/** * @see \Ableron\Core\Session\SessionHandlerInterface::runGarbageCollector() */ public function runGarbageCollector(DateInterval $inactivityTimeout) { //TODO tblasche: Implement correctly und use it $query = Application::getPersistenceManager()->getEntityManager()->createQuery('DELETE Core:SessionEntity s WHERE s.lastActivityTime < ?1'); $query->setParameter(1, DateUtil::getCurrentUtcDateTime()->sub($inactivityTimeout)->format('Y-m-d H:i:s')); $query->execute(); }
/** * Installs the given extension. * * This operation is transaction save. The extension is either installed * completely or not at all. * * Throws an exception in case the extension could not be installed. * * @param \Ableron\Core\Extension\ExtensionInterface $extension The extension to install * @param string $extensionDirectory Directory of the extension * @throws \Ableron\Core\Exception\SystemException * @return void */ protected function installExtension(ExtensionInterface $extension, $extensionDirectory) { // get entity manager $entityManager = Application::getPersistenceManager()->getEntityManager(); try { // begin transaction $entityManager->beginTransaction(); // set up database schema (generate proxies + database schema) $this->setUpDatabaseSchema($extension::getNamespace(), sprintf('%s/Model/Entities', $extensionDirectory), $entityManager); // write initial database entities to database foreach ($extension->getInitialDatabaseEntities() as $entity) { $entityManager->persist($entity); } // flush entity manager and commit transaction $entityManager->flush(); $entityManager->commit(); } catch (Exception $e) { // rollback transaction $entityManager->rollback(); // throw exception throw new SystemException(sprintf('Unable to install extension "%s"', $extension::getNamespace()), 0, E_USER_WARNING, __FILE__, __LINE__, $e); } // close global entity manager because of possible schema changes (necessary to prevent problems) Application::getPersistenceManager()->closeEntityManager(); }
/** * @see \Ableron\Lib\Event\EventHandlerInterface::handle() */ public function handle(EventInterface $event) { // clear failed login attempts /** @var \Ableron\Modules\Core\Events\LoginAttemptSuccessfulEvent $event */ if (($loginAttemptsEntity = BruteForceProtectionService::getLoginAttemptsByUsername($event->getUsername())) !== null) { Application::getPersistenceManager()->getEntityManager()->remove($loginAttemptsEntity); } }
/** * @see \Ableron\Core\Extension\ExtensionInterface::getInitialDatabaseEntities() */ public function getInitialDatabaseEntities() { $initialDatabaseEntities = array(); // get relevant locales $localeDeDe = Application::getPersistenceManager()->getRepository('LocaleEntity')->findOneBy(array('localeCode' => 'de-DE')); $localeEnUs = Application::getPersistenceManager()->getRepository('LocaleEntity')->findOneBy(array('localeCode' => 'en-US')); // add messages $initialDatabaseEntities[] = new TranslationEntity($localeDeDe, 'sysInfo.navTitle', 'System Informationen'); $initialDatabaseEntities[] = new TranslationEntity($localeEnUs, 'sysInfo.navTitle', 'System Information'); $initialDatabaseEntities[] = new TranslationEntity($localeDeDe, 'sysInfo.systemInfo.title', 'System'); $initialDatabaseEntities[] = new TranslationEntity($localeEnUs, 'sysInfo.systemInfo.title', 'System'); $initialDatabaseEntities[] = new TranslationEntity($localeDeDe, 'sysInfo.systemInfo.category.ableronCore', 'Ableron Core'); $initialDatabaseEntities[] = new TranslationEntity($localeEnUs, 'sysInfo.systemInfo.category.ableronCore', 'Ableron Core'); $initialDatabaseEntities[] = new TranslationEntity($localeDeDe, 'sysInfo.systemInfo.category.database', 'Datenbank'); $initialDatabaseEntities[] = new TranslationEntity($localeEnUs, 'sysInfo.systemInfo.category.database', 'Database'); $initialDatabaseEntities[] = new TranslationEntity($localeDeDe, 'sysInfo.systemInfo.category.php', 'PHP'); $initialDatabaseEntities[] = new TranslationEntity($localeEnUs, 'sysInfo.systemInfo.category.php', 'PHP'); $initialDatabaseEntities[] = new TranslationEntity($localeDeDe, 'sysInfo.systemInfo.category.server', 'Server'); $initialDatabaseEntities[] = new TranslationEntity($localeEnUs, 'sysInfo.systemInfo.category.server', 'Server'); $initialDatabaseEntities[] = new TranslationEntity($localeDeDe, 'sysInfo.systemInfo.label.ableronCore.version', 'Version'); $initialDatabaseEntities[] = new TranslationEntity($localeEnUs, 'sysInfo.systemInfo.label.ableronCore.version', 'Version'); $initialDatabaseEntities[] = new TranslationEntity($localeDeDe, 'sysInfo.systemInfo.label.ableronCore.installationTime', 'Installationszeitpunkt'); $initialDatabaseEntities[] = new TranslationEntity($localeEnUs, 'sysInfo.systemInfo.label.ableronCore.installationTime', 'Installation Time'); $initialDatabaseEntities[] = new TranslationEntity($localeDeDe, 'sysInfo.systemInfo.label.database.dbms', 'Datenbank Management System'); $initialDatabaseEntities[] = new TranslationEntity($localeEnUs, 'sysInfo.systemInfo.label.database.dbms', 'Database Management System'); $initialDatabaseEntities[] = new TranslationEntity($localeDeDe, 'sysInfo.systemInfo.label.php.serverApi', 'Server API'); $initialDatabaseEntities[] = new TranslationEntity($localeEnUs, 'sysInfo.systemInfo.label.php.serverApi', 'Server API'); $initialDatabaseEntities[] = new TranslationEntity($localeDeDe, 'sysInfo.systemInfo.label.php.version', 'PHP Version'); $initialDatabaseEntities[] = new TranslationEntity($localeEnUs, 'sysInfo.systemInfo.label.php.version', 'PHP Version'); $initialDatabaseEntities[] = new TranslationEntity($localeDeDe, 'sysInfo.systemInfo.label.php.zendEngineVersion', 'Zend Engine Version'); $initialDatabaseEntities[] = new TranslationEntity($localeEnUs, 'sysInfo.systemInfo.label.php.zendEngineVersion', 'Zend Engine Version'); $initialDatabaseEntities[] = new TranslationEntity($localeDeDe, 'sysInfo.systemInfo.label.server.operatingSystem', 'Betriebssystem'); $initialDatabaseEntities[] = new TranslationEntity($localeEnUs, 'sysInfo.systemInfo.label.server.operatingSystem', 'Operating System'); $initialDatabaseEntities[] = new TranslationEntity($localeDeDe, 'sysInfo.systemInfo.label.server.webServer', 'Webserver'); $initialDatabaseEntities[] = new TranslationEntity($localeEnUs, 'sysInfo.systemInfo.label.server.webServer', 'Web Server'); $initialDatabaseEntities[] = new TranslationEntity($localeDeDe, 'sysInfo.phpInfo.title', 'PHP'); $initialDatabaseEntities[] = new TranslationEntity($localeEnUs, 'sysInfo.phpInfo.title', 'PHP'); // add backend menu items $initialDatabaseEntities[] = new BackendMenuItemEntity('', 'fa-cogs', 'sysInfo.navTitle', 2); $initialDatabaseEntities[] = new BackendMenuItemEntity('/sysinfo/system', 'fa-cogs', 'sysInfo.systemInfo.title', 1); $initialDatabaseEntities[] = new BackendMenuItemEntity('/sysinfo/php', 'fa-cogs', 'sysInfo.phpInfo.title', 2); // add module $initialDatabaseEntities[] = new ModuleEntity('Ableron System Information', 'System Information Module of Ableron', 'SysInfo', '/sysinfo', '/sysinfo', true, false); // add permissions $initialDatabaseEntities[] = $permissionCanViewSystemInfo = new PermissionEntity('SysInfo.System.Backend.canViewSystemInfo', 'Grants access to the system information overview of the backend.'); //TODO tblasche: New permissions should be added to roles automatically // get default roles $roleRoot = Application::getPersistenceManager()->getRepository('RoleEntity')->findOneBy(array('name' => 'Root')); $roleBackendRoot = Application::getPersistenceManager()->getRepository('RoleEntity')->findOneBy(array('name' => 'Backend Root')); // add new permissions to default roles $roleRoot->getPermissions()->add($permissionCanViewSystemInfo); $roleBackendRoot->getPermissions()->add($permissionCanViewSystemInfo); // return initial database entities return $initialDatabaseEntities; }
/** * Returns the text with the given key for the currently set locale. * * TODO: Use MessageFormatter correctly (use object to get access to getErrorMessage() * TODO: Formatting messages may return FALSE on errors * * @param string $textKey Key of the text to return * @param array $parameters List of parameters to pass to the message formatter * @return string */ public function translate($textKey, $parameters = array()) { $query = Application::getPersistenceManager()->getEntityManager()->createQuery('SELECT t.text FROM Core:TranslationEntity t WHERE t.textKey = ?1 AND t.locale = ?2'); $query->setParameter(1, $textKey); $query->setParameter(2, $this->getLocale()); try { return MessageFormatter::formatMessage($this->getLocale()->getLocaleCode(), $query->getSingleScalarResult(), $parameters); } catch (NoResultException $e) { Application::getLogManager()->warning(sprintf('Unable to translate text key "%s": No translation found', $textKey)); return ''; } }
/** * @see \Ableron\Lib\Event\EventHandlerInterface::handle() */ public function handle(EventInterface $event) { // only take care of login attempts where both username and password are set /** @var \Ableron\Modules\Core\Events\LoginAttemptFailedEvent $event */ if ($event->getUsername() !== '' && $event->getPassword() !== '') { // log failed login attempt if (($loginAttemptsEntity = BruteForceProtectionService::getLoginAttemptsByUsername($event->getUsername())) !== null) { $loginAttemptsEntity->addFailedAttempt(); } else { Application::getPersistenceManager()->getEntityManager()->persist(new LoginAttemptsEntity($event->getUsername())); } } }
/** * @see \Ableron\Core\Extension\ExtensionInterface::getInitialDatabaseEntities() */ public function getInitialDatabaseEntities() { $initialDatabaseEntities = array(); // get relevant locales $localeDeDe = Application::getPersistenceManager()->getRepository('LocaleEntity')->findOneBy(array('localeCode' => 'de-DE')); $localeEnUs = Application::getPersistenceManager()->getRepository('LocaleEntity')->findOneBy(array('localeCode' => 'en-US')); // add messages $initialDatabaseEntities[] = new TranslationEntity($localeDeDe, 'bruteForceProtector.backend.message.possibleBruteForceDetected', 'Für diesen Benutzer wurde mehrfach ein falsches Passwort angegeben. Aus Sicherheitsgründen ist ein erneuter Login-Versuch erst in 2min wieder möglich.'); $initialDatabaseEntities[] = new TranslationEntity($localeEnUs, 'bruteForceProtector.backend.message.possibleBruteForceDetected', 'An invalid password has been provided for this user multiple times. For security reasons further login attempts are not possible for a period of 2 minutes.'); // register event handlers $initialDatabaseEntities[] = new EventHandlerEntity('core-login-attemptFailed', 'Ableron\\Plugins\\BruteForceProtector\\EventHandlers\\LoginAttemptFailedEventHandler'); $initialDatabaseEntities[] = new EventHandlerEntity('core-login-attemptSuccessful', 'Ableron\\Plugins\\BruteForceProtector\\EventHandlers\\LoginAttemptSuccessfulEventHandler'); $initialDatabaseEntities[] = new EventHandlerEntity('core-login-validatingData', 'Ableron\\Plugins\\BruteForceProtector\\EventHandlers\\LoginValidatingDataEventHandler'); // return initial database entities return $initialDatabaseEntities; }
/** * @see \Ableron\Modules\Core\Services\Authentication\AuthenticationInterface::authenticateManually() */ public static function authenticateManually($username, $password) { // get user in case username exists $user = Application::getPersistenceManager()->getRepository('UserEntity')->findByUsername($username); // check password if ($user !== null && Password::verify($password, $user->getPasswordHash())) { // rehash password if necessary if (Password::needsRehash($user->getPasswordHash())) { $user->setPasswordHash(Password::hash($password)); } // return the user object return $user; } // credentials invalid return null; }
/** * Tests whether findByUsername works as expected. * * @return void */ public function testFindByUsername() { // define username $username = '******'; // create user entity $user = new UserEntity($username, '', '', '', ''); // verify user does not exist $this->assertNull(Application::getPersistenceManager()->getRepository('UserEntity')->findByUsername($user->getUsername())); // create user Application::getPersistenceManager()->getEntityManager()->persist($user); Application::getPersistenceManager()->getEntityManager()->flush(); // verify user exist $userFromDb = Application::getPersistenceManager()->getRepository('UserEntity')->findByUsername($user->getUsername()); $this->assertNotNull($userFromDb); $this->assertSame($username, $userFromDb->getUsername()); $this->assertNotNull($username, $userFromDb->getId()); // remove user Application::getPersistenceManager()->getEntityManager()->remove($user); Application::getPersistenceManager()->getEntityManager()->flush(); }
/** * Creates an admin account. * * @return void */ private function createAdminAccount() { // create user entity $user = new UserEntity($this->getInstaller()->getInstallationParameter('admin.username'), Password::hash($this->getInstaller()->getInstallationParameter('admin.password')), $this->getInstaller()->getInstallationParameter('admin.emailAddress'), $this->getInstaller()->getInstallationParameter('admin.firstName'), $this->getInstaller()->getInstallationParameter('admin.lastName')); // assign root role $user->getRoles()->add(Application::getPersistenceManager()->getRepository('RoleEntity')->findOneBy(array('name' => 'Root'))); // write changes to database Application::getPersistenceManager()->getEntityManager()->persist($user); Application::getPersistenceManager()->getEntityManager()->flush(); }
/** * Returns the login attempts for the given username. * * Returns NULL in case there are no current failed login attempts for the given user. * * @param string $username Username to return the login attempts for * @return \Ableron\Plugins\BruteForceProtector\Model\Entities\LoginAttemptsEntity|null */ public static function getLoginAttemptsByUsername($username) { return Application::getPersistenceManager()->getRepository('LoginAttemptsEntity', BruteForceProtectorPlugin::getNamespace())->findOneBy(array('username' => $username)); }
/** * Returns an internal URL based on the current base URL and the given * module namespace. * * E.g. EnvironmentUtil::getInternalUrl('/foo', 'Bar') -> http://example.com/acp/Bar/foo * * @param string $moduleInternalPath Path within the module * @param string $moduleNamespace Namespace of the module to return the URL for * @return \Ableron\Lib\Net\Uri */ public static function getInternalUrl(string $moduleInternalPath, string $moduleNamespace = null) { // get module repository /** @var \Ableron\Modules\Core\Model\Repositories\ModuleRepository $moduleRepository */ $moduleRepository = Application::getPersistenceManager()->getRepository('ModuleEntity'); // get module $module = $moduleRepository->findModuleByNamespace($moduleNamespace === null ? CoreModule::getNamespace() : $moduleNamespace); // build and return URL return new Uri(rtrim(self::getBaseUrl()->toString() . (Application::getRequestHandler()->isFrontendRequest() ? $module->getFrontendBasePath() : $module->getBackendBasePath()), '/') . $moduleInternalPath); }
/** * Returns the version of the used database management system. * * Returns NULL in case the DBMS version could not be determined. * * @return string|null */ public static function getDatabaseManagementSystemVersion() { // get wrapped database connection $dbConnection = Application::getPersistenceManager()->getEntityManager()->getConnection()->getWrappedConnection(); // return database version or null if not present return $dbConnection instanceof ServerInfoAwareConnection ? $dbConnection->getServerVersion() : null; }
/** * Checks whether the current user is authorized to access the controller * and displays an error page in case permission has been denied. * * @throws \Ableron\Core\Controller\Exception\AccessDeniedException * @return void */ protected function checkAuthorization() { foreach ($this->getRequiredPermissions() as $permissionName) { if (!UserService::hasPermission(Application::getUser(), Application::getPersistenceManager()->getRepository('PermissionEntity')->findByName($permissionName))) { throw new AccessDeniedException(); } } }
private function getSettingEntityRepository() { return Application::getPersistenceManager()->getRepository('SettingEntity'); }
/** * Finds all supported locales. * * @return void */ private function findSupportedLocales() { foreach (Application::getPersistenceManager()->getRepository('LocaleEntity')->findAll() as $localeEntity) { $this->supportedLocales[$localeEntity->getLocaleCode()] = $localeEntity; } }
/** * Takes care of possible CSRF attacks. * * Logs the possible attack and changes the current CSRF token. * * @return void */ private function handlePossibleCsrfAttack() { // log possible attack Application::getPersistenceManager()->getEntityManager()->persist(new CsrfAttemptEntity()); // invalidate session token by setting a new one Application::getSession()->setData($this->csrfTokensSessionKey, StringUtil::getRandomString($this->tokenLength)); }
/** * Returns the ModuleEntity of the module with the given base path. * * Returns NULL in case no module has been found with the given criteria. * * @param string $basePath Base path of the module * @param bool $isFrontendBasePath Whether base path is a frontend or a backend base path * @return \Ableron\Modules\Core\Model\Entities\ModuleEntity */ public function findModuleByBasePath($basePath, $isFrontendBasePath) { return Application::getPersistenceManager()->getRepository('ModuleEntity')->findModuleByBasePath($basePath, $isFrontendBasePath); }
private function getEventHandlerEntityRepository() { return Application::getPersistenceManager()->getRepository('EventHandlerEntity'); }