WebSVN – oidplus – Blame – /trunk/plugins/viathinksoft/raPages/092_invite/OIDplusPageRaInvite.class.php

Rev	Author	Line No.	Line
635	daniel-mar	1	<?php
		2
		3	/*
		4	* OIDplus 2.0
1086	daniel-mar	5	* Copyright 2019 - 2023 Daniel Marschall, ViaThinkSoft
635	daniel-mar	6	*
		7	* Licensed under the Apache License, Version 2.0 (the "License");
		8	* you may not use this file except in compliance with the License.
		9	* You may obtain a copy of the License at
		10	*
		11	* http://www.apache.org/licenses/LICENSE-2.0
		12	*
		13	* Unless required by applicable law or agreed to in writing, software
		14	* distributed under the License is distributed on an "AS IS" BASIS,
		15	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
		16	* See the License for the specific language governing permissions and
		17	* limitations under the License.
		18	*/
		19
1050	daniel-mar	20	namespace ViaThinkSoft\OIDplus;
635	daniel-mar	21
1086	daniel-mar	22	// phpcs:disable PSR1.Files.SideEffects
		23	\defined('INSIDE_OIDPLUS') or die;
		24	// phpcs:enable PSR1.Files.SideEffects
		25
635	daniel-mar	26	class OIDplusPageRaInvite extends OIDplusPagePluginRa {
		27
1116	daniel-mar	28	/**
		29	* @param array $params
1143	daniel-mar	30	* @return array
1116	daniel-mar	31	* @throws OIDplusException
		32	* @throws OIDplusMailException
		33	*/
1293	daniel-mar	34	private function action_Request(array $params): array {
1410	daniel-mar	35	$email = $params['email'] ?? "";
635	daniel-mar	36
1293	daniel-mar	37	OIDplus::getActiveCaptchaPlugin()->captchaVerify($params, 'captcha');
635	daniel-mar	38
1293	daniel-mar	39	$this->inviteSecurityCheck($email);
635	daniel-mar	40
1410	daniel-mar	41	$by = OIDplus::authUtils()->isAdminLoggedIn() ? 'the system administrator' : 'a superior Registration Authority';
		42	OIDplus::logger()->log("V2:[INFO]RA(%1)", "RA '%1' has been invited by %2", $email, $by);
		43
1293	daniel-mar	44	$activate_url = OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL) . '?goto='.urlencode('oidplus:activate_ra$'.$email.'$'.OIDplus::authUtils()->makeAuthKey(['ed840c3e-f4fa-11ed-b67e-3c4a92df8582',$email]));
635	daniel-mar	45
1293	daniel-mar	46	$message = $this->getInvitationText($email);
		47	$message = str_replace('{{ACTIVATE_URL}}', $activate_url, $message);
635	daniel-mar	48
1293	daniel-mar	49	OIDplus::mailUtils()->sendMail($email, OIDplus::config()->getValue('system_title').' - Invitation', $message);
635	daniel-mar	50
1293	daniel-mar	51	return array("status" => 0);
		52	}
635	daniel-mar	53
1293	daniel-mar	54	/**
		55	* @param array $params
		56	* @return array
		57	* @throws OIDplusException
		58	* @throws OIDplusMailException
		59	*/
		60	private function action_Activate(array $params): array {
		61	_CheckParamExists($params, 'password1');
		62	_CheckParamExists($params, 'password2');
		63	_CheckParamExists($params, 'email');
		64	_CheckParamExists($params, 'auth');
635	daniel-mar	65
1293	daniel-mar	66	$password1 = $params['password1'];
		67	$password2 = $params['password2'];
		68	$email = $params['email'];
		69	$auth = $params['auth'];
635	daniel-mar	70
1293	daniel-mar	71	if (!OIDplus::authUtils()->validateAuthKey(['ed840c3e-f4fa-11ed-b67e-3c4a92df8582',$email], $auth, OIDplus::config()->getValue('max_ra_invite_time',-1))) {
		72	throw new OIDplusException(_L('Invalid or expired authentication key'));
		73	}
635	daniel-mar	74
1410	daniel-mar	75	if (!$email \|\| !OIDplus::mailUtils()->validMailAddress($email)) {
		76	throw new OIDplusException(_L('Invalid email address'));
		77	}
		78
1293	daniel-mar	79	if ($password1 !== $password2) {
		80	throw new OIDplusException(_L('Passwords do not match'));
		81	}
635	daniel-mar	82
1293	daniel-mar	83	if (strlen($password1) < OIDplus::config()->getValue('ra_min_password_length')) {
		84	$minlen = OIDplus::config()->getValue('ra_min_password_length');
		85	throw new OIDplusException(_L('Password is too short. Need at least %1 characters',$minlen));
		86	}
635	daniel-mar	87
1293	daniel-mar	88	OIDplus::logger()->log("V2:[OK]RA(%1)", "RA '%1' has been registered due to invitation", $email);
635	daniel-mar	89
1293	daniel-mar	90	$ra = new OIDplusRA($email);
		91	$ra->register_ra($password1);
635	daniel-mar	92
1293	daniel-mar	93	return array("status" => 0);
		94	}
635	daniel-mar	95
1293	daniel-mar	96	/**
		97	* @param string $actionID
		98	* @param array $params
		99	* @return array
		100	* @throws OIDplusException
		101	* @throws OIDplusMailException
		102	*/
		103	public function action(string $actionID, array $params): array {
		104	if ($actionID == 'invite_ra') {
		105	return $this->action_Request($params);
		106	} else if ($actionID == 'activate_ra') {
		107	return $this->action_Activate($params);
635	daniel-mar	108	} else {
1116	daniel-mar	109	return parent::action($actionID, $params);
635	daniel-mar	110	}
		111	}
		112
1116	daniel-mar	113	/**
		114	* @param bool $html
		115	* @return void
		116	* @throws OIDplusException
		117	*/
		118	public function init(bool $html=true) {
635	daniel-mar	119	OIDplus::config()->prepareConfigKey('max_ra_invite_time', 'Max RA invite time in seconds (0 = infinite)', '0', OIDplusConfig::PROTECTION_EDITABLE, function($value) {
		120	if (!is_numeric($value) \|\| ($value < 0)) {
		121	throw new OIDplusException(_L('Please enter a valid value.'));
		122	}
		123	});
		124	OIDplus::config()->prepareConfigKey('ra_invitation_enabled', 'May RAs be invited? (0=no, 1=yes)', '1', OIDplusConfig::PROTECTION_EDITABLE, function($value) {
		125	if (($value != 0) && ($value != 1)) {
		126	throw new OIDplusException(_L('Please enter a valid value (0=no, 1=yes).'));
		127	}
		128	});
		129	}
		130
1116	daniel-mar	131	/**
		132	* @param string $id
		133	* @param array $out
		134	* @param bool $handled
		135	* @return void
		136	* @throws OIDplusException
		137	*/
		138	public function gui(string $id, array &$out, bool &$handled) {
635	daniel-mar	139	if (explode('$',$id)[0] == 'oidplus:invite_ra') {
		140	$handled = true;
		141
1410	daniel-mar	142	$email = explode('$',$id)[1] ?? null;
		143	$origin = explode('$',$id)[2] ?? "oidplus:system";
635	daniel-mar	144
		145	$out['title'] = _L('Invite a Registration Authority');
		146
		147	if (!OIDplus::config()->getValue('ra_invitation_enabled')) {
1206	daniel-mar	148	throw new OIDplusException(_L('Invitations are disabled by the administrator.'), $out['title']);
635	daniel-mar	149	}
		150
801	daniel-mar	151	$out['icon'] = OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/invite_icon.png';
635	daniel-mar	152
		153	try {
		154	$this->inviteSecurityCheck($email);
1470	daniel-mar	155	$message = $this->getInvitationText($email);
		156	$message = str_replace('{{ACTIVATE_URL}}', '[...]', $message); // secret. Will only be shown in the email to the invited person
635	daniel-mar	157
1470	daniel-mar	158	$out['text'] .= '<p>'._L('You have chosen to invite %1 as a Registration Authority. If you click "Send invitation", the following email will be sent to %2:','<b>'.$email.'</b>',$email).'</p><p><i>'.nl2br(htmlentities($message)).'</i></p>
635	daniel-mar	159	<form id="inviteForm" action="javascript:void(0);" onsubmit="return OIDplusPageRaInvite.inviteFormOnSubmit();">
		160	<input type="hidden" id="email" value="'.htmlentities($email).'"/>
702	daniel-mar	161	<input type="hidden" id="origin" value="'.htmlentities($origin).'"/>
		162	'.OIDplus::getActiveCaptchaPlugin()->captchaGenerate().'
		163	<br>
1410	daniel-mar	164	<input type="button" value="'._L('Cancel').'" onclick="history.back()"><!-- TODO: redirect to $origin instead? -->
635	daniel-mar	165	<input type="submit" value="'._L('Send invitation').'">
		166	</form>';
		167
1050	daniel-mar	168	} catch (\Exception $e) {
635	daniel-mar	169
1201	daniel-mar	170	$htmlmsg = $e instanceof OIDplusException ? $e->getHtmlMessage() : htmlentities($e->getMessage());
1206	daniel-mar	171	throw new OIDplusHtmlException(_L('Error: %1',$htmlmsg), $out['title']);
635	daniel-mar	172
		173	}
		174	} else if (explode('$',$id)[0] == 'oidplus:activate_ra') {
		175	$handled = true;
		176
		177	$email = explode('$',$id)[1];
1283	daniel-mar	178	$auth = explode('$',$id)[2];
635	daniel-mar	179
		180	$out['title'] = _L('Register as Registration Authority');
		181
		182	if (!OIDplus::config()->getValue('ra_invitation_enabled')) {
1206	daniel-mar	183	throw new OIDplusException(_L('Invitations are disabled by the administrator.'), $out['title']);
635	daniel-mar	184	}
		185
801	daniel-mar	186	$out['icon'] = OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/activate_icon.png';
635	daniel-mar	187
		188	$res = OIDplus::db()->query("select * from ###ra where email = ?", array($email));
790	daniel-mar	189	if ($res->any()) {
635	daniel-mar	190	$out['text'] = _L('This RA is already registered and does not need to be invited.');
		191	} else {
1283	daniel-mar	192	if (!OIDplus::authUtils()->validateAuthKey(['ed840c3e-f4fa-11ed-b67e-3c4a92df8582',$email], $auth, OIDplus::config()->getValue('max_ra_invite_time',-1))) {
1206	daniel-mar	193	throw new OIDplusException(_L('Invalid authorization. Is the URL OK?'), $out['title']);
635	daniel-mar	194	} else {
		195	// TODO: like in the FreeOID plugin, we could ask here at least for a name for the RA
		196	$out['text'] = '<p>'._L('E-Mail-Address').': <b>'.$email.'</b></p>
		197
		198	<form id="activateRaForm" action="javascript:void(0);" onsubmit="return OIDplusPageRaInvite.activateRaFormOnSubmit();">
		199	<input type="hidden" id="email" value="'.htmlentities($email).'"/>
		200	<input type="hidden" id="auth" value="'.htmlentities($auth).'"/>
		201	<div><label class="padding_label">'._L('New password').':</label><input type="password" id="password1" value=""/></div>
		202	<div><label class="padding_label">'._L('Repeat').':</label><input type="password" id="password2" value=""/></div>
		203	<br><input type="submit" value="'._L('Register').'">
		204	</form>';
		205	}
		206	}
		207	}
		208	}
		209
1116	daniel-mar	210	/**
		211	* @param array $json
		212	* @param string\|null $ra_email
		213	* @param bool $nonjs
		214	* @param string $req_goto
		215	* @return bool
		216	*/
		217	public function tree(array &$json, string $ra_email=null, bool $nonjs=false, string $req_goto=''): bool {
635	daniel-mar	218	//if (!$ra_email) return false;
		219	//if (!OIDplus::authUtils()->isRaLoggedIn($ra_email) && !OIDplus::authUtils()->isAdminLoggedIn()) return false;
		220
		221	return false;
		222	}
		223
1116	daniel-mar	224	/**
1125	daniel-mar	225	* @param string $email
1116	daniel-mar	226	* @return void
		227	* @throws OIDplusException
		228	*/
1125	daniel-mar	229	private function inviteSecurityCheck(string $email) {
1410	daniel-mar	230	if (!$email \|\| !OIDplus::mailUtils()->validMailAddress($email)) {
		231	throw new OIDplusException(_L('Invalid email address'));
		232	}
		233
635	daniel-mar	234	$res = OIDplus::db()->query("select * from ###ra where email = ?", array($email));
790	daniel-mar	235	if ($res->any()) {
635	daniel-mar	236	throw new OIDplusException(_L('This RA is already registered and does not need to be invited.'));
		237	}
		238
		239	if (!OIDplus::authUtils()->isAdminLoggedIn()) {
		240	// Check if the RA may invite the user (i.e. the they are the parent of an OID of that person)
		241	$ok = false;
		242	$res = OIDplus::db()->query("select parent from ###objects where ra_email = ?", array($email));
		243	while ($row = $res->fetch_array()) {
1120	daniel-mar	244	if (!$row['parent']) continue;
635	daniel-mar	245	$objParent = OIDplusObject::parse($row['parent']);
1116	daniel-mar	246	if (!$objParent) throw new OIDplusException(_L('Type of %1 unknown',$row['parent']));
635	daniel-mar	247	if ($objParent->userHasWriteRights()) {
		248	$ok = true;
		249	}
		250	}
		251	if (!$ok) {
1266	daniel-mar	252	throw new OIDplusHtmlException(_L('You may not invite this RA. Maybe you need to <a %1>log in</a> again.',OIDplus::gui()->link('oidplus:login')), null, 401);
635	daniel-mar	253	}
		254	}
		255	}
		256
1116	daniel-mar	257	/**
1125	daniel-mar	258	* @param string $email
1116	daniel-mar	259	* @return string
		260	* @throws OIDplusException
		261	*/
1125	daniel-mar	262	private function getInvitationText(string $email): string {
635	daniel-mar	263	$list_of_oids = array();
		264	$res = OIDplus::db()->query("select id from ###objects where ra_email = ?", array($email));
		265	while ($row = $res->fetch_array()) {
		266	$list_of_oids[] = $row['id'];
		267	}
1410	daniel-mar	268	if (count($list_of_oids) == 0) {
		269	$list_of_oids[] = '(' . _L('None') . ')';
		270	}
635	daniel-mar	271
		272	$message = file_get_contents(__DIR__ . '/invite_msg.tpl');
		273
		274	// Resolve stuff
801	daniel-mar	275	$message = str_replace('{{SYSTEM_URL}}', OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL), $message);
635	daniel-mar	276	$message = str_replace('{{OID_LIST}}', implode("\n", $list_of_oids), $message);
		277	$message = str_replace('{{ADMIN_EMAIL}}', OIDplus::config()->getValue('admin_email'), $message);
1470	daniel-mar	278	// Note: {{ACTIVATE_URL}} will be resolved by the caller, not here!
635	daniel-mar	279
1130	daniel-mar	280	return str_replace('{{PARTY}}', OIDplus::authUtils()->isAdminLoggedIn() ? 'the system administrator' : 'a superior Registration Authority', $message);
635	daniel-mar	281	}
		282
1116	daniel-mar	283	/**
		284	* @param string $request
		285	* @return array\|false
		286	*/
		287	public function tree_search(string $request) {
635	daniel-mar	288	return false;
		289	}
		290	}

Subversion Repositories oidplus

oidplus/trunk/plugins/viathinksoft/raPages/092_invite/OIDplusPageRaInvite.class.php @ 1282 – Rev 1470