/**
* Attempts to log the authenticated CAS user into Drupal.
*
* This method should be used to login a user after they have successfully
* authenticated with the CAS server.
*
* @param CasPropertyBag $property_bag
* CasPropertyBag containing username and attributes from CAS.
*
* @throws CasLoginException
*/
public function loginToDrupal(CasPropertyBag $property_bag, $ticket)
{
$this->eventDispatcher->dispatch(CasHelper::CAS_PROPERTY_ALTER, new CasPropertyEvent($property_bag));
$account = $this->userLoadByName($property_bag->getUsername());
if (!$account) {
$config = $this->settings->get('cas.settings');
if ($config->get('user_accounts.auto_register') === TRUE) {
if (!$property_bag->getRegisterStatus()) {
$_SESSION['cas_temp_disable'] = TRUE;
throw new CasLoginException("Cannot register user, an event listener denied access.");
}
$account = $this->registerUser($property_bag->getUsername());
} else {
throw new CasLoginException("Cannot login, local Drupal user account does not exist.");
}
}
$this->eventDispatcher->dispatch(CasHelper::CAS_USER_ALTER, new CasUserEvent($account, $property_bag));
$account->save();
if (!$property_bag->getLoginStatus()) {
$_SESSION['cas_temp_disable'] = TRUE;
throw new CasLoginException("Cannot login, an event listener denied access.");
}
$this->userLoginFinalize($account);
$this->storeLoginSessionData($this->sessionManager->getId(), $ticket);
}
/**
* {@inheritdoc}.
*/
public function buildForm(array $form, FormStateInterface $form_state)
{
// Start a manual session for anonymous users.
if ($this->currentUser->isAnonymous() && !isset($_SESSION['multistep_form_holds_session'])) {
$_SESSION['multistep_form_holds_session'] = true;
$this->sessionManager->start();
}
$form = array();
$form['actions']['#type'] = 'actions';
$form['actions']['submit'] = array('#type' => 'submit', '#value' => $this->t('Submit'), '#button_type' => 'primary', '#weight' => 10);
return $form;
}
/**
* {@inheritdoc}
*/
public function execute()
{
/**
* @var $user \Drupal\user\UserInterface
*/
$user = $this->getContextValue('user');
// Do nothing if user is anonymous or already blocked.
if ($user->isAuthenticated() && $user->isActive()) {
$user->block();
$this->sessionManager->delete($user->id());
// Set flag that indicates if the entity should be auto-saved later.
$this->saveLater = TRUE;
}
}
/**
* {@inheritdoc}
*/
public function destroy($sid)
{
global $user;
// Nothing to do if we are not allowed to change the session.
if (!$this->sessionManager->isEnabled()) {
return TRUE;
}
$is_https = $this->requestStack->getCurrentRequest()->isSecure();
// Delete session data.
$this->connection->delete('sessions')->condition($is_https ? 'ssid' : 'sid', Crypt::hashBase64($sid))->execute();
// Reset $_SESSION and $user to prevent a new session from being started
// in \Drupal\Core\Session\SessionManager::save().
$_SESSION = array();
$user = new AnonymousUserSession();
// Unset the session cookies.
$this->deleteCookie($this->getName());
if ($is_https) {
$this->deleteCookie($this->sessionManager->getInsecureName(), FALSE);
} elseif ($this->sessionManager->isMixedMode()) {
$this->deleteCookie('S' . $this->getName(), TRUE);
}
// Remove obsolete sessions.
$this->cleanupObsoleteSessions();
return TRUE;
}
/**
* {@inheritdoc}
*/
public function run()
{
// Allow execution to continue even if the request gets cancelled.
@ignore_user_abort(TRUE);
// Prevent session information from being saved while cron is running.
$original_session_saving = $this->sessionManager->isEnabled();
$this->sessionManager->disable();
// Force the current user to anonymous to ensure consistent permissions on
// cron runs.
$original_user = $this->currentUser->getAccount();
$this->currentUser->setAccount(new AnonymousUserSession());
// Try to allocate enough time to run all the hook_cron implementations.
drupal_set_time_limit(240);
$return = FALSE;
// Try to acquire cron lock.
if (!$this->lock->acquire('cron', 900.0)) {
// Cron is still running normally.
$this->logger->warning('Attempting to re-run cron while it is already running.');
} else {
$this->invokeCronHandlers();
$this->setCronLastTime();
// Release cron lock.
$this->lock->release('cron');
// Return TRUE so other functions can check if it did run successfully
$return = TRUE;
}
// Process cron queues.
$this->processQueues();
// Restore the user.
$this->currentUser->setAccount($original_user);
if ($original_session_saving) {
$this->sessionManager->enable();
}
return $return;
}
/**
* Controller for meteor.overview.
*/
public function siteInfo()
{
$result = ['cookieName' => $this->sessionManager->getName(), 'anonymousName' => $this->userSettings->get('anonymous')];
$result = $this->serializer->serialize($result, 'json');
$response = new Response($result, Response::HTTP_OK);
$response->headers->set('Content-type', 'application/json');
return $response;
}
/**
* Test execute() method for blocked and anonymous users.
*
* @covers ::execute
*/
public function testBlockUserWithBlockedAnonymousUser()
{
$user = $this->getUserMock(self::BLOCKED, self::ANONYMOUS);
$user->block()->shouldNotBeCalled();
$this->sessionManager->delete()->shouldNotBeCalled();
$this->action->setContextValue('user', $user->reveal());
$this->action->execute();
$this->assertEquals($this->action->autoSaveContext(), [], 'Action returns nothing for auto saving since the user has not been altered.');
}
/**
* Switches to a different user.
*
* We don't call session_save_session() because we really want to change users.
* Usually unsafe!
*
* @param string $name
* The username to switch to, or NULL to log out.
*
* @return \Symfony\Component\HttpFoundation\RedirectResponse
* A redirect response object.
*
* @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
*/
public function switchUser($name = NULL)
{
if (empty($name) || !($account = $this->userStorage->loadByProperties(['name' => $name]))) {
throw new AccessDeniedHttpException();
}
$account = reset($account);
// Call logout hooks when switching from original user.
$this->moduleHandler->invokeAll('user_logout', [$this->account]);
// Regenerate the session ID to prevent against session fixation attacks.
$this->sessionManager->regenerate();
// Based off masquarade module as:
// https://www.drupal.org/node/218104 doesn't stick and instead only
// keeps context until redirect.
$this->account->setAccount($account);
$this->session->set('uid', $account->id());
// Call all login hooks when switching to masquerading user.
$this->moduleHandler->invokeAll('user_login', [$account]);
return $this->redirect('<front>');
}
/**
* Switching back to previous user.
*
* @return bool
* TRUE when switched back, FALSE otherwise.
*/
public function switchBack()
{
if (empty($_SESSION['masquerading'])) {
return FALSE;
}
$new_user = $this->entityTypeManager->getStorage('user')->load($_SESSION['masquerading']);
// Ensure the flag is cleared.
unset($_SESSION['masquerading']);
if (!$new_user) {
return FALSE;
}
$account = $this->currentUser;
// Call logout hooks when switching from masquerading user.
$this->moduleHandler->invokeAll('user_logout', [$account]);
// Regenerate the session ID to prevent against session fixation attacks.
// @todo Maybe session service migrate.
$this->sessionManager->regenerate();
$this->currentUser->setAccount($new_user);
\Drupal::service('session')->set('uid', $new_user->id());
// Call all login hooks when switching back to original user.
$this->moduleHandler->invokeAll('user_login', [$new_user]);
$this->logger->info('User %username stopped masquerading as %old_username.', array('%username' => $new_user->getDisplayName(), '%old_username' => $account->getDisplayName(), 'link' => $this->l($this->t('view'), $new_user->toUrl())));
return TRUE;
}
/**
* Set header for session testing.
*
* @param \Symfony\Component\HttpKernel\Event\GetResponseEvent $event
* The Event to process.
*/
public function onKernelRequestSessionTest(GetResponseEvent $event)
{
$this->emptySession = (int) (!$this->sessionManager->start());
}
/**
* {@inheritdoc}
*/
public function cleanup(Request $request)
{
$this->sessionManager->save();
}
