/**
* Only allow access for users with API keys
* These keys are generated in the Manage Users menu
* @param string $controller
* @param string $action
* @param \Jazzee\Entity\User $user
* @param \Jazzee\Entity\Program $program
* @return bool
*/
public static function isAllowed($controller, $action, \Jazzee\Entity\User $user = null, \Jazzee\Entity\Program $program = null, \Jazzee\Entity\Application $application = null)
{
if (in_array($action, array('index', 'updateKey')) and $user and $user->getApiKey()) {
return true;
}
return parent::isAllowed($controller, $action, $user, $program, $application);
}
public function loginUser()
{
$this->_user = $this->_controller->getEntityManager()->getRepository('\\Jazzee\\Entity\\User')->findOneBy(array('uniqueName' => 'previewuser', 'isActive' => true));
$this->_controller->getStore()->expire();
$this->_controller->getStore()->touchAuthentication();
$this->_controller->getStore()->set(self::SESSION_VAR_ID, $this->_user->getId());
}
public function loginUser()
{
$form = $this->getLoginForm();
if ($form->processInput($_POST)) {
if ($this->isAllowedIp($_SERVER['REMOTE_ADDR'])) {
$this->_user = $this->_controller->getEntityManager()->getRepository('\\Jazzee\\Entity\\User')->findOneBy(array('id' => $_POST['userid'], 'isActive' => true));
$this->_controller->getStore()->expire();
$this->_controller->getStore()->touchAuthentication();
$this->_controller->getStore()->set(self::SESSION_VAR_ID, $this->_user->getId());
} else {
throw new \Jazzee\Exception("{$_SERVER['REMOTE_ADDR']} is not a valid ip address for NoAuthentication. Add it to the noAuthIpAddresses configuration to continue.");
}
}
}
/**
* Constructor
*
* Require authentication and setup the user if a valid session is detected
*
* @param \Jazzee\Interfaces\AdminController
*/
public function __construct(\Jazzee\Interfaces\AdminController $controller)
{
$config = $controller->getConfig();
require_once $config->getSimpleSAMLIncludePath();
$this->_as = new \SimpleSAML_Auth_Simple($config->getSimpleSAMLAuthenticationSource());
$this->_as->requireAuth();
$attrs = $this->_as->getAttributes();
if (!isset($attrs[$config->getSimpleSAMLUsernameAttribute()][0])) {
throw new Exception($config->getSimpleSAMLUsernameAttribute() . ' attribute is missing from authentication source.');
}
$this->_user = $controller->getEntityManager()->getRepository('\\Jazzee\\Entity\\User')->findOneBy(array('uniqueName' => $attrs[$config->getSimpleSAMLUsernameAttribute()][0], 'isActive' => true));
if ($this->_user) {
$this->_user->setFirstName($attrs[$config->getSimpleSAMLFirstNameAttribute()][0]);
$this->_user->setLastName($attrs[$config->getSimpleSAMLLastNameAttribute()][0]);
$this->_user->setEmail($attrs[$config->getSimpleSAMLEmailAddressAttribute()][0]);
$controller->getEntityManager()->persist($this->_user);
}
}
public function loginUser()
{
$form = $this->getLoginForm();
if ($input = $form->processInput($_POST)) {
$allowedIps = explode(',', $this->_controller->getConfig()->getApiFormAuthenticationIpAddresses());
if (in_array($_SERVER['REMOTE_ADDR'], $allowedIps)) {
if ($this->_user = $this->_controller->getEntityManager()->getRepository('\\Jazzee\\Entity\\User')->findOneBy(array('apiKey' => $input->get('apiKey'), 'isActive' => true))) {
$this->_controller->getStore()->expire();
$this->_controller->getStore()->touchAuthentication();
$this->_controller->getStore()->set(self::SESSION_VAR_ID, $this->_user->getId());
} else {
$form->getElementByName('apiKey')->addMessage('That is not a valid ID');
return false;
}
} else {
throw new \Jazzee\Exception("{$_SERVER['REMOTE_ADDR']} is not a valid ip address for ApiFormAuthentication: {$allowedIps}. Add it to the apiFormAuthenticationIpAddresses configuration to continue.");
}
}
}
/**
* @SuppressWarnings(PHPMD.ExitExpression)
* @throws \Jazzee\Exception
*/
public function loginUser()
{
$config = $this->_controller->getConfig();
if (!isset($_SERVER['Shib-Application-ID'])) {
header('Location: ' . $config->getShibbolethLoginUrl());
exit(0);
}
if (!isset($_SERVER[$config->getShibbolethUsernameAttribute()])) {
throw new \Jazzee\Exception($config->getShibbolethUsernameAttribute() . ' attribute is missing from authentication source.');
}
$uniqueName = $_SERVER[$config->getShibbolethUsernameAttribute()];
$firstName = isset($_SERVER[$config->getShibbolethFirstNameAttribute()]) ? $_SERVER[$config->getShibbolethFirstNameAttribute()] : null;
$lastName = isset($_SERVER[$config->getShibbolethLastNameAttribute()]) ? $_SERVER[$config->getShibbolethLastNameAttribute()] : null;
$mail = isset($_SERVER[$config->getShibbolethEmailAddressAttribute()]) ? $_SERVER[$config->getShibbolethEmailAddressAttribute()] : null;
$this->_controller->getStore()->expire();
$this->_controller->getStore()->touchAuthentication();
$this->_user = $this->_controller->getEntityManager()->getRepository('\\Jazzee\\Entity\\User')->findOneBy(array('uniqueName' => $uniqueName, 'isActive' => true));
if (!$this->_user) {
//creat a new user
$this->_user = new \Jazzee\Entity\User();
$this->_user->setUniqueName($uniqueName);
//persist and flush a new user early so we get the ID for the authenticaiton logs
$this->_controller->getEntityManager()->persist($this->_user);
$this->_controller->getEntityManager()->flush();
}
$this->_controller->getStore()->set(self::SESSION_VAR_ID, $this->_user->getId());
$this->_controller->getEntityManager()->persist($this->_user);
$this->_user->setFirstName($firstName);
$this->_user->setLastName($lastName);
$this->_user->setEmail($mail);
}
protected function getDisplay(array $arr)
{
$intersection = new \Jazzee\Display\Intersection();
$intersection->addDisplay($this->_user->getMaximumDisplayForApplication($this->_application));
switch ($arr['type']) {
case 'user':
$display = $this->_em->getRepository('Jazzee\\Entity\\Display')->findOneBy(array('id' => $arr['id'], 'user' => $this->_user));
$intersection->addDisplay($display);
return $intersection;
break;
case 'system':
$display = new $arr['class']($this->_application);
$intersection->addDisplay($display);
return $intersection;
break;
default:
throw new Exception('Unkown display type ' . $arr['type']);
}
}
/**
* Only allow change program if the user is in at least one program
* At this top level always return false so nothing is allowed by default
* @param string $controller
* @param string $action
* @param \Jazzee\Entity\User $user
* @param \Jazzee\Entity\Program $program
* @return bool
*/
public static function isAllowed($controller, $action, \Jazzee\Entity\User $user = null, \Jazzee\Entity\Program $program = null, \Jazzee\Entity\Application $application = null)
{
//Several actions are allowed as long as the user is in at least one program
$specialActions = array('index', 'getAllowedPrograms', 'changeTo');
if ($user and in_array($action, $specialActions)) {
$userPrograms = $user->getPrograms();
return parent::isAllowed($controller, 'anyprogram', $user) or !empty($userPrograms);
}
return parent::isAllowed($controller, $action, $user, $program, $application);
}
