/**
* Simple test. Return NON-NULL if valid logged in.
*/
public function testCreatePersonValidUser()
{
$accountName = 'foo-' . rand();
$accountPassword = '******' . rand();
$this->setZendAuthIdentity($accountName);
$account = new Opus_Account();
$account->setLogin($accountName)->setPassword($accountPassword)->store();
$model = new Publish_Model_LoggedUser();
$this->assertNotNull($model->getUserId());
$person = $model->createPerson();
$this->assertNotNull($person);
$this->assertEquals($account->getId(), $model->getUserId());
}
public function testRoleNameLikeUserName()
{
$userAccount = new Opus_Account();
$userAccount->setLogin('_test')->setPassword('role_tester');
$userAccount->setRole(new Opus_UserRole($this->roleId));
$userId = $userAccount->store();
Zend_Auth::getInstance()->getStorage()->write('_test');
$aclProvider = new Application_Security_AclProvider();
$acl = $aclProvider->getAcls();
$userAccount->delete();
$this->assertTrue($acl instanceof Zend_Acl, 'Excpected instance of Zend_Acl');
$this->assertTrue($acl->isAllowed(Application_Security_AclProvider::ACTIVE_ROLE, 'documents'), "expected user has access to resource 'documents'");
$this->assertFalse($acl->isAllowed(Application_Security_AclProvider::ACTIVE_ROLE, 'accounts'), "expected user has no access to resource 'account'");
}
public function setUp()
{
parent::setUp();
$this->enableSecurity();
$userRole = new Opus_UserRole();
$userRole->setName($this->roleName);
$userRole->appendAccessModule('admin');
$userRole->appendAccessModule('resource_series');
$userRole->store();
$user = new Opus_Account();
$user->setLogin($this->userName);
$user->setPassword('seriesadminpwd');
$user->addRole($userRole);
$user->store();
$this->loginUser($this->userName, 'seriesadminpwd');
}
public function addAction()
{
$this->_helper->layout()->disableLayout();
$this->_helper->viewRenderer->setNoRender(true);
$request = $this->getRequest();
$login = $request->getParam('login');
$password = $request->getParam('password');
$userRoles = $request->getParam('user-roles');
$testAccount = Opus_Account::fetchAccountByLogin($login);
if (!is_null($testAccount)) {
$this->getResponse()->setHttpResponseCode(400);
$this->getResponse()->setBody("ERROR: Account '{$login}' already exists.");
return;
}
$account = new Opus_Account();
$account->setLogin($login);
$account->setPassword($password);
foreach (explode(",", $userRoles) as $roleName) {
$roleName = trim($roleName);
$role = Opus_UserRole::fetchByName($roleName);
if ($role instanceof Opus_UserRole) {
$account->addRole($role);
} else {
$this->getResponse()->setHttpResponseCode(400);
$this->getResponse()->setBody("ERROR: Role '{$roleName}' does not exist.");
return;
}
}
try {
$account->store();
} catch (Opus_Security_Exception $e) {
$this->getResponse()->setHttpResponseCode(400);
$this->getResponse()->setBody("ERROR: " . $e->getMessage());
return;
}
$this->getResponse()->setBody('SUCCESS');
}
public function testUserAccessToInstituteWithInstituteRightsRegression3245()
{
$testRole = new Opus_UserRole();
$testRole->setName('TestRole');
$testRole->appendAccessModule('admin');
$testRole->appendAccessModule('resource_institutions');
$this->roleId = $testRole->store();
$userAccount = new Opus_Account();
$userAccount->setLogin('role_tester')->setPassword('role_tester');
$userAccount->setRole($testRole);
$this->userId = $userAccount->store();
$this->enableSecurity();
$this->loginUser('role_tester', 'role_tester');
$this->useEnglish();
$this->dispatch('/admin/dnbinstitute/edit/id/1');
$this->assertNotRedirect();
$this->assertNotRedirectTo('/auth', 'User is not able to edit dnb-institutions, ' . 'although he has the right to do it');
$this->assertQueryContentContains('//label', 'Department', 'User is not able to edit dnb-institutions, ' . 'although he has the right to do it');
}
/**
* Performs an authentication attempt
*
* @throws Zend_Auth_Adapter_Exception If authentication cannot be performed.
* @return Zend_Auth_Result
*/
public function authenticate()
{
$config = new Zend_Config_Ini('../application/configs/config.ini', 'production');
$log_path = $config->ldap->log_path;
$admins = explode(',', $config->ldap->admin_accounts);
$options = $config->ldap->toArray();
unset($options['log_path']);
unset($options['admin_accounts']);
try {
// first check local DB with parent class
$result = parent::authenticate();
$user = new Zend_Session_Namespace('loggedin');
$user->usernumber = $this->_login;
} catch (Exception $e) {
throw $e;
}
if ($result->isValid() !== true) {
try {
$auth = Zend_Auth::getInstance();
$adapter = new Zend_Auth_Adapter_Ldap($options, $this->_login, $this->_password);
$result = $auth->authenticate($adapter);
// log the result if a log path has been defined in config.ini
if ($log_path) {
$messages = $result->getMessages();
$logger = new Zend_Log();
$logger->addWriter(new Zend_Log_Writer_Stream($log_path));
$filter = new Zend_Log_Filter_Priority(Zend_Log::DEBUG);
$logger->addFilter($filter);
foreach ($messages as $i => $message) {
if ($i-- > 1) {
// $messages[2] and up are log messages
$message = str_replace("\n", "\n ", $message);
$logger->log("Ldap: {$i}: {$message}", Zend_Log::DEBUG);
}
}
}
// if authentication was successfull and user is not already in OPUS DB
// register user as publisher to OPUS database
try {
$account = new Opus_Account(null, null, $this->_login);
} catch (Exception $ex) {
if ($result->isValid() === true) {
$user = new Zend_Session_Namespace('loggedin');
$user->usernumber = $this->_login;
$account = new Opus_Account();
$account->setLogin($this->_login);
$account->setPassword($this->_password);
$account->store();
$roles = Opus_Role::getAll();
// look for the publisher role in OPUS DB
foreach ($roles as $role) {
if ($role->getDisplayName() === 'publisher') {
$publisherId = $role->getId();
}
if ($role->getDisplayName() === 'administrator') {
$adminId = $role->getId();
}
}
if ($publisherId > 0) {
$accessRole = new Opus_Role($publisherId);
} else {
// if there is no publisher role in DB, create it
$accessRole = new Opus_Role();
$accessRole->setName('publisher');
// the publisher role needs publish access!
$privilege = new Opus_Privilege();
$privilege->setPrivilege('publish');
$accessRole->addPrivilege($privilege);
$accessRole->store();
}
if ($adminId > 0) {
$adminRole = new Opus_Role($adminId);
} else {
// if there is no publisher role in DB, create it
$adminRole = new Opus_Role();
$adminRole->setName('administrator');
// the publisher role needs publish access!
$adminprivilege = new Opus_Privilege();
$adminprivilege->setPrivilege('administrate');
$adminRole->addPrivilege($adminprivilege);
$adminRole->store();
}
if (in_array($this->_login, $admins) === true) {
$account->addRole($adminRole);
} else {
$account->addRole($accessRole);
}
$account->store();
}
}
} catch (Zend_Auth_Adapter_Exception $e) {
throw $e;
}
}
return $result;
}
public function testAccessUserToFileRegression3281()
{
$this->enableSecurity();
// test document access as user with document access rights
$doc = $this->createTestDocument();
$doc->setServerState('published');
$publishedDocId = $doc->store();
$doc = $this->createTestDocument();
$doc->setServerState('unpublished');
$unpublishedDocId = $doc->store();
$testRole = new Opus_UserRole();
$testRole->setName('test_access');
$testRole->appendAccessDocument($unpublishedDocId);
$testRole->appendAccessDocument($publishedDocId);
$this->roleId = $testRole->store();
$userAccount = new Opus_Account();
$userAccount->setLogin('test_account')->setPassword('role_tester_user2');
$userAccount->setRole($testRole);
$this->userId = $userAccount->store();
$this->loginUser('test_account', 'role_tester_user2');
$this->tryAccessForDocument($publishedDocId, true);
$this->tryAccessForDocument($unpublishedDocId, true);
$this->logoutUser();
}
public function testDeleteActionDeleteSelf()
{
$user = new Opus_Account();
$user->setLogin('john');
$user->setPassword('testpwd');
$user->store();
$this->loginUser('john', 'testpwd');
$this->dispatch('/admin/account/delete/id/' . $user->getId());
$this->assertController('account');
$this->assertAction('delete');
$this->assertRedirect('/admin/account/index');
$user = new Opus_Account(null, null, 'john');
$this->assertNotNull($user);
$user->delete();
}
/**
* Save account information.
* @return <type>
*
* TODO move logic into model or form
*/
public function saveAction()
{
$login = Zend_Auth::getInstance()->getIdentity();
$config = $this->getConfig();
$logger = $this->getLogger();
if (!empty($login) && $this->getRequest()->isPost()) {
$accountForm = new Account_Form_Account();
$account = new Opus_Account(null, null, $login);
$accountForm->populateFromModel($account);
$postData = $this->getRequest()->getPost();
$isPasswordChanged = true;
if (empty($postData['password'])) {
// modify to pass default validation
// TODO think about better solution
$postData[Account_Form_Account::ELEMENT_PASSWORD] = 'notchanged';
$postData[Account_Form_Account::ELEMENT_CONFIRM_PASSWORD] = 'notchanged';
$isPasswordChanged = false;
}
// check if username was provided and if it may be changed
if (!isset($postData['username']) || isset($config->account->editPasswordOnly) && $config->account->editPasswordOnly || isset($config->account->changeLogin) && !$config->account->changeLogin) {
$postData['username'] = $login;
}
$postData['oldLogin'] = $login;
if ($accountForm->isValid($postData)) {
$account = new Opus_Account(null, null, $login);
$newLogin = $postData['username'];
$password = $postData['password'];
$firstname = $postData['firstname'];
$lastname = $postData['lastname'];
$email = $postData['email'];
$isLoginChanged = false;
if (isset($config->account->editPasswordOnly) && !$config->account->editPasswordOnly) {
$account->setFirstName($firstname);
$account->setLastName($lastname);
$account->setEmail($email);
$logger->debug('login = '******'new login = '******'admin') {
$logger->debug('login changed');
$account->setLogin($newLogin);
}
}
if ($isPasswordChanged) {
$logger->debug('Password changed');
$account->setPassword($password);
}
$account->store();
if ($isLoginChanged || $isPasswordChanged) {
Zend_Auth::getInstance()->clearIdentity();
}
} else {
$actionUrl = $this->view->url(array('action' => 'save'));
$accountForm->setAction($actionUrl);
return $this->renderForm($accountForm);
}
}
$this->_helper->redirector('index');
}
/**
* Updates account information.
*/
public function updateAction()
{
if ($this->getRequest()->isPost()) {
$button = $this->getRequest()->getParam('cancel');
if (isset($button)) {
$this->_helper->redirector('index');
return;
}
$id = $this->getRequest()->getParam('id');
$accountForm = new Admin_Form_Account($id);
$postData = $this->getRequest()->getPost();
$passwordChanged = true;
if (empty($postData['password'])) {
// modify to pass default validation
// TODO think about better solution (validation context?)
$postData['password'] = '******';
$postData['confirmPassword'] = '******';
$passwordChanged = false;
}
$account = new Opus_Account($id);
$postData['oldLogin'] = strtolower($account->getLogin());
if ($accountForm->isValid($postData)) {
$account->setFirstName($postData['firstname']);
$account->setLastName($postData['lastname']);
$account->setEmail($postData['email']);
$oldLogin = strtolower($account->getLogin());
// update login name
$newLogin = $postData['username'];
if ($newLogin !== $oldLogin) {
$account->setLogin($newLogin);
$loginChanged = true;
} else {
$loginChanged = false;
}
// update password
if ($passwordChanged) {
$password = $postData['password'];
$account->setPassword($password);
}
// update roles
$newRoles = Admin_Form_Account::parseSelectedRoles($postData);
// TODO optimize code
$hasAdministratorRole = false;
foreach ($newRoles as $role) {
if (strtolower($role->getDisplayName()) === 'administrator') {
$hasAdministratorRole = true;
break;
}
}
$currentUser = Zend_Auth::getInstance()->getIdentity();
$isCurrentUser = $currentUser === $oldLogin ? true : false;
if (!$hasAdministratorRole && $isCurrentUser) {
$newRoles[] = Opus_UserRole::fetchByName('administrator');
}
$account->setRole($newRoles);
$account->store();
if ($isCurrentUser && ($loginChanged || $passwordChanged)) {
Zend_Auth::getInstance()->clearIdentity();
}
} else {
$actionUrl = $this->view->url(array('action' => 'update', 'id' => $id));
$accountForm->setAction($actionUrl);
$this->view->form = $accountForm;
$this->view->title = 'admin_account_edit';
return $this->renderScript('account/edit.phtml');
}
}
$this->_helper->redirector('index');
}
