protected function generate(Credentials $credentials, $scope)
{
$sql = 'SELECT id,
name,
password
FROM fusio_user
WHERE name = :name
AND status = :status';
$user = $this->connection->fetchAssoc($sql, array('name' => $credentials->getClientId(), 'status' => User::STATUS_ADMINISTRATOR));
if (!empty($user)) {
if (password_verify($credentials->getClientSecret(), $user['password'])) {
$scopes = ['backend'];
// generate access token
$expires = new \DateTime();
$expires->add(new \DateInterval('PT1H'));
$now = new \DateTime();
$accessToken = hash('sha256', uniqid());
$this->connection->insert('fusio_app_token', ['appId' => App::BACKEND, 'userId' => $user['id'], 'status' => AppToken::STATUS_ACTIVE, 'token' => $accessToken, 'scope' => implode(',', $scopes), 'ip' => isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '127.0.0.1', 'expire' => $expires->format($this->connection->getDatabasePlatform()->getDateTimeFormatString()), 'date' => $now->format($this->connection->getDatabasePlatform()->getDateTimeFormatString())]);
$token = new AccessToken();
$token->setAccessToken($accessToken);
$token->setTokenType('bearer');
$token->setExpiresIn($expires->getTimestamp());
$token->setScope(implode(',', $scopes));
return $token;
} else {
throw new ServerErrorException('Invalid password');
}
} else {
throw new ServerErrorException('Unknown user');
}
}
/**
* This method tries to figure out whether a user tries to abuse the system.
* Every user can insert, update or delete "core.input_limit" records
* in the last "core.input_interval" minutes without entering an captcha
* After this the user has to solve an captcha
*
* @return boolean
*/
public function hasInputExceeded()
{
if ($this->isAdministrator()) {
return false;
}
$now = new DateTime('NOW', $this->registry['core.default_timezone']);
$now->sub(new DateInterval($this->registry['core.input_interval']));
$con = new Condition();
$con->add('userId', '=', $this->id);
$con->add('date', '>=', $now->format(DateTime::SQL));
$count = $this->sql->count($this->registry['table.log'], $con);
if ($count > $this->registry['core.input_limit']) {
$expire = time() - $now->getTimestamp();
$percentage = ceil($count * 100 / ($this->registry['core.input_limit'] * 2));
$expire = $expire - $expire * ($percentage / 100);
$lastVerified = isset($_SESSION['captcha_verified']) ? $_SESSION['captcha_verified'] : 0;
$diff = time() - $lastVerified;
if ($diff > $expire) {
return true;
}
}
return false;
}
public function onCheckidSetup(SetupRequest $request)
{
// check whether authenticated
if (!$this->isAuthenticated()) {
$loginUrl = $this->config['psx_url'] . '/' . $this->config['psx_dispatch'] . 'login';
$selfUrl = new Url($this->base->getSelf());
$values = array_merge($_GET, $_POST);
foreach ($values as $key => $value) {
$selfUrl->addParam($key, $value);
}
//$selfUrl->addParam('openid.mode', 'checkid_setup');
//$selfUrl->addParam('openid.ns', self::NS);
header('Location: ' . $loginUrl . '?redirect=' . urlencode(strval($selfUrl)));
exit;
}
// check association
$sql = <<<SQL
SELECT
\t`assoc`.`id`,
\t`assoc`.`expires`,
\t`assoc`.`date`
FROM
\t{$this->registry['table.openid_assoc']} `assoc`
WHERE
\t`assoc`.`assocHandle` = ?
SQL;
$row = $this->sql->getRow($sql, array($request->getAssocHandle()));
if (!empty($row)) {
// check expire
$now = new DateTime('NOW', $this->registry['core.default_timezone']);
$expire = (int) $row['expires'];
if (time() > $now->getTimestamp() + $expire) {
throw new Exception('Association is expired');
}
} else {
if (!$request->isImmediate()) {
// create association
$date = new DateTime('NOW', $this->registry['core.default_timezone']);
$assocHandle = ProviderAbstract::generateHandle();
$secret = base64_encode(ProviderAbstract::randomBytes(20));
$this->sql->insert($this->registry['table.openid_assoc'], array('assocHandle' => $assocHandle, 'assocType' => 'HMAC-SHA1', 'sessionType' => 'DH-SHA1', 'secret' => $secret, 'expires' => self::EXPIRE, 'date' => $date->format(DateTime::SQL)));
// set assoc handle
$request->setAssocHandle($assocHandle);
} else {
throw new Exception('Invalid association');
}
}
// count connect requests
/*
$maxCount = 5;
$con = new PSX_Sql_Condition(array('userId', '=', $this->user->getId()), array('status', '=', AmunService_Oauth_Record::TEMPORARY));
$count = $this->sql->count($this->registry['table.oauth_request'], $con);
if($count > $maxCount)
{
$conDelete = new PSX_Sql_Condition();
$result = $this->sql->select($this->registry['table.oauth_request'], array('id', 'expire', 'date'), $con, PSX_Sql::SELECT_ALL);
foreach($result as $row)
{
$now = new DateTime('NOW', $this->registry['core.default_timezone']);
$date = new DateTime($row['date'], $this->registry['core.default_timezone']);
$date->add(new DateInterval($row['expire']));
if($now > $date)
{
$conDelete->add('id', '=', $row['id'], 'OR');
}
}
if($conDelete->hasCondition())
{
$this->sql->delete($this->registry['table.oauth_request'], $conDelete);
}
throw new Exception('You can have max ' . $maxCount . ' temporary account connect requests. Each request expires after 30 hour');
}
*/
// save request params
$_SESSION['amun_openid_request'] = $request;
// redirect
header('Location: ' . $this->config['psx_url'] . '/' . $this->config['psx_dispatch'] . 'login/connect');
exit;
}
