diff --git a/src/Resources/Environment.php b/src/Resources/Environment.php index 6de0e3c..ca69d91 100644 --- a/src/Resources/Environment.php +++ b/src/Resources/Environment.php @@ -96,6 +96,9 @@ protected function handleGET() $result['platform']['packages'] = $packages; $result['php'] = EnvUtilities::getPhpInfo(); + // Remove environment variables being kicked back to the client + unset($result['php']['environment']); + unset($result['php']['php_variables']); } } diff --git a/src/Resources/Session.php b/src/Resources/Session.php index 4bb0b30..3389a04 100644 --- a/src/Resources/Session.php +++ b/src/Resources/Session.php @@ -29,6 +29,18 @@ protected function handleGET() */ protected function handlePOST() { + // IntegrateIo Hosted Trial Login + if (!empty($this->getPayloadData('integrateio_id'))) { + $credentials = [ + 'integrateio_id' => $this->getPayloadData('integrateio_id'), + 'email' => $this->getPayloadData('email'), + 'sso_token' => $this->getPayloadData('sso_token'), + 'timestamp' => $this->getPayloadData('timestamp') + ]; + + return $this->handleIntegrateLogin($credentials, boolval($this->getPayloadData('remember_me'))); + } + $credentials = [ 'email' => $this->getPayloadData('email'), 'username' => $this->getPayloadData('username'), diff --git a/src/Resources/UserProfileResource.php b/src/Resources/UserProfileResource.php index b64ebdd..9b87576 100644 --- a/src/Resources/UserProfileResource.php +++ b/src/Resources/UserProfileResource.php @@ -52,7 +52,8 @@ protected function handleGET() 'security_question' => $user->security_question, 'default_app_id' => $user->default_app_id, 'oauth_provider' => (!empty($user->oauth_provider)) ? $user->oauth_provider : '', - 'adldap' => (!empty($user->adldap)) ? $user->adldap : '' + 'adldap' => (!empty($user->adldap)) ? $user->adldap : '', + 'integrateio_id' => (!empty($user->integrateio_id)) ? $user->integrateio_id : '' ]; return $data; @@ -80,7 +81,8 @@ protected function handlePOST() 'phone' => array_get($payload, 'phone'), 'security_question' => array_get($payload, 'security_question'), 'security_answer' => array_get($payload, 'security_answer'), - 'default_app_id' => array_get($payload, 'default_app_id') + 'default_app_id' => array_get($payload, 'default_app_id'), + 'current_password' => array_get($payload, 'current_password') ]; $data = array_filter($data, function ($value) { @@ -95,6 +97,27 @@ protected function handlePOST() $oldToken = Session::getSessionToken(); $email = $user->email; + + // require password on email change + if (!empty(array_get($data, 'email')) && $email !== array_get($data, 'email')) { + $provided = array_get($data, 'current_password'); + + if (empty($provided)) { + throw new BadRequestException('Current Password required to change email'); + } + + try { + //validate password + $isValid = \Hash::check($provided, $user->password); + } catch (\Exception $ex) { + throw new InternalServerErrorException("Error validating current password.\n{$ex->getMessage()}"); + } + + if (!$isValid) { + throw new BadRequestException("The password supplied does not match."); + } + } + $user->update($data); if (!empty($oldToken) && $email !== array_get($data, 'email', $email)) { diff --git a/src/Resources/UserSessionResource.php b/src/Resources/UserSessionResource.php index 8669e13..f1edf78 100644 --- a/src/Resources/UserSessionResource.php +++ b/src/Resources/UserSessionResource.php @@ -201,6 +201,60 @@ protected function handleLogin(array $credentials = [], $remember = false) } } + /** + * @param array $credentials + * @return string + */ + private function generateToken($credentials) { + $integrateio_id = $credentials['integrateio_id']; + $email = $credentials['email']; + $timestamp = $credentials['timestamp']; + $secret = getenv('INTEGRATEIO_SSO_SECRET'); + + $hashedToken = sha1($integrateio_id . ':' . $email . ':' . $secret . ':' . $timestamp); + return $hashedToken; + } + /** + * Performs login for Integrate Io Hosted trial Users. + * + * @param array $credentials + * @param bool $remember + * + * @return array + * @throws BadRequestException + * @throws UnauthorizedException + * @throws \Exception + */ + protected function handleIntegrateLogin(array $credentials = [], $remember = false) + { + // Check all params are there: + $requiredParams = array('integrateio_id', 'email', 'sso_token', 'timestamp'); + + // Make sure that all params are in the request. + foreach ($requiredParams as $requiredParam) { + if (!isset($credentials[$requiredParam])) { + throw new BadRequestException('Missing Parameters'); + } + } + + if (($this->generateToken($credentials) === $credentials['sso_token']) && ($credentials['timestamp'] > (time() - 120))) { + $credentials['is_active'] = 1; + + // if user management not available then only system admins can login. + if (!class_exists('\DreamFactory\Core\User\Resources\System\User')) { + $credentials['is_sys_admin'] = 1; + } + + if (Session::authenticate($credentials, $remember, true, $this->getAppId())) { + return Session::getPublicInfo(); + } else { + throw new UnauthorizedException('Invalid credentials supplied.'); + } + } else { + throw new UnauthorizedException('Invalid token supplied'); + } + } + /** * @return int|null */