public static function handler($data = null) { if (isset($_SESSION['done_autoauth'])) { return; } if (empty($_SERVER['SSL_CLIENT_RAW_CERT'])) { return self::done(); } if (Session::isLoggedIn()) { return self::done(); } $certs = new certs(ConnectionFactory::get('mongo'), ConnectionFactory::get('redis')); $userId = $certs->check($_SERVER['SSL_CLIENT_RAW_CERT']); if ($userId == NULL) { return self::done(); } $users = new users(ConnectionFactory::get('mongo')); $user = $users->get($userId, false); if (empty($user)) { return; } if (!in_array('autoauth', $user['auths'])) { return self::done(); } if ($user['status'] == users::ACCT_LOCKED) { return self::done(); } Session::setBatchVars($user); return self::done(); }
protected function certificate_remove() { // Delete if (!Session::isLoggedIn()) { return Error::set('You are not logged in!'); } if (empty($_POST['hash'])) { return Error::set('No certificate hash was found.'); } $certs = new certs(ConnectionFactory::get('mongo'), ConnectionFactory::get('redis')); $cert = $certs->get($_POST['hash'], false); if ($cert == null) { return Error::set('Invalid certificate hash.'); } if (substr($cert, 0, strpos($cert, ':')) != Session::getVar('_id')) { return Error::set('You are not allowed to remove this certificate.'); } $users = new users(ConnectionFactory::get('mongo')); $users->removeCert(Session::getVar('_id'), $_POST['hash']); $certs->removeCert($_POST['hash']); header('Location: ' . Url::format('/user/settings')); }
private function checkCAP($username, $password) { $user = $this->get($username); // Check password authentication if (empty($user)) { return false; } if (!in_array('cert+pass', $user['auths'])) { return false; } if ($user['password'] != $this->hash($password, $username)) { return false; } // Check certificate authentication $certs = new certs(ConnectionFactory::get('mongo'), ConnectionFactory::get('redis')); $userId = $certs->check($_SERVER['SSL_CLIENT_RAW_CERT']); if ($userId == null) { return false; } if ($userId != $user['_id']) { return false; } return $user; }