public static function handler($data = null)
{
if (isset($_SESSION['done_autoauth'])) {
return;
}
if (empty($_SERVER['SSL_CLIENT_RAW_CERT'])) {
return self::done();
}
if (Session::isLoggedIn()) {
return self::done();
}
$certs = new certs(ConnectionFactory::get('mongo'), ConnectionFactory::get('redis'));
$userId = $certs->check($_SERVER['SSL_CLIENT_RAW_CERT']);
if ($userId == NULL) {
return self::done();
}
$users = new users(ConnectionFactory::get('mongo'));
$user = $users->get($userId, false);
if (empty($user)) {
return;
}
if (!in_array('autoauth', $user['auths'])) {
return self::done();
}
if ($user['status'] == users::ACCT_LOCKED) {
return self::done();
}
Session::setBatchVars($user);
return self::done();
}
protected function certificate_remove()
{
// Delete
if (!Session::isLoggedIn()) {
return Error::set('You are not logged in!');
}
if (empty($_POST['hash'])) {
return Error::set('No certificate hash was found.');
}
$certs = new certs(ConnectionFactory::get('mongo'), ConnectionFactory::get('redis'));
$cert = $certs->get($_POST['hash'], false);
if ($cert == null) {
return Error::set('Invalid certificate hash.');
}
if (substr($cert, 0, strpos($cert, ':')) != Session::getVar('_id')) {
return Error::set('You are not allowed to remove this certificate.');
}
$users = new users(ConnectionFactory::get('mongo'));
$users->removeCert(Session::getVar('_id'), $_POST['hash']);
$certs->removeCert($_POST['hash']);
header('Location: ' . Url::format('/user/settings'));
}
private function checkCAP($username, $password)
{
$user = $this->get($username);
// Check password authentication
if (empty($user)) {
return false;
}
if (!in_array('cert+pass', $user['auths'])) {
return false;
}
if ($user['password'] != $this->hash($password, $username)) {
return false;
}
// Check certificate authentication
$certs = new certs(ConnectionFactory::get('mongo'), ConnectionFactory::get('redis'));
$userId = $certs->check($_SERVER['SSL_CLIENT_RAW_CERT']);
if ($userId == null) {
return false;
}
if ($userId != $user['_id']) {
return false;
}
return $user;
}
