icingaweb2/application/controllers/AuthenticationController.php

<?php
/* Icinga Web 2 | (c) 2013 Icinga Development Team | GPLv2+ */

namespace Icinga\Controllers;

use Icinga\Application\Hook\AuthenticationHook;
use Icinga\Application\Icinga;
use Icinga\Forms\Authentication\LoginForm;
use Icinga\Web\Controller;
use Icinga\Web\Helper\CookieHelper;
use Icinga\Web\Url;

/**
 * Application wide controller for authentication
 */
class AuthenticationController extends Controller
{
    /**
     * {@inheritdoc}
     */
    protected $requiresAuthentication = false;

    /**
     * {@inheritdoc}
     */
    protected $innerLayout = 'inline';

    /**
     * Log into the application
     */
    public function loginAction()
    {
        $icinga = Icinga::app();
        if (($requiresSetup = $icinga->requiresSetup()) && $icinga->setupTokenExists()) {
            $this->redirectNow(Url::fromPath('setup'));
        }
        $form = new LoginForm();
        if ($this->Auth()->isAuthenticated()) {
            // Call provided AuthenticationHook(s) when login action is called
            // but icinga web user is already authenticated
            AuthenticationHook::triggerLogin($this->Auth()->getUser());
            $this->redirectNow($form->getRedirectUrl());
        }
        if (! $requiresSetup) {
            $cookies = new CookieHelper($this->getRequest());
            if (! $cookies->isSupported()) {
                $this
                    ->getResponse()
                    ->setBody("Cookies must be enabled to run this application.\n")
                    ->setHttpResponseCode(403)
                    ->sendResponse();
                exit;
            }
            $form->handleRequest();
        }
        $this->view->form = $form;
        $this->view->title = $this->translate('Icinga Web 2 Login');
        $this->view->requiresSetup = $requiresSetup;
    }

    /**
     * Log out the current user
     */
    public function logoutAction()
    {
        $auth = $this->Auth();
        if (! $auth->isAuthenticated()) {
            $this->redirectToLogin();
        }
        // Get info whether the user is externally authenticated before removing authorization which destroys the
        // session and the user object
        $isExternalUser = $auth->getUser()->isExternalUser();
        // Call provided AuthenticationHook(s) when logout action is called
        AuthenticationHook::triggerLogout($auth->getUser());
        $auth->removeAuthorization();
        if ($isExternalUser) {
            $this->getResponse()->setHttpResponseCode(401);
        } else {
            $this->redirectToLogin();
        }
    }
}
Test and move bootstrapping/web code to source tree Move code from incubator to web. Only files needed to show welcome moved. refs #4249 2013-06-14 13:51:44 +02:00			`<?php`
Change all license headers to only reflect a file's year of creation refs #11000 2016-02-08 15:41:00 +01:00			`/* Icinga Web 2 \| (c) 2013 Icinga Development Team \| GPLv2+ */`
Test and move bootstrapping/web code to source tree Move code from incubator to web. Only files needed to show welcome moved. refs #4249 2013-06-14 13:51:44 +02:00
Namespace the AuthenticationController refs #5786 2015-08-27 13:09:58 +02:00			`namespace Icinga\Controllers;`
Test and move bootstrapping/web code to source tree Move code from incubator to web. Only files needed to show welcome moved. refs #4249 2013-06-14 13:51:44 +02:00
Add AuthenticationHook Created AuthenticationHook class with two main methods: onLogin and onLogout that are called after login and before logout. 2018-03-28 14:42:48 +02:00			`use Icinga\Application\Hook\AuthenticationHook;`
Optimize imports in AuthenticationController.php 2014-12-29 14:30:47 +01:00			`use Icinga\Application\Icinga;`
			`use Icinga\Forms\Authentication\LoginForm;`
Relax auth controller complexity refs #9660 2015-07-29 14:17:07 +02:00			`use Icinga\Web\Controller;`
Move cookie support detection to a helper class Icinga\Web\Cookie will become a real cookie implementation. 2015-11-27 15:35:39 +01:00			`use Icinga\Web\Helper\CookieHelper;`
Fix layout re-rendering after login (thank you, automerge) 2014-03-06 12:07:24 +01:00			`use Icinga\Web\Url;`
Refactor Form-builder [WIP] Refactor Form-builder so that it is an abstract extension class of Zend_Form. refs #4355 2013-07-12 16:10:56 +02:00
Test and move bootstrapping/web code to source tree Move code from incubator to web. Only files needed to show welcome moved. refs #4249 2013-06-14 13:51:44 +02:00			`/**`
Application/Controllers: Follow our Coding Standards refs #4512 2013-08-16 14:56:23 +02:00			`* Application wide controller for authentication`
Test and move bootstrapping/web code to source tree Move code from incubator to web. Only files needed to show welcome moved. refs #4249 2013-06-14 13:51:44 +02:00			`*/`
Relax auth controller complexity refs #9660 2015-07-29 14:17:07 +02:00			`class AuthenticationController extends Controller`
Test and move bootstrapping/web code to source tree Move code from incubator to web. Only files needed to show welcome moved. refs #4249 2013-06-14 13:51:44 +02:00			`{`
			`/**`
Do not show the full layout on the login page ... refs #9892 2015-08-13 08:12:30 +02:00			`* {@inheritdoc}`
Test and move bootstrapping/web code to source tree Move code from incubator to web. Only files needed to show welcome moved. refs #4249 2013-06-14 13:51:44 +02:00			`*/`
Fix pagination and remove ModuleController, rename handlesAuth This commit introduces the following changes: - Count is now performed after joins are added to the selection query, therefore returning the correct number - MonitoringControllerTest now needn't to mock ModuleActionController (which is now removed) - handlesAuthentication is now requiresAuthentication - Redirection to login is now directly handled in the ActionController constructor, so we don't need to overwrite the preDispatch method refs #4589 refs #4591 refs #4572 2013-08-30 15:50:49 +02:00			`protected $requiresAuthentication = false;`
Test and move bootstrapping/web code to source tree Move code from incubator to web. Only files needed to show welcome moved. refs #4249 2013-06-14 13:51:44 +02:00
Do not show the full layout on the login page ... refs #9892 2015-08-13 08:12:30 +02:00			`/**`
			`* {@inheritdoc}`
			`*/`
			`protected $innerLayout = 'inline';`

Test and move bootstrapping/web code to source tree Move code from incubator to web. Only files needed to show welcome moved. refs #4249 2013-06-14 13:51:44 +02:00			`/**`
Application/Controllers: Follow our Coding Standards refs #4512 2013-08-16 14:56:23 +02:00			`* Log into the application`
Test and move bootstrapping/web code to source tree Move code from incubator to web. Only files needed to show welcome moved. refs #4249 2013-06-14 13:51:44 +02:00			`*/`
			`public function loginAction()`
			`{`
Use the setup related utility functions in AuthenticationController.php 2014-12-29 14:30:06 +01:00			`$icinga = Icinga::app();`
Relax auth controller complexity refs #9660 2015-07-29 14:17:07 +02:00			`if (($requiresSetup = $icinga->requiresSetup()) && $icinga->setupTokenExists()) {`
Do not redirect to the wizard in case of an empty config.ini 2014-11-18 13:13:02 +01:00			`$this->redirectNow(Url::fromPath('setup'));`
Redirect to /setup if necessary A user gets now redirected to /setup in case he is not logged in, the token file exists and no config.ini was found. refs #7163 2014-09-10 14:48:33 +02:00			`}`
Relax auth controller complexity refs #9660 2015-07-29 14:17:07 +02:00			`$form = new LoginForm();`
			`if ($this->Auth()->isAuthenticated()) {`
Add AuthenticationHook Created AuthenticationHook class with two main methods: onLogin and onLogout that are called after login and before logout. 2018-03-28 14:42:48 +02:00			`// Call provided AuthenticationHook(s) when login action is called`
			`// but icinga web user is already authenticated`
			`AuthenticationHook::triggerLogin($this->Auth()->getUser());`
Relax auth controller complexity refs #9660 2015-07-29 14:17:07 +02:00			`$this->redirectNow($form->getRedirectUrl());`
Fix Authentication workflow - The authentication controller now uses the Authentication/Manager class, also there were some issues in the Session creation, this has been removed from the Bootstrap now, as the Controller must decide how to open a session (read-only or read/write). - The tests reflect a few chagnes, as the move from the CSRF token generation to the Formbuilder. - Notificaiton now doesn't use Zend Session refs #4340 2013-06-24 18:46:45 +02:00			`}`
Relax auth controller complexity refs #9660 2015-07-29 14:17:07 +02:00			`if (! $requiresSetup) {`
Move cookie support detection to a helper class Icinga\Web\Cookie will become a real cookie implementation. 2015-11-27 15:35:39 +01:00			`$cookies = new CookieHelper($this->getRequest());`
			`if (! $cookies->isSupported()) {`
Use Request::setBody() for cookies disabled message 2015-08-27 13:21:43 +02:00			`$this`
			`->getResponse()`
			`->setBody("Cookies must be enabled to run this application.\n")`
			`->setHttpResponseCode(403)`
			`->sendResponse();`
Move cookie support detection to a helper class Icinga\Web\Cookie will become a real cookie implementation. 2015-11-27 15:35:39 +01:00			`exit;`
AuthenticationController: Add cookie detection to login action refs #7383 2015-08-13 11:21:05 +02:00			`}`
Relax auth controller complexity refs #9660 2015-07-29 14:17:07 +02:00			`$form->handleRequest();`
			`}`
			`$this->view->form = $form;`
			`$this->view->title = $this->translate('Icinga Web 2 Login');`
			`$this->view->requiresSetup = $requiresSetup;`
Test and move bootstrapping/web code to source tree Move code from incubator to web. Only files needed to show welcome moved. refs #4249 2013-06-14 13:51:44 +02:00			`}`

			`/**`
Application/Controllers: Follow our Coding Standards refs #4512 2013-08-16 14:56:23 +02:00			`* Log out the current user`
Test and move bootstrapping/web code to source tree Move code from incubator to web. Only files needed to show welcome moved. refs #4249 2013-06-14 13:51:44 +02:00			`*/`
			`public function logoutAction()`
			`{`
AuthenticationController: use Auth() helper function 2014-06-22 20:08:55 +02:00			`$auth = $this->Auth();`
Fix that logout of unauthenticated users throws exceptions 2014-10-01 08:13:17 +02:00			`if (! $auth->isAuthenticated()) {`
			`$this->redirectToLogin();`
			`}`
lib: Rename remote user to external user We renamed our backend. Code now reflects this. refs #9660 2015-07-29 15:44:32 +02:00			`// Get info whether the user is externally authenticated before removing authorization which destroys the`
			`// session and the user object`
			`$isExternalUser = $auth->getUser()->isExternalUser();`
Add AuthenticationHook Created AuthenticationHook class with two main methods: onLogin and onLogout that are called after login and before logout. 2018-03-28 14:42:48 +02:00			`// Call provided AuthenticationHook(s) when logout action is called`
			`AuthenticationHook::triggerLogout($auth->getUser());`
Fix Authentication workflow - The authentication controller now uses the Authentication/Manager class, also there were some issues in the Session creation, this has been removed from the Bootstrap now, as the Controller must decide how to open a session (read-only or read/write). - The tests reflect a few chagnes, as the move from the CSRF token generation to the Formbuilder. - Notificaiton now doesn't use Zend Session refs #4340 2013-06-24 18:46:45 +02:00			`$auth->removeAuthorization();`
lib: Rename remote user to external user We renamed our backend. Code now reflects this. refs #9660 2015-07-29 15:44:32 +02:00			`if ($isExternalUser) {`
Relax auth controller complexity refs #9660 2015-07-29 14:17:07 +02:00			`$this->getResponse()->setHttpResponseCode(401);`
Add extern authentication Provide a new settings authenticationMode and delegate the authentication handling to the webserver when the external authentication mode is set. Add a new view 'logout' that will be shown after logout from external authentication as the regular redirect to login is not possible. refs #5405 2014-02-26 17:36:20 +01:00			`} else {`
Fix that logout of unauthenticated users throws exceptions 2014-10-01 08:13:17 +02:00			`$this->redirectToLogin();`
Add extern authentication Provide a new settings authenticationMode and delegate the authentication handling to the webserver when the external authentication mode is set. Add a new view 'logout' that will be shown after logout from external authentication as the regular redirect to login is not possible. refs #5405 2014-02-26 17:36:20 +01:00			`}`
Test and move bootstrapping/web code to source tree Move code from incubator to web. Only files needed to show welcome moved. refs #4249 2013-06-14 13:51:44 +02:00			`}`
			`}`