/**
* Simple test. Return NON-NULL if valid logged in.
*/
public function testCreatePersonValidUser()
{
$accountName = 'foo-' . rand();
$accountPassword = '******' . rand();
$this->setZendAuthIdentity($accountName);
$account = new Opus_Account();
$account->setLogin($accountName)->setPassword($accountPassword)->store();
$model = new Publish_Model_LoggedUser();
$this->assertNotNull($model->getUserId());
$person = $model->createPerson();
$this->assertNotNull($person);
$this->assertEquals($account->getId(), $model->getUserId());
}
public function testRoleNameLikeUserName()
{
$userAccount = new Opus_Account();
$userAccount->setLogin('_test')->setPassword('role_tester');
$userAccount->setRole(new Opus_UserRole($this->roleId));
$userId = $userAccount->store();
Zend_Auth::getInstance()->getStorage()->write('_test');
$aclProvider = new Application_Security_AclProvider();
$acl = $aclProvider->getAcls();
$userAccount->delete();
$this->assertTrue($acl instanceof Zend_Acl, 'Excpected instance of Zend_Acl');
$this->assertTrue($acl->isAllowed(Application_Security_AclProvider::ACTIVE_ROLE, 'documents'), "expected user has access to resource 'documents'");
$this->assertFalse($acl->isAllowed(Application_Security_AclProvider::ACTIVE_ROLE, 'accounts'), "expected user has no access to resource 'account'");
}
public function changePasswordAction()
{
$this->_helper->layout()->disableLayout();
$this->_helper->viewRenderer->setNoRender(true);
$request = $this->getRequest();
$login = $request->getParam('login');
$password = $request->getParam('password');
if (is_null($password) || !is_string($password) || $password == '') {
$this->getResponse()->setHttpResponseCode(400);
$this->getResponse()->setBody("ERROR: Empty password given.");
return;
}
$account = Opus_Account::fetchAccountByLogin($login);
if (is_null($account)) {
$this->getResponse()->setHttpResponseCode(400);
$this->getResponse()->setBody("ERROR: Account '{$login}' does not exist.");
return;
}
try {
$account->setPassword($password);
$account->store();
} catch (Opus_Security_Exception $e) {
$this->getResponse()->setHttpResponseCode(400);
$this->getResponse()->setBody("ERROR: " . $e->getMessage());
return;
}
$this->getResponse()->setBody('SUCCESS');
}
public function tearDown()
{
$this->logoutUser();
$this->restoreSecuritySetting();
$user = Opus_Account::fetchAccountByLogin($this->userName);
$user->delete();
$userRole = Opus_UserRole::fetchByName($this->roleName);
$userRole->delete();
parent::tearDown();
}
public function __construct()
{
$this->_log = Zend_Registry::get("Zend_Log");
$login = Zend_Auth::getInstance()->getIdentity();
if (is_null($login) or trim($login) == '') {
return;
}
$account = Opus_Account::fetchAccountByLogin($login);
if (is_null($account) or $account->isNewRecord()) {
$this->_log->err("Error checking logged user: Invalid account returned for user '{$login}'!");
return;
}
$this->_login = $login;
$this->_account = $account;
}
/**
* Performs an authentication attempt
*
* @throws Zend_Auth_Adapter_Exception If authentication cannot be performed.
* @return Zend_Auth_Result
*/
public function authenticate()
{
$config = new Zend_Config_Ini('../application/configs/config.ini', 'production');
$log_path = $config->ldap->log_path;
$admins = explode(',', $config->ldap->admin_accounts);
$options = $config->ldap->toArray();
unset($options['log_path']);
unset($options['admin_accounts']);
try {
// first check local DB with parent class
$result = parent::authenticate();
$user = new Zend_Session_Namespace('loggedin');
$user->usernumber = $this->_login;
} catch (Exception $e) {
throw $e;
}
if ($result->isValid() !== true) {
try {
$auth = Zend_Auth::getInstance();
$adapter = new Zend_Auth_Adapter_Ldap($options, $this->_login, $this->_password);
$result = $auth->authenticate($adapter);
// log the result if a log path has been defined in config.ini
if ($log_path) {
$messages = $result->getMessages();
$logger = new Zend_Log();
$logger->addWriter(new Zend_Log_Writer_Stream($log_path));
$filter = new Zend_Log_Filter_Priority(Zend_Log::DEBUG);
$logger->addFilter($filter);
foreach ($messages as $i => $message) {
if ($i-- > 1) {
// $messages[2] and up are log messages
$message = str_replace("\n", "\n ", $message);
$logger->log("Ldap: {$i}: {$message}", Zend_Log::DEBUG);
}
}
}
// if authentication was successfull and user is not already in OPUS DB
// register user as publisher to OPUS database
try {
$account = new Opus_Account(null, null, $this->_login);
} catch (Exception $ex) {
if ($result->isValid() === true) {
$user = new Zend_Session_Namespace('loggedin');
$user->usernumber = $this->_login;
$account = new Opus_Account();
$account->setLogin($this->_login);
$account->setPassword($this->_password);
$account->store();
$roles = Opus_Role::getAll();
// look for the publisher role in OPUS DB
foreach ($roles as $role) {
if ($role->getDisplayName() === 'publisher') {
$publisherId = $role->getId();
}
if ($role->getDisplayName() === 'administrator') {
$adminId = $role->getId();
}
}
if ($publisherId > 0) {
$accessRole = new Opus_Role($publisherId);
} else {
// if there is no publisher role in DB, create it
$accessRole = new Opus_Role();
$accessRole->setName('publisher');
// the publisher role needs publish access!
$privilege = new Opus_Privilege();
$privilege->setPrivilege('publish');
$accessRole->addPrivilege($privilege);
$accessRole->store();
}
if ($adminId > 0) {
$adminRole = new Opus_Role($adminId);
} else {
// if there is no publisher role in DB, create it
$adminRole = new Opus_Role();
$adminRole->setName('administrator');
// the publisher role needs publish access!
$adminprivilege = new Opus_Privilege();
$adminprivilege->setPrivilege('administrate');
$adminRole->addPrivilege($adminprivilege);
$adminRole->store();
}
if (in_array($this->_login, $admins) === true) {
$account->addRole($adminRole);
} else {
$account->addRole($accessRole);
}
$account->store();
}
}
} catch (Zend_Auth_Adapter_Exception $e) {
throw $e;
}
}
return $result;
}
public function getRecipients($users = null)
{
if (!is_array($users)) {
$users = array($users);
}
$allRecipients = array();
foreach ($users as $user) {
$account = Opus_Account::fetchAccountByLogin($user);
if (is_null($account)) {
$this->_logger->warn(__CLASS__ . ": User '{$user}' does not exist... skipping mail.");
continue;
}
$mail = $account->getEmail();
if (is_null($mail) or trim($mail) == '') {
$this->_logger->warn(__CLASS__ . ": No mail address for user '{$user}'... skipping mail.");
continue;
}
$allRecipients[] = array('name' => $account->getFirstName() . ' ' . $account->getLastName(), 'address' => $mail);
}
return $allRecipients;
}
public function testAccessUserToFileRegression3281()
{
$this->enableSecurity();
// test document access as user with document access rights
$doc = $this->createTestDocument();
$doc->setServerState('published');
$publishedDocId = $doc->store();
$doc = $this->createTestDocument();
$doc->setServerState('unpublished');
$unpublishedDocId = $doc->store();
$testRole = new Opus_UserRole();
$testRole->setName('test_access');
$testRole->appendAccessDocument($unpublishedDocId);
$testRole->appendAccessDocument($publishedDocId);
$this->roleId = $testRole->store();
$userAccount = new Opus_Account();
$userAccount->setLogin('test_account')->setPassword('role_tester_user2');
$userAccount->setRole($testRole);
$this->userId = $userAccount->store();
$this->loginUser('test_account', 'role_tester_user2');
$this->tryAccessForDocument($publishedDocId, true);
$this->tryAccessForDocument($unpublishedDocId, true);
$this->logoutUser();
}
/**
* Get a list of all accounts with reviewer role.
*
* @return array
*/
private function __fetchReviewers()
{
$role = Opus_UserRole::fetchByName('reviewer');
$reviewerSelect = array('' => '-- please choose --');
foreach ($role->getAllAccountIds() as $id) {
$user = new Opus_Account($id);
$login = strtolower($user->getLogin());
if (is_null($user)) {
$this->getLogger()->warn("-- skipping name: " . $login . " (user does not exist)");
continue;
}
$key = $user->getId();
$firstname = trim($user->getFirstName());
$lastname = trim($user->getLastName());
$displayValue = "--- user-id: " . $key . ' ---';
if (!empty($firstname) or !empty($lastname)) {
$displayValue = $lastname . ", " . $firstname;
} else {
$this->getLogger()->warn("-- incomplete name: " . $login . " (missing first/last name)");
}
$reviewerSelect[$key] = $displayValue;
}
asort($reviewerSelect);
return $reviewerSelect;
}
public function testEditValidationSameAccount()
{
$user = new Opus_Account(null, null, 'user');
$form = new Admin_Form_Account($user->getId());
// check that form was populated
$this->assertEquals('user', $form->getElement('username')->getValue());
$postData = array('username' => 'user', 'oldLogin' => 'user', 'roleguest' => '1', 'password' => 'notchanged', 'confirmPassword' => 'notchanged');
$this->assertTrue($form->isValid($postData));
}
/**
* Deletes account.
*/
public function deleteAction()
{
$accountId = $this->getRequest()->getParam('id');
$message = null;
if (!empty($accountId)) {
$account = new Opus_Account($accountId);
if (!empty($account)) {
$currentUser = Zend_Auth::getInstance()->getIdentity();
// Check that user does not delete himself and protect admin
// account
if ($currentUser === strtolower($account->getLogin())) {
$message = 'admin_account_error_delete_self';
} else {
if (strtolower($account->getLogin()) === 'admin') {
$message = 'admin_account_error_delete_admin';
} else {
$account->delete();
}
}
} else {
$message = 'admin_account_error_badid';
}
} else {
$message = 'admin_account_error_missingid';
}
$messages = array();
if ($message === null) {
$messages['notice'] = $this->view->translate('admin_account_delete_success');
} else {
$messages['failure'] = $this->view->translate($message);
}
$this->_redirectTo('index', $messages);
}
public function getSubmitter()
{
$return = array();
foreach ($this->document->getEnrichment() as $e) {
if ($e->getKeyName() != 'submitter.user_id') {
continue;
}
$user_id = $e->getValue();
$account = new Opus_Account($user_id);
$return[$account->getId()] = strtolower($account->getLogin());
}
return $return;
}
* Foundation and the European Regional Development Fund.
*
* LICENCE
* OPUS is free software; you can redistribute it and/or modify it under the
* terms of the GNU General Public License as published by the Free Software
* Foundation; either version 2 of the Licence, or any later version.
* OPUS is distributed in the hope that it will be useful, but WITHOUT ANY
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details. You should have received a copy of the GNU General Public License
* along with OPUS; if not, write to the Free Software Foundation, Inc., 51
* Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
* @category Application
* @author Thoralf Klein <*****@*****.**>
* @copyright Copyright (c) 2009-2010, OPUS 4 development team
* @license http://www.gnu.org/licenses/gpl.html General Public License
* @version $Id: change-password.php 8423 2011-05-27 16:58:20Z sszott $
*/
// Bootstrapping
require_once dirname(__FILE__) . '/common/bootstrap.php';
$programm = array_shift($argv);
if (count($argv) < 2) {
echo "usage: {$programm} [name of existing user] [new password]\n";
exit;
}
$username = array_shift($argv);
$password = array_shift($argv);
// Set passwort of $user to $password.
$a = new Opus_Account(null, null, $username);
$a->setPassword($password)->store();
/**
* Simple test action to check "add" module.
*/
public function testChangePasswordAction()
{
$this->addTestAccountWithRoles();
// Test if changing password works...
$password = "******" . rand();
$requestData = array('login' => $this->login, 'password' => $password);
/* Creating first collection to work with. */
$this->request->setMethod('POST')->setPost($requestData);
$this->dispatch('/remotecontrol/account/change-password');
// Make sure, this request returned successfully.
$this->assertResponseCode(200);
$this->assertController('account');
$this->assertAction('change-password');
$body = $this->getResponse()->getBody();
$this->checkForBadStringsInHtml($body);
$this->assertContains('SUCCESS', $body);
// Test if created account really exists...
$account = Opus_Account::fetchAccountByLogin($this->login);
$this->assertTrue($account instanceof Opus_Account);
$this->assertEquals($this->login, $account->getLogin());
$this->assertTrue($account->isPasswordCorrect($password));
$this->assertFalse($account->isPasswordCorrect($this->password));
}
/**
* Performs an authentication attempt
*
* @throws Zend_Auth_Adapter_Exception If authentication cannot be performed.
* @return Zend_Auth_Result
*/
public function authenticate()
{
// Try to get the account information
try {
$account = new Opus_Account(null, null, $this->_login);
} catch (Exception $ex) {
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND, $this->_login, array('auth_error_invalid_credentials'));
}
// Check if password is correcct, but for old hashes. Neede for
// migrating md5-hashed passwords to SHA1-hashes.
if ($account->isPasswordCorrectOldHash($this->_password) === true) {
Zend_Registry::get('Zend_Log')->warn('Migrating old password-hash for user: '******'auth_login_success'));
}
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, $this->_login, array('auth_error_invalid_credentials'));
}
/**
* Test changing login.
*/
public function testChangeLoginSuccess()
{
$config = Zend_Registry::get('Zend_Config');
$config->account->editOwnAccount = 1;
$this->deleteUser('john2');
$this->loginUser('john', 'testpwd');
$this->getRequest()->setMethod('POST')->setPost(array('username' => 'john2', 'firstname' => '', 'lastname' => '', 'email' => ''));
$this->dispatch('/account/index/save');
$this->assertRedirect();
// Check if new user exists (with proper password) and old does not...
$account = Opus_Account::fetchAccountByLogin('john2');
$this->assertNotNull($account);
$this->assertTrue($account->isPasswordCorrect('testpwd'));
$account = Opus_Account::fetchAccountByLogin('john');
$this->assertNull($account);
// Delete user 'john2' if we're done...
$this->deleteUser('john2');
}
/**
* Stores the accounts credentials. Throws exception if something failes
* during the store operation.
*
* @throws Opus_Security_Exception If storing failes.
* @return void
*/
public function store()
{
// Check for a proper credentials
if ($this->isValid() === false) {
throw new Opus_Security_Exception('Credentials are invalid.');
}
// Check if there is a account with the same
// loginname before creating a new record.
if (is_null($this->getId()) === true) {
$row = Opus_Account::fetchAccountRowByLogin($this->getLogin());
if (is_null($row) === false) {
throw new Opus_Security_Exception('Account with login name ' . $this->getLogin() . ' already exists.');
}
}
// Now really store.
try {
return parent::store();
} catch (Exception $ex) {
$logger = Zend_Registry::get('Zend_Log');
if (null !== $logger) {
$message = "Unknown exception while storing account: ";
$message .= $ex->getMessage();
$logger->err(__METHOD__ . ': ' . $message);
}
$message = "Caught exception. Please consult the server logfile.";
throw new Opus_Security_Exception($message);
}
}
/**
* Save account information.
* @return <type>
*
* TODO move logic into model or form
*/
public function saveAction()
{
$login = Zend_Auth::getInstance()->getIdentity();
$config = $this->getConfig();
$logger = $this->getLogger();
if (!empty($login) && $this->getRequest()->isPost()) {
$accountForm = new Account_Form_Account();
$account = new Opus_Account(null, null, $login);
$accountForm->populateFromModel($account);
$postData = $this->getRequest()->getPost();
$isPasswordChanged = true;
if (empty($postData['password'])) {
// modify to pass default validation
// TODO think about better solution
$postData[Account_Form_Account::ELEMENT_PASSWORD] = 'notchanged';
$postData[Account_Form_Account::ELEMENT_CONFIRM_PASSWORD] = 'notchanged';
$isPasswordChanged = false;
}
// check if username was provided and if it may be changed
if (!isset($postData['username']) || isset($config->account->editPasswordOnly) && $config->account->editPasswordOnly || isset($config->account->changeLogin) && !$config->account->changeLogin) {
$postData['username'] = $login;
}
$postData['oldLogin'] = $login;
if ($accountForm->isValid($postData)) {
$account = new Opus_Account(null, null, $login);
$newLogin = $postData['username'];
$password = $postData['password'];
$firstname = $postData['firstname'];
$lastname = $postData['lastname'];
$email = $postData['email'];
$isLoginChanged = false;
if (isset($config->account->editPasswordOnly) && !$config->account->editPasswordOnly) {
$account->setFirstName($firstname);
$account->setLastName($lastname);
$account->setEmail($email);
$logger->debug('login = '******'new login = '******'admin') {
$logger->debug('login changed');
$account->setLogin($newLogin);
}
}
if ($isPasswordChanged) {
$logger->debug('Password changed');
$account->setPassword($password);
}
$account->store();
if ($isLoginChanged || $isPasswordChanged) {
Zend_Auth::getInstance()->clearIdentity();
}
} else {
$actionUrl = $this->view->url(array('action' => 'save'));
$accountForm->setAction($actionUrl);
return $this->renderForm($accountForm);
}
}
$this->_helper->redirector('index');
}
public function testUserAccessToInstituteWithInstituteRightsRegression3245()
{
$testRole = new Opus_UserRole();
$testRole->setName('TestRole');
$testRole->appendAccessModule('admin');
$testRole->appendAccessModule('resource_institutions');
$this->roleId = $testRole->store();
$userAccount = new Opus_Account();
$userAccount->setLogin('role_tester')->setPassword('role_tester');
$userAccount->setRole($testRole);
$this->userId = $userAccount->store();
$this->enableSecurity();
$this->loginUser('role_tester', 'role_tester');
$this->useEnglish();
$this->dispatch('/admin/dnbinstitute/edit/id/1');
$this->assertNotRedirect();
$this->assertNotRedirectTo('/auth', 'User is not able to edit dnb-institutions, ' . 'although he has the right to do it');
$this->assertQueryContentContains('//label', 'Department', 'User is not able to edit dnb-institutions, ' . 'although he has the right to do it');
}
public function testHideDeleteLinkForCurrentUser()
{
$this->enableSecurity();
$this->loginUser('security4', 'security4pwd');
$this->dispatch('/admin/account');
$this->assertResponseCode(200, $this->getResponse()->getBody());
$this->logoutUser();
$this->restoreSecuritySetting();
$user = new Opus_Account(null, null, 'security4');
$this->assertQueryCount("a[@href='" . $this->getRequest()->getBaseUrl() . "/admin/account/delete/id/" . $user->getId() . "']", 0, "There should be no delete link for current user'.");
}
