()->isLanguageAvailable($languageCode)) { return false; } $cookieName = Config::getInstance()->General['language_cookie_name']; $cookie = new Cookie($cookieName, 0); $cookie->set('language', $languageCode); $cookie->save(); return true; }
public function initAuthenticationObject($activateCookieAuth = false) { $clientCertificateAPI = ClientCertificatesAPI::getInstance(); $loginAPI = LoginAPI::getInstance(); $dn = $clientCertificateAPI->getUserDN(); $issuer_dn = $clientCertificateAPI->getIssuerDN(); if ($dn != null) { $auth = new CertAuth(); $previousAuth = \Piwik\Registry::get('auth'); \Piwik\Registry::set('auth', $auth); if (!$this->initAuthenticationFromCookie($auth, $activateCookieAuth)) { $result = $clientCertificateAPI->queryGovport($dn, $issuer_dn); if ($result) { $username = $this->getProperty($result, 'uid'); $fullname = $this->getProperty($result, 'fullName'); $email = $this->getProperty($result, 'email'); $firstname = $this->getProperty($result, 'firstName'); $lastname = $this->getProperty($result, 'lastName'); $agency = null; if (property_exists($result, 'grantBy')) { $agency = $result->{'grantBy'}[0]; } if ($agency == null) { if (property_exists($result, 'organizations')) { $agency = $result->{'organizations'}[0]; } if ($agency == null) { $agency = 'N/A'; } } \Piwik\Log::debug("Login PKI Response: {$username}, {$fullname}, {$email}, {$firstname}, {$lastname}, {$agency}"); $auth->setLogin($username); $auth->setUserDN($dn); $auth->setPassword($username . $dn); $auth->setTokenAuth(md5($username . $auth->getTokenAuthSecret())); $auth->setEmail($email); $auth->setAlias($this->getAlias($firstname, $lastname, $fullname)); $authResult = $auth->authenticate(); if ($authResult->wasAuthenticationSuccessful()) { Session::regenerateId(); //Create Cookie $authCookieExpiry = 0; $authCookieName = Config::getInstance()->General['login_cookie_name']; $authCookiePath = Config::getInstance()->General['login_cookie_path']; $cookie = new Cookie($authCookieName, $authCookieExpiry, $authCookiePath); $cookie->set('login', $authResult->getIdentity()); $cookie->set('token_auth', md5($username . $auth->getTokenAuthSecret())); $cookie->setSecure(ProxyHttp::isHttps()); $cookie->setHttpOnly(true); $cookie->save(); } else { // Error message set by auth result \Piwik\Registry::set('auth', $previousAuth); } } else { \Piwik\Registry::set('auth', $previousAuth); $loginAPI->setErrorMessage("Could not verify user against authorization service"); \Piwik\Log::debug("Could not verify user against authorization service. Falling back on standard auth."); } } } else { $loginAPI->setErrorMessage("No certificate provided"); \Piwik\Log::debug("No certificate provided. Falling back on standard login mechanism."); } }