/** * authenticate and store result in session to avoid sending any request * twice. The SSL handshake for SNOM 320 takes very long */ protected function _authenticate() { if (Tinebase_Session::isStarted()) { $snomSession = Phone_Session::getSessionNamespace(); if (isset($snomSession->phoneIsAuthenticated)) { return; } } parent::_authenticate(); if (!Tinebase_Session::isStarted()) { Tinebase_Core::startCoreSession(); } $snomSession = Phone_Session::getSessionNamespace(); $snomSession->phoneIsAuthenticated = 1; }
/** * destroy session * * @return array */ public function logout() { Tinebase_Controller::getInstance()->logout($_SERVER['REMOTE_ADDR']); Tinebase_Auth_CredentialCache::getInstance()->getCacheAdapter()->resetCache(); if (Tinebase_Session::isStarted()) { Tinebase_Session::destroyAndRemoveCookie(); } $result = array('success' => true); return $result; }
/** * return current session id * * @param boolean $generateUid * @return mixed|null */ public static function getSessionId($generateUid = true) { if (!self::isRegistered(self::SESSIONID)) { $sessionId = null; // TODO allow to access Tinebase/Core methods with Setup session and remove this workaround if (Tinebase_Session::isStarted() && !Tinebase_Session::isSetupSession()) { $sessionId = Tinebase_Session::getId(); } if (empty($sessionId)) { $sessionId = 'NOSESSION'; if ($generateUid) { $sessionId .= Tinebase_Record_Abstract::generateUID(31); } } self::set(self::SESSIONID, $sessionId); } return self::get(self::SESSIONID); }
/** * authenticate user * * @param string $_username * @param string $_password * @return Zend_Auth_Result */ public function authenticate($_username, $_password) { if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' Trying to authenticate ' . $_username); } try { $this->_backend->setIdentity($_username); } catch (Zend_Auth_Adapter_Exception $zaae) { return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, $_username, array($zaae->getMessage())); } $this->_backend->setCredential($_password); if (Tinebase_Session::isStarted()) { Zend_Auth::getInstance()->setStorage(new Zend_Auth_Storage_Session()); } else { Zend_Auth::getInstance()->setStorage(new Zend_Auth_Storage_NonPersistent()); } $result = Zend_Auth::getInstance()->authenticate($this->_backend); return $result; }
/** * Gets Tinebase User session namespace * * @throws Zend_Session_Exception * @return Zend_Session_Namespace */ public static function getSessionNamespace() { if (!Tinebase_Session::isStarted()) { throw new Zend_Session_Exception('Session not started'); } if (!self::getSessionEnabled()) { throw new Zend_Session_Exception('Session not enabled for request'); } try { return self::_getSessionNamespace(static::NAMESPACE_NAME); } catch (Exception $e) { Tinebase_Core::getLogger()->warn(__METHOD__ . '::' . __LINE__ . ' Session error: ' . $e->getMessage()); Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' ' . $e->getTraceAsString()); throw $e; } }
/** * Gets Tinebase User session namespace * * @param string $sessionNamespace (optional) * @throws Zend_Session_Exception * @return Zend_Session_Namespace */ public static function getSessionNamespace($sessionNamespace = 'Default') { if (!Tinebase_Session::isStarted()) { throw new Zend_Session_Exception('Session not started'); } if (!self::getSessionEnabled()) { throw new Zend_Session_Exception('Session not enabled for request'); } $sessionNamespace = is_null($sessionNamespace) ? get_called_class() . '_Namespace' : $sessionNamespace; try { return self::_getSessionNamespace($sessionNamespace); } catch (Exception $e) { Tinebase_Core::getLogger()->warn(__METHOD__ . '::' . __LINE__ . ' Session error: ' . $e->getMessage()); Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' ' . $e->getTraceAsString()); throw $e; } }
/** * handler for JSON api requests * @todo session expire handling * * @param $request * @return JSON */ protected function _handle($request) { try { $method = $request->getMethod(); Tinebase_Core::getLogger()->INFO(__METHOD__ . '::' . __LINE__ . ' is JSON request. method: ' . $method); $jsonKey = isset($_SERVER['HTTP_X_TINE20_JSONKEY']) ? $_SERVER['HTTP_X_TINE20_JSONKEY'] : ''; $this->_checkJsonKey($method, $jsonKey); if (empty($method)) { // SMD request return self::getServiceMap(); } $this->_methods[] = $method; $classes = array(); // add json apis which require no auth $classes['Tinebase_Frontend_Json'] = 'Tinebase'; // register additional Json apis only available for authorised users if (Tinebase_Session::isStarted() && Zend_Auth::getInstance()->hasIdentity()) { $applicationParts = explode('.', $method); $applicationName = ucfirst($applicationParts[0]); switch ($applicationName) { // additional Tinebase json apis case 'Tinebase_Container': $classes['Tinebase_Frontend_Json_Container'] = 'Tinebase_Container'; break; case 'Tinebase_PersistentFilter': $classes['Tinebase_Frontend_Json_PersistentFilter'] = 'Tinebase_PersistentFilter'; break; default: if (Tinebase_Core::getUser() && Tinebase_Core::getUser()->hasRight($applicationName, Tinebase_Acl_Rights_Abstract::RUN)) { $classes[$applicationName . '_Frontend_Json'] = $applicationName; } break; } } $server = self::_getServer($classes); $response = $server->handle($request); if ($response->isError()) { Tinebase_Core::getLogger()->err(__METHOD__ . '::' . __LINE__ . ' Got response error: ' . print_r($response->getError()->toArray(), true)); } return $response; } catch (Exception $exception) { return $this->_handleException($request, $exception); } }
/** * (non-PHPdoc) * @see Tinebase_Server_Interface::handle() */ public function handle(\Zend\Http\Request $request = null, $body = null) { $this->_request = $request instanceof \Zend\Http\Request ? $request : Tinebase_Core::get(Tinebase_Core::REQUEST); $this->_body = $body !== null ? $body : fopen('php://input', 'r'); $server = new Tinebase_Http_Server(); $server->setClass('Tinebase_Frontend_Http', 'Tinebase'); $server->setClass('Filemanager_Frontend_Download', 'Download'); try { if (Tinebase_Session::sessionExists()) { try { Tinebase_Core::startCoreSession(); } catch (Zend_Session_Exception $zse) { // expire session cookie for client Tinebase_Session::expireSessionCookie(); } } Tinebase_Core::initFramework(); if (Tinebase_Core::isLogLevel(Zend_Log::INFO)) { Tinebase_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ . ' Is HTTP request. method: ' . $this->getRequestMethod()); } if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) { Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' REQUEST: ' . print_r($_REQUEST, TRUE)); } // register additional HTTP apis only available for authorised users if (Tinebase_Session::isStarted() && Zend_Auth::getInstance()->hasIdentity()) { if (empty($_REQUEST['method'])) { $_REQUEST['method'] = 'Tinebase.mainScreen'; } $applicationParts = explode('.', $this->getRequestMethod()); $applicationName = ucfirst($applicationParts[0]); if (Tinebase_Core::getUser() && Tinebase_Core::getUser()->hasRight($applicationName, Tinebase_Acl_Rights_Abstract::RUN)) { try { $server->setClass($applicationName . '_Frontend_Http', $applicationName); } catch (Exception $e) { Tinebase_Core::getLogger()->warn(__METHOD__ . '::' . __LINE__ . " Failed to add HTTP API for application '{$applicationName}' Exception: \n" . $e); } } } else { if (empty($_REQUEST['method'])) { $_REQUEST['method'] = 'Tinebase.login'; } // sessionId got send by client, but we don't use sessions for non authenticated users if (Tinebase_Session::sessionExists()) { // expire session cookie on client Tinebase_Session::expireSessionCookie(); } } $this->_method = $this->getRequestMethod(); $server->handle($_REQUEST); } catch (Zend_Json_Server_Exception $zjse) { // invalid method requested or not authenticated, etc. Tinebase_Exception::log($zjse); Tinebase_Core::getLogger()->INFO(__METHOD__ . '::' . __LINE__ . ' Attempt to request a privileged Http-API method without valid session from "' . $_SERVER['REMOTE_ADDR']); header('HTTP/1.0 403 Forbidden'); exit; } catch (Exception $exception) { Tinebase_Exception::log($exception, false); try { $setupController = Setup_Controller::getInstance(); if ($setupController->setupRequired()) { if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' Setup required'); } $this->_method = 'Tinebase.setupRequired'; } else { if (preg_match('/download|export/', $this->_method)) { if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' Server error during download/export - exit with 500'); } header('HTTP/1.0 500 Internal Server Error'); exit; } else { if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' Show mainscreen with setup exception'); } $this->_method = 'Tinebase.exception'; } } $server->handle(array('method' => $this->_method)); } catch (Exception $e) { header('HTTP/1.0 503 Service Unavailable'); die('Service Unavailable'); } } }