public function actionSso() { //logout previous sso session \utilities\Registry::clearRegistry(); $isRequestPost = $this->_request->isPost(); if ($isRequestPost) { // check if every required parameter is set or not $username = $this->_request->getParam('username', null); $password = $this->_request->getParam('password', null); $referrer = $this->_request->getParam('spentityid', null); if (!$username) { $this->_response->renderJson(array('message' => 'Username is not set')); } if (!$password) { $this->_response->renderJson(array('message' => 'Password is not set')); } if (!$referrer) { $this->_response->renderJson(array('message' => 'Referrer not set')); } $objDbUserauth = new \models\Users(); // check if user is authenticated or not $userAuthenticationStatus = $objDbUserauth->authenticate($username, $password); // user locked due to 5 invalid attempts if (\models\Users::ERROR_USER_LOCKED === $userAuthenticationStatus) { $this->_response->renderJson(array('message' => 'Your account is locked due to 5 invalid attempts', 'authstatus' => $userAuthenticationStatus)); } //user password is expired if (\models\Users::ERROR_USER_PWD_EXPIRED === $userAuthenticationStatus) { $this->_response->renderJson(array('message' => 'Your password is expired', 'authstatus' => $userAuthenticationStatus)); } //user authentication is successfull if ($userAuthenticationStatus === true) { $metadata = \SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted'); $idp = \SimpleSAML_IdP::getById('saml2:' . $idpEntityId); \sspmod_saml_IdP_SAML2::receiveAuthnRequest($idp); assert('FALSE'); } else { //handle invalid attempts $objInvalidAttempts = new \models\UserLoginAttempts(); $loginAttemptsLeft = $objInvalidAttempts->handleInvalidLoginAttempts($username); $invalidAttempt = false; // if attempt is invalid username is wrong $message = "Invalid credentials"; if ($loginAttemptsLeft !== false) { // if last attempt was hit then show that account is locked if ($loginAttemptsLeft === 0) { $this->_response->renderJson(array('message' => 'Your account is locked due to 5 invalid attempts', 'authstatus' => \models\Users::ERROR_USER_LOCKED)); } $invalidAttempt = true; $message = "Incorrect Password.You have {$loginAttemptsLeft} attempts left"; } $this->_response->renderJson(array('message' => $message, 'invalidAttempt' => $invalidAttempt)); exit; } } $this->_response->renderJson(array('message' => 'Only post request are accepted')); }
$objUtilResponse = new Response(); $objUtilFunctions = new utilities\CommonFunctions(); if (isset($_SERVER['HTTP_ORIGIN'])) { $objUtilResponse->allowCors($_SERVER['HTTP_ORIGIN']); //allow cross domain ajax request } // lets run the application $url = preg_replace('~^' . preg_quote($baseUrl) . '~', '', $_SERVER['REQUEST_URI']); $parsedUrl = parse_url($url); $explodedPath = explode('/', $parsedUrl['path']); $className = $explodedPath[0] ? ucfirst($explodedPath[0]) : 'index'; $className = $objUtilFunctions->hypenToCamel($className); $serviceClass = 'controllers\\' . ucfirst($className); //check if service class exixts or not if (!class_exists($serviceClass)) { $objUtilResponse->renderJson(array('message' => 'invalid url request', 'status' => '400'), 400); } $objService = new $serviceClass(); // get action name to run $actionName = isset($explodedPath[1]) && !empty($explodedPath[1]) ? $explodedPath[1] : 'index'; $actionName = $objUtilFunctions->hypenToCamel($actionName); $serviceAction = 'action' . ucfirst($actionName); //check if action exists in service or not if (!method_exists($objService, $serviceAction)) { $objUtilResponse->renderJson(array('message' => 'invalid url request', 'status' => '400'), 400); } //run service $objService->{$serviceAction}(); // clear app registry for next http call; Registry::clearRegistry();
public function actionSlo() { $returnUrl = $this->_request->getParam('return'); \utilities\Registry::clearRegistry(); $auth = new \SimpleSAML_Auth_Simple('authinstance'); $auth->logout($returnUrl); assert('FALSE'); }