Rev 1131 | Rev 1166 | Go to most recent revision | Only display areas with differences | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 1131 | Rev 1143 | ||
|---|---|---|---|
| 1 | <?php |
1 | <?php |
| 2 | 2 | ||
| 3 | /* |
3 | /* |
| 4 | * OIDplus 2.0 |
4 | * OIDplus 2.0 |
| 5 | * Copyright 2019 - 2023 Daniel Marschall, ViaThinkSoft |
5 | * Copyright 2019 - 2023 Daniel Marschall, ViaThinkSoft |
| 6 | * |
6 | * |
| 7 | * Licensed under the Apache License, Version 2.0 (the "License"); |
7 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 8 | * you may not use this file except in compliance with the License. |
8 | * you may not use this file except in compliance with the License. |
| 9 | * You may obtain a copy of the License at |
9 | * You may obtain a copy of the License at |
| 10 | * |
10 | * |
| 11 | * http://www.apache.org/licenses/LICENSE-2.0 |
11 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 12 | * |
12 | * |
| 13 | * Unless required by applicable law or agreed to in writing, software |
13 | * Unless required by applicable law or agreed to in writing, software |
| 14 | * distributed under the License is distributed on an "AS IS" BASIS, |
14 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 16 | * See the License for the specific language governing permissions and |
16 | * See the License for the specific language governing permissions and |
| 17 | * limitations under the License. |
17 | * limitations under the License. |
| 18 | */ |
18 | */ |
| 19 | 19 | ||
| 20 | namespace ViaThinkSoft\OIDplus; |
20 | namespace ViaThinkSoft\OIDplus; |
| 21 | 21 | ||
| 22 | // phpcs:disable PSR1.Files.SideEffects |
22 | // phpcs:disable PSR1.Files.SideEffects |
| 23 | \defined('INSIDE_OIDPLUS') or die; |
23 | \defined('INSIDE_OIDPLUS') or die; |
| 24 | // phpcs:enable PSR1.Files.SideEffects |
24 | // phpcs:enable PSR1.Files.SideEffects |
| 25 | 25 | ||
| 26 | class OIDplusPagePublicLogin extends OIDplusPagePluginPublic { |
26 | class OIDplusPagePublicLogin extends OIDplusPagePluginPublic { |
| 27 | 27 | ||
| 28 | /** |
28 | /** |
| 29 | * @param string $actionID |
29 | * @param string $actionID |
| 30 | * @param array $params |
30 | * @param array $params |
| 31 | * @return int[] |
31 | * @return array |
| 32 | * @throws OIDplusException |
32 | * @throws OIDplusException |
| 33 | */ |
33 | */ |
| 34 | public function action(string $actionID, array $params): array { |
34 | public function action(string $actionID, array $params): array { |
| 35 | // === RA LOGIN/LOGOUT === |
35 | // === RA LOGIN/LOGOUT === |
| 36 | 36 | ||
| 37 | if ($actionID == 'ra_login') { |
37 | if ($actionID == 'ra_login') { |
| 38 | OIDplus::getActiveCaptchaPlugin()->captchaVerify($params, 'captcha'); |
38 | OIDplus::getActiveCaptchaPlugin()->captchaVerify($params, 'captcha'); |
| 39 | 39 | ||
| 40 | _CheckParamExists($params, 'email'); |
40 | _CheckParamExists($params, 'email'); |
| 41 | _CheckParamExists($params, 'password'); |
41 | _CheckParamExists($params, 'password'); |
| 42 | 42 | ||
| 43 | $email = $params['email']; |
43 | $email = $params['email']; |
| 44 | $ra = new OIDplusRA($email); |
44 | $ra = new OIDplusRA($email); |
| 45 | 45 | ||
| 46 | if (empty($email)) { |
46 | if (empty($email)) { |
| 47 | throw new OIDplusException(_L('Please enter a valid email address')); |
47 | throw new OIDplusException(_L('Please enter a valid email address')); |
| 48 | } |
48 | } |
| 49 | 49 | ||
| 50 | if ($ra->checkPassword($params['password'])) { |
50 | if ($ra->checkPassword($params['password'])) { |
| 51 | $remember_me = isset($params['remember_me']) && ($params['remember_me']); |
51 | $remember_me = isset($params['remember_me']) && ($params['remember_me']); |
| 52 | OIDplus::authUtils()->raLoginEx($email, $remember_me, 'Regular login'); |
52 | OIDplus::authUtils()->raLoginEx($email, $remember_me, 'Regular login'); |
| 53 | 53 | ||
| 54 | $authInfo = OIDplus::authUtils()->raGeneratePassword($params['password']); |
54 | $authInfo = OIDplus::authUtils()->raGeneratePassword($params['password']); |
| 55 | 55 | ||
| 56 | // Rehash, so that we always have the latest default auth plugin and params |
56 | // Rehash, so that we always have the latest default auth plugin and params |
| 57 | // Note that we do it every time (unlike PHPs recommended password_needs_rehash), |
57 | // Note that we do it every time (unlike PHPs recommended password_needs_rehash), |
| 58 | // because we are not sure which auth plugin created the hash (there might be multiple |
58 | // because we are not sure which auth plugin created the hash (there might be multiple |
| 59 | // auth plugins that can verify this hash). So we just rehash on every login! |
59 | // auth plugins that can verify this hash). So we just rehash on every login! |
| 60 | $new_authkey = $authInfo->getAuthKey(); |
60 | $new_authkey = $authInfo->getAuthKey(); |
| 61 | 61 | ||
| 62 | OIDplus::db()->query("UPDATE ###ra set last_login = ".OIDplus::db()->sqlDate().", authkey = ? where email = ?", array($new_authkey, $email)); |
62 | OIDplus::db()->query("UPDATE ###ra set last_login = ".OIDplus::db()->sqlDate().", authkey = ? where email = ?", array($new_authkey, $email)); |
| 63 | 63 | ||
| 64 | return array("status" => 0); |
64 | return array("status" => 0); |
| 65 | } else { |
65 | } else { |
| 66 | if (OIDplus::config()->getValue('log_failed_ra_logins', false)) { |
66 | if (OIDplus::config()->getValue('log_failed_ra_logins', false)) { |
| 67 | if ($ra->existing()) { |
67 | if ($ra->existing()) { |
| 68 | OIDplus::logger()->log("[WARN]A!", "Failed login to RA account '$email' (wrong password)"); |
68 | OIDplus::logger()->log("[WARN]A!", "Failed login to RA account '$email' (wrong password)"); |
| 69 | } else { |
69 | } else { |
| 70 | OIDplus::logger()->log("[WARN]A!", "Failed login to RA account '$email' (RA not existing)"); |
70 | OIDplus::logger()->log("[WARN]A!", "Failed login to RA account '$email' (RA not existing)"); |
| 71 | } |
71 | } |
| 72 | } |
72 | } |
| 73 | throw new OIDplusException(_L('Wrong password or user not registered')); |
73 | throw new OIDplusException(_L('Wrong password or user not registered')); |
| 74 | } |
74 | } |
| 75 | 75 | ||
| 76 | } else if ($actionID == 'ra_logout') { |
76 | } else if ($actionID == 'ra_logout') { |
| 77 | 77 | ||
| 78 | _CheckParamExists($params, 'email'); |
78 | _CheckParamExists($params, 'email'); |
| 79 | 79 | ||
| 80 | $email = $params['email']; |
80 | $email = $params['email']; |
| 81 | 81 | ||
| 82 | OIDplus::authUtils()->raLogoutEx($email); |
82 | OIDplus::authUtils()->raLogoutEx($email); |
| 83 | 83 | ||
| 84 | return array("status" => 0); |
84 | return array("status" => 0); |
| 85 | } |
85 | } |
| 86 | 86 | ||
| 87 | // === ADMIN LOGIN/LOGOUT === |
87 | // === ADMIN LOGIN/LOGOUT === |
| 88 | 88 | ||
| 89 | else if ($actionID == 'admin_login') { |
89 | else if ($actionID == 'admin_login') { |
| 90 | OIDplus::getActiveCaptchaPlugin()->captchaVerify($params, 'captcha'); |
90 | OIDplus::getActiveCaptchaPlugin()->captchaVerify($params, 'captcha'); |
| 91 | 91 | ||
| 92 | _CheckParamExists($params, 'password'); |
92 | _CheckParamExists($params, 'password'); |
| 93 | if (OIDplus::authUtils()->adminCheckPassword($params['password'])) { |
93 | if (OIDplus::authUtils()->adminCheckPassword($params['password'])) { |
| 94 | $remember_me = isset($params['remember_me']) && ($params['remember_me']); |
94 | $remember_me = isset($params['remember_me']) && ($params['remember_me']); |
| 95 | OIDplus::authUtils()->adminLoginEx($remember_me, 'Regular login'); |
95 | OIDplus::authUtils()->adminLoginEx($remember_me, 'Regular login'); |
| 96 | 96 | ||
| 97 | // TODO: Write a "last login" entry in config table? |
97 | // TODO: Write a "last login" entry in config table? |
| 98 | 98 | ||
| 99 | return array("status" => 0); |
99 | return array("status" => 0); |
| 100 | } else { |
100 | } else { |
| 101 | if (OIDplus::config()->getValue('log_failed_admin_logins', false)) { |
101 | if (OIDplus::config()->getValue('log_failed_admin_logins', false)) { |
| 102 | OIDplus::logger()->log("[WARN]A!", "Failed login to admin account"); |
102 | OIDplus::logger()->log("[WARN]A!", "Failed login to admin account"); |
| 103 | } |
103 | } |
| 104 | throw new OIDplusException(_L('Wrong password')); |
104 | throw new OIDplusException(_L('Wrong password')); |
| 105 | } |
105 | } |
| 106 | } |
106 | } |
| 107 | else if ($actionID == 'admin_logout') { |
107 | else if ($actionID == 'admin_logout') { |
| 108 | OIDplus::authUtils()->adminLogoutEx(); |
108 | OIDplus::authUtils()->adminLogoutEx(); |
| 109 | 109 | ||
| 110 | return array("status" => 0); |
110 | return array("status" => 0); |
| 111 | } |
111 | } |
| 112 | else { |
112 | else { |
| 113 | return parent::action($actionID, $params); |
113 | return parent::action($actionID, $params); |
| 114 | } |
114 | } |
| 115 | } |
115 | } |
| 116 | 116 | ||
| 117 | /** |
117 | /** |
| 118 | * @param bool $html |
118 | * @param bool $html |
| 119 | * @return void |
119 | * @return void |
| 120 | * @throws OIDplusException |
120 | * @throws OIDplusException |
| 121 | */ |
121 | */ |
| 122 | public function init(bool $html=true) { |
122 | public function init(bool $html=true) { |
| 123 | OIDplus::config()->prepareConfigKey('log_failed_ra_logins', 'Log failed RA logins', '0', OIDplusConfig::PROTECTION_EDITABLE, function($value) { |
123 | OIDplus::config()->prepareConfigKey('log_failed_ra_logins', 'Log failed RA logins', '0', OIDplusConfig::PROTECTION_EDITABLE, function($value) { |
| 124 | if (!is_numeric($value) || (($value != 0) && (($value != 1)))) { |
124 | if (!is_numeric($value) || (($value != 0) && (($value != 1)))) { |
| 125 | throw new OIDplusException(_L('Valid values: 0 (off) or 1 (on).')); |
125 | throw new OIDplusException(_L('Valid values: 0 (off) or 1 (on).')); |
| 126 | } |
126 | } |
| 127 | }); |
127 | }); |
| 128 | OIDplus::config()->prepareConfigKey('log_failed_admin_logins', 'Log failed Admin logins', '0', OIDplusConfig::PROTECTION_EDITABLE, function($value) { |
128 | OIDplus::config()->prepareConfigKey('log_failed_admin_logins', 'Log failed Admin logins', '0', OIDplusConfig::PROTECTION_EDITABLE, function($value) { |
| 129 | if (!is_numeric($value) || (($value != 0) && (($value != 1)))) { |
129 | if (!is_numeric($value) || (($value != 0) && (($value != 1)))) { |
| 130 | throw new OIDplusException(_L('Valid values: 0 (off) or 1 (on).')); |
130 | throw new OIDplusException(_L('Valid values: 0 (off) or 1 (on).')); |
| 131 | } |
131 | } |
| 132 | }); |
132 | }); |
| 133 | } |
133 | } |
| 134 | 134 | ||
| 135 | /** |
135 | /** |
| 136 | * @param string $id |
136 | * @param string $id |
| 137 | * @param array $out |
137 | * @param array $out |
| 138 | * @param bool $handled |
138 | * @param bool $handled |
| 139 | * @return void |
139 | * @return void |
| 140 | * @throws OIDplusException |
140 | * @throws OIDplusException |
| 141 | */ |
141 | */ |
| 142 | public function gui(string $id, array &$out, bool &$handled) { |
142 | public function gui(string $id, array &$out, bool &$handled) { |
| 143 | $ary = explode('$', $id); |
143 | $ary = explode('$', $id); |
| 144 | $desired_ra = ''; |
144 | $desired_ra = ''; |
| 145 | if (isset($ary[1])) { |
145 | if (isset($ary[1])) { |
| 146 | $id = $ary[0]; |
146 | $id = $ary[0]; |
| 147 | $tab = $ary[1]; |
147 | $tab = $ary[1]; |
| 148 | if (isset($ary[2])) { |
148 | if (isset($ary[2])) { |
| 149 | $desired_ra = $ary[2]; |
149 | $desired_ra = $ary[2]; |
| 150 | } |
150 | } |
| 151 | } else { |
151 | } else { |
| 152 | $tab = 'ra'; |
152 | $tab = 'ra'; |
| 153 | } |
153 | } |
| 154 | if ($id === 'oidplus:login') { |
154 | if ($id === 'oidplus:login') { |
| 155 | $handled = true; |
155 | $handled = true; |
| 156 | $out['title'] = _L('Login'); |
156 | $out['title'] = _L('Login'); |
| 157 | $out['icon'] = OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/login_icon.png'; |
157 | $out['icon'] = OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/login_icon.png'; |
| 158 | 158 | ||
| 159 | $out['text'] = '<noscript>'; |
159 | $out['text'] = '<noscript>'; |
| 160 | $out['text'] .= '<p>'._L('You need to enable JavaScript to use the login area.').'</p>'; |
160 | $out['text'] .= '<p>'._L('You need to enable JavaScript to use the login area.').'</p>'; |
| 161 | $out['text'] .= '</noscript>'; |
161 | $out['text'] .= '</noscript>'; |
| 162 | 162 | ||
| 163 | $out['text'] .= '<div id="loginArea" style="visibility: hidden"><div id="loginTab" class="container" style="width:100%;">'; |
163 | $out['text'] .= '<div id="loginArea" style="visibility: hidden"><div id="loginTab" class="container" style="width:100%;">'; |
| 164 | 164 | ||
| 165 | $out['text'] .= OIDplus::getActiveCaptchaPlugin()->captchaGenerate(_L('Before logging in, please solve the following CAPTCHA')); |
165 | $out['text'] .= OIDplus::getActiveCaptchaPlugin()->captchaGenerate(_L('Before logging in, please solve the following CAPTCHA')); |
| 166 | $out['text'] .= '<br>'; |
166 | $out['text'] .= '<br>'; |
| 167 | 167 | ||
| 168 | // ---------------- Tab control |
168 | // ---------------- Tab control |
| 169 | $out['text'] .= OIDplus::gui()->tabBarStart(); |
169 | $out['text'] .= OIDplus::gui()->tabBarStart(); |
| 170 | $out['text'] .= OIDplus::gui()->tabBarElement('ra', _L('Login as RA'), $tab === 'ra'); |
170 | $out['text'] .= OIDplus::gui()->tabBarElement('ra', _L('Login as RA'), $tab === 'ra'); |
| 171 | $out['text'] .= OIDplus::gui()->tabBarElement('admin', _L('Login as administrator'), $tab === 'admin'); |
171 | $out['text'] .= OIDplus::gui()->tabBarElement('admin', _L('Login as administrator'), $tab === 'admin'); |
| 172 | $out['text'] .= OIDplus::gui()->tabBarEnd(); |
172 | $out['text'] .= OIDplus::gui()->tabBarEnd(); |
| 173 | $out['text'] .= OIDplus::gui()->tabContentStart(); |
173 | $out['text'] .= OIDplus::gui()->tabContentStart(); |
| 174 | // ---------------- "RA" tab |
174 | // ---------------- "RA" tab |
| 175 | $tabcont = '<h2>'._L('Login as RA').'</h2>'; |
175 | $tabcont = '<h2>'._L('Login as RA').'</h2>'; |
| 176 | $login_list = OIDplus::authUtils()->loggedInRaList(); |
176 | $login_list = OIDplus::authUtils()->loggedInRaList(); |
| 177 | if (count($login_list) > 0) { |
177 | if (count($login_list) > 0) { |
| 178 | foreach ($login_list as $x) { |
178 | foreach ($login_list as $x) { |
| 179 | $tabcont .= '<p>'._L('You are logged in as %1','<b>'.$x->raEmail().'</b>').' (<a href="#" onclick="return OIDplusPagePublicLogin.raLogout('.js_escape($x->raEmail()).');">'._L('Logout').'</a>)</p>'; |
179 | $tabcont .= '<p>'._L('You are logged in as %1','<b>'.$x->raEmail().'</b>').' (<a href="#" onclick="return OIDplusPagePublicLogin.raLogout('.js_escape($x->raEmail()).');">'._L('Logout').'</a>)</p>'; |
| 180 | } |
180 | } |
| 181 | $tabcont .= '<p>'._L('If you have more accounts, you can log in with another account here.').'</p>'; |
181 | $tabcont .= '<p>'._L('If you have more accounts, you can log in with another account here.').'</p>'; |
| 182 | } else { |
182 | } else { |
| 183 | $tabcont .= '<p>'._L('Enter your email address and your password to log in as Registration Authority.').'</p>'; |
183 | $tabcont .= '<p>'._L('Enter your email address and your password to log in as Registration Authority.').'</p>'; |
| 184 | } |
184 | } |
| 185 | $tabcont .= '<form action="javascript:void(0);" onsubmit="return OIDplusPagePublicLogin.raLoginOnSubmit(this);">'; |
185 | $tabcont .= '<form action="javascript:void(0);" onsubmit="return OIDplusPagePublicLogin.raLoginOnSubmit(this);">'; |
| 186 | $tabcont .= '<div><label class="padding_label">'._L('E-Mail').':</label><input type="text" name="email" value="'.htmlentities($desired_ra).'" id="raLoginEMail"></div>'; |
186 | $tabcont .= '<div><label class="padding_label">'._L('E-Mail').':</label><input type="text" name="email" value="'.htmlentities($desired_ra).'" id="raLoginEMail"></div>'; |
| 187 | $tabcont .= '<div><label class="padding_label">'._L('Password').':</label><input type="password" name="password" value="" id="raLoginPassword"></div>'; |
187 | $tabcont .= '<div><label class="padding_label">'._L('Password').':</label><input type="password" name="password" value="" id="raLoginPassword"></div>'; |
| 188 | if (OIDplus::baseConfig()->getValue('JWT_ALLOW_LOGIN_USER', true)) { |
188 | if (OIDplus::baseConfig()->getValue('JWT_ALLOW_LOGIN_USER', true)) { |
| 189 | if ((OIDplus::authUtils()->getAuthMethod() === OIDplusAuthContentStoreJWT::class)) { |
189 | if ((OIDplus::authUtils()->getAuthMethod() === OIDplusAuthContentStoreJWT::class)) { |
| 190 | if (OIDplus::authUtils()->getExtendedAttribute('oidplus_generator',-1) === OIDplusAuthContentStoreJWT::JWT_GENERATOR_LOGIN) { |
190 | if (OIDplus::authUtils()->getExtendedAttribute('oidplus_generator',-1) === OIDplusAuthContentStoreJWT::JWT_GENERATOR_LOGIN) { |
| 191 | $att = 'disabled checked'; |
191 | $att = 'disabled checked'; |
| 192 | } else { |
192 | } else { |
| 193 | $att = 'disabled'; |
193 | $att = 'disabled'; |
| 194 | } |
194 | } |
| 195 | } else if ((OIDplus::authUtils()->getAuthMethod() === OIDplusAuthContentStoreSession::class)) { |
195 | } else if ((OIDplus::authUtils()->getAuthMethod() === OIDplusAuthContentStoreSession::class)) { |
| 196 | $att = 'disabled'; |
196 | $att = 'disabled'; |
| 197 | } else { |
197 | } else { |
| 198 | $att = ''; |
198 | $att = ''; |
| 199 | } |
199 | } |
| 200 | $tabcont .= '<div><input '.$att.' type="checkbox" value="1" id="remember_me_ra" name="remember_me_ra"> <label for="remember_me_ra">'._L('Remember me').'</label></div>'; |
200 | $tabcont .= '<div><input '.$att.' type="checkbox" value="1" id="remember_me_ra" name="remember_me_ra"> <label for="remember_me_ra">'._L('Remember me').'</label></div>'; |
| 201 | } |
201 | } |
| 202 | $tabcont .= '<br><input type="submit" value="'._L('Login').'"><br><br>'; |
202 | $tabcont .= '<br><input type="submit" value="'._L('Login').'"><br><br>'; |
| 203 | $tabcont .= '</form>'; |
203 | $tabcont .= '</form>'; |
| 204 | $tabcont .= '<p><a '.OIDplus::gui()->link('oidplus:forgot_password').'>'._L('Forgot password?').'</a><br>'; |
204 | $tabcont .= '<p><a '.OIDplus::gui()->link('oidplus:forgot_password').'>'._L('Forgot password?').'</a><br>'; |
| 205 | 205 | ||
| 206 | $invitePlugin = OIDplus::getPluginByOid('1.3.6.1.4.1.37476.2.5.2.4.2.92'); // OIDplusPageRaInvite |
206 | $invitePlugin = OIDplus::getPluginByOid('1.3.6.1.4.1.37476.2.5.2.4.2.92'); // OIDplusPageRaInvite |
| 207 | if (!is_null($invitePlugin) && OIDplus::config()->getValue('ra_invitation_enabled')) { |
207 | if (!is_null($invitePlugin) && OIDplus::config()->getValue('ra_invitation_enabled')) { |
| 208 | $tabcont .= '<abbr title="'._L('To receive login data, the superior RA needs to send you an invitation. After creating or updating your OID, the system will ask them if they want to send you an invitation. If they accept, you will receive an email with an activation link. Alternatively, the system admin can create your account manually in the administrator control panel.').'">'._L('How to register?').'</abbr></p>'; |
208 | $tabcont .= '<abbr title="'._L('To receive login data, the superior RA needs to send you an invitation. After creating or updating your OID, the system will ask them if they want to send you an invitation. If they accept, you will receive an email with an activation link. Alternatively, the system admin can create your account manually in the administrator control panel.').'">'._L('How to register?').'</abbr></p>'; |
| 209 | } else { |
209 | } else { |
| 210 | $tabcont .= '<abbr title="'._L('Since invitations are disabled at this OIDplus system, the system administrator needs to create your account manually in the administrator control panel.').'">'._L('How to register?').'</abbr></p>'; |
210 | $tabcont .= '<abbr title="'._L('Since invitations are disabled at this OIDplus system, the system administrator needs to create your account manually in the administrator control panel.').'">'._L('How to register?').'</abbr></p>'; |
| 211 | } |
211 | } |
| 212 | 212 | ||
| 213 | if ($tab === 'ra') { |
213 | if ($tab === 'ra') { |
| 214 | $alt_logins_html = array(); |
214 | $alt_logins_html = array(); |
| 215 | foreach (OIDplus::getAllPlugins() as $plugin) { |
215 | foreach (OIDplus::getAllPlugins() as $plugin) { |
| 216 | if ($plugin instanceof INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_5) { |
216 | if ($plugin instanceof INTF_OID_1_3_6_1_4_1_37476_2_5_2_3_5) { |
| 217 | $logins = $plugin->alternativeLoginMethods(); |
217 | $logins = $plugin->alternativeLoginMethods(); |
| 218 | foreach ($logins as $data) { |
218 | foreach ($logins as $data) { |
| 219 | if (isset($data[2]) && !empty($data[2])) { |
219 | if (isset($data[2]) && !empty($data[2])) { |
| 220 | $img = '<img src="'.$data[2].'" alt="'.htmlentities($data[1]).'"> '; |
220 | $img = '<img src="'.$data[2].'" alt="'.htmlentities($data[1]).'"> '; |
| 221 | } else { |
221 | } else { |
| 222 | $img = ''; |
222 | $img = ''; |
| 223 | } |
223 | } |
| 224 | $alt_logins_html[] = $img.'<a '.OIDplus::gui()->link($data[0]).'>'.htmlentities($data[1]).'</a>'; |
224 | $alt_logins_html[] = $img.'<a '.OIDplus::gui()->link($data[0]).'>'.htmlentities($data[1]).'</a>'; |
| 225 | } |
225 | } |
| 226 | } |
226 | } |
| 227 | } |
227 | } |
| 228 | if (count($alt_logins_html) > 0) { |
228 | if (count($alt_logins_html) > 0) { |
| 229 | $tabcont .= '<p>'._L('Alternative login methods').':<br>'; |
229 | $tabcont .= '<p>'._L('Alternative login methods').':<br>'; |
| 230 | foreach ($alt_logins_html as $alt_login) { |
230 | foreach ($alt_logins_html as $alt_login) { |
| 231 | $tabcont .= $alt_login.'<br>'; |
231 | $tabcont .= $alt_login.'<br>'; |
| 232 | } |
232 | } |
| 233 | $tabcont .= '</p>'; |
233 | $tabcont .= '</p>'; |
| 234 | } |
234 | } |
| 235 | } |
235 | } |
| 236 | 236 | ||
| 237 | $out['text'] .= OIDplus::gui()->tabContentPage('ra', $tabcont, $tab === 'ra'); |
237 | $out['text'] .= OIDplus::gui()->tabContentPage('ra', $tabcont, $tab === 'ra'); |
| 238 | // ---------------- "Administrator" tab |
238 | // ---------------- "Administrator" tab |
| 239 | $tabcont = '<h2>'._L('Login as administrator').'</h2>'; |
239 | $tabcont = '<h2>'._L('Login as administrator').'</h2>'; |
| 240 | if (OIDplus::authUtils()->isAdminLoggedIn()) { |
240 | if (OIDplus::authUtils()->isAdminLoggedIn()) { |
| 241 | $tabcont .= '<p>'._L('You are logged in as administrator.').'</p>'; |
241 | $tabcont .= '<p>'._L('You are logged in as administrator.').'</p>'; |
| 242 | $tabcont .= '<a href="#" onclick="return OIDplusPagePublicLogin.adminLogout();">'._L('Logout').'</a>'; |
242 | $tabcont .= '<a href="#" onclick="return OIDplusPagePublicLogin.adminLogout();">'._L('Logout').'</a>'; |
| 243 | } else { |
243 | } else { |
| 244 | $tabcont .= '<form action="javascript:void(0);" onsubmit="return OIDplusPagePublicLogin.adminLoginOnSubmit(this);">'; |
244 | $tabcont .= '<form action="javascript:void(0);" onsubmit="return OIDplusPagePublicLogin.adminLoginOnSubmit(this);">'; |
| 245 | $tabcont .= '<div><label class="padding_label">'._L('Password').':</label><input type="password" name="password" value="" id="adminLoginPassword"></div>'; |
245 | $tabcont .= '<div><label class="padding_label">'._L('Password').':</label><input type="password" name="password" value="" id="adminLoginPassword"></div>'; |
| 246 | if (OIDplus::baseConfig()->getValue('JWT_ALLOW_LOGIN_ADMIN', true)) { |
246 | if (OIDplus::baseConfig()->getValue('JWT_ALLOW_LOGIN_ADMIN', true)) { |
| 247 | if ((OIDplus::authUtils()->getAuthMethod() === OIDplusAuthContentStoreJWT::class)) { |
247 | if ((OIDplus::authUtils()->getAuthMethod() === OIDplusAuthContentStoreJWT::class)) { |
| 248 | if (OIDplus::authUtils()->getExtendedAttribute('oidplus_generator',-1) === OIDplusAuthContentStoreJWT::JWT_GENERATOR_LOGIN) { |
248 | if (OIDplus::authUtils()->getExtendedAttribute('oidplus_generator',-1) === OIDplusAuthContentStoreJWT::JWT_GENERATOR_LOGIN) { |
| 249 | $att = 'disabled checked'; |
249 | $att = 'disabled checked'; |
| 250 | } else { |
250 | } else { |
| 251 | $att = 'disabled'; |
251 | $att = 'disabled'; |
| 252 | } |
252 | } |
| 253 | } else if ((OIDplus::authUtils()->getAuthMethod() === OIDplusAuthContentStoreSession::class)) { |
253 | } else if ((OIDplus::authUtils()->getAuthMethod() === OIDplusAuthContentStoreSession::class)) { |
| 254 | $att = 'disabled'; |
254 | $att = 'disabled'; |
| 255 | } else { |
255 | } else { |
| 256 | $att = ''; |
256 | $att = ''; |
| 257 | } |
257 | } |
| 258 | $tabcont .= '<div><input '.$att.' type="checkbox" value="1" id="remember_me_admin" name="remember_me_admin"> <label for="remember_me_admin">'._L('Remember me').'</label></div>'; |
258 | $tabcont .= '<div><input '.$att.' type="checkbox" value="1" id="remember_me_admin" name="remember_me_admin"> <label for="remember_me_admin">'._L('Remember me').'</label></div>'; |
| 259 | } |
259 | } |
| 260 | $tabcont .= '<br><input type="submit" value="'._L('Login').'"><br><br>'; |
260 | $tabcont .= '<br><input type="submit" value="'._L('Login').'"><br><br>'; |
| 261 | $tabcont .= '</form>'; |
261 | $tabcont .= '</form>'; |
| 262 | $tabcont .= '<p><a '.OIDplus::gui()->link('oidplus:forgot_password_admin').'>'._L('Forgot password?').'</a><br>'; |
262 | $tabcont .= '<p><a '.OIDplus::gui()->link('oidplus:forgot_password_admin').'>'._L('Forgot password?').'</a><br>'; |
| 263 | } |
263 | } |
| 264 | $out['text'] .= OIDplus::gui()->tabContentPage('admin', $tabcont, $tab === 'admin'); |
264 | $out['text'] .= OIDplus::gui()->tabContentPage('admin', $tabcont, $tab === 'admin'); |
| 265 | $out['text'] .= OIDplus::gui()->tabContentEnd(); |
265 | $out['text'] .= OIDplus::gui()->tabContentEnd(); |
| 266 | // ---------------- Tab control END |
266 | // ---------------- Tab control END |
| 267 | 267 | ||
| 268 | $out['text'] .= '</div><br>'; |
268 | $out['text'] .= '</div><br>'; |
| 269 | 269 | ||
| 270 | $mins = ceil(OIDplus::baseConfig()->getValue('SESSION_LIFETIME', 30*60)/60); |
270 | $mins = ceil(OIDplus::baseConfig()->getValue('SESSION_LIFETIME', 30*60)/60); |
| 271 | $out['text'] .= '<p><font size="-1">'._L('<i>Privacy information</i>: By using the login functionality, you are accepting that a "session cookie" is temporarily stored in your browser. The session cookie is a small text file that is sent to this website every time you visit it, to identify you as an already logged in user. It does not track any of your online activities outside OIDplus. The cookie will be destroyed when you log out or after an inactivity of %1 minutes (except if the "Remember me" option is used).', $mins); |
271 | $out['text'] .= '<p><font size="-1">'._L('<i>Privacy information</i>: By using the login functionality, you are accepting that a "session cookie" is temporarily stored in your browser. The session cookie is a small text file that is sent to this website every time you visit it, to identify you as an already logged in user. It does not track any of your online activities outside OIDplus. The cookie will be destroyed when you log out or after an inactivity of %1 minutes (except if the "Remember me" option is used).', $mins); |
| 272 | $privacy_document_file = 'OIDplus/privacy_documentation.html'; |
272 | $privacy_document_file = 'OIDplus/privacy_documentation.html'; |
| 273 | $resourcePlugin = OIDplus::getPluginByOid('1.3.6.1.4.1.37476.2.5.2.4.1.500'); // OIDplusPagePublicResources |
273 | $resourcePlugin = OIDplus::getPluginByOid('1.3.6.1.4.1.37476.2.5.2.4.1.500'); // OIDplusPagePublicResources |
| 274 | if (!is_null($resourcePlugin) && file_exists(OIDplus::localpath().'res/'.$privacy_document_file)) { |
274 | if (!is_null($resourcePlugin) && file_exists(OIDplus::localpath().'res/'.$privacy_document_file)) { |
| 275 | $out['text'] .= ' <a '.OIDplus::gui()->link('oidplus:resources$'.$privacy_document_file.'#cookies').'>'._L('More information about the cookies used').'</a>'; |
275 | $out['text'] .= ' <a '.OIDplus::gui()->link('oidplus:resources$'.$privacy_document_file.'#cookies').'>'._L('More information about the cookies used').'</a>'; |
| 276 | } |
276 | } |
| 277 | $out['text'] .= '</font></p></div>'; |
277 | $out['text'] .= '</font></p></div>'; |
| 278 | 278 | ||
| 279 | $out['text'] .= '<script>$("#loginArea")[0].style.visibility = "visible";</script>'; |
279 | $out['text'] .= '<script>$("#loginArea")[0].style.visibility = "visible";</script>'; |
| 280 | } |
280 | } |
| 281 | } |
281 | } |
| 282 | 282 | ||
| 283 | /** |
283 | /** |
| 284 | * @param array $out |
284 | * @param array $out |
| 285 | * @return void |
285 | * @return void |
| 286 | */ |
286 | */ |
| 287 | public function publicSitemap(array &$out) { |
287 | public function publicSitemap(array &$out) { |
| 288 | $out[] = 'oidplus:login'; |
288 | $out[] = 'oidplus:login'; |
| 289 | } |
289 | } |
| 290 | 290 | ||
| 291 | /** |
291 | /** |
| 292 | * @param array $json |
292 | * @param array $json |
| 293 | * @param string|null $ra_email |
293 | * @param string|null $ra_email |
| 294 | * @param bool $nonjs |
294 | * @param bool $nonjs |
| 295 | * @param string $req_goto |
295 | * @param string $req_goto |
| 296 | * @return bool |
296 | * @return bool |
| 297 | * @throws OIDplusConfigInitializationException |
297 | * @throws OIDplusConfigInitializationException |
| 298 | * @throws OIDplusException |
298 | * @throws OIDplusException |
| 299 | */ |
299 | */ |
| 300 | public function tree(array &$json, string $ra_email=null, bool $nonjs=false, string $req_goto=''): bool { |
300 | public function tree(array &$json, string $ra_email=null, bool $nonjs=false, string $req_goto=''): bool { |
| 301 | $loginChildren = array(); |
301 | $loginChildren = array(); |
| 302 | 302 | ||
| 303 | if (OIDplus::authUtils()->isAdminLoggedIn()) { |
303 | if (OIDplus::authUtils()->isAdminLoggedIn()) { |
| 304 | $ra_roots = array(); |
304 | $ra_roots = array(); |
| 305 | 305 | ||
| 306 | foreach (OIDplus::getPagePlugins() as $plugin) { |
306 | foreach (OIDplus::getPagePlugins() as $plugin) { |
| 307 | if (is_subclass_of($plugin, OIDplusPagePluginAdmin::class)) { |
307 | if (is_subclass_of($plugin, OIDplusPagePluginAdmin::class)) { |
| 308 | $plugin->tree($ra_roots); |
308 | $plugin->tree($ra_roots); |
| 309 | } |
309 | } |
| 310 | } |
310 | } |
| 311 | 311 | ||
| 312 | $ra_roots[] = array( |
312 | $ra_roots[] = array( |
| 313 | 'id' => 'oidplus:logout$admin', |
313 | 'id' => 'oidplus:logout$admin', |
| 314 | 'icon' => OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/logout_icon16.png', |
314 | 'icon' => OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/logout_icon16.png', |
| 315 | 'conditionalselect' => 'OIDplusPagePublicLogin.adminLogout(); false;', |
315 | 'conditionalselect' => 'OIDplusPagePublicLogin.adminLogout(); false;', |
| 316 | 'text' => _L('Log out') |
316 | 'text' => _L('Log out') |
| 317 | ); |
317 | ); |
| 318 | $loginChildren[] = array( |
318 | $loginChildren[] = array( |
| 319 | 'id' => 'oidplus:dummy$'.md5((string)rand()), |
319 | 'id' => 'oidplus:dummy$'.md5((string)rand()), |
| 320 | 'text' => _L("Logged in as <b>admin</b>"), |
320 | 'text' => _L("Logged in as <b>admin</b>"), |
| 321 | 'icon' => OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/admin_icon16.png', |
321 | 'icon' => OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/admin_icon16.png', |
| 322 | 'conditionalselect' => 'false', // dummy node that can't be selected |
322 | 'conditionalselect' => 'false', // dummy node that can't be selected |
| 323 | 'state' => array("opened" => true), |
323 | 'state' => array("opened" => true), |
| 324 | 'children' => $ra_roots |
324 | 'children' => $ra_roots |
| 325 | ); |
325 | ); |
| 326 | } |
326 | } |
| 327 | 327 | ||
| 328 | foreach (OIDplus::authUtils()->loggedInRaList() as $ra) { |
328 | foreach (OIDplus::authUtils()->loggedInRaList() as $ra) { |
| 329 | $ra_email = $ra->raEmail(); |
329 | $ra_email = $ra->raEmail(); |
| 330 | $ra_roots = array(); |
330 | $ra_roots = array(); |
| 331 | 331 | ||
| 332 | foreach (OIDplus::getPagePlugins() as $plugin) { |
332 | foreach (OIDplus::getPagePlugins() as $plugin) { |
| 333 | if (is_subclass_of($plugin, OIDplusPagePluginRa::class)) { |
333 | if (is_subclass_of($plugin, OIDplusPagePluginRa::class)) { |
| 334 | $plugin->tree($ra_roots, $ra_email); |
334 | $plugin->tree($ra_roots, $ra_email); |
| 335 | } |
335 | } |
| 336 | } |
336 | } |
| 337 | 337 | ||
| 338 | $ra_roots[] = array( |
338 | $ra_roots[] = array( |
| 339 | 'id' => 'oidplus:logout$'.$ra_email, |
339 | 'id' => 'oidplus:logout$'.$ra_email, |
| 340 | 'conditionalselect' => 'OIDplusPagePublicLogin.raLogout('.js_escape($ra_email).'); false;', |
340 | 'conditionalselect' => 'OIDplusPagePublicLogin.raLogout('.js_escape($ra_email).'); false;', |
| 341 | 'icon' => OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/logout_icon16.png', |
341 | 'icon' => OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/logout_icon16.png', |
| 342 | 'text' => _L('Log out') |
342 | 'text' => _L('Log out') |
| 343 | ); |
343 | ); |
| 344 | foreach (OIDplusObject::getRaRoots($ra_email) as $loc_root) { |
344 | foreach (OIDplusObject::getRaRoots($ra_email) as $loc_root) { |
| 345 | $ico = $loc_root->getIcon(); |
345 | $ico = $loc_root->getIcon(); |
| 346 | $ra_roots[] = array( |
346 | $ra_roots[] = array( |
| 347 | 'id' => 'oidplus:raroot$'.$loc_root->nodeId(), |
347 | 'id' => 'oidplus:raroot$'.$loc_root->nodeId(), |
| 348 | 'text' => _L('Jump to RA root %1',$loc_root->objectTypeTitleShort().' '.$loc_root->crudShowId(OIDplusObject::parse($loc_root::root()))), |
348 | 'text' => _L('Jump to RA root %1',$loc_root->objectTypeTitleShort().' '.$loc_root->crudShowId(OIDplusObject::parse($loc_root::root()))), |
| 349 | 'conditionalselect' => 'openOidInPanel('.js_escape($loc_root->nodeId()).', true); false;', |
349 | 'conditionalselect' => 'openOidInPanel('.js_escape($loc_root->nodeId()).', true); false;', |
| 350 | 'icon' => !is_null($ico) ? $ico : OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/link_icon16.png' |
350 | 'icon' => !is_null($ico) ? $ico : OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/link_icon16.png' |
| 351 | ); |
351 | ); |
| 352 | } |
352 | } |
| 353 | $ra_email_or_name = (new OIDplusRA($ra_email))->raName(); |
353 | $ra_email_or_name = (new OIDplusRA($ra_email))->raName(); |
| 354 | if ($ra_email_or_name == '') { |
354 | if ($ra_email_or_name == '') { |
| 355 | $ra_email_html = htmlentities($ra_email); |
355 | $ra_email_html = htmlentities($ra_email); |
| 356 | $ra_email_or_name = '<b>'.$ra_email_html.'</b>'; |
356 | $ra_email_or_name = '<b>'.$ra_email_html.'</b>'; |
| 357 | } else { |
357 | } else { |
| 358 | $ra_email_html = htmlentities($ra_email); |
358 | $ra_email_html = htmlentities($ra_email); |
| 359 | $ra_email_or_name_html = htmlentities($ra_email_or_name); |
359 | $ra_email_or_name_html = htmlentities($ra_email_or_name); |
| 360 | $ra_email_or_name = "<b>$ra_email_or_name_html</b> ($ra_email_html)"; |
360 | $ra_email_or_name = "<b>$ra_email_or_name_html</b> ($ra_email_html)"; |
| 361 | } |
361 | } |
| 362 | $loginChildren[] = array( |
362 | $loginChildren[] = array( |
| 363 | 'id' => 'oidplus:dummy$'.md5((string)rand()), |
363 | 'id' => 'oidplus:dummy$'.md5((string)rand()), |
| 364 | 'text' => _L('Logged in as %1',$ra_email_or_name), |
364 | 'text' => _L('Logged in as %1',$ra_email_or_name), |
| 365 | 'icon' => OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/ra_icon16.png', |
365 | 'icon' => OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/ra_icon16.png', |
| 366 | 'conditionalselect' => 'false', // dummy node that can't be selected |
366 | 'conditionalselect' => 'false', // dummy node that can't be selected |
| 367 | 'state' => array("opened" => true), |
367 | 'state' => array("opened" => true), |
| 368 | 'children' => $ra_roots |
368 | 'children' => $ra_roots |
| 369 | ); |
369 | ); |
| 370 | } |
370 | } |
| 371 | 371 | ||
| 372 | $json[] = array( |
372 | $json[] = array( |
| 373 | 'id' => 'oidplus:login', |
373 | 'id' => 'oidplus:login', |
| 374 | 'icon' => OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/login_icon16.png', |
374 | 'icon' => OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/login_icon16.png', |
| 375 | 'text' => _L('Login'), |
375 | 'text' => _L('Login'), |
| 376 | 'state' => array("opened" => count($loginChildren)>0), |
376 | 'state' => array("opened" => count($loginChildren)>0), |
| 377 | 'children' => $loginChildren |
377 | 'children' => $loginChildren |
| 378 | ); |
378 | ); |
| 379 | 379 | ||
| 380 | return true; |
380 | return true; |
| 381 | } |
381 | } |
| 382 | 382 | ||
| 383 | /** |
383 | /** |
| 384 | * @param string $request |
384 | * @param string $request |
| 385 | * @return array|false |
385 | * @return array|false |
| 386 | */ |
386 | */ |
| 387 | public function tree_search(string $request) { |
387 | public function tree_search(string $request) { |
| 388 | return false; |
388 | return false; |
| 389 | } |
389 | } |
| 390 | } |
390 | } |
| 391 | 391 | ||