xref: /webtrees/app/Http/RequestHandlers/LoginAction.php (revision 86661454ca7b7e2d48e9e107905c03de74517d0c)
1d403609dSGreg Roach<?php
2d403609dSGreg Roach
3d403609dSGreg Roach/**
4d403609dSGreg Roach * webtrees: online genealogy
5d403609dSGreg Roach * Copyright (C) 2019 webtrees development team
6d403609dSGreg Roach * This program is free software: you can redistribute it and/or modify
7d403609dSGreg Roach * it under the terms of the GNU General Public License as published by
8d403609dSGreg Roach * the Free Software Foundation, either version 3 of the License, or
9d403609dSGreg Roach * (at your option) any later version.
10d403609dSGreg Roach * This program is distributed in the hope that it will be useful,
11d403609dSGreg Roach * but WITHOUT ANY WARRANTY; without even the implied warranty of
12d403609dSGreg Roach * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13d403609dSGreg Roach * GNU General Public License for more details.
14d403609dSGreg Roach * You should have received a copy of the GNU General Public License
15d403609dSGreg Roach * along with this program. If not, see <http://www.gnu.org/licenses/>.
16d403609dSGreg Roach */
17fcfa147eSGreg Roach
18d403609dSGreg Roachdeclare(strict_types=1);
19d403609dSGreg Roach
20d403609dSGreg Roachnamespace Fisharebest\Webtrees\Http\RequestHandlers;
21d403609dSGreg Roach
22d403609dSGreg Roachuse Exception;
23d403609dSGreg Roachuse Fisharebest\Webtrees\Auth;
24d403609dSGreg Roachuse Fisharebest\Webtrees\Carbon;
25d403609dSGreg Roachuse Fisharebest\Webtrees\FlashMessages;
26d403609dSGreg Roachuse Fisharebest\Webtrees\Http\Controllers\AbstractBaseController;
27d403609dSGreg Roachuse Fisharebest\Webtrees\I18N;
28d403609dSGreg Roachuse Fisharebest\Webtrees\Log;
29*86661454SGreg Roachuse Fisharebest\Webtrees\Services\TreeService;
30d403609dSGreg Roachuse Fisharebest\Webtrees\Services\UpgradeService;
31d403609dSGreg Roachuse Fisharebest\Webtrees\Services\UserService;
32d403609dSGreg Roachuse Fisharebest\Webtrees\Session;
33*86661454SGreg Roachuse Fisharebest\Webtrees\Tree;
34d403609dSGreg Roachuse Illuminate\Database\Capsule\Manager as DB;
35d403609dSGreg Roachuse Psr\Http\Message\ResponseInterface;
36d403609dSGreg Roachuse Psr\Http\Message\ServerRequestInterface;
37d403609dSGreg Roach
38d403609dSGreg Roach/**
39d403609dSGreg Roach * Perform a login.
40d403609dSGreg Roach */
41d403609dSGreg Roachclass LoginAction extends AbstractBaseController
42d403609dSGreg Roach{
43d403609dSGreg Roach    /** @var UpgradeService */
44d403609dSGreg Roach    private $upgrade_service;
45d403609dSGreg Roach
46d403609dSGreg Roach    /** @var UserService */
47d403609dSGreg Roach    private $user_service;
48d403609dSGreg Roach
49d403609dSGreg Roach    /**
50d403609dSGreg Roach     * LoginController constructor.
51d403609dSGreg Roach     *
52d403609dSGreg Roach     * @param UpgradeService $upgrade_service
53d403609dSGreg Roach     * @param UserService    $user_service
54d403609dSGreg Roach     */
55d403609dSGreg Roach    public function __construct(UpgradeService $upgrade_service, UserService $user_service)
56d403609dSGreg Roach    {
57d403609dSGreg Roach        $this->upgrade_service = $upgrade_service;
58d403609dSGreg Roach        $this->user_service    = $user_service;
59d403609dSGreg Roach    }
60d403609dSGreg Roach
61d403609dSGreg Roach    /**
62d403609dSGreg Roach     * Perform a login.
63d403609dSGreg Roach     *
64d403609dSGreg Roach     * @param ServerRequestInterface $request
65d403609dSGreg Roach     *
66d403609dSGreg Roach     * @return ResponseInterface
67d403609dSGreg Roach     */
68d403609dSGreg Roach    public function handle(ServerRequestInterface $request): ResponseInterface
69d403609dSGreg Roach    {
70*86661454SGreg Roach        $tree     = $request->getAttribute('tree');
71d403609dSGreg Roach        $username = $request->getParsedBody()['username'] ?? '';
72d403609dSGreg Roach        $password = $request->getParsedBody()['password'] ?? '';
73d403609dSGreg Roach        $url      = $request->getParsedBody()['url'] ?? '';
74d403609dSGreg Roach
75d403609dSGreg Roach        try {
76d403609dSGreg Roach            $this->doLogin($username, $password);
77d403609dSGreg Roach
78d403609dSGreg Roach            if (Auth::isAdmin() && $this->upgrade_service->isUpgradeAvailable()) {
79d403609dSGreg Roach                FlashMessages::addMessage(I18N::translate('A new version of webtrees is available.') . ' <a class="alert-link" href="' . e(route('upgrade')) . '">' . I18N::translate('Upgrade to webtrees %s.', '<span dir="ltr">' . $this->upgrade_service->latestVersion() . '</span>') . '</a>');
80d403609dSGreg Roach            }
81d403609dSGreg Roach
82d403609dSGreg Roach            // If there was no referring page, redirect to "my page".
83d403609dSGreg Roach            if ($url === '') {
84d403609dSGreg Roach                // Switch to a tree where we have a genealogy record (or keep to the current/default).
85d72b284aSGreg Roach                $tree = (string) DB::table('gedcom')
86d403609dSGreg Roach                    ->join('user_gedcom_setting', 'gedcom.gedcom_id', '=', 'user_gedcom_setting.gedcom_id')
87d403609dSGreg Roach                    ->where('user_id', '=', Auth::id())
88d403609dSGreg Roach                    ->value('gedcom_name');
89d403609dSGreg Roach
90d72b284aSGreg Roach                $url = route('tree-page', ['tree' => $tree]);
91d403609dSGreg Roach            }
92d403609dSGreg Roach
93d403609dSGreg Roach            // Redirect to the target URL
94d403609dSGreg Roach            return redirect($url);
95d403609dSGreg Roach        } catch (Exception $ex) {
96d403609dSGreg Roach            // Failed to log in.
9756f9a9c1SGreg Roach            return redirect(route(LoginPage::class, [
98*86661454SGreg Roach                'tree'     => $tree instanceof Tree ? $tree->name() : null,
99d403609dSGreg Roach                'username' => $username,
100d403609dSGreg Roach                'url'      => $url,
101d403609dSGreg Roach                'error'    => $ex->getMessage(),
102d403609dSGreg Roach            ]));
103d403609dSGreg Roach        }
104d403609dSGreg Roach    }
105d403609dSGreg Roach
106d403609dSGreg Roach    /**
107d403609dSGreg Roach     * Log in, if we can.  Throw an exception, if we can't.
108d403609dSGreg Roach     *
109d403609dSGreg Roach     * @param string $username
110d403609dSGreg Roach     * @param string $password
111d403609dSGreg Roach     *
112d403609dSGreg Roach     * @return void
113d403609dSGreg Roach     * @throws Exception
114d403609dSGreg Roach     */
115d403609dSGreg Roach    private function doLogin(string $username, string $password): void
116d403609dSGreg Roach    {
117d403609dSGreg Roach        if (!$_COOKIE) {
118d403609dSGreg Roach            Log::addAuthenticationLog('Login failed (no session cookies): ' . $username);
119d403609dSGreg Roach            throw new Exception(I18N::translate('You cannot sign in because your browser does not accept cookies.'));
120d403609dSGreg Roach        }
121d403609dSGreg Roach
122d403609dSGreg Roach        $user = $this->user_service->findByIdentifier($username);
123d403609dSGreg Roach
124d403609dSGreg Roach        if ($user === null) {
125d403609dSGreg Roach            Log::addAuthenticationLog('Login failed (no such user/email): ' . $username);
126d403609dSGreg Roach            throw new Exception(I18N::translate('The username or password is incorrect.'));
127d403609dSGreg Roach        }
128d403609dSGreg Roach
129d403609dSGreg Roach        if (!$user->checkPassword($password)) {
130d403609dSGreg Roach            Log::addAuthenticationLog('Login failed (incorrect password): ' . $username);
131d403609dSGreg Roach            throw new Exception(I18N::translate('The username or password is incorrect.'));
132d403609dSGreg Roach        }
133d403609dSGreg Roach
134d403609dSGreg Roach        if (!$user->getPreference('verified')) {
135d403609dSGreg Roach            Log::addAuthenticationLog('Login failed (not verified by user): ' . $username);
136d403609dSGreg Roach            throw new Exception(I18N::translate('This account has not been verified. Please check your email for a verification message.'));
137d403609dSGreg Roach        }
138d403609dSGreg Roach
139d403609dSGreg Roach        if (!$user->getPreference('verified_by_admin')) {
140d403609dSGreg Roach            Log::addAuthenticationLog('Login failed (not approved by admin): ' . $username);
141d403609dSGreg Roach            throw new Exception(I18N::translate('This account has not been approved. Please wait for an administrator to approve it.'));
142d403609dSGreg Roach        }
143d403609dSGreg Roach
144d403609dSGreg Roach        Auth::login($user);
145d403609dSGreg Roach        Log::addAuthenticationLog('Login: ' . Auth::user()->userName() . '/' . Auth::user()->realName());
146d403609dSGreg Roach        Auth::user()->setPreference('sessiontime', (string) Carbon::now()->unix());
147d403609dSGreg Roach
148d403609dSGreg Roach        Session::put('language', Auth::user()->getPreference('language'));
149d403609dSGreg Roach        Session::put('theme', Auth::user()->getPreference('theme'));
150d403609dSGreg Roach        I18N::init(Auth::user()->getPreference('language'));
151d403609dSGreg Roach    }
152d403609dSGreg Roach}
153