public function HandleSecureRequest(IRestServer $server, $requireAdminRole = false)
{
$sessionToken = $server->GetHeader(WebServiceHeaders::SESSION_TOKEN);
$userId = $server->GetHeader(WebServiceHeaders::USER_ID);
Log::Debug('Handling secure request. url=%s, userId=%s, sessionToken=%s', $_SERVER['REQUEST_URI'], $userId, $sessionToken);
if (empty($sessionToken) || empty($userId)) {
Log::Debug('Empty token or userId');
return false;
}
$session = $this->repository->LoadBySessionToken($sessionToken);
if ($session != null && $session->IsExpired()) {
Log::Debug('Session is expired');
$this->repository->Delete($session);
return false;
}
if ($session == null || $session->UserId != $userId) {
Log::Debug('Session token does not match user session token');
return false;
}
if ($requireAdminRole && !$session->IsAdmin) {
Log::Debug('Route is limited to application administrators and this user is not an admin');
return false;
}
$session->ExtendSession();
$this->repository->Update($session);
$server->SetSession($session);
Log::Debug('Secure request was authenticated');
return true;
}
public function UpdateTheme()
{
$logoFile = $this->page->GetLogoFile();
$cssFile = $this->page->GetCssFile();
if ($logoFile != null) {
Log::Debug('Replacing logo with ' . $logoFile->OriginalName());
$targets = glob(ROOT_DIR . 'Web/img/custom-logo.*');
foreach ($targets as $target) {
$removed = unlink($target);
if (!$removed) {
Log::Error('Could not remove existing logo. Ensure %s is writable.', $target);
}
}
$target = ROOT_DIR . 'Web/img/custom-logo.' . $logoFile->Extension();
$copied = copy($logoFile->TemporaryName(), $target);
if (!$copied) {
Log::Error('Could not replace logo with %s. Ensure %s is writable.', $logoFile->OriginalName(), $target);
}
}
if ($cssFile != null) {
Log::Debug('Replacing css file with ' . $cssFile->OriginalName());
$target = ROOT_DIR . 'Web/css/custom-style.css';
$copied = copy($cssFile->TemporaryName(), $target);
if (!$copied) {
Log::Error('Could not replace css with %s. Ensure %s is writable.', $cssFile->OriginalName(), $target);
}
}
}
public function Validate($reservationSeries)
{
if ($this->userSession->IsAdmin) {
Log::Debug('User is application admin. Skipping check. UserId=%s', $this->userSession->UserId);
return new ReservationRuleResult(true);
}
if ($this->userSession->IsGroupAdmin || $this->userSession->IsResourceAdmin || $this->userSession->IsScheduleAdmin) {
if ($this->userSession->IsGroupAdmin) {
$user = $this->userRepository->LoadById($this->userSession->UserId);
$reservationUser = $this->userRepository->LoadById($reservationSeries->UserId());
if ($user->IsAdminFor($reservationUser)) {
Log::Debug('User is admin for reservation user. Skipping check. UserId=%s', $this->userSession->UserId);
return new ReservationRuleResult(true);
}
}
if ($this->userSession->IsResourceAdmin || $this->userSession->IsScheduleAdmin) {
$user = $this->userRepository->LoadById($this->userSession->UserId);
$isResourceAdmin = true;
foreach ($reservationSeries->AllResources() as $resource) {
if (!$user->IsResourceAdminFor($resource)) {
$isResourceAdmin = false;
break;
}
}
if ($isResourceAdmin) {
Log::Debug('User is admin for all resources. Skipping check. UserId=%s', $this->userSession->UserId);
return new ReservationRuleResult(true);
}
}
}
return $this->rule->Validate($reservationSeries);
}
/**
* @param $invitationAction
* @return string|null
*/
private function HandleInvitationAction($invitationAction)
{
$referenceNumber = $this->page->GetInvitationReferenceNumber();
$userId = $this->page->GetUserId();
Log::Debug('Invitation action %s for user %s and reference number %s', $invitationAction, $userId, $referenceNumber);
$series = $this->reservationRepository->LoadByReferenceNumber($referenceNumber);
if ($invitationAction == InvitationAction::Accept) {
$series->AcceptInvitation($userId);
foreach ($series->AllResources() as $resource) {
if (!$resource->HasMaxParticipants()) {
continue;
}
/** @var $instance Reservation */
foreach ($series->Instances() as $instance) {
$numberOfParticipants = count($instance->Participants());
if ($numberOfParticipants > $resource->GetMaxParticipants()) {
return Resources::GetInstance()->GetString('MaxParticipantsError', array($resource->GetName(), $resource->GetMaxParticipants()));
}
}
}
}
if ($invitationAction == InvitationAction::Decline) {
$series->DeclineInvitation($userId);
}
if ($invitationAction == InvitationAction::CancelInstance) {
$series->CancelInstanceParticipation($userId);
}
if ($invitationAction == InvitationAction::CancelAll) {
$series->CancelAllParticipation($userId);
}
$this->reservationRepository->Update($series);
return null;
}
/**
* @param $fullPath string
* @return void
*/
public function RemoveFile($fullPath)
{
Log::Debug('Deleting file: %s', $fullPath);
if (unlink($fullPath) === false) {
Log::Error('Could not delete file: %s', $fullPath);
}
}
/**
* @param associative array of SAML user attributes
* @param associated array of configuration options
*/
public function __construct($saml_attributes = array(), $options = array())
{
Log::Debug('Inside construct SamlUser');
if (count($options) > 0) {
Log::Debug('Inside construct SamlUser and count options is %d', count($options));
if (array_key_exists("ssphp_username", $options) && array_key_exists($options["ssphp_username"], $saml_attributes)) {
$this->username = $saml_attributes[$options["ssphp_username"]][0];
Log::Debug('Value of username is %s', $this->GetUserName());
}
if (array_key_exists("ssphp_firstname", $options) && array_key_exists($options["ssphp_firstname"], $saml_attributes)) {
$this->fname = $saml_attributes[$options["ssphp_firstname"]][0];
Log::Debug('Value of fname is %s', $this->GetFirstName());
}
if (array_key_exists("ssphp_lastname", $options) && array_key_exists($options["ssphp_lastname"], $saml_attributes)) {
$this->lname = $saml_attributes[$options["ssphp_lastname"]][0];
Log::Debug('Value of lname is %s', $this->GetLastName());
}
if (array_key_exists("ssphp_email", $options) && array_key_exists($options["ssphp_email"], $saml_attributes)) {
$this->mail = $saml_attributes[$options["ssphp_email"]][0];
}
if (array_key_exists("ssphp_phone", $options) && array_key_exists($options["ssphp_phone"], $saml_attributes)) {
$this->phone = $saml_attributes[$options["ssphp_phone"]][0];
Log::Debug('Value of phone is %s', $this->GetPhone());
}
if (array_key_exists("ssphp_organization", $options) && array_key_exists($options["ssphp_organization"], $saml_attributes)) {
$this->institution = $saml_attributes[$options["ssphp_organization"]][0];
Log::Debug('Value of institution is %s', $this->GetInstitution());
}
if (array_key_exists("ssphp_position", $options) && array_key_exists($options["ssphp_position"], $saml_attributes)) {
$this->title = $saml_attributes[$options["ssphp_position"]][0];
Log::Debug('Value of title is %s', $this->GetTitle());
}
}
}
private function TryPageLoad($currentUser)
{
$fileId = $this->page->GetFileId();
$referenceNumber = $this->page->GetReferenceNumber();
Log::Debug('Trying to load reservation attachment. FileId: %s, ReferenceNumber %s', $fileId, $referenceNumber);
$attachment = $this->reservationRepository->LoadReservationAttachment($fileId);
if ($attachment == null) {
Log::Error('Error loading resource attachment, attachment not found');
return false;
}
$reservation = $this->reservationRepository->LoadByReferenceNumber($referenceNumber);
if ($reservation == null) {
Log::Error('Error loading resource attachment, reservation not found');
return false;
}
if ($reservation->SeriesId() != $attachment->SeriesId()) {
Log::Error('Error loading resource attachment, attachment not associated with reservation');
return false;
}
if (!$this->permissionService->CanAccessResource(new ReservationResource($reservation->ResourceId()), $currentUser)) {
Log::Error('Error loading resource attachment, insufficient permissions');
return false;
}
return $attachment;
}
public function Logout(UserSession $user)
{
Log::Debug('Attempting CAS logout for email: %s', $user->Email);
$this->authToDecorate->Logout($user);
if ($this->options->CasHandlesLogouts()) {
phpCAS::logout();
}
}
private function GetResults($type, $term)
{
if (array_key_exists($type, $this->listMethods)) {
$method = $this->listMethods[$type];
return $this->{$method}($term);
}
Log::Debug("AutoComplete for type: {$type} not defined");
return '';
}
private function showSecurimage()
{
Log::Debug('CaptchaControl using Securimage');
$url = CaptchaService::Create()->GetImageUrl();
$label = Resources::GetInstance()->GetString('SecurityCode');
$formName = FormKeys::CAPTCHA;
echo "<img src='{$url}' alt='captcha' id='captchaImg'/>";
echo "<br/><label class=\"reg\">{$label}<br/><input type=\"text\" class=\"input\" name=\"{$formName}\" size=\"20\" id=\"captchaValue\"/>";
}
/**
* @name SignOut
* @request SignOutRequest
* @return void
*/
public function SignOut()
{
/** @var $request SignOutRequest */
$request = $this->server->GetRequest();
$userId = $request->userId;
$sessionToken = $request->sessionToken;
Log::Debug('WebService SignOut for userId %s and sessionToken %s', $userId, $sessionToken);
$this->authentication->Logout($userId, $sessionToken);
}
/**
* @param IEmailMessage $emailMessage
*/
function Send(IEmailMessage $emailMessage)
{
if (is_array($emailMessage->To())) {
$to = implode(', ', $emailMessage->To());
} else {
$to = $emailMessage->To();
}
Log::Debug("Sending Email. To: %s\nFrom: %s\nSubject: %s\nBody: %s", $to, $emailMessage->From(), $emailMessage->Subject(), $emailMessage->Body());
}
/**
* @param ReservationSeries $reservation
* @return void
*/
public function Notify($reservation)
{
$owner = $this->_userRepo->LoadById($reservation->UserId());
if ($this->ShouldSend($owner)) {
$message = $this->GetMessage($owner, $reservation, $this->_attributeRepo);
ServiceLocator::GetEmailService()->Send($message);
} else {
Log::Debug('Owner does not want these types of email notifications. Email=%s, ReferenceNumber=%s', $owner->EmailAddress(), $reservation->CurrentInstance()->ReferenceNumber());
}
}
public function PageLoad()
{
$referenceNumber = $this->page->GetReferenceNumber();
Log::Debug('User: %s, Approving reservation with reference number %s', $this->userSession->UserId, $referenceNumber);
$series = $this->persistenceService->LoadByReferenceNumber($referenceNumber);
if ($this->authorization->CanApprove(new ReservationViewAdapter($series), $this->userSession)) {
$series->Approve($this->userSession);
$this->handler->Handle($series, $this->page);
}
}
public function Validate()
{
if ($this->file == null) {
return;
}
$this->isValid = !$this->file->IsError();
if (!$this->IsValid()) {
Log::Debug('Uploaded file %s is not valid. %s', $this->file->OriginalName(), $this->file->Error());
$this->AddMessage($this->file->Error());
}
}
/**
* @name GetReservation
* @param string $referenceNumber
* @description Loads a specific reservation by reference number
* @response ReservationResponse
* @return void
*/
public function GetReservation($referenceNumber)
{
Log::Debug('GetReservation called. $referenceNumber=%s', $referenceNumber);
$reservation = $this->reservationViewRepository->GetReservationForEditing($referenceNumber);
if (!empty($reservation->ReferenceNumber)) {
$attributes = $this->attributeService->GetByCategory(CustomAttributeCategory::RESERVATION);
$response = new ReservationResponse($this->server, $reservation, $this->privacyFilter, $attributes);
$this->server->WriteResponse($response);
} else {
$this->server->WriteResponse($response = RestResponse::NotFound(), RestResponse::NOT_FOUND_CODE);
}
}
public function HandleSelfRegistration(User $user, IRegistrationPage $page, ILoginContext $loginContext)
{
if ($user->StatusId() == AccountStatus::ACTIVE) {
Log::Debug('PostRegistration - Handling activate user %s', $user->EmailAddress());
$this->authentication->Login($user->EmailAddress(), $loginContext);
$page->Redirect(Pages::UrlFromId($user->Homepage()));
} else {
Log::Debug('PostRegistration - Handling pending user %s', $user->EmailAddress());
$this->activation->Notify($user);
$page->Redirect(Pages::ACTIVATION);
}
}
/**
* @param $reservationSeries ReservationSeries|ExistingReservationSeries
* @return void
*/
public function Notify($reservationSeries)
{
$referenceNumber = $reservationSeries->CurrentInstance()->ReferenceNumber();
foreach ($this->notifications as $notification) {
try {
Log::Debug("Calling notify on %s for reservation %s", get_class($notification), $referenceNumber);
$notification->Notify($reservationSeries);
} catch (Exception $ex) {
Log::Error("Error sending notification of type %s for reservation %s. Exception: %s", get_class($notification), $referenceNumber, $ex);
}
}
}
public function Validate($reservationSeries)
{
/** @var $rule IReservationValidationRule */
foreach ($this->_validationRules as $rule) {
$result = $rule->Validate($reservationSeries);
Log::Debug('Validating rule %s. Passed?: %s', get_class($rule), $result->IsValid() . '');
if (!$result->IsValid()) {
return new ReservationValidationResult(false, array($result->ErrorMessage()));
}
}
return new ReservationValidationResult();
}
/**
* @param $invitationAction
* @return string|null
*/
private function HandleInvitationAction($invitationAction)
{
$referenceNumber = $this->page->GetInvitationReferenceNumber();
$userId = $this->page->GetUserId();
Log::Debug('Invitation action %s for user %s and reference number %s', $invitationAction, $userId, $referenceNumber);
$series = $this->reservationRepository->LoadByReferenceNumber($referenceNumber);
if ($invitationAction == InvitationAction::Join || $invitationAction == InvitationAction::CancelInstance) {
$rules = array(new ReservationStartTimeRule(new ScheduleRepository()), new ResourceMinimumNoticeCurrentInstanceRule(), new ResourceMaximumNoticeCurrentInstanceRule());
} else {
$rules = array(new ReservationStartTimeRule(new ScheduleRepository()), new ResourceMinimumNoticeRule(), new ResourceMaximumNoticeRule());
}
/** @var IReservationValidationRule $rule */
foreach ($rules as $rule) {
$ruleResult = $rule->Validate($series);
if (!$ruleResult->IsValid()) {
return $ruleResult->ErrorMessage();
return Resources::GetInstance()->GetString('ParticipationNotAllowed');
}
}
$error = null;
if ($invitationAction == InvitationAction::Accept) {
$series->AcceptInvitation($userId);
$error = $this->CheckCapacityAndReturnAnyError($series);
}
if ($invitationAction == InvitationAction::Decline) {
$series->DeclineInvitation($userId);
}
if ($invitationAction == InvitationAction::CancelInstance) {
$series->CancelInstanceParticipation($userId);
}
if ($invitationAction == InvitationAction::CancelAll) {
$series->CancelAllParticipation($userId);
}
if ($invitationAction == InvitationAction::Join) {
if (!$series->GetAllowParticipation()) {
$error = Resources::GetInstance()->GetString('ParticipationNotAllowed');
} else {
$series->JoinReservation($userId);
$error = $this->CheckCapacityAndReturnAnyError($series);
}
}
if ($invitationAction == InvitationAction::JoinAll) {
if (!$series->GetAllowParticipation()) {
$error = Resources::GetInstance()->GetString('ParticipationNotAllowed');
} else {
$series->JoinReservationSeries($userId);
$error = $this->CheckCapacityAndReturnAnyError($series);
}
}
$this->reservationRepository->Update($series);
return $error;
}
public function GetLdapUser($username)
{
$attributes = $this->options->Attributes();
Log::Debug('ActiveDirectory - Loading user attributes: %s', implode(', ', $attributes));
$entries = $this->ldap->user()->infoCollection($username, $attributes);
/** @var adLDAPUserCollection $entries */
if ($entries && count($entries) > 0) {
return new ActiveDirectoryUser($entries, $this->options->AttributeMapping());
} else {
Log::Debug('ActiveDirectory - Could not load user details for user %s. Reason %s', $username, $this->ldap->getLastError());
}
return null;
}
/**
* @param ReservationSeries $reservationSeries
* @return ReservationRuleResult
*/
public function Validate($reservationSeries)
{
$quotas = $this->quotaRepository->LoadAll();
$user = $this->userRepository->LoadById($reservationSeries->UserId());
$schedule = $this->scheduleRepository->LoadById($reservationSeries->ScheduleId());
foreach ($quotas as $quota) {
if ($quota->ExceedsQuota($reservationSeries, $user, $schedule, $this->reservationViewRepository)) {
Log::Debug('Quota exceeded. %s', $quota->ToString());
return new ReservationRuleResult(false, Resources::GetInstance()->GetString('QuotaExceeded'));
}
}
return new ReservationRuleResult();
}
/**
* Called first to validate credentials
* @see IAuthorization::Validate()
*/
public function Validate($username, $password)
{
$account = $this->GetDrupalAccount($username);
if (!$account) {
Log::Debug('DRUPAL: Could not find Drupal account for user=%s', $username);
return false;
}
if (!$this->user_check_password($password, $account)) {
Log::Debug('DRUPAL: Drupal account found but password was incorrect for user=%s', $username);
return false;
}
Log::Debug('DRUPAL: User was found. user=%s, Drupal username=%s, Drupal email=%s, Booked admin email=%s', $username, $account->name, $account->mail, Configuration::Instance()->GetKey(ConfigKeys::ADMIN_EMAIL));
return true;
}
public function UpdateAttribute()
{
$attributeId = $this->page->GetAttributeId();
$attributeName = $this->page->GetLabel();
$regex = $this->page->GetValidationExpression();
$required = $this->page->GetIsRequired();
$possibleValues = $this->page->GetPossibleValues();
$sortOrder = $this->page->GetSortOrder();
$entityId = $this->page->GetEntityId();
Log::Debug('Updating attribute with id: %s', $attributeId);
$attribute = $this->attributeRepository->LoadById($attributeId);
$attribute->Update($attributeName, $regex, $required, $possibleValues, $sortOrder, $entityId);
$this->attributeRepository->Update($attribute);
}
/**
* @param ReservationSeries $series
* @return bool
*/
private function EvaluateCustomRule($series)
{
Log::Debug('Evaluating custom pre reservation rule');
// make your custom checks here
$configFile = Configuration::Instance()->File('PreReservationExample');
$maxValue = $configFile->GetKey('custom.attribute.max.value');
$customAttributeId = $configFile->GetKey('custom.attribute.id');
$attributeValue = $series->GetAttributeValue($customAttributeId);
$isValid = $attributeValue <= $maxValue;
if ($isValid) {
return new ReservationValidationResult();
}
return new ReservationValidationResult(false, "Value of custom attribute cannot be greater than {$maxValue}");
}
public function GetReservations(DateRange $dateRangeUtc, $scheduleId, $targetTimezone)
{
$reservationListing = $this->_coordinatorFactory->CreateReservationListing($targetTimezone);
$reservations = $this->_repository->GetReservationList($dateRangeUtc->GetBegin(), $dateRangeUtc->GetEnd(), null, null, $scheduleId, null);
Log::Debug("Found %s reservations for schedule %s between %s and %s", count($reservations), $scheduleId, $dateRangeUtc->GetBegin(), $dateRangeUtc->GetEnd());
foreach ($reservations as $reservation) {
$reservationListing->Add($reservation);
}
$blackouts = $this->_repository->GetBlackoutsWithin($dateRangeUtc, $scheduleId);
Log::Debug("Found %s blackouts for schedule %s between %s and %s", count($blackouts), $scheduleId, $dateRangeUtc->GetBegin(), $dateRangeUtc->GetEnd());
foreach ($blackouts as $blackout) {
$reservationListing->AddBlackout($blackout);
}
return $reservationListing;
}
/**
* @param ReservationSeries $reservationSeries
* @return ReservationRuleResult
*/
public function Validate($reservationSeries)
{
$conflicts = array();
$reservationAccessories = $reservationSeries->Accessories();
if (count($reservationAccessories) == 0) {
// no accessories to be reserved, no need to proceed
return new ReservationRuleResult();
}
/** @var AccessoryToCheck[] $accessories */
$accessories = array();
foreach ($reservationAccessories as $accessory) {
$a = $this->accessoryRepository->LoadById($accessory->AccessoryId);
if (!$a->HasUnlimitedQuantity()) {
$accessories[$a->GetId()] = new AccessoryToCheck($a, $accessory);
}
}
if (count($accessories) == 0) {
// no accessories with limited quantity to be reserved, no need to proceed
return new ReservationRuleResult();
}
$reservations = $reservationSeries->Instances();
/** @var Reservation $reservation */
foreach ($reservations as $reservation) {
Log::Debug("Checking for accessory conflicts, reference number %s", $reservation->ReferenceNumber());
$accessoryReservations = $this->reservationRepository->GetAccessoriesWithin($reservation->Duration());
$aggregation = new AccessoryAggregation($accessories, $reservation->Duration());
foreach ($accessoryReservations as $accessoryReservation) {
if ($reservation->ReferenceNumber() != $accessoryReservation->GetReferenceNumber()) {
$aggregation->Add($accessoryReservation);
}
}
foreach ($accessories as $accessory) {
$alreadyReserved = $aggregation->GetQuantity($accessory->GetId());
$requested = $accessory->QuantityReserved();
if ($requested + $alreadyReserved > $accessory->QuantityAvailable()) {
Log::Debug("Accessory over limit. Reference Number %s, Date %s, Quantity already reserved %s, Quantity requested: %s", $reservation->ReferenceNumber(), $reservation->Duration(), $alreadyReserved, $requested);
array_push($conflicts, array('name' => $accessory->GetName(), 'date' => $reservation->StartDate()));
}
}
}
$thereAreConflicts = count($conflicts) > 0;
if ($thereAreConflicts) {
return new ReservationRuleResult(false, $this->GetErrorString($conflicts));
}
return new ReservationRuleResult();
}
public function SendRandomPassword()
{
$emailAddress = $this->_page->GetEmailAddress();
Log::Debug('Password reset request for email address %s requested from REMOTE_ADDR: %s REMOTE_HOST: %s', $emailAddress, $_SERVER['REMOTE_ADDR'], $_SERVER['REMOTE_HOST']);
$temporaryPassword = Password::GenerateRandom();
$passwordEncryption = new PasswordEncryption();
$salt = $passwordEncryption->Salt();
$encrypted = $passwordEncryption->Encrypt($temporaryPassword, $salt);
$userRepository = new UserRepository();
$user = $userRepository->FindByEmail($emailAddress);
if ($user != null) {
$user->ChangePassword($encrypted, $salt);
$userRepository->Update($user);
$emailMessage = new ForgotPasswordEmail($user, $temporaryPassword);
ServiceLocator::GetEmailService()->Send($emailMessage);
}
}
public function Login($username, $loginContext)
{
Log::Debug('Logging in with user: %s', $username);
$user = $this->userRepository->LoadByUsername($username);
if ($user->StatusId() == AccountStatus::ACTIVE) {
$loginData = $loginContext->GetData();
$loginTime = LoginTime::Now();
$language = $user->Language();
if (!empty($loginData->Language)) {
$language = $loginData->Language;
}
$user->Login($loginTime, $language);
$this->userRepository->Update($user);
return $this->GetUserSession($user, $loginTime);
}
return new NullUserSession();
}
private function Configure()
{
if (!$this->securityGuard->IsAuthenticated()) {
return;
}
$user = ServiceLocator::GetServer()->GetUserSession();
Log::Debug('Editing configuration file. Email=%s, UserId=%s', $user->Email, $user->UserId);
$configFile = ROOT_DIR . 'config/config.php';
$configDistFile = ROOT_DIR . 'config/config.dist.php';
$configurator = new Configurator();
if ($configurator->CanOverwriteFile($configFile)) {
$configurator->Merge($configFile, $configDistFile);
$this->page->ShowConfigUpdateSuccess();
} else {
$manualConfig = $configurator->GetMergedString($configFile, $configDistFile);
$this->page->ShowManualConfig($manualConfig);
}
}