]>
Commit | Line | Data |
---|---|---|
6c50a6cc A |
1 | <?php |
2 | ||
3 | declare(strict_types=1); | |
4 | ||
2899ebb5 | 5 | namespace Shaarli\Front\Controller\Visitor; |
6c50a6cc | 6 | |
a8c11451 | 7 | use Shaarli\Front\Exception\CantLoginException; |
6c50a6cc | 8 | use Shaarli\Front\Exception\LoginBannedException; |
a8c11451 | 9 | use Shaarli\Front\Exception\WrongTokenException; |
1a8ac737 | 10 | use Shaarli\Render\TemplatePage; |
a8c11451 A |
11 | use Shaarli\Security\CookieManager; |
12 | use Shaarli\Security\SessionManager; | |
6c50a6cc A |
13 | use Slim\Http\Request; |
14 | use Slim\Http\Response; | |
15 | ||
16 | /** | |
17 | * Class LoginController | |
18 | * | |
19 | * Slim controller used to render the login page. | |
20 | * | |
21 | * The login page is not available if the user is banned | |
22 | * or if open shaarli setting is enabled. | |
6c50a6cc | 23 | */ |
2899ebb5 | 24 | class LoginController extends ShaarliVisitorController |
6c50a6cc | 25 | { |
a8c11451 A |
26 | /** |
27 | * GET /login - Display the login page. | |
28 | */ | |
6c50a6cc A |
29 | public function index(Request $request, Response $response): Response |
30 | { | |
a8c11451 A |
31 | try { |
32 | $this->checkLoginState(); | |
33 | } catch (CantLoginException $e) { | |
9c75f877 | 34 | return $this->redirect($response, '/'); |
6c50a6cc A |
35 | } |
36 | ||
a8c11451 A |
37 | if ($request->getParam('login') !== null) { |
38 | $this->assignView('username', escape($request->getParam('login'))); | |
6c50a6cc A |
39 | } |
40 | ||
a8c11451 | 41 | $returnUrl = $request->getParam('returnurl') ?? $this->container->environment['HTTP_REFERER'] ?? null; |
6c50a6cc A |
42 | |
43 | $this | |
a8c11451 | 44 | ->assignView('returnurl', escape($returnUrl)) |
27ceea2a | 45 | ->assignView('remember_user_default', $this->container->conf->get('privacy.remember_user_default', true)) |
53054b2b | 46 | ->assignView('pagetitle', t('Login') . ' - ' . $this->container->conf->get('general.title', 'Shaarli')) |
6c50a6cc A |
47 | ; |
48 | ||
1a8ac737 | 49 | return $response->write($this->render(TemplatePage::LOGIN)); |
6c50a6cc | 50 | } |
a8c11451 A |
51 | |
52 | /** | |
53 | * POST /login - Process login | |
54 | */ | |
55 | public function login(Request $request, Response $response): Response | |
56 | { | |
57 | if (!$this->container->sessionManager->checkToken($request->getParam('token'))) { | |
58 | throw new WrongTokenException(); | |
59 | } | |
60 | ||
61 | try { | |
62 | $this->checkLoginState(); | |
63 | } catch (CantLoginException $e) { | |
64 | return $this->redirect($response, '/'); | |
65 | } | |
66 | ||
53054b2b A |
67 | if ( |
68 | !$this->container->loginManager->checkCredentials( | |
a8c11451 A |
69 | client_ip_id($this->container->environment), |
70 | $request->getParam('login'), | |
71 | $request->getParam('password') | |
72 | ) | |
73 | ) { | |
74 | $this->container->loginManager->handleFailedLogin($this->container->environment); | |
75 | ||
76 | $this->container->sessionManager->setSessionParameter( | |
77 | SessionManager::KEY_ERROR_MESSAGES, | |
78 | [t('Wrong login/password.')] | |
79 | ); | |
80 | ||
81 | // Call controller directly instead of unnecessary redirection | |
82 | return $this->index($request, $response); | |
83 | } | |
84 | ||
85 | $this->container->loginManager->handleSuccessfulLogin($this->container->environment); | |
86 | ||
87 | $cookiePath = $this->container->basePath . '/'; | |
88 | $expirationTime = $this->saveLongLastingSession($request, $cookiePath); | |
89 | $this->renewUserSession($cookiePath, $expirationTime); | |
90 | ||
91 | // Force referer from given return URL | |
92 | $this->container->environment['HTTP_REFERER'] = $request->getParam('returnurl'); | |
93 | ||
a285668e | 94 | return $this->redirectFromReferer($request, $response, ['login', 'install']); |
a8c11451 A |
95 | } |
96 | ||
97 | /** | |
98 | * Make sure that the user is allowed to login and/or displaying the login page: | |
99 | * - not already logged in | |
100 | * - not open shaarli | |
101 | * - not banned | |
102 | */ | |
103 | protected function checkLoginState(): bool | |
104 | { | |
53054b2b A |
105 | if ( |
106 | $this->container->loginManager->isLoggedIn() | |
a8c11451 A |
107 | || $this->container->conf->get('security.open_shaarli', false) |
108 | ) { | |
109 | throw new CantLoginException(); | |
110 | } | |
111 | ||
112 | if (true !== $this->container->loginManager->canLogin($this->container->environment)) { | |
113 | throw new LoginBannedException(); | |
114 | } | |
115 | ||
116 | return true; | |
117 | } | |
118 | ||
119 | /** | |
120 | * @return int Session duration in seconds | |
121 | */ | |
122 | protected function saveLongLastingSession(Request $request, string $cookiePath): int | |
123 | { | |
124 | if (empty($request->getParam('longlastingsession'))) { | |
125 | // Standard session expiration (=when browser closes) | |
126 | $expirationTime = 0; | |
127 | } else { | |
128 | // Keep the session cookie even after the browser closes | |
129 | $this->container->sessionManager->setStaySignedIn(true); | |
130 | $expirationTime = $this->container->sessionManager->extendSession(); | |
131 | } | |
132 | ||
133 | $this->container->cookieManager->setCookieParameter( | |
134 | CookieManager::STAY_SIGNED_IN, | |
135 | $this->container->loginManager->getStaySignedInToken(), | |
136 | $expirationTime, | |
137 | $cookiePath | |
138 | ); | |
139 | ||
140 | return $expirationTime; | |
141 | } | |
142 | ||
143 | protected function renewUserSession(string $cookiePath, int $expirationTime): void | |
144 | { | |
145 | // Send cookie with the new expiration date to the browser | |
146 | $this->container->sessionManager->destroy(); | |
147 | $this->container->sessionManager->cookieParameters( | |
148 | $expirationTime, | |
149 | $cookiePath, | |
150 | $this->container->environment['SERVER_NAME'] | |
151 | ); | |
152 | $this->container->sessionManager->start(); | |
153 | $this->container->sessionManager->regenerateId(true); | |
154 | } | |
6c50a6cc | 155 | } |