public function setUp()
{
parent::setUp();
$this->enableSecurity();
$userRole = new Opus_UserRole();
$userRole->setName($this->roleName);
$userRole->appendAccessModule('admin');
$userRole->appendAccessModule('resource_series');
$userRole->store();
$user = new Opus_Account();
$user->setLogin($this->userName);
$user->setPassword('seriesadminpwd');
$user->addRole($userRole);
$user->store();
$this->loginUser($this->userName, 'seriesadminpwd');
}
public function addAction()
{
$this->_helper->layout()->disableLayout();
$this->_helper->viewRenderer->setNoRender(true);
$request = $this->getRequest();
$login = $request->getParam('login');
$password = $request->getParam('password');
$userRoles = $request->getParam('user-roles');
$testAccount = Opus_Account::fetchAccountByLogin($login);
if (!is_null($testAccount)) {
$this->getResponse()->setHttpResponseCode(400);
$this->getResponse()->setBody("ERROR: Account '{$login}' already exists.");
return;
}
$account = new Opus_Account();
$account->setLogin($login);
$account->setPassword($password);
foreach (explode(",", $userRoles) as $roleName) {
$roleName = trim($roleName);
$role = Opus_UserRole::fetchByName($roleName);
if ($role instanceof Opus_UserRole) {
$account->addRole($role);
} else {
$this->getResponse()->setHttpResponseCode(400);
$this->getResponse()->setBody("ERROR: Role '{$roleName}' does not exist.");
return;
}
}
try {
$account->store();
} catch (Opus_Security_Exception $e) {
$this->getResponse()->setHttpResponseCode(400);
$this->getResponse()->setBody("ERROR: " . $e->getMessage());
return;
}
$this->getResponse()->setBody('SUCCESS');
}
/**
* Performs an authentication attempt
*
* @throws Zend_Auth_Adapter_Exception If authentication cannot be performed.
* @return Zend_Auth_Result
*/
public function authenticate()
{
$config = new Zend_Config_Ini('../application/configs/config.ini', 'production');
$log_path = $config->ldap->log_path;
$admins = explode(',', $config->ldap->admin_accounts);
$options = $config->ldap->toArray();
unset($options['log_path']);
unset($options['admin_accounts']);
try {
// first check local DB with parent class
$result = parent::authenticate();
$user = new Zend_Session_Namespace('loggedin');
$user->usernumber = $this->_login;
} catch (Exception $e) {
throw $e;
}
if ($result->isValid() !== true) {
try {
$auth = Zend_Auth::getInstance();
$adapter = new Zend_Auth_Adapter_Ldap($options, $this->_login, $this->_password);
$result = $auth->authenticate($adapter);
// log the result if a log path has been defined in config.ini
if ($log_path) {
$messages = $result->getMessages();
$logger = new Zend_Log();
$logger->addWriter(new Zend_Log_Writer_Stream($log_path));
$filter = new Zend_Log_Filter_Priority(Zend_Log::DEBUG);
$logger->addFilter($filter);
foreach ($messages as $i => $message) {
if ($i-- > 1) {
// $messages[2] and up are log messages
$message = str_replace("\n", "\n ", $message);
$logger->log("Ldap: {$i}: {$message}", Zend_Log::DEBUG);
}
}
}
// if authentication was successfull and user is not already in OPUS DB
// register user as publisher to OPUS database
try {
$account = new Opus_Account(null, null, $this->_login);
} catch (Exception $ex) {
if ($result->isValid() === true) {
$user = new Zend_Session_Namespace('loggedin');
$user->usernumber = $this->_login;
$account = new Opus_Account();
$account->setLogin($this->_login);
$account->setPassword($this->_password);
$account->store();
$roles = Opus_Role::getAll();
// look for the publisher role in OPUS DB
foreach ($roles as $role) {
if ($role->getDisplayName() === 'publisher') {
$publisherId = $role->getId();
}
if ($role->getDisplayName() === 'administrator') {
$adminId = $role->getId();
}
}
if ($publisherId > 0) {
$accessRole = new Opus_Role($publisherId);
} else {
// if there is no publisher role in DB, create it
$accessRole = new Opus_Role();
$accessRole->setName('publisher');
// the publisher role needs publish access!
$privilege = new Opus_Privilege();
$privilege->setPrivilege('publish');
$accessRole->addPrivilege($privilege);
$accessRole->store();
}
if ($adminId > 0) {
$adminRole = new Opus_Role($adminId);
} else {
// if there is no publisher role in DB, create it
$adminRole = new Opus_Role();
$adminRole->setName('administrator');
// the publisher role needs publish access!
$adminprivilege = new Opus_Privilege();
$adminprivilege->setPrivilege('administrate');
$adminRole->addPrivilege($adminprivilege);
$adminRole->store();
}
if (in_array($this->_login, $admins) === true) {
$account->addRole($adminRole);
} else {
$account->addRole($accessRole);
}
$account->store();
}
}
} catch (Zend_Auth_Adapter_Exception $e) {
throw $e;
}
}
return $result;
}
