/**
* Log errors to system_logs table.
*
* @param string $method The method name
* @param string $message The error message
* @param string $trace The unique trace key
*
* @return void
*/
protected function logError(string $method, string $message, string $trace)
{
ServiceRequestContainer::perform()->Database->insertiNetRecordLog(ServiceRequestContainer::perform()->Session->getPassport('email'), sprintf('-- SFTP Error: %s - [ %s ] [ %s ]', $method, $message, $trace));
}
/**
* Constructor.
*
* @param AssetInterface $asset The AssetInterface
* @param DatabaseInterface $dbh The DatabaseInterface
* @param SessionInterface $session The SessionInterface
* @param ConfigurationInterface $config The ConfigurationInterface
*
* @api
*/
public function __construct(AssetInterface $asset, DatabaseInterface $dbh, SessionInterface $session, ConfigurationInterface $config)
{
$this->setProperty('dbh', $dbh)->setProperty('asset', $asset)->setProperty('config', $config)->setProperty('session', $session)->setProperty('benchmark', ServiceRequestContainer::perform()->Benchmark)->setUserPassport()->setDynamicSettings()->setDesignConstants()->setTemplateHeadConstants()->setTemplateFooterConstants()->setTwigConfiguration()->setPreferredTemplates();
}
/**
* Set the user Passport and Application Controls.
*
* @return DatabaseInterface The current instance
*
* @api
*/
protected function setUserAccountApplicationControl() : DatabaseInterface
{
$this->resultDataSet['record']['settings'] = ServiceRequestContainer::perform()->Yaml->deserialize($this->getRecord()['user_settings'])['settings']['passport'];
$this->resultDataSet['record']['is_intranet_access_enabled'] = $this->resultDataSet['record']['settings']['is_intranet_access_enabled'];
$this->resultDataSet['record']['application_control'] = join(',', array_keys($this->resultDataSet['record']['settings']['application_control']));
return $this;
}
/**
* Application Turn-Key.
*
* @notes Application Turn-key
* A destination requested before authenticating relays
* user to desired URL/destination (this by-passes Panel).
*
* Sometimes a user has requested a destination before
* authenticating on the system. This checks to see if
* a destination was set and will relay to the URL once
* authentication has been completed.
*
* To use prior to authenticating, assign the full
* application URL to $session->setPassport('destination_relay').
* Once authenticated, the /Login/index.php will relay
* to the destination.
*
* @return bool
*/
public function runApplicationTurnKey() : bool
{
$session = ServiceRequestContainer::perform()->Session;
if (!ServiceRequestContainer::perform()->Passport->has('token')) {
$session->setPassport('destination_relay', $this->getProperty('relRootApp'));
$this->requestRoute($this->getProperty('redirectLogout') . '/php-token-missing/');
} else {
$this->turnKeyValidate($session, $this->dbh->isSessionTokenAvailable($session->getPassport('token'))->getRecords());
}
return true;
}
/**
* Check Database persistence condition.
*
* @param array $data The database provided user data
*
* @return bool
*
* @api
*/
public function validUserAccount(array $data) : bool
{
$persist = ServiceRequestContainer::perform()->Persistence;
/* Does user exist? */
if (1 !== $data['record_count']) {
$persist->createSystemLog(sprintf('-- Error [ Switched-account ] [ admin: %s ]: No database User record found in personnel.', $this->getPassport('role_adusername')));
return false;
}
/* Check user access */
if (false === $data['is_intranet_access_enabled']) {
$persist->createSystemLog(sprintf('-- Error [ Switched-account ] [ admin: %s ]: Database says user not allow entry.', $this->getPassport('role_adusername')));
return false;
}
if (null === $data['is_intranet_access_enabled']) {
$persist->createSystemLog(sprintf('-- Error [ Switched-account ] [ admin: %s ]: Database says system down for maintenance.', $this->getPassport('role_adusername')));
return false;
}
return true;
}
/**
* Create a database session.
*
* @param string $seed The unique crypt key string
*
* @return DatabaseInterface The current instance
*
* @api
*/
public function createDatabaseSession(string $seed = null) : DatabaseInterface
{
$session = ServiceRequestContainer::perform()->Session;
$cryptKey = null === $seed ? $this->getSha512() : $this->getSha512($seed);
/* Process Order */
$order = ['method' => 'REPLACE', 'table' => 'system_sessions', 'set' => ['email' => $session->getPassport('email'), 'created_at' => $session->getPassport('time_created'), 'updated_at' => date(static::MYSQL_DATE_FORMAT), 'token' => $session->getPassport('token'), 'crypt_key' => $cryptKey, 'storage' => 'None', 'remote_addr' => sprintf('%u', ip2long($this->server->get('REMOTE_ADDR')))], 'types' => ['s', 's', 's', 's', 's', 's', 's']];
return $this->process($order);
}
/**
* Get user items for Passport.
*
* @param array $data The list of items from the database
* @param array $passportType The check for switch-user
*
* @return array
*/
public function getPassportAdminRole(array $data, string $passportType = 'switchUserPassport') : array
{
$configVault = new ConfigurationVault(ServiceRequestContainer::perform()->Filesystem, ServiceRequestContainer::perform()->Yaml);
$configVault->openVaultFile('administrator');
$sendGeneralUser = ['role_user' => in_array($data['adusername'], array_keys($configVault->getRecords()['administrator']['superuser'])) ? 'SUPER_ADMIN_ROLE' : 'USER_ROLE', 'role_uuid' => $this->sanitizeString($data['uuid'], 36, 36), 'role_adusername' => $this->sanitizeString($data['adusername'], 3, 30), 'role_masquerade_enabled' => false];
$sendSwitchUser = ['role_masquerade_enabled' => $data['adusername'] === $this->getPassport('role_adusername') ? false : true];
return 'switchUserPassport' === $passportType ? $sendSwitchUser : $sendGeneralUser;
}
