/**
* Create a system user that can be used for running jobs and workflow background processes. Block
* login via mobile, web, and api.
* @param $username
* @param null $password
* @param bool $hideFromSelecting
* @param bool $hideFromLeaderboard
* @return User
* @throws FailedToSaveModelException
*/
public static function createSystemUser($username, $password = null, $hideFromSelecting = true, $hideFromLeaderboard = true, $firstName = null, $lastName = null)
{
if (!isset($password)) {
$password = static::generateRandomPasswordForSystemUser();
}
if (!isset($firstName)) {
$firstName = 'System';
}
if (!isset($lastName)) {
$lastName = 'User';
}
$user = new User();
$user->username = $username;
$user->firstName = $firstName;
$user->lastName = $lastName;
$user->hideFromSelecting = $hideFromSelecting;
$user->hideFromLeaderboard = $hideFromLeaderboard;
$user->setIsSystemUser();
$user->setPassword($password);
$saved = $user->save();
if (!$saved) {
throw new FailedToSaveModelException();
}
$user->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE, Right::DENY);
$user->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB, Right::DENY);
$user->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API, Right::DENY);
$saved = $user->save();
if (!$saved) {
throw new FailedToSaveModelException();
}
$group = Group::getByName(Group::SUPER_ADMINISTRATORS_GROUP_NAME);
$group->users->add($user);
$saved = $group->save();
if (!$saved) {
throw new FailedToSaveModelException();
}
return $user;
}
public function testLastLoginDateTimeAttribute()
{
$user = new User();
$user->username = '******';
$user->title->value = 'Mr.';
$user->firstName = 'myFirstName';
$user->lastName = 'myLastName';
$user->setPassword('lastlogin');
$user->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB);
$this->assertTrue($user->save());
$user = User::getByUsername('lastloginuser');
$this->assertNull($user->lastLoginDateTime);
unset($user);
$now = time();
User::authenticate('lastloginuser', 'lastlogin');
$user = User::getByUsername('lastloginuser');
$this->assertLessThanOrEqual(5, $user->lastLoginDateTime - $now);
}
protected static function setExplicitDenyRights(User $user)
{
assert('$user->id > 0');
$user->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB, Right::DENY);
$user->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_MOBILE, Right::DENY);
$user->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB_API, Right::DENY);
$saved = $user->save();
if (!$saved) {
throw new NotSupportedException();
}
}
/**
* Test case when user exists in Zurmo users and on ldap server, but when the password is wrong for ldap,
* and correct for Zurmo user.
*
*/
public function testUserExitsInBothButWrongPasswordForldap()
{
if (!ZurmoTestHelper::isAuthenticationLdapTestConfigurationSet()) {
$this->markTestSkipped(Zurmo::t('Default', 'Test Ldap settings are not configured in perInstanceTest.php file.'));
}
Yii::app()->user->userModel = User::getByUsername('super');
// Create same user as on ldap server, but with different password
$admin = new User();
$admin->username = '******';
$admin->title->value = 'Mr.';
$admin->firstName = 'admin';
$admin->lastName = 'admin';
$admin->setPassword('test123');
$this->assertTrue($admin->save());
$admin->setRight('UsersModule', UsersModule::RIGHT_LOGIN_VIA_WEB, RIGHT::ALLOW);
$this->assertTrue($admin->save());
$username = Yii::app()->authenticationHelper->ldapBindRegisteredDomain;
$password = Yii::app()->authenticationHelper->ldapBindPassword;
$identity = new UserLdapIdentity($username, 'test123');
$authenticated = $identity->authenticate(true);
$this->assertEquals(0, $identity->errorCode);
$this->assertTrue($authenticated);
}
