/** * Route shutdown hook -- Check for router exceptions * * @param Zend_Controller_Request_Abstract $request */ public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request) { try { // Avoid error override! :S if (count($this->getResponse()->getException())) { return; } $auth = Zend_Auth::getInstance(); if (!$auth->hasIdentity()) { $this->_forceLogout($request, "No session"); return; } $sessionId = Zend_Session::getId(); $sessMapper = Application\Model\Mapper\SessionMapper::getInstance(); $session = $sessMapper->findOneById($sessionId); if (!$session) { return; } if (isset($session['logout'])) { $this->_forceLogout($request, isset($session['logout']['message']) ? $session['logout']['message'] : "External logout", isset($session['logout']['code']) ? $session['logout']['code'] : PermissionCodes::AUTH_ANOTHER_SESSION_STARTED); return; } } catch (Exception $exc) { \App::log()->err("MESSAGE BROADCAST: " . $exc->getMessage()); $this->_forceLogout($request, "Unexpected fatal error: " . $exc->getMessage(), 500); return; } }
/** * Route shutdown hook -- Check for router exceptions * * @param Zend_Controller_Request_Abstract $request */ public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request) { if (!Zend_Auth::getInstance()->hasIdentity()) { return; } $ident = \Zend_Auth::getInstance()->getIdentity(); if (isset($ident['authType']) && in_array($ident['authType'], array(App_Controller_Plugin_Auth::AUTH_TYPE_ASYNC, App_Controller_Plugin_Auth::AUTH_TYPE_ACTIVATION_TOKEN, App_Controller_Plugin_Auth::AUTH_TYPE_DOWNLOAD_TOKEN, App_Controller_Plugin_Auth::AUTH_TYPE_EXTERNAL, App_Controller_Plugin_Auth::AUTH_TYPE_THIRD_PARTY, App_Controller_Plugin_Auth::AUTH_TYPE_LOST_PASSWORD, App_Controller_Plugin_Auth::AUTH_TYPE_LOST_PASSWORD_TOKEN, App_Controller_Plugin_Auth::AUTH_TYPE_PASSWORD_EXPIRED_TOKEN))) { return; } $sessionMapper = SessionMapper::getInstance(); $session = $sessionMapper->findOneById(\Zend_Session::getId()); if (!$session || !isset($session['id'])) { return; } if (($user = UserMapper::getInstance()->findOneById($session['id'])) && isset(self::$cookieLifeTimeByOrgType[$user->getOrgType()])) { $cookieLifeTime = self::$cookieLifeTimeByOrgType[$user->getOrgType()]; } else { $cookieLifeTime = self::$defaultCookieLifeTime; } /* * Old sessions use string for created/expire field. New session use a MongoDate. */ $created = $session['metadata']['created']; if ($created instanceof \MongoDate) { $created = $created->sec; } if (time() - $created - $cookieLifeTime > 0) { $this->_forceLogout($request, "Session Expired", PermissionCodes::AUTH_SESSION_EXPIRED); return; } if (App_Util_Array::getItem(self::$avoidActions, $request->getModuleName() . '.' . $request->getControllerName() . '.' . $request->getActionName())) { return; } if ($request->getHeader('X-M2mNoRenewSession')) { return; } if (Zend_Session::isRegenerated()) { return; } if (time() - $created < (1 - self::$tolerance) * $cookieLifeTime && (!self::$useProbability || rand(0, self::$probability))) { return; } $sessionMapper->renewSession(\Zend_Session::getId()); // Zend_Session::regenerateId(); // if (isset($data['logout'])) { // $sessionMapper->logoutSessionBySessionId(Zend_Session::getId(), $data['logout']); // } else if (isset($data['messages'])) { // $sessionMapper->addAllMessagesToAllSessionsBySessionId(Zend_Session::getId(), $data['messages']); // } }
protected function _loadSessionByToken($token) { $session = SessionMapper::getInstance()->findOneByToken($token); if ($session && isset($session['sessionId'])) { session_destroy(); session_id($session['sessionId']); session_start(); unset($session['metadata']); unset($session['sessionId']); return $session; } return false; }
/** * Resolves the credentials using standard Auth Basic * * @param string $creds * @param Zend_Controller_Request_Abstract $request * @return array | false */ public function schemeBasic($creds, Zend_Controller_Request_Abstract $request = null, $authType = self::AUTH_TYPE_REGULAR) { // Decode the credentials $creds = $this->_decodeCredentials($creds, true); if ($creds === false) { return false; } $username = $creds[0]; $loginAttemptService = \Core\Service\LoginAttemptService::getInstance(); $loginAttemptModel = new LoginAttemptModel(array('remoteIp' => $request->getClientIp())); // Login retry check $bootstrap = Zend_Controller_Front::getInstance()->getParam('bootstrap'); $authRetry = $bootstrap->getResource('Authretry'); if ($authRetry->maxReached($username)) { $user = UserService::getInstance()->loadByUsername($username); if ($user) { $loginAttemptModel->userId = $user->id; $loginAttemptModel->result = LoginAttemptModel::RESULT_FAILED; $loginAttemptModel->type = LoginAttemptModel::FAIL_TYPE_BLOCKED; $loginAttemptService->create($loginAttemptModel); } $msg = "Try to login with a blocked username: "******"Fail attempting to log in with blocked user: "******"Fail attempting to log in with an already logged in user: "******"Other peer has accessed with your username", 'code' => PermissionCodes::AUTH_ANOTHER_SESSION_STARTED), array(\Zend_Session::getId())); } } // Generate a token for M2MToken auth $token = $this->_generateToken(); // Regenerate a new session if (!Zend_Session::isRegenerated()) { Zend_Session::regenerateId(); } $loginAttemptModel->result = LoginAttemptModel::RESULT_SUCCESS; $loginAttemptService->create($loginAttemptModel); return array('id' => $user->getId(), 'username' => $user->getUserName(), 'token' => $token, 'orgId' => $user->getOrganizationId(), 'role' => $user->getRole(), 'authType' => $authType); } else { if ($authRetry->maxReached($username)) { // Block user $this->_generateTrackingToken($user); UserService::getInstance()->blockDueToLoginRetries($user); // Stop auth process Zend_Auth::getInstance()->clearIdentity(); if (!Zend_Session::isRegenerated()) { Zend_Session::regenerateId(); } $loginAttemptModel->result = LoginAttemptModel::RESULT_FAILED; $loginAttemptModel->type = LoginAttemptModel::FAIL_TYPE_CRED; $loginAttemptService->create($loginAttemptModel); throw new \Application\Exceptions\ForbiddenException("User has reached maximum login retries", PermissionCodes::AUTH_BLOCKED_ACCOUNT_AND_EMAIL); } } $loginAttemptModel->result = LoginAttemptModel::RESULT_FAILED; $loginAttemptModel->type = LoginAttemptModel::FAIL_TYPE_CRED; $loginAttemptService->create($loginAttemptModel); } $msg = "Fail attempting to log in with " . ($user ? "existing user name (" . $username . ") with erroneous password" : "no existing user name (" . $username . ")"); \App::log()->info($msg); return false; }