protected function getStoredQuery($path)
{
$session = $this->request->session();
if (isset($session)) {
if ($session->check('Alaxos.Filter')) {
$stored_alaxos_filter = $session->read('Alaxos.Filter');
if (isset($stored_alaxos_filter[$path])) {
return $stored_alaxos_filter[$path];
}
}
}
return null;
}
/**
* Get user's credentials (username and password) from either session or request data
*
* @param Request $request Request instance
* @return array|bool
*/
protected function _getCredentials(Request $request)
{
$credentials = [];
foreach (['username', 'password'] as $field) {
if (!($credentials[$field] = $request->data($this->_config['fields'][$field]))) {
$credentials[$field] = $this->_decrypt($request->session()->read('TwoFactorAuth.credentials.' . $field));
}
if (empty($credentials[$field]) || !is_string($credentials[$field])) {
return false;
}
}
return $credentials;
}
/**
* Authenticate callback
*
* @param Request $request Cake request object.
* @param Response $response Cake response object.
* @return bool|mixed
*/
public function authenticate(Request $request, Response $response)
{
$data = $request->session()->read(Configure::read('Users.Key.Session.social'));
if (empty($data)) {
return false;
}
$socialMail = Hash::get((array) $data->info, Configure::read('Users.Key.Data.email'));
if (!empty($socialMail)) {
$data->email = $socialMail;
$data->validated = true;
} else {
$data->email = $request->data(Configure::read('Users.Key.Data.email'));
$data->validated = false;
}
$user = $this->_findOrCreateUser($data);
return $user;
}
/**
* Component startup. All security checking happens here.
*
* @param Event $event An Event instance
* @return mixed
*/
public function startup(Event $event)
{
$controller = $event->subject();
$this->session = $this->request->session();
$this->_action = $this->request->params['action'];
$this->_secureRequired($controller);
$this->_authRequired($controller);
$isPost = $this->request->is(['post', 'put']);
$isNotRequestAction = !isset($controller->request->params['requested']) || $controller->request->params['requested'] != 1;
if ($this->_action === $this->_config['blackHoleCallback']) {
return $this->blackHole($controller, 'auth');
}
if (!in_array($this->_action, (array) $this->_config['unlockedActions']) && $isPost && $isNotRequestAction) {
if ($this->_config['validatePost'] && $this->_validatePost($controller) === false) {
return $this->blackHole($controller, 'auth');
}
}
$this->generateToken($controller->request);
if ($isPost && is_array($controller->request->data)) {
unset($controller->request->data['_Token']);
}
}
/**
* Initialize HybridAuth and this authenticator.
*
* @param \Cake\Network\Request $request Request instance.
* @return void
* @throws \RuntimeException Incase case of unknown error.
*/
protected function _init(Request $request)
{
if ($this->_initDone) {
return;
}
$this->_userModel = TableRegistry::get($this->_config['userModel']);
$this->_profileModel = TableRegistry::get($this->_config['profileModel']);
$request->session()->start();
$hybridConfig = Configure::read('HybridAuth');
if (empty($hybridConfig['base_url'])) {
$hybridConfig['base_url'] = Router::url(['plugin' => 'ADmad/HybridAuth', 'controller' => 'HybridAuth', 'action' => 'endpoint', 'prefix' => false], true);
}
try {
Hybrid_Auth::initialize($hybridConfig);
} catch (\Exception $e) {
if ($e->getCode() < 5) {
throw new \RuntimeException($e->getMessage());
} else {
$this->_registry->Auth->flash($e->getMessage());
Hybrid_Auth::initialize($hybridConfig);
}
}
}
/**
* Authenticates the identity contained in the cookie. Will use the
* `userModel` config, and `fields` config to find COOKIE data that is used
* to find a matching record in the model specified by `userModel`. Will return
* false if there is no cookie data, either username or password is missing,
* or if the scope conditions have not been met.
*
* @param Request $request The unused request object.
* @return mixed False on login failure. An array of User data on success.
* @throws \RuntimeException If CookieComponent is not loaded.
*/
public function getUser(Request $request)
{
if (!isset($this->_registry->Cookie) || !$this->_registry->Cookie instanceof CookieComponent) {
throw new \RuntimeException('CookieComponent is not loaded');
}
$cookieConfig = $this->_config['cookie'];
$cookieName = $this->_config['cookie']['name'];
unset($cookieConfig['name']);
$this->_registry->Cookie->configKey($cookieName, $cookieConfig);
$data = $this->_registry->Cookie->read($cookieName);
if (empty($data)) {
return false;
}
extract($this->_config['fields']);
if (empty($data[$username]) || empty($data[$password])) {
return false;
}
$user = $this->_findUser($data[$username], $data[$password]);
if ($user) {
$request->session()->write($this->_registry->Auth->sessionKey, $user);
return $user;
}
return false;
}
/**
* Component startup. All security checking happens here.
*
* @param \Cake\Event\Event $event An Event instance
* @return mixed
*/
public function startup(Event $event)
{
$controller = $event->subject();
$this->session = $this->request->session();
$this->_action = $this->request->params['action'];
$hasData = !empty($this->request->data);
try {
$this->_secureRequired($controller);
$this->_authRequired($controller);
$isNotRequestAction = !isset($controller->request->params['requested']) || $controller->request->params['requested'] != 1;
if ($this->_action === $this->_config['blackHoleCallback']) {
throw new AuthSecurityException(sprintf('Action %s is defined as the blackhole callback.', $this->_action));
}
if (!in_array($this->_action, (array) $this->_config['unlockedActions']) && $hasData && $isNotRequestAction && $this->_config['validatePost']) {
$this->_validatePost($controller);
}
} catch (SecurityException $se) {
$this->blackHole($controller, $se->getType(), $se);
}
$this->generateToken($controller->request);
if ($hasData && is_array($controller->request->data)) {
unset($controller->request->data['_Token']);
}
}
/**
* Set the authenticate attempted session flag.
*
* @param \Cake\Network\Request $request Request to get session from.
*/
private function setAuthenticateAttemptedThisSession(Request $request)
{
$session = $request->session();
$session->write('CookieTokenAuth.attempted', true);
}
/**
* Tests getting the sessions from the request
*
* @return void
*/
public function testSession()
{
$session = new Session();
$request = new Request(['session' => $session]);
$this->assertSame($session, $request->session());
$request = Request::createFromGlobals();
$this->assertEquals($session, $request->session());
}
/**
* Get a user based on information in the request.
*
* @param \Cake\Network\Request $request Request object.
* @return mixed Either false or an array of user information
* @throws \RuntimeException If the `CakeDC/Users/OAuth2.newUser` event is missing or returns empty.
*/
public function getUser(Request $request)
{
$data = $request->session()->read(Configure::read('Users.Key.Session.social'));
$requestDataEmail = $request->data('email');
if (!empty($data) && (!empty($data['email']) || !empty($requestDataEmail))) {
if (!empty($requestDataEmail)) {
$data['email'] = $requestDataEmail;
}
$user = $data;
$request->session()->delete(Configure::read('Users.Key.Session.social'));
} else {
if (empty($data) && !($rawData = $this->_authenticate($request))) {
return false;
}
if (empty($rawData)) {
$rawData = $data;
}
$provider = $this->_getProviderName($request);
$user = $this->_mapUser($provider, $rawData);
if ($user['provider'] === SocialAccountsTable::PROVIDER_TWITTER) {
$request->session()->write(Configure::read('Users.Key.Session.social'), $user);
}
}
if (!$user || !$this->config('userModel')) {
return false;
}
if (!($result = $this->_touch($user))) {
return false;
}
if ($request->session()->check(Configure::read('Users.Key.Session.social'))) {
$request->session()->delete(Configure::read('Users.Key.Session.social'));
}
return $result;
}
/**
* Initialize hybrid auth
*
* @param \Cake\Network\Request $request Request instance.
* @return void
* @throws \RuntimeException Incase case of unknown error.
*/
protected function _init(Request $request)
{
$request->session()->start();
$hybridConfig = Configure::read('HybridAuth');
if (empty($hybridConfig['base_url'])) {
$hybridConfig['base_url'] = Router::url(['plugin' => 'ADmad/HybridAuth', 'controller' => 'HybridAuth', 'action' => 'endpoint'], true);
}
try {
$this->hybridAuth = new \Hybrid_Auth($hybridConfig);
} catch (\Exception $e) {
if ($e->getCode() < 5) {
throw new \RuntimeException($e->getMessage());
} else {
$this->_registry->Auth->flash($e->getMessage());
$this->hybridAuth = new \Hybrid_Auth($hybridConfig);
}
}
}
/**
* Get a user based on information in the request.
* Used by cookie-less auth for stateless clients.
*
* @param \Cake\Network\Request $request
* Request object.
* @return mixed Either false or an array of user information
*/
public function getUser(Request $request)
{
if (!isset($request->data['username']) || !isset($request->data['password'])) {
return false;
}
set_error_handler(function ($errorNumber, $errorText, $errorFile, $errorLine) {
throw new \ErrorException($errorText, 0, $errorNumber, $errorFile, $errorLine);
}, E_ALL);
$bindAccount = $this->_config['bindAccount'];
$bindPassword = $this->_config['bindPassword'];
try {
// bind with service account first
if (!empty($bindAccount)) {
$ldapBind = ldap_bind($this->ldapConnection, $bindAccount, $bindPassword);
if ($ldapBind === true) {
$filter = $this->_config['filter']($request->data['username']);
$searchResults = ldap_search($this->ldapConnection, $this->_config['baseDN'], $filter, $this->_config['return']);
$results = ldap_get_entries($this->ldapConnection, $searchResults);
$entry = ldap_first_entry($this->ldapConnection, $searchResults);
// get login user dn
$dn = ldap_get_dn($this->ldapConnection, $entry);
}
} else {
$dn = 'CN=' . $request->data['username'] . ',' . $this->_config['baseDN'];
}
// bind with login id
$ldapBind = ldap_bind($this->ldapConnection, $dn, $request->data['password']);
if ($ldapBind === true) {
return ldap_get_attributes($this->ldapConnection, $entry);
}
} catch (\ErrorException $e) {
$this->log($e->getMessage());
if (ldap_get_option($this->ldapConnection, LDAP_OPT_DIAGNOSTIC_MESSAGE, $extendedError)) {
if (!empty($extendedError)) {
foreach ($this->_config['errors'] as $error => $errorMessage) {
if (strpos($extendedError, $error) !== false) {
$messages[] = ['message' => $errorMessage, 'key' => $this->_config['flash']['key'], 'element' => $this->_config['flash']['element'], 'params' => $this->_config['flash']['params']];
}
}
}
}
}
restore_error_handler();
if (!empty($messages)) {
$request->session()->write('Flash.' . $this->_config['flash']['key'], $messages);
}
return false;
}
/**
* Get a user based on information in the request.
*
* @param \Cake\Network\Request $request Request object.
* @return mixed Either false or an array of user information
* @throws \RuntimeException If the `Muffin/OAuth2.newUser` event is missing or returns empty.
*/
public function getUser(Request $request)
{
$data = $request->session()->read(Configure::read('Users.Key.Session.social'));
if (!empty($data) && !empty($data['email'] || !empty($request->data('email')))) {
if (!empty($request->data('email'))) {
$data['email'] = $request->data('email');
}
$user = $data;
$request->session()->delete(Configure::read('Users.Key.Session.social'));
} else {
if (empty($data) && !($rawData = $this->_authenticate($request))) {
return false;
}
if (empty($rawData)) {
$rawData = $data;
}
$provider = $this->_getProviderName($request);
$user = $this->_mapUser($provider, $rawData);
}
if (!$user || !$this->config('userModel')) {
return false;
}
if (!($result = $this->_touch($user))) {
return false;
}
return $result;
}
/**
* Constructor.
*
* @param \Cake\Network\Request $request Request instance.
* @param \Cake\Network\Response $response Response instance.
* @param array $config Configuration list.
*/
public function __construct(Request $request, Response $response, array $config = [])
{
$this->_session = $request->session();
$this->config($config);
}
