1<?php 2 3/** 4 * webtrees: online genealogy 5 * Copyright (C) 2021 webtrees development team 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License as published by 8 * the Free Software Foundation, either version 3 of the License, or 9 * (at your option) any later version. 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * You should have received a copy of the GNU General Public License 15 * along with this program. If not, see <https://www.gnu.org/licenses/>. 16 */ 17 18declare(strict_types=1); 19 20namespace Fisharebest\Webtrees\Http\RequestHandlers; 21 22use Exception; 23use Fisharebest\Webtrees\Auth; 24use Fisharebest\Webtrees\Contracts\UserInterface; 25use Fisharebest\Webtrees\FlashMessages; 26use Fisharebest\Webtrees\I18N; 27use Fisharebest\Webtrees\Log; 28use Fisharebest\Webtrees\Services\UpgradeService; 29use Fisharebest\Webtrees\Services\UserService; 30use Fisharebest\Webtrees\Session; 31use Fisharebest\Webtrees\Tree; 32use Fisharebest\Webtrees\Validator; 33use Psr\Http\Message\ResponseInterface; 34use Psr\Http\Message\ServerRequestInterface; 35use Psr\Http\Server\RequestHandlerInterface; 36 37use function route; 38use function time; 39 40/** 41 * Perform a login. 42 */ 43class LoginAction implements RequestHandlerInterface 44{ 45 private UpgradeService $upgrade_service; 46 47 private UserService $user_service; 48 49 /** 50 * LoginController constructor. 51 * 52 * @param UpgradeService $upgrade_service 53 * @param UserService $user_service 54 */ 55 public function __construct(UpgradeService $upgrade_service, UserService $user_service) 56 { 57 $this->upgrade_service = $upgrade_service; 58 $this->user_service = $user_service; 59 } 60 61 /** 62 * Perform a login. 63 * 64 * @param ServerRequestInterface $request 65 * 66 * @return ResponseInterface 67 */ 68 public function handle(ServerRequestInterface $request): ResponseInterface 69 { 70 $tree = Validator::attributes($request)->treeOptional(); 71 $base_url = Validator::attributes($request)->string('base_url'); 72 $default_url = route(HomePage::class); 73 $username = Validator::parsedBody($request)->string('username'); 74 $password = Validator::parsedBody($request)->string('password'); 75 $url = Validator::parsedBody($request)->isLocalUrl($base_url)->string('url', $default_url); 76 77 try { 78 $this->doLogin($username, $password); 79 80 if (Auth::isAdmin() && $this->upgrade_service->isUpgradeAvailable()) { 81 FlashMessages::addMessage(I18N::translate('A new version of webtrees is available.') . ' <a class="alert-link" href="' . e(route(UpgradeWizardPage::class)) . '">' . I18N::translate('Upgrade to webtrees %s.', '<span dir="ltr">' . $this->upgrade_service->latestVersion() . '</span>') . '</a>'); 82 } 83 84 // Redirect to the target URL 85 return redirect($url); 86 } catch (Exception $ex) { 87 // Failed to log in. 88 FlashMessages::addMessage($ex->getMessage(), 'danger'); 89 90 return redirect(route(LoginPage::class, [ 91 'tree' => $tree instanceof Tree ? $tree->name() : null, 92 'username' => $username, 93 'url' => $url, 94 ])); 95 } 96 } 97 98 /** 99 * Log in, if we can. Throw an exception, if we can't. 100 * 101 * @param string $username 102 * @param string $password 103 * 104 * @return void 105 * @throws Exception 106 */ 107 private function doLogin(string $username, string $password): void 108 { 109 if ($_COOKIE === []) { 110 Log::addAuthenticationLog('Login failed (no session cookies): ' . $username); 111 throw new Exception(I18N::translate('You cannot sign in because your browser does not accept cookies.')); 112 } 113 114 $user = $this->user_service->findByIdentifier($username); 115 116 if ($user === null) { 117 Log::addAuthenticationLog('Login failed (no such user/email): ' . $username); 118 throw new Exception(I18N::translate('The username or password is incorrect.')); 119 } 120 121 if (!$user->checkPassword($password)) { 122 Log::addAuthenticationLog('Login failed (incorrect password): ' . $username); 123 throw new Exception(I18N::translate('The username or password is incorrect.')); 124 } 125 126 if ($user->getPreference(UserInterface::PREF_IS_EMAIL_VERIFIED) !== '1') { 127 Log::addAuthenticationLog('Login failed (not verified by user): ' . $username); 128 throw new Exception(I18N::translate('This account has not been verified. Please check your email for a verification message.')); 129 } 130 131 if ($user->getPreference(UserInterface::PREF_IS_ACCOUNT_APPROVED) !== '1') { 132 Log::addAuthenticationLog('Login failed (not approved by admin): ' . $username); 133 throw new Exception(I18N::translate('This account has not been approved. Please wait for an administrator to approve it.')); 134 } 135 136 Auth::login($user); 137 Log::addAuthenticationLog('Login: ' . Auth::user()->userName() . '/' . Auth::user()->realName()); 138 Auth::user()->setPreference(UserInterface::PREF_TIMESTAMP_ACTIVE, (string) time()); 139 140 Session::put('language', Auth::user()->getPreference(UserInterface::PREF_LANGUAGE)); 141 Session::put('theme', Auth::user()->getPreference(UserInterface::PREF_THEME)); 142 I18N::init(Auth::user()->getPreference(UserInterface::PREF_LANGUAGE)); 143 } 144} 145