public function setUp()
{
parent::setUp();
$this->enableSecurity();
$userRole = new Opus_UserRole();
$userRole->setName($this->roleName);
$userRole->appendAccessModule('admin');
$userRole->appendAccessModule('resource_series');
$userRole->store();
$user = new Opus_Account();
$user->setLogin($this->userName);
$user->setPassword('seriesadminpwd');
$user->addRole($userRole);
$user->store();
$this->loginUser($this->userName, 'seriesadminpwd');
}
public function addAction()
{
$this->_helper->layout()->disableLayout();
$this->_helper->viewRenderer->setNoRender(true);
$request = $this->getRequest();
$login = $request->getParam('login');
$password = $request->getParam('password');
$userRoles = $request->getParam('user-roles');
$testAccount = Opus_Account::fetchAccountByLogin($login);
if (!is_null($testAccount)) {
$this->getResponse()->setHttpResponseCode(400);
$this->getResponse()->setBody("ERROR: Account '{$login}' already exists.");
return;
}
$account = new Opus_Account();
$account->setLogin($login);
$account->setPassword($password);
foreach (explode(",", $userRoles) as $roleName) {
$roleName = trim($roleName);
$role = Opus_UserRole::fetchByName($roleName);
if ($role instanceof Opus_UserRole) {
$account->addRole($role);
} else {
$this->getResponse()->setHttpResponseCode(400);
$this->getResponse()->setBody("ERROR: Role '{$roleName}' does not exist.");
return;
}
}
try {
$account->store();
} catch (Opus_Security_Exception $e) {
$this->getResponse()->setHttpResponseCode(400);
$this->getResponse()->setBody("ERROR: " . $e->getMessage());
return;
}
$this->getResponse()->setBody('SUCCESS');
}
/**
* Performs an authentication attempt
*
* @throws Zend_Auth_Adapter_Exception If authentication cannot be performed.
* @return Zend_Auth_Result
*/
public function authenticate()
{
$config = new Zend_Config_Ini('../application/configs/config.ini', 'production');
$log_path = $config->ldap->log_path;
$admins = explode(',', $config->ldap->admin_accounts);
$options = $config->ldap->toArray();
unset($options['log_path']);
unset($options['admin_accounts']);
try {
// first check local DB with parent class
$result = parent::authenticate();
$user = new Zend_Session_Namespace('loggedin');
$user->usernumber = $this->_login;
} catch (Exception $e) {
throw $e;
}
if ($result->isValid() !== true) {
try {
$auth = Zend_Auth::getInstance();
$adapter = new Zend_Auth_Adapter_Ldap($options, $this->_login, $this->_password);
$result = $auth->authenticate($adapter);
// log the result if a log path has been defined in config.ini
if ($log_path) {
$messages = $result->getMessages();
$logger = new Zend_Log();
$logger->addWriter(new Zend_Log_Writer_Stream($log_path));
$filter = new Zend_Log_Filter_Priority(Zend_Log::DEBUG);
$logger->addFilter($filter);
foreach ($messages as $i => $message) {
if ($i-- > 1) {
// $messages[2] and up are log messages
$message = str_replace("\n", "\n ", $message);
$logger->log("Ldap: {$i}: {$message}", Zend_Log::DEBUG);
}
}
}
// if authentication was successfull and user is not already in OPUS DB
// register user as publisher to OPUS database
try {
$account = new Opus_Account(null, null, $this->_login);
} catch (Exception $ex) {
if ($result->isValid() === true) {
$user = new Zend_Session_Namespace('loggedin');
$user->usernumber = $this->_login;
$account = new Opus_Account();
$account->setLogin($this->_login);
$account->setPassword($this->_password);
$account->store();
$roles = Opus_Role::getAll();
// look for the publisher role in OPUS DB
foreach ($roles as $role) {
if ($role->getDisplayName() === 'publisher') {
$publisherId = $role->getId();
}
if ($role->getDisplayName() === 'administrator') {
$adminId = $role->getId();
}
}
if ($publisherId > 0) {
$accessRole = new Opus_Role($publisherId);
} else {
// if there is no publisher role in DB, create it
$accessRole = new Opus_Role();
$accessRole->setName('publisher');
// the publisher role needs publish access!
$privilege = new Opus_Privilege();
$privilege->setPrivilege('publish');
$accessRole->addPrivilege($privilege);
$accessRole->store();
}
if ($adminId > 0) {
$adminRole = new Opus_Role($adminId);
} else {
// if there is no publisher role in DB, create it
$adminRole = new Opus_Role();
$adminRole->setName('administrator');
// the publisher role needs publish access!
$adminprivilege = new Opus_Privilege();
$adminprivilege->setPrivilege('administrate');
$adminRole->addPrivilege($adminprivilege);
$adminRole->store();
}
if (in_array($this->_login, $admins) === true) {
$account->addRole($adminRole);
} else {
$account->addRole($accessRole);
}
$account->store();
}
}
} catch (Zend_Auth_Adapter_Exception $e) {
throw $e;
}
}
return $result;
}
public function testDeleteActionDeleteSelf()
{
$user = new Opus_Account();
$user->setLogin('john');
$user->setPassword('testpwd');
$user->store();
$this->loginUser('john', 'testpwd');
$this->dispatch('/admin/account/delete/id/' . $user->getId());
$this->assertController('account');
$this->assertAction('delete');
$this->assertRedirect('/admin/account/index');
$user = new Opus_Account(null, null, 'john');
$this->assertNotNull($user);
$user->delete();
}
/**
* Save account information.
* @return <type>
*
* TODO move logic into model or form
*/
public function saveAction()
{
$login = Zend_Auth::getInstance()->getIdentity();
$config = $this->getConfig();
$logger = $this->getLogger();
if (!empty($login) && $this->getRequest()->isPost()) {
$accountForm = new Account_Form_Account();
$account = new Opus_Account(null, null, $login);
$accountForm->populateFromModel($account);
$postData = $this->getRequest()->getPost();
$isPasswordChanged = true;
if (empty($postData['password'])) {
// modify to pass default validation
// TODO think about better solution
$postData[Account_Form_Account::ELEMENT_PASSWORD] = 'notchanged';
$postData[Account_Form_Account::ELEMENT_CONFIRM_PASSWORD] = 'notchanged';
$isPasswordChanged = false;
}
// check if username was provided and if it may be changed
if (!isset($postData['username']) || isset($config->account->editPasswordOnly) && $config->account->editPasswordOnly || isset($config->account->changeLogin) && !$config->account->changeLogin) {
$postData['username'] = $login;
}
$postData['oldLogin'] = $login;
if ($accountForm->isValid($postData)) {
$account = new Opus_Account(null, null, $login);
$newLogin = $postData['username'];
$password = $postData['password'];
$firstname = $postData['firstname'];
$lastname = $postData['lastname'];
$email = $postData['email'];
$isLoginChanged = false;
if (isset($config->account->editPasswordOnly) && !$config->account->editPasswordOnly) {
$account->setFirstName($firstname);
$account->setLastName($lastname);
$account->setEmail($email);
$logger->debug('login = '******'new login = '******'admin') {
$logger->debug('login changed');
$account->setLogin($newLogin);
}
}
if ($isPasswordChanged) {
$logger->debug('Password changed');
$account->setPassword($password);
}
$account->store();
if ($isLoginChanged || $isPasswordChanged) {
Zend_Auth::getInstance()->clearIdentity();
}
} else {
$actionUrl = $this->view->url(array('action' => 'save'));
$accountForm->setAction($actionUrl);
return $this->renderForm($accountForm);
}
}
$this->_helper->redirector('index');
}
/**
* Updates account information.
*/
public function updateAction()
{
if ($this->getRequest()->isPost()) {
$button = $this->getRequest()->getParam('cancel');
if (isset($button)) {
$this->_helper->redirector('index');
return;
}
$id = $this->getRequest()->getParam('id');
$accountForm = new Admin_Form_Account($id);
$postData = $this->getRequest()->getPost();
$passwordChanged = true;
if (empty($postData['password'])) {
// modify to pass default validation
// TODO think about better solution (validation context?)
$postData['password'] = '******';
$postData['confirmPassword'] = '******';
$passwordChanged = false;
}
$account = new Opus_Account($id);
$postData['oldLogin'] = strtolower($account->getLogin());
if ($accountForm->isValid($postData)) {
$account->setFirstName($postData['firstname']);
$account->setLastName($postData['lastname']);
$account->setEmail($postData['email']);
$oldLogin = strtolower($account->getLogin());
// update login name
$newLogin = $postData['username'];
if ($newLogin !== $oldLogin) {
$account->setLogin($newLogin);
$loginChanged = true;
} else {
$loginChanged = false;
}
// update password
if ($passwordChanged) {
$password = $postData['password'];
$account->setPassword($password);
}
// update roles
$newRoles = Admin_Form_Account::parseSelectedRoles($postData);
// TODO optimize code
$hasAdministratorRole = false;
foreach ($newRoles as $role) {
if (strtolower($role->getDisplayName()) === 'administrator') {
$hasAdministratorRole = true;
break;
}
}
$currentUser = Zend_Auth::getInstance()->getIdentity();
$isCurrentUser = $currentUser === $oldLogin ? true : false;
if (!$hasAdministratorRole && $isCurrentUser) {
$newRoles[] = Opus_UserRole::fetchByName('administrator');
}
$account->setRole($newRoles);
$account->store();
if ($isCurrentUser && ($loginChanged || $passwordChanged)) {
Zend_Auth::getInstance()->clearIdentity();
}
} else {
$actionUrl = $this->view->url(array('action' => 'update', 'id' => $id));
$accountForm->setAction($actionUrl);
$this->view->form = $accountForm;
$this->view->title = 'admin_account_edit';
return $this->renderScript('account/edit.phtml');
}
}
$this->_helper->redirector('index');
}
*
* LICENCE
* OPUS is free software; you can redistribute it and/or modify it under the
* terms of the GNU General Public License as published by the Free Software
* Foundation; either version 2 of the Licence, or any later version.
* OPUS is distributed in the hope that it will be useful, but WITHOUT ANY
* WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details. You should have received a copy of the GNU General Public License
* along with OPUS; if not, write to the Free Software Foundation, Inc., 51
* Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
* @category Application
* @author Thoralf Klein <*****@*****.**>
* @copyright Copyright (c) 2009-2010, OPUS 4 development team
* @license http://www.gnu.org/licenses/gpl.html General Public License
* @version $Id: change-password.php 8423 2011-05-27 16:58:20Z sszott $
*/
// Bootstrapping
require_once dirname(__FILE__) . '/common/bootstrap.php';
$programm = array_shift($argv);
if (count($argv) < 2) {
echo "usage: {$programm} [name of existing user] [new password]\n";
exit;
}
$username = array_shift($argv);
$password = array_shift($argv);
// Set passwort of $user to $password.
$a = new Opus_Account(null, null, $username);
$a->setPassword($password)->store();
/**
* Performs an authentication attempt
*
* @throws Zend_Auth_Adapter_Exception If authentication cannot be performed.
* @return Zend_Auth_Result
*/
public function authenticate()
{
// Try to get the account information
try {
$account = new Opus_Account(null, null, $this->_login);
} catch (Exception $ex) {
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND, $this->_login, array('auth_error_invalid_credentials'));
}
// Check if password is correcct, but for old hashes. Neede for
// migrating md5-hashed passwords to SHA1-hashes.
if ($account->isPasswordCorrectOldHash($this->_password) === true) {
Zend_Registry::get('Zend_Log')->warn('Migrating old password-hash for user: '******'auth_login_success'));
}
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, $this->_login, array('auth_error_invalid_credentials'));
}
