/**
* Attempt to authenticate the current user. Throws exception if login fails.
*
* @param \Zend\Http\PhpEnvironment\Request $request Request object containing
* account credentials.
*
* @throws AuthException
* @return \VuFind\Db\Row\User Object representing logged-in user.
*/
public function authenticate($request)
{
// Check if username is set.
$shib = $this->getConfig()->Shibboleth;
$username = $request->getServer()->get($shib->username);
if (empty($username)) {
throw new AuthException('authentication_error_admin');
}
// Check if required attributes match up:
foreach ($this->getRequiredAttributes() as $key => $value) {
if (!preg_match('/' . $value . '/', $request->getServer()->get($key))) {
throw new AuthException('authentication_error_denied');
}
}
// If we made it this far, we should log in the user!
$user = $this->getUserTable()->getByUsername($username);
// Has the user configured attributes to use for populating the user table?
$attribsToCheck = array("cat_username", "email", "lastname", "firstname", "college", "major", "home_library");
foreach ($attribsToCheck as $attribute) {
if (isset($shib->{$attribute})) {
$user->{$attribute} = $request->getServer()->get($shib->{$attribute});
}
}
// Save and return the user object:
$user->save();
return $user;
}
/**
* Return an array of roles which may be granted the permission based on
* the options.
*
* @param mixed $options Options provided from configuration.
*
* @return array
*/
public function getPermissions($options)
{
if ($this->request->getServer()->get('Shib-Identity-Provider') === false) {
$this->logWarning('getPermissions: Shibboleth server params missing');
return [];
}
return parent::getPermissions($options);
}
/**
* Return an array of roles which may be granted the permission based on
* the options.
*
* @param mixed $options Options provided from configuration.
*
* @return array
*/
public function getPermissions($options)
{
$this->debug('getPermissions: idpServerParam = ' . $this->idpServerParam);
if ($this->request->getServer()->get($this->idpServerParam) === null) {
$this->logWarning('getPermissions: Shibboleth server params missing');
return [];
}
return parent::getPermissions($options);
}
/**
* Return an array of roles which may be granted the permission based on
* the options.
*
* @param mixed $options Options provided from configuration.
*
* @return array
*/
public function getPermissions($options)
{
// Check if any regex matches....
$ip = $this->request->getServer()->get('REMOTE_ADDR');
if ($this->ipAddressUtils->isInRange($ip, (array) $options)) {
// Match? Grant to all users (guest or logged in).
return ['guest', 'loggedin'];
}
// No match? No permissions.
return [];
}
/**
* Attempt to authenticate the current user. Throws exception if login fails.
*
* @param \Zend\Http\PhpEnvironment\Request $request Request object containing
* account credentials.
*
* @throws AuthException
* @return \VuFind\Db\Row\User Object representing logged-in user.
*/
public function authenticate($request)
{
// Check if username is set.
$shib = $this->getConfig()->Shibboleth;
$username = $request->getServer()->get($shib->username);
if (empty($username)) {
throw new AuthException('authentication_error_admin');
}
// Check if required attributes match up:
foreach ($this->getRequiredAttributes() as $key => $value) {
if (!preg_match('/' . $value . '/', $request->getServer()->get($key))) {
throw new AuthException('authentication_error_denied');
}
}
// If we made it this far, we should log in the user!
$user = $this->getUserTable()->getByUsername($username);
// Variable to hold catalog password (handled separately from other
// attributes since we need to use saveCredentials method to store it):
$catPassword = null;
// Has the user configured attributes to use for populating the user table?
$attribsToCheck = ['cat_username', 'cat_password', 'email', 'lastname', 'firstname', 'college', 'major', 'home_library'];
foreach ($attribsToCheck as $attribute) {
if (isset($shib->{$attribute})) {
$value = $request->getServer()->get($shib->{$attribute});
if ($attribute != 'cat_password') {
// Special case: don't override existing email address:
if ($field == 'email') {
if (isset($user->email) && trim($user->email) != '') {
continue;
}
}
$user->{$attribute} = $value;
} else {
$catPassword = $value;
}
}
}
// Save credentials if applicable:
if (!empty($catPassword) && !empty($user->cat_username)) {
$user->saveCredentials($user->cat_username, $catPassword);
}
// Store logout URL in session:
$config = $this->getConfig()->Shibboleth;
if (isset($config->logout_attribute)) {
$url = $request->getServer()->get($config->logout_attribute);
if ($url) {
$sessionContainer = new SessionContainer('Shibboleth');
$sessionContainer['logoutUrl'] = $url;
}
}
// Save and return the user object:
$user->save();
return $user;
}
/**
* Metodo padrão de execução do log
*
* @return Log
*/
public function executar()
{
$this->logArquivo->parse();
$this->logArquivo->getLog()->setInicio(new \Datetime());
$this->logArquivo->getLog()->setFim(new \Datetime());
$this->logArquivo->getLog()->setIp($this->request->getServer('REMOTE_ADDR'));
$this->logArquivo->getLog()->setMensagem('Log arquivo de ' . $this->logArquivo->getTipo() . ': ' . $this->logArquivo->getNome());
$this->logArquivo->getLog()->setTipo(LogArquivo::TIPO);
$this->logArquivo->getLog()->setUsuario($this->usuario);
$this->logArquivo->getLog()->setRoute($this->request->getRequestUri());
return $this->logArquivo->getLog();
}
/**
* Metodo padrão de execução do log
*
* @return Log
*/
public function executar()
{
$this->logCadastro->setOperacao($this->operacao);
$this->logCadastro->parse();
$this->logCadastro->getLog()->setInicio(new \Datetime());
$this->logCadastro->getLog()->setFim(new \Datetime());
$this->logCadastro->getLog()->setIp($this->request->getServer('REMOTE_ADDR'));
$this->logCadastro->getLog()->setMensagem($this->operacao . ' - ' . get_class($this->logCadastro->getEntity()));
$this->logCadastro->getLog()->setTipo(LogCadastro::TIPO);
$this->logCadastro->getLog()->setUsuario($this->usuario);
$this->logCadastro->getLog()->setRoute($this->request->getRequestUri());
return $this->logCadastro->getLog();
}
/**
* Return an array of roles which may be granted the permission based on
* the options.
*
* @param mixed $options Options provided from configuration.
*
* @return array
*/
public function getPermissions($options)
{
// Check if any regex matches....
$ip = $this->request->getServer()->get('REMOTE_ADDR');
foreach ((array) $options as $current) {
if (preg_match($current, $ip)) {
// Match? Grant to all users (guest or logged in).
return ['guest', 'loggedin'];
}
}
// No match? No permissions.
return [];
}
public function getRemoteAddress()
{
$request = new Request();
$serverParams = $request->getServer();
$remoteAddress = $serverParams->get('REMOTE_ADDR');
if ($remoteAddress == '') {
$remoteAddress = '127.0.0.1';
}
return $remoteAddress;
}
/**
* Attempt to authenticate the current user. Throws exception if login fails.
*
* @param \Zend\Http\PhpEnvironment\Request $request Request object containing
* account credentials.
*
* @throws AuthException
* @return \VuFind\Db\Row\User Object representing logged-in user.
*/
public function authenticate($request)
{
$assertion = $request->getPost('assertion');
if ($assertion === null) {
throw new AuthException('authentication_missing_assertion');
}
$protocol = $request->getServer('HTTPS');
$audience = (empty($protocol) ? 'http://' : 'https://') . $request->getServer('SERVER_NAME') . ':' . $request->getServer('SERVER_PORT');
$client = $this->httpService->createClient('https://verifier.login.persona.org/verify', \Zend\Http\Request::METHOD_POST);
$client->setParameterPost(['assertion' => $assertion, 'audience' => $audience]);
$response = $client->send();
$result = json_decode($response->getContent());
if ($result->status !== 'okay') {
throw new AuthException('authentication_error_invalid');
}
$username = $result->email;
$user = $this->getUserTable()->getByUsername($username, false);
if ($user === false) {
$user = $this->createPersonaUser($username, $result->email);
}
return $user;
}
/**
* Process 401 Response Objects. This will redirect the visitor to the
* sites configured login page.
*
* @return Response
*/
protected function processNotAuthorized()
{
$loginPage = $this->currentSite->getLoginPage();
$notAuthorized = $this->currentSite->getNotAuthorizedPage();
$returnToUrl = urlencode($this->request->getServer('REQUEST_URI'));
$newResponse = new Response();
$newResponse->setStatusCode('302');
if (!$this->userService->hasIdentity()) {
$newResponse->getHeaders()->addHeaderLine('Location: ' . $loginPage . '?redirect=' . $returnToUrl);
} else {
$newResponse->getHeaders()->addHeaderLine('Location: ' . $notAuthorized);
}
return $newResponse;
}
public static function createFromRequest(BaseRequest $request)
{
$new = static::fromString($request->toString());
$new->setQuery($request->getQuery());
$new->setPost($request->getPost());
$new->setCookies($request->getCookie());
$new->setFiles($request->getFiles());
$new->setServer($request->getServer());
$new->setContent($request->getContent());
$new->setEnv($request->getEnv());
$headers = $request->getHeaders();
$new->setHeaders($headers);
return $new;
}
/**
* Check if a server param matches the option.
*
* @param string $option Option
*
* @return boolean true if a server param matches, false if not
*/
protected function checkServerParam($option)
{
// split option on spaces unless escaped with backslash
$optionParts = $this->splitString($option, ' ', '\\');
if (count($optionParts) < 2) {
$this->logError("configuration option '{$option}' invalid");
return false;
}
// first part is the server param name
$serverParamName = array_shift($optionParts);
if (isset($this->aliases[$serverParamName])) {
$serverParamName = $this->aliases[$serverParamName];
}
// optional modifier follow server param name
$modifierMatch = in_array($optionParts[0], ['~', '!~']);
$modifierNot = in_array($optionParts[0], ['!', '!~']);
if ($modifierNot || $modifierMatch) {
array_shift($optionParts);
}
// remaining parts are the templates for checking the server params
$templates = $optionParts;
if (empty($templates)) {
$this->logError("configuration option '{$option}' invalid");
return false;
}
// server param values to check
$serverParamString = $this->request->getServer()->get($serverParamName);
if ($serverParamString === null) {
// check fails if server param is missing
return false;
}
$serverParams = $this->splitString($serverParamString, $this->serverParamDelimiter, $this->serverParamEscape);
$result = false;
// check for each server param ...
foreach ($serverParams as $serverParam) {
// ... if it matches one of the templates (OR)
foreach ($templates as $template) {
if ($modifierMatch) {
$result |= preg_match('/' . $template . '/', $serverParam);
} else {
$result |= $template === $serverParam;
}
}
}
if ($modifierNot) {
$result = !$result;
}
return $result;
}
/**
* Attempt to authenticate the current user. Throws exception if login fails.
*
* @param \Zend\Http\PhpEnvironment\Request $request Request object containing
* account credentials.
*
* @throws AuthException
* @return \VuFind\Db\Row\User Object representing logged-in user.
*/
public function authenticate($request)
{
// Check if username is set.
$shib = $this->getConfig()->Shibboleth;
$username = $request->getServer()->get($shib->username);
if (empty($username)) {
throw new AuthException('authentication_error_admin');
}
// Check if required attributes match up:
foreach ($this->getRequiredAttributes() as $key => $value) {
if (!preg_match('/' . $value . '/', $request->getServer()->get($key))) {
throw new AuthException('authentication_error_denied');
}
}
// If we made it this far, we should log in the user!
$user = $this->getUserTable()->getByUsername($username);
// Variable to hold catalog password (handled separately from other
// attributes since we need to use saveCredentials method to store it):
$catPassword = null;
// Has the user configured attributes to use for populating the user table?
$attribsToCheck = ['cat_username', 'cat_password', 'email', 'lastname', 'firstname', 'college', 'major', 'home_library'];
foreach ($attribsToCheck as $attribute) {
if (isset($shib->{$attribute})) {
$value = $request->getServer()->get($shib->{$attribute});
if ($attribute != 'cat_password') {
$user->{$attribute} = $value === null ? '' : $value;
} else {
$catPassword = $value;
}
}
}
// Save credentials if applicable. Note that we want to allow empty
// passwords (see https://github.com/vufind-org/vufind/pull/532), but
// we also want to be careful not to replace a non-blank password with a
// blank one in case the auth mechanism fails to provide a password on
// an occasion after the user has manually stored one. (For discussion,
// see https://github.com/vufind-org/vufind/pull/612). Note that in the
// (unlikely) scenario that a password can actually change from non-blank
// to blank, additional work may need to be done here.
if (!empty($user->cat_username)) {
$user->saveCredentials($user->cat_username, empty($catPassword) ? $user->getCatPassword() : $catPassword);
}
// Save and return the user object:
$user->save();
return $user;
}
/**
* Запись логов
* @param Request $request
* @param Response $response
*/
public function write($request, $response)
{
$serverOptions = $request->getServer()->toArray();
$requestUri = isset($serverOptions['REQUEST_URI']) ? $serverOptions['REQUEST_URI'] : null;
// Проверка на запись от правильного запроса
if (is_null($requestUri) || !preg_match($this->_patternRequestWriteLog, $requestUri)) {
return;
}
$remoteAddr = isset($serverOptions['REMOTE_ADDR']) ? $serverOptions['REMOTE_ADDR'] : '';
$requestTime = isset($serverOptions['REQUEST_TIME']) ? $serverOptions['REQUEST_TIME'] : 0;
$requestTimeFloat = isset($serverOptions['REQUEST_TIME_FLOAT']) ? $serverOptions['REQUEST_TIME_FLOAT'] : 0;
/** @var DocumentManager $dm */
$dm = $this->getServiceLocator()->get('doctrine-document');
$logsClient = new LogsClient();
$logsClient->setDatetime((new \DateTime())->setTimestamp($requestTime))->setHeaders($request->getHeaders()->toString())->setRequest($request->getContent())->setResponse($response->getContent())->setIpAddress($remoteAddr)->setDuration(round(microtime(true), 4) - $requestTimeFloat);
$dm->persist($logsClient);
$dm->flush();
}
/**
* Get a server parameter taking into account any environment variables
* redirected by Apache mod_rewrite.
*
* @param \Zend\Http\PhpEnvironment\Request $request Request object containing
* account credentials.
* @param string $param Parameter name
*
* @return mixed
*/
protected function getServerParam($request, $param)
{
return $request->getServer()->get($param, $request->getServer()->get("REDIRECT_{$param}"));
}
/**
* @param string $name
* @param mixed $default
* @return mixed
*/
public function server($name, $default = null)
{
return $this->httpRequest->getServer($name, $default);
}
/**
* Attempt to authenticate the current user. Throws exception if login fails.
*
* @param \Zend\Http\PhpEnvironment\Request $request Request object containing
* account credentials.
*
* @throws AuthException
* @return \VuFind\Db\Row\User Object representing logged-in user.
*/
public function authenticate($request)
{
// Check if username is set.
$shib = $this->getConfig()->Shibboleth;
$usernameAlternatives = explode("##", $shib->username);
$username = "";
foreach ($usernameAlternatives as $usernameAlternative) {
$username = $request->getServer()->get($usernameAlternative);
if (!empty($username)) {
break;
}
}
//$username = $request->getServer()->get($shib->username);
if (empty($username)) {
throw new AuthException('authentication_error_admin');
}
// Check if required attributes match up (so far not used in swissbib:
foreach ($this->getRequiredAttributes() as $key => $value) {
$valueAlternatives = explode("##", $value);
$found = false;
foreach ($valueAlternatives as $valuetest) {
if (preg_match('/' . $valuetest . '/', $request->getServer()->get($key))) {
$found = true;
break;
}
}
if (!$found) {
throw new AuthException('authentication_error_denied');
}
}
// If we made it this far, we should log in the user!
$user = $this->getUserTable()->getByUsername($username);
// Variable to hold catalog password (handled separately from other
// attributes since we need to use saveCredentials method to store it):
$catPassword = null;
// Has the user configured attributes to use for populating the user table?
$attribsToCheck = ['cat_username', 'cat_password', 'email', 'lastname', 'firstname', 'college', 'major', 'home_library'];
foreach ($attribsToCheck as $attribute) {
if (isset($shib->{$attribute})) {
$tattrAlternatives = explode("##", $shib->{$attribute});
$attvalue = "";
foreach ($tattrAlternatives as $aAlternative) {
$tvar = $request->getServer()->get($aAlternative);
if (!empty($tvar)) {
$attvalue = $request->getServer()->get($aAlternative);
break;
}
}
if ($attribute != 'cat_password' && !empty($attvalue)) {
$user->{$attribute} = $attvalue;
} else {
$catPassword = $value;
}
}
}
// Save credentials if applicable:
if (!empty($catPassword) && !empty($user->cat_username)) {
$user->saveCredentials($user->cat_username, $catPassword);
}
// Save and return the user object:
$user->save();
return $user;
}
/**
* fetch basic auth credentials
*
* @param \Zend\Http\PhpEnvironment\Request $request
* @return array
*/
protected function _getBasicAuthData(\Zend\Http\PhpEnvironment\Request $request)
{
if ($header = $request->getHeaders('Authorization')) {
return explode(":", base64_decode(substr($header->getFieldValue(), 6)), 2);
} elseif ($header = $request->getServer('HTTP_AUTHORIZATION')) {
return explode(":", base64_decode(substr($header, 6)), 2);
} else {
// check if (REDIRECT_)*REMOTE_USER is found in SERVER vars
$name = 'REMOTE_USER';
for ($i = 0; $i < 5; $i++) {
if ($header = $request->getServer($name)) {
return explode(":", base64_decode(substr($header, 6)), 2);
}
$name = 'REDIRECT_' . $name;
}
}
}
/**
* @group ZF2-480
*/
public function testBaseurlFallsBackToRootPathIfScriptFilenameIsNotSet()
{
$request = new Request();
$server = $request->getServer();
$server->set('SCRIPT_NAME', null);
$server->set('PHP_SELF', null);
$server->set('ORIG_SCRIPT_NAME', null);
$server->set('ORIG_SCRIPT_NAME', null);
$server->set('SCRIPT_FILENAME', null);
$this->assertEquals('', $request->getBaseUrl());
}
/**
* Determine the page to save from the request
*
* @param HttpRequest $request Http Request
*
* @throws \RuntimeException
* @return string
*/
protected function createId(HttpRequest $request)
{
return md5(sprintf('%s-%s-%s', $request->getServer('HTTPS'), $request->getServer('HTTP_HOST'), $request->getRequestUri()));
}
/**
* Maps premapped attributes from shibboleth.ini particular section where is know-how for parsing
* attributes the IdP returned.
*
* It basically returns array $attributes, which is later saved to 'user' table as current user.
* There may be some minor modifications, e.g. to cat_username is appended institute delimited
* by $this::SEPARATOR.
*
* @param \Zend\Http\PhpEnvironment\Request $request
* @param \Zend\Config\Config $config
* containing only array of attributes mapping from attribute-map.xml to user table in VuFind
* @return array attributes
*/
protected function fetchAttributes($request, $config)
{
$attributes = array();
foreach ($this->attribsToCheck as $attribute) {
if (isset($config->{$attribute})) {
$key = $config->{$attribute};
$pattern = null;
$value = null;
if (strpos($key, '|') !== false) {
$keys = explode('|', $key);
foreach ($keys as $key) {
$key = trim($key);
$value = $request->getServer()->get($key);
if ($value != null) {
break;
}
}
} elseif (strpos($key, ',') !== false) {
list($key, $pattern) = explode(',', $key, 2);
$pattern = trim($pattern);
}
if ($value == null) {
$value = $request->getServer()->get($key);
}
if ($pattern != null) {
$matches = array();
preg_match($pattern, $value, $matches);
$value = $matches[1];
}
$attributes[$attribute] = $value;
}
}
return $attributes;
}
public function testRetrievingASingleValueForParameters()
{
$request = new Request();
$p = new \Zend\Stdlib\Parameters(array('foo' => 'bar'));
$request->setQuery($p);
$request->setPost($p);
$request->setFiles($p);
$request->setServer($p);
$request->setEnv($p);
$this->assertSame('bar', $request->getQuery('foo'));
$this->assertSame('bar', $request->getPost('foo'));
$this->assertSame('bar', $request->getFiles('foo'));
$this->assertSame('bar', $request->getServer('foo'));
$this->assertSame('bar', $request->getEnv('foo'));
$headers = new Headers();
$h = new GenericHeader('foo', 'bar');
$headers->addHeader($h);
$request->setHeaders($headers);
$this->assertSame($headers, $request->getHeaders());
$this->assertSame($h, $request->getHeaders()->get('foo'));
$this->assertSame($h, $request->getHeader('foo'));
}
public function __construct()
{
$request = new Request();
$this->dir = $request->getServer('DOCUMENT_ROOT', false) . "/fotos/";
}
