/**
* Route shutdown hook -- Check for router exceptions
*
* @param Zend_Controller_Request_Abstract $request
*/
public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request)
{
try {
// Avoid error override! :S
if (count($this->getResponse()->getException())) {
return;
}
$auth = Zend_Auth::getInstance();
if (!$auth->hasIdentity()) {
$this->_forceLogout($request, "No session");
return;
}
$sessionId = Zend_Session::getId();
$sessMapper = Application\Model\Mapper\SessionMapper::getInstance();
$session = $sessMapper->findOneById($sessionId);
if (!$session) {
return;
}
if (isset($session['logout'])) {
$this->_forceLogout($request, isset($session['logout']['message']) ? $session['logout']['message'] : "External logout", isset($session['logout']['code']) ? $session['logout']['code'] : PermissionCodes::AUTH_ANOTHER_SESSION_STARTED);
return;
}
} catch (Exception $exc) {
\App::log()->err("MESSAGE BROADCAST: " . $exc->getMessage());
$this->_forceLogout($request, "Unexpected fatal error: " . $exc->getMessage(), 500);
return;
}
}
/**
* Route shutdown hook -- Check for router exceptions
*
* @param Zend_Controller_Request_Abstract $request
*/
public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request)
{
if (!Zend_Auth::getInstance()->hasIdentity()) {
return;
}
$ident = \Zend_Auth::getInstance()->getIdentity();
if (isset($ident['authType']) && in_array($ident['authType'], array(App_Controller_Plugin_Auth::AUTH_TYPE_ASYNC, App_Controller_Plugin_Auth::AUTH_TYPE_ACTIVATION_TOKEN, App_Controller_Plugin_Auth::AUTH_TYPE_DOWNLOAD_TOKEN, App_Controller_Plugin_Auth::AUTH_TYPE_EXTERNAL, App_Controller_Plugin_Auth::AUTH_TYPE_THIRD_PARTY, App_Controller_Plugin_Auth::AUTH_TYPE_LOST_PASSWORD, App_Controller_Plugin_Auth::AUTH_TYPE_LOST_PASSWORD_TOKEN, App_Controller_Plugin_Auth::AUTH_TYPE_PASSWORD_EXPIRED_TOKEN))) {
return;
}
$sessionMapper = SessionMapper::getInstance();
$session = $sessionMapper->findOneById(\Zend_Session::getId());
if (!$session || !isset($session['id'])) {
return;
}
if (($user = UserMapper::getInstance()->findOneById($session['id'])) && isset(self::$cookieLifeTimeByOrgType[$user->getOrgType()])) {
$cookieLifeTime = self::$cookieLifeTimeByOrgType[$user->getOrgType()];
} else {
$cookieLifeTime = self::$defaultCookieLifeTime;
}
/*
* Old sessions use string for created/expire field. New session use a MongoDate.
*/
$created = $session['metadata']['created'];
if ($created instanceof \MongoDate) {
$created = $created->sec;
}
if (time() - $created - $cookieLifeTime > 0) {
$this->_forceLogout($request, "Session Expired", PermissionCodes::AUTH_SESSION_EXPIRED);
return;
}
if (App_Util_Array::getItem(self::$avoidActions, $request->getModuleName() . '.' . $request->getControllerName() . '.' . $request->getActionName())) {
return;
}
if ($request->getHeader('X-M2mNoRenewSession')) {
return;
}
if (Zend_Session::isRegenerated()) {
return;
}
if (time() - $created < (1 - self::$tolerance) * $cookieLifeTime && (!self::$useProbability || rand(0, self::$probability))) {
return;
}
$sessionMapper->renewSession(\Zend_Session::getId());
// Zend_Session::regenerateId();
// if (isset($data['logout'])) {
// $sessionMapper->logoutSessionBySessionId(Zend_Session::getId(), $data['logout']);
// } else if (isset($data['messages'])) {
// $sessionMapper->addAllMessagesToAllSessionsBySessionId(Zend_Session::getId(), $data['messages']);
// }
}
protected function _loadSessionByToken($token)
{
$session = SessionMapper::getInstance()->findOneByToken($token);
if ($session && isset($session['sessionId'])) {
session_destroy();
session_id($session['sessionId']);
session_start();
unset($session['metadata']);
unset($session['sessionId']);
return $session;
}
return false;
}
/**
* Resolves the credentials using standard Auth Basic
*
* @param string $creds
* @param Zend_Controller_Request_Abstract $request
* @return array | false
*/
public function schemeBasic($creds, Zend_Controller_Request_Abstract $request = null, $authType = self::AUTH_TYPE_REGULAR)
{
// Decode the credentials
$creds = $this->_decodeCredentials($creds, true);
if ($creds === false) {
return false;
}
$username = $creds[0];
$loginAttemptService = \Core\Service\LoginAttemptService::getInstance();
$loginAttemptModel = new LoginAttemptModel(array('remoteIp' => $request->getClientIp()));
// Login retry check
$bootstrap = Zend_Controller_Front::getInstance()->getParam('bootstrap');
$authRetry = $bootstrap->getResource('Authretry');
if ($authRetry->maxReached($username)) {
$user = UserService::getInstance()->loadByUsername($username);
if ($user) {
$loginAttemptModel->userId = $user->id;
$loginAttemptModel->result = LoginAttemptModel::RESULT_FAILED;
$loginAttemptModel->type = LoginAttemptModel::FAIL_TYPE_BLOCKED;
$loginAttemptService->create($loginAttemptModel);
}
$msg = "Try to login with a blocked username: "******"Fail attempting to log in with blocked user: "******"Fail attempting to log in with an already logged in user: "******"Other peer has accessed with your username", 'code' => PermissionCodes::AUTH_ANOTHER_SESSION_STARTED), array(\Zend_Session::getId()));
}
}
// Generate a token for M2MToken auth
$token = $this->_generateToken();
// Regenerate a new session
if (!Zend_Session::isRegenerated()) {
Zend_Session::regenerateId();
}
$loginAttemptModel->result = LoginAttemptModel::RESULT_SUCCESS;
$loginAttemptService->create($loginAttemptModel);
return array('id' => $user->getId(), 'username' => $user->getUserName(), 'token' => $token, 'orgId' => $user->getOrganizationId(), 'role' => $user->getRole(), 'authType' => $authType);
} else {
if ($authRetry->maxReached($username)) {
// Block user
$this->_generateTrackingToken($user);
UserService::getInstance()->blockDueToLoginRetries($user);
// Stop auth process
Zend_Auth::getInstance()->clearIdentity();
if (!Zend_Session::isRegenerated()) {
Zend_Session::regenerateId();
}
$loginAttemptModel->result = LoginAttemptModel::RESULT_FAILED;
$loginAttemptModel->type = LoginAttemptModel::FAIL_TYPE_CRED;
$loginAttemptService->create($loginAttemptModel);
throw new \Application\Exceptions\ForbiddenException("User has reached maximum login retries", PermissionCodes::AUTH_BLOCKED_ACCOUNT_AND_EMAIL);
}
}
$loginAttemptModel->result = LoginAttemptModel::RESULT_FAILED;
$loginAttemptModel->type = LoginAttemptModel::FAIL_TYPE_CRED;
$loginAttemptService->create($loginAttemptModel);
}
$msg = "Fail attempting to log in with " . ($user ? "existing user name (" . $username . ") with erroneous password" : "no existing user name (" . $username . ")");
\App::log()->info($msg);
return false;
}
