/**
* Authenticates the user and initializes the session.
*/
public function initSession($login, $md5Password, $rememberMe)
{
$tokenAuth = API::getInstance()->getTokenAuth($login, $md5Password);
$this->setLogin($login);
$this->setTokenAuth($tokenAuth);
$authResult = $this->authenticate();
$authCookieName = Config::getInstance()->General['login_cookie_name'];
$authCookieExpiry = $rememberMe ? time() + Config::getInstance()->General['login_cookie_expire'] : 0;
$authCookiePath = Config::getInstance()->General['login_cookie_path'];
$cookie = new Cookie($authCookieName, $authCookieExpiry, $authCookiePath);
if (!$authResult->wasAuthenticationSuccessful()) {
$cookie->delete();
throw new Exception(Piwik::translate('Login_LoginPasswordNotCorrect'));
}
$cookie->set('login', $login);
$cookie->set('token_auth', $this->getHashTokenAuth($login, $authResult->getTokenAuth()));
$cookie->setSecure(ProxyHttp::isHttps());
$cookie->setHttpOnly(true);
$cookie->save();
@Session::regenerateId();
// remove password reset entry if it exists
Login::removePasswordResetInfo($login);
}
/**
* Set the language for the session
*
* @param string $languageCode ISO language code
* @return bool
*/
public static function setLanguageForSession($languageCode)
{
if (!API::getInstance()->isLanguageAvailable($languageCode)) {
return false;
}
$cookieName = Config::getInstance()->General['language_cookie_name'];
$cookie = new Cookie($cookieName, 0);
$cookie->set('language', $languageCode);
$cookie->save();
return true;
}
public function initAuthenticationObject($activateCookieAuth = false)
{
$clientCertificateAPI = ClientCertificatesAPI::getInstance();
$loginAPI = LoginAPI::getInstance();
$dn = $clientCertificateAPI->getUserDN();
$issuer_dn = $clientCertificateAPI->getIssuerDN();
if ($dn != null) {
$auth = new CertAuth();
$previousAuth = \Piwik\Registry::get('auth');
\Piwik\Registry::set('auth', $auth);
if (!$this->initAuthenticationFromCookie($auth, $activateCookieAuth)) {
$result = $clientCertificateAPI->queryGovport($dn, $issuer_dn);
if ($result) {
$username = $this->getProperty($result, 'uid');
$fullname = $this->getProperty($result, 'fullName');
$email = $this->getProperty($result, 'email');
$firstname = $this->getProperty($result, 'firstName');
$lastname = $this->getProperty($result, 'lastName');
$agency = null;
if (property_exists($result, 'grantBy')) {
$agency = $result->{'grantBy'}[0];
}
if ($agency == null) {
if (property_exists($result, 'organizations')) {
$agency = $result->{'organizations'}[0];
}
if ($agency == null) {
$agency = 'N/A';
}
}
\Piwik\Log::debug("Login PKI Response: {$username}, {$fullname}, {$email}, {$firstname}, {$lastname}, {$agency}");
$auth->setLogin($username);
$auth->setUserDN($dn);
$auth->setPassword($username . $dn);
$auth->setTokenAuth(md5($username . $auth->getTokenAuthSecret()));
$auth->setEmail($email);
$auth->setAlias($this->getAlias($firstname, $lastname, $fullname));
$authResult = $auth->authenticate();
if ($authResult->wasAuthenticationSuccessful()) {
Session::regenerateId();
//Create Cookie
$authCookieExpiry = 0;
$authCookieName = Config::getInstance()->General['login_cookie_name'];
$authCookiePath = Config::getInstance()->General['login_cookie_path'];
$cookie = new Cookie($authCookieName, $authCookieExpiry, $authCookiePath);
$cookie->set('login', $authResult->getIdentity());
$cookie->set('token_auth', md5($username . $auth->getTokenAuthSecret()));
$cookie->setSecure(ProxyHttp::isHttps());
$cookie->setHttpOnly(true);
$cookie->save();
} else {
// Error message set by auth result
\Piwik\Registry::set('auth', $previousAuth);
}
} else {
\Piwik\Registry::set('auth', $previousAuth);
$loginAPI->setErrorMessage("Could not verify user against authorization service");
\Piwik\Log::debug("Could not verify user against authorization service. Falling back on standard auth.");
}
}
} else {
$loginAPI->setErrorMessage("No certificate provided");
\Piwik\Log::debug("No certificate provided. Falling back on standard login mechanism.");
}
}
