File indexing completed on 2024-05-12 05:58:38
0001 <?php 0002 0003 /** 0004 * ocs-webserver 0005 * 0006 * Copyright 2016 by pling GmbH. 0007 * 0008 * This file is part of ocs-webserver. 0009 * 0010 * This program is free software: you can redistribute it and/or modify 0011 * it under the terms of the GNU Affero General Public License as 0012 * published by the Free Software Foundation, either version 3 of the 0013 * License, or (at your option) any later version. 0014 * 0015 * This program is distributed in the hope that it will be useful, 0016 * but WITHOUT ANY WARRANTY; without even the implied warranty of 0017 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 0018 * GNU Affero General Public License for more details. 0019 * 0020 * You should have received a copy of the GNU Affero General Public License 0021 * along with this program. If not, see <http://www.gnu.org/licenses/>. 0022 * 0023 * Created: 16.12.2016 0024 **/ 0025 class OAuthController extends Zend_Controller_Action 0026 { 0027 0028 const PARAM_NAME_PROVIDER = 'provider'; 0029 const ERR_MSG_DEFAULT = '<p class="text-danger center">An error occurred while trying authenticate you. Please try later or try our local login or register.</p>'; 0030 0031 /** 0032 * @inheritDoc 0033 */ 0034 public function init() 0035 { 0036 parent::init(); 0037 0038 $this->_helper->layout()->disableLayout(); 0039 $this->_helper->viewRenderer->setNoRender(true); 0040 } 0041 0042 /** 0043 * @throws Zend_Exception 0044 */ 0045 public function loginAction() 0046 { 0047 $filterInput = new Zend_Filter_Input(array('*' => array('StringTrim', 'StripTags')), 0048 array(self::PARAM_NAME_PROVIDER => array('Alpha', 'presence' => 'required')), $this->getAllParams()); 0049 0050 if ($filterInput->hasInvalid()) { 0051 Zend_Registry::get('logger')->warn(__METHOD__ . ' - ' . print_r($this->getAllParams(), true)); 0052 $this->_helper->flashMessenger->addMessage(self::ERR_MSG_DEFAULT); 0053 $this->forward('index', 'explore', 'default'); 0054 0055 return; 0056 } 0057 0058 $data = array( 0059 'remember_me' => true, 0060 'redirect' => $this->getParam('redirect'), 0061 'action' => Default_Model_SingleSignOnToken::ACTION_LOGIN 0062 ); 0063 $token_id = $this->createAToken($data); 0064 0065 /** @var Default_Model_OAuth_Ocs $authAdapter */ 0066 $authAdapter = Default_Model_OAuth::factory($this->getParam(self::PARAM_NAME_PROVIDER)); 0067 $requestUrl = $authAdapter->authStartWithToken($token_id); 0068 0069 $this->redirect($requestUrl); 0070 } 0071 0072 /** 0073 * @param $data 0074 * 0075 * @return string 0076 * @throws Zend_Cache_Exception 0077 * @throws Zend_Exception 0078 */ 0079 protected function createAToken($data) 0080 { 0081 $modelToken = new Default_Model_SingleSignOnToken(); 0082 $token_id = $modelToken->createToken($data); 0083 setcookie(Default_Model_SingleSignOnToken::ACTION_LOGIN, $token_id, time() + 120, '/', 0084 Local_Tools_ParseDomain::get_domain($this->getRequest()->getHttpHost()), null, true); 0085 0086 return $token_id; 0087 } 0088 0089 /** 0090 * @throws Exception 0091 * @throws Zend_Exception 0092 */ 0093 public function githubAction() 0094 { 0095 /** @var Default_Model_Oauth_Github $authAdapter */ 0096 $authAdapter = Default_Model_OAuth::factory('github'); 0097 $access_token = $authAdapter->authFinish($this->getAllParams()); 0098 0099 if (false == $authAdapter->isConnected()) { 0100 $this->_helper->flashMessenger->addMessage(self::ERR_MSG_DEFAULT); 0101 $this->forward('index', 'explore', 'default'); 0102 } 0103 0104 $authResult = $authAdapter->authenticate(); 0105 0106 switch ($authResult->getCode()) { 0107 0108 case Zend_Auth_Result::SUCCESS: 0109 Zend_Registry::get('logger')->info(__METHOD__ . ' - authentication successful - member_id: ' . Zend_Auth::getInstance() 0110 ->getIdentity()->member_id) 0111 ; 0112 break; 0113 0114 case Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND: 0115 $registerResult = $authAdapter->registerLocal(); 0116 if (false === $registerResult->isValid()) { 0117 Zend_Registry::get('logger')->info(__METHOD__ . ' - ip: ' . $this->_request->getClientIp() 0118 . ' - registration from social provider failed.' . PHP_EOL . print_r($registerResult->getMessages(), true)) 0119 ; 0120 $this->_helper->flashMessenger->addMessage(self::ERR_MSG_DEFAULT); 0121 $this->forward('index', 'explore', 'default'); 0122 0123 return; 0124 } else { 0125 $this->_helper->flashMessenger->addMessage('Your account was created. Please set a password.'); 0126 //New Github-User was created, now let him set a password 0127 $this->redirect('/password/setpassword'); 0128 0129 return; 0130 0131 } 0132 Zend_Registry::get('logger')->info(__METHOD__ . ' - registration from social provider successful - member_id: ' 0133 . Zend_Auth::getInstance()->getIdentity()->member_id) 0134 ; 0135 break; 0136 0137 case Zend_Auth_Result::FAILURE_UNCATEGORIZED: 0138 case Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID: 0139 case Zend_Auth_Result::FAILURE_IDENTITY_AMBIGUOUS: 0140 case Zend_Auth_Result::FAILURE: 0141 Zend_Registry::get('logger')->info(__METHOD__ . ' - ip: ' . $this->_request->getClientIp() 0142 . ' - authentication failed.') 0143 ; 0144 $this->_helper->flashMessenger->addMessage(self::ERR_MSG_DEFAULT); 0145 $this->forward('index', 'explore', 'default'); 0146 0147 return; 0148 } 0149 0150 $modelToken = new Default_Model_SingleSignOnToken(); 0151 $modelToken->addData($this->getParam('state'), array( 0152 'member_id' => Zend_Auth::getInstance()->getIdentity()->member_id, 0153 'auth_result' => $authResult->isValid() 0154 )); 0155 0156 $authAdapter->storeAccessToken($access_token); 0157 $redirect_url = $authAdapter->getRedirect(); 0158 0159 if (false === $redirect_url) { 0160 $this->forward('products', 'user'); 0161 0162 return; 0163 } 0164 $this->redirect($redirect_url); 0165 } 0166 0167 /** 0168 * @throws Exception 0169 * @throws Zend_Exception 0170 */ 0171 public function ocsAction() 0172 { 0173 /** @var Default_Model_Oauth_Ocs $authAdapter */ 0174 $authAdapter = Default_Model_OAuth::factory('ocs'); 0175 $access_token = $authAdapter->authFinish($this->getAllParams()); 0176 0177 if (false == $authAdapter->isConnected()) { 0178 $this->_helper->flashMessenger->addMessage(self::ERR_MSG_DEFAULT); 0179 $this->forward('index', 'explore', 'default'); 0180 0181 return; 0182 } 0183 0184 $authResult = $authAdapter->authenticate(); 0185 Zend_Registry::get('logger')->info(__METHOD__ . ' - AuthResult: ' . print_r($authResult, true)); 0186 Zend_Registry::get('logger')->info(__METHOD__ . ' - AuthResult: ' . print_r($authResult->isValid(), true)); 0187 if (false == $authResult->isValid()) { 0188 Zend_Registry::get('logger')->info(__METHOD__ . '(' . __LINE__ . ')' . ' - ip: ' . $this->_request->getClientIp() 0189 . ' - authentication failed.') 0190 ; 0191 $this->_helper->flashMessenger->addMessage(self::ERR_MSG_DEFAULT); 0192 $this->forward('index', 'explore', 'default'); 0193 0194 return; 0195 } 0196 0197 Zend_Registry::get('logger')->info(__METHOD__ . ' - authentication successful - member_id: ' . Zend_Auth::getInstance() 0198 ->getIdentity()->member_id) 0199 ; 0200 0201 $modelToken = new Default_Model_SingleSignOnToken(); 0202 $modelToken->addData($this->getParam('state'), array( 0203 'member_id' => Zend_Auth::getInstance()->getIdentity()->member_id, 0204 'auth_result' => $authResult->isValid() 0205 )); 0206 0207 $authAdapter->storeAccessToken($access_token); 0208 $redirect_url = $authAdapter->getRedirect(); 0209 0210 if (false === $redirect_url) { 0211 $this->forward('products', 'user'); 0212 0213 return; 0214 } 0215 $this->redirect($redirect_url); 0216 } 0217 0218 /** 0219 * @throws Zend_Exception 0220 */ 0221 public function registerAction() 0222 { 0223 $filterInput = new Zend_Filter_Input(array('*' => array('StringTrim', 'StripTags')), 0224 array(self::PARAM_NAME_PROVIDER => array('Alpha', 'presence' => 'required')), $this->getAllParams()); 0225 0226 if (false == $filterInput->isValid(self::PARAM_NAME_PROVIDER)) { 0227 Zend_Registry::get('logger')->warn(__METHOD__ . ' - ' . print_r($this->getAllParams(), true)); 0228 $this->_helper->flashMessenger->addMessage(self::ERR_MSG_DEFAULT); 0229 $this->forward('index', 'explore', 'default'); 0230 0231 return; 0232 } 0233 0234 $authAdapter = Default_Model_OAuth::factory($filterInput->getEscaped(self::PARAM_NAME_PROVIDER)); 0235 $authAdapter->authStart($this->getParam('redirect')); 0236 } 0237 0238 }