[ Index ] |
PHP Cross Reference of Joomla 4.2.2 documentation |
[Summary view] [Print] [Text view]
1 <?php 2 3 /** 4 * @package Joomla.Administrator 5 * @subpackage com_users 6 * 7 * @copyright (C) 2022 Open Source Matters, Inc. <https://www.joomla.org> 8 * @license GNU General Public License version 2 or later; see LICENSE.txt 9 */ 10 11 namespace Joomla\Component\Users\Administrator\Controller; 12 13 use Exception; 14 use Joomla\CMS\Application\CMSApplication; 15 use Joomla\CMS\Event\MultiFactor\NotifyActionLog; 16 use Joomla\CMS\Factory; 17 use Joomla\CMS\Language\Text; 18 use Joomla\CMS\MVC\Controller\BaseController; 19 use Joomla\CMS\MVC\Factory\MVCFactoryInterface; 20 use Joomla\CMS\Router\Route; 21 use Joomla\CMS\Uri\Uri; 22 use Joomla\CMS\User\UserFactoryInterface; 23 use Joomla\Component\Users\Administrator\Helper\Mfa as MfaHelper; 24 use Joomla\Component\Users\Administrator\Model\MethodsModel; 25 use Joomla\Input\Input; 26 use RuntimeException; 27 28 // phpcs:disable PSR1.Files.SideEffects 29 \defined('_JEXEC') or die; 30 // phpcs:enable PSR1.Files.SideEffects 31 32 /** 33 * Multi-factor Authentication methods selection and management controller 34 * 35 * @since 4.2.0 36 */ 37 class MethodsController extends BaseController 38 { 39 /** 40 * Public constructor 41 * 42 * @param array $config Plugin configuration 43 * @param MVCFactoryInterface|null $factory MVC Factory for the com_users component 44 * @param CMSApplication|null $app CMS application object 45 * @param Input|null $input Joomla CMS input object 46 * 47 * @since 4.2.0 48 */ 49 public function __construct($config = [], MVCFactoryInterface $factory = null, ?CMSApplication $app = null, ?Input $input = null) 50 { 51 // We have to tell Joomla what is the name of the view, otherwise it defaults to the name of the *component*. 52 $config['default_view'] = 'Methods'; 53 54 parent::__construct($config, $factory, $app, $input); 55 } 56 57 /** 58 * Disable Multi-factor Authentication for the current user 59 * 60 * @param bool $cachable Can this view be cached 61 * @param array $urlparams An array of safe url parameters and their variable types, for valid values see 62 * {@link JFilterInput::clean()}. 63 * 64 * @return void 65 * @since 4.2.0 66 */ 67 public function disable($cachable = false, $urlparams = []): void 68 { 69 $this->assertLoggedInUser(); 70 71 $this->checkToken($this->input->getMethod()); 72 73 // Make sure I am allowed to edit the specified user 74 $userId = $this->input->getInt('user_id', null); 75 $user = ($userId === null) 76 ? $this->app->getIdentity() 77 : Factory::getContainer()->get(UserFactoryInterface::class)->loadUserById($userId); 78 $user = $user ?? Factory::getContainer()->get(UserFactoryInterface::class)->loadUserById(0); 79 80 if (!MfaHelper::canDeleteMethod($user)) { 81 throw new RuntimeException(Text::_('JERROR_ALERTNOAUTHOR'), 403); 82 } 83 84 // Delete all MFA Methods for the user 85 /** @var MethodsModel $model */ 86 $model = $this->getModel('Methods'); 87 $type = null; 88 $message = null; 89 90 $event = new NotifyActionLog('onComUsersControllerMethodsBeforeDisable', [$user]); 91 $this->app->getDispatcher()->dispatch($event->getName(), $event); 92 93 try { 94 $model->deleteAll($user); 95 } catch (Exception $e) { 96 $message = $e->getMessage(); 97 $type = 'error'; 98 } 99 100 // Redirect 101 $url = Route::_('index.php?option=com_users&task=methods.display&user_id=' . $userId, false); 102 $returnURL = $this->input->getBase64('returnurl'); 103 104 if (!empty($returnURL)) { 105 $url = base64_decode($returnURL); 106 } 107 108 $this->setRedirect($url, $message, $type); 109 } 110 111 /** 112 * List all available Multi-factor Authentication Methods available and guide the user to setting them up 113 * 114 * @param bool $cachable Can this view be cached 115 * @param array $urlparams An array of safe url parameters and their variable types, for valid values see 116 * {@link JFilterInput::clean()}. 117 * 118 * @return void 119 * @since 4.2.0 120 */ 121 public function display($cachable = false, $urlparams = []): void 122 { 123 $this->assertLoggedInUser(); 124 125 // Make sure I am allowed to edit the specified user 126 $userId = $this->input->getInt('user_id', null); 127 $user = ($userId === null) 128 ? $this->app->getIdentity() 129 : Factory::getContainer()->get(UserFactoryInterface::class)->loadUserById($userId); 130 $user = $user ?? Factory::getContainer()->get(UserFactoryInterface::class)->loadUserById(0); 131 132 if (!MfaHelper::canShowConfigurationInterface($user)) { 133 throw new RuntimeException(Text::_('JERROR_ALERTNOAUTHOR'), 403); 134 } 135 136 $returnURL = $this->input->getBase64('returnurl'); 137 $viewLayout = $this->input->get('layout', 'default', 'string'); 138 $view = $this->getView('Methods', 'html'); 139 $view->setLayout($viewLayout); 140 $view->returnURL = $returnURL; 141 $view->user = $user; 142 $view->document = $this->app->getDocument(); 143 144 $methodsModel = $this->getModel('Methods'); 145 $view->setModel($methodsModel, true); 146 147 $backupCodesModel = $this->getModel('Backupcodes'); 148 $view->setModel($backupCodesModel, false); 149 150 $view->display(); 151 } 152 153 /** 154 * Disable Multi-factor Authentication for the current user 155 * 156 * @param bool $cachable Can this view be cached 157 * @param array $urlparams An array of safe url parameters and their variable types, for valid values see 158 * {@link JFilterInput::clean()}. 159 * 160 * @return void 161 * @since 4.2.0 162 */ 163 public function doNotShowThisAgain($cachable = false, $urlparams = []): void 164 { 165 $this->assertLoggedInUser(); 166 167 $this->checkToken($this->input->getMethod()); 168 169 // Make sure I am allowed to edit the specified user 170 $userId = $this->input->getInt('user_id', null); 171 $user = ($userId === null) 172 ? $this->app->getIdentity() 173 : Factory::getContainer()->get(UserFactoryInterface::class)->loadUserById($userId); 174 $user = $user ?? Factory::getContainer()->get(UserFactoryInterface::class)->loadUserById(0); 175 176 if (!MfaHelper::canAddEditMethod($user)) { 177 throw new RuntimeException(Text::_('JERROR_ALERTNOAUTHOR'), 403); 178 } 179 180 $event = new NotifyActionLog('onComUsersControllerMethodsBeforeDoNotShowThisAgain', [$user]); 181 $this->app->getDispatcher()->dispatch($event->getName(), $event); 182 183 /** @var MethodsModel $model */ 184 $model = $this->getModel('Methods'); 185 $model->setFlag($user, true); 186 187 // Redirect 188 $url = Uri::base(); 189 $returnURL = $this->input->getBase64('returnurl'); 190 191 if (!empty($returnURL)) { 192 $url = base64_decode($returnURL); 193 } 194 195 $this->setRedirect($url); 196 } 197 198 /** 199 * Assert that there is a user currently logged in 200 * 201 * @return void 202 * @since 4.2.0 203 */ 204 private function assertLoggedInUser(): void 205 { 206 $user = $this->app->getIdentity() 207 ?: Factory::getContainer()->get(UserFactoryInterface::class)->loadUserById(0); 208 209 if ($user->guest) { 210 throw new RuntimeException(Text::_('JERROR_ALERTNOAUTHOR'), 403); 211 } 212 } 213 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Wed Sep 7 05:41:13 2022 | Chilli.vc Blog - For Webmaster,Blog-Writer,System Admin and Domainer |