/**
* Logout the user destroying all session data
*/
public function logout()
{
//$this->_auth->clearIdentity();
$this->_auth->getStorage()->clear();
//$this->_storage->clearAll();
Zend_Session::expireSessionCookie();
}
/**
* Clear the session information
*/
public static function clearSession()
{
$authCookieName = Zend_Registry::get('config')->General->login_cookie_name;
$cookie = new Core_Cookie($authCookieName);
$cookie->delete();
Zend_Session::expireSessionCookie();
Zend_Session::regenerateId();
}
/**
* handle request
*
* @return void
*/
public function handle()
{
try {
Tinebase_Core::initFramework();
$exception = FALSE;
} catch (Exception $exception) {
if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' initFramework exception: ' . $exception);
}
// handle all kind of session exceptions as 'Not Authorised'
if ($exception instanceof Zend_Session_Exception) {
$exception = new Tinebase_Exception_AccessDenied('Not Authorised', 401);
// expire session cookie for client
Zend_Session::expireSessionCookie();
}
}
$server = new Zend_Json_Server();
$server->setAutoEmitResponse(false);
$server->setAutoHandleExceptions(false);
//$server->setUseNamedParams(true);
$json = file_get_contents('php://input');
if (substr($json, 0, 1) == '[') {
if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' batched request');
}
$isBatchedRequest = true;
$requests = Zend_Json::decode($json);
} else {
$isBatchedRequest = false;
$requests = array(Zend_Json::decode($json));
}
if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
$_requests = $requests;
foreach (array('password', 'oldPassword', 'newPassword') as $field) {
if (isset($requests[0]["params"][$field])) {
$_requests[0]["params"][$field] = "*******";
}
}
if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' is JSON request. rawdata: ' . print_r($_requests, true));
}
}
$response = array();
foreach ($requests as $requestOptions) {
if ($requestOptions !== NULL) {
$request = new Zend_Json_Server_Request();
$request->setOptions($requestOptions);
$response[] = $exception ? $this->_handleException($server, $request, $exception) : $this->_handle($server, $request);
} else {
if (Tinebase_Core::isLogLevel(Zend_Log::NOTICE)) {
Tinebase_Core::getLogger()->notice(__METHOD__ . '::' . __LINE__ . ' Got empty request options: skip request.');
}
$response[] = NULL;
}
}
echo $isBatchedRequest ? '[' . implode(',', $response) . ']' : $response[0];
}
public function handle()
{
try {
Tinebase_Core::initFramework();
} catch (Zend_Session_Exception $exception) {
if (Tinebase_Core::isLogLevel(Zend_Log::WARN)) {
Tinebase_Core::getLogger()->warn(__METHOD__ . '::' . __LINE__ . ' invalid session. Delete session cookie.');
}
Zend_Session::expireSessionCookie();
header('WWW-Authenticate: Basic realm="WebDAV for Tine 2.0"');
header('HTTP/1.1 401 Unauthorized');
return;
}
if (Tinebase_Core::isLogLevel(Zend_Log::INFO)) {
Tinebase_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ . ' is CalDav, CardDAV or WebDAV request.');
}
if (empty($_SERVER['PHP_AUTH_USER']) && empty($_SERVER['REMOTE_USER']) && empty($_SERVER['REDIRECT_REMOTE_USER'])) {
header('WWW-Authenticate: Basic realm="WebDav for Tine 2.0"');
header('HTTP/1.1 401 Unauthorized');
return;
}
// when used with (f)cgi no PHP_AUTH variables are available without defining a special rewrite rule
if (!isset($_SERVER['PHP_AUTH_USER'])) {
// $_SERVER["REMOTE_USER"] == "Basic didhfiefdhfu4fjfjdsa34drsdfterrde..."
$basicAuthData = base64_decode(substr(isset($_SERVER["REMOTE_USER"]) ? $_SERVER["REMOTE_USER"] : $_SERVER['REDIRECT_REMOTE_USER'], 6));
list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(":", $basicAuthData);
}
if (Tinebase_Controller::getInstance()->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'], $_SERVER['REMOTE_ADDR'], 'TineWebDav') !== true) {
header('WWW-Authenticate: Basic realm="CardDav for Tine 2.0"');
header('HTTP/1.1 401 Unauthorized');
return;
}
self::$_server = new Sabre_DAV_Server(new Tinebase_WebDav_Root());
// compute base uri
$request = new Zend_Controller_Request_Http();
self::$_server->setBaseUri($request->getBaseUrl() . '/');
$tempDir = Tinebase_Core::getTempDir();
if (!empty($tempDir)) {
$lockBackend = new Sabre_DAV_Locks_Backend_File($tempDir . '/webdav.lock');
$lockPlugin = new Sabre_DAV_Locks_Plugin($lockBackend);
self::$_server->addPlugin($lockPlugin);
}
$authPlugin = new Sabre_DAV_Auth_Plugin(new Tinebase_WebDav_Auth(), null);
self::$_server->addPlugin($authPlugin);
$aclPlugin = new Sabre_DAVACL_Plugin();
$aclPlugin->defaultUsernamePath = 'principals/users';
$aclPlugin->principalCollectionSet = array($aclPlugin->defaultUsernamePath);
self::$_server->addPlugin($aclPlugin);
self::$_server->addPlugin(new Sabre_CardDAV_Plugin());
self::$_server->addPlugin(new Sabre_CalDAV_Plugin());
self::$_server->addPlugin(new Sabre_CalDAV_Schedule_Plugin());
self::$_server->addPlugin(new Sabre_DAV_Browser_Plugin());
self::$_server->exec();
}
public function _ZF_expireAll($args)
{
Zend_Session::setOptions(array('remember_me_seconds' => 15, 'gc_probability' => 2));
session_id($args[0]);
if (isset($args[1]) && !empty($args[1])) {
$s = new Zend_Session_Namespace($args[1]);
} else {
$s = new Zend_Session_Namespace();
}
$result = '';
foreach ($s->getIterator() as $key => $val) {
$result .= "{$key} === {$val};";
}
Zend_Session::expireSessionCookie();
Zend_Session::writeClose();
echo $result;
}
public function _initStartSession()
{
$this->bootstrap('frontcontroller');
$this->bootstrap('multiplelog');
try {
$this->bootstrap('mongo');
$this->bootstrap('session');
Zend_Session::start(true);
register_shutdown_function('session_write_close');
$this->bootstrap('sessionregenerate');
if (!Zend_Session::getId()) {
Zend_Session::regenerateId();
}
} catch (\Exception $e) {
\App::log()->crit($e);
Zend_Session::expireSessionCookie();
$this->_sendResponse(500, 10001, "Error starting session, try again later");
}
}
/**
* Zend_Session::expireSessionCookie encapsulation
*/
public static function expireSessionCookie()
{
Zend_Session::expireSessionCookie();
}
/**
* handle session exception for http requests
*
* we force the client to delete session cookie, but we don't destroy
* the session on server side. This way we prevent session DOS from thrid party
*/
public function sessionException()
{
Zend_Session::expireSessionCookie();
echo "\n <script type='text/javascript'>\n window.location.href = window.location.href;\n </script>\n ";
/*
ob_start();
$html = $this->login();
$html = ob_get_clean();
$script = "
<script type='text/javascript'>
exception = {code: 401};
Ext.onReady(function() {
Ext.MessageBox.show({
title: _('Authorisation Required'),
msg: _('Your session is not valid. You need to login again.'),
buttons: Ext.Msg.OK,
icon: Ext.MessageBox.WARNING
});
});
</script>";
echo preg_replace('/<\/head.*>/', $script . '</head>', $html);
*/
}
public function outAction()
{
//@todo continuar con la destruccion de la session
\Zend_Session::expireSessionCookie();
if (\Zend_Session::isStarted()) {
\Zend_Session::destroy(true, true);
}
$config = Config::getInstance();
$responseParams = $config->getResponseConfigurations();
$this->_forward($responseParams[Config::RESPONSE_ACTION_PARAM], $responseParams[Config::RESPONSE_CONTROLLER_PARAM], $responseParams[Config::RESPONSE_MODULE_PARAM]);
}
public function logout()
{
$logger = Ml_Model_Logger::getInstance();
$auth = Zend_Auth::getInstance();
$logger->log(array("action" => "logout_request"));
$oldUid = $auth->getIdentity();
$auth->clearIdentity();
$oldSid = Zend_Session::getId();
Zend_Session::regenerateId();
Zend_Session::destroy(true);
Zend_Session::expireSessionCookie();
$stmt = 'UPDATE ' . $this->_dbAdapter->quoteTableAs($this->_dbTable->getTableName()) . ' SET `status` = ?, `end` = CURRENT_TIMESTAMP, `end_remote_addr` = ? WHERE `session` = ?';
if (isset($_SERVER['REMOTE_ADDR'])) {
$remoteAddr = $_SERVER['REMOTE_ADDR'];
} else {
$remoteAddr = null;
}
$this->_dbAdapter->query($stmt, array(self::CLOSE_STATUS, $remoteAddr, $oldSid));
}
/**
* handler for HTTP api requests
* @todo session expire handling
*
* @return HTTP
*/
public function handle()
{
try {
Tinebase_Core::initFramework();
Tinebase_Core::getLogger()->INFO(__METHOD__ . '::' . __LINE__ . ' Is HTTP request. method: ' . (isset($_REQUEST['method']) ? $_REQUEST['method'] : 'EMPTY'));
//Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ .' Rawdata: ' . print_r($_REQUEST, true));
$server = new Tinebase_Http_Server();
//NOTE: auth check for Tinebase HTTP api is done via Tinebase_Http::checkAuth
$server->setClass('Tinebase_Frontend_Http', 'Tinebase');
// register addidional HTTP apis only available for authorised users
if (Zend_Auth::getInstance()->hasIdentity()) {
if (empty($_REQUEST['method'])) {
$_REQUEST['method'] = 'Tinebase.mainScreen';
}
$applicationParts = explode('.', $_REQUEST['method']);
$applicationName = ucfirst($applicationParts[0]);
if (Tinebase_Core::getUser() && Tinebase_Core::getUser()->hasRight($applicationName, Tinebase_Acl_Rights_Abstract::RUN)) {
try {
$server->setClass($applicationName . '_Frontend_Http', $applicationName);
} catch (Exception $e) {
Tinebase_Core::getLogger()->warn(__METHOD__ . '::' . __LINE__ . " Failed to add HTTP API for application '{$applicationName}' Exception: \n" . $e);
}
}
}
if (empty($_REQUEST['method'])) {
$_REQUEST['method'] = 'Tinebase.login';
}
$server->handle($_REQUEST);
} catch (Exception $exception) {
if (!is_object(Tinebase_Core::getLogger())) {
// no logger -> exception happened very early, just rethrow it
error_log($exception);
header('HTTP/1.0 503 Service Unavailable');
die('Service Unavailable');
}
Tinebase_Core::getLogger()->INFO($exception);
$server = new Tinebase_Http_Server();
$server->setClass('Tinebase_Frontend_Http', 'Tinebase');
if ($exception instanceof Zend_Session_Exception) {
Tinebase_Core::getLogger()->INFO(__METHOD__ . '::' . __LINE__ . ' Attempt to request a privileged Http-API method without valid session from "' . $_SERVER['REMOTE_ADDR']);
// expire session cookie for client
Zend_Session::expireSessionCookie();
header('HTTP/1.0 403 Forbidden');
exit;
} else {
try {
// check if setup is required
$setupController = Setup_Controller::getInstance();
if ($setupController->setupRequired()) {
$server->handle(array('method' => 'Tinebase.setupRequired'));
} else {
if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) {
Tinebase_Core::getLogger()->DEBUG(__CLASS__ . '::' . __METHOD__ . ' (' . __LINE__ . ') Http-Api exception: ' . print_r($exception, true));
}
$server->handle(array('method' => 'Tinebase.exception'));
}
} catch (Exception $e) {
error_log($exception);
header('HTTP/1.0 503 Service Unavailable');
die('Service Unavailable');
}
}
}
}
