public function onGet()
{
try {
$token = $this->get->token('string', array(new Filter\Length(40, 40), new Filter\Xdigit()));
if ($token !== false) {
$handler = $this->getHandler('AmunService\\User\\Account');
$account = $handler->getRecoverByToken($token);
if ($account instanceof Account\Record) {
if (!empty($account->email)) {
if ($_SERVER['REMOTE_ADDR'] == $account->ip) {
$security = new Security($this->registry);
$pw = $security->generatePw();
$date = new DateTime('NOW', $this->registry['core.default_timezone']);
$account->setStatus(Account\Record::NORMAL);
$account->setPw($pw);
$handler->update($account);
// send mail
$values = array('account.name' => $account->name, 'account.pw' => $pw, 'host.name' => $this->base->getHost(), 'recover.link' => $this->page->getUrl(), 'recover.date' => $date->format($this->registry['core.format_date']));
$mail = new Mail($this->registry);
$mail->send('LOGIN_RECOVER_SUCCESS', $account->email, $values);
$this->template->assign('success', true);
} else {
throw new Exception('Recover process was requested from another IP');
}
} else {
throw new Exception('No public email address is set for this account');
}
} else {
throw new Exception('Invalid token');
}
} else {
throw new Exception('Token not set');
}
} catch (\Exception $e) {
$this->template->assign('error', $e->getMessage());
}
}
public function handle($identity, $password)
{
$result = ldap_search($this->res, '', 'uid=' . $identity);
$entries = ldap_get_entries($this->res, $result);
$count = isset($entries['count']) ? $entries['count'] : 0;
if ($count == 1) {
$acc = $entries[0];
$mail = isset($acc['mail'][0]) ? $acc['mail'][0] : null;
$name = isset($acc['givenname'][0]) ? $acc['givenname'][0] : null;
$pw = isset($acc['userpassword'][0]) ? $acc['userpassword'][0] : null;
if (empty($mail)) {
throw new Exception('Mail not set');
}
if (empty($name)) {
throw new Exception('Given name not set');
}
if (empty($pw)) {
throw new Exception('User password not set');
}
if ($this->comparePassword($pw, $password) === true) {
$identity = $mail;
$con = new Condition(array('identity', '=', sha1($this->config['amun_salt'] . $identity)));
$userId = $this->hm->getTable('AmunService\\User\\Account')->getField('id', $con);
if (empty($userId)) {
// user doesnt exist so register a new user check whether
// registration is enabled
if (!$this->registry['login.registration_enabled']) {
throw new Exception('Registration is disabled');
}
// normalize name
$name = $this->normalizeName($name);
// create user account
$security = new Security($this->registry);
$handler = $this->hm->getHandler('AmunService\\User\\Account', $this->user);
$account = $handler->getRecord();
$account->setGroupId($this->registry['core.default_user_group']);
$account->setStatus(Account\Record::NORMAL);
$account->setIdentity($identity);
$account->setName($name);
$account->setPw($security->generatePw());
$account = $handler->create($account);
$userId = $account->id;
// if the id is not set the account was probably added to
// the approval table
if (!empty($userId)) {
$this->setUserId($userId);
} else {
throw new Exception('Could not create account');
}
} else {
$this->setUserId($userId);
}
return true;
} else {
throw new InvalidPasswordException('Invalid password');
}
}
}
public function callback()
{
// initialize openid
$openid = new \PSX\OpenId($this->http, $this->config['psx_url'], $this->store);
if ($openid->verify() === true) {
$identity = $openid->getIdentifier();
if (!empty($identity)) {
// check whether user is already registered
$data = $openid->getData();
$con = new Condition(array('identity', '=', sha1($this->config['amun_salt'] . $openid->getIdentifier())));
$userId = $this->hm->getTable('AmunService\\User\\Account')->getField('id', $con);
if (empty($userId)) {
// user doesnt exist so register a new user check whether
// registration is enabled
if (!$this->registry['login.registration_enabled']) {
throw new Exception('Registration is disabled');
}
// get data for account
$acc = $this->getAccountData($data);
if (empty($acc)) {
throw new Exception('No user informations provided');
}
if (empty($acc['name'])) {
throw new Exception('No username provided');
}
$name = $this->normalizeName($acc['name']);
// create user account
$security = new Security($this->registry);
$handler = $this->hm->getHandler('AmunService\\User\\Account', $this->user);
$account = $handler->getRecord();
$account->setGroupId($this->registry['core.default_user_group']);
$account->setStatus(Account\Record::NORMAL);
$account->setIdentity($identity);
$account->setName($name);
$account->setPw($security->generatePw());
$account->setGender($acc['gender']);
$account->setTimezone($acc['timezone']);
$account = $handler->create($account);
$userId = $account->id;
// if the id is not set the account was probably added to
// the approval table
if (!empty($userId)) {
$this->setUserId($userId);
} else {
throw new Exception('Could not create account');
}
} else {
$this->setUserId($userId);
}
// redirect
header('Location: ' . $this->config['psx_url']);
exit;
} else {
throw new Exception('Invalid identity');
}
} else {
throw new Exception('Authentication failed');
}
}
/**
* Is called if an user has made a friendship request on an remote website.
* The website makes a call to the api/user/friend/relation inorder to
* inform us that the friendship request was made. We make an webfinger
* request to the host and check whether the user actually exists. If the
* user exists on the remote website we create the friend as remote user
* in our user account table and create a relation to this user.
*
* @param RecordInterface $record
* @return boolean
*/
protected function handleRequest(RecordInterface $record)
{
$sql = <<<SQL
SELECT
\t`host`.`id` AS `hostId`,
\t`host`.`name` AS `hostName`,
\t`host`.`template` AS `hostTemplate`
FROM
\t{$this->registry['table.core_host']} `host`
WHERE
\t`host`.`name` = ?
SQL;
$row = $this->sql->getRow($sql, array($record->host));
if (!empty($row)) {
// request profile url
$email = $record->name . '@' . $row['hostName'];
$profile = $this->getAcctProfile($email, $row['hostTemplate']);
$identity = OpenId::normalizeIdentifier($profile['url']);
// create remote user if not exists
$con = new Condition(array('identity', '=', sha1($this->config['amun_salt'] . $identity)));
$friendId = $this->sql->select($this->registry['table.user_account'], array('id'), $con, Sql::SELECT_FIELD);
if (empty($friendId)) {
$security = new Security($this->registry);
$handler = $this->hm->getHandler('AmunService\\User\\Account', $this->user);
$account = $handler->getRecord();
$account->globalId = $profile['id'];
$account->setGroupId($this->registry['core.default_user_group']);
$account->setHostId($row['hostId']);
$account->setStatus(Account\Record::REMOTE);
$account->setIdentity($identity);
$account->setName($profile['name']);
$account->setPw($security->generatePw());
$account = $handler->create($account);
$friendId = $account->id;
}
// create relation
$friend = $this->hm->getTable('AmunService\\User\\Friend')->getRecord();
$friend->friendId = $friendId;
return $this->create($friend);
} else {
throw new Exception('Invalid host');
}
}
public function callback()
{
// get access token
$token = $this->session->get('oauth_login_token');
$tokenSecret = $this->session->get('oauth_login_token_secret');
$verifier = isset($_GET['oauth_verifier']) ? $_GET['oauth_verifier'] : null;
if (empty($token) || empty($tokenSecret)) {
throw new Exception('Token not set');
}
$response = $this->oauth->accessToken(new Url(self::ACCESS_TOKEN), self::CONSUMER_KEY, self::CONSUMER_SECRET, $token, $tokenSecret, $verifier, 'HMAC-SHA1');
$token = $response->getToken();
$tokenSecret = $response->getTokenSecret();
// check access token
if (empty($token) || empty($tokenSecret)) {
throw new Exception('Could not request access token');
}
// request user informations
$url = new Url(self::VERIFY_ACCOUNT);
$header = array('Authorization' => $this->oauth->getAuthorizationHeader($url, self::CONSUMER_KEY, self::CONSUMER_SECRET, $token, $tokenSecret, $method = 'HMAC-SHA1'));
$request = new GetRequest($url, $header);
$response = $this->http->request($request);
if ($response->getCode() == 200) {
$acc = Json::decode($response->getBody());
if (empty($acc)) {
throw new Exception('No user informations provided');
}
if (empty($acc['screen_name'])) {
throw new Exception('No username provided');
}
$identity = $acc['screen_name'] . '@twitter.com';
$con = new Condition(array('identity', '=', sha1($this->config['amun_salt'] . $identity)));
$userId = $this->hm->getTable('AmunService\\User\\Account')->getField('id', $con);
if (empty($userId)) {
// user doesnt exist so register a new user check whether
// registration is enabled
if (!$this->registry['login.registration_enabled']) {
throw new Exception('Registration is disabled');
}
// normalize name
$name = $this->normalizeName($acc['screen_name']);
// create user account
$security = new Security($this->registry);
$handler = $this->hm->getHandler('AmunService\\User\\Account', $this->user);
$account = $handler->getRecord();
$account->setGroupId($this->registry['core.default_user_group']);
$account->setStatus(Account\Record::NORMAL);
$account->setIdentity($identity);
$account->setName($name);
$account->setPw($security->generatePw());
$account->profileUrl = 'https://twitter.com/' . $acc['screen_name'];
$account->thumbnailUrl = isset($acc['profile_image_url']) ? $acc['profile_image_url'] : null;
$account = $handler->create($account);
$userId = $account->id;
// if the id is not set the account was probably added to
// the approval table
if (!empty($userId)) {
$this->setUserId($userId);
} else {
throw new Exception('Could not create account');
}
} else {
$this->setUserId($userId);
}
// redirect
header('Location: ' . $this->config['psx_url']);
exit;
} else {
throw new Exception('Authentication failed');
}
}
public function callback()
{
$code = new AuthorizationCode($this->http, new Url(self::ACCESS_TOKEN));
$code->setClientPassword(self::CLIENT_ID, self::CLIENT_SECRET, AuthorizationCode::AUTH_POST);
$accessToken = $code->getAccessToken($this->pageUrl . '/callback/facebook');
// request user informations
$url = new Url(self::VERIFY_ACCOUNT);
$header = array('Authorization' => $this->oauth->getAuthorizationHeader($accessToken));
$request = new GetRequest($url, $header);
$response = $this->http->request($request);
if ($response->getCode() == 200) {
$acc = Json::decode($response->getBody());
if (empty($acc)) {
throw new Exception('No user informations provided');
}
if (empty($acc['id'])) {
throw new Exception('No user id provided');
}
$identity = $acc['id'];
$con = new Condition(array('identity', '=', sha1($this->config['amun_salt'] . $identity)));
$userId = $this->hm->getTable('AmunService\\User\\Account')->getField('id', $con);
if (empty($userId)) {
// user doesnt exist so register a new user check whether
// registration is enabled
if (!$this->registry['login.registration_enabled']) {
throw new Exception('Registration is disabled');
}
if (empty($acc['username'])) {
throw new Exception('No username provided');
}
$name = $this->normalizeName($acc['username']);
// create user account
$security = new Security($this->registry);
$handler = $this->hm->getHandler('AmunService\\User\\Account', $this->user);
$account = $handler->getRecord();
$account->setGroupId($this->registry['core.default_user_group']);
$account->setStatus(Account\Record::NORMAL);
$account->setIdentity($identity);
$account->setName($name);
$account->setPw($security->generatePw());
$account->profileUrl = isset($acc['link']) ? $acc['link'] : null;
$account->thumbnailUrl = 'http://graph.facebook.com/' . $identity . '/picture';
$account = $handler->create($account);
$userId = $account->id;
// if the id is not set the account was probably added to
// the approval table
if (!empty($userId)) {
$this->setUserId($userId);
} else {
throw new Exception('Could not create account');
}
} else {
$this->setUserId($userId);
}
// redirect
header('Location: ' . $this->config['psx_url']);
exit;
} else {
throw new Exception('Authentication failed');
}
}
protected function insertUser()
{
$count = $this->sql->count($this->registry['table.user_account']);
if ($count == 0) {
$this->logger->info('Create users');
$security = new Security($this->registry);
$handler = new UserAccount\Handler($this->container);
$validate = $this->container->get('validate');
// get name, pw and email
$this->name = isset($_POST['name']) ? $_POST['name'] : null;
$this->pw = isset($_POST['pw']) ? $_POST['pw'] : null;
$this->email = isset($_POST['email']) ? $_POST['email'] : null;
$io = $this->container->get('io');
if ($io instanceof IOInterface) {
if (empty($this->name)) {
$this->name = $this->untilValid(function () use($io, $handler, $validate) {
$name = $io->ask('Username: '******'Password: '******'Email: ');
$validate->clearError();
$handler->getRecord()->setEmail($email);
return $email;
});
}
}
// admin user
$record = $handler->getRecord();
$record->setGroupId(1);
$record->setStatus(UserAccount\Record::ADMINISTRATOR);
$record->setIdentity($this->email);
$record->setName($this->name);
$record->setPw($this->pw);
$record->setEmail($this->email);
$record->setTimezone('UTC');
$handler->create($record);
$this->logger->info('> Created administrator user');
// anonymous user
$record = $handler->getRecord();
$record->setGroupId(3);
$record->setStatus(UserAccount\Record::ANONYMOUS);
$record->setIdentity('*****@*****.**');
$record->setName('Anonymous');
$record->setPw($security->generatePw());
$record->setTimezone('UTC');
$record = $handler->create($record);
// set anonymous_user
$con = new Condition(array('name', '=', 'core.anonymous_user'));
$this->sql->update($this->registry['table.core_registry'], array('value' => $record->id), $con);
$this->logger->info('> Created anonymous user');
}
}
