mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
nextcloud/core/Controller/LoginController.php

202 lines
5.7 KiB
PHP
Raw Normal View History

Move login form into controller First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.
2016-04-11 13:08:00 +03:00
<?php
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token
2016-04-25 15:10:55 +03:00
Move login form into controller First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.
2016-04-11 13:08:00 +03:00
/**
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token
2016-04-25 15:10:55 +03:00
* @author Christoph Wurst <christoph@owncloud.com>
Move login form into controller First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.
2016-04-11 13:08:00 +03:00
* @author Lukas Reschke <lukas@owncloud.com>
*
* @copyright Copyright (c) 2016, ownCloud, Inc.
* @license AGPL-3.0
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
namespace OC\Core\Controller;
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token
2016-04-25 15:10:55 +03:00
use OC;
use OC\User\Session;
use OC_App;
use OC_Util;
Move login form into controller First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.
2016-04-11 13:08:00 +03:00
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http\RedirectResponse;
use OCP\AppFramework\Http\TemplateResponse;
use OCP\IConfig;
use OCP\IRequest;
use OCP\ISession;
Move logout to controller Testable code. Yay.
2016-04-18 13:14:07 +03:00
use OCP\IURLGenerator;
Move login form into controller First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.
2016-04-11 13:08:00 +03:00
use OCP\IUser;
use OCP\IUserManager;
class LoginController extends Controller {
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token
2016-04-25 15:10:55 +03:00
Move login form into controller First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.
2016-04-11 13:08:00 +03:00
/** @var IUserManager */
private $userManager;
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token
2016-04-25 15:10:55 +03:00
Move login form into controller First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.
2016-04-11 13:08:00 +03:00
/** @var IConfig */
private $config;
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token
2016-04-25 15:10:55 +03:00
Move login form into controller First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.
2016-04-11 13:08:00 +03:00
/** @var ISession */
private $session;
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token
2016-04-25 15:10:55 +03:00
/** @var Session */
Move login form into controller First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.
2016-04-11 13:08:00 +03:00
private $userSession;
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token
2016-04-25 15:10:55 +03:00
Move logout to controller Testable code. Yay.
2016-04-18 13:14:07 +03:00
/** @var IURLGenerator */
private $urlGenerator;
Move login form into controller First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.
2016-04-11 13:08:00 +03:00
/**
* @param string $appName
* @param IRequest $request
* @param IUserManager $userManager
* @param IConfig $config
* @param ISession $session
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token
2016-04-25 15:10:55 +03:00
* @param Session $userSession
Move logout to controller Testable code. Yay.
2016-04-18 13:14:07 +03:00
* @param IURLGenerator $urlGenerator
Move login form into controller First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.
2016-04-11 13:08:00 +03:00
*/
fix setup
2016-04-27 13:01:13 +03:00
function __construct($appName, IRequest $request, IUserManager $userManager, IConfig $config, ISession $session,
Session $userSession, IURLGenerator $urlGenerator) {
Move login form into controller First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.
2016-04-11 13:08:00 +03:00
parent::__construct($appName, $request);
$this->userManager = $userManager;
$this->config = $config;
$this->session = $session;
$this->userSession = $userSession;
Move logout to controller Testable code. Yay.
2016-04-18 13:14:07 +03:00
$this->urlGenerator = $urlGenerator;
}
/**
* @NoAdminRequired
* @UseSession
*
* @return RedirectResponse
*/
public function logout() {
$loginToken = $this->request->getCookie('oc_token');
if (!is_null($loginToken)) {
$this->config->deleteUserValue($this->userSession->getUser()->getUID(), 'login_token', $loginToken);
}
$this->userSession->logout();
return new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
Move login form into controller First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.
2016-04-11 13:08:00 +03:00
}
/**
* @PublicPage
* @NoCSRFRequired
* @UseSession
*
* @param string $user
* @param string $redirect_url
* @param string $remember_login
*
* @return TemplateResponse
*/
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token
2016-04-25 15:10:55 +03:00
public function showLoginForm($user, $redirect_url, $remember_login) {
if ($this->userSession->isLoggedIn()) {
return new RedirectResponse(OC_Util::getDefaultPageUrl());
Move login form into controller First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.
2016-04-11 13:08:00 +03:00
}
$parameters = array();
show login error
2016-05-04 10:05:03 +03:00
$id = $this->session->getId();
Move login form into controller First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.
2016-04-11 13:08:00 +03:00
$loginMessages = $this->session->get('loginMessages');
$errors = [];
$messages = [];
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token
2016-04-25 15:10:55 +03:00
if (is_array($loginMessages)) {
Move login form into controller First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.
2016-04-11 13:08:00 +03:00
list($errors, $messages) = $loginMessages;
}
$this->session->remove('loginMessages');
foreach ($errors as $value) {
$parameters[$value] = true;
}
$parameters['messages'] = $messages;
Also check for an empty string PHP. Yay.
2016-04-15 20:51:00 +03:00
if (!is_null($user) && $user !== '') {
Rename `username` to `loginName` UID and login name are two different things.
2016-04-15 20:02:19 +03:00
$parameters['loginName'] = $user;
Move login form into controller First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.
2016-04-11 13:08:00 +03:00
$parameters['user_autofocus'] = false;
} else {
Rename `username` to `loginName` UID and login name are two different things.
2016-04-15 20:02:19 +03:00
$parameters['loginName'] = '';
Move login form into controller First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.
2016-04-11 13:08:00 +03:00
$parameters['user_autofocus'] = true;
}
if (!empty($redirect_url)) {
$parameters['redirect_url'] = $redirect_url;
}
$parameters['canResetPassword'] = true;
if (!$this->config->getSystemValue('lost_password_link')) {
Also check for an empty string PHP. Yay.
2016-04-15 20:51:00 +03:00
if (!is_null($user) && $user !== '') {
Move login form into controller First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.
2016-04-11 13:08:00 +03:00
$userObj = $this->userManager->get($user);
if ($userObj instanceof IUser) {
$parameters['canResetPassword'] = $userObj->canChangePassword();
}
}
}
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token
2016-04-25 15:10:55 +03:00
$parameters['alt_login'] = OC_App::getAlternativeLogIns();
$parameters['rememberLoginAllowed'] = OC_Util::rememberLoginAllowed();
Move login form into controller First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.
2016-04-11 13:08:00 +03:00
$parameters['rememberLoginState'] = !empty($remember_login) ? $remember_login : 0;
Also check for an empty string PHP. Yay.
2016-04-15 20:51:00 +03:00
if (!is_null($user) && $user !== '') {
Rename `username` to `loginName` UID and login name are two different things.
2016-04-15 20:02:19 +03:00
$parameters['loginName'] = $user;
Move login form into controller First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.
2016-04-11 13:08:00 +03:00
$parameters['user_autofocus'] = false;
} else {
Rename `username` to `loginName` UID and login name are two different things.
2016-04-15 20:02:19 +03:00
$parameters['loginName'] = '';
Move login form into controller First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.
2016-04-11 13:08:00 +03:00
$parameters['user_autofocus'] = true;
}
return new TemplateResponse(
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token
2016-04-25 15:10:55 +03:00
$this->appName, 'login', $parameters, 'guest'
Move login form into controller First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.
2016-04-11 13:08:00 +03:00
);
}
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token
2016-04-25 15:10:55 +03:00
/**
* @PublicPage
* @UseSession
*
* @param string $user
* @param string $password
* @param string $redirect_url
* @return RedirectResponse
*/
public function tryLogin($user, $password, $redirect_url) {
// TODO: Add all the insane error handling
show login error
2016-05-04 10:05:03 +03:00
$loginResult = $this->userManager->checkPassword($user, $password) !== false;
if (!$loginResult) {
fix setup
2016-04-27 13:01:13 +03:00
$users = $this->userManager->getByEmail($user);
// we only allow login by email if unique
if (count($users) === 1) {
$loginResult = $this->userManager->checkPassword($users[0]->getUID(), $password);
}
}
show login error
2016-05-04 10:05:03 +03:00
if (!$loginResult) {
$id = $this->session->getId();
$this->session->set('loginMessages', [
[],
['invalidpassword']
]);
// Read current user and append if possible
$args = !is_null($user) ? ['user' => $user] : [];
return new RedirectResponse($this->urlGenerator->linkToRoute('core.login.showLoginForm', $args));
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token
2016-04-25 15:10:55 +03:00
}
Add token auth for OCS APIs
2016-04-27 10:38:30 +03:00
$this->userSession->createSessionToken($this->request, $user, $password);
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token
2016-04-25 15:10:55 +03:00
if (!is_null($redirect_url) && $this->userSession->isLoggedIn()) {
fix LoginController unit tests
2016-04-27 17:44:51 +03:00
$location = $this->urlGenerator->getAbsoluteURL(urldecode($redirect_url));
token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token
2016-04-25 15:10:55 +03:00
// Deny the redirect if the URL contains a @
// This prevents unvalidated redirects like ?redirect_url=:user@domain.com
if (strpos($location, '@') === false) {
return new RedirectResponse($location);
}
}
return new RedirectResponse($this->urlGenerator->linkTo('files', 'index'));
}
Move login form into controller First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.
2016-04-11 13:08:00 +03:00
}