Rev 1293 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 1293 | Rev 1410 | ||
|---|---|---|---|
| Line 30... | Line 30... | ||
| 30 | * @return array |
30 | * @return array |
| 31 | * @throws OIDplusException |
31 | * @throws OIDplusException |
| 32 | * @throws OIDplusMailException |
32 | * @throws OIDplusMailException |
| 33 | */ |
33 | */ |
| 34 | private function action_Request(array $params): array { |
34 | private function action_Request(array $params): array { |
| 35 | $email = $params['email']; |
35 | $email = $params['email'] ?? ""; |
| 36 | - | ||
| 37 | if (!OIDplus::mailUtils()->validMailAddress($email)) { |
- | |
| 38 | throw new OIDplusException(_L('Invalid email address')); |
- | |
| 39 | } |
- | |
| 40 | 36 | ||
| 41 | OIDplus::getActiveCaptchaPlugin()->captchaVerify($params, 'captcha'); |
37 | OIDplus::getActiveCaptchaPlugin()->captchaVerify($params, 'captcha'); |
| 42 | 38 | ||
| 43 | $this->inviteSecurityCheck($email); |
39 | $this->inviteSecurityCheck($email); |
| - | 40 | ||
| 44 | // TODO: should we also log who has invited? |
41 | $by = OIDplus::authUtils()->isAdminLoggedIn() ? 'the system administrator' : 'a superior Registration Authority'; |
| 45 | OIDplus::logger()->log("V2:[INFO]RA(%1)", "RA '%1' has been invited", $email); |
42 | OIDplus::logger()->log("V2:[INFO]RA(%1)", "RA '%1' has been invited by %2", $email, $by); |
| 46 | 43 | ||
| 47 | $activate_url = OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL) . '?goto='.urlencode('oidplus:activate_ra$'.$email.'$'.OIDplus::authUtils()->makeAuthKey(['ed840c3e-f4fa-11ed-b67e-3c4a92df8582',$email])); |
44 | $activate_url = OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL) . '?goto='.urlencode('oidplus:activate_ra$'.$email.'$'.OIDplus::authUtils()->makeAuthKey(['ed840c3e-f4fa-11ed-b67e-3c4a92df8582',$email])); |
| 48 | 45 | ||
| 49 | $message = $this->getInvitationText($email); |
46 | $message = $this->getInvitationText($email); |
| 50 | $message = str_replace('{{ACTIVATE_URL}}', $activate_url, $message); |
47 | $message = str_replace('{{ACTIVATE_URL}}', $activate_url, $message); |
| Line 73... | Line 70... | ||
| 73 | 70 | ||
| 74 | if (!OIDplus::authUtils()->validateAuthKey(['ed840c3e-f4fa-11ed-b67e-3c4a92df8582',$email], $auth, OIDplus::config()->getValue('max_ra_invite_time',-1))) { |
71 | if (!OIDplus::authUtils()->validateAuthKey(['ed840c3e-f4fa-11ed-b67e-3c4a92df8582',$email], $auth, OIDplus::config()->getValue('max_ra_invite_time',-1))) { |
| 75 | throw new OIDplusException(_L('Invalid or expired authentication key')); |
72 | throw new OIDplusException(_L('Invalid or expired authentication key')); |
| 76 | } |
73 | } |
| 77 | 74 | ||
| - | 75 | if (!$email || !OIDplus::mailUtils()->validMailAddress($email)) { |
|
| - | 76 | throw new OIDplusException(_L('Invalid email address')); |
|
| - | 77 | } |
|
| - | 78 | ||
| 78 | if ($password1 !== $password2) { |
79 | if ($password1 !== $password2) { |
| 79 | throw new OIDplusException(_L('Passwords do not match')); |
80 | throw new OIDplusException(_L('Passwords do not match')); |
| 80 | } |
81 | } |
| 81 | 82 | ||
| 82 | if (strlen($password1) < OIDplus::config()->getValue('ra_min_password_length')) { |
83 | if (strlen($password1) < OIDplus::config()->getValue('ra_min_password_length')) { |
| Line 136... | Line 137... | ||
| 136 | */ |
137 | */ |
| 137 | public function gui(string $id, array &$out, bool &$handled) { |
138 | public function gui(string $id, array &$out, bool &$handled) { |
| 138 | if (explode('$',$id)[0] == 'oidplus:invite_ra') { |
139 | if (explode('$',$id)[0] == 'oidplus:invite_ra') { |
| 139 | $handled = true; |
140 | $handled = true; |
| 140 | 141 | ||
| 141 | $email = explode('$',$id)[1]; |
142 | $email = explode('$',$id)[1] ?? null; |
| 142 | $origin = explode('$',$id)[2]; |
143 | $origin = explode('$',$id)[2] ?? "oidplus:system"; |
| 143 | 144 | ||
| 144 | $out['title'] = _L('Invite a Registration Authority'); |
145 | $out['title'] = _L('Invite a Registration Authority'); |
| 145 | 146 | ||
| 146 | if (!OIDplus::config()->getValue('ra_invitation_enabled')) { |
147 | if (!OIDplus::config()->getValue('ra_invitation_enabled')) { |
| 147 | throw new OIDplusException(_L('Invitations are disabled by the administrator.'), $out['title']); |
148 | throw new OIDplusException(_L('Invitations are disabled by the administrator.'), $out['title']); |
| Line 151... | Line 152... | ||
| 151 | 152 | ||
| 152 | try { |
153 | try { |
| 153 | $this->inviteSecurityCheck($email); |
154 | $this->inviteSecurityCheck($email); |
| 154 | $cont = $this->getInvitationText($email); |
155 | $cont = $this->getInvitationText($email); |
| 155 | 156 | ||
| 156 | $out['text'] .= '<p>'._L('You have chosen to invite %1 as a Registration Authority. If you click "Send", the following email will be sent to %2:','<b>'.$email.'</b>',$email).'</p><p><i>'.nl2br(htmlentities($cont)).'</i></p> |
157 | $out['text'] .= '<p>'._L('You have chosen to invite %1 as a Registration Authority. If you click "Send invitation", the following email will be sent to %2:','<b>'.$email.'</b>',$email).'</p><p><i>'.nl2br(htmlentities($cont)).'</i></p> |
| 157 | <form id="inviteForm" action="javascript:void(0);" onsubmit="return OIDplusPageRaInvite.inviteFormOnSubmit();"> |
158 | <form id="inviteForm" action="javascript:void(0);" onsubmit="return OIDplusPageRaInvite.inviteFormOnSubmit();"> |
| 158 | <input type="hidden" id="email" value="'.htmlentities($email).'"/> |
159 | <input type="hidden" id="email" value="'.htmlentities($email).'"/> |
| 159 | <input type="hidden" id="origin" value="'.htmlentities($origin).'"/> |
160 | <input type="hidden" id="origin" value="'.htmlentities($origin).'"/> |
| 160 | '.OIDplus::getActiveCaptchaPlugin()->captchaGenerate().' |
161 | '.OIDplus::getActiveCaptchaPlugin()->captchaGenerate().' |
| 161 | <br> |
162 | <br> |
| - | 163 | <input type="button" value="'._L('Cancel').'" onclick="history.back()"><!-- TODO: redirect to $origin instead? --> |
|
| 162 | <input type="submit" value="'._L('Send invitation').'"> |
164 | <input type="submit" value="'._L('Send invitation').'"> |
| 163 | </form>'; |
165 | </form>'; |
| 164 | 166 | ||
| 165 | } catch (\Exception $e) { |
167 | } catch (\Exception $e) { |
| 166 | 168 | ||
| Line 222... | Line 224... | ||
| 222 | * @param string $email |
224 | * @param string $email |
| 223 | * @return void |
225 | * @return void |
| 224 | * @throws OIDplusException |
226 | * @throws OIDplusException |
| 225 | */ |
227 | */ |
| 226 | private function inviteSecurityCheck(string $email) { |
228 | private function inviteSecurityCheck(string $email) { |
| - | 229 | if (!$email || !OIDplus::mailUtils()->validMailAddress($email)) { |
|
| - | 230 | throw new OIDplusException(_L('Invalid email address')); |
|
| - | 231 | } |
|
| - | 232 | ||
| 227 | $res = OIDplus::db()->query("select * from ###ra where email = ?", array($email)); |
233 | $res = OIDplus::db()->query("select * from ###ra where email = ?", array($email)); |
| 228 | if ($res->any()) { |
234 | if ($res->any()) { |
| 229 | throw new OIDplusException(_L('This RA is already registered and does not need to be invited.')); |
235 | throw new OIDplusException(_L('This RA is already registered and does not need to be invited.')); |
| 230 | } |
236 | } |
| 231 | 237 | ||
| Line 256... | Line 262... | ||
| 256 | $list_of_oids = array(); |
262 | $list_of_oids = array(); |
| 257 | $res = OIDplus::db()->query("select id from ###objects where ra_email = ?", array($email)); |
263 | $res = OIDplus::db()->query("select id from ###objects where ra_email = ?", array($email)); |
| 258 | while ($row = $res->fetch_array()) { |
264 | while ($row = $res->fetch_array()) { |
| 259 | $list_of_oids[] = $row['id']; |
265 | $list_of_oids[] = $row['id']; |
| 260 | } |
266 | } |
| - | 267 | if (count($list_of_oids) == 0) { |
|
| - | 268 | $list_of_oids[] = '(' . _L('None') . ')'; |
|
| - | 269 | } |
|
| 261 | 270 | ||
| 262 | $message = file_get_contents(__DIR__ . '/invite_msg.tpl'); |
271 | $message = file_get_contents(__DIR__ . '/invite_msg.tpl'); |
| 263 | 272 | ||
| 264 | // Resolve stuff |
273 | // Resolve stuff |
| 265 | // Note: {{ACTIVATE_URL}} will be resolved in ajax.php |
- | |
| - | 274 | ||
| 266 | 275 | ||
| 267 | $message = str_replace('{{SYSTEM_URL}}', OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL), $message); |
276 | $message = str_replace('{{SYSTEM_URL}}', OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL), $message); |
| 268 | $message = str_replace('{{OID_LIST}}', implode("\n", $list_of_oids), $message); |
277 | $message = str_replace('{{OID_LIST}}', implode("\n", $list_of_oids), $message); |
| 269 | $message = str_replace('{{ADMIN_EMAIL}}', OIDplus::config()->getValue('admin_email'), $message); |
278 | $message = str_replace('{{ADMIN_EMAIL}}', OIDplus::config()->getValue('admin_email'), $message); |
| - | 279 | $message = str_replace('{{ACTIVATE_URL}}', '[...]', $message); // Note: {{ACTIVATE_URL}} will be resolved in ajax.php, not here! |
|
| 270 | 280 | ||
| 271 | return str_replace('{{PARTY}}', OIDplus::authUtils()->isAdminLoggedIn() ? 'the system administrator' : 'a superior Registration Authority', $message); |
281 | return str_replace('{{PARTY}}', OIDplus::authUtils()->isAdminLoggedIn() ? 'the system administrator' : 'a superior Registration Authority', $message); |
| 272 | } |
282 | } |
| 273 | 283 | ||
| 274 | /** |
284 | /** |