summaryrefslogtreecommitdiff
path: root/app/Http/RequestHandlers/LoginAction.php
diff options
context:
space:
mode:
authorGreg Roach <fisharebest@webtrees.net>2019-10-05 12:05:25 +0100
committerGreg Roach <fisharebest@webtrees.net>2019-10-05 16:55:58 +0100
commitd403609d9adfb78373074e21cba0e7fd0ec71fde (patch)
treea83dc091b1e5ac425105f2215394af07ec8fbba2 /app/Http/RequestHandlers/LoginAction.php
parent97b4661efe28b0272afb7f076d467e262e9a0d10 (diff)
downloadwebtrees-d403609d9adfb78373074e21cba0e7fd0ec71fde.tar.gz
webtrees-d403609d9adfb78373074e21cba0e7fd0ec71fde.tar.bz2
webtrees-d403609d9adfb78373074e21cba0e7fd0ec71fde.zip
Working on routing
Diffstat (limited to 'app/Http/RequestHandlers/LoginAction.php')
-rw-r--r--app/Http/RequestHandlers/LoginAction.php147
1 files changed, 147 insertions, 0 deletions
diff --git a/app/Http/RequestHandlers/LoginAction.php b/app/Http/RequestHandlers/LoginAction.php
new file mode 100644
index 0000000000..c6e5506eff
--- /dev/null
+++ b/app/Http/RequestHandlers/LoginAction.php
@@ -0,0 +1,147 @@
+<?php
+
+/**
+ * webtrees: online genealogy
+ * Copyright (C) 2019 webtrees development team
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+declare(strict_types=1);
+
+namespace Fisharebest\Webtrees\Http\RequestHandlers;
+
+use Exception;
+use Fisharebest\Webtrees\Auth;
+use Fisharebest\Webtrees\Carbon;
+use Fisharebest\Webtrees\FlashMessages;
+use Fisharebest\Webtrees\Http\Controllers\AbstractBaseController;
+use Fisharebest\Webtrees\I18N;
+use Fisharebest\Webtrees\Log;
+use Fisharebest\Webtrees\Services\UpgradeService;
+use Fisharebest\Webtrees\Services\UserService;
+use Fisharebest\Webtrees\Session;
+use Illuminate\Database\Capsule\Manager as DB;
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+
+/**
+ * Perform a login.
+ */
+class LoginAction extends AbstractBaseController
+{
+ /** @var UpgradeService */
+ private $upgrade_service;
+
+ /** @var UserService */
+ private $user_service;
+
+ /**
+ * LoginController constructor.
+ *
+ * @param UpgradeService $upgrade_service
+ * @param UserService $user_service
+ */
+ public function __construct(UpgradeService $upgrade_service, UserService $user_service)
+ {
+ $this->upgrade_service = $upgrade_service;
+ $this->user_service = $user_service;
+ }
+
+ /**
+ * Perform a login.
+ *
+ * @param ServerRequestInterface $request
+ *
+ * @return ResponseInterface
+ */
+ public function handle(ServerRequestInterface $request): ResponseInterface
+ {
+ $username = $request->getParsedBody()['username'] ?? '';
+ $password = $request->getParsedBody()['password'] ?? '';
+ $url = $request->getParsedBody()['url'] ?? '';
+
+ try {
+ $this->doLogin($username, $password);
+
+ if (Auth::isAdmin() && $this->upgrade_service->isUpgradeAvailable()) {
+ FlashMessages::addMessage(I18N::translate('A new version of webtrees is available.') . ' <a class="alert-link" href="' . e(route('upgrade')) . '">' . I18N::translate('Upgrade to webtrees %s.', '<span dir="ltr">' . $this->upgrade_service->latestVersion() . '</span>') . '</a>');
+ }
+
+ // If there was no referring page, redirect to "my page".
+ if ($url === '') {
+ // Switch to a tree where we have a genealogy record (or keep to the current/default).
+ $ged = (string) DB::table('gedcom')
+ ->join('user_gedcom_setting', 'gedcom.gedcom_id', '=', 'user_gedcom_setting.gedcom_id')
+ ->where('user_id', '=', Auth::id())
+ ->value('gedcom_name');
+
+ $url = route('tree-page', ['ged' => $ged]);
+ }
+
+ // Redirect to the target URL
+ return redirect($url);
+ } catch (Exception $ex) {
+ // Failed to log in.
+ return redirect(route('login', [
+ 'username' => $username,
+ 'url' => $url,
+ 'error' => $ex->getMessage(),
+ ]));
+ }
+ }
+
+ /**
+ * Log in, if we can. Throw an exception, if we can't.
+ *
+ * @param string $username
+ * @param string $password
+ *
+ * @return void
+ * @throws Exception
+ */
+ private function doLogin(string $username, string $password): void
+ {
+ if (!$_COOKIE) {
+ Log::addAuthenticationLog('Login failed (no session cookies): ' . $username);
+ throw new Exception(I18N::translate('You cannot sign in because your browser does not accept cookies.'));
+ }
+
+ $user = $this->user_service->findByIdentifier($username);
+
+ if ($user === null) {
+ Log::addAuthenticationLog('Login failed (no such user/email): ' . $username);
+ throw new Exception(I18N::translate('The username or password is incorrect.'));
+ }
+
+ if (!$user->checkPassword($password)) {
+ Log::addAuthenticationLog('Login failed (incorrect password): ' . $username);
+ throw new Exception(I18N::translate('The username or password is incorrect.'));
+ }
+
+ if (!$user->getPreference('verified')) {
+ Log::addAuthenticationLog('Login failed (not verified by user): ' . $username);
+ throw new Exception(I18N::translate('This account has not been verified. Please check your email for a verification message.'));
+ }
+
+ if (!$user->getPreference('verified_by_admin')) {
+ Log::addAuthenticationLog('Login failed (not approved by admin): ' . $username);
+ throw new Exception(I18N::translate('This account has not been approved. Please wait for an administrator to approve it.'));
+ }
+
+ Auth::login($user);
+ Log::addAuthenticationLog('Login: ' . Auth::user()->userName() . '/' . Auth::user()->realName());
+ Auth::user()->setPreference('sessiontime', (string) Carbon::now()->unix());
+
+ Session::put('language', Auth::user()->getPreference('language'));
+ Session::put('theme', Auth::user()->getPreference('theme'));
+ I18N::init(Auth::user()->getPreference('language'));
+ }
+}