/** * Attempt to authenticate the current user. Throws exception if login fails. * * @param \Zend\Http\PhpEnvironment\Request $request Request object containing * account credentials. * * @throws AuthException * @return \VuFind\Db\Row\User Object representing logged-in user. */ public function authenticate($request) { // Check if username is set. $shib = $this->getConfig()->Shibboleth; $username = $request->getServer()->get($shib->username); if (empty($username)) { throw new AuthException('authentication_error_admin'); } // Check if required attributes match up: foreach ($this->getRequiredAttributes() as $key => $value) { if (!preg_match('/' . $value . '/', $request->getServer()->get($key))) { throw new AuthException('authentication_error_denied'); } } // If we made it this far, we should log in the user! $user = $this->getUserTable()->getByUsername($username); // Has the user configured attributes to use for populating the user table? $attribsToCheck = array("cat_username", "email", "lastname", "firstname", "college", "major", "home_library"); foreach ($attribsToCheck as $attribute) { if (isset($shib->{$attribute})) { $user->{$attribute} = $request->getServer()->get($shib->{$attribute}); } } // Save and return the user object: $user->save(); return $user; }
/** * Return an array of roles which may be granted the permission based on * the options. * * @param mixed $options Options provided from configuration. * * @return array */ public function getPermissions($options) { if ($this->request->getServer()->get('Shib-Identity-Provider') === false) { $this->logWarning('getPermissions: Shibboleth server params missing'); return []; } return parent::getPermissions($options); }
/** * Return an array of roles which may be granted the permission based on * the options. * * @param mixed $options Options provided from configuration. * * @return array */ public function getPermissions($options) { $this->debug('getPermissions: idpServerParam = ' . $this->idpServerParam); if ($this->request->getServer()->get($this->idpServerParam) === null) { $this->logWarning('getPermissions: Shibboleth server params missing'); return []; } return parent::getPermissions($options); }
/** * Return an array of roles which may be granted the permission based on * the options. * * @param mixed $options Options provided from configuration. * * @return array */ public function getPermissions($options) { // Check if any regex matches.... $ip = $this->request->getServer()->get('REMOTE_ADDR'); if ($this->ipAddressUtils->isInRange($ip, (array) $options)) { // Match? Grant to all users (guest or logged in). return ['guest', 'loggedin']; } // No match? No permissions. return []; }
/** * Attempt to authenticate the current user. Throws exception if login fails. * * @param \Zend\Http\PhpEnvironment\Request $request Request object containing * account credentials. * * @throws AuthException * @return \VuFind\Db\Row\User Object representing logged-in user. */ public function authenticate($request) { // Check if username is set. $shib = $this->getConfig()->Shibboleth; $username = $request->getServer()->get($shib->username); if (empty($username)) { throw new AuthException('authentication_error_admin'); } // Check if required attributes match up: foreach ($this->getRequiredAttributes() as $key => $value) { if (!preg_match('/' . $value . '/', $request->getServer()->get($key))) { throw new AuthException('authentication_error_denied'); } } // If we made it this far, we should log in the user! $user = $this->getUserTable()->getByUsername($username); // Variable to hold catalog password (handled separately from other // attributes since we need to use saveCredentials method to store it): $catPassword = null; // Has the user configured attributes to use for populating the user table? $attribsToCheck = ['cat_username', 'cat_password', 'email', 'lastname', 'firstname', 'college', 'major', 'home_library']; foreach ($attribsToCheck as $attribute) { if (isset($shib->{$attribute})) { $value = $request->getServer()->get($shib->{$attribute}); if ($attribute != 'cat_password') { // Special case: don't override existing email address: if ($field == 'email') { if (isset($user->email) && trim($user->email) != '') { continue; } } $user->{$attribute} = $value; } else { $catPassword = $value; } } } // Save credentials if applicable: if (!empty($catPassword) && !empty($user->cat_username)) { $user->saveCredentials($user->cat_username, $catPassword); } // Store logout URL in session: $config = $this->getConfig()->Shibboleth; if (isset($config->logout_attribute)) { $url = $request->getServer()->get($config->logout_attribute); if ($url) { $sessionContainer = new SessionContainer('Shibboleth'); $sessionContainer['logoutUrl'] = $url; } } // Save and return the user object: $user->save(); return $user; }
/** * Metodo padrão de execução do log * * @return Log */ public function executar() { $this->logArquivo->parse(); $this->logArquivo->getLog()->setInicio(new \Datetime()); $this->logArquivo->getLog()->setFim(new \Datetime()); $this->logArquivo->getLog()->setIp($this->request->getServer('REMOTE_ADDR')); $this->logArquivo->getLog()->setMensagem('Log arquivo de ' . $this->logArquivo->getTipo() . ': ' . $this->logArquivo->getNome()); $this->logArquivo->getLog()->setTipo(LogArquivo::TIPO); $this->logArquivo->getLog()->setUsuario($this->usuario); $this->logArquivo->getLog()->setRoute($this->request->getRequestUri()); return $this->logArquivo->getLog(); }
/** * Metodo padrão de execução do log * * @return Log */ public function executar() { $this->logCadastro->setOperacao($this->operacao); $this->logCadastro->parse(); $this->logCadastro->getLog()->setInicio(new \Datetime()); $this->logCadastro->getLog()->setFim(new \Datetime()); $this->logCadastro->getLog()->setIp($this->request->getServer('REMOTE_ADDR')); $this->logCadastro->getLog()->setMensagem($this->operacao . ' - ' . get_class($this->logCadastro->getEntity())); $this->logCadastro->getLog()->setTipo(LogCadastro::TIPO); $this->logCadastro->getLog()->setUsuario($this->usuario); $this->logCadastro->getLog()->setRoute($this->request->getRequestUri()); return $this->logCadastro->getLog(); }
/** * Return an array of roles which may be granted the permission based on * the options. * * @param mixed $options Options provided from configuration. * * @return array */ public function getPermissions($options) { // Check if any regex matches.... $ip = $this->request->getServer()->get('REMOTE_ADDR'); foreach ((array) $options as $current) { if (preg_match($current, $ip)) { // Match? Grant to all users (guest or logged in). return ['guest', 'loggedin']; } } // No match? No permissions. return []; }
public function getRemoteAddress() { $request = new Request(); $serverParams = $request->getServer(); $remoteAddress = $serverParams->get('REMOTE_ADDR'); if ($remoteAddress == '') { $remoteAddress = '127.0.0.1'; } return $remoteAddress; }
/** * Attempt to authenticate the current user. Throws exception if login fails. * * @param \Zend\Http\PhpEnvironment\Request $request Request object containing * account credentials. * * @throws AuthException * @return \VuFind\Db\Row\User Object representing logged-in user. */ public function authenticate($request) { $assertion = $request->getPost('assertion'); if ($assertion === null) { throw new AuthException('authentication_missing_assertion'); } $protocol = $request->getServer('HTTPS'); $audience = (empty($protocol) ? 'http://' : 'https://') . $request->getServer('SERVER_NAME') . ':' . $request->getServer('SERVER_PORT'); $client = $this->httpService->createClient('https://verifier.login.persona.org/verify', \Zend\Http\Request::METHOD_POST); $client->setParameterPost(['assertion' => $assertion, 'audience' => $audience]); $response = $client->send(); $result = json_decode($response->getContent()); if ($result->status !== 'okay') { throw new AuthException('authentication_error_invalid'); } $username = $result->email; $user = $this->getUserTable()->getByUsername($username, false); if ($user === false) { $user = $this->createPersonaUser($username, $result->email); } return $user; }
/** * Process 401 Response Objects. This will redirect the visitor to the * sites configured login page. * * @return Response */ protected function processNotAuthorized() { $loginPage = $this->currentSite->getLoginPage(); $notAuthorized = $this->currentSite->getNotAuthorizedPage(); $returnToUrl = urlencode($this->request->getServer('REQUEST_URI')); $newResponse = new Response(); $newResponse->setStatusCode('302'); if (!$this->userService->hasIdentity()) { $newResponse->getHeaders()->addHeaderLine('Location: ' . $loginPage . '?redirect=' . $returnToUrl); } else { $newResponse->getHeaders()->addHeaderLine('Location: ' . $notAuthorized); } return $newResponse; }
public static function createFromRequest(BaseRequest $request) { $new = static::fromString($request->toString()); $new->setQuery($request->getQuery()); $new->setPost($request->getPost()); $new->setCookies($request->getCookie()); $new->setFiles($request->getFiles()); $new->setServer($request->getServer()); $new->setContent($request->getContent()); $new->setEnv($request->getEnv()); $headers = $request->getHeaders(); $new->setHeaders($headers); return $new; }
/** * Check if a server param matches the option. * * @param string $option Option * * @return boolean true if a server param matches, false if not */ protected function checkServerParam($option) { // split option on spaces unless escaped with backslash $optionParts = $this->splitString($option, ' ', '\\'); if (count($optionParts) < 2) { $this->logError("configuration option '{$option}' invalid"); return false; } // first part is the server param name $serverParamName = array_shift($optionParts); if (isset($this->aliases[$serverParamName])) { $serverParamName = $this->aliases[$serverParamName]; } // optional modifier follow server param name $modifierMatch = in_array($optionParts[0], ['~', '!~']); $modifierNot = in_array($optionParts[0], ['!', '!~']); if ($modifierNot || $modifierMatch) { array_shift($optionParts); } // remaining parts are the templates for checking the server params $templates = $optionParts; if (empty($templates)) { $this->logError("configuration option '{$option}' invalid"); return false; } // server param values to check $serverParamString = $this->request->getServer()->get($serverParamName); if ($serverParamString === null) { // check fails if server param is missing return false; } $serverParams = $this->splitString($serverParamString, $this->serverParamDelimiter, $this->serverParamEscape); $result = false; // check for each server param ... foreach ($serverParams as $serverParam) { // ... if it matches one of the templates (OR) foreach ($templates as $template) { if ($modifierMatch) { $result |= preg_match('/' . $template . '/', $serverParam); } else { $result |= $template === $serverParam; } } } if ($modifierNot) { $result = !$result; } return $result; }
/** * Attempt to authenticate the current user. Throws exception if login fails. * * @param \Zend\Http\PhpEnvironment\Request $request Request object containing * account credentials. * * @throws AuthException * @return \VuFind\Db\Row\User Object representing logged-in user. */ public function authenticate($request) { // Check if username is set. $shib = $this->getConfig()->Shibboleth; $username = $request->getServer()->get($shib->username); if (empty($username)) { throw new AuthException('authentication_error_admin'); } // Check if required attributes match up: foreach ($this->getRequiredAttributes() as $key => $value) { if (!preg_match('/' . $value . '/', $request->getServer()->get($key))) { throw new AuthException('authentication_error_denied'); } } // If we made it this far, we should log in the user! $user = $this->getUserTable()->getByUsername($username); // Variable to hold catalog password (handled separately from other // attributes since we need to use saveCredentials method to store it): $catPassword = null; // Has the user configured attributes to use for populating the user table? $attribsToCheck = ['cat_username', 'cat_password', 'email', 'lastname', 'firstname', 'college', 'major', 'home_library']; foreach ($attribsToCheck as $attribute) { if (isset($shib->{$attribute})) { $value = $request->getServer()->get($shib->{$attribute}); if ($attribute != 'cat_password') { $user->{$attribute} = $value === null ? '' : $value; } else { $catPassword = $value; } } } // Save credentials if applicable. Note that we want to allow empty // passwords (see https://github.com/vufind-org/vufind/pull/532), but // we also want to be careful not to replace a non-blank password with a // blank one in case the auth mechanism fails to provide a password on // an occasion after the user has manually stored one. (For discussion, // see https://github.com/vufind-org/vufind/pull/612). Note that in the // (unlikely) scenario that a password can actually change from non-blank // to blank, additional work may need to be done here. if (!empty($user->cat_username)) { $user->saveCredentials($user->cat_username, empty($catPassword) ? $user->getCatPassword() : $catPassword); } // Save and return the user object: $user->save(); return $user; }
/** * Запись логов * @param Request $request * @param Response $response */ public function write($request, $response) { $serverOptions = $request->getServer()->toArray(); $requestUri = isset($serverOptions['REQUEST_URI']) ? $serverOptions['REQUEST_URI'] : null; // Проверка на запись от правильного запроса if (is_null($requestUri) || !preg_match($this->_patternRequestWriteLog, $requestUri)) { return; } $remoteAddr = isset($serverOptions['REMOTE_ADDR']) ? $serverOptions['REMOTE_ADDR'] : ''; $requestTime = isset($serverOptions['REQUEST_TIME']) ? $serverOptions['REQUEST_TIME'] : 0; $requestTimeFloat = isset($serverOptions['REQUEST_TIME_FLOAT']) ? $serverOptions['REQUEST_TIME_FLOAT'] : 0; /** @var DocumentManager $dm */ $dm = $this->getServiceLocator()->get('doctrine-document'); $logsClient = new LogsClient(); $logsClient->setDatetime((new \DateTime())->setTimestamp($requestTime))->setHeaders($request->getHeaders()->toString())->setRequest($request->getContent())->setResponse($response->getContent())->setIpAddress($remoteAddr)->setDuration(round(microtime(true), 4) - $requestTimeFloat); $dm->persist($logsClient); $dm->flush(); }
/** * Get a server parameter taking into account any environment variables * redirected by Apache mod_rewrite. * * @param \Zend\Http\PhpEnvironment\Request $request Request object containing * account credentials. * @param string $param Parameter name * * @return mixed */ protected function getServerParam($request, $param) { return $request->getServer()->get($param, $request->getServer()->get("REDIRECT_{$param}")); }
/** * @param string $name * @param mixed $default * @return mixed */ public function server($name, $default = null) { return $this->httpRequest->getServer($name, $default); }
/** * Attempt to authenticate the current user. Throws exception if login fails. * * @param \Zend\Http\PhpEnvironment\Request $request Request object containing * account credentials. * * @throws AuthException * @return \VuFind\Db\Row\User Object representing logged-in user. */ public function authenticate($request) { // Check if username is set. $shib = $this->getConfig()->Shibboleth; $usernameAlternatives = explode("##", $shib->username); $username = ""; foreach ($usernameAlternatives as $usernameAlternative) { $username = $request->getServer()->get($usernameAlternative); if (!empty($username)) { break; } } //$username = $request->getServer()->get($shib->username); if (empty($username)) { throw new AuthException('authentication_error_admin'); } // Check if required attributes match up (so far not used in swissbib: foreach ($this->getRequiredAttributes() as $key => $value) { $valueAlternatives = explode("##", $value); $found = false; foreach ($valueAlternatives as $valuetest) { if (preg_match('/' . $valuetest . '/', $request->getServer()->get($key))) { $found = true; break; } } if (!$found) { throw new AuthException('authentication_error_denied'); } } // If we made it this far, we should log in the user! $user = $this->getUserTable()->getByUsername($username); // Variable to hold catalog password (handled separately from other // attributes since we need to use saveCredentials method to store it): $catPassword = null; // Has the user configured attributes to use for populating the user table? $attribsToCheck = ['cat_username', 'cat_password', 'email', 'lastname', 'firstname', 'college', 'major', 'home_library']; foreach ($attribsToCheck as $attribute) { if (isset($shib->{$attribute})) { $tattrAlternatives = explode("##", $shib->{$attribute}); $attvalue = ""; foreach ($tattrAlternatives as $aAlternative) { $tvar = $request->getServer()->get($aAlternative); if (!empty($tvar)) { $attvalue = $request->getServer()->get($aAlternative); break; } } if ($attribute != 'cat_password' && !empty($attvalue)) { $user->{$attribute} = $attvalue; } else { $catPassword = $value; } } } // Save credentials if applicable: if (!empty($catPassword) && !empty($user->cat_username)) { $user->saveCredentials($user->cat_username, $catPassword); } // Save and return the user object: $user->save(); return $user; }
/** * fetch basic auth credentials * * @param \Zend\Http\PhpEnvironment\Request $request * @return array */ protected function _getBasicAuthData(\Zend\Http\PhpEnvironment\Request $request) { if ($header = $request->getHeaders('Authorization')) { return explode(":", base64_decode(substr($header->getFieldValue(), 6)), 2); } elseif ($header = $request->getServer('HTTP_AUTHORIZATION')) { return explode(":", base64_decode(substr($header, 6)), 2); } else { // check if (REDIRECT_)*REMOTE_USER is found in SERVER vars $name = 'REMOTE_USER'; for ($i = 0; $i < 5; $i++) { if ($header = $request->getServer($name)) { return explode(":", base64_decode(substr($header, 6)), 2); } $name = 'REDIRECT_' . $name; } } }
/** * @group ZF2-480 */ public function testBaseurlFallsBackToRootPathIfScriptFilenameIsNotSet() { $request = new Request(); $server = $request->getServer(); $server->set('SCRIPT_NAME', null); $server->set('PHP_SELF', null); $server->set('ORIG_SCRIPT_NAME', null); $server->set('ORIG_SCRIPT_NAME', null); $server->set('SCRIPT_FILENAME', null); $this->assertEquals('', $request->getBaseUrl()); }
/** * Determine the page to save from the request * * @param HttpRequest $request Http Request * * @throws \RuntimeException * @return string */ protected function createId(HttpRequest $request) { return md5(sprintf('%s-%s-%s', $request->getServer('HTTPS'), $request->getServer('HTTP_HOST'), $request->getRequestUri())); }
/** * Maps premapped attributes from shibboleth.ini particular section where is know-how for parsing * attributes the IdP returned. * * It basically returns array $attributes, which is later saved to 'user' table as current user. * There may be some minor modifications, e.g. to cat_username is appended institute delimited * by $this::SEPARATOR. * * @param \Zend\Http\PhpEnvironment\Request $request * @param \Zend\Config\Config $config * containing only array of attributes mapping from attribute-map.xml to user table in VuFind * @return array attributes */ protected function fetchAttributes($request, $config) { $attributes = array(); foreach ($this->attribsToCheck as $attribute) { if (isset($config->{$attribute})) { $key = $config->{$attribute}; $pattern = null; $value = null; if (strpos($key, '|') !== false) { $keys = explode('|', $key); foreach ($keys as $key) { $key = trim($key); $value = $request->getServer()->get($key); if ($value != null) { break; } } } elseif (strpos($key, ',') !== false) { list($key, $pattern) = explode(',', $key, 2); $pattern = trim($pattern); } if ($value == null) { $value = $request->getServer()->get($key); } if ($pattern != null) { $matches = array(); preg_match($pattern, $value, $matches); $value = $matches[1]; } $attributes[$attribute] = $value; } } return $attributes; }
public function testRetrievingASingleValueForParameters() { $request = new Request(); $p = new \Zend\Stdlib\Parameters(array('foo' => 'bar')); $request->setQuery($p); $request->setPost($p); $request->setFiles($p); $request->setServer($p); $request->setEnv($p); $this->assertSame('bar', $request->getQuery('foo')); $this->assertSame('bar', $request->getPost('foo')); $this->assertSame('bar', $request->getFiles('foo')); $this->assertSame('bar', $request->getServer('foo')); $this->assertSame('bar', $request->getEnv('foo')); $headers = new Headers(); $h = new GenericHeader('foo', 'bar'); $headers->addHeader($h); $request->setHeaders($headers); $this->assertSame($headers, $request->getHeaders()); $this->assertSame($h, $request->getHeaders()->get('foo')); $this->assertSame($h, $request->getHeader('foo')); }
public function __construct() { $request = new Request(); $this->dir = $request->getServer('DOCUMENT_ROOT', false) . "/fotos/"; }