/**
* Sends the OTP writen by the user in the form to the Latch server to check it
* if OK stores the appId and secret in the Latch server.
* Receives the accountId from the Latch server and stores it in the Mediwiki DB.
* @param OTP sent to the mobile phone of the user and writen by user in the Mediawiki pairing form
* @ret 1: pairing OK, -1: pairing error
*/
public static function doPair($otp)
{
$toRet = -1;
//return value=-1, error during unpairing process
$api = new Latch(LatchConfig::appId, LatchConfig::secret);
//creation of a Latch API object
$response = $api->pair($otp);
//send the OTP writen by the user in the textbox
$data = $response->getData();
//echo( $data->accountId );
if (!is_null($data) && property_exists($data, "accountId")) {
$accountId = $data->accountId;
dbHelper::storeAccountId($accountId);
$toRet = 1;
//return value=1, pairing process successful
}
return $toRet;
}
public static function setHost($host)
{
Latch::$API_HOST = $host;
}
/**
* Get a Latch instance
*
* @return Latch Connection instance
*/
public static function getLatchConnection()
{
$pluginParams = new JRegistry(JPluginHelper::getPlugin("user", "latch")->params);
$appId = $pluginParams->get("latch_appID");
$appSecret = $pluginParams->get("latch_appSecret");
$apiHost = $pluginParams->get("latch_host");
if (!empty($apiHost)) {
Latch::setHost(rtrim($apiHost, '/'));
}
if (!empty($appId) && !empty($appSecret)) {
return new Latch($appId, $appSecret);
}
return;
}
public static function setCACertificatePath($certificatePath)
{
self::$CA_CERTIFICATE_PATH = $certificatePath;
}
/**
* Check if admin has Latch enabled
*
* @param string $latchId
* @param Mage_Admin_Model_User $user
* @return array
*/
public function getIfAdminLatchEnabled($latchId, $user)
{
$appId = $this->getApplicationId();
$appSecret = $this->getSecretKey();
$apiUrl = $this->getApiUrl();
if (!empty($latchId) && !empty($appId) && !empty($appSecret)) {
require_once Mage::getBaseDir('lib') . '/Latch/latch.php';
if ($apiUrl) {
$api = new Latch($appId, $appSecret, $apiUrl);
} else {
$api = new Latch($appId, $appSecret);
}
$apiResponse = $api->status($latchId);
$responseData = $apiResponse->getData();
$responseError = $apiResponse->getError();
if (empty($apiResponse) || empty($responseData) && empty($responseError)) {
return array("status" => 0, "message" => $this->__("Latch is not ready. Please try to log out and log in again."));
} else {
if (!empty($responseError)) {
if ($responseError->getCode() == 201) {
$user->setData('latch_id', $latchId);
try {
$user->save();
} catch (Exception $ex) {
return array("status" => 0, "message" => $this->__("Something was wrong, please try to log in again later: ") . $this->__($ex->getMessage()));
}
} else {
return array("status" => 0, "message" => $this->__("Something was wrong, please try to log in again later."));
}
}
}
if (!empty($responseData) && $responseData->{"operations"}->{$appId}->{"status"} === "on") {
return array("status" => 0, "message" => "");
} else {
return array("status" => 1, "message" => $this->__("Invalid login or password"));
}
}
}
public static function wfLoginHook(&$returnTo, &$returnToQuery, &$type)
{
global $wgUser, $wgOut, $wgRequest, $wgTitle;
$acc_id = "";
$msg = "";
$app_id = "";
$secret = "";
$type = 'error';
$two_factor_token = "";
$user_id = "";
# We remove the user's name to "freeze" the session
$wgRequest->setSessionData('wsUserName', "");
# If app_id, secret, user_id and the account_id are already in the DB, we take them
SpecialLatch::accDB_appsecret($app_id, $secret);
SpecialLatch::accDB_useraccid($wgUser->getId(), $user_id, $acc_id);
# If the user doesn't have Latch configured we redirect him to Main Page without checking anything
if (!empty($user_id) && !empty($acc_id)) {
# We call the Status function from the Latch SDK
$api = new Latch($app_id, $secret);
$statusResponse = $api->status($acc_id);
$responseData = $statusResponse->getData();
$responseError = $statusResponse->getError();
if (empty($statusResponse) || empty($responseData) && empty($responseError)) {
return false;
} else {
# If everything is OK and the status is on, we redirect the user to the main page and set the user's name again
if (!empty($responseData) && $responseData->{"operations"}->{$app_id}->{"status"} === "on") {
if (!empty($responseData->{"operations"}->{$app_id}->{"two_factor"})) {
$two_factor_token = $responseData->{"operations"}->{$app_id}->{"two_factor"}->{"token"};
# We have another special page for the OTP page. We insert the OTP token on DB and we redirect to that page
if (!empty($two_factor_token)) {
SpecialLatch::updDB_useraccid($user_id, $acc_id, $two_factor_token);
$wgOut->redirect(SpecialPage::getTitleFor('LatchOTP')->getFullURL('', false, PROTO_CURRENT));
}
} else {
SpecialLatch::putUserInSession();
}
} else {
if (!empty($responseData) && $responseData->{"operations"}->{$app_id}->{"status"} === "off") {
$wgUser->logout();
$specialUserlogin = new LoginForm();
$specialUserlogin->load();
$error = $specialUserlogin->mAbortLoginErrorMsg ?: 'wrongpassword';
$specialUserlogin->mainLoginForm($specialUserlogin->msg($error)->text());
} else {
SpecialLatch::putUserInSession();
}
}
}
} else {
SpecialLatch::putUserInSession();
}
return true;
}