/**
* Do login (AJAX call)
*
* @param TBGRequest $request
*/
public function runDoLogin(TBGRequest $request)
{
$i18n = TBGContext::getI18n();
$options = $request->getParameters();
$forward_url = TBGContext::getRouting()->generate('home');
if ($request->hasParameter('persona') && $request['persona'] == 'true') {
$url = 'https://verifier.login.persona.org/verify';
$assert = filter_input(INPUT_POST, 'assertion', FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
//Use the $_POST superglobal array for PHP < 5.2 and write your own filter
$params = 'assertion=' . urlencode($assert) . '&audience=' . urlencode(TBGContext::getURLhost() . ':80');
$ch = curl_init();
$options = array(CURLOPT_URL => $url, CURLOPT_RETURNTRANSFER => TRUE, CURLOPT_POST => 2, CURLOPT_POSTFIELDS => $params);
curl_setopt_array($ch, $options);
$result = curl_exec($ch);
curl_close($ch);
$details = json_decode($result);
$user = null;
if ($details->status == 'okay') {
$user = TBGUser::getByEmail($details->email);
if ($user instanceof TBGUser) {
TBGContext::getResponse()->setCookie('tbg3_password', $user->getPassword());
TBGContext::getResponse()->setCookie('tbg3_username', $user->getUsername());
TBGContext::getResponse()->setCookie('tbg3_persona_session', true);
return $this->renderJSON(array('status' => 'login ok', 'redirect' => in_array($request['referrer_route'], array('home', 'login'))));
}
}
if (!$user instanceof TBGUser) {
$this->getResponse()->setHttpStatus(401);
$this->renderJSON(array('message' => $this->getI18n()->__('Invalid login')));
}
return;
}
if (TBGSettings::isOpenIDavailable()) {
$openid = new LightOpenID(TBGContext::getRouting()->generate('login_page', array(), false));
}
if (TBGSettings::isOpenIDavailable() && !$openid->mode && $request->isPost() && $request->hasParameter('openid_identifier')) {
$openid->identity = $request->getRawParameter('openid_identifier');
$openid->required = array('contact/email');
$openid->optional = array('namePerson/first', 'namePerson/friendly');
return $this->forward($openid->authUrl());
} elseif (TBGSettings::isOpenIDavailable() && $openid->mode == 'cancel') {
$this->error = TBGContext::getI18n()->__("OpenID authentication cancelled");
} elseif (TBGSettings::isOpenIDavailable() && $openid->mode) {
try {
if ($openid->validate()) {
if ($this->getUser()->isAuthenticated() && !$this->getUser()->isGuest()) {
if (TBGOpenIdAccountsTable::getTable()->getUserIDfromIdentity($openid->identity)) {
TBGContext::setMessage('openid_used', true);
throw new Exception('OpenID already in use');
}
$user = $this->getUser();
} else {
$user = TBGUser::getByOpenID($openid->identity);
}
if ($user instanceof TBGUser) {
$attributes = $openid->getAttributes();
$email = array_key_exists('contact/email', $attributes) ? $attributes['contact/email'] : null;
if (!$user->getEmail()) {
if (array_key_exists('contact/email', $attributes)) {
$user->setEmail($attributes['contact/email']);
}
if (array_key_exists('namePerson/first', $attributes)) {
$user->setRealname($attributes['namePerson/first']);
}
if (array_key_exists('namePerson/friendly', $attributes)) {
$user->setBuddyname($attributes['namePerson/friendly']);
}
if (!$user->getNickname() || $user->isOpenIdLocked()) {
$user->setBuddyname($user->getEmail());
}
if (!$user->getRealname()) {
$user->setRealname($user->getBuddyname());
}
$user->save();
}
if (!$user->hasOpenIDIdentity($openid->identity)) {
TBGOpenIdAccountsTable::getTable()->addIdentity($openid->identity, $email, $user->getID());
}
TBGContext::getResponse()->setCookie('tbg3_password', $user->getPassword());
TBGContext::getResponse()->setCookie('tbg3_username', $user->getUsername());
if ($this->checkScopeMembership($user)) {
return true;
}
return $this->forward(TBGContext::getRouting()->generate(TBGSettings::get('returnfromlogin')));
} else {
$this->error = TBGContext::getI18n()->__("Didn't recognize this OpenID. Please log in using your username and password, associate it with your user account in your account settings and try again.");
}
} else {
$this->error = TBGContext::getI18n()->__("Could not validate against the OpenID provider");
}
} catch (Exception $e) {
$this->error = TBGContext::getI18n()->__("Could not validate against the OpenID provider: %message", array('%message' => htmlentities($e->getMessage(), ENT_COMPAT, TBGContext::getI18n()->getCharset())));
}
} elseif ($request->getMethod() == TBGRequest::POST) {
try {
if ($request->hasParameter('tbg3_username') && $request->hasParameter('tbg3_password') && $request['tbg3_username'] != '' && $request['tbg3_password'] != '') {
$user = TBGUser::loginCheck($request, $this);
TBGContext::setUser($user);
if ($this->checkScopeMembership($user)) {
return true;
}
if ($request->hasParameter('return_to')) {
$forward_url = $request['return_to'];
} else {
if (TBGSettings::get('returnfromlogin') == 'referer') {
$forward_url = $request->getParameter('tbg3_referer', TBGContext::getRouting()->generate('dashboard'));
} else {
$forward_url = TBGContext::getRouting()->generate(TBGSettings::get('returnfromlogin'));
}
}
$forward_url = htmlentities($forward_url, ENT_COMPAT, TBGContext::getI18n()->getCharset());
} else {
throw new Exception('Please enter a username and password');
}
} catch (Exception $e) {
if ($request->isAjaxCall()) {
$this->getResponse()->setHttpStatus(401);
TBGLogging::log($e->getMessage(), 'openid', TBGLogging::LEVEL_WARNING_RISK);
return $this->renderJSON(array("error" => $i18n->__("Invalid login details")));
} else {
$this->forward403($e->getMessage());
}
}
} else {
if ($request->isAjaxCall()) {
$this->getResponse()->setHttpStatus(401);
return $this->renderJSON(array("error" => $i18n->__('Please enter a username and password')));
} else {
$this->forward403($i18n->__('Please enter a username and password'));
}
}
if ($this->checkScopeMembership($user)) {
return true;
}
if ($request->isAjaxCall()) {
return $this->renderJSON(array('forward' => $forward_url));
} else {
$this->forward($this->getRouting()->generate('account'));
}
}
/**
* Load the user object into the user property
*
* @return TBGUser
*/
public static function loadUser($user = null)
{
try {
self::$_user = $user === null ? TBGUser::loginCheck(self::getRequest(), self::getCurrentAction()) : $user;
if (self::$_user->isAuthenticated()) {
if (self::$_user->isOffline() || self::$_user->isAway()) {
self::$_user->setOnline();
}
if (!self::getRequest()->hasCookie('tbg3_original_username')) {
self::$_user->updateLastSeen();
}
if (!TBGContext::getScope()->isDefault() && !self::getRequest()->isAjaxCall() && !in_array(self::getRouting()->getCurrentRouteName(), array('add_scope', 'serve', 'debug', 'logout')) && !self::$_user->isGuest() && !self::$_user->isConfirmedMemberOfScope(TBGContext::getScope())) {
self::getResponse()->headerRedirect(self::getRouting()->generate('add_scope'));
}
self::$_user->save();
if (!self::$_user->getGroup() instanceof TBGGroup) {
throw new Exception('This user account belongs to a group that does not exist anymore. <br>Please contact the system administrator.');
}
}
} catch (TBGElevatedLoginException $e) {
throw $e;
} catch (Exception $e) {
self::$_user = new TBGUser();
throw $e;
}
return self::$_user;
}
/**
* Load the user object into the user property
*
* @return TBGUser
*/
public static function loadUser($user = null)
{
try {
self::$_user = $user === null ? TBGUser::loginCheck(self::getRequest()->getParameter('tbg3_username'), self::getRequest()->getParameter('tbg3_password')) : $user;
if (self::$_user->isAuthenticated()) {
if (self::$_user->isOffline() || self::$_user->isAway()) {
self::$_user->setOnline();
}
self::$_user->updateLastSeen();
self::$_user->setTimezone(TBGSettings::getUserTimezone());
self::$_user->setLanguage(TBGSettings::getUserLanguage());
self::$_user->save();
if (!self::$_user->getGroup() instanceof TBGGroup) {
throw new Exception('This user account belongs to a group that does not exist anymore. <br>Please contact the system administrator.');
}
}
} catch (Exception $e) {
throw $e;
}
return self::$_user;
}
/**
* Login (AJAX call)
*
* @param TBGRequest $request
*/
public function runLogin(TBGRequest $request)
{
$i18n = TBGContext::getI18n();
$this->login_referer = array_key_exists('HTTP_REFERER', $_SERVER) && isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
$options = $request->getParameters();
$forward_url = TBGContext::getRouting()->generate('home');
try {
if ($request->getMethod() == TBGRequest::POST) {
if ($request->hasParameter('tbg3_username') && $request->hasParameter('tbg3_password')) {
$username = $request->getParameter('tbg3_username');
$password = $request->getParameter('tbg3_password');
$user = TBGUser::loginCheck($username, $password, true);
$this->getResponse()->setCookie('tbg3_username', $username);
$this->getResponse()->setCookie('tbg3_password', TBGUser::hashPassword($password));
TBGContext::setUser($user);
if ($request->hasParameter('return_to')) {
$forward_url = $request->getParameter('return_to');
} else {
if (TBGSettings::get('returnfromlogin') == 'referer') {
if ($request->getParameter('tbg3_referer')) {
$forward_url = $request->getParameter('tbg3_referer');
} else {
$forward_url = TBGContext::getRouting()->generate('dashboard');
}
} else {
$forward_url = TBGContext::getRouting()->generate(TBGSettings::get('returnfromlogin'));
}
}
} else {
throw new Exception($i18n->__('Please enter a username and password'));
}
} elseif (TBGSettings::isLoginRequired()) {
throw new Exception($i18n->__('You need to log in to access this site'));
} elseif (!TBGContext::getUser()->isAuthenticated()) {
throw new Exception($i18n->__('Please log in'));
} elseif (TBGContext::hasMessage('forward')) {
throw new Exception($i18n->__(TBGContext::getMessageAndClear('forward')));
}
} catch (Exception $e) {
if (TBGContext::getRequest()->isAjaxCall() || TBGContext::getRequest()->getRequestedFormat() == 'json') {
return $this->renderJSON(array('failed' => true, "error" => $i18n->__($e->getMessage()), 'referer' => $request->getParameter('tbg3_referer')));
} else {
$options['error'] = $e->getMessage();
}
}
if (TBGContext::getRequest()->isAjaxCall() || TBGContext::getRequest()->getRequestedFormat() == 'json') {
return $this->renderJSON(array('forward' => $forward_url));
} elseif ($forward_url !== null && $request->getParameter('continue') != true) {
$this->forward($forward_url);
}
$this->options = $options;
}
