/** * Shows the forgot password form */ public function forgotPasswordAction() { $form = new ForgotPasswordForm(); $form->setDI($this->getDI()); if ($this->request->isPost()) { if ($form->isValid($this->request->getPost()) !== false) { $user = Users::findFirstByEmail($this->request->getPost('email')); if (!$user) { $this->flash->success($this->translate->gettext('There is no account associated with this email.')); } else { $resetPassword = new ResetPasswords(); $resetPassword->usersId = $user->id; if ($resetPassword->save()) { $this->flash->success($this->translate->gettext('An email has been sent!')); $this->flash->success($this->translate->gettext('Please check your inbox for a reset password message.')); return $this->dispatcher->forward(['controller' => 'index', 'action' => 'notification']); } else { foreach ($resetPassword->getMessages() as $message) { $this->flash->error($message); } } } } } $this->view->form = $form; }
/** * Checks the OAuth callback for final authentication. * Throws an exception on fail * * @param string $provider * @param string $code */ public function checkOauth($provider, $code) { $t = $this->translate; if (!isset($this->config->services[$provider])) { throw new AuthException($t->gettext('OAuth signin error')); } $configProvider = $this->config->services[$provider]; // This provider scope and end point url is subject to time as providers revise their systems switch ($provider) { case 'google': // $scope = Google::SCOPE_EMAIL; // $scopeUrl = 'https://www.googleapis.com/oauth2/v1/userinfo'; $scope = Google::SCOPE_EMAIL; $scopeUrl = 'https://www.googleapis.com/plus/v1/people/me'; break; // case 'microsoft': // // TODO: // // $scope = \OAuth\OAuth2\Service\Microsoft::SCOPE_BASIC; // // $scopeUrl = \OAuth\OAuth2\Service\Microsoft::SCOPE_BASIC; // break; // case 'microsoft': // // TODO: // // $scope = \OAuth\OAuth2\Service\Microsoft::SCOPE_BASIC; // // $scopeUrl = \OAuth\OAuth2\Service\Microsoft::SCOPE_BASIC; // break; default: throw new AuthException('Invalid oauth provider'); break; } $redirectUrl = $this->di->getUrl()->get("signin/oauth/{$provider}"); // The web server will send these credentials to the Oauth provider $credentials = new Credentials($configProvider->clientId, $configProvider->clientSecret, $redirectUrl); // Session storage $storage = new OauthSessionStorage(); $service = (new \OAuth\ServiceFactory())->createService($provider, $credentials, $storage, [$scope]); // There is a possibility that the access token could not be received try { $token = $service->requestAccessToken($code); } catch (\Exception $e) { // error_log($e->getMessage()); throw new AuthException($t->gettext('OAuth signin error')); } try { $json = $service->request($scopeUrl); } catch (\Exception $e) { // error_log('The Oauth request failed.'); throw new AuthException($t->gettext('OAuth signin error')); } $result = json_decode($json, true); if ($result === false) { // error_log('The Oauth response did not contain valid JSON.'); throw new AuthException($t->gettext('OAuth signin error')); } switch ($provider) { case 'google': if (!isset($result['emails'][0]['value']) || filter_var($result['emails'][0]['value'], FILTER_VALIDATE_EMAIL) === false) { // error_log('The Oauth response email is invalid.'); throw new AuthException($t->gettext('Oauth authentication failed')); } $email = $result['emails'][0]['value']; break; case 'microsoft': default: if (!isset($result['email']) || filter_var($result['email'], FILTER_VALIDATE_EMAIL) === false) { // error_log('The Oauth response email is invalid.'); throw new AuthException($t->gettext('Oauth authentication failed')); } if (!isset($result['verified_email']) || $result['verified_email'] !== true) { throw new AuthException($t->gettext('The email could not be verified.')); } $email = $result['email']; break; } $user = Users::findFirstByEmail($email); if ($user == false) { $this->registerUserThrottling(0); throw new AuthException($t->gettext('This email is not registered in the system.')); } // Check if the user was flagged $this->checkUserFlags($user); // Register the successful signin $this->saveSuccessSignin($user, 'oauth'); return $user; }
/** * */ private function getUserByUniqueRef($userRef) { if (ctype_digit($userRef)) { $user = Users::findFirstById($userRef); } else { if (($email = filter_var($userRef, FILTER_VALIDATE_EMAIL)) !== false) { $user = Users::findFirstByEmail($email); } else { throw new ArgumentValidationException('The user must be specified as an email or primary key.', 1); } } return $user; }