/**
* Authorizes the user with his username and password. Initializes
* the user session if the user data are valid.
*
* @access protected
* @param \Zepi\Web\UserInterface\Form\Form $form
* @param \Zepi\Turbo\Framework $framework
* @param \Zepi\Turbo\Request\RequestAbstract $request
* @param \Zepi\Turbo\Response\Response $response
* @return string|boolean
*/
protected function sendRequest(Form $form, Framework $framework, RequestAbstract $request, Response $response)
{
$group = $form->searchPartByKeyAndType('user-data');
$username = trim($group->getPart('username')->getValue());
$result = $this->validateData($framework, $username);
// If the validate function returned a string there was an error in the validation.
if ($result !== true) {
return $result;
}
// Load the user
$user = $this->userManager->getUserForUsername($username);
// Generate an request token
$token = uniqid(md5($user->getMetaData('email')), true);
$user->setMetaData('passwordRequestToken', $token);
$user->setMetaData('passwordRequestTokenLifetime', time() + 3600);
$this->userManager->updateUser($user);
// Send the request mail
$requestLink = $request->getFullRoute('/generate-new-password/' . $user->getUuid() . '/' . $token . '/');
$this->mailHelper->sendMail($user->getMetaData('email'), $this->translate('New password requested', '\\Zepi\\Web\\AccessControl'), $this->render('\\Zepi\\Web\\AccessControl\\Mail\\RequestNewPassword', array('user' => $user, 'requestLink' => $requestLink)));
return true;
}
/**
* Validates the input user data
*
* @param \Zepi\Turbo\Framework $framework
* @param string $username
* @param string $password
* @return boolean|\Zepi\Web\AccessControl\Entity\User
*/
protected function validateUserData(Framework $framework, $username, $password)
{
// If the password isn't at least 8 characters long
if (strlen($password) < 8) {
return false;
}
// If the given username doesn't exists
if (!$this->userManager->hasUserForUsername($username)) {
return false;
}
$user = $this->userManager->getUserForUsername($username);
// If the user not is usable
if ($user === false) {
return false;
}
// If the inserted password not is correct
if (!$user->comparePasswords($password)) {
return false;
}
// Everything is okey
return $user;
}
/**
* Returns true if the username is in use and not is the edited user.
*
* @param string $username
* @param \Zepi\Web\AccessControl\Entity\User $user
* @return boolean
*/
protected function isUsernameInUse($username, User $user)
{
return $this->userManager->hasUserForUsername($username) && $this->userManager->getUserForUsername($username)->getUuid() != $user->getUuid();
}