/** * Entrypoint of every tool */ public function launch() { try { taoLti_models_classes_LtiService::singleton()->startLtiSession(common_http_Request::currentRequest()); // check if cookie has been set if (tao_models_classes_accessControl_AclProxy::hasAccess('verifyCookie', 'CookieUtils', 'taoLti')) { $this->redirect(_url('verifyCookie', 'CookieUtils', 'taoLti', array('session' => session_id(), 'redirect' => _url('run', null, null, $_GET)))); } else { $this->returnError(__('You are not authorized to use this system')); } } catch (common_user_auth_AuthFailedException $e) { common_Logger::i($e->getMessage()); $this->returnError(__('The LTI connection could not be established'), false); } catch (taoLti_models_classes_LtiException $e) { // In regard of the IMS LTI standard, we have to show a back button that refer to the // launch_presentation_return_url url param. So we have to retrieve this parameter before trying to start // the session $params = common_http_Request::currentRequest()->getParams(); if (isset($params[taoLti_models_classes_LtiLaunchData::TOOL_CONSUMER_INSTANCE_NAME])) { $this->setData('consumerLabel', $params[taoLti_models_classes_LtiLaunchData::TOOL_CONSUMER_INSTANCE_NAME]); } elseif (isset($params[taoLti_models_classes_LtiLaunchData::TOOL_CONSUMER_INSTANCE_DESCRIPTION])) { $this->setData('consumerLabel', $params[taoLti_models_classes_LtiLaunchData::TOOL_CONSUMER_INSTANCE_DESCRIPTION]); } if (isset($params[taoLti_models_classes_LtiLaunchData::LAUNCH_PRESENTATION_RETURN_URL])) { $this->setData('returnUrl', $params[taoLti_models_classes_LtiLaunchData::LAUNCH_PRESENTATION_RETURN_URL]); } common_Logger::i($e->getMessage()); $this->returnError(__('The LTI connection could not be established'), false); } catch (tao_models_classes_oauth_Exception $e) { common_Logger::i($e->getMessage()); $this->returnError(__('The LTI connection could not be established'), false); } }
public function run() { funcAcl_models_classes_Initialisation::run(); $impl = new funcAcl_models_classes_FuncAcl(); $exts = common_ext_ExtensionsManager::singleton()->getInstalledExtensions(); foreach ($exts as $extension) { foreach ($extension->getManifest()->getAclTable() as $tableEntry) { $rule = new tao_models_classes_accessControl_AccessRule($tableEntry[0], $tableEntry[1], $tableEntry[2]); $impl->applyRule($rule); } } tao_models_classes_accessControl_AclProxy::setImplementation($impl); }
public function execute() { // get the controller $controllerClass = $this->getControllerClass(); if (class_exists($controllerClass)) { // namespaced? $module = new $controllerClass(); } else { if (($str = substr($controllerClass, 1)) && class_exists($str)) { // non namespaced? $module = new $str(); } else { throw new ActionEnforcingException('Controller "' . $controllerClass . '" could not be loaded.', $this->context->getModuleName(), $this->context->getActionName()); } } // get the action, module, extension of the action $extensionId = $this->context->getExtensionName(); $moduleName = $this->context->getModuleName() ? Camelizer::firstToUpper($this->context->getModuleName()) : DEFAULT_MODULE_NAME; $action = $this->context->getActionName() ? Camelizer::firstToLower($this->context->getActionName()) : DEFAULT_ACTION_NAME; // Are we authorized to execute this action? $requestParameters = $this->context->getRequest()->getParameters(); if (!tao_models_classes_accessControl_AclProxy::hasAccess($action, $moduleName, $extensionId, $requestParameters)) { $userUri = common_session_SessionManager::getSession()->getUserUri(); throw new tao_models_classes_AccessDeniedException($userUri, $action, $moduleName, $extensionId); } // if the method related to the specified action exists, call it if (method_exists($module, $action)) { $this->context->setActionName($action); // search parameters method $reflect = new ReflectionMethod($module, $action); $parameters = $reflect->getParameters(); $tabParam = array(); foreach ($parameters as $param) { $tabParam[$param->getName()] = $this->context->getRequest()->getParameter($param->getName()); } // Action method is invoked, passing request parameters as // method parameters. common_Logger::d('Invoking ' . get_class($module) . '::' . $action, array('GENERIS', 'CLEARRFW')); call_user_func_array(array($module, $action), $tabParam); // Render the view if selected. if ($module->hasView()) { $renderer = $module->getRenderer(); echo $renderer->render(); } } else { throw new ActionEnforcingException("Unable to find the action '" . $action . "' in '" . get_class($module) . "'.", $this->context->getModuleName(), $this->context->getActionName()); } }
/** * Authentication form, * default page, main entry point to the user * * @return void */ public function login() { $params = array(); if ($this->hasRequestParameter('redirect')) { $redirectUrl = $_REQUEST['redirect']; if (substr($redirectUrl, 0, 1) == '/' || substr($redirectUrl, 0, strlen(ROOT_URL)) == ROOT_URL) { $params['redirect'] = $redirectUrl; } } $myLoginFormContainer = new tao_actions_form_Login($params); $myForm = $myLoginFormContainer->getForm(); if ($myForm->isSubmited()) { if ($myForm->isValid()) { $success = LoginService::login($myForm->getValue('login'), $myForm->getValue('password')); if ($success) { \common_Logger::i("Successful login of user '" . $myForm->getValue('login') . "'."); if ($this->hasRequestParameter('redirect') && tao_models_classes_accessControl_AclProxy::hasAccessUrl($_REQUEST['redirect'])) { $this->redirect($_REQUEST['redirect']); } else { $this->redirect(_url('entry', 'Main')); } } else { \common_Logger::i("Unsuccessful login of user '" . $myForm->getValue('login') . "'."); $this->setData('errorMessage', __('Invalid login or password. Please try again.')); } } } $this->setData('form', $myForm->render()); $this->setData('title', __("TAO Login")); $this->setData('messageServiceIsAvailable', MessagingService::singleton()->isAvailable()); if ($this->hasRequestParameter('msg')) { $this->setData('msg', $this->getRequestParameter('msg')); } $this->setData('content-template', array('blocks/login.tpl', 'tao')); $this->setView('layout.tpl', 'tao'); }
/** * Check whether the current is allowed to see this action (against ACL). * @deprecated Wrong layer. Should be called at the level of the controller * @return bool true if access is granted */ public function hasAccess() { \common_Logger::w('Call to deprecated method ' . __METHOD__ . ' in ' . __CLASS__); $access = true; if (!empty($this->data['url'])) { $access = tao_models_classes_accessControl_AclProxy::hasAccess($this->data['action'], $this->data['controller'], $this->data['extension']); } return $access; }
/** * Get the sections of the current extension's structure * * @param string $shownExtension * @param string $shownStructure * @return array the sections */ private function getSections($shownExtension, $shownStructure) { $sections = array(); $user = common_Session_SessionManager::getSession()->getUser(); $structure = MenuService::getPerspective($shownExtension, $shownStructure); if (!is_null($structure)) { foreach ($structure->getChildren() as $section) { if (tao_models_classes_accessControl_AclProxy::hasAccess($section->getAction(), $section->getController(), $section->getExtensionId())) { foreach ($section->getActions() as $action) { $resolver = ActionResolver::getByControllerName($action->getController(), $action->getExtensionId()); if (!FuncProxy::accessPossible($user, $resolver->getController(), $action->getAction())) { $section->removeAction($action); } } $sections[] = $section; } } } return $sections; }
/** * Catch any errors * If the request is an ajax request, return to the client a formated object. * * @param Exception $exception */ private function catchError(Exception $exception) { try { // Rethrow for a direct clean catch... throw $exception; } catch (\ActionEnforcingException $ae) { common_Logger::w("Called module " . $ae->getModuleName() . ', action ' . $ae->getActionName() . ' not found.', array('TAO', 'BOOT')); $message = "Called module: " . $ae->getModuleName() . "\n"; $message .= "Called action: " . $ae->getActionName() . "\n"; $this->dispatchError($ae, 404, $message); } catch (\tao_models_classes_AccessDeniedException $ue) { common_Logger::i('Access denied', array('TAO', 'BOOT')); if (!tao_helpers_Request::isAjax() && common_session_SessionManager::isAnonymous() && \tao_models_classes_accessControl_AclProxy::hasAccess('login', 'Main', 'tao')) { header(HTTPToolkit::statusCodeHeader(302)); header(HTTPToolkit::locationHeader(_url('login', 'Main', 'tao', array('redirect' => $ue->getDeniedRequest()->getRequestURI(), 'msg' => $ue->getUserMessage())))); } else { $this->dispatchError($ue, 403); } } catch (\tao_models_classes_UserException $ue) { $this->dispatchError($ue, 403); } catch (\tao_models_classes_FileNotFoundException $e) { $this->dispatchError($e, 404); } catch (\common_exception_UserReadableException $e) { $this->dispatchError($e, 500, $e->getUserMessage()); } catch (\ResolverException $e) { common_Logger::singleton()->handleException($e); if (!tao_helpers_Request::isAjax() && \tao_models_classes_accessControl_AclProxy::hasAccess('login', 'Main', 'tao')) { header(HTTPToolkit::statusCodeHeader(302)); header(HTTPToolkit::locationHeader(_url('login', 'Main', 'tao'))); } else { $this->dispatchError($e, 403); } } catch (Exception $e) { // Last resort. $msg = "System Error: uncaught exception ("; $msg .= get_class($e) . ") in (" . $e->getFile() . ")"; $msg .= " at line " . $e->getLine() . ": " . $e->getMessage(); $previous = $e->getPrevious(); while ($previous !== null) { $msg .= "\n\ncaused by:\n\n"; $msg .= "(" . get_class($previous) . ") in (" . $previous->getFile() . ")"; $msg .= " at line " . $previous->getLine() . ": " . $previous->getMessage(); $previous = $previous->getPrevious(); } common_Logger::e($msg); $message = $e->getMessage(); $trace = $e->getTraceAsString(); $this->dispatchError($e, 500, $message, $trace); } }
/** * Authentication form, * default page, main entry point to the user * * @return void */ public function login() { $extension = \common_ext_ExtensionsManager::singleton()->getExtensionById('tao'); $config = $extension->getConfig('login'); $disableAutocomplete = !empty($config['disableAutocomplete']); $params = array('disableAutocomplete' => $disableAutocomplete); if ($this->hasRequestParameter('redirect')) { $redirectUrl = $_REQUEST['redirect']; if (substr($redirectUrl, 0, 1) == '/' || substr($redirectUrl, 0, strlen(ROOT_URL)) == ROOT_URL) { $params['redirect'] = $redirectUrl; } } $myLoginFormContainer = new tao_actions_form_Login($params); $myForm = $myLoginFormContainer->getForm(); if ($myForm->isSubmited()) { if ($myForm->isValid()) { $success = LoginService::login($myForm->getValue('login'), $myForm->getValue('password')); $eventManager = $this->getServiceManager()->get(EventManager::CONFIG_ID); if ($success) { \common_Logger::i("Successful login of user '" . $myForm->getValue('login') . "'."); $eventManager->trigger(new LoginSucceedEvent($myForm->getValue('login'))); if ($this->hasRequestParameter('redirect') && tao_models_classes_accessControl_AclProxy::hasAccessUrl($_REQUEST['redirect'])) { $this->redirect($_REQUEST['redirect']); } else { $this->forward('entry'); } } else { \common_Logger::i("Unsuccessful login of user '" . $myForm->getValue('login') . "'."); $eventManager->trigger(new LoginFailedEvent($myForm->getValue('login'))); $this->setData('errorMessage', __('Invalid login or password. Please try again.')); } } } $renderedForm = $myForm->render(); // replace the login form by a fake form that will delegate the submit to the real form // this will allow to prevent the browser ability to cache login/password if ($disableAutocomplete) { // make a copy of the form and replace the form attributes $fakeForm = preg_replace('/<form[^>]+>/', '<div class="form loginForm fakeForm">', $renderedForm); $fakeForm = str_replace('</form>', '</div>', $fakeForm); // replace the password field by a text field in the actual form, // so the browser won't detect it and won't be able to cache the credentials $renderedForm = preg_replace('/type=[\'"]+password[\'"]+/', 'type="text"', $renderedForm); // hide the actual form, // it will be submitted through javascript delegation $renderedForm = preg_replace_callback('/<form([^>]+)>/', function ($matches) { $str = $matches[0]; if (false !== strpos($str, ' style=')) { $str = preg_replace('/ style=([\'"]+)([^\'"]+)([\'"]+)/', ' style=$1$2;display:none;$3', $str); } else { $str = '<form' . $matches[1] . ' style="display:none;">'; } return $str; }, $renderedForm); // the fake form will be displayed instead of the actual form, // it will behave like the actual form $renderedForm .= $fakeForm; } $this->setData('form', $renderedForm); $this->setData('title', __("TAO Login")); $entryPointService = $this->getServiceManager()->getServiceManager()->get(EntryPointService::SERVICE_ID); $this->setData('entryPoints', $entryPointService->getEntryPoints(EntryPointService::OPTION_PRELOGIN)); if ($this->hasRequestParameter('msg')) { $this->setData('msg', $this->getRequestParameter('msg')); } $this->setData('content-template', array('blocks/login.tpl', 'tao')); $this->setView('layout.tpl', 'tao'); }