Rev 1282 | Rev 1293 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 1282 | Rev 1283 | ||
---|---|---|---|
Line 44... | Line 44... | ||
44 | 44 | ||
45 | $this->inviteSecurityCheck($email); |
45 | $this->inviteSecurityCheck($email); |
46 | // TODO: should we also log who has invited? |
46 | // TODO: should we also log who has invited? |
47 | OIDplus::logger()->log("V2:[INFO]RA(%1)", "RA '%1' has been invited", $email); |
47 | OIDplus::logger()->log("V2:[INFO]RA(%1)", "RA '%1' has been invited", $email); |
48 | 48 | ||
49 | $timestamp = time(); |
- | |
50 | $activate_url = OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL) . '?goto='.urlencode('oidplus:activate_ra$'.$email.'$'.$timestamp.'$'.OIDplus::authUtils()->makeAuthKey('ed840c3e-f4fa-11ed-b67e-3c4a92df8582:'.$email.'/'.$timestamp)); |
49 | $activate_url = OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL) . '?goto='.urlencode('oidplus:activate_ra$'.$email.'$'.OIDplus::authUtils()->makeAuthKey(['ed840c3e-f4fa-11ed-b67e-3c4a92df8582',$email])); |
51 | 50 | ||
52 | $message = $this->getInvitationText($email); |
51 | $message = $this->getInvitationText($email); |
53 | $message = str_replace('{{ACTIVATE_URL}}', $activate_url, $message); |
52 | $message = str_replace('{{ACTIVATE_URL}}', $activate_url, $message); |
54 | 53 | ||
55 | OIDplus::mailUtils()->sendMail($email, OIDplus::config()->getValue('system_title').' - Invitation', $message); |
54 | OIDplus::mailUtils()->sendMail($email, OIDplus::config()->getValue('system_title').' - Invitation', $message); |
Line 60... | Line 59... | ||
60 | 59 | ||
61 | _CheckParamExists($params, 'password1'); |
60 | _CheckParamExists($params, 'password1'); |
62 | _CheckParamExists($params, 'password2'); |
61 | _CheckParamExists($params, 'password2'); |
63 | _CheckParamExists($params, 'email'); |
62 | _CheckParamExists($params, 'email'); |
64 | _CheckParamExists($params, 'auth'); |
63 | _CheckParamExists($params, 'auth'); |
65 | _CheckParamExists($params, 'timestamp'); |
- | |
66 | 64 | ||
67 | $password1 = $params['password1']; |
65 | $password1 = $params['password1']; |
68 | $password2 = $params['password2']; |
66 | $password2 = $params['password2']; |
69 | $email = $params['email']; |
67 | $email = $params['email']; |
70 | $auth = $params['auth']; |
68 | $auth = $params['auth']; |
71 | $timestamp = $params['timestamp']; |
- | |
72 | 69 | ||
73 | if (!OIDplus::authUtils()->validateAuthKey('ed840c3e-f4fa-11ed-b67e-3c4a92df8582:'.$email.'/'.$timestamp, $auth)) { |
70 | if (!OIDplus::authUtils()->validateAuthKey(['ed840c3e-f4fa-11ed-b67e-3c4a92df8582',$email], $auth, OIDplus::config()->getValue('max_ra_invite_time',-1))) { |
74 | throw new OIDplusException(_L('Invalid auth key')); |
71 | throw new OIDplusException(_L('Invalid or expired authentication key')); |
75 | } |
- | |
76 | - | ||
77 | if ((OIDplus::config()->getValue('max_ra_invite_time') > 0) && (time()-$timestamp > OIDplus::config()->getValue('max_ra_invite_time'))) { |
- | |
78 | throw new OIDplusException(_L('Invitation expired!')); |
- | |
79 | } |
72 | } |
80 | 73 | ||
81 | if ($password1 !== $password2) { |
74 | if ($password1 !== $password2) { |
82 | throw new OIDplusException(_L('Passwords do not match')); |
75 | throw new OIDplusException(_L('Passwords do not match')); |
83 | } |
76 | } |
Line 159... | Line 152... | ||
159 | } |
152 | } |
160 | } else if (explode('$',$id)[0] == 'oidplus:activate_ra') { |
153 | } else if (explode('$',$id)[0] == 'oidplus:activate_ra') { |
161 | $handled = true; |
154 | $handled = true; |
162 | 155 | ||
163 | $email = explode('$',$id)[1]; |
156 | $email = explode('$',$id)[1]; |
164 | $timestamp = explode('$',$id)[2]; |
- | |
165 | $auth = explode('$',$id)[3]; |
157 | $auth = explode('$',$id)[2]; |
166 | 158 | ||
167 | $out['title'] = _L('Register as Registration Authority'); |
159 | $out['title'] = _L('Register as Registration Authority'); |
168 | 160 | ||
169 | if (!OIDplus::config()->getValue('ra_invitation_enabled')) { |
161 | if (!OIDplus::config()->getValue('ra_invitation_enabled')) { |
170 | throw new OIDplusException(_L('Invitations are disabled by the administrator.'), $out['title']); |
162 | throw new OIDplusException(_L('Invitations are disabled by the administrator.'), $out['title']); |
Line 174... | Line 166... | ||
174 | 166 | ||
175 | $res = OIDplus::db()->query("select * from ###ra where email = ?", array($email)); |
167 | $res = OIDplus::db()->query("select * from ###ra where email = ?", array($email)); |
176 | if ($res->any()) { |
168 | if ($res->any()) { |
177 | $out['text'] = _L('This RA is already registered and does not need to be invited.'); |
169 | $out['text'] = _L('This RA is already registered and does not need to be invited.'); |
178 | } else { |
170 | } else { |
179 | if (!OIDplus::authUtils()->validateAuthKey('activate_ra;'.$email.';'.$timestamp, $auth)) { |
171 | if (!OIDplus::authUtils()->validateAuthKey(['ed840c3e-f4fa-11ed-b67e-3c4a92df8582',$email], $auth, OIDplus::config()->getValue('max_ra_invite_time',-1))) { |
180 | throw new OIDplusException(_L('Invalid authorization. Is the URL OK?'), $out['title']); |
172 | throw new OIDplusException(_L('Invalid authorization. Is the URL OK?'), $out['title']); |
181 | } else { |
173 | } else { |
182 | // TODO: like in the FreeOID plugin, we could ask here at least for a name for the RA |
174 | // TODO: like in the FreeOID plugin, we could ask here at least for a name for the RA |
183 | $out['text'] = '<p>'._L('E-Mail-Address').': <b>'.$email.'</b></p> |
175 | $out['text'] = '<p>'._L('E-Mail-Address').': <b>'.$email.'</b></p> |
184 | 176 | ||
185 | <form id="activateRaForm" action="javascript:void(0);" onsubmit="return OIDplusPageRaInvite.activateRaFormOnSubmit();"> |
177 | <form id="activateRaForm" action="javascript:void(0);" onsubmit="return OIDplusPageRaInvite.activateRaFormOnSubmit();"> |
186 | <input type="hidden" id="email" value="'.htmlentities($email).'"/> |
178 | <input type="hidden" id="email" value="'.htmlentities($email).'"/> |
187 | <input type="hidden" id="timestamp" value="'.htmlentities($timestamp).'"/> |
- | |
188 | <input type="hidden" id="auth" value="'.htmlentities($auth).'"/> |
179 | <input type="hidden" id="auth" value="'.htmlentities($auth).'"/> |
189 | <div><label class="padding_label">'._L('New password').':</label><input type="password" id="password1" value=""/></div> |
180 | <div><label class="padding_label">'._L('New password').':</label><input type="password" id="password1" value=""/></div> |
190 | <div><label class="padding_label">'._L('Repeat').':</label><input type="password" id="password2" value=""/></div> |
181 | <div><label class="padding_label">'._L('Repeat').':</label><input type="password" id="password2" value=""/></div> |
191 | <br><input type="submit" value="'._L('Register').'"> |
182 | <br><input type="submit" value="'._L('Register').'"> |
192 | </form>'; |
183 | </form>'; |