public function connect(Application $app) { // creates a new controller based on the default route $controllers = $app['controllers_factory']; /** * Perform a logout for the user. */ $controllers->get('/', function (Request $request) use($app) { $Username = $request->query->get('username'); $Token = $request->query->get('token'); $Domain = $request->query->get('domain'); $User = User::TryGetUserByUsername($Username, $Domain, $app); if ($User !== NULL) { $User->Load(); if ($User->Token === $Token) { $User->Delete(); } return $app->redirect('/logout/clear'); } return $app->redirect('/logout/close'); }); /** * Some URLs just for signaling with the WebView in the Android * App. TODO: stop this and user a normal API call instead. */ $controllers->get('/clear', function () { return ''; }); $controllers->get('/close', function () { return ''; }); return $controllers; }
public function connect(Application $app) { // creates a new controller based on the default route $controllers = $app['controllers_factory']; /** * Display a login form */ $controllers->get('/', function (Request $request) use($app) { $IsError = $request->query->get('error') === "1"; $x = $app['twig']->render('login.twig', ['error' => $IsError]); return $x; }); /** * Handle login form submissions */ $controllers->post('/', function (Request $request) use($app) { $UsernameInput = User::GetDomainAndUsernameFromInput($request->request->get('username'), $app); $Password = $request->request->get('password'); $DeviceID = $request->query->get('device_id'); $Username = $UsernameInput['Username']; $Domain = $UsernameInput['Domain']; $Ldap = new LdapAuthentication($app); try { $LoginResult = $Ldap->TryToAuthenticate($Domain, $Username, $Password); } catch (\Exception $ex) { return $app->redirect("/login?error=1&device_id=" . urlencode($DeviceID)); } if (!$LoginResult) { return $app->redirect("/login?error=1&device_id=" . urlencode($DeviceID)); } /* @var $User User */ $User = User::TryGetUserByUsername($Username, $Domain, $app); if ($User !== NULL) { $User->Load(); $User->ResetToken(); $User->DeviceID = $DeviceID; $User->Save(); } else { $User = new User($app); $User->DeviceID = $DeviceID; $User->Username = $Username; $User->Domain = $Domain; $User->ResetToken(); $User->Save(); } $UserFields = ['Domain' => $User->Domain, 'Username' => $User->Username, 'Token' => $User->Token]; return $app->redirect('/login/close?' . http_build_query($UserFields)); }); /** * Close the WebView on the Android client. TODO: remove the * webview altogether */ $controllers->get('/close', function () { return ''; }); return $controllers; }
/** * Middleware to ensure only authenticated requests produce output * for an HTTP GET request. The domain, token, and username must appear * in the request query string. The requestor should expect JSON payload * in the output * * @param Request $request * @param Application $app * @return object Application response */ public static function EnsureAuthenticatedGETJSON(Request $request, Application $app) { $Username = $request->query->get('username'); $Domain = $request->query->get('domain'); $Token = $request->query->get('token'); $User = User::TryGetUserByUsername($Username, $Domain, $app); if ($User !== null) { $User->Load(); if ($User->Token !== $Token) { return $app->json(['IsAuthenticated' => false], 403); } } else { return $app->json(['IsAuthenticated' => false], 403); } }