PageRenderTime 54ms CodeModel.GetById 26ms RepoModel.GetById 1ms app.codeStats 0ms

/library/My/Plugin/AclPlugin.php

https://github.com/mineirim/observer
PHP | 138 lines | 112 code | 7 blank | 19 comment | 24 complexity | a5c27351ca56cce3cf8e623fa54090d7 MD5 | raw file
    

  1. <?php

    2. 

  2. class My_Plugin_AclPlugin extends Zend_Controller_Plugin_Abstract {

    3. 

  3. 

    4. 

  4. 	/**

    5. 

  5. 	 * @var mixed

    6. 

  6. 	 */

    7. 

  7. 	private $_auth;

    8. 

  8. 	/**

    9. 

  9. 	 * @param $token

    10. 

  10. 	 */

    11. 

  11. 	private function tokenValidate($request, $token) {

    12. 

  12. 		$this->validateSystem($request);

    13. 

  13. 		$token = base64_decode($token);

    14. 

  14. 		if (strpos(substr($token, 0, strlen(base64_encode(date('Ymd')))), base64_encode(date('Ymd'))) === 0) {

    15. 

  15. 			$email = base64_decode(substr($token, strlen(base64_encode(date('Ymd')))));

    16. 

  16. 			$this->authentication($email);

    17. 

  17. 

    18. 

  18. 		} else {

    19. 

  19. 			throw new Exception('Token inválido');

    20. 

  20. 

    21. 

  21. 		}

    22. 

  22. 	}

    23. 

  23. 	/**

    24. 

  24. 	 * @param $request

    25. 

  25. 	 * @return null

    26. 

  26. 	 */

    27. 

  27. 	private function validateSystem($request) {

    28. 

  28. 		$request->setParam('format', 'json');

    29. 

  29. 		$sistemasModel = new Data_Model_DbTable_Sistemas();

    30. 

  30. 		$systoken      = $request->getHeader('systoken');

    31. 

  31. 		if (!$systoken) {

    32. 

  32. 			throw new Zend_Exception('O sistema não está cadastrado/autorizado no SISPLAN', 1);

    33. 

  33. 

    34. 

  34. 		} else {

    35. 

  35. 			$sistema = $sistemasModel->fetchRow(['chave=?' => $systoken]);

    36. 

  36. 			if (count($sistema) === 0) {

    37. 

  37. 				throw new Zend_Exception('O sistema não está cadastrado/autorizado no SISPLAN', 1);

    38. 

  38. 			} else {

    39. 

  39. 				\Zend_Registry::set('sistema', $sistema);

    40. 

  40. 			}

    41. 

  41. 		}

    42. 

  42. 	}

    43. 

  43. 	/**

    44. 

  44. 	 * @param $email

    45. 

  45. 	 */

    46. 

  46. 	private function authentication($email, $cpf = '') {

    47. 

  47. 		$db          = Zend_Registry::get('db');

    48. 

  48. 		$authadapter = new \Zend_Auth_Adapter_DbTable($db);

    49. 

  49. 		// Assign the authentication informations to the adapter

    50. 

  50. 		// try

    51. 

  51. 		if ($cpf !== '') {

    52. 

  52. 			$authadapter->setTableName('usuarios')

    53. 

  53. 				->setIdentityColumn('cpf')

    54. 

  54. 				->setCredentialColumn('cpf')

    55. 

  55. 				->setCredentialTreatment('? AND situacao_id=1');

    56. 

  56. 			$authadapter->setIdentity($cpf)->setCredential($cpf);

    57. 

  57. 		} else {

    58. 

  58. 			$authadapter->setTableName('usuarios')

    59. 

  59. 				->setIdentityColumn('email')

    60. 

  60. 				->setCredentialColumn('email')

    61. 

  61. 				->setCredentialTreatment('? AND situacao_id=1');

    62. 

  62. 			$authadapter->setIdentity($email)->setCredential($email);

    63. 

  63. 		}

    64. 

  64. 		$auth = \Zend_Auth::getInstance();

    65. 

  65. 		$auth->clearIdentity();

    66. 

  66. 		$auth->getStorage()->clear();

    67. 

  67. 		$result = $authadapter->authenticate(); //  $auth->authenticate ($authadapter);

    68. 

  68. 		if ($result->isValid()) {

    69. 

  69. 			$nome = getenv('Shib-inetOrgPerson-cn') ? getenv('Shib-inetOrgPerson-cn') : 'not shib';

    70. 

  70. 			$auth->getStorage()->write($authadapter->getResultRowObject(null, ['senha', 'salt']));

    71. 

  71. 			\Etc\Tools::auditLog(['url' => 'login', 'http_method' => 'POST',

    72. 

  72. 				'data_log' => '{"nome":"' . $nome . '", "cpf":"'.$cpf.'"}']);

    73. 

  73. 		} else {

    74. 

  74. 			if (getenv('Shib-brPerson-brPersonCPF') ) {

    75. 

  75. 				$data = ['nome' => getenv('Shib-inetOrgPerson-cn'),

    76. 

  76. 					'email' => getenv('Shib-inetOrgPerson-mail'),

    77. 

  77. 					'usuario' => getenv('Shib-brPerson-brPersonCPF'),

    78. 

  78. 					'cpf' => getenv('Shib-brPerson-brPersonCPF'),

    79. 

  79. 					'situacao_id' => 3,

    80. 

  80. 				];

    81. 

  81. 				$usuariosModel = new Data_Model_Usuarios;

    82. 

  82. 				$usuariosModel->addUsuario($data);

    83. 

  83. 			}

    84. 

  84. 			error_log('nao autorizado: ' . $email . ' - cpf: ' . $cpf . PHP_EOL);

    85. 

  85. 			throw new \Exception($result->getMessages()[0]);

    86. 

  86. 		}

    87. 

  87. 	}

    88. 

  88. 	/**

    89. 

  89. 	 * @param Zend_Controller_Request_Http $request

    90. 

  90. 	 * @return null

    91. 

  91. 	 */

    92. 

  92. 	public function preDispatch(Zend_Controller_Request_Abstract $request) {

    93. 

  93. 		$auth_token  = $request->getHeader('authtoken');

    94. 

  94. 		$shib_cpf    = getenv('Shib-brPerson-brPersonCPF');

    95. 

  95. 		$shib_mail   = getenv('Shib-inetOrgPerson-mail');

    96. 

  96. 		$this->_auth = \Zend_Auth::getInstance();

    97. 

  97. 		try {

    98. 

  98. 			if (!$this->_auth->hasIdentity()) {

    99. 

  99. 				if ($shib_cpf) {

    100. 

  100. 					$this->authentication(null, $shib_cpf);

    101. 

  101. 				}

    102. 

  102. 			}

    103. 

  103. 		} catch (Exception $e) {

    104. 

  104. 

    105. 

  105. 		}

    106. 

  106. 		$module = $request->getModuleName();

    107. 

  107. 		if ($module == 'acesso' || $module == 'default') {

    108. 

  108. 			$action = $request->getActionName();

    109. 

  109. 			if ($action == 'get-token') {

    110. 

  110. 				$this->validateSystem($request);

    111. 

  111. 			}

    112. 

  112. 			parent::preDispatch($request);

    113. 

  113. 		} else {

    114. 

  114. 			$controller = $action = '';

    115. 

  115. 			if ($auth_token) {

    116. 

  116. 				$this->tokenValidate($request, $auth_token);

    117. 

  117. 				parent::preDispatch($request);

    118. 

  118. 				return;

    119. 

  119. 			}

    120. 

  120. 			$this->_auth = Zend_Auth::getInstance();

    121. 

  121. 

    122. 

  122. 			if (!$this->_auth->hasIdentity()) {

    123. 

  123. 				if ($shib_cpf) {

    124. 

  124. 					$this->authentication(null, $shib_cpf);

    125. 

  125. 					parent::preDispatch($request);

    126. 

  126. 				} else {

    127. 

  127. 					$module     = 'acesso';

    128. 

  128. 					$controller = 'index';

    129. 

  129. 					$action     = 'index';

    130. 

  130. 					$request->setModuleName($module);

    131. 

  131. 					$request->setControllerName($controller);

    132. 

  132. 					$request->setActionName($action);

    133. 

  133. 				}

    134. 

  134. 			}

    135. 

  135. 		}

    136. 

  136. 	}

    137. 

  137. 

    138. 

  138. }
    139.