/** * Shows the list of logged in users */ public function indexAction() { $activeUser = new Ot_Model_DbTable_Activeuser(); $otAccount = new Ot_Model_DbTable_Account(); $otRole = new Ot_Model_DbTable_Role(); $allActiveUsers = $activeUser->fetchAll(null, 'dt DESC')->toArray(); foreach ($allActiveUsers as &$a) { $a['accountInfo'] = $otAccount->getByAccountId($a['accountId']); } $this->_helper->pageTitle('ot-activeusers-index:title'); $this->view->assign(array('activeUsers' => $allActiveUsers)); }
/** * Runs when the class is initialized. For the accounts controller, some * users are allowed to access others accounts. For them, we mask as * that user to provide the required functionality * */ public function init() { parent::init(); $userData = array(); $userData['accountId'] = Zend_Auth::getInstance()->getIdentity()->accountId; if ($this->_getParam('accountId') && $this->_helper->hasAccess('editAllAccounts')) { $userData['accountId'] = $this->_getParam('accountId'); } $account = new Ot_Model_DbTable_Account(); $thisAccount = $account->getByAccountId($userData['accountId']); if (is_null($thisAccount)) { throw new Ot_Exception_Data('msg-error-noAccount'); } $this->_authAdapter = $thisAccount->authAdapter['obj']; $this->_userData = (array) $thisAccount; }
/** * Action when going to the main login page * */ public function indexAction() { $req = new Zend_Session_Namespace(Zend_Registry::get('siteUrl') . '_request'); if (Zend_Auth::getInstance()->hasIdentity()) { if (isset($req->uri) && $req->uri != '') { $uri = $req->uri; $req->unsetAll(); $this->_helper->redirector->gotoUrl($uri); } else { $this->_helper->redirector->gotoRoute(array(), 'default', true); } } $loginOptions = Zend_Registry::get('applicationLoginOptions'); $authAdapter = new Ot_Model_DbTable_AuthAdapter(); $adapters = $authAdapter->getEnabledAdapters(); if (!$adapters || $adapters->count() == 0) { throw new Ot_Exception_Data('ot-login-index:noAdaptersEnabled'); } $loginForms = array(); $realm = 'local'; //set a default value for $realm, since it's required foreach ($adapters as $adapter) { if (!$adapter->adapterKey) { throw new Ot_Exception_Data('ot-login-index:adapterMissingKey'); } $a = new $adapter->class(); $form = new Ot_Form_LoginRealm($adapter->adapterKey, $a->autoLogin(), $a->allowUserSignUp()); $form->setAction($this->view->url(array(), 'login', true)); $loginForms[$adapter->adapterKey] = array('form' => $form, 'realm' => $adapter->adapterKey, 'name' => $adapter->name, 'description' => $adapter->description, 'autoLogin' => $a->autoLogin()); } $formUserId = null; $formPassword = null; $validForm = false; $realm = $this->_getParam('realm', $realm); if ($this->_request->isPost()) { $form = $loginForms[$realm]['form']; if (!$form->isValid($_POST)) { $realm = $form->getValue('realm'); if (isset($loginForms[$realm]) && $loginForms[$realm]['autoLogin']) { $formUserId = ''; $formPassword = ''; $validForm = true; } $this->_helper->messenger->addError('msg-error-invalidFormInfo'); } else { $validForm = true; } } $authRealm = new Zend_Session_Namespace('authRealm'); $authRealm->setExpirationHops(1); if (isset($authRealm->realm) && $authRealm->autoLogin || $this->_request->isPost() && $validForm) { if (isset($authRealm->realm) && !$this->_request->isPost()) { $realm = $authRealm->realm; } else { if ($form->getValue('realm')) { $realm = $form->getValue('realm'); } } $username = $formUserId ? $formUserId : $form->getValue('username'); $password = $formPassword ? $formPassword : $form->getValue('password'); $redirectUri = $form->getValue('redirectUri'); $authAdapter = new Ot_Model_DbTable_AuthAdapter(); $adapter = $authAdapter->find($realm); $className = (string) $adapter->class; // Set up the authentication adapter $authAdapter = new $className($username, $password, $redirectUri); $auth = Zend_Auth::getInstance(); $authRealm->realm = $realm; $authRealm->autoLogin = $authAdapter->autoLogin(); // Attempt authentication, saving the result $result = $auth->authenticate($authAdapter); $authRealm->unsetAll(); if ($result->isValid()) { $username = $auth->getIdentity()->username; $realm = $auth->getIdentity()->realm; $account = new Ot_Model_DbTable_Account(); $thisAccount = $account->getByUsername($username, $realm); if (is_null($thisAccount)) { $password = $account->generatePassword(); $acctData = array('username' => $username, 'password' => md5($password), 'realm' => $realm, 'role' => $this->_helper->configVar('newAccountRole'), 'lastLogin' => time()); $identity = $auth->getIdentity(); if (isset($identity->firstName)) { $acctData['firstName'] = $identity->firstName; } if (isset($identity->lastName)) { $acctData['lastName'] = $identity->lastName; } if (isset($identity->emailAddress)) { $acctData['emailAddress'] = $identity->emailAddress; } if ($loginOptions['generateAccountOnLogin'] != 1) { $auth->clearIdentity(); $authAdapter->autoLogout(); throw new Ot_Exception_Access('msg-error-createAccountNotAllowed'); } $accountId = $account->insert($acctData); $thisAccount = $account->getByAccountId($accountId); } else { // update last login time $data = array('accountId' => $thisAccount->accountId, 'lastLogin' => time()); $account->update($data, null); } $auth->getStorage()->write($thisAccount); $loggerOptions = array('accountId' => $thisAccount->accountId, 'role' => is_array($thisAccount->role) ? implode(',', $thisAccount->role) : $thisAccount->role, 'attributeName' => 'accountId', 'attributeId' => $thisAccount->accountId); $this->_helper->log(Zend_Log::INFO, 'User ' . $username . ' logged in.', $loggerOptions); if (isset($req->uri) && $req->uri != '') { $uri = $req->uri; $req->unsetAll(); return $this->_helper->redirector->gotoUrl($uri); } else { return $this->_helper->redirector->gotoRoute(array(), 'default', true); } } else { if (count($result->getMessages()) == 0) { $this->_helper->messenger->addError('msg-error-invalidUsername'); } else { foreach ($result->getMessages() as $m) { $this->_helper->messenger->addInfo($m); } } } } // If we have a single adapter that auto logs in, we forward on. if (count($loginForms) == 1) { $method = reset($loginForms); if ($method['autoLogin']) { $authRealm->realm = $method['realm']; $authRealm->autoLogin = true; return $this->_helper->redirector->gotoRoute(array('realm' => $authRealm->realm), 'login', true); } } if (isset($req->uri) && $req->uri != '') { $this->_helper->messenger->addInfo('msg-info-loginBeforeContinuing'); } $this->view->assign(array('loginForms' => $loginForms, 'realm' => $realm)); }
public function indexAction() { $returnType = 'json'; try { $apiRegister = new Ot_Api_Register(); $vr = new Ot_Config_Register(); $params = $this->_getAllParams(); if (isset($params['type']) && in_array(strtolower($returnType), array('json', 'php'))) { $returnType = strtolower($params['type']); } if (!isset($params['endpoint']) || empty($params['endpoint'])) { return $this->_validOutput(array('message' => 'Welcome to the ' . $vr->getVar('appTitle')->getValue() . ' API. You will need an API key to get any further. Visit ' . Zend_Registry::get('siteUrl') . '/account to get one.'), $returnType); } $endpoint = $params['endpoint']; $thisEndpoint = $apiRegister->getApiEndpoint($endpoint); if (is_null($thisEndpoint)) { return $this->_errorOutput('Invalid Endpoint', $returnType, 404); } if (!isset($params['key']) || empty($params['key'])) { return $this->_errorOutput('You must provide an API key', $returnType, 403); } $apiApp = new Ot_Model_DbTable_ApiApp(); $thisApp = $apiApp->getAppByKey($params['key']); if (is_null($thisApp)) { return $this->_errorOutput('Invalid API key', $returnType, 403); } $otAccount = new Ot_Model_DbTable_Account(); $thisAccount = $otAccount->getByAccountId($thisApp->accountId); if (is_null($thisAccount)) { return $this->_errorOutput('No user found for this API key', $returnType, 403); } $acl = new Ot_Acl('remote'); if (count($thisAccount->role) > 1) { $roles = array(); // Get role names from the list of role Ids foreach ($thisAccount->role as $r) { $roles[] = $acl->getRole($r); } // Create a new role that inherits from all the returned roles $roleName = implode(',', $roles); $thisAccount->role = $roleName; $acl->addRole(new Zend_Acl_Role($roleName), $roles); } elseif (count($thisAccount->role) == 1) { $thisAccount->role = array_pop($thisAccount->role); } if (!$acl->hasRole($thisAccount->role)) { $thisAccount->role = $vr->getVar('defaultRole')->getValue(); } $role = $thisAccount->role; if ($role == '' || !$acl->hasRole($role)) { $role = $vr->getVar('defaultRole')->getValue(); } // the api "module" here is really a kind of placeholder $aclResource = 'api_' . strtolower($thisEndpoint->getName()); Zend_Auth::getInstance()->getStorage()->write($thisAccount); } catch (Exception $e) { return $this->_errorOutput($e->getMessage(), $returnType); } $data = array(); $apiObject = $thisEndpoint->getEndpointObj(); if ($this->_request->isPost()) { if (!$acl->isAllowed($role, $aclResource, 'post')) { return $this->_errorOutput('You do not have permission to access this endpoint with POST', $returnType, 403); } try { $data = $apiObject->post($params); } catch (Exception $e) { return $this->_errorOutput($e->getMessage(), $returnType); } } else { if ($this->_request->isPut()) { if (!$acl->isAllowed($role, $aclResource, 'put')) { return $this->_errorOutput('You do not have permission to access this endpoint with PUT', $returnType, 403); } try { $data = $apiObject->put($params); } catch (Exception $e) { return $this->_errorOutput($e->getMessage(), $returnType); } } else { if ($this->_request->isDelete()) { if (!$acl->isAllowed($role, $aclResource, 'delete')) { return $this->_errorOutput('You do not have permission to access this endpoint with DELETE', $returnType, 403); } try { $data = $apiObject->delete($params); } catch (Exception $e) { return $this->_errorOutput($e->getMessage(), $returnType); } } else { if (!$acl->isAllowed($role, $aclResource, 'get')) { return $this->_errorOutput('You do not have permission to access this endpoint with GET', $returnType, 403); } try { $data = $apiObject->get($params); } catch (Exception $e) { return $this->_errorOutput($e->getMessage(), $returnType); } } } } return $this->_validOutput($data, $returnType); }