function unpairLatchAccount($user_id) { if (isset($user_id)) { $api = getLatchAPIConnection(); $accountId = getAccountIdFromStorage($user_id); if ($api != NULL && $accountId != null) { $pairedCount = unpairUser($user_id, $accountId); if ($pairedCount == 0) { $api->unpair($accountId); } return true; } } return false; }
function display() { global $sugar_config, $current_user; if (isset($_POST['csrfToken']) && isset($_SESSION['csrf_token']) && $_SESSION['csrf_token'] == $_POST['csrfToken']) { if (isset($_POST['operation']) && $_POST['operation'] == "pair" && isset($_POST['pairingToken'])) { pairLatchAccount($_POST['pairingToken'], $current_user->id); } else { if (isset($_POST['operation']) && $_POST['operation'] == "unpair") { unpairLatchAccount($current_user->id); } } } $bytes = openssl_random_pseudo_bytes(20); $csrfToken = sha1($bytes); $_SESSION['csrf_token'] = $csrfToken; if ($sugar_config['authenticationClass'] == "LatchAuthenticate") { $accountId = getAccountIdFromStorage($current_user->id); ?> <form method="POST" action="index.php?module=LatchPairing"> <div class="group"> <h2>Latch Settings</h2> <ul> <?php if (strlen($accountId) == 0 || $accountId == false) { ?> <label for="pairingToken">Latch Pairing Token:</label> <input type="text" name="pairingToken" id="pairingToken" /> <input type="hidden" name="operation" value="pair"/> <input type="submit" value="Pair" /> <?php } else { ?> <label for="pairingToken">You are already paired with Latch.</label> <input type="hidden" name="operation" value="unpair"/> <input type="submit" value="Unpair" /> <?php } ?> <input type="hidden" name="csrfToken" id="csrfToken" value="<?php echo htmlentities($csrfToken); ?> "> </ul> </div> </form> <?php } }
function loadUserOnSession($user_id) { global $current_user; require_once 'custom/Latch/LatchWrapper.php'; if (empty($user_id)) { return false; } if (isset($_POST['otp']) && isset($_SESSION['otp'])) { if ($_POST['otp'] == $_SESSION['otp']) { $_SESSION['logged_in'] = true; return parent::loadUserOnSession($user_id); } else { return header("Location: ./index.php?module=Users&action=logout"); } } if (!(isset($_SESSION['logged_in']) && $_SESSION['logged_in'])) { $accountId = getAccountIdFromStorage($user_id); if ($accountId && isset($_REQUEST['action']) && strtolower($_REQUEST['action']) != "logout") { $status = getLatchStatus($accountId); if ($status != null) { if ($status['accountBlocked']) { header("Location: ./index.php?module=Users&action=logout"); exit; } else { if (isset($status['twoFactor'])) { $_SESSION['otp'] = $status['twoFactor']; include_once "custom/Latch/secondFactorForm.php"; die; } } } } } $_SESSION['logged_in'] = true; return parent::loadUserOnSession($user_id); }