Rev 1282 | Rev 1293 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 1282 | Rev 1283 | ||
|---|---|---|---|
| Line 44... | Line 44... | ||
| 44 | 44 | ||
| 45 | $this->inviteSecurityCheck($email); |
45 | $this->inviteSecurityCheck($email); |
| 46 | // TODO: should we also log who has invited? |
46 | // TODO: should we also log who has invited? |
| 47 | OIDplus::logger()->log("V2:[INFO]RA(%1)", "RA '%1' has been invited", $email); |
47 | OIDplus::logger()->log("V2:[INFO]RA(%1)", "RA '%1' has been invited", $email); |
| 48 | 48 | ||
| 49 | $timestamp = time(); |
- | |
| 50 | $activate_url = OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL) . '?goto='.urlencode('oidplus:activate_ra$'.$email.'$'.$timestamp.'$'.OIDplus::authUtils()->makeAuthKey('ed840c3e-f4fa-11ed-b67e-3c4a92df8582:'.$email.'/'.$timestamp)); |
49 | $activate_url = OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL) . '?goto='.urlencode('oidplus:activate_ra$'.$email.'$'.OIDplus::authUtils()->makeAuthKey(['ed840c3e-f4fa-11ed-b67e-3c4a92df8582',$email])); |
| 51 | 50 | ||
| 52 | $message = $this->getInvitationText($email); |
51 | $message = $this->getInvitationText($email); |
| 53 | $message = str_replace('{{ACTIVATE_URL}}', $activate_url, $message); |
52 | $message = str_replace('{{ACTIVATE_URL}}', $activate_url, $message); |
| 54 | 53 | ||
| 55 | OIDplus::mailUtils()->sendMail($email, OIDplus::config()->getValue('system_title').' - Invitation', $message); |
54 | OIDplus::mailUtils()->sendMail($email, OIDplus::config()->getValue('system_title').' - Invitation', $message); |
| Line 60... | Line 59... | ||
| 60 | 59 | ||
| 61 | _CheckParamExists($params, 'password1'); |
60 | _CheckParamExists($params, 'password1'); |
| 62 | _CheckParamExists($params, 'password2'); |
61 | _CheckParamExists($params, 'password2'); |
| 63 | _CheckParamExists($params, 'email'); |
62 | _CheckParamExists($params, 'email'); |
| 64 | _CheckParamExists($params, 'auth'); |
63 | _CheckParamExists($params, 'auth'); |
| 65 | _CheckParamExists($params, 'timestamp'); |
- | |
| 66 | 64 | ||
| 67 | $password1 = $params['password1']; |
65 | $password1 = $params['password1']; |
| 68 | $password2 = $params['password2']; |
66 | $password2 = $params['password2']; |
| 69 | $email = $params['email']; |
67 | $email = $params['email']; |
| 70 | $auth = $params['auth']; |
68 | $auth = $params['auth']; |
| 71 | $timestamp = $params['timestamp']; |
- | |
| 72 | 69 | ||
| 73 | if (!OIDplus::authUtils()->validateAuthKey('ed840c3e-f4fa-11ed-b67e-3c4a92df8582:'.$email.'/'.$timestamp, $auth)) { |
70 | if (!OIDplus::authUtils()->validateAuthKey(['ed840c3e-f4fa-11ed-b67e-3c4a92df8582',$email], $auth, OIDplus::config()->getValue('max_ra_invite_time',-1))) { |
| 74 | throw new OIDplusException(_L('Invalid auth key')); |
71 | throw new OIDplusException(_L('Invalid or expired authentication key')); |
| 75 | } |
- | |
| 76 | - | ||
| 77 | if ((OIDplus::config()->getValue('max_ra_invite_time') > 0) && (time()-$timestamp > OIDplus::config()->getValue('max_ra_invite_time'))) { |
- | |
| 78 | throw new OIDplusException(_L('Invitation expired!')); |
- | |
| 79 | } |
72 | } |
| 80 | 73 | ||
| 81 | if ($password1 !== $password2) { |
74 | if ($password1 !== $password2) { |
| 82 | throw new OIDplusException(_L('Passwords do not match')); |
75 | throw new OIDplusException(_L('Passwords do not match')); |
| 83 | } |
76 | } |
| Line 159... | Line 152... | ||
| 159 | } |
152 | } |
| 160 | } else if (explode('$',$id)[0] == 'oidplus:activate_ra') { |
153 | } else if (explode('$',$id)[0] == 'oidplus:activate_ra') { |
| 161 | $handled = true; |
154 | $handled = true; |
| 162 | 155 | ||
| 163 | $email = explode('$',$id)[1]; |
156 | $email = explode('$',$id)[1]; |
| 164 | $timestamp = explode('$',$id)[2]; |
- | |
| 165 | $auth = explode('$',$id)[3]; |
157 | $auth = explode('$',$id)[2]; |
| 166 | 158 | ||
| 167 | $out['title'] = _L('Register as Registration Authority'); |
159 | $out['title'] = _L('Register as Registration Authority'); |
| 168 | 160 | ||
| 169 | if (!OIDplus::config()->getValue('ra_invitation_enabled')) { |
161 | if (!OIDplus::config()->getValue('ra_invitation_enabled')) { |
| 170 | throw new OIDplusException(_L('Invitations are disabled by the administrator.'), $out['title']); |
162 | throw new OIDplusException(_L('Invitations are disabled by the administrator.'), $out['title']); |
| Line 174... | Line 166... | ||
| 174 | 166 | ||
| 175 | $res = OIDplus::db()->query("select * from ###ra where email = ?", array($email)); |
167 | $res = OIDplus::db()->query("select * from ###ra where email = ?", array($email)); |
| 176 | if ($res->any()) { |
168 | if ($res->any()) { |
| 177 | $out['text'] = _L('This RA is already registered and does not need to be invited.'); |
169 | $out['text'] = _L('This RA is already registered and does not need to be invited.'); |
| 178 | } else { |
170 | } else { |
| 179 | if (!OIDplus::authUtils()->validateAuthKey('activate_ra;'.$email.';'.$timestamp, $auth)) { |
171 | if (!OIDplus::authUtils()->validateAuthKey(['ed840c3e-f4fa-11ed-b67e-3c4a92df8582',$email], $auth, OIDplus::config()->getValue('max_ra_invite_time',-1))) { |
| 180 | throw new OIDplusException(_L('Invalid authorization. Is the URL OK?'), $out['title']); |
172 | throw new OIDplusException(_L('Invalid authorization. Is the URL OK?'), $out['title']); |
| 181 | } else { |
173 | } else { |
| 182 | // TODO: like in the FreeOID plugin, we could ask here at least for a name for the RA |
174 | // TODO: like in the FreeOID plugin, we could ask here at least for a name for the RA |
| 183 | $out['text'] = '<p>'._L('E-Mail-Address').': <b>'.$email.'</b></p> |
175 | $out['text'] = '<p>'._L('E-Mail-Address').': <b>'.$email.'</b></p> |
| 184 | 176 | ||
| 185 | <form id="activateRaForm" action="javascript:void(0);" onsubmit="return OIDplusPageRaInvite.activateRaFormOnSubmit();"> |
177 | <form id="activateRaForm" action="javascript:void(0);" onsubmit="return OIDplusPageRaInvite.activateRaFormOnSubmit();"> |
| 186 | <input type="hidden" id="email" value="'.htmlentities($email).'"/> |
178 | <input type="hidden" id="email" value="'.htmlentities($email).'"/> |
| 187 | <input type="hidden" id="timestamp" value="'.htmlentities($timestamp).'"/> |
- | |
| 188 | <input type="hidden" id="auth" value="'.htmlentities($auth).'"/> |
179 | <input type="hidden" id="auth" value="'.htmlentities($auth).'"/> |
| 189 | <div><label class="padding_label">'._L('New password').':</label><input type="password" id="password1" value=""/></div> |
180 | <div><label class="padding_label">'._L('New password').':</label><input type="password" id="password1" value=""/></div> |
| 190 | <div><label class="padding_label">'._L('Repeat').':</label><input type="password" id="password2" value=""/></div> |
181 | <div><label class="padding_label">'._L('Repeat').':</label><input type="password" id="password2" value=""/></div> |
| 191 | <br><input type="submit" value="'._L('Register').'"> |
182 | <br><input type="submit" value="'._L('Register').'"> |
| 192 | </form>'; |
183 | </form>'; |