SessionController::updateSystemLanguage() - Code Metrics - Inspection of "Fix language select #577" - mikopbx/Core - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Branch — develop (9d5aa6)

by Nikolay

created 2023-07-27 08:05 UTC

SessionController::updateSystemLanguage() A

↳ Parent: Project

Complexity

Conditions	4
Paths	5

Size

Total Lines	15
Code Lines	11

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
eloc	11
c	0
b	0
f	0
dl	0
loc	15
rs	9.9
cc	4
nc	5
nop	0

<?php
/*
 * MikoPBX - free phone system for small business
 * Copyright © 2017-2023 Alexey Portnov and Nikolay Beketov
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along with this program.
 * If not, see <https://www.gnu.org/licenses/>.
 */

namespace MikoPBX\AdminCabinet\Controllers;

use MikoPBX\AdminCabinet\Forms\LoginForm;
use MikoPBX\Common\Models\AuthTokens;
use MikoPBX\Common\Models\PbxSettings;
use MikoPBX\Common\Providers\AclProvider;
use MikoPBX\Common\Providers\PBXConfModulesProvider;
use MikoPBX\Modules\Config\WebUIConfigInterface;

/**
 * SessionController
 *
 * Allows to authenticate users
 */
class SessionController extends BaseController
{
    public const SESSION_ID = 'authAdminCabinet';

    public const ROLE = 'role';

    public const HOME_PAGE = 'homePage';


    /**
     * Renders the login page with form and settings values.
     */
    public function indexAction(): void
    {
        $this->view->NameFromSettings
            = PbxSettings::getValueByKey('Name');
        $this->view->DescriptionFromSettings
            = PbxSettings::getValueByKey('Description');
        $this->view->form = new LoginForm();
    }

    /**
     * Handles the login form submission and authentication.
     */
    public function startAction(): void
    {
        if (!$this->request->isPost()) {
            $this->forward('session/index');
        }
        $loginFromUser = $this->request->getPost('login');
        $passFromUser = $this->request->getPost('password');
        $this->flash->clear();
        $login = PbxSettings::getValueByKey('WebAdminLogin');
        $passwordHash = PbxSettings::getValueByKey('WebAdminPassword');

        $userLoggedIn = false;
        $sessionParams = [];

        // Check if the provided login and password match the stored values
        if ($login === $loginFromUser
            && ($this->security->checkHash($passFromUser, $passwordHash) || $passwordHash === $passFromUser))
            {
            $sessionParams = [
                SessionController::ROLE => AclProvider::ROLE_ADMINS,
                SessionController::HOME_PAGE => $this->url->get('extensions/index')
            ];
            $userLoggedIn = true;
        } else {
            // Try to authenticate user over additional module
            $additionalModules = PBXConfModulesProvider::hookModulesMethod(WebUIConfigInterface::AUTHENTICATE_USER, [$loginFromUser, $passFromUser]);

            // Check if any additional module successfully authenticated the user
            foreach ($additionalModules as $moduleUniqueId => $sessionData) {
                if (!empty($sessionData)) {
                    $this->loggerAuth->info("User $loginFromUser was authenticated over module $moduleUniqueId");
                    $sessionParams = $sessionData;
                    $userLoggedIn = true;
                    break;
                }
            }
        }

        if ($userLoggedIn) {
            // Register the session with the specified parameters
            $this->_registerSession($sessionParams);
            if ($this->session->has(LanguageController::WEB_ADMIN_LANGUAGE)){
                LanguageController::updateSystemLanguage($this->session->get(LanguageController::WEB_ADMIN_LANGUAGE));
            }
            $this->view->success = true;
            $backUri = $this->request->getPost('backUri');
            if (!empty($backUri)) {
                $this->view->reload = $backUri;
            } else {
                $this->view->reload = $this->session->get(SessionController::HOME_PAGE);
            }
        } else {
            // Authentication failed
            $this->view->success = false;
            $this->flash->error($this->translation->_('auth_WrongLoginPassword'));
            $remoteAddress = $this->request->getClientAddress(true);
            $userAgent = $this->request->getUserAgent();
            $this->loggerAuth->warning("From: {$remoteAddress} UserAgent:{$userAgent} Cause: Wrong password");
            $this->clearAuthCookies();
        }

    }

    /**
     * Register an authenticated user into session data
     *
     */
    private function _registerSession(array $sessionParams): void
    {
        $this->session->set(self::SESSION_ID, $sessionParams);

        if ($this->request->getPost('rememberMeCheckBox') === 'on') {
            $this->updateRememberMeCookies($sessionParams);
        } else {
            $this->clearAuthCookies();
        }
    }

    /**
     * Setups random password and selector to browser cookie storage to remember me facility
     *
     * @param array $sessionParams
     */
    private function updateRememberMeCookies(array $sessionParams): void
    {
        $cookieExpirationTime = time() + (30 * 24 * 60 * 60);  // for 1 month

        $randomPassword = $this->security->getSaltBytes(32);
        $this->cookies->set("random_token", $randomPassword, $cookieExpirationTime);

        $randomPasswordHash = $this->security->hash($randomPassword);

        $expiryDate = date("Y-m-d H:i:s", $cookieExpirationTime);

        // Get token for username
        $parameters = [
            'conditions' => 'tokenHash = :tokenHash:',
            'binds' => [
                'tokenHash' => $randomPasswordHash,
            ],
        ];
        $userToken = AuthTokens::findFirst($parameters);
        if ($userToken === null) {
            $userToken = new AuthTokens();
        }
        // Insert new token
        $userToken->tokenHash = $randomPasswordHash;
        $userToken->expiryDate = $expiryDate;
        $userToken->sessionParams = json_encode($sessionParams);
        $userToken->save();
    }

    /**
     * Clears remember me cookies
     */
    private function clearAuthCookies(): void
    {
        if ($this->cookies->has('random_token')) {
            $cookie = $this->cookies->get('random_token');
            $value = $cookie->getValue();
            $userTokens = AuthTokens::find();
            foreach ($userTokens as $userToken) {
                if ($this->security->checkHash($value, $userToken->tokenHash)) {
                    $userToken->delete();
                }
            }
            $cookie->delete();
        }
    }

    /**
     * Finishes the active session redirecting to the index
     *
     */
    public function endAction(): void
    {
        $this->session->remove(self::SESSION_ID);
        $this->session->destroy();
        $this->clearAuthCookies();
    }
}


1			<?php
2			/*
3			* MikoPBX - free phone system for small business
4			* Copyright © 2017-2023 Alexey Portnov and Nikolay Beketov
5			*
6			* This program is free software: you can redistribute it and/or modify
7			* it under the terms of the GNU General Public License as published by
8			* the Free Software Foundation; either version 3 of the License, or
9			* (at your option) any later version.
10			*
11			* This program is distributed in the hope that it will be useful,
12			* but WITHOUT ANY WARRANTY; without even the implied warranty of
13			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14			* GNU General Public License for more details.
15			*
16			* You should have received a copy of the GNU General Public License along with this program.
17			* If not, see <https://www.gnu.org/licenses/>.
18			*/
19
20			namespace MikoPBX\AdminCabinet\Controllers;
21
22			use MikoPBX\AdminCabinet\Forms\LoginForm;
23			use MikoPBX\Common\Models\AuthTokens;
24			use MikoPBX\Common\Models\PbxSettings;
25			use MikoPBX\Common\Providers\AclProvider;
26			use MikoPBX\Common\Providers\PBXConfModulesProvider;
27			use MikoPBX\Modules\Config\WebUIConfigInterface;
28
29			/**
30			* SessionController
31			*
32			* Allows to authenticate users
33			*/
34			class SessionController extends BaseController
35			{
36			public const SESSION_ID = 'authAdminCabinet';
37
38			public const ROLE = 'role';
39
40			public const HOME_PAGE = 'homePage';
41
42
43			/**
44			* Renders the login page with form and settings values.
45			*/
46			public function indexAction(): void
47			{
48			$this->view->NameFromSettings
49			= PbxSettings::getValueByKey('Name');
50			$this->view->DescriptionFromSettings
51			= PbxSettings::getValueByKey('Description');
52			$this->view->form = new LoginForm();
53			}
54
55			/**
56			* Handles the login form submission and authentication.
57			*/
58			public function startAction(): void
59			{
60			if (!$this->request->isPost()) {
61			$this->forward('session/index');
62			}
63			$loginFromUser = $this->request->getPost('login');
64			$passFromUser = $this->request->getPost('password');
65			$this->flash->clear();
66			$login = PbxSettings::getValueByKey('WebAdminLogin');
67			$passwordHash = PbxSettings::getValueByKey('WebAdminPassword');
68
69			$userLoggedIn = false;
70			$sessionParams = [];
71
72			// Check if the provided login and password match the stored values
73			if ($login === $loginFromUser
74			&& ($this->security->checkHash($passFromUser, $passwordHash) \|\| $passwordHash === $passFromUser))
75			{
76			$sessionParams = [
77			SessionController::ROLE => AclProvider::ROLE_ADMINS,
78			SessionController::HOME_PAGE => $this->url->get('extensions/index')
79			];
80			$userLoggedIn = true;
81			} else {
82			// Try to authenticate user over additional module
83			$additionalModules = PBXConfModulesProvider::hookModulesMethod(WebUIConfigInterface::AUTHENTICATE_USER, [$loginFromUser, $passFromUser]);
84
85			// Check if any additional module successfully authenticated the user
86			foreach ($additionalModules as $moduleUniqueId => $sessionData) {
87			if (!empty($sessionData)) {
88			$this->loggerAuth->info("User $loginFromUser was authenticated over module $moduleUniqueId");
89			$sessionParams = $sessionData;
90			$userLoggedIn = true;
91			break;
92			}
93			}
94			}
95
96			if ($userLoggedIn) {
97			// Register the session with the specified parameters
98			$this->_registerSession($sessionParams);
99			if ($this->session->has(LanguageController::WEB_ADMIN_LANGUAGE)){
100			LanguageController::updateSystemLanguage($this->session->get(LanguageController::WEB_ADMIN_LANGUAGE));
101			}
102			$this->view->success = true;
103			$backUri = $this->request->getPost('backUri');
104			if (!empty($backUri)) {
105			$this->view->reload = $backUri;
106			} else {
107			$this->view->reload = $this->session->get(SessionController::HOME_PAGE);
108			}
109			} else {
110			// Authentication failed
111			$this->view->success = false;
112			$this->flash->error($this->translation->_('auth_WrongLoginPassword'));
113			$remoteAddress = $this->request->getClientAddress(true);
114			$userAgent = $this->request->getUserAgent();
115			$this->loggerAuth->warning("From: {$remoteAddress} UserAgent:{$userAgent} Cause: Wrong password");
116			$this->clearAuthCookies();
117			}
118
119			}
120
121			/**
122			* Register an authenticated user into session data
123			*
124			*/
125			private function _registerSession(array $sessionParams): void
126			{
127			$this->session->set(self::SESSION_ID, $sessionParams);
128
129			if ($this->request->getPost('rememberMeCheckBox') === 'on') {
130			$this->updateRememberMeCookies($sessionParams);
131			} else {
132			$this->clearAuthCookies();
133			}
134			}
135
136			/**
137			* Setups random password and selector to browser cookie storage to remember me facility
138			*
139			* @param array $sessionParams
140			*/
141			private function updateRememberMeCookies(array $sessionParams): void
142			{
143			$cookieExpirationTime = time() + (30 * 24 * 60 * 60); // for 1 month
144
145			$randomPassword = $this->security->getSaltBytes(32);
146			$this->cookies->set("random_token", $randomPassword, $cookieExpirationTime);
147
148			$randomPasswordHash = $this->security->hash($randomPassword);
149
150			$expiryDate = date("Y-m-d H:i:s", $cookieExpirationTime);
151
152			// Get token for username
153			$parameters = [
154			'conditions' => 'tokenHash = :tokenHash:',
155			'binds' => [
156			'tokenHash' => $randomPasswordHash,
157			],
158			];
159			$userToken = AuthTokens::findFirst($parameters);
160			if ($userToken === null) {
161			$userToken = new AuthTokens();
162			}
163			// Insert new token
164			$userToken->tokenHash = $randomPasswordHash;
165			$userToken->expiryDate = $expiryDate;
166			$userToken->sessionParams = json_encode($sessionParams);
167			$userToken->save();
168			}
169
170			/**
171			* Clears remember me cookies
172			*/
173			private function clearAuthCookies(): void
174			{
175			if ($this->cookies->has('random_token')) {
176			$cookie = $this->cookies->get('random_token');
177			$value = $cookie->getValue();
178			$userTokens = AuthTokens::find();
179			foreach ($userTokens as $userToken) {
180			if ($this->security->checkHash($value, $userToken->tokenHash)) {
181			$userToken->delete();
182			}
183			}
184			$cookie->delete();
185			}
186			}
187
188			/**
189			* Finishes the active session redirecting to the index
190			*
191			*/
192			public function endAction(): void
193			{
194			$this->session->remove(self::SESSION_ID);
195			$this->session->destroy();
196			$this->clearAuthCookies();
197			}
198			}
199

mikopbx / Core

Branch — develop (9d5aa6)

SessionController::updateSystemLanguage() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like