2017-03-02 03:24:38 +01:00
|
|
|
<?php
|
|
|
|
|
2017-04-22 06:30:10 +02:00
|
|
|
namespace SilverStripe\Security\MemberAuthenticator;
|
2017-03-02 03:24:38 +01:00
|
|
|
|
|
|
|
use SilverStripe\Control\Controller;
|
|
|
|
use SilverStripe\Control\HTTPResponse;
|
|
|
|
use SilverStripe\Control\Session;
|
2017-04-22 06:30:10 +02:00
|
|
|
use SilverStripe\Control\RequestHandler;
|
2017-03-02 03:24:38 +01:00
|
|
|
use SilverStripe\ORM\ValidationResult;
|
2017-04-22 06:30:10 +02:00
|
|
|
use SilverStripe\Security\Security;
|
|
|
|
use SilverStripe\Security\Member;
|
2017-05-07 21:11:00 +02:00
|
|
|
use SilverStripe\Core\Injector\Injector;
|
|
|
|
use SilverStripe\Security\IdentityStore;
|
2017-03-02 03:24:38 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Handle login requests from MemberLoginForm
|
|
|
|
*/
|
2017-04-22 06:30:10 +02:00
|
|
|
class LoginHandler extends RequestHandler
|
2017-03-02 03:24:38 +01:00
|
|
|
{
|
2017-04-22 06:30:10 +02:00
|
|
|
protected $authenticator;
|
|
|
|
|
|
|
|
private static $url_handlers = [
|
|
|
|
'' => 'login',
|
|
|
|
];
|
2017-03-02 03:24:38 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Since the logout and dologin actions may be conditionally removed, it's necessary to ensure these
|
|
|
|
* remain valid actions regardless of the member login state.
|
|
|
|
*
|
|
|
|
* @var array
|
|
|
|
* @config
|
|
|
|
*/
|
|
|
|
private static $allowed_actions = [
|
2017-04-22 06:30:10 +02:00
|
|
|
'login',
|
|
|
|
'LoginForm',
|
2017-03-02 03:24:38 +01:00
|
|
|
'dologin',
|
|
|
|
'logout',
|
|
|
|
];
|
|
|
|
|
2017-04-22 06:30:10 +02:00
|
|
|
private $link = null;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @param string $link The URL to recreate this request handler
|
|
|
|
* @param Authenticator $authenticator The
|
|
|
|
*/
|
|
|
|
public function __construct($link, Authenticator $authenticator)
|
|
|
|
{
|
|
|
|
$this->link = $link;
|
|
|
|
$this->authenticator = $authenticator;
|
|
|
|
parent::__construct($link, $this);
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Return a link to this request handler.
|
|
|
|
* The link returned is supplied in the constructor
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
public function link($action = null)
|
|
|
|
{
|
|
|
|
if ($action) {
|
|
|
|
return Controller::join_links($this->link, $action);
|
|
|
|
} else {
|
|
|
|
return $this->link;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* URL handler for the log-in screen
|
|
|
|
*/
|
|
|
|
public function login()
|
|
|
|
{
|
|
|
|
return [
|
|
|
|
'Form' => $this->loginForm(),
|
|
|
|
];
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Return the MemberLoginForm form
|
|
|
|
*/
|
|
|
|
public function loginForm()
|
|
|
|
{
|
|
|
|
return LoginForm::create(
|
|
|
|
$this,
|
|
|
|
get_class($this->authenticator),
|
|
|
|
'LoginForm'
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
2017-03-02 03:24:38 +01:00
|
|
|
/**
|
|
|
|
* Login form handler method
|
|
|
|
*
|
|
|
|
* This method is called when the user clicks on "Log in"
|
|
|
|
*
|
|
|
|
* @param array $data Submitted data
|
2017-04-30 05:17:26 +02:00
|
|
|
* @param LoginForm $form
|
2017-03-02 03:24:38 +01:00
|
|
|
* @return HTTPResponse
|
|
|
|
*/
|
2017-04-23 05:30:33 +02:00
|
|
|
public function doLogin($data, $form)
|
2017-03-02 03:24:38 +01:00
|
|
|
{
|
2017-04-23 05:30:33 +02:00
|
|
|
$failureMessage = null;
|
|
|
|
|
|
|
|
// Successful login
|
|
|
|
if ($member = $this->checkLogin($data, $failureMessage)) {
|
2017-05-07 21:11:00 +02:00
|
|
|
$this->performLogin($member, $data, $form->getRequestHandler()->getRequest());
|
2017-04-23 05:30:33 +02:00
|
|
|
return $this->redirectAfterSuccessfulLogin();
|
2017-03-02 03:24:38 +01:00
|
|
|
}
|
|
|
|
|
2017-04-23 05:30:33 +02:00
|
|
|
$form->sessionMessage($failureMessage, 'bad');
|
|
|
|
|
|
|
|
// Failed login
|
|
|
|
|
2017-03-02 03:24:38 +01:00
|
|
|
/** @skipUpgrade */
|
|
|
|
if (array_key_exists('Email', $data)) {
|
|
|
|
Session::set('SessionForms.MemberLoginForm.Email', $data['Email']);
|
|
|
|
Session::set('SessionForms.MemberLoginForm.Remember', isset($data['Remember']));
|
|
|
|
}
|
|
|
|
|
|
|
|
// Fail to login redirects back to form
|
2017-04-23 05:30:33 +02:00
|
|
|
return $form->getRequestHandler()->redirectBackToForm();
|
2017-03-02 03:24:38 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public function getReturnReferer()
|
|
|
|
{
|
2017-04-22 06:30:10 +02:00
|
|
|
return $this->link();
|
2017-03-02 03:24:38 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Login in the user and figure out where to redirect the browser.
|
|
|
|
*
|
|
|
|
* The $data has this format
|
|
|
|
* array(
|
|
|
|
* 'AuthenticationMethod' => 'MemberAuthenticator',
|
|
|
|
* 'Email' => 'sam@silverstripe.com',
|
|
|
|
* 'Password' => '1nitialPassword',
|
|
|
|
* 'BackURL' => 'test/link',
|
|
|
|
* [Optional: 'Remember' => 1 ]
|
|
|
|
* )
|
|
|
|
*
|
|
|
|
* @param array $data
|
|
|
|
* @return HTTPResponse
|
|
|
|
*/
|
2017-04-23 05:30:33 +02:00
|
|
|
protected function redirectAfterSuccessfulLogin()
|
2017-03-02 03:24:38 +01:00
|
|
|
{
|
|
|
|
Session::clear('SessionForms.MemberLoginForm.Email');
|
|
|
|
Session::clear('SessionForms.MemberLoginForm.Remember');
|
|
|
|
|
|
|
|
$member = Member::currentUser();
|
|
|
|
if ($member->isPasswordExpired()) {
|
|
|
|
return $this->redirectToChangePassword();
|
|
|
|
}
|
|
|
|
|
|
|
|
// Absolute redirection URLs may cause spoofing
|
|
|
|
$backURL = $this->getBackURL();
|
|
|
|
if ($backURL) {
|
|
|
|
return $this->redirect($backURL);
|
|
|
|
}
|
|
|
|
|
|
|
|
// If a default login dest has been set, redirect to that.
|
|
|
|
$defaultLoginDest = Security::config()->get('default_login_dest');
|
|
|
|
if ($defaultLoginDest) {
|
|
|
|
return $this->redirect($defaultLoginDest);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Redirect the user to the page where they came from
|
|
|
|
if ($member) {
|
|
|
|
// Welcome message
|
|
|
|
$message = _t(
|
2017-04-20 03:15:24 +02:00
|
|
|
'SilverStripe\\Security\\Member.WELCOMEBACK',
|
2017-03-02 03:24:38 +01:00
|
|
|
"Welcome Back, {firstname}",
|
|
|
|
['firstname' => $member->FirstName]
|
|
|
|
);
|
|
|
|
Security::setLoginMessage($message, ValidationResult::TYPE_GOOD);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Redirect back
|
|
|
|
return $this->redirectBack();
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Log out form handler method
|
|
|
|
*
|
|
|
|
* This method is called when the user clicks on "logout" on the form
|
|
|
|
* created when the parameter <i>$checkCurrentUser</i> of the
|
|
|
|
* {@link __construct constructor} was set to TRUE and the user was
|
|
|
|
* currently logged in.
|
|
|
|
*
|
|
|
|
* @return HTTPResponse
|
|
|
|
*/
|
|
|
|
public function logout()
|
|
|
|
{
|
2017-04-23 05:30:33 +02:00
|
|
|
Security::singleton()->logout();
|
|
|
|
return $this->redirectBack();
|
2017-03-02 03:24:38 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Try to authenticate the user
|
|
|
|
*
|
|
|
|
* @param array $data Submitted data
|
|
|
|
* @return Member Returns the member object on successful authentication
|
|
|
|
* or NULL on failure.
|
|
|
|
*/
|
2017-04-23 05:30:33 +02:00
|
|
|
public function checkLogin($data, &$message)
|
2017-03-02 03:24:38 +01:00
|
|
|
{
|
2017-04-22 06:30:10 +02:00
|
|
|
$message = null;
|
|
|
|
$member = $this->authenticator->authenticate($data, $message);
|
2017-03-02 03:24:38 +01:00
|
|
|
if ($member) {
|
|
|
|
return $member;
|
2017-04-23 05:30:33 +02:00
|
|
|
|
2017-04-22 06:30:10 +02:00
|
|
|
} else {
|
2017-04-23 05:30:33 +02:00
|
|
|
// No member, can't login
|
|
|
|
$this->extend('authenticationFailed', $data);
|
|
|
|
return null;
|
2017-03-02 03:24:38 +01:00
|
|
|
|
2017-04-23 05:30:33 +02:00
|
|
|
}
|
2017-03-02 03:24:38 +01:00
|
|
|
}
|
|
|
|
|
2017-04-23 05:30:33 +02:00
|
|
|
/**
|
|
|
|
* Try to authenticate the user
|
|
|
|
*
|
|
|
|
* @param array $data Submitted data
|
|
|
|
* @return Member Returns the member object on successful authentication
|
|
|
|
* or NULL on failure.
|
|
|
|
*/
|
2017-05-07 21:11:00 +02:00
|
|
|
public function performLogin($member, $data, $request)
|
2017-04-23 05:30:33 +02:00
|
|
|
{
|
2017-05-07 21:11:00 +02:00
|
|
|
// @todo pass request/response
|
|
|
|
Injector::inst()->get(IdentityStore::class)->logIn($member, !empty($data['Remember']), $request);
|
2017-04-23 05:30:33 +02:00
|
|
|
return $member;
|
|
|
|
}
|
2017-03-02 03:24:38 +01:00
|
|
|
/**
|
|
|
|
* Invoked if password is expired and must be changed
|
|
|
|
*
|
|
|
|
* @skipUpgrade
|
|
|
|
* @return HTTPResponse
|
|
|
|
*/
|
|
|
|
protected function redirectToChangePassword()
|
|
|
|
{
|
2017-04-22 06:30:10 +02:00
|
|
|
$cp = ChangePasswordForm::create($this, 'ChangePasswordForm');
|
2017-03-02 03:24:38 +01:00
|
|
|
$cp->sessionMessage(
|
2017-05-08 13:34:39 +02:00
|
|
|
_t('SilverStripe\\Security\\Member.PASSWORDEXPIRED', 'Your password has expired. Please choose a new one.'),
|
2017-03-02 03:24:38 +01:00
|
|
|
'good'
|
|
|
|
);
|
|
|
|
$changedPasswordLink = Security::singleton()->Link('changepassword');
|
|
|
|
return $this->redirect($this->addBackURLParam($changedPasswordLink));
|
|
|
|
}
|
2017-04-22 06:30:10 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @todo copypaste from FormRequestHandler - refactor
|
|
|
|
*/
|
|
|
|
protected function addBackURLParam($link)
|
|
|
|
{
|
|
|
|
$backURL = $this->getBackURL();
|
|
|
|
if ($backURL) {
|
|
|
|
return Controller::join_links($link, '?BackURL=' . urlencode($backURL));
|
|
|
|
}
|
|
|
|
return $link;
|
|
|
|
}
|
2017-03-02 03:24:38 +01:00
|
|
|
}
|