private function passwordIsHashedWhenSavingUser() { $user = $this->imagineUserRecord(); $plaintext_password = $user->password; $user->save(); $saved_user = \app\models\user\UserRecord::findOne($user->id); $security = new \yii\base\Security(); $this->assertInstanceOf(get_class($user), $saved_user); $this->assertTrue($security->validatePassword($plaintext_password, $saved_user->password)); }
/** * Logs in a user. * * @return mixed */ public function onAuthSuccess($client) { $data = Yii::$app->getRequest()->getQueryParam("auth_key"); if (!$this->getInviteKey($data)) { Yii::$app->session->setFlash("error", "Not have permision"); return $this->redirect(["/"]); } $attributes = $client->getUserAttributes(); /** @var Auth $auth */ $auth = Auth::find()->where(['source' => $client->getId(), 'source_id' => $attributes['id']])->one(); if (Yii::$app->user->isGuest) { if ($auth) { $user = $auth->user; Yii::$app->user->login($user); return $this->redirect("site/user"); } else { // signup $email = isset($attributes['email']) ? $attributes['email'] : ""; $invite = Invitation::find()->where(['send_key' => $data, 'email' => $email])->one(); if (isset($attributes['name']) && !empty($invite)) { $password = Yii::$app->security->generateRandomString(8); if (!isset($attributes['email'])) { $attributes['email'] = ''; } $fileName = null; $picturePath = null; if (isset($attributes['picture']) && isset($attributes['picture']['data']) && isset($attributes['picture']['data']['url'])) { $picturePath = $attributes['picture']['data']['url']; } elseif (isset($attributes['profile_image_url'])) { $picturePath = $attributes['profile_image_url']; } // COMMENT: ADD PHOTO FROM FACEBOOK DATA TO DATABASE method file_put_contents - http://php.net/manual/ru/function.file-put-contents.php if ($picturePath) { $photoFile = file_get_contents($picturePath); $security = new \yii\base\Security(); $fileName = $security->generateRandomString() . '.jpg'; $directory = Yii::getAlias('@frontend/web/' . Yii::$app->params['user-photos-directory']); file_put_contents($directory . DIRECTORY_SEPARATOR . $fileName, $photoFile); } $user = new User(['username' => $attributes['name'], 'email' => $attributes['email'], 'password' => $password, 'image' => $fileName, 'sex' => !empty($attributes['gender']) ? $attributes['gender'] : "", 'country' => !empty($attributes['hometown']['name']) ? $attributes['hometown']['name'] : "", 'created_at' => time(), 'updated_at' => time()]); $user->generateAuthKey(); $user->generatePasswordResetToken(); $transaction = $user->getDb()->beginTransaction(); if ($user->save()) { $auth = new Auth(['user_id' => $user->id, 'source' => $client->getId(), 'source_id' => (string) $attributes['id'], 'email' => $attributes['email']]); $invite->status = Invitation::STATUS_SIGNUP; $invite->save(); if ($auth->save()) { $transaction->commit(); Yii::$app->user->login($user); return $this->redirect(["/"]); } else { print_r($auth->getErrors()); } } else { print_r($user->getErrors()); } } else { Yii::$app->session->setFlash("error", "Email not equals"); return $this->redirect(['site/invite', 'auth_key' => $data]); } } } else { // user already logged in if (!$auth) { // add auth provider $auth = new Auth(['user_id' => Yii::$app->user->id, 'source' => $client->getId(), 'source_id' => $attributes['id']]); $auth->save(); } } }
public function isValidOTPCookie($cookie, $username, $secret, $timeout, $time = null) { if ($time === null) { $time = time(); } if (!$cookie || empty($cookie->value) || !is_string($cookie->value)) { return false; } $parts = explode(":", $cookie->value, 2); if (count($parts) != 2) { return false; } list($creationTime, $hash) = $parts; $data = ['username' => $username, 'time' => (int) $creationTime, 'timeout' => $timeout]; $security = new \yii\base\Security(); $validHash = $security->hashData(serialize($data), $secret); return ($timeout <= 0 || $creationTime + $timeout >= $time) && $hash === $validHash; }