/**
* @test
*/
public function assignAccountToPartyCachesAssignedParty()
{
$this->mockPersistenceManager->expects($this->any())->method('getIdentifierByObject')->will($this->returnValue('723e3913-f803-42c8-a44c-fd7115f555c3'));
$this->partyService->assignAccountToParty($this->account, $this->party);
$assignedParty = $this->partyService->getAssignedPartyOfAccount($this->account);
$this->assertSame($this->party, $assignedParty);
}
/**
* Authenticates against a crowd instance.
*
* @param \TYPO3\Flow\Security\Authentication\TokenInterface $authenticationToken The token to be authenticated
* @return void
* @throws \TYPO3\Flow\Security\Exception\UnsupportedAuthenticationTokenException
*/
public function authenticate(TokenInterface $authenticationToken)
{
if (!$authenticationToken instanceof UsernamePassword) {
throw new UnsupportedAuthenticationTokenException('This provider cannot authenticate the given token.', 1217339845);
}
$credentials = $authenticationToken->getCredentials();
if (is_array($credentials) && isset($credentials['username']) && isset($credentials['password'])) {
$crowdAuthenticationResponse = $this->crowdClient->authenticate($credentials['username'], $credentials['password']);
if ($crowdAuthenticationResponse !== NULL) {
/** @var $account \TYPO3\Flow\Security\Account */
$account = NULL;
$providerName = $this->name;
$accountRepository = $this->accountRepository;
$this->securityContext->withoutAuthorizationChecks(function () use($credentials, $providerName, $accountRepository, &$account) {
$account = $accountRepository->findActiveByAccountIdentifierAndAuthenticationProviderName($credentials['username'], $providerName);
});
if ($account === NULL) {
$account = new Account();
$account->setAuthenticationProviderName($providerName);
$account->setAccountIdentifier($credentials['username']);
$this->accountRepository->add($account);
}
$authenticateRole = $this->policyService->getRole($this->options['authenticateRole']);
if ($account->hasRole($authenticateRole) === FALSE) {
$account->addRole($authenticateRole);
}
$crowdUser = $this->partyService->getAssignedPartyOfAccount($account);
if ($crowdUser instanceof Person) {
if ($crowdUser->getName()->getFirstName() !== $crowdAuthenticationResponse['first-name']) {
$crowdUser->getName()->setFirstName($crowdAuthenticationResponse['first-name']);
$this->partyRepository->update($crowdUser);
}
if ($crowdUser->getName()->getLastName() !== $crowdAuthenticationResponse['last-name']) {
$crowdUser->getName()->setLastName($crowdAuthenticationResponse['last-name']);
$this->partyRepository->update($crowdUser);
}
if ($crowdUser->getPrimaryElectronicAddress()->getIdentifier() !== $crowdAuthenticationResponse['email']) {
$crowdUser->getPrimaryElectronicAddress()->setIdentifier($crowdAuthenticationResponse['email']);
$this->partyRepository->update($crowdUser);
}
} else {
$crowdUser = new Person();
$crowdUser->setName(new PersonName('', $crowdAuthenticationResponse['first-name'], '', $crowdAuthenticationResponse['last-name']));
$email = new ElectronicAddress();
$email->setIdentifier($crowdAuthenticationResponse['email']);
$email->setType(ElectronicAddress::TYPE_EMAIL);
$crowdUser->setPrimaryElectronicAddress($email);
$this->partyRepository->add($crowdUser);
$this->partyService->assignAccountToParty($account, $crowdUser);
}
$authenticationToken->setAuthenticationStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL);
$authenticationToken->setAccount($account);
} else {
$authenticationToken->setAuthenticationStatus(TokenInterface::WRONG_CREDENTIALS);
}
} elseif ($authenticationToken->getAuthenticationStatus() !== TokenInterface::AUTHENTICATION_SUCCESSFUL) {
$authenticationToken->setAuthenticationStatus(TokenInterface::NO_CREDENTIALS_GIVEN);
}
}
/**
* @param TokenInterface $foreignAccountToken
* @param AbstractClientToken $possibleOAuthTokenAuthenticatedWithoutParty
*/
public function setPartyOfAuthenticatedTokenAndAttachToAccountFor(TokenInterface $foreignAccountToken, AbstractClientToken $possibleOAuthTokenAuthenticatedWithoutParty)
{
$oauthAccount = $possibleOAuthTokenAuthenticatedWithoutParty->getAccount();
// TODO: this must be properly specifiable (the Roles to add)
#$oauthAccount->setRoles();
$this->partyService->assignAccountToParty($oauthAccount, $this->partyService->getAssignedPartyOfAccount($foreignAccountToken));
$this->accountRepository->update($oauthAccount);
}
/**
* Adds a user whose User object has been created elsewhere
*
* This method basically "creates" a user like createUser() would, except that it does not create the User
* object itself. If you need to create the User object elsewhere, for example in your ActionController, make sure
* to call this method for registering the new user instead of adding it to the PartyRepository manually.
*
* This method also creates a new user workspace for the given user if no such workspace exist.
*
* @param string $username The username of the user to be created.
* @param string $password Password of the user to be created
* @param User $user The pre-built user object to start with
* @param array $roleIdentifiers A list of role identifiers to assign
* @param string $authenticationProviderName Name of the authentication provider to use. Example: "Typo3BackendProvider"
* @return User The same user object
* @api
*/
public function addUser($username, $password, User $user, array $roleIdentifiers = null, $authenticationProviderName = null)
{
if ($roleIdentifiers === null) {
$roleIdentifiers = array('TYPO3.Neos:Editor');
}
$roleIdentifiers = $this->normalizeRoleIdentifiers($roleIdentifiers);
$account = $this->accountFactory->createAccountWithPassword($username, $password, $roleIdentifiers, $authenticationProviderName ?: $this->defaultAuthenticationProviderName);
$this->partyService->assignAccountToParty($account, $user);
$this->partyRepository->add($user);
$this->accountRepository->add($account);
$this->createPersonalWorkspace($user, $account);
$this->emitUserCreated($user);
return $user;
}
/**
* @param Account $account
* @param array $userdata
* @return \TYPO3\Flow\Security\Account
*/
protected function updateAccount(Account $account, array $userdata)
{
$person = $this->partyService->getAssignedPartyOfAccount($account);
if ($person === null) {
$person = new Person();
$this->partyRepository->add($person);
$this->partyService->assignAccountToParty($account, $person);
}
if (!$account->getRoles()) {
$account->setRoles(array($this->policyService->getRole('T3DD.Backend:Authenticated')));
}
$this->updatePerson($person, $userdata);
$this->accountRepository->update($account);
$this->persistenceManager->persistAll();
return $account;
}
