xref: /webtrees/app/Http/RequestHandlers/LoginAction.php (revision e93a8df2f8d797005750082cc3766c0e80799688) 
1<?php
2
3/**
4 * webtrees: online genealogy
5 * Copyright (C) 2023 webtrees development team
6 * This program is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program. If not, see <https://www.gnu.org/licenses/>.
16 */
17
18declare(strict_types=1);
19
20namespace Fisharebest\Webtrees\Http\RequestHandlers;
21
22use Exception;
23use Fisharebest\Webtrees\Auth;
24use Fisharebest\Webtrees\Contracts\UserInterface;
25use Fisharebest\Webtrees\FlashMessages;
26use Fisharebest\Webtrees\I18N;
27use Fisharebest\Webtrees\Log;
28use Fisharebest\Webtrees\Services\UpgradeService;
29use Fisharebest\Webtrees\Services\UserService;
30use Fisharebest\Webtrees\Session;
31use Fisharebest\Webtrees\Tree;
32use Fisharebest\Webtrees\Validator;
33use Psr\Http\Message\ResponseInterface;
34use Psr\Http\Message\ServerRequestInterface;
35use Psr\Http\Server\RequestHandlerInterface;
36
37use function route;
38use function time;
39
40/**
41 * Perform a login.
42 */
43class LoginAction implements RequestHandlerInterface
44{
45    private UpgradeService $upgrade_service;
46
47    private UserService $user_service;
48
49    /**
50     * @param UpgradeService $upgrade_service
51     * @param UserService    $user_service
52     */
53    public function __construct(UpgradeService $upgrade_service, UserService $user_service)
54    {
55        $this->upgrade_service = $upgrade_service;
56        $this->user_service    = $user_service;
57    }
58
59    /**
60     * Perform a login.
61     *
62     * @param ServerRequestInterface $request
63     *
64     * @return ResponseInterface
65     */
66    public function handle(ServerRequestInterface $request): ResponseInterface
67    {
68        $tree        = Validator::attributes($request)->treeOptional();
69        $default_url = route(HomePage::class);
70        $username    = Validator::parsedBody($request)->string('username');
71        $password    = Validator::parsedBody($request)->string('password');
72        $url         = Validator::parsedBody($request)->isLocalUrl()->string('url', $default_url);
73
74        try {
75            $this->doLogin($username, $password);
76
77            if (Auth::isAdmin() && $this->upgrade_service->isUpgradeAvailable()) {
78                FlashMessages::addMessage(I18N::translate('A new version of webtrees is available.') . ' <a class="alert-link" href="' . e(route(UpgradeWizardPage::class)) . '">' . I18N::translate('Upgrade to webtrees %s.', '<span dir="ltr">' . $this->upgrade_service->latestVersion() . '</span>') . '</a>');
79            }
80
81            // Redirect to the target URL
82            return redirect($url);
83        } catch (Exception $ex) {
84            // Failed to log in.
85            FlashMessages::addMessage($ex->getMessage(), 'danger');
86
87            return redirect(route(LoginPage::class, [
88                'tree'     => $tree?->name(),
89                'username' => $username,
90                'url'      => $url,
91            ]));
92        }
93    }
94
95    /**
96     * Log in, if we can.  Throw an exception, if we can't.
97     *
98     * @param string $username
99     * @param string $password
100     *
101     * @return void
102     * @throws Exception
103     */
104    private function doLogin(string $username, #[\SensitiveParameter] string $password): void
105    {
106        if ($_COOKIE === []) {
107            Log::addAuthenticationLog('Login failed (no session cookies): ' . $username);
108            throw new Exception(I18N::translate('You cannot sign in because your browser does not accept cookies.'));
109        }
110
111        $user = $this->user_service->findByIdentifier($username);
112
113        if ($user === null) {
114            Log::addAuthenticationLog('Login failed (no such user/email): ' . $username);
115            throw new Exception(I18N::translate('The username or password is incorrect.'));
116        }
117
118        if (!$user->checkPassword($password)) {
119            Log::addAuthenticationLog('Login failed (incorrect password): ' . $username);
120            throw new Exception(I18N::translate('The username or password is incorrect.'));
121        }
122
123        if ($user->getPreference(UserInterface::PREF_IS_EMAIL_VERIFIED) !== '1') {
124            Log::addAuthenticationLog('Login failed (not verified by user): ' . $username);
125            throw new Exception(I18N::translate('This account has not been verified. Please check your email for a verification message.'));
126        }
127
128        if ($user->getPreference(UserInterface::PREF_IS_ACCOUNT_APPROVED) !== '1') {
129            Log::addAuthenticationLog('Login failed (not approved by admin): ' . $username);
130            throw new Exception(I18N::translate('This account has not been approved. Please wait for an administrator to approve it.'));
131        }
132
133        Auth::login($user);
134        Log::addAuthenticationLog('Login: ' . Auth::user()->userName() . '/' . Auth::user()->realName());
135        Auth::user()->setPreference(UserInterface::PREF_TIMESTAMP_ACTIVE, (string) time());
136
137        Session::put('language', Auth::user()->getPreference(UserInterface::PREF_LANGUAGE));
138        Session::put('theme', Auth::user()->getPreference(UserInterface::PREF_THEME));
139        I18N::init(Auth::user()->getPreference(UserInterface::PREF_LANGUAGE));
140    }
141}
142