confirm.php
5.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
<?php
/**
* @package Joomla.Site
* @subpackage com_privacy
*
* @copyright Copyright (C) 2005 - 2019 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
defined('_JEXEC') or die;
/**
* Request confirmation model class.
*
* @since 3.9.0
*/
class PrivacyModelConfirm extends JModelAdmin
{
/**
* Confirms the information request.
*
* @param array $data The data expected for the form.
*
* @return mixed Exception | JException | boolean
*
* @since 3.9.0
*/
public function confirmRequest($data)
{
// Get the form.
$form = $this->getForm();
$data['email'] = JStringPunycode::emailToPunycode($data['email']);
// Check for an error.
if ($form instanceof Exception)
{
return $form;
}
// Filter and validate the form data.
$data = $form->filter($data);
$return = $form->validate($data);
// Check for an error.
if ($return instanceof Exception)
{
return $return;
}
// Check the validation results.
if ($return === false)
{
// Get the validation messages from the form.
foreach ($form->getErrors() as $formError)
{
$this->setError($formError->getMessage());
}
return false;
}
// Search for the information request
/** @var PrivacyTableRequest $table */
$table = $this->getTable();
if (!$table->load(array('email' => $data['email'], 'status' => 0)))
{
$this->setError(JText::_('COM_PRIVACY_ERROR_NO_PENDING_REQUESTS'));
return false;
}
// A request can only be confirmed if it is in a pending status and has a confirmation token
if ($table->status != '0' || !$table->confirm_token)
{
$this->setError(JText::_('COM_PRIVACY_ERROR_NO_PENDING_REQUESTS'));
return false;
}
// A request can only be confirmed if the token is less than 24 hours old
$confirmTokenCreatedAt = new JDate($table->confirm_token_created_at);
$confirmTokenCreatedAt->add(new DateInterval('P1D'));
$now = new JDate('now');
if ($now > $confirmTokenCreatedAt)
{
// Invalidate the request
$table->status = -1;
$table->confirm_token = '';
try
{
$table->store();
}
catch (JDatabaseException $exception)
{
// The error will be logged in the database API, we just need to catch it here to not let things fatal out
}
$this->setError(JText::_('COM_PRIVACY_ERROR_CONFIRM_TOKEN_EXPIRED'));
return false;
}
// Verify the token
if (!JUserHelper::verifyPassword($data['confirm_token'], $table->confirm_token))
{
$this->setError(JText::_('COM_PRIVACY_ERROR_NO_PENDING_REQUESTS'));
return false;
}
// Everything is good to go, transition the request to confirmed
$saved = $this->save(
array(
'id' => $table->id,
'status' => 1,
'confirm_token' => '',
)
);
if (!$saved)
{
// Error was set by the save method
return false;
}
// Push a notification to the site's super users, deliberately ignoring if this process fails so the below message goes out
JModelLegacy::addIncludePath(JPATH_ADMINISTRATOR . '/components/com_messages/models', 'MessagesModel');
JTable::addIncludePath(JPATH_ADMINISTRATOR . '/components/com_messages/tables');
/** @var MessagesModelMessage $messageModel */
$messageModel = JModelLegacy::getInstance('Message', 'MessagesModel');
$messageModel->notifySuperUsers(
JText::_('COM_PRIVACY_ADMIN_NOTIFICATION_USER_CONFIRMED_REQUEST_SUBJECT'),
JText::sprintf('COM_PRIVACY_ADMIN_NOTIFICATION_USER_CONFIRMED_REQUEST_MESSAGE', $table->email)
);
JModelLegacy::addIncludePath(JPATH_ADMINISTRATOR . '/components/com_actionlogs/models', 'ActionlogsModel');
$message = array(
'action' => 'request-confirmed',
'subjectemail' => $table->email,
'id' => $table->id,
'itemlink' => 'index.php?option=com_privacy&view=request&id=' . $table->id,
);
/** @var ActionlogsModelActionlog $model */
$model = JModelLegacy::getInstance('Actionlog', 'ActionlogsModel');
$model->addLog(array($message), 'COM_PRIVACY_ACTION_LOG_CONFIRMED_REQUEST', 'com_privacy.request');
return true;
}
/**
* Method for getting the form from the model.
*
* @param array $data Data for the form.
* @param boolean $loadData True if the form is to load its own data (default case), false if not.
*
* @return JForm|boolean A JForm object on success, false on failure
*
* @since 3.9.0
*/
public function getForm($data = array(), $loadData = true)
{
// Get the form.
$form = $this->loadForm('com_privacy.confirm', 'confirm', array('control' => 'jform'));
if (empty($form))
{
return false;
}
$input = JFactory::getApplication()->input;
if ($input->getMethod() === 'GET')
{
$form->setValue('confirm_token', '', $input->get->getAlnum('confirm_token'));
}
return $form;
}
/**
* Method to get a table object, load it if necessary.
*
* @param string $name The table name. Optional.
* @param string $prefix The class prefix. Optional.
* @param array $options Configuration array for model. Optional.
*
* @return JTable A JTable object
*
* @since 3.9.0
* @throws \Exception
*/
public function getTable($name = 'Request', $prefix = 'PrivacyTable', $options = array())
{
return parent::getTable($name, $prefix, $options);
}
/**
* Method to auto-populate the model state.
*
* Note. Calling getState in this method will result in recursion.
*
* @return void
*
* @since 3.9.0
*/
protected function populateState()
{
// Get the application object.
$params = JFactory::getApplication()->getParams('com_privacy');
// Load the parameters.
$this->setState('params', $params);
}
}