/**
* Applies a single step of the upgrade.
*/
function applyStep()
{
header('Content-Type: application/json');
$cache = \Cache::instance();
$token = new SecurityToken();
if (!$this->f3->exists('POST.step')) {
$this->f3->status(401);
print json_encode(array('status' => 'error', 'error' => 'unauthorized', 'error_description' => $this->t('Unauthorized')));
return;
}
$payload = $token->getPayload($this->f3->get('POST.step'));
if ($payload == null) {
$this->f3->status(401);
print json_encode(array('status' => 'error', 'error' => 'unauthorized', 'error_description' => $this->t('Unauthorized')));
return;
}
$upgid = $payload['upgid'];
$step = $payload['step'];
$upgrade = $cache->get($payload['upgid'] . '.upgrade');
if ($upgrade === false) {
$this->f3->status(500);
print json_encode(array('status' => 'error', 'error' => 'upgrade_error', 'error_description' => $this->t('Upgrade not found')));
return;
}
$function = $upgrade['list'][$step];
$upgrade['results'] .= $this->f3->call($function);
$next = $token->generate(array('upgid' => $upgid, 'step' => $step + 1), SecurityToken::OPTION_BIND_SESSION);
if ($step < count($upgrade['list']) - 1) {
print json_encode(array('status' => 'next', 'next' => $next, 'progress' => $this->f3->format('{0,number,percent}', ($step + 1) / count($upgrade['list']))));
} else {
print json_encode(array('status' => 'complete', 'redirect' => 'complete?tk=' . rawurlencode($next)));
}
}
/**
* Creates a auto login cookie. The login cookie will be based on the
* current log in user.
*
* @param string $id the ID of the series of auto login cookies, Cookies
* belonging to the same user and computer have the same ID. If none is specified,
* one will be generated
* @param int $expires the time at which the cookie will expire. If none is specified
* the time specified in {@link SIMPLEID_REMEMBERME_EXPIRES_IN} will be
* used
*
*/
protected function createCookie($id = NULL, $expires = NULL)
{
$user = $this->auth->getUser();
$rand = new Random();
if ($expires == NULL) {
$this->logger->log(LogLevel::DEBUG, 'Automatic login token created for ' . $user['uid']);
} else {
$this->logger->log(LogLevel::DEBUG, 'Automatic login token renewed for ' . $user['uid']);
}
if ($id == NULL) {
$id = $rand->id();
}
if ($expires == NULL) {
$expires = time() + SIMPLEID_LONG_TOKEN_EXPIRES_IN;
}
$data = array('typ' => 'rememberme', 'id' => $id, 'uid' => $user['uid'], 'exp' => $expires, 'uaid' => $this->auth->assignUAID());
$token = new SecurityToken();
$cookie = $token->generate($data);
$this->f3->set('COOKIE.' . $this->cookie_name, $cookie, SIMPLEID_LONG_TOKEN_EXPIRES_IN);
}
/**
* Returns the sites page.
*/
public function apps_sync()
{
// Require HTTPS, redirect if necessary
$this->checkHttps('redirect', true);
$token = new SecurityToken();
$tpl = new \Template();
$this->f3->set('tk', $token->generate('apps', SecurityToken::OPTION_BIND_SESSION));
$this->f3->set('title', $this->t('My Apps'));
$this->f3->set('delete_label', $this->t('Delete'));
$this->f3->set('layout', 'my_apps.html');
print $tpl->render('page.html');
}
/**
* Provides a form for user authorisation of an OAuth client.
*
* @param Request $request the OAuth request
* @param Response $response the OAuth response
* @since 2.0
*/
protected function consentForm($request, $response)
{
$store = StoreManager::instance();
$tpl = new \Template();
$client = $store->loadClient($request['client_id'], 'SimpleID\\Protocols\\OAuth\\OAuthClient');
$form_state = array('rq' => $request, 'rs' => $response);
$application_name = $client->getDisplayName();
$application_type = isset($client['oauth']['application_type']) ? $client['oauth']['application_type'] : '';
$this->f3->set('application_name', $application_name);
if (isset($client['logo_url'])) {
$this->f3->set('logo_url', $client['logo_url']);
}
if (isset($request['scope'])) {
$scopes = $request->paramToArray('scope');
} else {
$scopes = array(self::DEFAULT_SCOPE);
}
usort($scopes, array($this, 'sortScopes'));
$scope_list = array();
foreach ($scopes as $scope) {
$scope_list[$scope] = isset(self::$oauth_scope_settings[$scope]['description']) ? self::$oauth_scope_settings[$scope]['description'] : 'scope ' . $scope;
}
$this->f3->set('scope_list', $scope_list);
if ($client->isDynamic()) {
$this->f3->set('dynamic_label', $this->t('Warning: %application_name did not pre-register with SimpleID. Its identity has not been confirmed.', array('%application_name' => $application_name)));
$this->f3->set('client_dynamic', 'client-dynamic');
}
$client_info = array();
if (isset($client['oauth']['website'])) {
$client_info[] = $this->t('You can visit this application\'s web site at <a href="%url">%url</a>.', array('%url' => $client['oauth']['website']));
}
if (isset($client['oauth']['policy_url'])) {
$client_info[] = $this->t('You can view this application\'s policy on the use of your data at <a href="%url">%url</a>.', array('%url' => $client['oauth']['policy_url']));
}
if (isset($client['oauth']['tos_url'])) {
$client_info[] = $this->t('You can view this application\'s terms of service at <a href="%url">%url</a>.', array('%url' => $client['oauth']['tos_url']));
}
if (isset($client['oauth']['contacts'])) {
$contacts = array();
if (is_array($client['oauth']['contacts'])) {
foreach ($client['oauth']['contacts'] as $contact) {
$contacts[] = '<a href="mailto:' . $this->rfc3986_urlencode($contact) . '">' . $this->f3->clean($contact) . '</a>';
}
} else {
$contacts[] = '<a href="mailto:' . $this->rfc3986_urlencode($client['oauth']['contacts']) . '">' . $this->f3->clean($client['oauth']['contacts']) . '</a>';
}
$client_info[] = $this->t('You can email the developer of this application at: !contacts.', array('!contacts' => implode(', ', $contacts)));
}
$this->f3->set('client_info', $client_info);
$this->f3->set('client_info_label', $this->t('More information'));
$this->f3->set('request_label', $this->t('<strong class="@application_type">%application_name</strong> is requesting access to:', array('@application_type' => $application_type, '%application_name' => $application_name)));
$this->f3->set('dashboard_label', $this->t('You can revoke access at any time under <strong>Dashboard</strong>.'));
$this->f3->set('oauth_consent_label', $this->t('Don\'t ask me again for %application_name.', array('%application_name' => $application_name)));
$this->f3->set('allow_button', $this->t('Allow'));
$this->f3->set('deny_button', $this->t('Deny'));
$token = new SecurityToken();
$this->f3->set('tk', $token->generate('oauth_consent', SecurityToken::OPTION_BIND_SESSION));
$this->f3->set('fs', $token->generate($form_state));
$this->f3->set('logout_destination', '/continue/' . rawurlencode($token->generate($request->toArray())));
$this->f3->set('user_header', true);
$this->f3->set('framekiller', true);
$this->f3->set('title', $this->t('OAuth Login'));
$this->f3->set('page_class', 'dialog-page');
$this->f3->set('layout', 'oauth_consent.html');
$forms = $this->mgr->invokeAll('oAuthConsentForm', $form_state);
uasort($forms, function ($a, $b) {
if ($a['weight'] == $b['weight']) {
return 0;
}
return $a['weight'] < $b['weight'] ? -1 : 1;
});
$this->f3->set('forms', $forms);
header('X-Frame-Options: DENY');
print $tpl->render('page.html');
}
/**
* Returns the dashboard OTP block.
*
* @return array the dashboard OTP block
*/
public function dashboardBlocksHook()
{
$auth = AuthManager::instance();
$user = $auth->getUser();
$base_path = $this->f3->get('base_path');
$token = new SecurityToken();
$tk = $token->generate('otp', SecurityToken::OPTION_BIND_SESSION);
$html = '<p>' . $this->t('Login verification adds an extra layer of protection to your account. When enabled, you will need to enter an additional security code whenever you log into SimpleID.') . '</p>';
if (isset($user['otp'])) {
$html .= '<p>' . $this->t('Login verification is <strong>enabled</strong>.') . '</p>';
$html .= '<form action="' . $base_path . 'auth/otp" method="post" enctype="application/x-www-form-urlencoded"><input type="hidden" name="tk" value="' . $tk . '"/>';
$html .= '<input type="submit" name="op" value="' . $this->t('Disable') . '" /></form>';
} else {
$html .= '<p>' . $this->t('Login verification is <strong>disabled</strong>. To enable login verification, click the button below.') . '</p>';
$html .= '<form action="' . $base_path . 'auth/otp" method="post" enctype="application/x-www-form-urlencoded"><input type="hidden" name="tk" value="' . $tk . '"/>';
$html .= '<input type="submit" name="op" value="' . $this->t('Enable') . '" /></form>';
}
return array(array('id' => 'otp', 'title' => $this->t('Login Verification'), 'content' => $html, 'weight' => 0));
}
/**
* Provides a form for user consent of an OpenID relying party, where the
* {@link simpleid_checkid_identity()} function returns a CHECKID_APPROVAL_REQUIRED
* or CHECKID_RETURN_TO_SUSPECT.
*
* Alternatively, provide a form for the user to rectify the situation where
* {@link simpleid_checkid_identity()} function returns a CHECKID_IDENTITIES_NOT_MATCHING
* or CHECKID_IDENTITY_NOT_EXIST
*
* @param Request $request the original OpenID request
* @param Response $response the proposed OpenID response, subject to user
* verification
* @param int $reason either CHECKID_APPROVAL_REQUIRED, CHECKID_RETURN_TO_SUSPECT,
* CHECKID_IDENTITIES_NOT_MATCHING or CHECKID_IDENTITY_NOT_EXIST
*/
protected function consentForm($request, $response, $reason = self::CHECKID_APPROVAL_REQUIRED)
{
$tpl = new \Template();
$form_state = array('rq' => $request, 'rs' => $response, 'code' => $reason);
$cancel = $response['mode'] == 'cancel';
$realm = $request->getRealm();
if ($cancel) {
$this->f3->set('unable_label', t('Unable to log into <strong class="realm">@realm</strong>.', array('@realm' => $realm)));
$this->f3->set('identity_not_matching_label', t('Your current identity does not match the requested identity %identity.', array('%identity' => $request['openid.identity'])));
$this->f3->set('switch_user_label', t('<a href="!url">Switch to a different user</a> and try again.', array('!url' => simpleid_url('logout', 'destination=continue&s=' . rawurlencode($request_state), true))));
} else {
$base_path = $this->f3->get('base_path');
$form_state['prefs'] = isset($user_clients[$realm]) ? $user_clients[$realm] : array();
$forms = $this->mgr->invokeAll('openIDConsentForm', $form_state);
uasort($forms, function ($a, $b) {
if ($a['weight'] == $b['weight']) {
return 0;
}
return $a['weight'] < $b['weight'] ? -1 : 1;
});
$this->f3->set('forms', $forms);
if ($reason == self::CHECKID_RETURN_TO_SUSPECT) {
$this->f3->set('return_to_suspect', true);
$this->f3->set('suspect_label', t('Warning: This web site has not confirmed its identity and might be fraudulent. Do not share any personal information with this web site unless you are sure it is legitimate. See the <a href="!url" class="popup">SimpleID documentation for details</a> (OpenID version 2.0 return_to discovery failure)', array('!url' => 'http://simpleid.koinic.net/documentation/troubleshooting/returnto-discovery-failure')));
$this->f3->set('js_locale', array('openid_suspect' => addslashes(t('This web site has not confirmed its identity and might be fraudulent.')) . '\\n\\n' . addslashes(t('Are you sure you wish to automatically send your information to this site for any future requests?'))));
$this->f3->set('realm_class', 'return-to-suspect');
}
$this->f3->set('realm_label', $this->t('You are being logged into <strong class="realm">@realm</strong>.', array('@realm' => $realm)));
$this->f3->set('openid_consent_label', $this->t('Automatically send my information to this site for any future requests.'));
$this->f3->set('ok_button', $this->t('OK'));
}
$token = new SecurityToken();
$this->f3->set('tk', $token->generate('openid_consent', SecurityToken::OPTION_BIND_SESSION));
$this->f3->set('fs', $token->generate($form_state));
$this->f3->set('cancel', $cancel);
$this->f3->set('cancel_button', $this->t('Cancel'));
$this->f3->set('logout_destination', '/continue/' . rawurlencode($token->generate($request->toArray())));
$this->f3->set('user_header', true);
$this->f3->set('framekiller', true);
$this->f3->set('title', $this->t('OpenID Login'));
$this->f3->set('page_class', 'dialog-page');
$this->f3->set('layout', 'openid_consent.html');
header('X-Frame-Options: DENY');
print $tpl->render('page.html');
}
/**
* Displays a user login or a login verification form.
*
* @param array $params the F3 parameters
* @param array $form_state the form state
*/
public function loginForm($params = array('destination' => null), $form_state = array('mode' => AuthManager::MODE_CREDENTIALS))
{
$tpl = new \Template();
$config = $this->f3->get('config');
// 1. Check for HTTPS
$this->checkHttps('redirect', true);
// 2. Build the buttons and security messaging
switch ($form_state['mode']) {
case AuthManager::MODE_REENTER_CREDENTIALS:
// Follow through
$this->f3->set('uid', $form_state['uid']);
case AuthManager::MODE_CREDENTIALS:
$security_class = $config['allow_autocomplete'] ? 'allow-autocomplete ' : '';
$this->f3->set('security_class', $security_class);
$this->f3->set('submit_button', $this->t('Log in'));
$this->f3->set('title', $this->t('Log In'));
break;
case AuthManager::MODE_VERIFY:
if (count($forms) == 0) {
return;
}
// Nothing to verify
$this->f3->set('submit_button', $this->t('Verify'));
$this->f3->set('title', $this->t('Verify'));
}
if (isset($form_state['cancel'])) {
$this->f3->set('cancellable', true);
$this->f3->set('cancel_button', $this->t('Cancel'));
}
// 3. Build the forms
if ($form_state['mode'] == AuthManager::MODE_VERIFY && isset($form_state['verify_forms'])) {
$forms = $form_state['verify_forms'];
unset($form_state['verify_forms']);
} else {
$forms = $this->mgr->invokeRefAll('loginForm', $form_state);
uasort($forms, function ($a, $b) {
if ($a['weight'] == $b['weight']) {
return 0;
}
return $a['weight'] < $b['weight'] ? -1 : 1;
});
}
$this->f3->set('forms', $forms);
// 4. We can't use SecurityToken::BIND_SESSION here because the PHP session is not
// yet stable
$token = new SecurityToken();
$this->f3->set('tk', $token->generate('login', SecurityToken::OPTION_NONCE));
$this->f3->set('fs', $token->generate($form_state));
if (isset($params['destination'])) {
$this->f3->set('destination', $params['destination']);
}
$this->f3->set('framekiller', true);
$this->f3->set('page_class', 'dialog-page');
$this->f3->set('layout', 'auth_login.html');
header('X-Frame-Options: DENY');
print $tpl->render('page.html');
}
