/**
* @dataProvider getAcceptableOriginsTestData
* @group Core
*/
public function test_getAcceptableOrigins($host, $expected)
{
Config::getInstance()->General['enable_trusted_host_check'] = 0;
$_SERVER['HTTP_HOST'] = $host;
Config::getInstance()->General['trusted_hosts'] = array('example.com');
$this->assertEquals($expected, Nonce::getAcceptableOrigins(), $host);
}
/**
* This is just a copy-paste of the parent's member.
* It's sole reason for existence here is the fact that the parent has it
* defined as "private". See https://github.com/piwik/piwik/pull/8681 for
* information.
*
* @param View $view
*/
protected function configureView($view)
{
$this->setBasicVariablesView($view);
$view->linkTitle = Piwik::getRandomTitle();
// crsf token: don't trust the submitted value; generate/fetch it from session data
$view->nonce = Nonce::getNonce('Login.login');
}
/**
* Create user via AJAX
* @param type $userParams
*/
public function createUser()
{
$error = false;
$errorMessage = '';
if ($this->__isAjax()) {
//check the parameters
if (Nonce::verifyNonce($this->__LOGIN_FORM_NONCE_ID, Common::getRequestVar($this->__LOGIN_FORM_NONCE_FIELD_NAME))) {
$userLogin = Common::getRequestVar('form_login');
$userPassword = Common::getRequestVar('form_password');
$userEmail = Common::getRequestVar('form_email');
//check if the user already exists
if (!$this->__checkUserExists($userLogin, $userEmail)) {
BKLoginAPI::getInstance()->createUser($userLogin, $userPassword, $userEmail);
//if there has been some error in API call, get the errors as well
$errorMessages = BKLoginAPI::getInstance()->getErrors();
if (!empty($errorMessages)) {
$error = true;
$errorMessage = implode(' ', $errorMessages);
}
}
//create the SSO login record for the user
$this->model = new Model();
$this->model->createSSOUserRecord(Common::getRequestVar('form_provider_name'), Common::getRequestVar('form_provider_user_id'));
} else {
$error = true;
$errorMessage = 'The NONCE value is invalid';
}
}
if (!$error) {
$response = array('success' => true, 'code' => '200', 'reason' => null, 'data' => array());
} else {
$response = array('success' => false, 'code' => '403', 'reason' => $errorMessage, 'data' => array());
}
//return the response
$this->__sendJSON($response);
}
/**
* Reset password action. Stores new password as hash and sends email
* to confirm use.
*
* @param none
*/
function resetPassword()
{
$infoMessage = null;
$formErrors = null;
$form = new FormResetPassword();
if ($form->validate()) {
$nonce = $form->getSubmitValue('form_nonce');
if (Nonce::verifyNonce('Login.login', $nonce)) {
$formErrors = $this->resetPasswordFirstStep($form);
if (empty($formErrors)) {
$infoMessage = Piwik::translate('Login_ConfirmationLinkSent');
}
} else {
$formErrors = array($this->getMessageExceptionNoAccess());
}
} else {
// if invalid, display error
$formData = $form->getFormData();
$formErrors = $formData['errors'];
}
$view = new View('@Login/resetPassword');
$view->infoMessage = $infoMessage;
$view->formErrors = $formErrors;
return $view->render();
}
/**
* Shows the "Track Visits" checkbox.
*/
public function optOut()
{
$trackVisits = !IgnoreCookie::isIgnoreCookieFound();
$nonce = Common::getRequestVar('nonce', false);
$language = Common::getRequestVar('language', '');
if ($nonce !== false && Nonce::verifyNonce('Piwik_OptOut', $nonce)) {
Nonce::discardNonce('Piwik_OptOut');
IgnoreCookie::setIgnoreCookie();
$trackVisits = !$trackVisits;
}
$view = new View('@CoreAdminHome/optOut');
$view->trackVisits = $trackVisits;
$view->nonce = Nonce::getNonce('Piwik_OptOut', 3600);
$view->language = APILanguagesManager::getInstance()->isLanguageAvailable($language) ? $language : LanguagesManager::getLanguageCodeForCurrentUser();
return $view->render();
}
protected function initPluginModification($nonceName)
{
Piwik::checkUserHasSuperUserAccess();
$nonce = Common::getRequestVar('nonce', null, 'string');
if (!Nonce::verifyNonce($nonceName, $nonce)) {
throw new \Exception($this->translator->translate('General_ExceptionNonceMismatch'));
}
Nonce::discardNonce($nonceName);
$pluginName = Common::getRequestVar('pluginName', null, 'string');
return $pluginName;
}
public function setPluginSettings()
{
Piwik::checkUserIsNotAnonymous();
Json::sendHeaderJSON();
$nonce = Common::getRequestVar('nonce', null, 'string');
if (!Nonce::verifyNonce(static::SET_PLUGIN_SETTINGS_NONCE, $nonce)) {
return json_encode(array('result' => 'error', 'message' => $this->translator->translate('General_ExceptionNonceMismatch')));
}
$pluginsSettings = SettingsManager::getPluginSettingsForCurrentUser();
try {
foreach ($pluginsSettings as $pluginName => $pluginSetting) {
foreach ($pluginSetting->getSettingsForCurrentUser() as $setting) {
$value = $this->findSettingValueFromRequest($pluginName, $setting->getKey());
if (!is_null($value)) {
$setting->setValue($value);
}
}
}
} catch (Exception $e) {
$message = $e->getMessage();
if (!empty($setting)) {
$message = $setting->title . ': ' . $message;
}
$message = html_entity_decode($message, ENT_QUOTES, 'UTF-8');
return json_encode(array('result' => 'error', 'message' => $message));
}
try {
foreach ($pluginsSettings as $pluginSetting) {
$pluginSetting->save();
}
} catch (Exception $e) {
return json_encode(array('result' => 'error', 'message' => $this->translator->translate('CoreAdminHome_PluginSettingsSaveFailed')));
}
Nonce::discardNonce(static::SET_PLUGIN_SETTINGS_NONCE);
return json_encode(array('result' => 'success'));
}
/**
* @return View
* @throws \Exception
*/
public function getOptOutView()
{
if ($this->view) {
return $this->view;
}
$trackVisits = !IgnoreCookie::isIgnoreCookieFound();
$dntFound = $this->getDoNotTrackHeaderChecker()->isDoNotTrackFound();
$setCookieInNewWindow = Common::getRequestVar('setCookieInNewWindow', false, 'int');
if ($setCookieInNewWindow) {
$reloadUrl = Url::getCurrentQueryStringWithParametersModified(array('showConfirmOnly' => 1, 'setCookieInNewWindow' => 0));
} else {
$reloadUrl = false;
$nonce = Common::getRequestVar('nonce', false);
if ($nonce !== false && Nonce::verifyNonce('Piwik_OptOut', $nonce)) {
Nonce::discardNonce('Piwik_OptOut');
IgnoreCookie::setIgnoreCookie();
$trackVisits = !$trackVisits;
}
}
$language = Common::getRequestVar('language', '');
$lang = APILanguagesManager::getInstance()->isLanguageAvailable($language) ? $language : LanguagesManager::getLanguageCodeForCurrentUser();
$this->addQueryParameters(array('module' => 'CoreAdminHome', 'action' => 'optOut', 'language' => $lang, 'setCookieInNewWindow' => 1), false);
$this->view = new View("@CoreAdminHome/optOut");
$this->view->setXFrameOptions('allow');
$this->view->dntFound = $dntFound;
$this->view->trackVisits = $trackVisits;
$this->view->nonce = Nonce::getNonce('Piwik_OptOut', 3600);
$this->view->language = $lang;
$this->view->showConfirmOnly = Common::getRequestVar('showConfirmOnly', false, 'int');
$this->view->reloadUrl = $reloadUrl;
$this->view->javascripts = $this->getJavascripts();
$this->view->stylesheets = $this->getStylesheets();
$this->view->title = $this->getTitle();
$this->view->queryParameters = $this->getQueryParameters();
return $this->view;
}
public function activateDoNotTrack()
{
Piwik::checkUserHasSuperUserAccess();
Nonce::checkNonce(self::ACTIVATE_DNT_NONCE);
DoNotTrackHeaderChecker::activate();
$this->redirectToIndex('PrivacyManager', 'privacySettings');
}
/**
* Action to generate a new Google Authenticator secret for the current user
*
* @return string
* @throws \Exception
* @throws \Piwik\NoAccessException
*/
public function regenerate()
{
Piwik::checkUserIsNotAnonymous();
$view = new View('@GoogleAuthenticator/regenerate');
$this->setGeneralVariablesView($view);
$googleAuth = new PHPGangsta\GoogleAuthenticator();
$storage = new Storage(Piwik::getCurrentUserLogin());
$secret = Common::getRequestVar('gasecret', '', 'string');
$authCode = Common::getRequestVar('gaauthcode', '', 'string');
$authCodeNonce = Common::getRequestVar('authCodeNonce', '', 'string');
$title = Common::getRequestVar('gatitle', $storage->getTitle(), 'string');
$description = Common::getRequestVar('gadescription', $storage->getDescription(), 'string');
if (!empty($secret) && !empty($authCode) && Nonce::verifyNonce(self::AUTH_CODE_NONCE, $authCodeNonce) && $googleAuth->verifyCode($secret, $authCode, 2)) {
$storage->setSecret($secret);
$storage->setDescription($description);
$storage->setTitle($title);
$this->auth->setAuthCode($authCode);
$this->auth->validateAuthCode();
Url::redirectToUrl(Url::getCurrentUrlWithoutQueryString() . Url::getCurrentQueryStringWithParametersModified(array('action' => 'settings', 'activate' => '1')));
}
if (empty($secret)) {
$secret = $googleAuth->createSecret(32);
}
$view->title = $title;
$view->description = $description;
$view->authCodeNonce = Nonce::getNonce(self::AUTH_CODE_NONCE);
$view->newSecret = $secret;
$view->googleAuthImage = $googleAuth->getQRCodeGoogleUrl($description, $secret, $title);
return $view->render();
}
public function privacySettings()
{
Piwik::checkUserHasSomeAdminAccess();
$view = new View('@PrivacyManager/privacySettings');
if (Piwik::hasUserSuperUserAccess()) {
$view->deleteData = $this->getDeleteDataInfo();
$view->anonymizeIP = $this->getAnonymizeIPInfo();
$dntChecker = new DoNotTrackHeaderChecker();
$view->dntSupport = $dntChecker->isActive();
$view->canDeleteLogActions = Db::isLockPrivilegeGranted();
$view->dbUser = PiwikConfig::getInstance()->database['username'];
$view->deactivateNonce = Nonce::getNonce(self::DEACTIVATE_DNT_NONCE);
$view->activateNonce = Nonce::getNonce(self::ACTIVATE_DNT_NONCE);
$view->maskLengthOptions = array(array('key' => '1', 'value' => Piwik::translate('PrivacyManager_AnonymizeIpMaskLength', array("1", "192.168.100.xxx")), 'description' => ''), array('key' => '2', 'value' => Piwik::translate('PrivacyManager_AnonymizeIpMaskLength', array("2", "192.168.xxx.xxx")), 'description' => Piwik::translate('General_Recommended')), array('key' => '3', 'value' => Piwik::translate('PrivacyManager_AnonymizeIpMaskLength', array("3", "192.xxx.xxx.xxx")), 'description' => ''));
$view->useAnonymizedIpForVisitEnrichmentOptions = array(array('key' => '1', 'value' => Piwik::translate('General_Yes'), 'description' => Piwik::translate('PrivacyManager_RecommendedForPrivacy')), array('key' => '0', 'value' => Piwik::translate('General_No'), 'description' => ''));
$view->scheduleDeletionOptions = array(array('key' => '1', 'value' => Piwik::translate('Intl_PeriodDay')), array('key' => '7', 'value' => Piwik::translate('Intl_PeriodWeek')), array('key' => '30', 'value' => Piwik::translate('Intl_PeriodMonth')));
$view->doNotTrackOptions = array(array('key' => '1', 'value' => Piwik::translate('PrivacyManager_DoNotTrack_Enable'), 'description' => Piwik::translate('General_Recommended')), array('key' => '0', 'value' => Piwik::translate('PrivacyManager_DoNotTrack_Disable'), 'description' => Piwik::translate('General_NotRecommended')));
}
$view->language = LanguagesManager::getLanguageCodeForCurrentUser();
$this->setBasicVariablesView($view);
return $view->render();
}
private function getPluginNameIfNonceValid($nonceName)
{
$nonce = Common::getRequestVar('nonce', null, 'string');
if (!Nonce::verifyNonce($nonceName, $nonce)) {
throw new \Exception(Piwik::translate('General_ExceptionNonceMismatch'));
}
Nonce::discardNonce($nonceName);
$pluginName = Common::getRequestVar('pluginName', null, 'string');
if (!$this->pluginManager->isValidPluginName($pluginName)) {
throw new Exception('Invalid plugin name');
}
return $pluginName;
}
/**
* Shows the "Track Visits" checkbox.
*/
public function optOut()
{
$trackVisits = !IgnoreCookie::isIgnoreCookieFound();
$nonce = Common::getRequestVar('nonce', false);
$language = Common::getRequestVar('language', '');
if ($nonce !== false && Nonce::verifyNonce('Piwik_OptOut', $nonce)) {
Nonce::discardNonce('Piwik_OptOut');
IgnoreCookie::setIgnoreCookie();
$trackVisits = !$trackVisits;
}
$lang = APILanguagesManager::getInstance()->isLanguageAvailable($language) ? $language : LanguagesManager::getLanguageCodeForCurrentUser();
// should not use self::renderTemplate since that uses setBasicVariablesView. this will cause
// an error when setBasicVariablesAdminView is called, and MenuTop is requested (the idSite query
// parameter is required)
$view = new View("@CoreAdminHome/optOut");
$view->setXFrameOptions('allow');
$view->trackVisits = $trackVisits;
$view->nonce = Nonce::getNonce('Piwik_OptOut', 3600);
$view->language = $lang;
return $view->render();
}
/**
* Shows the "Track Visits" checkbox.
*/
public function optOut()
{
$trackVisits = !IgnoreCookie::isIgnoreCookieFound();
$dntChecker = new DoNotTrackHeaderChecker();
$dntFound = $dntChecker->isDoNotTrackFound();
$setCookieInNewWindow = Common::getRequestVar('setCookieInNewWindow', false, 'int');
if ($setCookieInNewWindow) {
$reloadUrl = Url::getCurrentQueryStringWithParametersModified(array(
'showConfirmOnly' => 1,
'setCookieInNewWindow' => 0,
));
} else {
$reloadUrl = false;
$nonce = Common::getRequestVar('nonce', false);
if ($nonce !== false && Nonce::verifyNonce('Piwik_OptOut', $nonce)) {
Nonce::discardNonce('Piwik_OptOut');
IgnoreCookie::setIgnoreCookie();
$trackVisits = !$trackVisits;
}
}
$language = Common::getRequestVar('language', '');
$lang = APILanguagesManager::getInstance()->isLanguageAvailable($language)
? $language
: LanguagesManager::getLanguageCodeForCurrentUser();
// should not use self::renderTemplate since that uses setBasicVariablesView. this will cause
// an error when setBasicVariablesAdminView is called, and MenuTop is requested (the idSite query
// parameter is required)
$view = new View("@CoreAdminHome/optOut");
$view->setXFrameOptions('allow');
$view->dntFound = $dntFound;
$view->trackVisits = $trackVisits;
$view->nonce = Nonce::getNonce('Piwik_OptOut', 3600);
$view->language = $lang;
$view->isSafari = $this->isUserAgentSafari();
$view->showConfirmOnly = Common::getRequestVar('showConfirmOnly', false, 'int');
$view->reloadUrl = $reloadUrl;
return $view->render();
}
/**
* Shows the "Track Visits" checkbox.
*/
public function optOut()
{
$trackVisits = !IgnoreCookie::isIgnoreCookieFound();
$nonce = Common::getRequestVar('nonce', false);
$language = Common::getRequestVar('language', '');
if ($nonce !== false && Nonce::verifyNonce('Piwik_OptOut', $nonce)) {
Nonce::discardNonce('Piwik_OptOut');
IgnoreCookie::setIgnoreCookie();
$trackVisits = !$trackVisits;
}
$lang = APILanguagesManager::getInstance()->isLanguageAvailable($language) ? $language : LanguagesManager::getLanguageCodeForCurrentUser();
return $this->renderTemplate('optOut', array('trackVisits' => $trackVisits, 'nonce' => Nonce::getNonce('Piwik_OptOut', 3600), 'language' => $lang));
}
/**
* send email to Piwik team and display nice thanks
* @throws Exception
*/
function sendFeedback()
{
$email = Common::getRequestVar('email', '', 'string');
$body = Common::getRequestVar('body', '', 'string');
$category = Common::getRequestVar('category', '', 'string');
$nonce = Common::getRequestVar('nonce', '', 'string');
$view = new View('@Feedback/sendFeedback');
$view->feedbackEmailAddress = Config::getInstance()->General['feedback_email_address'];
try {
$minimumBodyLength = 40;
if (strlen($body) < $minimumBodyLength || strpos($email, 'probe@') !== false || strpos($body, '<probe') !== false) {
throw new Exception(Piwik::translate('Feedback_ExceptionBodyLength', array($minimumBodyLength)));
}
if (!Piwik::isValidEmailString($email)) {
throw new Exception(Piwik::translate('UsersManager_ExceptionInvalidEmail'));
}
if (preg_match('/https?:/i', $body)) {
throw new Exception(Piwik::translate('Feedback_ExceptionNoUrls'));
}
if (!Nonce::verifyNonce('Feedback.sendFeedback', $nonce)) {
throw new Exception(Piwik::translate('General_ExceptionNonceMismatch'));
}
Nonce::discardNonce('Feedback.sendFeedback');
$mail = new Mail();
$mail->setFrom(Common::unsanitizeInputValue($email));
$mail->addTo($view->feedbackEmailAddress, 'Piwik Team');
$mail->setSubject('[ Feedback form - Piwik ] ' . $category);
$mail->setBodyText(Common::unsanitizeInputValue($body) . "\n" . 'Piwik ' . Version::VERSION . "\n" . 'IP: ' . IP::getIpFromHeader() . "\n" . 'URL: ' . Url::getReferrer() . "\n");
@$mail->send();
} catch (Exception $e) {
$view->errorString = $e->getMessage();
$view->message = $body;
}
return $view->render();
}
