コード例 #1
0
ファイル: LoginAPIModule.php プロジェクト: nncsang/Kurogo
 public function initializeForCommand()
 {
     if (!Kurogo::getSiteVar('AUTHENTICATION_ENABLED')) {
         throw new KurogoConfigurationException("Authentication is not enabled on this site");
     }
     switch ($this->command) {
         case 'logout':
             if (!$this->isLoggedIn()) {
                 $this->redirectTo('session');
             } else {
                 $session = $this->getSession();
                 $user = $this->getUser();
                 $hard = $this->getArg('hard', false);
                 $authorityIndex = $this->getArg('authority', false);
                 if ($authorityIndex) {
                     $authority = AuthenticationAuthority::getAuthenticationAuthority($authorityIndex);
                 } else {
                     $authority = $user->getAuthenticationAuthority();
                 }
                 $session->logout($authority, $hard);
                 $this->redirectTo('session');
             }
             $this->setResponse($response);
             $this->setResponseVersion(1);
             break;
         case 'getuserdata':
             $key = $this->getArg('key', null);
             $user = $this->getUser();
             $response = $user->getUserData($key);
             $this->setResponse($response);
             $this->setResponseVersion(1);
             break;
         case 'session':
             $session = $this->getSession();
             $response = array('session_id' => $session->getSessionID(), 'token' => $session->getLoginToken());
             // version 2 implements multiple identities into the response
             if ($this->requestedVersion == 2) {
                 $response['users'] = array();
                 $users = $session->getUsers();
                 foreach ($users as $user) {
                     $authority = $user->getAuthenticationAuthority();
                     $response['users'][$authority->getAuthorityIndex()] = array('authority' => $authority->getAuthorityIndex(), 'authorityTitle' => $authority->getAuthorityTitle(), 'userID' => $user->getUserID(), 'name' => $user->getFullName(), 'sessiondata' => $user->getSessionData());
                 }
                 $this->setResponseVersion(2);
             } else {
                 // version 1 assumes only 1 user
                 $user = $this->getUser();
                 $response['user'] = array('authority' => $user->getAuthenticationAuthorityIndex(), 'userID' => $user->getUserID(), 'name' => $user->getFullName(), 'sessiondata' => $user->getSessionData());
                 $this->setResponseVersion(1);
             }
             $this->setResponse($response);
             break;
         default:
             $this->invalidCommand();
             break;
     }
 }
コード例 #2
0
 public function init($args)
 {
     parent::init($args);
     if (!$this->authority) {
         if ($authority = AuthenticationAuthority::getAuthenticationAuthority('GoogleAppsAuthentication')) {
             $this->setAuthority($authority);
         }
     }
 }
コード例 #3
0
ファイル: CASAuthentication.php プロジェクト: nncsang/Kurogo
 /**
  * Initializes the authority objects based on an associative array of arguments
  * @param array $args an associate array of arguments. The argument list is dependent on the authority
  *
  * General - Required keys:
  *   TITLE => The human readable title of the AuthorityImage
  *   INDEX => The tag used to identify this authority @see AuthenticationAuthority::getAuthenticationAuthority
  *
  * General - Optional keys:
  *   LOGGEDIN_IMAGE_URL => a url to an image/badge that is placed next to the user name when logged in
  *
  * CAS - Required keys:
  *   CAS_PROTOCOL => The protocol to use. Should be equivalent to one of the phpCAS constants, e.g. "2.0":
  *                   CAS_VERSION_1_0 => '1.0', CAS_VERSION_2_0 => '2.0', SAML_VERSION_1_1 => 'S1'
  *   CAS_HOST => The host name of the CAS server, e.g. "cas.example.edu"
  *   CAS_PORT => The port the CAS server is listening on, e.g. "443"
  *   CAS_PATH => The path of the CAS application, e.g. "/cas/"
  *   CAS_CA_CERT => The filesystem path to a CA certificate that will be used to validate the authenticity
  *                  of the CAS server, e.g. "/etc/tls/pki/certs/my_ca_cert.crt". If empty, no certificate
  *                  validation will be performed (not recommended for production).
  *
  * CAS - Optional keys:
  *   ATTRA_EMAIL => Attribute name for the user's email adress, e.g. "email". This only applies if your 
  *                  CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
  *   ATTRA_FIRST_NAME => Attribute name for the user's first name, e.g. "givename". This only applies if your 
  *                       CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
  *   ATTRA_LAST_NAME => Attribute name for the user's last name, e.g. "surname". This only applies if your 
  *                      CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
  *   ATTRA_FULL_NAME => Attribute name for the user's full name, e.g. "displayname". This only applies if your 
  *                      CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
  *   ATTRA_MEMBER_OF => Attribute name for the user's groups, e.g. "memberof". This only applies if your 
  *                      CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
  *
  * NOTE: Any subclass MUST call parent::init($args) to ensure proper operation
  *
  */
 public function init($args)
 {
     parent::init($args);
     // include the PHPCAS library
     if (empty($args['CAS_PHPCAS_PATH'])) {
         require_once 'CAS.php';
     } else {
         require_once $args['CAS_PHPCAS_PATH'] . '/CAS.php';
     }
     if (empty($args['CAS_PROTOCOL'])) {
         throw new KurogoConfigurationException('CAS_PROTOCOL value not set for ' . $this->AuthorityTitle);
     }
     if (empty($args['CAS_HOST'])) {
         throw new KurogoConfigurationException('CAS_HOST value not set for ' . $this->AuthorityTitle);
     }
     if (empty($args['CAS_PORT'])) {
         throw new KurogoConfigurationException('CAS_PORT value not set for ' . $this->AuthorityTitle);
     }
     if (empty($args['CAS_PATH'])) {
         throw new KurogoConfigurationException('CAS_PATH value not set for ' . $this->AuthorityTitle);
     }
     if (empty($args['CAS_PROXY_INIT'])) {
         phpCAS::client($args['CAS_PROTOCOL'], $args['CAS_HOST'], intval($args['CAS_PORT']), $args['CAS_PATH'], false);
     } else {
         phpCAS::proxy($args['CAS_PROTOCOL'], $args['CAS_HOST'], intval($args['CAS_PORT']), $args['CAS_PATH'], false);
         if (!empty($args['CAS_PROXY_TICKET_PATH'])) {
             phpCAS::setPGTStorageFile('', $args['CAS_PROXY_TICKET_PATH']);
         }
         if (!empty($args['CAS_PROXY_FIXED_CALLBACK_URL'])) {
             phpCAS::setFixedCallbackURL($args['CAS_PROXY_FIXED_CALLBACK_URL']);
         }
     }
     if (empty($args['CAS_CA_CERT'])) {
         phpCAS::setNoCasServerValidation();
     } else {
         phpCAS::setCasServerCACert($args['CAS_CA_CERT']);
     }
     // Record any attribute mapping configured.
     if (!empty($args['ATTRA_EMAIL'])) {
         CASUser::mapAttribute('Email', $args['ATTRA_EMAIL']);
     }
     if (!empty($args['ATTRA_FIRST_NAME'])) {
         CASUser::mapAttribute('FirstName', $args['ATTRA_FIRST_NAME']);
     }
     if (!empty($args['ATTRA_LAST_NAME'])) {
         CASUser::mapAttribute('LastName', $args['ATTRA_LAST_NAME']);
     }
     if (!empty($args['ATTRA_FULL_NAME'])) {
         CASUser::mapAttribute('FullName', $args['ATTRA_FULL_NAME']);
     }
     // Store an attribute for group membership if configured.
     if (!empty($args['ATTRA_MEMBER_OF'])) {
         CASUser::mapAttribute('MemberOf', $args['ATTRA_MEMBER_OF']);
     }
 }
コード例 #4
0
 protected function init($args)
 {
     parent::init($args);
     //either get the specified authority or attempt to get a GoogleApps authority
     $authorityIndex = isset($args['AUTHORITY']) ? $args['AUTHORITY'] : 'GoogleAppsAuthentication';
     $authority = AuthenticationAuthority::getAuthenticationAuthority($authorityIndex);
     //make sure we're getting a google apps authority
     if ($authority instanceof GoogleAppsAuthentication) {
         $this->authority = $authority;
     }
     $this->addStandardFilters();
 }
コード例 #5
0
 public function init($args)
 {
     parent::init($args);
     // set field map using SHIB_XXX_FIELD = "" maps to $_SERVER values
     foreach ($args as $arg => $value) {
         if (preg_match("/^shib_(email|firstname|lastname|fullname)_field\$/", strtolower($arg), $bits)) {
             $key = strtolower($bits[1]);
             $this->fieldMap[$key] = $value;
         }
     }
     if (isset($args['SHIB_ATTRIBUTES']) && is_array($args['SHIB_ATTRIBUTES'])) {
         $this->attributes = $args['SHIB_ATTRIBUTES'];
     }
 }
コード例 #6
0
    public function __construct()
    {
        if (!isset($_SESSION)) {
            if (!is_dir(CACHE_DIR . "/session")) {
                mkdir(CACHE_DIR . "/session",0700,true);
            }
            ini_set('session.save_path', CACHE_DIR . "/session");
            ini_set('session.name', SITE_KEY);
            ini_set('session.use_only_cookies', 1);
            ini_set('session.cookie_path', COOKIE_PATH);
            session_start();
        }
        
        $user = new AnonymousUser();
        
        if (isset($_SESSION['auth'])) {
        
            $maxIdleTime = intval($GLOBALS['siteConfig']->getVar('AUTHENTICATION_IDLE_TIMEOUT'));
            $lastPing = isset($_SESSION['ping']) ? $_SESSION['ping'] : 0;
            $diff = time() - $lastPing;
            
            if ( $maxIdleTime && ($diff > $maxIdleTime)) {
                // right now nothing happens, but we could show and error if necessary.
            } elseif ($authority = AuthenticationAuthority::getAuthenticationAuthority($_SESSION['auth'])) {

                $auth_userID = isset($_SESSION['auth_userID']) ? $_SESSION['auth_userID'] : '';

                if ($auth_userID) {
                
                    if ($_user = $authority->getUser($auth_userID)) {
                        $user = $_user;
                    } else {
                        error_log("Error trying to load user $auth_userID");
                    } 
                }
            }
        }
                    
        $this->setUser($user);
    }    
コード例 #7
0
ファイル: DataRetriever.php プロジェクト: nncsang/Kurogo
 protected function init($args)
 {
     $this->initArgs = $args;
     if (isset($args['DEBUG_MODE'])) {
         $this->setDebugMode($args['DEBUG_MODE']);
     }
     if (isset($args['OPTIONS']) && is_array($args['OPTIONS'])) {
         $this->setOptions($args['OPTIONS']);
     }
     if (isset($args['AUTHORITY'])) {
         if ($authority = AuthenticationAuthority::getAuthenticationAuthority($args['AUTHORITY'])) {
             $this->setAuthority($authority);
         }
     }
     if (!isset($args['PARSER_CLASS'])) {
         if ($this->DEFAULT_PARSER_CLASS) {
             $args['PARSER_CLASS'] = $this->DEFAULT_PARSER_CLASS;
         } elseif (isset($args['DEFAULT_PARSER_CLASS']) && strlen($args['DEFAULT_PARSER_CLASS'])) {
             $args['PARSER_CLASS'] = $args['DEFAULT_PARSER_CLASS'];
         } else {
             $args['PARSER_CLASS'] = 'PassthroughDataParser';
         }
     }
     if (!isset($args['CACHE_LIFETIME'])) {
         $args['CACHE_LIFETIME'] = $this->DEFAULT_CACHE_LIFETIME;
     }
     // instantiate the parser class
     $parser = DataParser::factory($args['PARSER_CLASS'], $args);
     $this->setParser($parser);
     $cacheClass = isset($args['CACHE_CLASS']) ? $args['CACHE_CLASS'] : 'DataCache';
     $this->cache = DataCache::factory($cacheClass, $args);
 }
コード例 #8
0
 /**
  * attempts to see if a valid login cookie is present. 
  */
 private function getLoginCookie()
 {
     $token = '';
     $hash = '';
     if (isset($_COOKIE[self::TOKEN_COOKIE], $_COOKIE[self::USERHASH_COOKIE])) {
         $token = $_COOKIE[self::TOKEN_COOKIE];
         $hash = $_COOKIE[self::USERHASH_COOKIE];
     } elseif (isset($_COOKIE[self::API_TOKEN_COOKIE], $_COOKIE[self::API_USERHASH_COOKIE])) {
         $token = $_COOKIE[self::API_TOKEN_COOKIE];
         $hash = $_COOKIE[self::API_USERHASH_COOKIE];
     }
     // a token exists
     if ($token) {
         //get the token data
         if ($data = $this->getLoginTokenData($token)) {
             $this->login_token = $token;
             $users = array();
             //validate the hash
             if ($this->getUserHash($data['data']) == $hash) {
                 foreach ($data['data'] as $userData) {
                     // attempt to get the user
                     if ($authority = AuthenticationAuthority::getAuthenticationAuthority($userData['auth'])) {
                         if ($user = $authority->getUser($userData['userID'])) {
                             $user->setSessionData($userData['data']);
                             $users[] = $user;
                         } else {
                             Kurogo::log(LOG_WARNING, "Unable to load user " . $userData['userID'] . " for " . $userData['auth'], 'session');
                         }
                     } else {
                         Kurogo::log(LOG_WARNING, "Unable to load authority " . $userData['auth'], 'session');
                     }
                 }
                 if (count($users) > 0) {
                     return $users;
                 }
             }
         }
         // something did not match so clean up
         $this->clearLoginToken();
     }
     return false;
 }
コード例 #9
0
 public function init($args)
 {
     parent::init($args);
     $args = is_array($args) ? $args : array();
     $this->userFile = isset($args['PASSWD_USER_FILE']) ? $args['PASSWD_USER_FILE'] : null;
     $this->groupFile = isset($args['PASSWD_GROUP_FILE']) ? $args['PASSWD_GROUP_FILE'] : null;
     
     if ($this->userLogin != 'NONE') {        
         if (!is_readable($this->userFile)) {
             throw new Exception("Unable to load password file $this->userFile");
         }
     }
 }
コード例 #10
0
    public function initializeForCommand() {  
        if (!Kurogo::getSiteVar('AUTHENTICATION_ENABLED')) {
            throw new Exception("Authentication is not enabled on this site");
        }
        
        switch ($this->command) {
            case 'logout':
                if (!$this->isLoggedIn()) {
                    $this->redirectTo('session');
                } else {
                    $session = $this->getSession();
                    $user = $this->getUser();

                    $hard = $this->getArg('hard', false);
                    $authorityIndex = $this->getArg('authority', false);
                    if ($authorityIndex) {
                      $authority = AuthenticationAuthority::getAuthenticationAuthority($authorityIndex);
                    } else {
                      $authority = $user->getAuthenticationAuthority();
                    }
                    
                    $session->logout($authority, $hard);
                    $this->redirectTo('session');
                }

                $this->setResponse($response);
                $this->setResponseVersion(1);
                break;
                
           case 'getuserdata':
                $key = $this->getArg('key', null);
                $user = $this->getUser();
                $response = $user->getUserData($key);
                $this->setResponse($response);
                $this->setResponseVersion(1);
                break;
                
           case 'session':
                $session = $this->getSession();
                $user = $this->getUser();
                
                $response = array(
                    'session_id'=>$session->getSessionID(),
                    'token'=>$session->getLoginToken(),
                    'user'=>array(
                        'authority'=>$user->getAuthenticationAuthorityIndex(),
                        'userID'=>$user->getUserID(),
                        'name'=>$user->getFullName(),
                        'sessiondata'=>$user->getSessionData()
                    )
                        
                );

                $this->setResponse($response);
                $this->setResponseVersion(1);
                break;
                
            default:
                $this->invalidCommand();
                break;
        }
    }
コード例 #11
0
 public function getMembers()
 {
     $property = $this->AuthenticationAuthority->getField('group_groupmember');
     if ($this->AuthenticationAuthority->getField('group_authority')) {
         $sql = sprintf("SELECT `%s`,`%s` FROM `%s` WHERE %s=?", $this->AuthenticationAuthority->getField('groupmember_authority'), $this->AuthenticationAuthority->getField('groupmember_user'), $this->AuthenticationAuthority->getTable('groupmembers'), $this->AuthenticationAuthority->getField('groupmember_group'));
     } else {
         $sql = sprintf("SELECT `%s` FROM `%s` WHERE %s=?", $this->AuthenticationAuthority->getField('groupmember_user'), $this->AuthenticationAuthority->getTable('groupmembers'), $this->AuthenticationAuthority->getField('groupmember_group'));
     }
     $connection = $this->AuthenticationAuthority->connection();
     $result = $connection->query($sql, array($this->{$property}));
     $members = array();
     while ($row = $result->fetch()) {
         $userID = $row[$this->AuthenticationAuthority->getField('userID')];
         if ($this->AuthenticationAuthority->getField('groupmember_authority')) {
             if (!($authority = AuthenticationAuthority::getAuthenticationAuthority($row[$this->AuthenticationAuthority->getField('authority')]))) {
                 continue;
             }
         } else {
             $authority = $this->getAuthenticationAuthority();
         }
         if ($user = $authority->getUser($userID)) {
             $members[] = $user;
         }
     }
     return $members;
 }
コード例 #12
0
    public function init($args)
    {
        parent::init($args);
        $args = is_array($args) ? $args : array();
        if (!isset($args['API_KEY'], $args['API_SECRET']) ||
            strlen($args['API_KEY'])==0 || strlen($args['API_SECRET'])==0) {
            throw new Exception("API key and secret not set");
        }

        $this->api_key = $args['API_KEY'];
        $this->api_secret = $args['API_SECRET'];
        if (isset($_SESSION['fb_access_token'])) {
            $this->access_token = $_SESSION['fb_access_token'];
        }
    }
コード例 #13
0
    /**
     * Sees if the given user matches the rule
     * @param User $user a valid user object
	 * @return mixed, the action if the user matches the rule or false if the rule did not match
     */
    public function evaluateForUser(User $user)
    {
        switch ($this->ruleType)
        {
            case self::RULE_TYPE_AUTHORITY:
                /* if the value is all then see if the userID and authority are set and it's a MATCH
                   this will NOT match an anonymous user 
                */
                if ($this->ruleValue==self::RULE_VALUE_ALL) {
                    if ($user->getUserID() && $user->getAuthenticationAuthority()) {
                        return $this->ruleAction;
                    }

                /* Otherwise see if the userID is set and the authority matches the rule value */
                } elseif ($user->getUserID() && $user->getAuthenticationAuthorityIndex()==$this->ruleValue) {
                    return $this->ruleAction;
                }
                
                break;
            case self::RULE_TYPE_USER:
                /* if the value is all then see if the userID is set
                   this will NOT match an anonymous user 
                */
                if ($this->ruleValue==self::RULE_VALUE_ALL) {
                    if ($user->getUserID()) {
                        return $this->ruleAction;
                    }
                } else { 
                    /* user values are specified as AUTHORITY|userID */
                    $values = explode("|", $this->ruleValue);
                    switch (count($values)) {
                        case 1:
                            $authority = AuthenticationAuthority::getDefaultAuthenticationAuthorityIndex();
                            $userID = $values[0];
                            break;
                        case 2:
                            $authority = $values[0];
                            $userID = $values[1];
                            break;
                    }
                    
                    /* see if the userID/email and authority match */
                    if ($user->getAuthenticationAuthorityIndex()==$authority) {
                        /* can match either userID or email */
                        if ($userID==self::RULE_VALUE_ALL) {
                            if ($user->getUserID()) {
                                return $this->ruleAction;
                            }
                        } else if ($user->getUserID()==$userID ||
                            (Validator::isValidEmail($userID) && $user->getEmail()==$userID)) { 
                            return $this->ruleAction;
                        }
                    }
                }
                break;
            case self::RULE_TYPE_GROUP:
                /* Note: a group value of ALL is not valid */

                /* group values are specified as AUTHORITY|group */
                $values = explode("|", $this->ruleValue);
                switch (count($values)) {
                    case 1:
                        $authority = AuthenticationAuthority::getDefaultAuthenticationAuthorityIndex();
                        $group = $values[0];
                        break;
                    case 2:
                        $authority = $values[0];
                        $group = $values[1];
                        break;
                }


                /* attempt to load the authority, then get the group */
                if ($authority = AuthenticationAuthority::getAuthenticationAuthority($authority)) {
                    if ($group = $authority->getGroup($group)) {

                        /* see if the user is a member of the group */
                        if ($group->userIsMember($user)) {
                            return $this->ruleAction;
                        }
                    }
                }
                
                break;
            case self::RULE_TYPE_EVERYONE:
                /* always matches */
                return $this->ruleAction;
                break;
        }
        
        return false;
    }
コード例 #14
0
ファイル: OAuthDataRetriever.php プロジェクト: nncsang/Kurogo
 protected function setAuthority(AuthenticationAuthority $authority)
 {
     if ($authority instanceof OAuthAuthentication) {
         $this->OAuthProvider = $authority->getOAuthProvider();
         $this->initOAuthProvider($this->OAuthProvider);
     }
     parent::setAuthority($authority);
 }
コード例 #15
0
 public function init($args)
 {
     parent::init($args);
     $args = is_array($args) ? $args : array();
     if (!isset($args['FACEBOOK_API_KEY'], $args['FACEBOOK_API_SECRET']) || strlen($args['FACEBOOK_API_KEY']) == 0 || strlen($args['FACEBOOK_API_SECRET']) == 0) {
         throw new KurogoConfigurationException("API key and secret not set");
     }
     $this->api_key = $args['FACEBOOK_API_KEY'];
     $this->api_secret = $args['FACEBOOK_API_SECRET'];
     if (isset($_SESSION['fb_access_token'])) {
         $this->access_token = $_SESSION['fb_access_token'];
     }
     if (isset($args['FACEBOOK_API_PERMS'])) {
         $this->perms = array_unique(array_merge($this->perms, $args['FACEBOOK_API_PERMS']));
     }
 }
コード例 #16
0
ファイル: AccessControlList.php プロジェクト: nncsang/Kurogo
 /**
  * Sees if the given user matches the rule
  * @param User $user a valid user object
  * @return mixed, the action if the user matches the rule or false if the rule did not match
  */
 public function evaluateForUser(User $user)
 {
     switch ($this->ruleScope) {
         case self::RULE_SCOPE_USER:
             /* if the value is all then see if the userID is set
                   this will NOT match an anonymous user 
                */
             if ($this->ruleAuthority) {
                 if ($user->getAuthenticationAuthorityIndex() == $this->ruleAuthority) {
                     /* can match either userID or email */
                     if ($this->ruleValue == self::RULE_VALUE_ALL) {
                         if ($user->getUserID()) {
                             return $this->ruleAction;
                         }
                     } else {
                         if ($user->getUserID() == $this->ruleValue || Validator::isValidEmail($this->ruleValue) && $user->getEmail() == $this->ruleValue) {
                             return $this->ruleAction;
                         }
                     }
                 }
             } elseif ($this->ruleValue == self::RULE_VALUE_ALL) {
                 if ($user->getUserID()) {
                     return $this->ruleAction;
                 }
             } else {
                 if ($user->getUserID() == $this->ruleValue || Validator::isValidEmail($this->ruleValue) && $user->getEmail() == $this->ruleValue) {
                     return $this->ruleAction;
                 }
             }
             break;
         case self::RULE_SCOPE_GROUP:
             /* Note: a group value of ALL is not valid */
             if ($authority = AuthenticationAuthority::getAuthenticationAuthority($this->ruleAuthority)) {
                 if ($group = $authority->getGroup($this->ruleValue)) {
                     /* see if the user is a member of the group */
                     if ($group->userIsMember($user)) {
                         return $this->ruleAction;
                     }
                 }
             }
             break;
         case self::RULE_SCOPE_EVERYONE:
             /* always matches */
             return $this->ruleAction;
             break;
     }
     return false;
 }
コード例 #17
0
  protected function initializeForPage() {
    if (!$this->getSiteVar('AUTHENTICATION_ENABLED')) {
        throw new Exception("Authentication is not enabled on this site");
    }
    
    $url = $this->getArg('url', ''); //return url
    $this->assign('url', $url);
    $session = $this->getSession();

    $authenticationAuthorities = array();                
    $authenticationAuthorityLinks = array();                
    foreach (AuthenticationAuthority::getDefinedAuthenticationAuthorities() as $authorityIndex=>$authorityData) {
        $USER_LOGIN = $this->argVal($authorityData, 'USER_LOGIN', 'NONE');
        
        if ($USER_LOGIN=='FORM') {
            $authenticationAuthorities[$authorityIndex] = $authorityData;
        } elseif ($USER_LOGIN=='LINK') {
            $authorityData['LINK'] = $this->buildBreadcrumbURL('login', array(
                'url'=>$url,
                'authority'=>$authorityIndex, 
                'startOver'=>true), false);
            $authenticationAuthorityLinks[$authorityIndex] = $authorityData;
        }
    }
                    
    if (count($authenticationAuthorities)==0 && count($authenticationAuthorityLinks)==0) {
        throw new Exception("No authentication authorities have been defined");
    }
    
    $this->assign('authenticationAuthorities', $authenticationAuthorities);
    $this->assign('authenticationAuthorityLinks', $authenticationAuthorityLinks);
    
    $multipleAuthorities = count($authenticationAuthorities) + count($authenticationAuthorityLinks) > 1;
    
    switch ($this->page)
    {
        case 'logout':
            $this->setTemplatePage('message');
            if (!$this->isLoggedIn()) {
                $this->redirectTo('login');
            } else {
                $user = $this->getUser();
                $authority = $user->getAuthenticationAuthority();
                $authority->logout($this);
                $this->assign('message', 'Logout Successful');
            }
        
            break;
            
        case 'login':
            $login = $this->argVal($_POST, 'loginUser', '');
            $password = $this->argVal($_POST, 'loginPassword', '');
            
            $authorityIndex = $this->getArg('authority', AuthenticationAuthority::getDefaultAuthenticationAuthorityIndex());
            $this->assign('authority', $authorityIndex);

            if ($this->isLoggedIn()) {
                $this->redirectTo('index');
            }                    
            
            if ($this->argVal($_POST, 'login_submit') && empty($login)) {
                $this->redirectTo('index');
            }
            
            if ($authority = AuthenticationAuthority::getAuthenticationAuthority($authorityIndex)) {
                $result = $authority->login($login, $password, $this);
            } else {
                error_log("Invalid authority $authorityIndex");
                $this->redirectTo('index');
            }

            switch ($result)
            {
                case AUTH_OK:
                    if ($url) {
                        header("Location: $url");
                        exit();
                    } 
                    $this->setTemplatePage('message');
                    $this->assign('message', 'Login Successful');
                    break;

                case AUTH_FAILED:
                case AUTH_USER_NOT_FOUND:
                
                    $this->setTemplatePage('index');
                    $this->assign('message', 'Login Failed. Please check your login and password');
                    break;
                default:
                    $this->setTemplatePage('index');
                    $this->assign('message', "Login Failed. An unknown error occurred $result");
                    

            }

            break;
        case 'index':
            if ($this->isLoggedIn()) {
                $user = $this->getUser();
                $authority = $user->getAuthenticationAuthority();
                $this->setTemplatePage('message');
                
                $this->assign('message', sprintf("You are logged in as %s %s", $user->getFullName(), $multipleAuthorities ? '(' . $authority->getAuthorityTitle() . ')' : ''));
                
                $this->assign('url', $this->buildURL('logout'));
                $this->assign('linkText', 'Logout');
            } else {
                $this->assign('loginMessage', $this->getModuleVar('LOGIN_MESSAGE'));
                $this->assign('loginLabel', $this->getModuleVar('LOGIN_LABEL'));
                $this->assign('passwordLabel', $this->getModuleVar('PASSWORD_LABEL'));
            }
            break;
    }
  }
コード例 #18
0
 /**
  * Initializes the authority objects based on an associative array of arguments
  * @param array $args an associate array of arguments. The argument list is dependent on the authority
  *
  * General - Required keys:
  *   TITLE => The human readable title of the AuthorityImage
  *   INDEX => The tag used to identify this authority @see AuthenticationAuthority::getAuthenticationAuthority
  *
  * General - Optional keys:
  *   LOGGEDIN_IMAGE_URL => a url to an image/badge that is placed next to the user name when logged in
  *
  * CAS - Required keys:
  *   CAS_PROTOCOL => The protocol to use. Should be equivalent to one of the phpCAS constants, e.g. "2.0":
  *                   CAS_VERSION_1_0 => '1.0', CAS_VERSION_2_0 => '2.0', SAML_VERSION_1_1 => 'S1'
  *   CAS_HOST => The host name of the CAS server, e.g. "cas.example.edu"
  *   CAS_PORT => The port the CAS server is listening on, e.g. "443"
  *   CAS_PATH => The path of the CAS application, e.g. "/cas/"
  *   CAS_CA_CERT => The filesystem path to a CA certificate that will be used to validate the authenticity
  *                  of the CAS server, e.g. "/etc/tls/pki/certs/my_ca_cert.crt". If empty, no certificate
  *                  validation will be performed (not recommended for production).
  *
  * CAS - Optional keys:
  *   ATTRA_EMAIL => Attribute name for the user's email adress, e.g. "email". This only applies if your 
  *                  CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
  *   ATTRA_FIRST_NAME => Attribute name for the user's first name, e.g. "givename". This only applies if your 
  *                       CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
  *   ATTRA_LAST_NAME => Attribute name for the user's last name, e.g. "surname". This only applies if your 
  *                      CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
  *   ATTRA_FULL_NAME => Attribute name for the user's full name, e.g. "displayname". This only applies if your 
  *                      CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
  *   ATTRA_MEMBER_OF => Attribute name for the user's groups, e.g. "memberof". This only applies if your 
  *                      CAS server returns attributes in a SAML-1.1 or CAS-2.0 response.
  *
  * NOTE: Any subclass MUST call parent::init($args) to ensure proper operation
  *
  */
 public function init($args)
 {
     parent::init($args);
     // include the PHPCAS library
     if (empty($args['CAS_PHPCAS_PATH'])) {
         require_once 'CAS.php';
     } else {
         require_once $args['CAS_PHPCAS_PATH'] . '/CAS.php';
     }
     if (!empty($args['CAS_DEBUG_LOG'])) {
         phpCAS::setDebug($args['CAS_DEBUG_LOG']);
     }
     if (empty($args['CAS_PROTOCOL'])) {
         throw new KurogoConfigurationException('CAS_PROTOCOL value not set for ' . $this->AuthorityTitle);
     }
     if (empty($args['CAS_HOST'])) {
         throw new KurogoConfigurationException('CAS_HOST value not set for ' . $this->AuthorityTitle);
     }
     if (empty($args['CAS_PORT'])) {
         throw new KurogoConfigurationException('CAS_PORT value not set for ' . $this->AuthorityTitle);
     }
     if (empty($args['CAS_PATH'])) {
         throw new KurogoConfigurationException('CAS_PATH value not set for ' . $this->AuthorityTitle);
     }
     if (empty($args['CAS_PROXY_INIT'])) {
         phpCAS::client($args['CAS_PROTOCOL'], $args['CAS_HOST'], intval($args['CAS_PORT']), $args['CAS_PATH'], false);
     } else {
         phpCAS::proxy($args['CAS_PROTOCOL'], $args['CAS_HOST'], intval($args['CAS_PORT']), $args['CAS_PATH'], false);
         if (!empty($args['CAS_PROXY_TICKET_PATH']) && !empty($args['CAS_PROXY_TICKET_DB_DSN'])) {
             throw new KurogoConfigurationException('Only one of CAS_PROXY_TICKET_PATH or CAS_PROXY_TICKET_DB_DSN may be set for ' . $this->AuthorityTitle);
         }
         if (!empty($args['CAS_PROXY_TICKET_PATH'])) {
             if (version_compare(PHPCAS_VERSION, '1.3', '>=')) {
                 phpCAS::setPGTStorageFile($args['CAS_PROXY_TICKET_PATH']);
             } else {
                 phpCAS::setPGTStorageFile('', $args['CAS_PROXY_TICKET_PATH']);
             }
         }
         if (!empty($args['CAS_PROXY_TICKET_DB_DSN'])) {
             $user = $pass = $table = $driver_opts = '';
             if (!empty($args['CAS_PROXY_TICKET_DB_USER'])) {
                 $user = $args['CAS_PROXY_TICKET_DB_USER'];
             }
             if (!empty($args['CAS_PROXY_TICKET_DB_PASS'])) {
                 $pass = $args['CAS_PROXY_TICKET_DB_PASS'];
             }
             if (!empty($args['CAS_PROXY_TICKET_DB_TABLE'])) {
                 $table = $args['CAS_PROXY_TICKET_DB_TABLE'];
             }
             if (!empty($args['CAS_PROXY_TICKET_DB_DRIVER_OPTS'])) {
                 $driver_opts = $args['CAS_PROXY_TICKET_DB_DRIVER_OPTS'];
             }
             phpCAS::setPGTStorageDb($args['CAS_PROXY_TICKET_DB_DSN'], $user, $pass, $table, $driver_opts);
         }
         if (!empty($args['CAS_PROXY_FIXED_CALLBACK_URL'])) {
             phpCAS::setFixedCallbackURL($args['CAS_PROXY_FIXED_CALLBACK_URL']);
         }
     }
     if (empty($args['CAS_CA_CERT'])) {
         phpCAS::setNoCasServerValidation();
     } else {
         phpCAS::setCasServerCACert($args['CAS_CA_CERT']);
     }
     // Record any attribute mapping configured.
     if (!empty($args['ATTRA_EMAIL'])) {
         CASUser::mapAttribute('Email', $args['ATTRA_EMAIL']);
     }
     if (!empty($args['ATTRA_FIRST_NAME'])) {
         CASUser::mapAttribute('FirstName', $args['ATTRA_FIRST_NAME']);
     }
     if (!empty($args['ATTRA_LAST_NAME'])) {
         CASUser::mapAttribute('LastName', $args['ATTRA_LAST_NAME']);
     }
     if (!empty($args['ATTRA_FULL_NAME'])) {
         CASUser::mapAttribute('FullName', $args['ATTRA_FULL_NAME']);
     }
     // Store an attribute for group membership if configured.
     if (!empty($args['ATTRA_MEMBER_OF'])) {
         CASUser::mapAttribute('MemberOf', $args['ATTRA_MEMBER_OF']);
     }
 }
コード例 #19
0
  protected function initializeForPage() {
    if (!Kurogo::getSiteVar('AUTHENTICATION_ENABLED')) {
        throw new Exception("Authentication is not enabled on this site");
    }
    
    $session = $this->getSession();
    $url = $this->getArg('url','');
    $allowRemainLoggedIn = Kurogo::getOptionalSiteVar('AUTHENTICATION_REMAIN_LOGGED_IN_TIME');
    if ($allowRemainLoggedIn) {
        $remainLoggedIn = $this->getArg('remainLoggedIn', 0);
    } else {
        $remainLoggedIn = 0;
    }
    
    $authenticationAuthorities = array(
        'direct'=>array(),
        'indirect'=>array()
    );
    
    $invalidAuthorities = array();
    
    foreach (AuthenticationAuthority::getDefinedAuthenticationAuthorities() as $authorityIndex=>$authorityData) {
        $USER_LOGIN = $this->argVal($authorityData, 'USER_LOGIN', 'NONE');
        
        try {
            $authority = AuthenticationAuthority::getAuthenticationAuthority($authorityIndex);
            $authorityData['listclass'] = $authority->getAuthorityClass();
            $authorityData['title'] = $authorityData['TITLE'];
            $authorityData['url'] = $this->buildURL('login', array(
                'authority'=>$authorityIndex,
                'url'=>$url,
                'remainLoggedIn'=>$remainLoggedIn,
                'startOver'=>1
            ));
            if ($USER_LOGIN=='FORM') {
                $authenticationAuthorities['direct'][$authorityIndex] = $authorityData;
            } elseif ($USER_LOGIN=='LINK') {
                $authenticationAuthorities['indirect'][$authorityIndex] = $authorityData;
            }
        } catch (Exception $e) {
            error_log(sprintf("Invalid authority data for %s: %s", $authorityIndex, $e->getMessage()));
            $invalidAuthorities[$authorityIndex] = $e->getMessage();
        }
    }
                    
    if (count($authenticationAuthorities['direct'])==0 && count($authenticationAuthorities['indirect'])==0) {
        $message = "No authentication authorities have been defined.";
        if (count($invalidAuthorities)>0) {
            $message .= sprintf(" %s invalid authorit%s found:\n", count($invalidAuthorities), count($invalidAuthorities)>1 ?'ies':'y');
            foreach ($invalidAuthorities as $authorityIndex=>$invalidAuthority) {
                $message .= sprintf("%s: %s\n", $authorityIndex, $invalidAuthority);
            }
        }
        throw new Exception($message);
        
    }
    
    $this->assign('authenticationAuthorities', $authenticationAuthorities);
    $this->assign('allowRemainLoggedIn', $allowRemainLoggedIn);
    if ($forgetPasswordURL = $this->getOptionalModuleVar('FORGET_PASSWORD_URL')) {
        $this->assign('FORGET_PASSWORD_URL', $this->buildBreadcrumbURL('forgotpassword', array()));
    }
    
    $multipleAuthorities = count($authenticationAuthorities['direct']) + count($authenticationAuthorities['indirect']) > 1;
    
    switch ($this->page)
    {
        case 'logoutConfirm':
            $authorityIndex = $this->getArg('authority');
            
            if (!$this->isLoggedIn($authorityIndex)) {
                $this->redirectTo('index', array());
            } elseif ($user = $this->getUser($authorityIndex)) {
                $authority = $user->getAuthenticationAuthority();
                $this->assign('message', sprintf("You are signed in to %s %s as %s", 
                    Kurogo::getSiteString('SITE_NAME'),
                    $multipleAuthorities ? "(using ". $authority->getAuthorityTitle() . ")" : '',
                    $user->getFullName()));
                $this->assign('url', $this->buildURL('logout', array('authority'=>$authorityIndex)));
                $this->assign('linkText', 'Sign out');
                $this->setTemplatePage('message');
            } else {
                $this->redirectTo('index', array());
            }
            
            break;
        case 'logout':
            $authorityIndex = $this->getArg('authority');
            $hard = $this->getArg('hard', false);

            if (!$this->isLoggedIn($authorityIndex)) {
                $this->redirectTo('index', array());
            } elseif ($authority = AuthenticationAuthority::getAuthenticationAuthority($authorityIndex)) {
                $result = $session->logout($authority, $hard);
            } else {
                $this->redirectTo('index', array());
            }
                
            if ($result) { 
                if ($this->isLoggedIn()) {
                    $this->redirectTo('index', array('logout'=>$authorityIndex));
                } else {
                    $this->redirectToModule('home','',array('logout'=>$authorityIndex));
                }
            } else {
                $this->setTemplatePage('message');
                $this->assign('message', 'Sign out failed');
            }
        
            break;

        case 'forgotpassword':
            if ($forgetPasswordURL = $this->getOptionalModuleVar('FORGET_PASSWORD_URL')) {
                header("Location: $forgetPasswordURL");
                exit();
            } else {
                $this->redirectTo('index', array());
            }
            break;            
            
        case 'login':
            $login          = $this->argVal($_POST, 'loginUser', '');
            $password       = $this->argVal($_POST, 'loginPassword', '');
            $options = array(
                'url'=>$url,
                'remainLoggedIn'=>$remainLoggedIn
            );
            
            $session  = $this->getSession();
            $session->setRemainLoggedIn($remainLoggedIn);

            $authorityIndex = $this->getArg('authority', '');
            if (!$authorityData = AuthenticationAuthority::getAuthenticationAuthorityData($authorityIndex)) {
                $this->redirectTo('index', $options);
            }

            if ($this->isLoggedIn($authorityIndex)) {
                $this->redirectTo('index', $options);
            }                    

            $this->assign('authority', $authorityIndex);
            $this->assign('remainLoggedIn', $remainLoggedIn);
            $this->assign('authorityTitle', $authorityData['TITLE']);

            if ($authorityData['USER_LOGIN']=='FORM' && empty($login)) {
                break;
            } elseif ($authority = AuthenticationAuthority::getAuthenticationAuthority($authorityIndex)) {
                $authority->setDebugMode(Kurogo::getSiteVar('DATA_DEBUG'));
                $result = $authority->login($login, $password, $session, $options);
            } else {
                $this->redirectTo('index', $options);
            }

            switch ($result)
            {
                case AUTH_OK:
                    if ($url) {
                        header("Location: $url");
                        exit();
                    } else {
                        $this->redirectToModule('home','',array('login'=>$authorityIndex));
                    }
                    break;

                case AUTH_OAUTH_VERIFY:
                    $this->assign('verifierKey',$authority->getVerifierKey());
                    $this->setTemplatePage('oauth_verify.tpl');
                    break;
                    
                default:
                    if ($authorityData['USER_LOGIN']=='FORM') {
                        $this->assign('message', "We're sorry, but there was a problem with your sign-in. Please check your username and password and try again.");
                        $this->setTemplatePage('index');
                    } else {
                        $this->redirectTo('index', array_merge(
                            array('message'=>"We're sorry, but there was a problem with your sign-in."),
                            $options));
                    }
            }
            
        case 'index':
            if ($message = $this->getArg('message')) {
                $this->assign('message', $message);
            }
            
            if ($this->isLoggedIn()) {
                
                if ($url) {
                    header("Location: $url");
                    exit();
                }

                if (!$multipleAuthorities) {
                    $user = $this->getUser();
                    $this->redirectTo('logoutConfirm', array('authority'=>$user->getAuthenticationAuthorityIndex()));
                }

                $sessionUsers = $session->getUsers();
                $users = array();

                foreach ($sessionUsers as $authorityIndex=>$user) {
                    $authority = $user->getAuthenticationAuthority();
                    $users[] = array(
                        'class'=>$authority->getAuthorityClass(),
                        'title'=>count($sessionUsers)>1 ? $authority->getAuthorityTitle() . " as " . $user->getFullName() : 'Sign out',
                        'subtitle'=>count($sessionUsers)>1 ? 'Sign out' : '',
                        'url'  =>$this->buildBreadcrumbURL('logout', array('authority'=>$authorityIndex), false)
                    );
                    if (isset($authenticationAuthorities['direct'][$authorityIndex])) {
                        unset($authenticationAuthorities['direct'][$authorityIndex]);
                    }

                    if (isset($authenticationAuthorities['indirect'][$authorityIndex])) {
                        unset($authenticationAuthorities['indirect'][$authorityIndex]);
                    }
                }
                
                $this->assign('users', $users);
                $this->assign('authenticationAuthorities', $authenticationAuthorities);
                $this->assign('moreAuthorities', count($authenticationAuthorities['direct']) + count($authenticationAuthorities['indirect']));
                $this->setTemplatePage('loggedin');
            } else {
                if (!$multipleAuthorities && count($authenticationAuthorities['direct'])) {
                    $this->redirectTo('login', array('authority'=>AuthenticationAuthority::getDefaultAuthenticationAuthorityIndex()));
                }
                $this->assign('multipleAuthorities', $multipleAuthorities);
            }
            break;
    }
  }
コード例 #20
0
 public function init($args)
 {
     parent::init($args);
     $args = is_array($args) ? $args : array();
     $this->ldapServer = isset($args['LDAP_HOST']) ? $args['LDAP_HOST'] : null;
     $this->ldapPort = isset($args['LDAP_PORT']) ? $args['LDAP_PORT'] : 389;
     $this->ldapSearchBase = isset($args['LDAP_SEARCH_BASE']) ? $args['LDAP_SEARCH_BASE'] : null;
     $this->ldapUserSearchBase = isset($args['LDAP_USER_SEARCH_BASE']) ? $args['LDAP_USER_SEARCH_BASE'] : null;
     $this->ldapGroupSearchBase = isset($args['LDAP_GROUP_SEARCH_BASE']) ? $args['LDAP_GROUP_SEARCH_BASE'] : null;
     //used if anonymous searches are not permitted (i.e. AD)
     $this->ldapAdminDN = isset($args['LDAP_ADMIN_DN']) ? $args['LDAP_ADMIN_DN'] : null;
     $this->ldapAdminPassword = isset($args['LDAP_ADMIN_PASSWORD']) ? $args['LDAP_ADMIN_PASSWORD'] : null;
     $this->fieldMap = $this->defaultFieldMap();
     foreach ($args as $arg => $value) {
         if (preg_match("/^ldap_(user|group)_(.*?)_field\$/", strtolower($arg), $bits)) {
             if (isset($this->fieldMap[$bits[2]])) {
                 $this->fieldMap[$bits[2]] = strtolower($value);
             }
         }
     }
     if (empty($this->ldapServer)) {
         throw new KurogoConfigurationException("Invalid LDAP Server");
     }
     if (empty($this->ldapPort)) {
         throw new KurogoConfigurationException("Invalid LDAP Port");
     }
 }
コード例 #21
0
    public function init($args) {
        parent::init($args);
        $args = is_array($args) ? $args : array();
        $this->tokenSessionVar = sprintf("%s_token", $this->getAuthorityIndex());
        $this->tokenSecretSessionVar = sprintf("%s_tokenSecret", $this->getAuthorityIndex());

        if (isset($_SESSION[$this->tokenSessionVar], $_SESSION[$this->tokenSecretSessionVar])) {
            $this->setToken($_SESSION[$this->tokenSessionVar]);
            $this->setTokenSecret($_SESSION[$this->tokenSecretSessionVar]);
        }
    }
コード例 #22
0
ファイル: LoginWebModule.php プロジェクト: nncsang/Kurogo
 protected function initializeForPage()
 {
     $nativeApp = (bool) $this->getArg('nativeApp', false);
     $this->assign('nativeApp', $nativeApp);
     // Default args to pass through forms and urls
     $defaultArgs = array();
     if ($nativeApp) {
         $defaultArgs['nativeApp'] = 1;
     }
     // If this is a native app, use the native app GA id
     if ($nativeApp) {
         $this->assign('GOOGLE_ANALYTICS_ID', Kurogo::getOptionalSiteVar('GOOGLE_ANALYTICS_NATIVE_ID'));
     }
     if (!Kurogo::getSiteVar('AUTHENTICATION_ENABLED')) {
         throw new KurogoConfigurationException($this->getLocalizedString("ERROR_AUTHENTICATION_DISABLED"));
     }
     $session = $this->getSession();
     //return URL
     $urlArray = $this->extractModuleArray($this->args);
     //see if remain logged in is enabled by the administrator, then if the value has been passed (i.e. the user checked the "remember me" box)
     $allowRemainLoggedIn = Kurogo::getOptionalSiteVar('AUTHENTICATION_REMAIN_LOGGED_IN_TIME');
     if ($allowRemainLoggedIn) {
         $remainLoggedIn = $this->getArg('remainLoggedIn', 0);
     } else {
         $remainLoggedIn = 0;
     }
     // initialize
     $authenticationAuthorities = array('total' => 0, 'direct' => array(), 'indirect' => array(), 'auto' => array());
     $invalidAuthorities = array();
     // cycle through the defined authorities in the config
     foreach (AuthenticationAuthority::getDefinedAuthenticationAuthorities() as $authorityIndex => $authorityData) {
         // USER_LOGIN property determines whether the authority is used for logins (or just groups or oauth)
         $USER_LOGIN = $this->argVal($authorityData, 'USER_LOGIN', 'NONE');
         // trap the exception if the authority is invalid (usually due to misconfiguration)
         try {
             $authority = AuthenticationAuthority::getAuthenticationAuthority($authorityIndex);
             $authorityData['listclass'] = $authority->getAuthorityClass();
             $authorityData['title'] = $authorityData['TITLE'];
             $authorityData['url'] = $this->buildURL('login', array_merge($urlArray, array('authority' => $authorityIndex, 'remainLoggedIn' => $remainLoggedIn, 'startOver' => 1)));
             if ($USER_LOGIN == 'FORM') {
                 $authenticationAuthorities['direct'][$authorityIndex] = $authorityData;
                 $authenticationAuthorities['total']++;
             } elseif ($USER_LOGIN == 'LINK') {
                 $authenticationAuthorities['indirect'][$authorityIndex] = $authorityData;
                 $authenticationAuthorities['total']++;
             } elseif ($USER_LOGIN == 'AUTO') {
                 $authenticationAuthorities['auto'][$authorityIndex] = $authorityData;
                 $authenticationAuthorities['total']++;
             }
         } catch (KurogoConfigurationException $e) {
             Kurogo::log(LOG_WARNING, "Invalid authority data for %s: %s", $authorityIndex, $e->getMessage(), 'auth');
             $invalidAuthorities[$authorityIndex] = $e->getMessage();
         }
     }
     //see if we have any valid authorities
     if ($authenticationAuthorities['total'] == 0) {
         $message = $this->getLocalizedString("ERROR_NO_AUTHORITIES");
         if (count($invalidAuthorities) > 0) {
             $message .= sprintf(" %s invalid authorit%s found:\n", count($invalidAuthorities), count($invalidAuthorities) > 1 ? 'ies' : 'y');
             foreach ($invalidAuthorities as $authorityIndex => $invalidAuthority) {
                 $message .= sprintf("%s: %s\n", $authorityIndex, $invalidAuthority);
             }
         }
         //we don't
         throw new KurogoConfigurationException($message);
     }
     //assign template variables
     $this->assign('authenticationAuthorities', $authenticationAuthorities);
     $this->assign('allowRemainLoggedIn', $allowRemainLoggedIn);
     if ($forgetPasswordURL = $this->getOptionalModuleVar('FORGET_PASSWORD_URL')) {
         $this->assign('FORGET_PASSWORD_URL', $this->buildBreadcrumbURL('forgotpassword', array()));
         $this->assign('FORGET_PASSWORD_TEXT', $this->getOptionalModuleVar('FORGET_PASSWORD_TEXT', $this->getLocalizedString('FORGET_PASSWORD_TEXT')));
     }
     $multipleAuthorities = count($authenticationAuthorities['direct']) + count($authenticationAuthorities['indirect']) > 1;
     switch ($this->page) {
         case 'logoutConfirm':
             //this page is presented when a specific authority is chosen and the user is presented the option to actually log out.
             $authorityIndex = $this->getArg('authority');
             if (!$this->isLoggedIn($authorityIndex)) {
                 // they aren't logged in
                 $this->redirectTo('index', $defaultArgs);
             } elseif ($user = $this->getUser($authorityIndex)) {
                 $authority = $user->getAuthenticationAuthority();
                 $this->assign('message', $this->getLocalizedString('LOGIN_SIGNED_IN_SINGLE', Kurogo::getSiteString('SITE_NAME'), $authority->getAuthorityTitle(), $user->getFullName()));
                 $this->assign('url', $this->buildURL('logout', array('authority' => $authorityIndex)));
                 $this->assign('linkText', $this->getLocalizedString('SIGN_OUT'));
                 $this->setTemplatePage('message');
             } else {
                 //This honestly should never happen
                 $this->redirectTo('index', $defaultArgs);
             }
             break;
         case 'logout':
             $authorityIndex = $this->getArg('authority');
             //hard logouts attempt to logout of the indirect service provider (must be implemented by the authority)
             $hard = $this->getArg('hard', false);
             if (!$this->isLoggedIn($authorityIndex)) {
                 //not logged in
                 $this->redirectTo('index', $defaultArgs);
             } elseif ($authority = AuthenticationAuthority::getAuthenticationAuthority($authorityIndex)) {
                 $user = $this->getUser($authority);
                 //log them out
                 $result = $session->logout($authority, $hard);
             } else {
                 //This honestly should never happen
                 $this->redirectTo('index', $defaultArgs);
             }
             if ($result) {
                 $this->setLogData($user, $user->getFullName());
                 $this->logView();
                 //if they are still logged in return to the login page, otherwise go home.
                 if ($this->isLoggedIn()) {
                     $this->redirectTo('index', array_merge(array('logout' => $authorityIndex), $defaultArgs));
                 } else {
                     $this->redirectToModule($this->getHomeModuleID(), '', array('logout' => $authorityIndex));
                 }
             } else {
                 //there was an error logging out
                 $this->setTemplatePage('message');
                 $this->assign('message', $this->getLocalizedString("ERROR_SIGN_OUT"));
             }
             break;
         case 'forgotpassword':
             //redirect to forgot password url
             if ($forgetPasswordURL = $this->getOptionalModuleVar('FORGET_PASSWORD_URL')) {
                 Kurogo::redirectToURL($forgetPasswordURL);
             } else {
                 $this->redirectTo('index', $defaultArgs);
             }
             break;
         case 'login':
             //get arguments
             $login = $this->argVal($_POST, 'loginUser', '');
             $password = $this->argVal($_POST, 'loginPassword', '');
             $options = array_merge($urlArray, array('remainLoggedIn' => $remainLoggedIn), $defaultArgs);
             $session = $this->getSession();
             $session->setRemainLoggedIn($remainLoggedIn);
             $authorityIndex = $this->getArg('authority', '');
             if (!($authorityData = AuthenticationAuthority::getAuthenticationAuthorityData($authorityIndex))) {
                 //invalid authority
                 $this->redirectTo('index', $options);
             }
             if ($this->isLoggedIn($authorityIndex)) {
                 //we're already logged in
                 $this->redirectTo('index', $options);
             }
             $this->assign('authority', $authorityIndex);
             $this->assign('remainLoggedIn', $remainLoggedIn);
             $this->assign('authorityTitle', $authorityData['TITLE']);
             //if they haven't submitted the form and it's a direct login show the form
             if ($authorityData['USER_LOGIN'] == 'FORM' && empty($login)) {
                 if (!($loginMessage = $this->getOptionalModuleVar('LOGIN_DIRECT_MESSAGE'))) {
                     $loginMessage = $this->getLocalizedString('LOGIN_DIRECT_MESSAGE', Kurogo::getSiteString('SITE_NAME'));
                 }
                 $this->assign('LOGIN_DIRECT_MESSAGE', $loginMessage);
                 $this->assign('urlArray', array_merge($urlArray, $defaultArgs));
                 break;
             } elseif ($authority = AuthenticationAuthority::getAuthenticationAuthority($authorityIndex)) {
                 //indirect logins handling the login process themselves. Send a return url so the indirect authority can come back here
                 if ($authorityData['USER_LOGIN'] == 'LINK') {
                     $options['return_url'] = FULL_URL_BASE . $this->configModule . '/login?' . http_build_query(array_merge($options, array('authority' => $authorityIndex)));
                 }
                 $options['startOver'] = $this->getArg('startOver', 0);
                 $result = $authority->login($login, $password, $session, $options);
             } else {
                 $this->redirectTo('index', $options);
             }
             switch ($result) {
                 case AUTH_OK:
                     $user = $this->getUser($authority);
                     $this->setLogData($user, $user->getFullName());
                     $this->logView();
                     if ($urlArray) {
                         self::redirectToArray(array_merge($urlArray, $defaultArgs));
                     } else {
                         $this->redirectToModule($this->getHomeModuleID(), '', array('login' => $authorityIndex));
                     }
                     break;
                 case AUTH_OAUTH_VERIFY:
                     // authorities that require a manual oauth verification key
                     $this->assign('verifierKey', $authority->getVerifierKey());
                     $this->setTemplatePage('oauth_verify.tpl');
                     break 2;
                 default:
                     //there was a problem.
                     if ($authorityData['USER_LOGIN'] == 'FORM') {
                         $this->assign('message', $this->getLocalizedString('ERROR_LOGIN_DIRECT'));
                         break 2;
                     } else {
                         $this->redirectTo('index', array_merge(array('messagekey' => 'ERROR_LOGIN_INDIRECT'), $options, $defaultArgs));
                     }
             }
         case 'index':
             //sometimes messages are passed. This probably has some
             if ($messagekey = $this->getArg('messagekey')) {
                 $this->assign('messagekey', $this->getLocalizedString($messagekey));
                 try {
                     $message = $this->getLocalizedString($messagekey);
                     $this->assign('message', $message);
                 } catch (KurogoException $e) {
                 }
             }
             if ($this->isLoggedIn()) {
                 //if the url is set then redirect
                 if ($urlArray) {
                     self::redirectToArray(array_merge($urlArray, $defaultArgs));
                 }
                 //if there is only 1 authority then redirect to logout confirm
                 if (!$multipleAuthorities) {
                     $user = $this->getUser();
                     $this->redirectTo('logoutConfirm', array_merge(array('authority' => $user->getAuthenticationAuthorityIndex()), $defaultArgs));
                 }
                 //more than 1 authority. There could be 1 or more actual logged in users
                 $sessionUsers = $session->getUsers();
                 $users = array();
                 //cycle through the logged in users to build a list
                 foreach ($sessionUsers as $authorityIndex => $user) {
                     $authority = $user->getAuthenticationAuthority();
                     $users[] = array('class' => $authority->getAuthorityClass(), 'title' => count($sessionUsers) > 1 ? $this->getLocalizedString("SIGN_OUT_AUTHORITY", array($authority->getAuthorityTitle(), $user->getFullName())) : $this->getLocalizedString('SIGN_OUT'), 'subtitle' => count($sessionUsers) > 1 ? $this->getLocalizedString('SIGN_OUT') : '', 'url' => $this->buildBreadcrumbURL('logout', array('authority' => $authorityIndex), false));
                     //remove the authority from the list of available authorities (since they are logged in)
                     if (isset($authenticationAuthorities['direct'][$authorityIndex])) {
                         unset($authenticationAuthorities['direct'][$authorityIndex]);
                     }
                     if (isset($authenticationAuthorities['indirect'][$authorityIndex])) {
                         unset($authenticationAuthorities['indirect'][$authorityIndex]);
                     }
                 }
                 $this->assign('users', $users);
                 // navlist of users
                 $this->assign('authenticationAuthorities', $authenticationAuthorities);
                 //list of authorities not logged in
                 $this->assign('moreAuthorities', count($authenticationAuthorities['direct']) + count($authenticationAuthorities['indirect']));
                 //see if there are any left
                 if (count($sessionUsers) == 1) {
                     //there's only on logged in user
                     $user = current($sessionUsers);
                     $authority = $user->getAuthenticationAuthority();
                     $this->assign('LOGIN_SIGNED_IN_MESSAGE', $this->getLocalizedString('LOGIN_SIGNED_IN_SINGLE', Kurogo::getSiteString('SITE_NAME'), $authority->getAuthorityTitle(), $user->getFullName()));
                 } else {
                     //there are multiple logged in users
                     $this->assign('LOGIN_SIGNED_IN_MESSAGE', $this->getLocalizedString('LOGIN_SIGNED_IN_MULTIPLE', array(Kurogo::getSiteString('SITE_NAME'))));
                 }
                 //use loggedin.tpl
                 $this->setTemplatePage('loggedin');
             } else {
                 // not logged in
                 // if there is only 1 direct authority then redirect to the login page for that authority
                 if (!$multipleAuthorities && count($authenticationAuthorities['direct'])) {
                     $this->redirectTo('login', array_merge($urlArray, array('authority' => key($authenticationAuthorities['direct'])), $defaultArgs));
                 }
                 // if there is only 1 auto authority then redirect to the login page for that authority
                 if (!$multipleAuthorities && count($authenticationAuthorities['auto']) && !$messagekey) {
                     $this->redirectTo('login', array_merge($urlArray, array('authority' => key($authenticationAuthorities['auto'])), $defaultArgs));
                 }
                 // do we have any indirect authorities?
                 if (count($authenticationAuthorities['indirect'])) {
                     if (!($indirectMessage = $this->getOptionalModuleVar('LOGIN_INDIRECT_MESSAGE'))) {
                         $indirectMessage = $this->getLocalizedString('LOGIN_INDIRECT_MESSAGE', Kurogo::getSiteString('SITE_NAME'));
                     }
                     $this->assign('LOGIN_INDIRECT_MESSAGE', $indirectMessage);
                 }
                 // the site can create their own message at the top, or it will use the default message
                 if (!($loginMessage = $this->getOptionalModuleVar('LOGIN_INDEX_MESSAGE'))) {
                     if ($multipleAuthorities) {
                         $loginMessage = $this->getLocalizedString('LOGIN_INDEX_MESSAGE_MULTIPLE', Kurogo::getSiteString('SITE_NAME'));
                     } else {
                         $loginMessage = $this->getLocalizedString('LOGIN_INDEX_MESSAGE_SINGLE', Kurogo::getSiteString('SITE_NAME'));
                     }
                 }
                 $this->assign('LOGIN_INDEX_MESSAGE', $loginMessage);
             }
             break;
     }
 }
コード例 #23
0
 protected function init($args)
 {
     //get global options from the site data_retriever section
     $args = array_merge(Kurogo::getOptionalSiteSection('data_retriever'), $args);
     $this->initArgs = $args;
     if (isset($args['DEBUG_MODE'])) {
         $this->setDebugMode($args['DEBUG_MODE']);
     }
     if (isset($args['DEFAULT_CACHE_LIFETIME'])) {
         $this->DEFAULT_CACHE_LIFETIME = $args['DEFAULT_CACHE_LIFETIME'];
     }
     if (isset($args['OPTIONS']) && is_array($args['OPTIONS'])) {
         $this->setOptions($args['OPTIONS']);
     }
     if (isset($args['AUTHORITY'])) {
         if ($authority = AuthenticationAuthority::getAuthenticationAuthority($args['AUTHORITY'])) {
             $this->setAuthority($authority);
         }
     }
     if (!isset($args['PARSER_CLASS'])) {
         if ($this->DEFAULT_PARSER_CLASS) {
             $args['PARSER_CLASS'] = $this->DEFAULT_PARSER_CLASS;
         } elseif (isset($args['DEFAULT_PARSER_CLASS']) && strlen($args['DEFAULT_PARSER_CLASS'])) {
             $args['PARSER_CLASS'] = $args['DEFAULT_PARSER_CLASS'];
         } else {
             $args['PARSER_CLASS'] = 'PassthroughDataParser';
         }
     }
     if (isset($args['CACHE_LIFETIME'])) {
         $this->cacheLifetime = $args['CACHE_LIFETIME'];
     } else {
         $args['CACHE_LIFETIME'] = $this->DEFAULT_CACHE_LIFETIME;
     }
     if (isset($args['SHOW_WARNINGS'])) {
         $this->showWarnings = (bool) $args['SHOW_WARNINGS'];
     }
     // instantiate the parser class
     $parser = DataParser::factory($args['PARSER_CLASS'], $args);
     $this->setParser($parser);
     $cacheClass = isset($args['CACHE_CLASS']) ? $args['CACHE_CLASS'] : 'DataCache';
     $this->cache = DataCache::factory($cacheClass, $args);
 }
コード例 #24
0
  protected function initializeForPage() {
    if (!$this->getSiteVar('AUTHENTICATION_ENABLED')) {
        throw new Exception("Authentication is not enabled on this site");
    }
    
    $url = $this->getArg('url', ''); //return url
    $this->assign('url', $url);
    $session = $this->getSession();

    $authenticationAuthorities = array();                
    $authenticationAuthorityLinks = array();                
    foreach (AuthenticationAuthority::getDefinedAuthenticationAuthorities() as $authorityIndex=>$authorityData) {
        $USER_LOGIN = $this->argVal($authorityData, 'USER_LOGIN', 'NONE');
        
        if ($USER_LOGIN=='FORM') {
            $authenticationAuthorities[$authorityIndex] = $authorityData;
        } elseif ($USER_LOGIN=='LINK') {
            $authenticationAuthorityLinks[$authorityIndex] = $authorityData;
        }
    }
                    
    if (count($authenticationAuthorities)==0 && count($authenticationAuthorityLinks)==0) {
        throw new Exception("No authentication authorities have been defined");
    }
    
    $this->assign('authenticationAuthorities', $authenticationAuthorities);
    $this->assign('authenticationAuthorityLinks', $authenticationAuthorityLinks);
    $this->assign('allowRemainLoggedIn', $this->getSiteVar('AUTHENTICATION_REMAIN_LOGGED_IN_TIME'));
    if ($forgetPasswordURL = $this->getModuleVar('FORGET_PASSWORD_URL')) {
        $this->assign('FORGET_PASSWORD_URL', $this->buildBreadcrumbURL('forgotpassword', array()));
    }
    
    $multipleAuthorities = count($authenticationAuthorities) + count($authenticationAuthorityLinks) > 1;
    
    switch ($this->page)
    {
        case 'logoutConfirm':
            $authorityIndex = $this->getArg('authority');
            
            if (!$this->isLoggedIn($authorityIndex)) {
                $this->redirectTo('index', array());
            } elseif ($user = $this->getUser($authorityIndex)) {
                $authority = $user->getAuthenticationAuthority();
                $this->assign('message', sprintf("You are logged in as %s %s", $user->getFullName(), $multipleAuthorities ? '(' . $authority->getAuthorityTitle() . ')' : ''));
                $this->assign('url', $this->buildURL('logout', array('authority'=>$authorityIndex)));
                $this->assign('linkText', 'Logout');
                $this->setTemplatePage('message');
            } else {
                $this->redirectTo('index', array());
            }
            
            break;
        case 'logout':
            $this->setTemplatePage('message');
            $authorityIndex = $this->getArg('authority');
            $hard = $this->getArg('hard', false);

            if (!$this->isLoggedIn($authorityIndex)) {
                $this->redirectTo('index', array());
            } elseif ($authority = AuthenticationAuthority::getAuthenticationAuthority($authorityIndex)) {
                $result = $session->logout($authority, $hard);
            } else {
                $this->redirectTo('index', array());
            }
                
            $this->assign('message', $result ? 'Logout Successful' : 'Logout failed');
        
            break;
            
        case 'login':
            $login          = $this->argVal($_POST, 'loginUser', '');
            $password       = $this->argVal($_POST, 'loginPassword', '');
            $options = array(
                'url'=>$url
            );
            
            $referrer = $this->argVal($_SERVER, 'HTTP_REFERER', '');
            $session  = $this->getSession();
            $session->setRemainLoggedIn($this->getArg('remainLoggedIn', 0));
            
            if ($this->argVal($_POST, 'login_link')) {
                $authorityIndex = key($this->argVal($_POST, 'login_link'));
            } else {
                $authorityIndex = $this->getArg('authority', AuthenticationAuthority::getDefaultAuthenticationAuthorityIndex());
            }
            $this->assign('authority', $authorityIndex);

            if ($this->isLoggedIn($authorityIndex)) {
                $this->redirectTo('index', $options);
            }                    
            
            if ($this->argVal($_POST, 'login_submit') && empty($login)) {
                $this->redirectTo('index', $options);
            }
            
            if ($authority = AuthenticationAuthority::getAuthenticationAuthority($authorityIndex)) {
                $authority->setDebugMode($this->getSiteVar('DATA_DEBUG'));
                $result = $authority->login($login, $password, $session, $options);
            } else {
                error_log("Invalid authority $authorityIndex");
                $this->redirectTo('index', $options);
            }

            switch ($result)
            {
                case AUTH_OK:
                    if ($url) {
                        header("Location: $url");
                        exit();
                    } 
                    $this->setTemplatePage('message');
                    $this->assign('message', 'Login Successful');
                    break;

                case AUTH_FAILED:
                case AUTH_USER_NOT_FOUND:
                
                    $this->setTemplatePage('login');
                    $this->assign('message', 'Login Failed. Please check your login and password');
                    break;
                default:
                    $this->setTemplatePage('login');
                    $this->assign('message', "Login Failed. An unknown error occurred $result");
                    

            }

            break;
            
        case 'forgotpassword':
            if ($forgetPasswordURL = $this->getModuleVar('FORGET_PASSWORD_URL')) {
                header("Location: $forgetPasswordURL");
                exit();
            } else {
                $this->redirectTo('index', array());
            }
            break;
            
        case 'index':
            if ($this->isLoggedIn()) {
                if ($url) {
                    header("Location: $url");
                    exit();
                }

                if (!$multipleAuthorities) {
                    $user = $this->getUser();
                    $this->redirectTo('logoutConfirm', array('authority'=>$user->getAuthenticationAuthorityIndex()));
                }

                $sessionUsers = $session->getUsers();
                $users = array();

                foreach ($sessionUsers as $authority=>$user) {
                    $users[] = array(
                        'title'=>sprintf("%s", $user->getFullName()),
                        'subtitle'=>$user->getAuthenticationAuthorityIndex(),
                        'url'  =>$this->buildBreadcrumbURL('logoutConfirm', array('authority'=>$user->getAuthenticationAuthorityIndex()), false)
                    );
                    if (isset($authenticationAuthorities[$authority])) {
                        unset($authenticationAuthorities[$authority]);
                    }

                    if (isset($authenticationAuthorityLinks[$authority])) {
                        unset($authenticationAuthorityLinks[$authority]);
                    }
                }

                $this->assign('users', $users);
                $this->assign('authenticationAuthorities', $authenticationAuthorities);
                $this->assign('authenticationAuthorityLinks', $authenticationAuthorityLinks);

                $this->setTemplatePage('loggedin');
            } else {
                $this->setTemplatePage('login');
            }
            break;
    }
  }
コード例 #25
0
ファイル: User.php プロジェクト: sponto/Kurogo-Mobile-Web
 public function getCredentials(AuthenticationAuthority $authority)
 {
     $value = null;
     if ($cache = Kurogo::arrayVal($_SESSION, 'KurogoCredentialsCache')) {
         $value = Kurogo::arrayVal($cache, $authority->getAuthorityIndex());
     }
     try {
         $credentials = Kurogo::decrypt($value);
     } catch (KurogoException $e) {
         $credentials = $value;
     }
     return $credentials;
 }
コード例 #26
0
    /**
      * attempts to see if a valid login cookie is present. 
      */
    private function getLoginCookie() {
    
    	if (isset($_COOKIE[self::TOKEN_COOKIE], $_COOKIE[self::USERHASH_COOKIE])) {
    	    if ($this->useDB) {
                $conn = SiteDB::connection();
                
                // see if we have on record the token and it hasn't expired
        		$sql = "SELECT data FROM login_tokens WHERE token=? and expires>?";
                $result = $conn->query($sql,array($_COOKIE[self::TOKEN_COOKIE], time()));
                
                if ($data = $result->fetch()) {
                    $data['data'] = unserialize($data['data']);
                }

    	    } else {
                $file = $this->loginTokenFile($_COOKIE[self::TOKEN_COOKIE]);
                $data = false;
                if (file_exists($file)) {
                    if ($data = file_get_contents($file)) {
                        $data = unserialize($data);
                        if ($data['expires']<time()) {
                            $data = false;
                        }
                    }
                }
    	    }
    	    
    	    if ($data) {
    	        $users = array();
                if ($this->getUserHash($data['data']) == $_COOKIE[self::USERHASH_COOKIE]) {
                    foreach ($data['data'] as $userData) {

                        if ($authority = AuthenticationAuthority::getAuthenticationAuthority($userData['auth'])) {
                            if ($user = $authority->getUser($userData['userID'])) {
                                $user->setSessionData($userData['data']);
                                $users[] = $user;
                            } else {
                                error_log("Unable to load user " . $userData['userID']  . " for " . $userData['auth']);
                            }
                        } else {
                            error_log("Unable to load authority ".  $userData['auth']);
                        }
                    }
                    
                    if (count($users)>0) {
                        return $users;
                    }
                }
            }

            // something did not match so clean up
            $this->clearLoginCookie();
        }
        
        return false;
    }
コード例 #27
0
 public function init($args)
 {
     parent::init($args);
     $args = is_array($args) ? $args : array();
     $this->userFile = isset($args['PASSWD_USER_FILE']) ? $args['PASSWD_USER_FILE'] : null;
     $this->groupFile = isset($args['PASSWD_GROUP_FILE']) ? $args['PASSWD_GROUP_FILE'] : null;
     if (isset($args['PASSWD_HASH'])) {
         $hashAlgo = $args['PASSWD_HASH'];
         if ($hashAlgo == 'site') {
             $hashAlgo = 'hmac_sha1';
             $args['PASSWD_KEY'] = SITE_KEY;
         }
         if ($hashAlgo == 'server') {
             $hashAlgo = 'hmac_sha1';
             $args['PASSWD_KEY'] = SERVER_KEY;
         }
         if (preg_match("/^hmac_(.+)\$/", $hashAlgo, $bits)) {
             if (!isset($args['PASSWD_KEY'])) {
                 throw new KurogoConfigurationException("HMAC hash requires PASSWD_KEY");
             }
             $this->hmac = true;
             $this->hashKey = $args['PASSWD_KEY'];
             $hashAlgo = $bits[1];
         }
         if (!in_array($hashAlgo, hash_algos())) {
             throw new KurogoConfigurationException("Hashing algorithm {$hashAlgo} not available");
         }
         $this->hashAlgo = $hashAlgo;
     }
     if ($this->userLogin != 'NONE') {
         if (!is_readable($this->userFile)) {
             throw new KurogoConfigurationException("Unable to load password file {$this->userFile}");
         }
     }
 }