[github/shaarli/Shaarli.git] / application / front / controller / visitor / LoginController.php

<?php

declare(strict_types=1);

namespace Shaarli\Front\Controller\Visitor;

use Shaarli\Front\Exception\CantLoginException;
use Shaarli\Front\Exception\LoginBannedException;
use Shaarli\Front\Exception\WrongTokenException;
use Shaarli\Render\TemplatePage;
use Shaarli\Security\CookieManager;
use Shaarli\Security\SessionManager;
use Slim\Http\Request;
use Slim\Http\Response;

/**
 * Class LoginController
 *
 * Slim controller used to render the login page.
 *
 * The login page is not available if the user is banned
 * or if open shaarli setting is enabled.
 */
class LoginController extends ShaarliVisitorController
{
    /**
     * GET /login - Display the login page.
     */
    public function index(Request $request, Response $response): Response
    {
        try {
            $this->checkLoginState();
        } catch (CantLoginException $e) {
            return $this->redirect($response, '/');
        }

        if ($request->getParam('login') !== null) {
            $this->assignView('username', escape($request->getParam('login')));
        }

        $returnUrl = $request->getParam('returnurl') ?? $this->container->environment['HTTP_REFERER'] ?? null;

        $this
            ->assignView('returnurl', escape($returnUrl))
            ->assignView('remember_user_default', $this->container->conf->get('privacy.remember_user_default', true))
            ->assignView('pagetitle', t('Login') . ' - ' . $this->container->conf->get('general.title', 'Shaarli'))
        ;

        return $response->write($this->render(TemplatePage::LOGIN));
    }

    /**
     * POST /login - Process login
     */
    public function login(Request $request, Response $response): Response
    {
        if (!$this->container->sessionManager->checkToken($request->getParam('token'))) {
            throw new WrongTokenException();
        }

        try {
            $this->checkLoginState();
        } catch (CantLoginException $e) {
            return $this->redirect($response, '/');
        }

        if (
            !$this->container->loginManager->checkCredentials(
                client_ip_id($this->container->environment),
                $request->getParam('login'),
                $request->getParam('password')
            )
        ) {
            $this->container->loginManager->handleFailedLogin($this->container->environment);

            $this->container->sessionManager->setSessionParameter(
                SessionManager::KEY_ERROR_MESSAGES,
                [t('Wrong login/password.')]
            );

            // Call controller directly instead of unnecessary redirection
            return $this->index($request, $response);
        }

        $this->container->loginManager->handleSuccessfulLogin($this->container->environment);

        $cookiePath = $this->container->basePath . '/';
        $expirationTime = $this->saveLongLastingSession($request, $cookiePath);
        $this->renewUserSession($cookiePath, $expirationTime);

        // Force referer from given return URL
        $this->container->environment['HTTP_REFERER'] = $request->getParam('returnurl');

        return $this->redirectFromReferer($request, $response, ['login', 'install']);
    }

    /**
     * Make sure that the user is allowed to login and/or displaying the login page:
     *   - not already logged in
     *   - not open shaarli
     *   - not banned
     */
    protected function checkLoginState(): bool
    {
        if (
            $this->container->loginManager->isLoggedIn()
            || $this->container->conf->get('security.open_shaarli', false)
        ) {
            throw new CantLoginException();
        }

        if (true !== $this->container->loginManager->canLogin($this->container->environment)) {
            throw new LoginBannedException();
        }

        return true;
    }

    /**
     * @return int Session duration in seconds
     */
    protected function saveLongLastingSession(Request $request, string $cookiePath): int
    {
        if (empty($request->getParam('longlastingsession'))) {
            // Standard session expiration (=when browser closes)
            $expirationTime = 0;
        } else {
            // Keep the session cookie even after the browser closes
            $this->container->sessionManager->setStaySignedIn(true);
            $expirationTime = $this->container->sessionManager->extendSession();
        }

        $this->container->cookieManager->setCookieParameter(
            CookieManager::STAY_SIGNED_IN,
            $this->container->loginManager->getStaySignedInToken(),
            $expirationTime,
            $cookiePath
        );

        return $expirationTime;
    }

    protected function renewUserSession(string $cookiePath, int $expirationTime): void
    {
        // Send cookie with the new expiration date to the browser
        $this->container->sessionManager->destroy();
        $this->container->sessionManager->cookieParameters(
            $expirationTime,
            $cookiePath,
            $this->container->environment['SERVER_NAME']
        );
        $this->container->sessionManager->start();
        $this->container->sessionManager->regenerateId(true);
    }
}
Commit	Line	Data
6c50a6cc A	1	<?php
	2
	3	declare(strict_types=1);
	4
2899ebb5	5	namespace Shaarli\Front\Controller\Visitor;
6c50a6cc	6
a8c11451	7	use Shaarli\Front\Exception\CantLoginException;
6c50a6cc	8	use Shaarli\Front\Exception\LoginBannedException;
a8c11451	9	use Shaarli\Front\Exception\WrongTokenException;
1a8ac737	10	use Shaarli\Render\TemplatePage;
a8c11451 A	11	use Shaarli\Security\CookieManager;
a8c11451 A	12	use Shaarli\Security\SessionManager;
6c50a6cc A	13	use Slim\Http\Request;
	14	use Slim\Http\Response;
	15
	16	/**
	17	* Class LoginController
	18	*
	19	* Slim controller used to render the login page.
	20	*
	21	* The login page is not available if the user is banned
	22	* or if open shaarli setting is enabled.
6c50a6cc	23	*/
2899ebb5	24	class LoginController extends ShaarliVisitorController
6c50a6cc	25	{
a8c11451 A	26	/**
	27	* GET /login - Display the login page.
	28	*/
6c50a6cc A	29	public function index(Request $request, Response $response): Response
6c50a6cc A	30	{
a8c11451 A	31	try {
	32	$this->checkLoginState();
	33	} catch (CantLoginException $e) {
9c75f877	34	return $this->redirect($response, '/');
6c50a6cc A	35	}
6c50a6cc A	36
a8c11451 A	37	if ($request->getParam('login') !== null) {
a8c11451 A	38	$this->assignView('username', escape($request->getParam('login')));
6c50a6cc A	39	}
6c50a6cc A	40
a8c11451	41	$returnUrl = $request->getParam('returnurl') ?? $this->container->environment['HTTP_REFERER'] ?? null;
6c50a6cc A	42
6c50a6cc A	43	$this
a8c11451	44	->assignView('returnurl', escape($returnUrl))
27ceea2a	45	->assignView('remember_user_default', $this->container->conf->get('privacy.remember_user_default', true))
53054b2b	46	->assignView('pagetitle', t('Login') . ' - ' . $this->container->conf->get('general.title', 'Shaarli'))
6c50a6cc A	47	;
6c50a6cc A	48
1a8ac737	49	return $response->write($this->render(TemplatePage::LOGIN));
6c50a6cc	50	}
a8c11451 A	51
	52	/**
	53	* POST /login - Process login
	54	*/
	55	public function login(Request $request, Response $response): Response
	56	{
	57	if (!$this->container->sessionManager->checkToken($request->getParam('token'))) {
	58	throw new WrongTokenException();
	59	}
	60
	61	try {
	62	$this->checkLoginState();
	63	} catch (CantLoginException $e) {
	64	return $this->redirect($response, '/');
	65	}
	66
53054b2b A	67	if (
53054b2b A	68	!$this->container->loginManager->checkCredentials(
a8c11451 A	69	client_ip_id($this->container->environment),
	70	$request->getParam('login'),
	71	$request->getParam('password')
	72	)
	73	) {
	74	$this->container->loginManager->handleFailedLogin($this->container->environment);
	75
	76	$this->container->sessionManager->setSessionParameter(
	77	SessionManager::KEY_ERROR_MESSAGES,
	78	[t('Wrong login/password.')]
	79	);
	80
	81	// Call controller directly instead of unnecessary redirection
	82	return $this->index($request, $response);
	83	}
	84
	85	$this->container->loginManager->handleSuccessfulLogin($this->container->environment);
	86
	87	$cookiePath = $this->container->basePath . '/';
	88	$expirationTime = $this->saveLongLastingSession($request, $cookiePath);
	89	$this->renewUserSession($cookiePath, $expirationTime);
	90
	91	// Force referer from given return URL
	92	$this->container->environment['HTTP_REFERER'] = $request->getParam('returnurl');
	93
a285668e	94	return $this->redirectFromReferer($request, $response, ['login', 'install']);
a8c11451 A	95	}
	96
	97	/**
	98	* Make sure that the user is allowed to login and/or displaying the login page:
	99	* - not already logged in
	100	* - not open shaarli
	101	* - not banned
	102	*/
	103	protected function checkLoginState(): bool
	104	{
53054b2b A	105	if (
53054b2b A	106	$this->container->loginManager->isLoggedIn()
a8c11451 A	107	\|\| $this->container->conf->get('security.open_shaarli', false)
	108	) {
	109	throw new CantLoginException();
	110	}
	111
	112	if (true !== $this->container->loginManager->canLogin($this->container->environment)) {
	113	throw new LoginBannedException();
	114	}
	115
	116	return true;
	117	}
	118
	119	/**
	120	* @return int Session duration in seconds
	121	*/
	122	protected function saveLongLastingSession(Request $request, string $cookiePath): int
	123	{
	124	if (empty($request->getParam('longlastingsession'))) {
	125	// Standard session expiration (=when browser closes)
	126	$expirationTime = 0;
	127	} else {
	128	// Keep the session cookie even after the browser closes
	129	$this->container->sessionManager->setStaySignedIn(true);
	130	$expirationTime = $this->container->sessionManager->extendSession();
	131	}
	132
	133	$this->container->cookieManager->setCookieParameter(
	134	CookieManager::STAY_SIGNED_IN,
	135	$this->container->loginManager->getStaySignedInToken(),
	136	$expirationTime,
	137	$cookiePath
	138	);
	139
	140	return $expirationTime;
	141	}
	142
	143	protected function renewUserSession(string $cookiePath, int $expirationTime): void
	144	{
	145	// Send cookie with the new expiration date to the browser
	146	$this->container->sessionManager->destroy();
	147	$this->container->sessionManager->cookieParameters(
	148	$expirationTime,
	149	$cookiePath,
	150	$this->container->environment['SERVER_NAME']
	151	);
	152	$this->container->sessionManager->start();
	153	$this->container->sessionManager->regenerateId(true);
	154	}
6c50a6cc	155	}