/** * Display a list of quotes that can be retrieved after a user has identified themselves with an auth token via * retrieveQuoteAction(). Having this separate action allows an end user to press "Back" for up to an hour if they * have chosen to continue the wrong quote. * * @return void */ public function retrieveMultipleQuotesAction() { if ($this->getRequest()->getParam('auth') != '') { $params = Zend_Registry::get('params'); $mac = $this->getRequest()->getParam('auth'); $securityManager = new Application_Core_Security($params->myhomelet->retrieveWithoutAccount->macSecret, $params->myhomelet->retrieveWithoutAccount->macTimestampVariance != 0, $params->myhomelet->retrieveWithoutAccount->macTimestampVariance); $dataKeys = array('customerEmail'); $securityCheck = $securityManager->authenticate($mac, $dataKeys); if (isset($securityCheck['result']) && $securityCheck['result']) { // Customer has multiple quotes associated with their email address - look them up and generate a set of // auth tokens, show user the selection $email = $securityCheck['data']['customerEmail']; $policyCoverDatasource = new Datasource_Insurance_LegacyPolicyCovers(); $customerManager = new Manager_Core_Customer(); // Get all legacy quote IDs by customer e-mail address $legacyIDs = array(); // Try to look up a customer record's quotes' IDs by the e-mail provided $newCustomer = $customerManager->getCustomerByEmailAddress($email); if ($newCustomer) { $legacyCustomerMap = new Datasource_Core_CustomerMaps(); $legacyIDs = $legacyCustomerMap->getLegacyIDs($newCustomer->getIdentifier(Model_Core_Customer::IDENTIFIER)); } // Also check in the legacy DB only to ensure landlords quotes are found $customer = $customerManager->getLegacyCustomerByEmailAddress($email); if ($customer) { $legacyCustomerId = $customer->getIdentifier(Model_Core_Customer::LEGACY_IDENTIFIER); if (!in_array($legacyCustomerId, $legacyIDs)) { $legacyIDs[] = $legacyCustomerId; } } // Retrieve all quotes for the linked customer reference numbers $quoteDatasource = new Datasource_Insurance_LegacyQuotes(); $quotes = $quoteDatasource->getActiveQuotes($legacyIDs, '', array('policynumber', 'startdate')); // Build the list of policy covers and generate auth tokens for each policy // Should be done in a manager, but the quote manager has been written with the row data gateway // design pattern in mind. $authTokens = array(); foreach ($quotes as $quote) { // Create list of policy covers $policyCoverList = array(); $policyOptionsplit = explode('|', $quote->policyOptions); $sumInsuredSplit = explode('|', $quote->amountsCovered); for ($i = 0; $i < count($policyOptionsplit); $i++) { if ($sumInsuredSplit[$i] == 'yes' || floatval($sumInsuredSplit[$i]) > 0) { // A sum insured value has been set so assume cover is in force $policyCover = $policyCoverDatasource->getPolicyCoverByLabel($policyOptionsplit[$i]); if ($policyCover) { array_push($policyCoverList, array('cover' => $policyOptionsplit[$i], 'name' => $policyCover->getName())); } } } $quote->policyCovers = $policyCoverList; // Generate a policy-specific authentication token $securityManager = new Application_Core_Security($params->myhomelet->retrieveWithoutAccount->macSecret, $params->myhomelet->retrieveWithoutAccount->macTimestampVariance != 0, $params->myhomelet->retrieveWithoutAccount->macTimestampVariance); $securityData = array('quoteNumber' => $quote->policyNumber); $authTokens[$quote->policyNumber] = $securityManager->generate($securityData); } // Pass quotes and auth tokens into view and finish $this->view->quotes = $quotes; $this->view->authTokens = $authTokens; return; } } // Failover for non-auth or other issue - go to main retrieve quote form $this->_helper->redirector->gotoUrl('/my-homelet/retrieve-quote'); }
/** * Resume an existing quote for customers who either have a temporary auth token for a retrieval with no My HomeLet * account, or who are My HomeLet authenticated. Customers with no form of valid authentication are redirected to * the My HomeLet login page. * * @return void */ public function retrieveAction() { // Authorisation using no-account My HomeLet retrieval auth token if ($this->getRequest()->getParam('auth') != '') { $mac = $this->getRequest()->getParam('auth'); $securityManager = new Application_Core_Security($this->_params->myhomelet->retrieveWithoutAccount->macSecret, $this->_params->myhomelet->retrieveWithoutAccount->macTimestampVariance != 0, $this->_params->myhomelet->retrieveWithoutAccount->macTimestampVariance); $dataKeys = array('quoteNumber'); $securityCheck = $securityManager->authenticate($mac, $dataKeys); if (isset($securityCheck['result']) && $securityCheck['result']) { $quoteNumber = $securityCheck['data']['quoteNumber']; $quoteManager = new Manager_Insurance_LegacyQuote(); $customerManager = new Manager_Core_Customer(); $quote = $quoteManager->getQuoteByPolicyNumber($quoteNumber); $quoteRefNo = $quote->refNo; $customer = $customerManager->getCustomer(Model_Core_Customer::LEGACY_IDENTIFIER, $quoteRefNo); $customerID = $referenceNumber = $customer->getIdentifier(Model_Core_Customer::LEGACY_IDENTIFIER, $quoteRefNo); $quoteManager = new Manager_Insurance_LandlordsPlus_Quote(null, $quoteNumber, null, $customerID); $quote = $quoteManager->getModel(); $pageSession = new Zend_Session_Namespace('landlords_insurance_quote'); $pageSession->quoteID = $quote->ID; $pageSession->customerRefNo = $referenceNumber; //Retrieve the WebLead summary ID so that the WebLead can continue to be updated and important //details captured, such as the campaign code. $webLeadManager = new Manager_Core_WebLead(); $pageSession->webLeadSummaryId = $webLeadManager->getSummaryId($quoteNumber); $this->_helper->redirector->gotoUrl('/landlords/insurance-quote/step1'); return; } } // Authorisation using My HomeLet logged in details $auth = Zend_Auth::getInstance(); $auth->setStorage(new Zend_Auth_Storage_Session('homelet_customer')); if ($auth->hasIdentity()) { // Check to see if we have a reference number to load up if ($this->getRequest()->getParam('quote') != '') { $quoteNumber = $this->getRequest()->getParam('quote'); // Customer is logged in and is trying to retrieve a specific quote // We need to check to make sure they own it $customerID = $auth->getStorage()->read()->id; // Now we need to get their legacy ID $customerManager = new Manager_Core_Customer(); $customer = $customerManager->getCustomer(Model_Core_Customer::IDENTIFIER, $customerID); $referenceNumber = $customer->getIdentifier(Model_Core_Customer::LEGACY_IDENTIFIER); // Need to find the quote ID by the policy number $quotes = new Manager_Insurance_LandlordsPlus_Quote(null, $quoteNumber, null, $customerID); $quote = $quotes->getModel(); $legacyCustomerMap = new Datasource_Core_CustomerMaps(); $legacyIDs = $legacyCustomerMap->getLegacyIDs($customerID); if (in_array($quote->legacyCustomerID, $legacyIDs)) { // This customer does own this reference - so set the page session stuff up and redirect $pageSession = new Zend_Session_Namespace('landlords_insurance_quote'); $pageSession->quoteID = $quote->ID; $pageSession->customerRefNo = $referenceNumber; //Retrieve the WebLead summary ID so that the WebLead can continue to be updated and important //details captured, such as the campaign code. $webLeadManager = new Manager_Core_WebLead(); $pageSession->webLeadSummaryId = $webLeadManager->getSummaryId($quoteNumber); $this->_helper->redirector->gotoUrl('/landlords/insurance-quote/step1'); } } } $this->_helper->redirector->gotoUrl('/login?referrerUrl=/my-homelet/quotes'); }
/** * Executes checks when the user is a PLL finalizing an email-link-to-tenant. * * @param Zend_Controller_Request_Abstract $request * @param string $customerToken * @param string $refNo * * @return boolean */ protected function _privateLandlordLinkPreDespatch(Zend_Controller_Request_Abstract $request, $customerToken, $refNo) { $session = new Zend_Session_Namespace('referencing_global'); $referenceManager = new Manager_Referencing_Reference(); $reference = $referenceManager->getReference($refNo); //Check the validity of the access. $params = Zend_Registry::get('params'); $hashingString = $params->pll->emailLink->security->securityString; $leeWay = $params->pll->emailLink->security->securityTokenTimeLeewayUser; $securityManager = new Application_Core_Security($hashingString, true, $leeWay); $securityCheck = $securityManager->authenticate($customerToken, array('refNo', 'customerId')); if ($securityCheck['result']) { //Ensure the customer identifier extracted from the $customerToken matches the identifier //stored in the reference. $customerId = $securityCheck['data']['customerId']; if ($customerId != $reference->customer->customerId) { $session->security->error = 'Customer identifier does not match'; return false; } } else { // Something went wrong, eg, hash didn't match or time was out of bounds $session->security->error = $securityCheck['error']; return false; } //Log the customer in. $customerManager = new Manager_Referencing_Customer(); $customer = $customerManager->getCustomer($customerId); $loginManager = new Manager_Referencing_Login(); $loginManager->logUserIn($customer->getEmailAddress(), $customer->getPassword()); //Set the relevant session variables so that the PLL can proceed the reference. $session->referenceId = $reference->internalId; $session->productName = $reference->productSelection->product->key; $session->userType = Model_Referencing_ReferenceUserTypes::PRIVATE_LANDLORD; $session->customerToken = $customerToken; $session->refNo = $refNo; return true; }
/** * Resume an existing quote for customers who either have a temporary auth token for a retrieval with no My HomeLet * account, or who are My HomeLet authenticated. Customers with no form of valid authentication are redirected to * the My HomeLet login page. * * @return void */ public function retrieveAction() { // Authorisation using no-account My HomeLet retrieval auth token if ($this->getRequest()->getParam('auth') != '') { $mac = $this->getRequest()->getParam('auth'); $securityManager = new Application_Core_Security($this->_params->myhomelet->retrieveWithoutAccount->macSecret, $this->_params->myhomelet->retrieveWithoutAccount->macTimestampVariance != 0, $this->_params->myhomelet->retrieveWithoutAccount->macTimestampVariance); $dataKeys = array('quoteNumber'); $securityCheck = $securityManager->authenticate($mac, $dataKeys); if (isset($securityCheck['result']) && $securityCheck['result']) { $quoteNumber = $securityCheck['data']['quoteNumber']; $quoteManager = new Manager_Insurance_TenantsContentsPlus_Quote(null, null, $quoteNumber); $quote = $quoteManager->getQuoteObject(); if ($quote->policyType == 'T') { // Make sure this is a tenants quote $pageSession = new Zend_Session_Namespace('tenants_insurance_quote'); $pageSession->CustomerRefNo = $quote->refNo; $pageSession->PolicyNumber = $quote->policyNumber; // Note that this user retrieved a quote, so that if they login in using the login action their // details don't get nulled out. $pageSession->RetrievedQuote = true; //Retrieve the WebLead summary ID so that the WebLead can continue to be updated and important //details captured, such as the campaign code. $webLeadManager = new Manager_Core_WebLead(); $pageSession->webLeadSummaryId = $webLeadManager->getSummaryId($pageSession->PolicyNumber); $this->_helper->redirector->gotoUrl('/tenants/insurance-quote/step1'); return; } else { // This isn't a tenants quote! OOPS $this->render('retrieve-failed'); return; } } } // Authorisation using My HomeLet logged in details $auth = Zend_Auth::getInstance(); $auth->setStorage(new Zend_Auth_Storage_Session('homelet_customer')); if ($auth->hasIdentity()) { // Check to see if we have a reference number to load up if ($this->getRequest()->getParam('quote') != '') { $quoteNumber = $this->getRequest()->getParam('quote'); // Customer is logged in and is trying to retrieve a specific quote // We need to check to make sure they own it $customerID = $auth->getStorage()->read()->id; // Get customers legacy IDs and confirm the refno of the quote // can be accessed by the customer. $legacyCustomerMap = new Datasource_Core_CustomerMaps(); $legacyIDs = $legacyCustomerMap->getLegacyIDs($customerID); $quoteManager = new Manager_Insurance_TenantsContentsPlus_Quote(null, null, $quoteNumber); $quote = $quoteManager->getQuoteObject(); if (in_array($quote->refNo, $legacyIDs)) { // This customer does own this reference - so set the page session stuff up and redirect if ($quote->policyType == 'T') { // Make sure this is a tenants quote $pageSession = new Zend_Session_Namespace('tenants_insurance_quote'); $pageSession->CustomerRefNo = $quote->refNo; $pageSession->PolicyNumber = $quote->policyNumber; //Retrieve the WebLead summary ID so that the WebLead can continue to be updated and important //details captured, such as the campaign code. $webLeadManager = new Manager_Core_WebLead(); $pageSession->webLeadSummaryId = $webLeadManager->getSummaryId($pageSession->PolicyNumber); $this->_helper->redirector->gotoUrl('/tenants/insurance-quote/step1'); } else { // This isn't a tenants quote! OOPS $this->render('retrieve-failed'); return; } } } } $this->_helper->redirector->gotoUrl('/login?referrerUrl=/my-homelet/quotes'); }