/**
* Entrypoint of every tool
*/
public function launch()
{
try {
taoLti_models_classes_LtiService::singleton()->startLtiSession(common_http_Request::currentRequest());
// check if cookie has been set
if (tao_models_classes_accessControl_AclProxy::hasAccess('verifyCookie', 'CookieUtils', 'taoLti')) {
$this->redirect(_url('verifyCookie', 'CookieUtils', 'taoLti', array('session' => session_id(), 'redirect' => _url('run', null, null, $_GET))));
} else {
$this->returnError(__('You are not authorized to use this system'));
}
} catch (common_user_auth_AuthFailedException $e) {
common_Logger::i($e->getMessage());
$this->returnError(__('The LTI connection could not be established'), false);
} catch (taoLti_models_classes_LtiException $e) {
// In regard of the IMS LTI standard, we have to show a back button that refer to the
// launch_presentation_return_url url param. So we have to retrieve this parameter before trying to start
// the session
$params = common_http_Request::currentRequest()->getParams();
if (isset($params[taoLti_models_classes_LtiLaunchData::TOOL_CONSUMER_INSTANCE_NAME])) {
$this->setData('consumerLabel', $params[taoLti_models_classes_LtiLaunchData::TOOL_CONSUMER_INSTANCE_NAME]);
} elseif (isset($params[taoLti_models_classes_LtiLaunchData::TOOL_CONSUMER_INSTANCE_DESCRIPTION])) {
$this->setData('consumerLabel', $params[taoLti_models_classes_LtiLaunchData::TOOL_CONSUMER_INSTANCE_DESCRIPTION]);
}
if (isset($params[taoLti_models_classes_LtiLaunchData::LAUNCH_PRESENTATION_RETURN_URL])) {
$this->setData('returnUrl', $params[taoLti_models_classes_LtiLaunchData::LAUNCH_PRESENTATION_RETURN_URL]);
}
common_Logger::i($e->getMessage());
$this->returnError(__('The LTI connection could not be established'), false);
} catch (tao_models_classes_oauth_Exception $e) {
common_Logger::i($e->getMessage());
$this->returnError(__('The LTI connection could not be established'), false);
}
}
public function run()
{
funcAcl_models_classes_Initialisation::run();
$impl = new funcAcl_models_classes_FuncAcl();
$exts = common_ext_ExtensionsManager::singleton()->getInstalledExtensions();
foreach ($exts as $extension) {
foreach ($extension->getManifest()->getAclTable() as $tableEntry) {
$rule = new tao_models_classes_accessControl_AccessRule($tableEntry[0], $tableEntry[1], $tableEntry[2]);
$impl->applyRule($rule);
}
}
tao_models_classes_accessControl_AclProxy::setImplementation($impl);
}
public function execute()
{
// get the controller
$controllerClass = $this->getControllerClass();
if (class_exists($controllerClass)) {
// namespaced?
$module = new $controllerClass();
} else {
if (($str = substr($controllerClass, 1)) && class_exists($str)) {
// non namespaced?
$module = new $str();
} else {
throw new ActionEnforcingException('Controller "' . $controllerClass . '" could not be loaded.', $this->context->getModuleName(), $this->context->getActionName());
}
}
// get the action, module, extension of the action
$extensionId = $this->context->getExtensionName();
$moduleName = $this->context->getModuleName() ? Camelizer::firstToUpper($this->context->getModuleName()) : DEFAULT_MODULE_NAME;
$action = $this->context->getActionName() ? Camelizer::firstToLower($this->context->getActionName()) : DEFAULT_ACTION_NAME;
// Are we authorized to execute this action?
$requestParameters = $this->context->getRequest()->getParameters();
if (!tao_models_classes_accessControl_AclProxy::hasAccess($action, $moduleName, $extensionId, $requestParameters)) {
$userUri = common_session_SessionManager::getSession()->getUserUri();
throw new tao_models_classes_AccessDeniedException($userUri, $action, $moduleName, $extensionId);
}
// if the method related to the specified action exists, call it
if (method_exists($module, $action)) {
$this->context->setActionName($action);
// search parameters method
$reflect = new ReflectionMethod($module, $action);
$parameters = $reflect->getParameters();
$tabParam = array();
foreach ($parameters as $param) {
$tabParam[$param->getName()] = $this->context->getRequest()->getParameter($param->getName());
}
// Action method is invoked, passing request parameters as
// method parameters.
common_Logger::d('Invoking ' . get_class($module) . '::' . $action, array('GENERIS', 'CLEARRFW'));
call_user_func_array(array($module, $action), $tabParam);
// Render the view if selected.
if ($module->hasView()) {
$renderer = $module->getRenderer();
echo $renderer->render();
}
} else {
throw new ActionEnforcingException("Unable to find the action '" . $action . "' in '" . get_class($module) . "'.", $this->context->getModuleName(), $this->context->getActionName());
}
}
/**
* Authentication form,
* default page, main entry point to the user
*
* @return void
*/
public function login()
{
$params = array();
if ($this->hasRequestParameter('redirect')) {
$redirectUrl = $_REQUEST['redirect'];
if (substr($redirectUrl, 0, 1) == '/' || substr($redirectUrl, 0, strlen(ROOT_URL)) == ROOT_URL) {
$params['redirect'] = $redirectUrl;
}
}
$myLoginFormContainer = new tao_actions_form_Login($params);
$myForm = $myLoginFormContainer->getForm();
if ($myForm->isSubmited()) {
if ($myForm->isValid()) {
$success = LoginService::login($myForm->getValue('login'), $myForm->getValue('password'));
if ($success) {
\common_Logger::i("Successful login of user '" . $myForm->getValue('login') . "'.");
if ($this->hasRequestParameter('redirect') && tao_models_classes_accessControl_AclProxy::hasAccessUrl($_REQUEST['redirect'])) {
$this->redirect($_REQUEST['redirect']);
} else {
$this->redirect(_url('entry', 'Main'));
}
} else {
\common_Logger::i("Unsuccessful login of user '" . $myForm->getValue('login') . "'.");
$this->setData('errorMessage', __('Invalid login or password. Please try again.'));
}
}
}
$this->setData('form', $myForm->render());
$this->setData('title', __("TAO Login"));
$this->setData('messageServiceIsAvailable', MessagingService::singleton()->isAvailable());
if ($this->hasRequestParameter('msg')) {
$this->setData('msg', $this->getRequestParameter('msg'));
}
$this->setData('content-template', array('blocks/login.tpl', 'tao'));
$this->setView('layout.tpl', 'tao');
}
/**
* Check whether the current is allowed to see this action (against ACL).
* @deprecated Wrong layer. Should be called at the level of the controller
* @return bool true if access is granted
*/
public function hasAccess()
{
\common_Logger::w('Call to deprecated method ' . __METHOD__ . ' in ' . __CLASS__);
$access = true;
if (!empty($this->data['url'])) {
$access = tao_models_classes_accessControl_AclProxy::hasAccess($this->data['action'], $this->data['controller'], $this->data['extension']);
}
return $access;
}
/**
* Get the sections of the current extension's structure
*
* @param string $shownExtension
* @param string $shownStructure
* @return array the sections
*/
private function getSections($shownExtension, $shownStructure)
{
$sections = array();
$user = common_Session_SessionManager::getSession()->getUser();
$structure = MenuService::getPerspective($shownExtension, $shownStructure);
if (!is_null($structure)) {
foreach ($structure->getChildren() as $section) {
if (tao_models_classes_accessControl_AclProxy::hasAccess($section->getAction(), $section->getController(), $section->getExtensionId())) {
foreach ($section->getActions() as $action) {
$resolver = ActionResolver::getByControllerName($action->getController(), $action->getExtensionId());
if (!FuncProxy::accessPossible($user, $resolver->getController(), $action->getAction())) {
$section->removeAction($action);
}
}
$sections[] = $section;
}
}
}
return $sections;
}
/**
* Catch any errors
* If the request is an ajax request, return to the client a formated object.
*
* @param Exception $exception
*/
private function catchError(Exception $exception)
{
try {
// Rethrow for a direct clean catch...
throw $exception;
} catch (\ActionEnforcingException $ae) {
common_Logger::w("Called module " . $ae->getModuleName() . ', action ' . $ae->getActionName() . ' not found.', array('TAO', 'BOOT'));
$message = "Called module: " . $ae->getModuleName() . "\n";
$message .= "Called action: " . $ae->getActionName() . "\n";
$this->dispatchError($ae, 404, $message);
} catch (\tao_models_classes_AccessDeniedException $ue) {
common_Logger::i('Access denied', array('TAO', 'BOOT'));
if (!tao_helpers_Request::isAjax() && common_session_SessionManager::isAnonymous() && \tao_models_classes_accessControl_AclProxy::hasAccess('login', 'Main', 'tao')) {
header(HTTPToolkit::statusCodeHeader(302));
header(HTTPToolkit::locationHeader(_url('login', 'Main', 'tao', array('redirect' => $ue->getDeniedRequest()->getRequestURI(), 'msg' => $ue->getUserMessage()))));
} else {
$this->dispatchError($ue, 403);
}
} catch (\tao_models_classes_UserException $ue) {
$this->dispatchError($ue, 403);
} catch (\tao_models_classes_FileNotFoundException $e) {
$this->dispatchError($e, 404);
} catch (\common_exception_UserReadableException $e) {
$this->dispatchError($e, 500, $e->getUserMessage());
} catch (\ResolverException $e) {
common_Logger::singleton()->handleException($e);
if (!tao_helpers_Request::isAjax() && \tao_models_classes_accessControl_AclProxy::hasAccess('login', 'Main', 'tao')) {
header(HTTPToolkit::statusCodeHeader(302));
header(HTTPToolkit::locationHeader(_url('login', 'Main', 'tao')));
} else {
$this->dispatchError($e, 403);
}
} catch (Exception $e) {
// Last resort.
$msg = "System Error: uncaught exception (";
$msg .= get_class($e) . ") in (" . $e->getFile() . ")";
$msg .= " at line " . $e->getLine() . ": " . $e->getMessage();
$previous = $e->getPrevious();
while ($previous !== null) {
$msg .= "\n\ncaused by:\n\n";
$msg .= "(" . get_class($previous) . ") in (" . $previous->getFile() . ")";
$msg .= " at line " . $previous->getLine() . ": " . $previous->getMessage();
$previous = $previous->getPrevious();
}
common_Logger::e($msg);
$message = $e->getMessage();
$trace = $e->getTraceAsString();
$this->dispatchError($e, 500, $message, $trace);
}
}
/**
* Authentication form,
* default page, main entry point to the user
*
* @return void
*/
public function login()
{
$extension = \common_ext_ExtensionsManager::singleton()->getExtensionById('tao');
$config = $extension->getConfig('login');
$disableAutocomplete = !empty($config['disableAutocomplete']);
$params = array('disableAutocomplete' => $disableAutocomplete);
if ($this->hasRequestParameter('redirect')) {
$redirectUrl = $_REQUEST['redirect'];
if (substr($redirectUrl, 0, 1) == '/' || substr($redirectUrl, 0, strlen(ROOT_URL)) == ROOT_URL) {
$params['redirect'] = $redirectUrl;
}
}
$myLoginFormContainer = new tao_actions_form_Login($params);
$myForm = $myLoginFormContainer->getForm();
if ($myForm->isSubmited()) {
if ($myForm->isValid()) {
$success = LoginService::login($myForm->getValue('login'), $myForm->getValue('password'));
$eventManager = $this->getServiceManager()->get(EventManager::CONFIG_ID);
if ($success) {
\common_Logger::i("Successful login of user '" . $myForm->getValue('login') . "'.");
$eventManager->trigger(new LoginSucceedEvent($myForm->getValue('login')));
if ($this->hasRequestParameter('redirect') && tao_models_classes_accessControl_AclProxy::hasAccessUrl($_REQUEST['redirect'])) {
$this->redirect($_REQUEST['redirect']);
} else {
$this->forward('entry');
}
} else {
\common_Logger::i("Unsuccessful login of user '" . $myForm->getValue('login') . "'.");
$eventManager->trigger(new LoginFailedEvent($myForm->getValue('login')));
$this->setData('errorMessage', __('Invalid login or password. Please try again.'));
}
}
}
$renderedForm = $myForm->render();
// replace the login form by a fake form that will delegate the submit to the real form
// this will allow to prevent the browser ability to cache login/password
if ($disableAutocomplete) {
// make a copy of the form and replace the form attributes
$fakeForm = preg_replace('/<form[^>]+>/', '<div class="form loginForm fakeForm">', $renderedForm);
$fakeForm = str_replace('</form>', '</div>', $fakeForm);
// replace the password field by a text field in the actual form,
// so the browser won't detect it and won't be able to cache the credentials
$renderedForm = preg_replace('/type=[\'"]+password[\'"]+/', 'type="text"', $renderedForm);
// hide the actual form,
// it will be submitted through javascript delegation
$renderedForm = preg_replace_callback('/<form([^>]+)>/', function ($matches) {
$str = $matches[0];
if (false !== strpos($str, ' style=')) {
$str = preg_replace('/ style=([\'"]+)([^\'"]+)([\'"]+)/', ' style=$1$2;display:none;$3', $str);
} else {
$str = '<form' . $matches[1] . ' style="display:none;">';
}
return $str;
}, $renderedForm);
// the fake form will be displayed instead of the actual form,
// it will behave like the actual form
$renderedForm .= $fakeForm;
}
$this->setData('form', $renderedForm);
$this->setData('title', __("TAO Login"));
$entryPointService = $this->getServiceManager()->getServiceManager()->get(EntryPointService::SERVICE_ID);
$this->setData('entryPoints', $entryPointService->getEntryPoints(EntryPointService::OPTION_PRELOGIN));
if ($this->hasRequestParameter('msg')) {
$this->setData('msg', $this->getRequestParameter('msg'));
}
$this->setData('content-template', array('blocks/login.tpl', 'tao'));
$this->setView('layout.tpl', 'tao');
}
