public function setUp() { parent::setUp(); $this->enableSecurity(); $userRole = new Opus_UserRole(); $userRole->setName($this->roleName); $userRole->appendAccessModule('admin'); $userRole->appendAccessModule('resource_series'); $userRole->store(); $user = new Opus_Account(); $user->setLogin($this->userName); $user->setPassword('seriesadminpwd'); $user->addRole($userRole); $user->store(); $this->loginUser($this->userName, 'seriesadminpwd'); }
public function addAction() { $this->_helper->layout()->disableLayout(); $this->_helper->viewRenderer->setNoRender(true); $request = $this->getRequest(); $login = $request->getParam('login'); $password = $request->getParam('password'); $userRoles = $request->getParam('user-roles'); $testAccount = Opus_Account::fetchAccountByLogin($login); if (!is_null($testAccount)) { $this->getResponse()->setHttpResponseCode(400); $this->getResponse()->setBody("ERROR: Account '{$login}' already exists."); return; } $account = new Opus_Account(); $account->setLogin($login); $account->setPassword($password); foreach (explode(",", $userRoles) as $roleName) { $roleName = trim($roleName); $role = Opus_UserRole::fetchByName($roleName); if ($role instanceof Opus_UserRole) { $account->addRole($role); } else { $this->getResponse()->setHttpResponseCode(400); $this->getResponse()->setBody("ERROR: Role '{$roleName}' does not exist."); return; } } try { $account->store(); } catch (Opus_Security_Exception $e) { $this->getResponse()->setHttpResponseCode(400); $this->getResponse()->setBody("ERROR: " . $e->getMessage()); return; } $this->getResponse()->setBody('SUCCESS'); }
/** * Performs an authentication attempt * * @throws Zend_Auth_Adapter_Exception If authentication cannot be performed. * @return Zend_Auth_Result */ public function authenticate() { $config = new Zend_Config_Ini('../application/configs/config.ini', 'production'); $log_path = $config->ldap->log_path; $admins = explode(',', $config->ldap->admin_accounts); $options = $config->ldap->toArray(); unset($options['log_path']); unset($options['admin_accounts']); try { // first check local DB with parent class $result = parent::authenticate(); $user = new Zend_Session_Namespace('loggedin'); $user->usernumber = $this->_login; } catch (Exception $e) { throw $e; } if ($result->isValid() !== true) { try { $auth = Zend_Auth::getInstance(); $adapter = new Zend_Auth_Adapter_Ldap($options, $this->_login, $this->_password); $result = $auth->authenticate($adapter); // log the result if a log path has been defined in config.ini if ($log_path) { $messages = $result->getMessages(); $logger = new Zend_Log(); $logger->addWriter(new Zend_Log_Writer_Stream($log_path)); $filter = new Zend_Log_Filter_Priority(Zend_Log::DEBUG); $logger->addFilter($filter); foreach ($messages as $i => $message) { if ($i-- > 1) { // $messages[2] and up are log messages $message = str_replace("\n", "\n ", $message); $logger->log("Ldap: {$i}: {$message}", Zend_Log::DEBUG); } } } // if authentication was successfull and user is not already in OPUS DB // register user as publisher to OPUS database try { $account = new Opus_Account(null, null, $this->_login); } catch (Exception $ex) { if ($result->isValid() === true) { $user = new Zend_Session_Namespace('loggedin'); $user->usernumber = $this->_login; $account = new Opus_Account(); $account->setLogin($this->_login); $account->setPassword($this->_password); $account->store(); $roles = Opus_Role::getAll(); // look for the publisher role in OPUS DB foreach ($roles as $role) { if ($role->getDisplayName() === 'publisher') { $publisherId = $role->getId(); } if ($role->getDisplayName() === 'administrator') { $adminId = $role->getId(); } } if ($publisherId > 0) { $accessRole = new Opus_Role($publisherId); } else { // if there is no publisher role in DB, create it $accessRole = new Opus_Role(); $accessRole->setName('publisher'); // the publisher role needs publish access! $privilege = new Opus_Privilege(); $privilege->setPrivilege('publish'); $accessRole->addPrivilege($privilege); $accessRole->store(); } if ($adminId > 0) { $adminRole = new Opus_Role($adminId); } else { // if there is no publisher role in DB, create it $adminRole = new Opus_Role(); $adminRole->setName('administrator'); // the publisher role needs publish access! $adminprivilege = new Opus_Privilege(); $adminprivilege->setPrivilege('administrate'); $adminRole->addPrivilege($adminprivilege); $adminRole->store(); } if (in_array($this->_login, $admins) === true) { $account->addRole($adminRole); } else { $account->addRole($accessRole); } $account->store(); } } } catch (Zend_Auth_Adapter_Exception $e) { throw $e; } } return $result; }
public function testDeleteActionDeleteSelf() { $user = new Opus_Account(); $user->setLogin('john'); $user->setPassword('testpwd'); $user->store(); $this->loginUser('john', 'testpwd'); $this->dispatch('/admin/account/delete/id/' . $user->getId()); $this->assertController('account'); $this->assertAction('delete'); $this->assertRedirect('/admin/account/index'); $user = new Opus_Account(null, null, 'john'); $this->assertNotNull($user); $user->delete(); }
/** * Save account information. * @return <type> * * TODO move logic into model or form */ public function saveAction() { $login = Zend_Auth::getInstance()->getIdentity(); $config = $this->getConfig(); $logger = $this->getLogger(); if (!empty($login) && $this->getRequest()->isPost()) { $accountForm = new Account_Form_Account(); $account = new Opus_Account(null, null, $login); $accountForm->populateFromModel($account); $postData = $this->getRequest()->getPost(); $isPasswordChanged = true; if (empty($postData['password'])) { // modify to pass default validation // TODO think about better solution $postData[Account_Form_Account::ELEMENT_PASSWORD] = 'notchanged'; $postData[Account_Form_Account::ELEMENT_CONFIRM_PASSWORD] = 'notchanged'; $isPasswordChanged = false; } // check if username was provided and if it may be changed if (!isset($postData['username']) || isset($config->account->editPasswordOnly) && $config->account->editPasswordOnly || isset($config->account->changeLogin) && !$config->account->changeLogin) { $postData['username'] = $login; } $postData['oldLogin'] = $login; if ($accountForm->isValid($postData)) { $account = new Opus_Account(null, null, $login); $newLogin = $postData['username']; $password = $postData['password']; $firstname = $postData['firstname']; $lastname = $postData['lastname']; $email = $postData['email']; $isLoginChanged = false; if (isset($config->account->editPasswordOnly) && !$config->account->editPasswordOnly) { $account->setFirstName($firstname); $account->setLastName($lastname); $account->setEmail($email); $logger->debug('login = '******'new login = '******'admin') { $logger->debug('login changed'); $account->setLogin($newLogin); } } if ($isPasswordChanged) { $logger->debug('Password changed'); $account->setPassword($password); } $account->store(); if ($isLoginChanged || $isPasswordChanged) { Zend_Auth::getInstance()->clearIdentity(); } } else { $actionUrl = $this->view->url(array('action' => 'save')); $accountForm->setAction($actionUrl); return $this->renderForm($accountForm); } } $this->_helper->redirector('index'); }
/** * Updates account information. */ public function updateAction() { if ($this->getRequest()->isPost()) { $button = $this->getRequest()->getParam('cancel'); if (isset($button)) { $this->_helper->redirector('index'); return; } $id = $this->getRequest()->getParam('id'); $accountForm = new Admin_Form_Account($id); $postData = $this->getRequest()->getPost(); $passwordChanged = true; if (empty($postData['password'])) { // modify to pass default validation // TODO think about better solution (validation context?) $postData['password'] = '******'; $postData['confirmPassword'] = '******'; $passwordChanged = false; } $account = new Opus_Account($id); $postData['oldLogin'] = strtolower($account->getLogin()); if ($accountForm->isValid($postData)) { $account->setFirstName($postData['firstname']); $account->setLastName($postData['lastname']); $account->setEmail($postData['email']); $oldLogin = strtolower($account->getLogin()); // update login name $newLogin = $postData['username']; if ($newLogin !== $oldLogin) { $account->setLogin($newLogin); $loginChanged = true; } else { $loginChanged = false; } // update password if ($passwordChanged) { $password = $postData['password']; $account->setPassword($password); } // update roles $newRoles = Admin_Form_Account::parseSelectedRoles($postData); // TODO optimize code $hasAdministratorRole = false; foreach ($newRoles as $role) { if (strtolower($role->getDisplayName()) === 'administrator') { $hasAdministratorRole = true; break; } } $currentUser = Zend_Auth::getInstance()->getIdentity(); $isCurrentUser = $currentUser === $oldLogin ? true : false; if (!$hasAdministratorRole && $isCurrentUser) { $newRoles[] = Opus_UserRole::fetchByName('administrator'); } $account->setRole($newRoles); $account->store(); if ($isCurrentUser && ($loginChanged || $passwordChanged)) { Zend_Auth::getInstance()->clearIdentity(); } } else { $actionUrl = $this->view->url(array('action' => 'update', 'id' => $id)); $accountForm->setAction($actionUrl); $this->view->form = $accountForm; $this->view->title = 'admin_account_edit'; return $this->renderScript('account/edit.phtml'); } } $this->_helper->redirector('index'); }
* * LICENCE * OPUS is free software; you can redistribute it and/or modify it under the * terms of the GNU General Public License as published by the Free Software * Foundation; either version 2 of the Licence, or any later version. * OPUS is distributed in the hope that it will be useful, but WITHOUT ANY * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more * details. You should have received a copy of the GNU General Public License * along with OPUS; if not, write to the Free Software Foundation, Inc., 51 * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. * * @category Application * @author Thoralf Klein <*****@*****.**> * @copyright Copyright (c) 2009-2010, OPUS 4 development team * @license http://www.gnu.org/licenses/gpl.html General Public License * @version $Id: change-password.php 8423 2011-05-27 16:58:20Z sszott $ */ // Bootstrapping require_once dirname(__FILE__) . '/common/bootstrap.php'; $programm = array_shift($argv); if (count($argv) < 2) { echo "usage: {$programm} [name of existing user] [new password]\n"; exit; } $username = array_shift($argv); $password = array_shift($argv); // Set passwort of $user to $password. $a = new Opus_Account(null, null, $username); $a->setPassword($password)->store();
/** * Performs an authentication attempt * * @throws Zend_Auth_Adapter_Exception If authentication cannot be performed. * @return Zend_Auth_Result */ public function authenticate() { // Try to get the account information try { $account = new Opus_Account(null, null, $this->_login); } catch (Exception $ex) { return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND, $this->_login, array('auth_error_invalid_credentials')); } // Check if password is correcct, but for old hashes. Neede for // migrating md5-hashed passwords to SHA1-hashes. if ($account->isPasswordCorrectOldHash($this->_password) === true) { Zend_Registry::get('Zend_Log')->warn('Migrating old password-hash for user: '******'auth_login_success')); } return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, $this->_login, array('auth_error_invalid_credentials')); }