icingaweb2/application/controllers/AuthenticationController.php

<?php
// @codingStandardsIgnoreStart
// {{{ICINGA_LICENSE_HEADER}}}
/**
 * This file is part of Icinga Web 2.
 *
 * Icinga Web 2 - Head for multiple monitoring backends.
 * Copyright (C) 2013 Icinga Development Team
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
 *
 * @copyright  2013 Icinga Development Team <info@icinga.org>
 * @license    http://www.gnu.org/licenses/gpl-2.0.txt GPL, version 2
 * @author     Icinga Development Team <info@icinga.org>
 *
 */
// {{{ICINGA_LICENSE_HEADER}}}

# namespace Icinga\Application\Controllers;

use \Exception;
use Icinga\Web\Controller\ActionController;
use Icinga\Authentication\Credential;
use Icinga\Authentication\Manager as AuthManager;
use Icinga\Form\Authentication\LoginForm;

/**
 * Application wide controller for authentication
 */
class AuthenticationController extends ActionController
{
    /**
     * This controller does not require authentication
     *
     * @var bool
     */
    protected $requiresAuthentication = false;

    /**
     * Log into the application
     */
    public function loginAction()
    {
        $this->_helper->layout->setLayout('login');
        $this->view->form = new LoginForm();
        $this->view->form->setRequest($this->_request);
        $this->view->title = 'Icinga Web Login';
        try {
            $redirectUrl = $this->_request->getParam('redirect', 'index?_render=body');
            $auth = AuthManager::getInstance();
            if ($auth->isAuthenticated()) {
                $this->redirectNow($redirectUrl);
            }
            if ($this->view->form->isSubmittedAndValid()) {
                $credentials = new Credential(
                    $this->view->form->getValue('username'),
                    $this->view->form->getValue('password')
                );
                if (!$auth->authenticate($credentials)) {
                    $this->view->form->getElement('password')
                        ->addError(t('Please provide a valid username and password'));
                } else {
                    $this->redirectNow($redirectUrl);
                }
            }
        } catch (Exception $e) {
            $this->view->errorInfo = $e->getMessage();
        }
    }

    /**
     * Log out the current user
     */
    public function logoutAction()
    {
        $this->_helper->layout->setLayout('inline');
        $auth = AuthManager::getInstance();
        $auth->removeAuthorization();
        $this->redirectToLogin();
    }
}
// @codingStandardsIgnoreEnd
Test and move bootstrapping/web code to source tree Move code from incubator to web. Only files needed to show welcome moved. refs #4249 2013-06-14 13:51:44 +02:00			`<?php`
			`// @codingStandardsIgnoreStart`
			`// {{{ICINGA_LICENSE_HEADER}}}`
License writer Update license headers refs #4262 2013-06-28 16:47:30 +02:00			`/**`
Rename Icinga 2 Web to Icinga Web 2 2013-10-23 15:10:33 +02:00			`* This file is part of Icinga Web 2.`
			`*`
			`* Icinga Web 2 - Head for multiple monitoring backends.`
License writer Update license headers refs #4262 2013-06-28 16:47:30 +02:00			`* Copyright (C) 2013 Icinga Development Team`
Application/Controllers: Follow our Coding Standards refs #4512 2013-08-16 14:56:23 +02:00			`*`
License writer Update license headers refs #4262 2013-06-28 16:47:30 +02:00			`* This program is free software; you can redistribute it and/or`
			`* modify it under the terms of the GNU General Public License`
			`* as published by the Free Software Foundation; either version 2`
			`* of the License, or (at your option) any later version.`
Application/Controllers: Follow our Coding Standards refs #4512 2013-08-16 14:56:23 +02:00			`*`
License writer Update license headers refs #4262 2013-06-28 16:47:30 +02:00			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License for more details.`
Application/Controllers: Follow our Coding Standards refs #4512 2013-08-16 14:56:23 +02:00			`*`
License writer Update license headers refs #4262 2013-06-28 16:47:30 +02:00			`* You should have received a copy of the GNU General Public License`
			`* along with this program; if not, write to the Free Software`
			`* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.`
Application/Controllers: Follow our Coding Standards refs #4512 2013-08-16 14:56:23 +02:00			`*`
Rename Icinga 2 Web to Icinga Web 2 2013-10-23 15:10:33 +02:00			`* @copyright 2013 Icinga Development Team <info@icinga.org>`
			`* @license http://www.gnu.org/licenses/gpl-2.0.txt GPL, version 2`
			`* @author Icinga Development Team <info@icinga.org>`
			`*`
License writer Update license headers refs #4262 2013-06-28 16:47:30 +02:00			`*/`
Test and move bootstrapping/web code to source tree Move code from incubator to web. Only files needed to show welcome moved. refs #4249 2013-06-14 13:51:44 +02:00			`// {{{ICINGA_LICENSE_HEADER}}}`

			`# namespace Icinga\Application\Controllers;`

Fix PHP Warning: The use statement with non-compound name 'Exception' has no effect 2014-02-12 16:59:53 +01:00			`use \Exception;`
XHR: Force redirect to login if session is expired resolves #5507 2014-01-23 16:03:47 +01:00			`use Icinga\Web\Controller\ActionController;`
			`use Icinga\Authentication\Credential;`
			`use Icinga\Authentication\Manager as AuthManager;`
			`use Icinga\Form\Authentication\LoginForm;`
Refactor Form-builder [WIP] Refactor Form-builder so that it is an abstract extension class of Zend_Form. refs #4355 2013-07-12 16:10:56 +02:00
Test and move bootstrapping/web code to source tree Move code from incubator to web. Only files needed to show welcome moved. refs #4249 2013-06-14 13:51:44 +02:00			`/**`
Application/Controllers: Follow our Coding Standards refs #4512 2013-08-16 14:56:23 +02:00			`* Application wide controller for authentication`
Test and move bootstrapping/web code to source tree Move code from incubator to web. Only files needed to show welcome moved. refs #4249 2013-06-14 13:51:44 +02:00			`*/`
			`class AuthenticationController extends ActionController`
			`{`
			`/**`
XHR: Force redirect to login if session is expired resolves #5507 2014-01-23 16:03:47 +01:00			`* This controller does not require authentication`
Application/Controllers: Follow our Coding Standards refs #4512 2013-08-16 14:56:23 +02:00			`*`
Test and move bootstrapping/web code to source tree Move code from incubator to web. Only files needed to show welcome moved. refs #4249 2013-06-14 13:51:44 +02:00			`* @var bool`
			`*/`
Fix pagination and remove ModuleController, rename handlesAuth This commit introduces the following changes: - Count is now performed after joins are added to the selection query, therefore returning the correct number - MonitoringControllerTest now needn't to mock ModuleActionController (which is now removed) - handlesAuthentication is now requiresAuthentication - Redirection to login is now directly handled in the ActionController constructor, so we don't need to overwrite the preDispatch method refs #4589 refs #4591 refs #4572 2013-08-30 15:50:49 +02:00			`protected $requiresAuthentication = false;`
Test and move bootstrapping/web code to source tree Move code from incubator to web. Only files needed to show welcome moved. refs #4249 2013-06-14 13:51:44 +02:00
			`/**`
Application/Controllers: Follow our Coding Standards refs #4512 2013-08-16 14:56:23 +02:00			`* Log into the application`
Test and move bootstrapping/web code to source tree Move code from incubator to web. Only files needed to show welcome moved. refs #4249 2013-06-14 13:51:44 +02:00			`*/`
			`public function loginAction()`
			`{`
Add login page with own template 2013-10-22 14:28:35 +02:00			`$this->_helper->layout->setLayout('login');`
Forms: New form system Move new form parts arround and add new LoginForm. refs #4355 2013-07-15 14:32:18 +02:00			`$this->view->form = new LoginForm();`
Refactor Form-builder [WIP] Refactor Form-builder so that it is an abstract extension class of Zend_Form. refs #4355 2013-07-12 16:10:56 +02:00			`$this->view->form->setRequest($this->_request);`
XHR: Force redirect to login if session is expired resolves #5507 2014-01-23 16:03:47 +01:00			`$this->view->title = 'Icinga Web Login';`
Fix Authentication workflow - The authentication controller now uses the Authentication/Manager class, also there were some issues in the Session creation, this has been removed from the Bootstrap now, as the Controller must decide how to open a session (read-only or read/write). - The tests reflect a few chagnes, as the move from the CSRF token generation to the Formbuilder. - Notificaiton now doesn't use Zend Session refs #4340 2013-06-24 18:46:45 +02:00			`try {`
XHR: Force redirect to login if session is expired resolves #5507 2014-01-23 16:03:47 +01:00			`$redirectUrl = $this->_request->getParam('redirect', 'index?_render=body');`
Fix bug that caused ajax-request to override values written to the session Authentication/Session.php and its Subclasses do not have a open/closed -state anymore. Read will refresh the session, write will always write the changes, and opening/closing will be handled internally. refs #5101 2013-11-20 12:01:40 +01:00			`$auth = AuthManager::getInstance();`
Fix Authentication workflow - The authentication controller now uses the Authentication/Manager class, also there were some issues in the Session creation, this has been removed from the Bootstrap now, as the Controller must decide how to open a session (read-only or read/write). - The tests reflect a few chagnes, as the move from the CSRF token generation to the Formbuilder. - Notificaiton now doesn't use Zend Session refs #4340 2013-06-24 18:46:45 +02:00			`if ($auth->isAuthenticated()) {`
XHR: Force redirect to login if session is expired resolves #5507 2014-01-23 16:03:47 +01:00			`$this->redirectNow($redirectUrl);`
Fix Authentication workflow - The authentication controller now uses the Authentication/Manager class, also there were some issues in the Session creation, this has been removed from the Bootstrap now, as the Controller must decide how to open a session (read-only or read/write). - The tests reflect a few chagnes, as the move from the CSRF token generation to the Formbuilder. - Notificaiton now doesn't use Zend Session refs #4340 2013-06-24 18:46:45 +02:00			`}`
Implement dynamic form elements Rename "isPostAndValid" to "isSubmittedAndValid" and refactor it. Add possibility for specific form elements to auto-submit their form. refs #4439 2013-08-02 16:35:16 +02:00			`if ($this->view->form->isSubmittedAndValid()) {`
XHR: Force redirect to login if session is expired resolves #5507 2014-01-23 16:03:47 +01:00			`$credentials = new Credential(`
			`$this->view->form->getValue('username'),`
			`$this->view->form->getValue('password')`
			`);`
Forms: New form system Move new form parts arround and add new LoginForm. refs #4355 2013-07-15 14:32:18 +02:00			`if (!$auth->authenticate($credentials)) {`
Application/Controllers: Follow our Coding Standards refs #4512 2013-08-16 14:56:23 +02:00			`$this->view->form->getElement('password')`
			`->addError(t('Please provide a valid username and password'));`
Forms: New form system Move new form parts arround and add new LoginForm. refs #4355 2013-07-15 14:32:18 +02:00			`} else {`
XHR: Force redirect to login if session is expired resolves #5507 2014-01-23 16:03:47 +01:00			`$this->redirectNow($redirectUrl);`
Fix Authentication workflow - The authentication controller now uses the Authentication/Manager class, also there were some issues in the Session creation, this has been removed from the Bootstrap now, as the Controller must decide how to open a session (read-only or read/write). - The tests reflect a few chagnes, as the move from the CSRF token generation to the Formbuilder. - Notificaiton now doesn't use Zend Session refs #4340 2013-06-24 18:46:45 +02:00			`}`
			`}`
We should catch all Exceptions when showing errors on the login screen 2014-02-12 13:57:17 +01:00			`} catch (Exception $e) {`
			`$this->view->errorInfo = $e->getMessage();`
Fix Authentication workflow - The authentication controller now uses the Authentication/Manager class, also there were some issues in the Session creation, this has been removed from the Bootstrap now, as the Controller must decide how to open a session (read-only or read/write). - The tests reflect a few chagnes, as the move from the CSRF token generation to the Formbuilder. - Notificaiton now doesn't use Zend Session refs #4340 2013-06-24 18:46:45 +02:00			`}`
Test and move bootstrapping/web code to source tree Move code from incubator to web. Only files needed to show welcome moved. refs #4249 2013-06-14 13:51:44 +02:00			`}`

			`/**`
Application/Controllers: Follow our Coding Standards refs #4512 2013-08-16 14:56:23 +02:00			`* Log out the current user`
Test and move bootstrapping/web code to source tree Move code from incubator to web. Only files needed to show welcome moved. refs #4249 2013-06-14 13:51:44 +02:00			`*/`
			`public function logoutAction()`
			`{`
Add the html-anchor from the url to the login redirection Change the Url class to support html anchors and add JavaScript to fetch the anchor from the URL, as it is regularly not send to the server. refs #4833 2013-10-20 16:28:53 +02:00			`$this->_helper->layout->setLayout('inline');`
Fix bug that caused ajax-request to override values written to the session Authentication/Session.php and its Subclasses do not have a open/closed -state anymore. Read will refresh the session, write will always write the changes, and opening/closing will be handled internally. refs #5101 2013-11-20 12:01:40 +01:00			`$auth = AuthManager::getInstance();`
Fix Authentication workflow - The authentication controller now uses the Authentication/Manager class, also there were some issues in the Session creation, this has been removed from the Bootstrap now, as the Controller must decide how to open a session (read-only or read/write). - The tests reflect a few chagnes, as the move from the CSRF token generation to the Formbuilder. - Notificaiton now doesn't use Zend Session refs #4340 2013-06-24 18:46:45 +02:00			`$auth->removeAuthorization();`
Add redirection to AuthenticationController refs #4670 2013-10-04 12:54:42 +02:00			`$this->redirectToLogin();`
Test and move bootstrapping/web code to source tree Move code from incubator to web. Only files needed to show welcome moved. refs #4249 2013-06-14 13:51:44 +02:00			`}`
			`}`
Implement dynamic form elements Rename "isPostAndValid" to "isSubmittedAndValid" and refactor it. Add possibility for specific form elements to auto-submit their form. refs #4439 2013-08-02 16:35:16 +02:00			`// @codingStandardsIgnoreEnd`