[github/shaarli/Shaarli.git] / application / front / controller / visitor / LoginController.php

<?php

declare(strict_types=1);

namespace Shaarli\Front\Controller\Visitor;

use Shaarli\Front\Exception\CantLoginException;
use Shaarli\Front\Exception\LoginBannedException;
use Shaarli\Front\Exception\WrongTokenException;
use Shaarli\Render\TemplatePage;
use Shaarli\Security\CookieManager;
use Shaarli\Security\SessionManager;
use Slim\Http\Request;
use Slim\Http\Response;

/**
 * Class LoginController
 *
 * Slim controller used to render the login page.
 *
 * The login page is not available if the user is banned
 * or if open shaarli setting is enabled.
 */
class LoginController extends ShaarliVisitorController
{
    /**
     * GET /login - Display the login page.
     */
    public function index(Request $request, Response $response): Response
    {
        try {
            $this->checkLoginState();
        } catch (CantLoginException $e) {
            return $this->redirect($response, '/');
        }

        if ($request->getParam('login') !== null) {
            $this->assignView('username', escape($request->getParam('login')));
        }

        $returnUrl = $request->getParam('returnurl') ?? $this->container->environment['HTTP_REFERER'] ?? null;

        $this
            ->assignView('returnurl', escape($returnUrl))
            ->assignView('remember_user_default', $this->container->conf->get('privacy.remember_user_default', true))
            ->assignView('pagetitle', t('Login') .' - '. $this->container->conf->get('general.title', 'Shaarli'))
        ;

        return $response->write($this->render(TemplatePage::LOGIN));
    }

    /**
     * POST /login - Process login
     */
    public function login(Request $request, Response $response): Response
    {
        if (!$this->container->sessionManager->checkToken($request->getParam('token'))) {
            throw new WrongTokenException();
        }

        try {
            $this->checkLoginState();
        } catch (CantLoginException $e) {
            return $this->redirect($response, '/');
        }

        if (!$this->container->loginManager->checkCredentials(
                client_ip_id($this->container->environment),
                $request->getParam('login'),
                $request->getParam('password')
            )
        ) {
            $this->container->loginManager->handleFailedLogin($this->container->environment);

            $this->container->sessionManager->setSessionParameter(
                SessionManager::KEY_ERROR_MESSAGES,
                [t('Wrong login/password.')]
            );

            // Call controller directly instead of unnecessary redirection
            return $this->index($request, $response);
        }

        $this->container->loginManager->handleSuccessfulLogin($this->container->environment);

        $cookiePath = $this->container->basePath . '/';
        $expirationTime = $this->saveLongLastingSession($request, $cookiePath);
        $this->renewUserSession($cookiePath, $expirationTime);

        // Force referer from given return URL
        $this->container->environment['HTTP_REFERER'] = $request->getParam('returnurl');

        return $this->redirectFromReferer($request, $response, ['login', 'install']);
    }

    /**
     * Make sure that the user is allowed to login and/or displaying the login page:
     *   - not already logged in
     *   - not open shaarli
     *   - not banned
     */
    protected function checkLoginState(): bool
    {
        if ($this->container->loginManager->isLoggedIn()
            || $this->container->conf->get('security.open_shaarli', false)
        ) {
            throw new CantLoginException();
        }

        if (true !== $this->container->loginManager->canLogin($this->container->environment)) {
            throw new LoginBannedException();
        }

        return true;
    }

    /**
     * @return int Session duration in seconds
     */
    protected function saveLongLastingSession(Request $request, string $cookiePath): int
    {
        if (empty($request->getParam('longlastingsession'))) {
            // Standard session expiration (=when browser closes)
            $expirationTime = 0;
        } else {
            // Keep the session cookie even after the browser closes
            $this->container->sessionManager->setStaySignedIn(true);
            $expirationTime = $this->container->sessionManager->extendSession();
        }

        $this->container->cookieManager->setCookieParameter(
            CookieManager::STAY_SIGNED_IN,
            $this->container->loginManager->getStaySignedInToken(),
            $expirationTime,
            $cookiePath
        );

        return $expirationTime;
    }

    protected function renewUserSession(string $cookiePath, int $expirationTime): void
    {
        // Send cookie with the new expiration date to the browser
        $this->container->sessionManager->destroy();
        $this->container->sessionManager->cookieParameters(
            $expirationTime,
            $cookiePath,
            $this->container->environment['SERVER_NAME']
        );
        $this->container->sessionManager->start();
        $this->container->sessionManager->regenerateId(true);
    }
}
Commit	Line	Data
6c50a6cc A	1	<?php
	2
	3	declare(strict_types=1);
	4
2899ebb5	5	namespace Shaarli\Front\Controller\Visitor;
6c50a6cc	6
a8c11451	7	use Shaarli\Front\Exception\CantLoginException;
6c50a6cc	8	use Shaarli\Front\Exception\LoginBannedException;
a8c11451	9	use Shaarli\Front\Exception\WrongTokenException;
1a8ac737	10	use Shaarli\Render\TemplatePage;
a8c11451 A	11	use Shaarli\Security\CookieManager;
a8c11451 A	12	use Shaarli\Security\SessionManager;
6c50a6cc A	13	use Slim\Http\Request;
	14	use Slim\Http\Response;
	15
	16	/**
	17	* Class LoginController
	18	*
	19	* Slim controller used to render the login page.
	20	*
	21	* The login page is not available if the user is banned
	22	* or if open shaarli setting is enabled.
6c50a6cc	23	*/
2899ebb5	24	class LoginController extends ShaarliVisitorController
6c50a6cc	25	{
a8c11451 A	26	/**
	27	* GET /login - Display the login page.
	28	*/
6c50a6cc A	29	public function index(Request $request, Response $response): Response
6c50a6cc A	30	{
a8c11451 A	31	try {
	32	$this->checkLoginState();
	33	} catch (CantLoginException $e) {
9c75f877	34	return $this->redirect($response, '/');
6c50a6cc A	35	}
6c50a6cc A	36
a8c11451 A	37	if ($request->getParam('login') !== null) {
a8c11451 A	38	$this->assignView('username', escape($request->getParam('login')));
6c50a6cc A	39	}
6c50a6cc A	40
a8c11451	41	$returnUrl = $request->getParam('returnurl') ?? $this->container->environment['HTTP_REFERER'] ?? null;
6c50a6cc A	42
6c50a6cc A	43	$this
a8c11451	44	->assignView('returnurl', escape($returnUrl))
27ceea2a A	45	->assignView('remember_user_default', $this->container->conf->get('privacy.remember_user_default', true))
27ceea2a A	46	->assignView('pagetitle', t('Login') .' - '. $this->container->conf->get('general.title', 'Shaarli'))
6c50a6cc A	47	;
6c50a6cc A	48
1a8ac737	49	return $response->write($this->render(TemplatePage::LOGIN));
6c50a6cc	50	}
a8c11451 A	51
	52	/**
	53	* POST /login - Process login
	54	*/
	55	public function login(Request $request, Response $response): Response
	56	{
	57	if (!$this->container->sessionManager->checkToken($request->getParam('token'))) {
	58	throw new WrongTokenException();
	59	}
	60
	61	try {
	62	$this->checkLoginState();
	63	} catch (CantLoginException $e) {
	64	return $this->redirect($response, '/');
	65	}
	66
	67	if (!$this->container->loginManager->checkCredentials(
a8c11451 A	68	client_ip_id($this->container->environment),
	69	$request->getParam('login'),
	70	$request->getParam('password')
	71	)
	72	) {
	73	$this->container->loginManager->handleFailedLogin($this->container->environment);
	74
	75	$this->container->sessionManager->setSessionParameter(
	76	SessionManager::KEY_ERROR_MESSAGES,
	77	[t('Wrong login/password.')]
	78	);
	79
	80	// Call controller directly instead of unnecessary redirection
	81	return $this->index($request, $response);
	82	}
	83
	84	$this->container->loginManager->handleSuccessfulLogin($this->container->environment);
	85
	86	$cookiePath = $this->container->basePath . '/';
	87	$expirationTime = $this->saveLongLastingSession($request, $cookiePath);
	88	$this->renewUserSession($cookiePath, $expirationTime);
	89
	90	// Force referer from given return URL
	91	$this->container->environment['HTTP_REFERER'] = $request->getParam('returnurl');
	92
a285668e	93	return $this->redirectFromReferer($request, $response, ['login', 'install']);
a8c11451 A	94	}
	95
	96	/**
	97	* Make sure that the user is allowed to login and/or displaying the login page:
	98	* - not already logged in
	99	* - not open shaarli
	100	* - not banned
	101	*/
	102	protected function checkLoginState(): bool
	103	{
	104	if ($this->container->loginManager->isLoggedIn()
	105	\|\| $this->container->conf->get('security.open_shaarli', false)
	106	) {
	107	throw new CantLoginException();
	108	}
	109
	110	if (true !== $this->container->loginManager->canLogin($this->container->environment)) {
	111	throw new LoginBannedException();
	112	}
	113
	114	return true;
	115	}
	116
	117	/**
	118	* @return int Session duration in seconds
	119	*/
	120	protected function saveLongLastingSession(Request $request, string $cookiePath): int
	121	{
	122	if (empty($request->getParam('longlastingsession'))) {
	123	// Standard session expiration (=when browser closes)
	124	$expirationTime = 0;
	125	} else {
	126	// Keep the session cookie even after the browser closes
	127	$this->container->sessionManager->setStaySignedIn(true);
	128	$expirationTime = $this->container->sessionManager->extendSession();
	129	}
	130
	131	$this->container->cookieManager->setCookieParameter(
	132	CookieManager::STAY_SIGNED_IN,
	133	$this->container->loginManager->getStaySignedInToken(),
	134	$expirationTime,
	135	$cookiePath
	136	);
	137
	138	return $expirationTime;
	139	}
	140
	141	protected function renewUserSession(string $cookiePath, int $expirationTime): void
	142	{
	143	// Send cookie with the new expiration date to the browser
	144	$this->container->sessionManager->destroy();
	145	$this->container->sessionManager->cookieParameters(
	146	$expirationTime,
	147	$cookiePath,
	148	$this->container->environment['SERVER_NAME']
	149	);
	150	$this->container->sessionManager->start();
	151	$this->container->sessionManager->regenerateId(true);
	152	}
6c50a6cc	153	}