/**
* (non-PHPdoc)
* @see common_user_auth_Adapter::authenticate()
*/
public function authenticate()
{
//$headers = $this->request->getHeaders();
if (!isset($_SERVER['PHP_AUTH_USER']) or $_SERVER['PHP_AUTH_USER'] == "") {
throw new \oat\oatbox\user\LoginFailedException(array('Rest (Basic) login failed for user (missing login/password)'));
}
return LoginService::authenticate($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
}
/**
* authenticate a user
*
* @access public
* @author Jerome Bogaerts, <*****@*****.**>
* @param string login
* @param string password
* @return boolean
* @deprecated
*/
public function loginUser($login, $password)
{
$returnValue = (bool) false;
try {
$returnValue = LoginService::login($login, $password);
} catch (core_kernel_users_Exception $ue) {
common_Logger::e("A fatal error occured at user login time: " . $ue->getMessage());
}
return (bool) $returnValue;
}
public function testFuncACL()
{
$baseRole = $this->testrole;
$srv = tao_models_classes_UserService::singleton();
$generisUser = new core_kernel_users_GenerisUser($this->user);
$this->assertTrue(LoginService::startSession($generisUser));
// -- Test uri creation
$emauri = FUNCACL_NS . '#a_tao_Users_add';
$emaurimod = FUNCACL_NS . '#m_tao_Users';
$makeemauri = funcAcl_models_classes_AccessService::singleton()->makeEMAUri('tao', 'Users', 'add');
$makeemaurimod = funcAcl_models_classes_AccessService::singleton()->makeEMAUri('tao', 'Users');
$this->assertEquals($emauri, $makeemauri);
$this->assertEquals($emaurimod, $makeemaurimod);
$funcAclImp = new funcAcl_models_classes_FuncAcl();
// -- Try to access a restricted action
$this->assertFalse($funcAclImp->hasAccess('add', 'Users', 'tao'));
// -- Try to access a unrestricted action
// (BACKOFFICE has access to the backend login action because it includes the TAO Role)
$this->assertTrue($funcAclImp->hasAccess('login', 'Main', 'tao'));
// -- Try to access an action that does not exist.
$this->assertFalse($funcAclImp->hasAccess('action', 'Unknown', 'tao'));
// -- Try to access a unrestricted action
// Add access for this action to the Manager role.
funcAcl_models_classes_ActionAccessService::singleton()->add($this->testRole->getUri(), $makeemauri);
// Add the Manager role the the currently tested user
tao_models_classes_UserService::singleton()->attachRole($this->user, $this->testRole);
// Logoff/login, to refresh roles cache
$this->assertTrue(LoginService::startSession($generisUser));
// Ask for access
$this->assertTrue($funcAclImp->hasAccess('add', 'Users', 'tao'));
// Remove the access to this action from the Manager role
funcAcl_models_classes_ActionAccessService::singleton()->remove($this->testRole->getUri(), $makeemauri);
// We should not have access anymore to this action with the Manager role
$this->assertFalse($funcAclImp->hasAccess('add', 'Users', 'tao'));
// -- Give access to the entire module and try to access the previously tested action
funcAcl_models_classes_ModuleAccessService::singleton()->add($this->testRole->getUri(), $makeemaurimod);
$this->assertTrue($funcAclImp->hasAccess('add', 'Users', 'tao'));
// -- Remove the entire module access and try again
funcAcl_models_classes_ModuleAccessService::singleton()->remove($this->testRole->getUri(), $makeemaurimod);
$this->assertFalse($funcAclImp->hasAccess('add', 'Users', 'tao'));
// reset
funcAcl_models_classes_ModuleAccessService::singleton()->add($this->testRole->getUri(), $makeemaurimod);
// Unattach role from user
tao_models_classes_UserService::singleton()->unnatachRole($this->user, $this->testRole);
}
/**
* Authentication form,
* default page, main entry point to the user
*
* @return void
*/
public function login()
{
$params = array();
if ($this->hasRequestParameter('redirect')) {
$redirectUrl = $_REQUEST['redirect'];
if (substr($redirectUrl, 0, 1) == '/' || substr($redirectUrl, 0, strlen(ROOT_URL)) == ROOT_URL) {
$params['redirect'] = $redirectUrl;
}
}
$myLoginFormContainer = new tao_actions_form_Login($params);
$myForm = $myLoginFormContainer->getForm();
if ($myForm->isSubmited()) {
if ($myForm->isValid()) {
$success = LoginService::login($myForm->getValue('login'), $myForm->getValue('password'));
if ($success) {
\common_Logger::i("Successful login of user '" . $myForm->getValue('login') . "'.");
if ($this->hasRequestParameter('redirect') && tao_models_classes_accessControl_AclProxy::hasAccessUrl($_REQUEST['redirect'])) {
$this->redirect($_REQUEST['redirect']);
} else {
$this->redirect(_url('entry', 'Main'));
}
} else {
\common_Logger::i("Unsuccessful login of user '" . $myForm->getValue('login') . "'.");
$this->setData('errorMessage', __('Invalid login or password. Please try again.'));
}
}
}
$this->setData('form', $myForm->render());
$this->setData('title', __("TAO Login"));
$this->setData('messageServiceIsAvailable', MessagingService::singleton()->isAvailable());
if ($this->hasRequestParameter('msg')) {
$this->setData('msg', $this->getRequestParameter('msg'));
}
$this->setData('content-template', array('blocks/login.tpl', 'tao'));
$this->setView('layout.tpl', 'tao');
}
/**
* Authentication form,
* default page, main entry point to the user
*
* @return void
*/
public function login()
{
$extension = \common_ext_ExtensionsManager::singleton()->getExtensionById('tao');
$config = $extension->getConfig('login');
$disableAutocomplete = !empty($config['disableAutocomplete']);
$params = array('disableAutocomplete' => $disableAutocomplete);
if ($this->hasRequestParameter('redirect')) {
$redirectUrl = $_REQUEST['redirect'];
if (substr($redirectUrl, 0, 1) == '/' || substr($redirectUrl, 0, strlen(ROOT_URL)) == ROOT_URL) {
$params['redirect'] = $redirectUrl;
}
}
$myLoginFormContainer = new tao_actions_form_Login($params);
$myForm = $myLoginFormContainer->getForm();
if ($myForm->isSubmited()) {
if ($myForm->isValid()) {
$success = LoginService::login($myForm->getValue('login'), $myForm->getValue('password'));
$eventManager = $this->getServiceManager()->get(EventManager::CONFIG_ID);
if ($success) {
\common_Logger::i("Successful login of user '" . $myForm->getValue('login') . "'.");
$eventManager->trigger(new LoginSucceedEvent($myForm->getValue('login')));
if ($this->hasRequestParameter('redirect') && tao_models_classes_accessControl_AclProxy::hasAccessUrl($_REQUEST['redirect'])) {
$this->redirect($_REQUEST['redirect']);
} else {
$this->forward('entry');
}
} else {
\common_Logger::i("Unsuccessful login of user '" . $myForm->getValue('login') . "'.");
$eventManager->trigger(new LoginFailedEvent($myForm->getValue('login')));
$this->setData('errorMessage', __('Invalid login or password. Please try again.'));
}
}
}
$renderedForm = $myForm->render();
// replace the login form by a fake form that will delegate the submit to the real form
// this will allow to prevent the browser ability to cache login/password
if ($disableAutocomplete) {
// make a copy of the form and replace the form attributes
$fakeForm = preg_replace('/<form[^>]+>/', '<div class="form loginForm fakeForm">', $renderedForm);
$fakeForm = str_replace('</form>', '</div>', $fakeForm);
// replace the password field by a text field in the actual form,
// so the browser won't detect it and won't be able to cache the credentials
$renderedForm = preg_replace('/type=[\'"]+password[\'"]+/', 'type="text"', $renderedForm);
// hide the actual form,
// it will be submitted through javascript delegation
$renderedForm = preg_replace_callback('/<form([^>]+)>/', function ($matches) {
$str = $matches[0];
if (false !== strpos($str, ' style=')) {
$str = preg_replace('/ style=([\'"]+)([^\'"]+)([\'"]+)/', ' style=$1$2;display:none;$3', $str);
} else {
$str = '<form' . $matches[1] . ' style="display:none;">';
}
return $str;
}, $renderedForm);
// the fake form will be displayed instead of the actual form,
// it will behave like the actual form
$renderedForm .= $fakeForm;
}
$this->setData('form', $renderedForm);
$this->setData('title', __("TAO Login"));
$entryPointService = $this->getServiceManager()->getServiceManager()->get(EntryPointService::SERVICE_ID);
$this->setData('entryPoints', $entryPointService->getEntryPoints(EntryPointService::OPTION_PRELOGIN));
if ($this->hasRequestParameter('msg')) {
$this->setData('msg', $this->getRequestParameter('msg'));
}
$this->setData('content-template', array('blocks/login.tpl', 'tao'));
$this->setView('layout.tpl', 'tao');
}
/**
* Log in a user into Generis that has one of the provided $allowedRoles.
*
* @access public
* @author Jerome Bogaerts, <*****@*****.**>
* @param string login The login of the user.
* @param string password the md5 hash of the password.
* @param allowedRoles A Role or an array of Roles that are allowed to be logged in. If the user has a Role that matches one or more Roles in this array, the login request will be accepted.
* @return boolean
*/
public function login($login, $password, $allowedRoles)
{
return LoginService::login($login, $password);
}