/** * Simple test. Return NON-NULL if valid logged in. */ public function testCreatePersonValidUser() { $accountName = 'foo-' . rand(); $accountPassword = '******' . rand(); $this->setZendAuthIdentity($accountName); $account = new Opus_Account(); $account->setLogin($accountName)->setPassword($accountPassword)->store(); $model = new Publish_Model_LoggedUser(); $this->assertNotNull($model->getUserId()); $person = $model->createPerson(); $this->assertNotNull($person); $this->assertEquals($account->getId(), $model->getUserId()); }
public function testRoleNameLikeUserName() { $userAccount = new Opus_Account(); $userAccount->setLogin('_test')->setPassword('role_tester'); $userAccount->setRole(new Opus_UserRole($this->roleId)); $userId = $userAccount->store(); Zend_Auth::getInstance()->getStorage()->write('_test'); $aclProvider = new Application_Security_AclProvider(); $acl = $aclProvider->getAcls(); $userAccount->delete(); $this->assertTrue($acl instanceof Zend_Acl, 'Excpected instance of Zend_Acl'); $this->assertTrue($acl->isAllowed(Application_Security_AclProvider::ACTIVE_ROLE, 'documents'), "expected user has access to resource 'documents'"); $this->assertFalse($acl->isAllowed(Application_Security_AclProvider::ACTIVE_ROLE, 'accounts'), "expected user has no access to resource 'account'"); }
public function setUp() { parent::setUp(); $this->enableSecurity(); $userRole = new Opus_UserRole(); $userRole->setName($this->roleName); $userRole->appendAccessModule('admin'); $userRole->appendAccessModule('resource_series'); $userRole->store(); $user = new Opus_Account(); $user->setLogin($this->userName); $user->setPassword('seriesadminpwd'); $user->addRole($userRole); $user->store(); $this->loginUser($this->userName, 'seriesadminpwd'); }
public function addAction() { $this->_helper->layout()->disableLayout(); $this->_helper->viewRenderer->setNoRender(true); $request = $this->getRequest(); $login = $request->getParam('login'); $password = $request->getParam('password'); $userRoles = $request->getParam('user-roles'); $testAccount = Opus_Account::fetchAccountByLogin($login); if (!is_null($testAccount)) { $this->getResponse()->setHttpResponseCode(400); $this->getResponse()->setBody("ERROR: Account '{$login}' already exists."); return; } $account = new Opus_Account(); $account->setLogin($login); $account->setPassword($password); foreach (explode(",", $userRoles) as $roleName) { $roleName = trim($roleName); $role = Opus_UserRole::fetchByName($roleName); if ($role instanceof Opus_UserRole) { $account->addRole($role); } else { $this->getResponse()->setHttpResponseCode(400); $this->getResponse()->setBody("ERROR: Role '{$roleName}' does not exist."); return; } } try { $account->store(); } catch (Opus_Security_Exception $e) { $this->getResponse()->setHttpResponseCode(400); $this->getResponse()->setBody("ERROR: " . $e->getMessage()); return; } $this->getResponse()->setBody('SUCCESS'); }
public function testUserAccessToInstituteWithInstituteRightsRegression3245() { $testRole = new Opus_UserRole(); $testRole->setName('TestRole'); $testRole->appendAccessModule('admin'); $testRole->appendAccessModule('resource_institutions'); $this->roleId = $testRole->store(); $userAccount = new Opus_Account(); $userAccount->setLogin('role_tester')->setPassword('role_tester'); $userAccount->setRole($testRole); $this->userId = $userAccount->store(); $this->enableSecurity(); $this->loginUser('role_tester', 'role_tester'); $this->useEnglish(); $this->dispatch('/admin/dnbinstitute/edit/id/1'); $this->assertNotRedirect(); $this->assertNotRedirectTo('/auth', 'User is not able to edit dnb-institutions, ' . 'although he has the right to do it'); $this->assertQueryContentContains('//label', 'Department', 'User is not able to edit dnb-institutions, ' . 'although he has the right to do it'); }
/** * Performs an authentication attempt * * @throws Zend_Auth_Adapter_Exception If authentication cannot be performed. * @return Zend_Auth_Result */ public function authenticate() { $config = new Zend_Config_Ini('../application/configs/config.ini', 'production'); $log_path = $config->ldap->log_path; $admins = explode(',', $config->ldap->admin_accounts); $options = $config->ldap->toArray(); unset($options['log_path']); unset($options['admin_accounts']); try { // first check local DB with parent class $result = parent::authenticate(); $user = new Zend_Session_Namespace('loggedin'); $user->usernumber = $this->_login; } catch (Exception $e) { throw $e; } if ($result->isValid() !== true) { try { $auth = Zend_Auth::getInstance(); $adapter = new Zend_Auth_Adapter_Ldap($options, $this->_login, $this->_password); $result = $auth->authenticate($adapter); // log the result if a log path has been defined in config.ini if ($log_path) { $messages = $result->getMessages(); $logger = new Zend_Log(); $logger->addWriter(new Zend_Log_Writer_Stream($log_path)); $filter = new Zend_Log_Filter_Priority(Zend_Log::DEBUG); $logger->addFilter($filter); foreach ($messages as $i => $message) { if ($i-- > 1) { // $messages[2] and up are log messages $message = str_replace("\n", "\n ", $message); $logger->log("Ldap: {$i}: {$message}", Zend_Log::DEBUG); } } } // if authentication was successfull and user is not already in OPUS DB // register user as publisher to OPUS database try { $account = new Opus_Account(null, null, $this->_login); } catch (Exception $ex) { if ($result->isValid() === true) { $user = new Zend_Session_Namespace('loggedin'); $user->usernumber = $this->_login; $account = new Opus_Account(); $account->setLogin($this->_login); $account->setPassword($this->_password); $account->store(); $roles = Opus_Role::getAll(); // look for the publisher role in OPUS DB foreach ($roles as $role) { if ($role->getDisplayName() === 'publisher') { $publisherId = $role->getId(); } if ($role->getDisplayName() === 'administrator') { $adminId = $role->getId(); } } if ($publisherId > 0) { $accessRole = new Opus_Role($publisherId); } else { // if there is no publisher role in DB, create it $accessRole = new Opus_Role(); $accessRole->setName('publisher'); // the publisher role needs publish access! $privilege = new Opus_Privilege(); $privilege->setPrivilege('publish'); $accessRole->addPrivilege($privilege); $accessRole->store(); } if ($adminId > 0) { $adminRole = new Opus_Role($adminId); } else { // if there is no publisher role in DB, create it $adminRole = new Opus_Role(); $adminRole->setName('administrator'); // the publisher role needs publish access! $adminprivilege = new Opus_Privilege(); $adminprivilege->setPrivilege('administrate'); $adminRole->addPrivilege($adminprivilege); $adminRole->store(); } if (in_array($this->_login, $admins) === true) { $account->addRole($adminRole); } else { $account->addRole($accessRole); } $account->store(); } } } catch (Zend_Auth_Adapter_Exception $e) { throw $e; } } return $result; }
public function testAccessUserToFileRegression3281() { $this->enableSecurity(); // test document access as user with document access rights $doc = $this->createTestDocument(); $doc->setServerState('published'); $publishedDocId = $doc->store(); $doc = $this->createTestDocument(); $doc->setServerState('unpublished'); $unpublishedDocId = $doc->store(); $testRole = new Opus_UserRole(); $testRole->setName('test_access'); $testRole->appendAccessDocument($unpublishedDocId); $testRole->appendAccessDocument($publishedDocId); $this->roleId = $testRole->store(); $userAccount = new Opus_Account(); $userAccount->setLogin('test_account')->setPassword('role_tester_user2'); $userAccount->setRole($testRole); $this->userId = $userAccount->store(); $this->loginUser('test_account', 'role_tester_user2'); $this->tryAccessForDocument($publishedDocId, true); $this->tryAccessForDocument($unpublishedDocId, true); $this->logoutUser(); }
public function testDeleteActionDeleteSelf() { $user = new Opus_Account(); $user->setLogin('john'); $user->setPassword('testpwd'); $user->store(); $this->loginUser('john', 'testpwd'); $this->dispatch('/admin/account/delete/id/' . $user->getId()); $this->assertController('account'); $this->assertAction('delete'); $this->assertRedirect('/admin/account/index'); $user = new Opus_Account(null, null, 'john'); $this->assertNotNull($user); $user->delete(); }
/** * Save account information. * @return <type> * * TODO move logic into model or form */ public function saveAction() { $login = Zend_Auth::getInstance()->getIdentity(); $config = $this->getConfig(); $logger = $this->getLogger(); if (!empty($login) && $this->getRequest()->isPost()) { $accountForm = new Account_Form_Account(); $account = new Opus_Account(null, null, $login); $accountForm->populateFromModel($account); $postData = $this->getRequest()->getPost(); $isPasswordChanged = true; if (empty($postData['password'])) { // modify to pass default validation // TODO think about better solution $postData[Account_Form_Account::ELEMENT_PASSWORD] = 'notchanged'; $postData[Account_Form_Account::ELEMENT_CONFIRM_PASSWORD] = 'notchanged'; $isPasswordChanged = false; } // check if username was provided and if it may be changed if (!isset($postData['username']) || isset($config->account->editPasswordOnly) && $config->account->editPasswordOnly || isset($config->account->changeLogin) && !$config->account->changeLogin) { $postData['username'] = $login; } $postData['oldLogin'] = $login; if ($accountForm->isValid($postData)) { $account = new Opus_Account(null, null, $login); $newLogin = $postData['username']; $password = $postData['password']; $firstname = $postData['firstname']; $lastname = $postData['lastname']; $email = $postData['email']; $isLoginChanged = false; if (isset($config->account->editPasswordOnly) && !$config->account->editPasswordOnly) { $account->setFirstName($firstname); $account->setLastName($lastname); $account->setEmail($email); $logger->debug('login = '******'new login = '******'admin') { $logger->debug('login changed'); $account->setLogin($newLogin); } } if ($isPasswordChanged) { $logger->debug('Password changed'); $account->setPassword($password); } $account->store(); if ($isLoginChanged || $isPasswordChanged) { Zend_Auth::getInstance()->clearIdentity(); } } else { $actionUrl = $this->view->url(array('action' => 'save')); $accountForm->setAction($actionUrl); return $this->renderForm($accountForm); } } $this->_helper->redirector('index'); }
/** * Updates account information. */ public function updateAction() { if ($this->getRequest()->isPost()) { $button = $this->getRequest()->getParam('cancel'); if (isset($button)) { $this->_helper->redirector('index'); return; } $id = $this->getRequest()->getParam('id'); $accountForm = new Admin_Form_Account($id); $postData = $this->getRequest()->getPost(); $passwordChanged = true; if (empty($postData['password'])) { // modify to pass default validation // TODO think about better solution (validation context?) $postData['password'] = '******'; $postData['confirmPassword'] = '******'; $passwordChanged = false; } $account = new Opus_Account($id); $postData['oldLogin'] = strtolower($account->getLogin()); if ($accountForm->isValid($postData)) { $account->setFirstName($postData['firstname']); $account->setLastName($postData['lastname']); $account->setEmail($postData['email']); $oldLogin = strtolower($account->getLogin()); // update login name $newLogin = $postData['username']; if ($newLogin !== $oldLogin) { $account->setLogin($newLogin); $loginChanged = true; } else { $loginChanged = false; } // update password if ($passwordChanged) { $password = $postData['password']; $account->setPassword($password); } // update roles $newRoles = Admin_Form_Account::parseSelectedRoles($postData); // TODO optimize code $hasAdministratorRole = false; foreach ($newRoles as $role) { if (strtolower($role->getDisplayName()) === 'administrator') { $hasAdministratorRole = true; break; } } $currentUser = Zend_Auth::getInstance()->getIdentity(); $isCurrentUser = $currentUser === $oldLogin ? true : false; if (!$hasAdministratorRole && $isCurrentUser) { $newRoles[] = Opus_UserRole::fetchByName('administrator'); } $account->setRole($newRoles); $account->store(); if ($isCurrentUser && ($loginChanged || $passwordChanged)) { Zend_Auth::getInstance()->clearIdentity(); } } else { $actionUrl = $this->view->url(array('action' => 'update', 'id' => $id)); $accountForm->setAction($actionUrl); $this->view->form = $accountForm; $this->view->title = 'admin_account_edit'; return $this->renderScript('account/edit.phtml'); } } $this->_helper->redirector('index'); }