/**
* Shows the list of logged in users
*/
public function indexAction()
{
$activeUser = new Ot_Model_DbTable_Activeuser();
$otAccount = new Ot_Model_DbTable_Account();
$otRole = new Ot_Model_DbTable_Role();
$allActiveUsers = $activeUser->fetchAll(null, 'dt DESC')->toArray();
foreach ($allActiveUsers as &$a) {
$a['accountInfo'] = $otAccount->getByAccountId($a['accountId']);
}
$this->_helper->pageTitle('ot-activeusers-index:title');
$this->view->assign(array('activeUsers' => $allActiveUsers));
}
/**
* Runs when the class is initialized. For the accounts controller, some
* users are allowed to access others accounts. For them, we mask as
* that user to provide the required functionality
*
*/
public function init()
{
parent::init();
$userData = array();
$userData['accountId'] = Zend_Auth::getInstance()->getIdentity()->accountId;
if ($this->_getParam('accountId') && $this->_helper->hasAccess('editAllAccounts')) {
$userData['accountId'] = $this->_getParam('accountId');
}
$account = new Ot_Model_DbTable_Account();
$thisAccount = $account->getByAccountId($userData['accountId']);
if (is_null($thisAccount)) {
throw new Ot_Exception_Data('msg-error-noAccount');
}
$this->_authAdapter = $thisAccount->authAdapter['obj'];
$this->_userData = (array) $thisAccount;
}
/**
* Action when going to the main login page
*
*/
public function indexAction()
{
$req = new Zend_Session_Namespace(Zend_Registry::get('siteUrl') . '_request');
if (Zend_Auth::getInstance()->hasIdentity()) {
if (isset($req->uri) && $req->uri != '') {
$uri = $req->uri;
$req->unsetAll();
$this->_helper->redirector->gotoUrl($uri);
} else {
$this->_helper->redirector->gotoRoute(array(), 'default', true);
}
}
$loginOptions = Zend_Registry::get('applicationLoginOptions');
$authAdapter = new Ot_Model_DbTable_AuthAdapter();
$adapters = $authAdapter->getEnabledAdapters();
if (!$adapters || $adapters->count() == 0) {
throw new Ot_Exception_Data('ot-login-index:noAdaptersEnabled');
}
$loginForms = array();
$realm = 'local';
//set a default value for $realm, since it's required
foreach ($adapters as $adapter) {
if (!$adapter->adapterKey) {
throw new Ot_Exception_Data('ot-login-index:adapterMissingKey');
}
$a = new $adapter->class();
$form = new Ot_Form_LoginRealm($adapter->adapterKey, $a->autoLogin(), $a->allowUserSignUp());
$form->setAction($this->view->url(array(), 'login', true));
$loginForms[$adapter->adapterKey] = array('form' => $form, 'realm' => $adapter->adapterKey, 'name' => $adapter->name, 'description' => $adapter->description, 'autoLogin' => $a->autoLogin());
}
$formUserId = null;
$formPassword = null;
$validForm = false;
$realm = $this->_getParam('realm', $realm);
if ($this->_request->isPost()) {
$form = $loginForms[$realm]['form'];
if (!$form->isValid($_POST)) {
$realm = $form->getValue('realm');
if (isset($loginForms[$realm]) && $loginForms[$realm]['autoLogin']) {
$formUserId = '';
$formPassword = '';
$validForm = true;
}
$this->_helper->messenger->addError('msg-error-invalidFormInfo');
} else {
$validForm = true;
}
}
$authRealm = new Zend_Session_Namespace('authRealm');
$authRealm->setExpirationHops(1);
if (isset($authRealm->realm) && $authRealm->autoLogin || $this->_request->isPost() && $validForm) {
if (isset($authRealm->realm) && !$this->_request->isPost()) {
$realm = $authRealm->realm;
} else {
if ($form->getValue('realm')) {
$realm = $form->getValue('realm');
}
}
$username = $formUserId ? $formUserId : $form->getValue('username');
$password = $formPassword ? $formPassword : $form->getValue('password');
$redirectUri = $form->getValue('redirectUri');
$authAdapter = new Ot_Model_DbTable_AuthAdapter();
$adapter = $authAdapter->find($realm);
$className = (string) $adapter->class;
// Set up the authentication adapter
$authAdapter = new $className($username, $password, $redirectUri);
$auth = Zend_Auth::getInstance();
$authRealm->realm = $realm;
$authRealm->autoLogin = $authAdapter->autoLogin();
// Attempt authentication, saving the result
$result = $auth->authenticate($authAdapter);
$authRealm->unsetAll();
if ($result->isValid()) {
$username = $auth->getIdentity()->username;
$realm = $auth->getIdentity()->realm;
$account = new Ot_Model_DbTable_Account();
$thisAccount = $account->getByUsername($username, $realm);
if (is_null($thisAccount)) {
$password = $account->generatePassword();
$acctData = array('username' => $username, 'password' => md5($password), 'realm' => $realm, 'role' => $this->_helper->configVar('newAccountRole'), 'lastLogin' => time());
$identity = $auth->getIdentity();
if (isset($identity->firstName)) {
$acctData['firstName'] = $identity->firstName;
}
if (isset($identity->lastName)) {
$acctData['lastName'] = $identity->lastName;
}
if (isset($identity->emailAddress)) {
$acctData['emailAddress'] = $identity->emailAddress;
}
if ($loginOptions['generateAccountOnLogin'] != 1) {
$auth->clearIdentity();
$authAdapter->autoLogout();
throw new Ot_Exception_Access('msg-error-createAccountNotAllowed');
}
$accountId = $account->insert($acctData);
$thisAccount = $account->getByAccountId($accountId);
} else {
// update last login time
$data = array('accountId' => $thisAccount->accountId, 'lastLogin' => time());
$account->update($data, null);
}
$auth->getStorage()->write($thisAccount);
$loggerOptions = array('accountId' => $thisAccount->accountId, 'role' => is_array($thisAccount->role) ? implode(',', $thisAccount->role) : $thisAccount->role, 'attributeName' => 'accountId', 'attributeId' => $thisAccount->accountId);
$this->_helper->log(Zend_Log::INFO, 'User ' . $username . ' logged in.', $loggerOptions);
if (isset($req->uri) && $req->uri != '') {
$uri = $req->uri;
$req->unsetAll();
return $this->_helper->redirector->gotoUrl($uri);
} else {
return $this->_helper->redirector->gotoRoute(array(), 'default', true);
}
} else {
if (count($result->getMessages()) == 0) {
$this->_helper->messenger->addError('msg-error-invalidUsername');
} else {
foreach ($result->getMessages() as $m) {
$this->_helper->messenger->addInfo($m);
}
}
}
}
// If we have a single adapter that auto logs in, we forward on.
if (count($loginForms) == 1) {
$method = reset($loginForms);
if ($method['autoLogin']) {
$authRealm->realm = $method['realm'];
$authRealm->autoLogin = true;
return $this->_helper->redirector->gotoRoute(array('realm' => $authRealm->realm), 'login', true);
}
}
if (isset($req->uri) && $req->uri != '') {
$this->_helper->messenger->addInfo('msg-info-loginBeforeContinuing');
}
$this->view->assign(array('loginForms' => $loginForms, 'realm' => $realm));
}
public function indexAction()
{
$returnType = 'json';
try {
$apiRegister = new Ot_Api_Register();
$vr = new Ot_Config_Register();
$params = $this->_getAllParams();
if (isset($params['type']) && in_array(strtolower($returnType), array('json', 'php'))) {
$returnType = strtolower($params['type']);
}
if (!isset($params['endpoint']) || empty($params['endpoint'])) {
return $this->_validOutput(array('message' => 'Welcome to the ' . $vr->getVar('appTitle')->getValue() . ' API. You will need an API key to get any further. Visit ' . Zend_Registry::get('siteUrl') . '/account to get one.'), $returnType);
}
$endpoint = $params['endpoint'];
$thisEndpoint = $apiRegister->getApiEndpoint($endpoint);
if (is_null($thisEndpoint)) {
return $this->_errorOutput('Invalid Endpoint', $returnType, 404);
}
if (!isset($params['key']) || empty($params['key'])) {
return $this->_errorOutput('You must provide an API key', $returnType, 403);
}
$apiApp = new Ot_Model_DbTable_ApiApp();
$thisApp = $apiApp->getAppByKey($params['key']);
if (is_null($thisApp)) {
return $this->_errorOutput('Invalid API key', $returnType, 403);
}
$otAccount = new Ot_Model_DbTable_Account();
$thisAccount = $otAccount->getByAccountId($thisApp->accountId);
if (is_null($thisAccount)) {
return $this->_errorOutput('No user found for this API key', $returnType, 403);
}
$acl = new Ot_Acl('remote');
if (count($thisAccount->role) > 1) {
$roles = array();
// Get role names from the list of role Ids
foreach ($thisAccount->role as $r) {
$roles[] = $acl->getRole($r);
}
// Create a new role that inherits from all the returned roles
$roleName = implode(',', $roles);
$thisAccount->role = $roleName;
$acl->addRole(new Zend_Acl_Role($roleName), $roles);
} elseif (count($thisAccount->role) == 1) {
$thisAccount->role = array_pop($thisAccount->role);
}
if (!$acl->hasRole($thisAccount->role)) {
$thisAccount->role = $vr->getVar('defaultRole')->getValue();
}
$role = $thisAccount->role;
if ($role == '' || !$acl->hasRole($role)) {
$role = $vr->getVar('defaultRole')->getValue();
}
// the api "module" here is really a kind of placeholder
$aclResource = 'api_' . strtolower($thisEndpoint->getName());
Zend_Auth::getInstance()->getStorage()->write($thisAccount);
} catch (Exception $e) {
return $this->_errorOutput($e->getMessage(), $returnType);
}
$data = array();
$apiObject = $thisEndpoint->getEndpointObj();
if ($this->_request->isPost()) {
if (!$acl->isAllowed($role, $aclResource, 'post')) {
return $this->_errorOutput('You do not have permission to access this endpoint with POST', $returnType, 403);
}
try {
$data = $apiObject->post($params);
} catch (Exception $e) {
return $this->_errorOutput($e->getMessage(), $returnType);
}
} else {
if ($this->_request->isPut()) {
if (!$acl->isAllowed($role, $aclResource, 'put')) {
return $this->_errorOutput('You do not have permission to access this endpoint with PUT', $returnType, 403);
}
try {
$data = $apiObject->put($params);
} catch (Exception $e) {
return $this->_errorOutput($e->getMessage(), $returnType);
}
} else {
if ($this->_request->isDelete()) {
if (!$acl->isAllowed($role, $aclResource, 'delete')) {
return $this->_errorOutput('You do not have permission to access this endpoint with DELETE', $returnType, 403);
}
try {
$data = $apiObject->delete($params);
} catch (Exception $e) {
return $this->_errorOutput($e->getMessage(), $returnType);
}
} else {
if (!$acl->isAllowed($role, $aclResource, 'get')) {
return $this->_errorOutput('You do not have permission to access this endpoint with GET', $returnType, 403);
}
try {
$data = $apiObject->get($params);
} catch (Exception $e) {
return $this->_errorOutput($e->getMessage(), $returnType);
}
}
}
}
return $this->_validOutput($data, $returnType);
}
