Home Explore Help
Sign In
arman_mohtadji
/
tournonsLaPage
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 4b7c97a02e
Branches Tags
tournonsLaPage
/
plugins
/
admin
/
classes
/
plugin
/
Controllers
/
Login
/
LoginController.php

LoginController.php 21 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634 
  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * @package    Grav\Plugin\Admin
    5. 

  5.  *
    6. 

  6.  * @copyright  Copyright (c) 2015 - 2023 Trilby Media, LLC. All rights reserved.
    7. 

  7.  * @license    MIT License; see LICENSE file for details.
    8. 

  8.  */
    9. 

  9. 

  10. namespace Grav\Plugin\Admin\Controllers\Login;
    11. 

  11. 

  12. use Grav\Common\Debugger;
    13. 

  13. use Grav\Common\Grav;
    14. 

  14. use Grav\Common\Page\Pages;
    15. 

  15. use Grav\Common\Uri;
    16. 

  16. use Grav\Common\User\Interfaces\UserCollectionInterface;
    17. 

  17. use Grav\Common\User\Interfaces\UserInterface;
    18. 

  18. use Grav\Common\Utils;
    19. 

  19. use Grav\Framework\RequestHandler\Exception\PageExpiredException;
    20. 

  20. use Grav\Framework\RequestHandler\Exception\RequestException;
    21. 

  21. use Grav\Plugin\Admin\Admin;
    22. 

  22. use Grav\Plugin\Admin\Controllers\AdminController;
    23. 

  23. use Grav\Plugin\Email\Email;
    24. 

  24. use Grav\Plugin\Login\Login;
    25. 

  25. use Psr\Http\Message\ResponseInterface;
    26. 

  26. use RobThree\Auth\TwoFactorAuthException;
    27. 

  27. 

  28. /**
    29. 

  29.  * Class LoginController
    30. 

  30.  * @package Grav\Plugin\Admin\Controllers\Login
    31. 

  31.  */
    32. 

  32. class LoginController extends AdminController
    33. 

  33. {
    34. 

  34.     /** @var string */
    35. 

  35.     protected $nonce_action = 'admin-login';
    36. 

  36.     /** @var string */
    37. 

  37.     protected $nonce_name = 'login-nonce';
    38. 

  38. 

  39.     /**
    40. 

  40.      * @return ResponseInterface
    41. 

  41.      */
    42. 

  42.     public function displayLogin(): ResponseInterface
    43. 

  43.     {
    44. 

  44.         $this->page = $this->createPage('login');
    45. 

  45. 

  46.         $user = $this->getUser();
    47. 

  47.         if ($this->is2FA($user)) {
    48. 

  48.             $this->form = $this->getForm('login-twofa', ['reset' => true]);
    49. 

  49.         } else {
    50. 

  50.             $this->form = $this->getForm('login', ['reset' => true]);
    51. 

  51.         }
    52. 

  52. 

  53.         return $this->createDisplayResponse();
    54. 

  54.     }
    55. 

  55. 

  56.     /**
    57. 

  57.      * @return ResponseInterface
    58. 

  58.      */
    59. 

  59.     public function displayForgot(): ResponseInterface
    60. 

  60.     {
    61. 

  61.         $this->page = $this->createPage('forgot');
    62. 

  62.         $this->form = $this->getForm('admin-login-forgot', ['reset' => true]);
    63. 

  63. 

  64.         return $this->createDisplayResponse();
    65. 

  65.     }
    66. 

  66. 

  67.     /**
    68. 

  68.      * Handle the reset password action.
    69. 

  69.      *
    70. 

  70.      * @param string|null $username
    71. 

  71.      * @param string|null $token
    72. 

  72.      * @return ResponseInterface
    73. 

  73.      */
    74. 

  74.     public function displayReset(string $username = null, string $token = null): ResponseInterface
    75. 

  75.     {
    76. 

  76.         if ('' === (string)$username || '' === (string)$token) {
    77. 

  77.             $this->setMessage($this->translate('PLUGIN_ADMIN.RESET_INVALID_LINK'), 'error');
    78. 

  78. 

  79.             return $this->createRedirectResponse('/forgot');
    80. 

  80.         }
    81. 

  81. 

  82.         $this->page = $this->createPage('reset');
    83. 

  83.         $this->form = $this->getForm('admin-login-reset', ['reset' => true]);
    84. 

  84.         $this->form->setData('username', $username);
    85. 

  85.         $this->form->setData('token', $token);
    86. 

  86. 

  87.         $this->setMessage($this->translate('PLUGIN_ADMIN.RESET_NEW_PASSWORD'));
    88. 

  88. 

  89.         return $this->createDisplayResponse();
    90. 

  90.     }
    91. 

  91. 

  92.     /**
    93. 

  93.      * @return ResponseInterface
    94. 

  94.      */
    95. 

  95.     public function displayRegister(): ResponseInterface
    96. 

  96.     {
    97. 

  97.         $route = $this->getRequest()->getAttribute('admin')['route'] ?? '';
    98. 

  98.         if ('' !== $route) {
    99. 

  99.             return $this->createRedirectResponse('/');
    100. 

  100.         }
    101. 

  101. 

  102.         $this->page = $this->createPage('register');
    103. 

  103.         $this->form = $this->getForm('admin-login-register');
    104. 

  104. 

  105.         return $this->createDisplayResponse();
    106. 

  106.     }
    107. 

  107. 

  108.     /**
    109. 

  109.      * @return ResponseInterface
    110. 

  110.      */
    111. 

  111.     public function displayUnauthorized(): ResponseInterface
    112. 

  112.     {
    113. 

  113.         $uri = (string)$this->getRequest()->getUri();
    114. 

  114. 

  115.         $ext = Utils::pathinfo($uri, PATHINFO_EXTENSION);
    116. 

  116.         $accept = $this->getAccept(['application/json', 'text/html']);
    117. 

  117.         if ($ext === 'json' || $accept === 'application/json') {
    118. 

  118.             return $this->createErrorResponse(new RequestException($this->getRequest(), $this->translate('PLUGIN_ADMIN.LOGGED_OUT'), 401));
    119. 

  119.         }
    120. 

  120. 

  121.         $this->setMessage($this->translate('PLUGIN_ADMIN.LOGGED_OUT'), 'warning');
    122. 

  122. 

  123.         return $this->createRedirectResponse('/');
    124. 

  124.     }
    125. 

  125. 

  126.     /**
    127. 

  127.      * Handle login.
    128. 

  128.      *
    129. 

  129.      * @return ResponseInterface
    130. 

  130.      */
    131. 

  131.     public function taskLogin(): ResponseInterface
    132. 

  132.     {
    133. 

  133.         $this->page = $this->createPage('login');
    134. 

  134.         $this->form = $this->getActiveForm() ?? $this->getForm('login');
    135. 

  135.         try {
    136. 

  136.             $this->checkNonce();
    137. 

  137.         } catch (PageExpiredException $e) {
    138. 

  138.             $this->setMessage($this->translate('PLUGIN_ADMIN.INVALID_SECURITY_TOKEN'), 'error');
    139. 

  139. 

  140.             return $this->createDisplayResponse();
    141. 

  141.         }
    142. 

  142. 

  143.         $post = $this->getPost();
    144. 

  144.         $credentials = (array)($post['data'] ?? []);
    145. 

  145.         $login = $this->getLogin();
    146. 

  146.         $config = $this->getConfig();
    147. 

  147. 

  148.         $userKey = (string)($credentials['username'] ?? '');
    149. 

  149.         // Pseudonymization of the IP.
    150. 

  150.         $ipKey = sha1(Uri::ip() . $config->get('security.salt'));
    151. 

  151. 

  152.         $rateLimiter = $login->getRateLimiter('login_attempts');
    153. 

  153. 

  154.         // Check if the current IP has been used in failed login attempts.
    155. 

  155.         $attempts = count($rateLimiter->getAttempts($ipKey, 'ip'));
    156. 

  156. 

  157.         $rateLimiter->registerRateLimitedAction($ipKey, 'ip')->registerRateLimitedAction($userKey);
    158. 

  158. 

  159.         // Check rate limit for both IP and user, but allow each IP a single try even if user is already rate limited.
    160. 

  160.         if ($rateLimiter->isRateLimited($ipKey, 'ip') || ($attempts && $rateLimiter->isRateLimited($userKey))) {
    161. 

  161.             Admin::DEBUG && Admin::addDebugMessage('Admin login: rate limit, redirecting', $credentials);
    162. 

  162. 

  163.             $this->setMessage($this->translate('PLUGIN_LOGIN.TOO_MANY_LOGIN_ATTEMPTS', $rateLimiter->getInterval()), 'error');
    164. 

  164. 

  165.             $this->form->reset();
    166. 

  166. 

  167.             /** @var Pages $pages */
    168. 

  168.             $pages = $this->grav['pages'];
    169. 

  169. 

  170.             // Redirect to the home page of the site.
    171. 

  171.             return $this->createRedirectResponse($pages->homeUrl(null, true));
    172. 

  172.         }
    173. 

  173. 

  174.         Admin::DEBUG && Admin::addDebugMessage('Admin login', $credentials);
    175. 

  175. 

  176.         // Fire Login process.
    177. 

  177.         $event = $login->login(
    178. 

  178.             $credentials,
    179. 

  179.             ['admin' => true, 'twofa' => $config->get('plugins.admin.twofa_enabled', false)],
    180. 

  180.             ['authorize' => 'admin.login', 'return_event' => true]
    181. 

  181.         );
    182. 

  182.         $user = $event->getUser();
    183. 

  183. 

  184.         Admin::DEBUG && Admin::addDebugMessage('Admin login: user', $user);
    185. 

  185. 

  186.         $redirect = (string)$this->getRequest()->getUri();
    187. 

  187. 

  188.         if ($user->authenticated) {
    189. 

  189.             $rateLimiter->resetRateLimit($ipKey, 'ip')->resetRateLimit($userKey);
    190. 

  190.             if ($user->authorized) {
    191. 

  191.                 $event->defMessage('PLUGIN_ADMIN.LOGIN_LOGGED_IN', 'info');
    192. 

  192.             }
    193. 

  193. 

  194.             $event->defRedirect($redirect);
    195. 

  195.         } elseif ($user->authorized) {
    196. 

  196.             $event->defMessage('PLUGIN_LOGIN.ACCESS_DENIED', 'error');
    197. 

  197.         } else {
    198. 

  198.             $event->defMessage('PLUGIN_LOGIN.LOGIN_FAILED', 'error');
    199. 

  199.         }
    200. 

  200. 

  201.         $event->defRedirect($redirect);
    202. 

  202. 

  203.         $message = $event->getMessage();
    204. 

  204.         if ($message) {
    205. 

  205.             $this->setMessage($this->translate($message), $event->getMessageType());
    206. 

  206.         }
    207. 

  207. 

  208.         $this->form->reset();
    209. 

  209. 

  210.         return $this->createRedirectResponse($event->getRedirect());
    211. 

  211.     }
    212. 

  212. 

  213.     /**
    214. 

  214.      * Handle logout when user isn't fully logged in or clicks logout after the session has been expired.
    215. 

  215.      *
    216. 

  216.      * @return ResponseInterface
    217. 

  217.      */
    218. 

  218.     public function taskLogout(): ResponseInterface
    219. 

  219.     {
    220. 

  220.         // We do not need to check the nonce here as user session has been expired or user hasn't fully logged in (2FA).
    221. 

  221.         // Just be sure we terminate the current session.
    222. 

  222.         $login = $this->getLogin();
    223. 

  223.         $event = $login->logout(['admin' => true], ['return_event' => true]);
    224. 

  224. 

  225.         $event->defMessage('PLUGIN_ADMIN.LOGGED_OUT', 'info');
    226. 

  226.         $message = $event->getMessage();
    227. 

  227.         if ($message) {
    228. 

  228.             $this->getSession()->setFlashCookieObject(Admin::TMP_COOKIE_NAME, ['message' => $this->translate($message), 'status' => $event->getMessageType()]);
    229. 

  229.         }
    230. 

  230. 

  231.         return $this->createRedirectResponse('/');
    232. 

  232.     }
    233. 

  233. 

  234.     /**
    235. 

  235.      * Handle 2FA verification.
    236. 

  236.      *
    237. 

  237.      * @return ResponseInterface
    238. 

  238.      */
    239. 

  239.     public function taskTwofa(): ResponseInterface
    240. 

  240.     {
    241. 

  241.         $user = $this->getUser();
    242. 

  242.         if (!$this->is2FA($user)) {
    243. 

  243.             Admin::DEBUG && Admin::addDebugMessage('Admin login: user is not logged in or does not have 2FA enabled', $user);
    244. 

  244. 

  245.             // Task is visible only for users who have enabled 2FA.
    246. 

  246.             return $this->createRedirectResponse('/');
    247. 

  247.         }
    248. 

  248. 

  249.         $login = $this->getLogin();
    250. 

  250. 

  251.         $this->page = $this->createPage('login');
    252. 

  252.         $this->form = $this->getForm('login-twofa');
    253. 

  253.         try {
    254. 

  254.             $this->checkNonce();
    255. 

  255.         } catch (PageExpiredException $e) {
    256. 

  256.             $this->setMessage($this->translate('PLUGIN_ADMIN.INVALID_SECURITY_TOKEN'), 'error');
    257. 

  257. 

  258.             // Failed 2FA nonce check, logout and redirect.
    259. 

  259.             $login->logout(['admin' => true]);
    260. 

  260.             $this->form->reset();
    261. 

  261. 

  262.             return $this->createRedirectResponse('/');
    263. 

  263.         }
    264. 

  264. 

  265. 

  266.         $post = $this->getPost();
    267. 

  267.         $data = $post['data'] ?? [];
    268. 

  268. 

  269.         try {
    270. 

  270.             $twoFa = $login->twoFactorAuth();
    271. 

  271.         } catch (TwoFactorAuthException $e) {
    272. 

  272.             /** @var Debugger $debugger */
    273. 

  273.             $debugger = $this->grav['debugger'];
    274. 

  274.             $debugger->addException($e);
    275. 

  275. 

  276.             $twoFa = null;
    277. 

  277.         }
    278. 

  278. 

  279.         $code = $data['2fa_code'] ?? '';
    280. 

  280.         $secret = $user->twofa_secret ?? '';
    281. 

  281.         $twofa_valid = $twoFa->verifyCode($secret, $code);
    282. 

  282. 

  283.         $yubikey_otp = $data['yubikey_otp'] ?? '';
    284. 

  284.         $yubikey_id = $user->yubikey_id ?? '';
    285. 

  285.         $yubikey_valid = $twoFa->verifyYubikeyOTP($yubikey_id, $yubikey_otp);
    286. 

  286. 

  287.         $redirect = (string)$this->getRequest()->getUri();
    288. 

  288. 

  289.         if (null === $twoFa || !$user->authenticated || (!$twofa_valid && !$yubikey_valid) ) {
    290. 

  290.             Admin::DEBUG && Admin::addDebugMessage('Admin login: 2FA check failed, log out!');
    291. 

  291. 

  292.             // Failed 2FA auth, logout and redirect to the current page.
    293. 

  293.             $login->logout(['admin' => true]);
    294. 

  294. 

  295.             $this->grav['session']->setFlashCookieObject(Admin::TMP_COOKIE_NAME, ['message' => $this->translate('PLUGIN_ADMIN.2FA_FAILED'), 'status' => 'error']);
    296. 

  296. 

  297.             $this->form->reset();
    298. 

  298. 

  299.             return $this->createRedirectResponse($redirect);
    300. 

  300.         }
    301. 

  301. 

  302.         // Successful 2FA, authorize user and redirect.
    303. 

  303.         Grav::instance()['user']->authorized = true;
    304. 

  304. 

  305.         Admin::DEBUG && Admin::addDebugMessage('Admin login: 2FA check succeeded, authorize user and redirect');
    306. 

  306. 

  307.         $this->setMessage($this->translate('PLUGIN_ADMIN.LOGIN_LOGGED_IN'));
    308. 

  308. 

  309.         $this->form->reset();
    310. 

  310. 

  311.         return $this->createRedirectResponse($redirect);
    312. 

  312.     }
    313. 

  313. 

  314.     /**
    315. 

  315.      * Handle the reset password action.
    316. 

  316.      *
    317. 

  317.      * @param string|null $username
    318. 

  318.      * @param string|null $token
    319. 

  319.      * @return ResponseInterface
    320. 

  320.      */
    321. 

  321.     public function taskReset(string $username = null, string $token = null): ResponseInterface
    322. 

  322.     {
    323. 

  323.         $this->page = $this->createPage('reset');
    324. 

  324.         $this->form = $this->getForm('admin-login-reset');
    325. 

  325.         try {
    326. 

  326.             $this->checkNonce();
    327. 

  327.         } catch (PageExpiredException $e) {
    328. 

  328.             $this->setMessage($this->translate('PLUGIN_ADMIN.INVALID_SECURITY_TOKEN'), 'error');
    329. 

  329. 

  330.             return $this->createDisplayResponse();
    331. 

  331.         }
    332. 

  332. 

  333. 

  334.         $post = $this->getPost();
    335. 

  335.         $data = $post['data'] ?? [];
    336. 

  336.         $users = $this->getAccounts();
    337. 

  337. 

  338.         $username = $username ?? $data['username'] ?? null;
    339. 

  339.         $token = $token ?? $data['token'] ?? null;
    340. 

  340. 

  341.         $user = $username ? $users->load($username) : null;
    342. 

  342.         $password = $data['password'];
    343. 

  343. 

  344.         if ($user && $user->exists() && !empty($user->get('reset'))) {
    345. 

  345.             [$good_token, $expire] = explode('::', $user->get('reset'));
    346. 

  346. 

  347.             if ($good_token === $token) {
    348. 

  348.                 if (time() > $expire) {
    349. 

  349.                     $this->setMessage($this->translate('PLUGIN_ADMIN.RESET_LINK_EXPIRED'), 'error');
    350. 

  350. 

  351.                     $this->form->reset();
    352. 

  352. 

  353.                     return $this->createRedirectResponse('/forgot');
    354. 

  354.                 }
    355. 

  355. 

  356.                 // Set new password.
    357. 

  357.                 $login = $this->getLogin();
    358. 

  358.                 try {
    359. 

  359.                     $login->validateField('password1', $password);
    360. 

  360.                 } catch (\RuntimeException $e) {
    361. 

  361.                     $this->setMessage($this->translate($e->getMessage()), 'error');
    362. 

  362. 

  363.                     return $this->createRedirectResponse("/reset/u/{$username}/{$token}");
    364. 

  364.                 }
    365. 

  365. 

  366.                 $user->undef('hashed_password');
    367. 

  367.                 $user->undef('reset');
    368. 

  368.                 $user->update(['password' => $password]);
    369. 

  369.                 $user->save();
    370. 

  370. 

  371.                 $this->form->reset();
    372. 

  372. 

  373.                 $this->setMessage($this->translate('PLUGIN_ADMIN.RESET_PASSWORD_RESET'));
    374. 

  374. 

  375.                 return $this->createRedirectResponse('/login');
    376. 

  376.             }
    377. 

  377. 

  378.             Admin::DEBUG && Admin::addDebugMessage(sprintf('Failed to reset password: Token %s is not good', $token));
    379. 

  379.         } else {
    380. 

  380.             Admin::DEBUG && Admin::addDebugMessage(sprintf('Failed to reset password: User %s does not exist or has not requested reset', $username));
    381. 

  381.         }
    382. 

  382. 

  383.         $this->setMessage($this->translate('PLUGIN_ADMIN.RESET_INVALID_LINK'), 'error');
    384. 

  384. 

  385.         $this->form->reset();
    386. 

  386. 

  387.         return $this->createRedirectResponse('/forgot');
    388. 

  388.     }
    389. 

  389. 

  390.     /**
    391. 

  391.      * Handle the email password recovery procedure.
    392. 

  392.      *
    393. 

  393.      * Sends email to the user.
    394. 

  394.      *
    395. 

  395.      * @return ResponseInterface
    396. 

  396.      */
    397. 

  397.     public function taskForgot(): ResponseInterface
    398. 

  398.     {
    399. 

  399.         $this->page = $this->createPage('forgot');
    400. 

  400.         $this->form = $this->getForm('admin-login-forgot');
    401. 

  401.         try {
    402. 

  402.             $this->checkNonce();
    403. 

  403.         } catch (PageExpiredException $e) {
    404. 

  404.             $this->setMessage($this->translate('PLUGIN_ADMIN.INVALID_SECURITY_TOKEN'), 'error');
    405. 

  405. 

  406.             return $this->createDisplayResponse();
    407. 

  407.         }
    408. 

  408. 

  409. 

  410.         $post = $this->getPost();
    411. 

  411.         $data = $post['data'] ?? [];
    412. 

  412.         $login = $this->getLogin();
    413. 

  413.         $users = $this->getAccounts();
    414. 

  414.         $email = $this->getEmail();
    415. 

  415. 

  416.         $current = (string)$this->getRequest()->getUri();
    417. 

  417. 

  418.         $search = isset($data['username']) ? strip_tags($data['username']) : '';
    419. 

  419.         $user = !empty($search) ? $users->load($search) : null;
    420. 

  420.         $username = $user->username ?? null;
    421. 

  421.         $to = $user->email ?? null;
    422. 

  422. 

  423.         // Only send email to users which are enabled and have an email address.
    424. 

  424.         if (null === $user || $user->state !== 'enabled' || !$to) {
    425. 

  425.             Admin::DEBUG && Admin::addDebugMessage(sprintf('Failed sending email: %s <%s> was not found or is blocked', $search, $to ?? 'N/A'));
    426. 

  426. 

  427.             $this->form->reset();
    428. 

  428. 

  429.             $this->setMessage($this->translate('PLUGIN_ADMIN.FORGOT_INSTRUCTIONS_SENT_VIA_EMAIL'));
    430. 

  430. 

  431.             return $this->createRedirectResponse($current);
    432. 

  432.         }
    433. 

  433. 

  434.         $config = $this->getConfig();
    435. 

  435. 

  436.         // Check rate limit for the user.
    437. 

  437.         $rateLimiter = $login->getRateLimiter('pw_resets');
    438. 

  438.         $rateLimiter->registerRateLimitedAction($username);
    439. 

  439.         if ($rateLimiter->isRateLimited($username)) {
    440. 

  440.             Admin::DEBUG && Admin::addDebugMessage(sprintf('Failed sending email: user %s <%s> is rate limited', $search, $to));
    441. 

  441. 

  442.             $this->form->reset();
    443. 

  443. 

  444.             $interval = $config->get('plugins.login.max_pw_resets_interval', 2);
    445. 

  445. 

  446.             $this->setMessage($this->translate('PLUGIN_LOGIN.FORGOT_CANNOT_RESET_IT_IS_BLOCKED', $to, $interval), 'error');
    447. 

  447. 

  448.             return $this->createRedirectResponse($current);
    449. 

  449.         }
    450. 

  450. 

  451.         $token  = md5(uniqid(mt_rand(), true));
    452. 

  452.         $expire = time() + 3600; // 1 hour
    453. 

  453. 

  454.         $user->set('reset', $token . '::' . $expire);
    455. 

  455.         $user->save();
    456. 

  456. 

  457.         $from = $config->get('plugins.email.from');
    458. 

  458.         if (empty($from)) {
    459. 

  459.             Admin::DEBUG && Admin::addDebugMessage('Failed sending email: from address is not configured in email plugin');
    460. 

  460. 

  461.             $this->form->reset();
    462. 

  462. 

  463.             $this->setMessage($this->translate('PLUGIN_ADMIN.FORGOT_EMAIL_NOT_CONFIGURED'), 'error');
    464. 

  464. 

  465.             return $this->createRedirectResponse($current);
    466. 

  466.         }
    467. 

  467. 

  468.         // Do not trust username from the request.
    469. 

  469.         $fullname = $user->fullname ?: $username;
    470. 

  470.         $author = $config->get('site.author.name', '');
    471. 

  471.         $sitename = $config->get('site.title', 'Website');
    472. 

  472.         $reset_link = $this->getAbsoluteAdminUrl("/reset/u/{$username}/{$token}");
    473. 

  473. 

  474.         // For testing only!
    475. 

  475.         //Admin::DEBUG && Admin::addDebugMessage(sprintf('Reset link: %s', $reset_link));
    476. 

  476. 

  477.         $subject = $this->translate('PLUGIN_ADMIN.FORGOT_EMAIL_SUBJECT', $sitename);
    478. 

  478.         $content = $this->translate('PLUGIN_ADMIN.FORGOT_EMAIL_BODY', $fullname, $reset_link, $author, $sitename);
    479. 

  479. 

  480.         $this->grav['twig']->init();
    481. 

  481.         $body = $this->grav['twig']->processTemplate('email/base.html.twig', ['content' => $content]);
    482. 

  482. 

  483.         try {
    484. 

  484.             $message = $email->message($subject, $body, 'text/html')->setFrom($from)->setTo($to);
    485. 

  485.             $sent = $email->send($message);
    486. 

  486.             if ($sent < 1) {
    487. 

  487.                 throw new \RuntimeException('Sending email failed');
    488. 

  488.             }
    489. 

  489. 

  490.             $this->setMessage($this->translate('PLUGIN_ADMIN.FORGOT_INSTRUCTIONS_SENT_VIA_EMAIL'));
    491. 

  491.         } catch (\Exception $e) {
    492. 

  492.             $rateLimiter->resetRateLimit($username);
    493. 

  493. 

  494.             /** @var Debugger $debugger */
    495. 

  495.             $debugger = $this->grav['debugger'];
    496. 

  496.             $debugger->addException($e);
    497. 

  497. 

  498.             $this->form->reset();
    499. 

  499. 

  500.             $this->setMessage($this->translate('PLUGIN_ADMIN.FORGOT_FAILED_TO_EMAIL'), 'error');
    501. 

  501. 

  502.             return $this->createRedirectResponse('/forgot');
    503. 

  503.         }
    504. 

  504. 

  505.         $this->form->reset();
    506. 

  506. 

  507.         return $this->createRedirectResponse('/login');
    508. 

  508.     }
    509. 

  509. 

  510.     /**
    511. 

  511.      * @return ResponseInterface
    512. 

  512.      */
    513. 

  513.     public function taskRegister(): ResponseInterface
    514. 

  514.     {
    515. 

  515.         $this->page = $this->createPage('register');
    516. 

  516.         $this->form = $form = $this->getForm('admin-login-register');
    517. 

  517.         try {
    518. 

  518.             $this->checkNonce();
    519. 

  519.         } catch (PageExpiredException $e) {
    520. 

  520.             $this->setMessage($this->translate('PLUGIN_ADMIN.INVALID_SECURITY_TOKEN'), 'error');
    521. 

  521. 

  522.             return $this->createDisplayResponse();
    523. 

  523.         }
    524. 

  524. 

  525.         // Note: Calls $this->doRegistration() to perform the user registration.
    526. 

  526.         $form->handleRequest($this->getRequest());
    527. 

  527.         $error = $form->getError();
    528. 

  528.         $errors = $form->getErrors();
    529. 

  529.         if ($error || $errors) {
    530. 

  530.             foreach ($errors as $field => $list) {
    531. 

  531.                 foreach ((array)$list as $message) {
    532. 

  532.                     if ($message !== $error) {
    533. 

  533.                         $this->setMessage($message, 'error');
    534. 

  534.                     }
    535. 

  535.                 }
    536. 

  536.             }
    537. 

  537. 

  538.             return $this->createDisplayResponse();
    539. 

  539.         }
    540. 

  540. 

  541.         $this->setMessage($this->translate('PLUGIN_ADMIN.LOGIN_LOGGED_IN'));
    542. 

  542. 

  543.         return $this->createRedirectResponse('/');
    544. 

  544.     }
    545. 

  545. 

  546.     /**
    547. 

  547.      * @param UserInterface $user
    548. 

  548.      * @return bool
    549. 

  549.      */
    550. 

  550.     protected function is2FA(UserInterface $user): bool
    551. 

  551.     {
    552. 

  552.         return $user && $user->authenticated && !$user->authorized && $user->get('twofa_enabled');
    553. 

  553.     }
    554. 

  554. 

  555.     /**
    556. 

  556.      * @param string $name
    557. 

  557.      * @return callable
    558. 

  558.      */
    559. 

  559.     protected function getFormSubmitMethod(string $name): callable
    560. 

  560.     {
    561. 

  561.         switch ($name) {
    562. 

  562.             case 'login':
    563. 

  563.             case 'login-twofa':
    564. 

  564.             case 'admin-login-forgot':
    565. 

  565.             case 'admin-login-reset':
    566. 

  566.                 return static function(array $data, array $files) {};
    567. 

  567.             case 'admin-login-register':
    568. 

  568.                 return function(array $data, array $files) {
    569. 

  569.                     $this->doRegistration($data, $files);
    570. 

  570.                 };
    571. 

  571.         }
    572. 

  572. 

  573.         throw new \RuntimeException('Unknown form');
    574. 

  574.     }
    575. 

  575. 

  576.     /**
    577. 

  577.      * Called by registration form when calling handleRequest().
    578. 

  578.      *
    579. 

  579.      * @param array $data
    580. 

  580.      * @param array $files
    581. 

  581.      */
    582. 

  582.     private function doRegistration(array $data, array $files): void
    583. 

  583.     {
    584. 

  584.         if (Admin::doAnyUsersExist()) {
    585. 

  585.             throw new \RuntimeException('A user account already exists, please create an admin account manually.', 400);
    586. 

  586.         }
    587. 

  587. 

  588.         $login = $this->getLogin();
    589. 

  589.         if (!$login) {
    590. 

  590.             throw new \RuntimeException($this->grav['language']->translate('PLUGIN_LOGIN.PLUGIN_LOGIN_DISABLED', 500));
    591. 

  591.         }
    592. 

  592. 

  593.         $data['title'] = $data['title'] ?? 'Administrator';
    594. 

  594. 

  595.         // Do not allow form to set the following fields (make super user):
    596. 

  596.         $data['state'] = 'enabled';
    597. 

  597.         $data['access'] = ['admin' => ['login' => true, 'super' => true], 'site' => ['login' => true]];
    598. 

  598.         unset($data['groups']);
    599. 

  599. 

  600.         // Create user.
    601. 

  601.         $user = $login->register($data, $files);
    602. 

  602. 

  603.         // Log in the new super admin user.
    604. 

  604.         unset($this->grav['user']);
    605. 

  605.         $this->grav['user'] = $user;
    606. 

  606.         $this->grav['session']->user = $user;
    607. 

  607.         $user->authenticated = true;
    608. 

  608.         $user->authorized = $user->authorize('admin.login') ?? false;
    609. 

  609.     }
    610. 

  610. 

  611.     /**
    612. 

  612.      * @return Login
    613. 

  613.      */
    614. 

  614.     private function getLogin(): Login
    615. 

  615.     {
    616. 

  616.         return $this->grav['login'];
    617. 

  617.     }
    618. 

  618. 

  619.     /**
    620. 

  620.      * @return Email
    621. 

  621.      */
    622. 

  622.     private function getEmail(): Email
    623. 

  623.     {
    624. 

  624.         return $this->grav['Email'];
    625. 

  625.     }
    626. 

  626. 

  627.     /**
    628. 

  628.      * @return UserCollectionInterface
    629. 

  629.      */
    630. 

  630.     private function getAccounts(): UserCollectionInterface
    631. 

  631.     {
    632. 

  632.         return $this->grav['accounts'];
    633. 

  633.     }
    634. 

  634. }
    635.