Example #1
0
 /**
  * Set admin as current user
  */
 public function auth()
 {
     $userService = $this->apiRepository->getUserService();
     $user = $userService->loadUserByLogin('admin');
     // login user for API
     $this->apiRepository->setCurrentUser($user);
 }
Example #2
0
 /**
  * If user is logged-in in legacy_mode (e.g. legacy admin interface),
  * will inject currently logged-in user in the repository.
  *
  * @param GetResponseEvent $event
  */
 public function onKernelRequest(GetResponseEvent $event)
 {
     /** @var \eZ\Publish\Core\MVC\ConfigResolverInterface $configResolver */
     $request = $event->getRequest();
     $session = $request->getSession();
     if ($event->getRequestType() !== HttpKernelInterface::MASTER_REQUEST || !$this->configResolver->getParameter('legacy_mode') || !($session->isStarted() && $session->has('eZUserLoggedInID'))) {
         return;
     }
     try {
         $apiUser = $this->repository->getUserService()->loadUser($session->get('eZUserLoggedInID'));
         $this->repository->setCurrentUser($apiUser);
         $token = $this->tokenStorage->getToken();
         if ($token instanceof TokenInterface) {
             $token->setUser(new User($apiUser));
             // Don't embed if we already have a LegacyToken, to avoid nested session storage.
             if (!$token instanceof LegacyToken) {
                 $this->tokenStorage->setToken(new LegacyToken($token));
             }
         }
     } catch (NotFoundException $e) {
         // Invalid user ID, the user may have been removed => invalidate the token and the session.
         $this->tokenStorage->setToken(null);
         $session->invalidate();
     }
 }
Example #3
0
 /**
  * Initializes eZ Publish related service shortcuts.
  *
  * @param Schema $schema
  */
 protected function pre(Schema $schema)
 {
     $this->repository = $this->container->get('ezpublish.api.repository');
     $this->userService = $this->repository->getUserService();
     $this->defaultMigrationUser = $this->container->getParameter('ezpublish_migrations.ez_user');
     $this->currentMigrationUser = $this->defaultMigrationUser;
     $this->setDefaultMigrationUser();
 }
Example #4
0
 /**
  * @param \eZ\Publish\API\Repository\Repository $repository
  * @param ConfigResolverInterface|\Psr\Log\LoggerInterface $resolver
  */
 public function __construct(Repository $repository, ConfigResolverInterface $resolver)
 {
     $this->repository = $repository;
     $this->searchService = $this->repository->getSearchService();
     $this->locationService = $this->repository->getLocationService();
     $this->contentService = $this->repository->getContentService();
     $this->languageService = $this->repository->getContentLanguageService();
     $this->userService = $this->repository->getUserService();
     $this->contentTypeService = $this->repository->getContentTypeService();
     $this->configResolver = $resolver;
 }
Example #5
0
 /**
  * @param $login
  * @param $email
  * @param $firstName
  * @param $lastName
  * @return User
  */
 public function createNewUser($login, $email, $firstName, $lastName)
 {
     $userService = $this->repository->getUserService();
     $userCreateStruct = $userService->newUserCreateStruct($login, $email, md5($email . $login . time() . rand(1, 10000)), 'eng-GB', $this->repository->getContentTypeService()->loadContentTypeByIdentifier('user'));
     $userCreateStruct->setField('first_name', $firstName);
     $userCreateStruct->setField('last_name', $lastName);
     $user = $this->repository->sudo(function () use($userService, $userCreateStruct) {
         $userGroup = $userService->loadUserGroup('11');
         // guest accounts
         return $userService->createUser($userCreateStruct, array($userGroup));
     });
     return $user;
 }
Example #6
0
 /**
  * Refreshes the user for the account interface.
  *
  * It is up to the implementation to decide if the user data should be
  * totally reloaded (e.g. from the database), or if the UserInterface
  * object can just be merged into some internal array of users / identity
  * map.
  *
  * @param \Symfony\Component\Security\Core\User\UserInterface $user
  *
  * @throws \Symfony\Component\Security\Core\Exception\UnsupportedUserException
  *
  * @return \Symfony\Component\Security\Core\User\UserInterface
  */
 public function refreshUser(CoreUserInterface $user)
 {
     if (!$user instanceof UserInterface) {
         throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_class($user)));
     }
     try {
         $refreshedAPIUser = $this->repository->getUserService()->loadUser($user->getAPIUser()->id);
         $user->setAPIUser($refreshedAPIUser);
         $this->repository->setCurrentUser($refreshedAPIUser);
         return $user;
     } catch (NotFoundException $e) {
         throw new UsernameNotFoundException($e->getMessage(), 0, $e);
     }
 }
Example #7
0
 /**
  * Loads the user for the given user ID.
  * $user can be either the user ID or an instance of \eZ\Publish\Core\MVC\Symfony\Security\User
  * (anonymous user we try to check access via SecurityContext::isGranted())
  *
  * @param string|\eZ\Publish\Core\MVC\Symfony\Security\User $user Either the user ID to load an instance of User object. A value of -1 represents an anonymous user.
  *
  * @return \eZ\Publish\Core\MVC\Symfony\Security\UserInterface
  *
  * @throws \Symfony\Component\Security\Core\Exception\UsernameNotFoundException if the user is not found
  */
 public function loadUserByUsername($user)
 {
     try {
         // SecurityContext always tries to authenticate anonymous users when checking granted access.
         // In that case $user is an instance of \eZ\Publish\Core\MVC\Symfony\Security\User.
         // We don't need to reload the user here.
         if ($user instanceof UserInterface) {
             return $user;
         }
         return new User($this->repository->getUserService()->loadUserByLogin($user), array('ROLE_USER'));
     } catch (NotFoundException $e) {
         throw new UsernameNotFoundException($e->getMessage(), 0, $e);
     }
 }
Example #8
0
 /**
  * If user is logged-in in legacy_mode (e.g. legacy admin interface),
  * will inject currently logged-in user in the repository.
  *
  * @param GetResponseEvent $event
  */
 public function onKernelRequest(GetResponseEvent $event)
 {
     /** @var \eZ\Publish\Core\MVC\ConfigResolverInterface $configResolver */
     $request = $event->getRequest();
     if ($event->getRequestType() !== HttpKernelInterface::MASTER_REQUEST || !$this->configResolver->getParameter('legacy_mode') || !$request->getSession()->has('eZUserLoggedInID')) {
         return;
     }
     $apiUser = $this->repository->getUserService()->loadUser($request->getSession()->get('eZUserLoggedInID'));
     $this->repository->setCurrentUser($apiUser);
     $token = $this->securityContext->getToken();
     if ($token instanceof TokenInterface) {
         $token->setUser(new User($apiUser));
         $token->setAuthenticated(true);
     }
 }
Example #9
0
 /**
  * Tries to retrieve a valid eZ user if authenticated user doesn't come from the repository (foreign user provider).
  * Will dispatch an event allowing listeners to return a valid eZ user for current authenticated user.
  * Will by default let the repository load the anonymous user.
  *
  * @param \Symfony\Component\Security\Http\Event\InteractiveLoginEvent $event
  */
 public function onInteractiveLogin(BaseInteractiveLoginEvent $event)
 {
     $token = $event->getAuthenticationToken();
     $originalUser = $token->getUser();
     if ($originalUser instanceof eZUser || !$originalUser instanceof UserInterface) {
         return;
     }
     /*
      * 1. Send the event.
      * 2. If no eZ user is returned, load Anonymous user.
      * 3. Inject eZ user in repository.
      * 4. Create the UserWrapped user object (implementing eZ UserInterface) with loaded eZ user.
      * 5. Create new token with UserWrapped user
      * 6. Inject the new token in security context
      */
     $subLoginEvent = new InteractiveLoginEvent($event->getRequest(), $token);
     $this->eventDispatcher->dispatch(MVCEvents::INTERACTIVE_LOGIN, $subLoginEvent);
     if ($subLoginEvent->hasAPIUser()) {
         $apiUser = $subLoginEvent->getAPIUser();
     } else {
         $apiUser = $this->repository->getUserService()->loadUser($this->configResolver->getParameter("anonymous_user_id"));
     }
     $this->repository->setCurrentUser($apiUser);
     $providerKey = method_exists($token, 'getProviderKey') ? $token->getProviderKey() : __CLASS__;
     $interactiveToken = new InteractiveLoginToken($this->getUser($originalUser, $apiUser), get_class($token), $token->getCredentials(), $providerKey, $token->getRoles());
     $interactiveToken->setAttributes($token->getAttributes());
     $this->securityContext->setToken($interactiveToken);
 }
Example #10
0
 private function mapContentCreateToUserCreate(RestContentCreateStruct $restContentCreateStruct)
 {
     $contentCreateStruct = $restContentCreateStruct->contentCreateStruct;
     $userCreateStruct = new UserCreateStruct();
     $fields = array();
     foreach ($contentCreateStruct->fields as $field) {
         // @todo fix hardcode user_account
         if ($field->value instanceof UserFieldValue) {
             $userCreateStruct->login = $field->value->login;
             $userCreateStruct->email = $field->value->email;
             $userCreateStruct->password = $field->value->passwordHash;
             $field->value->passwordHash = null;
             $foundUserField = true;
         }
         $userCreateStruct->fields[] = $field;
     }
     if (!isset($foundUserField)) {
         return false;
     }
     $properties = ['contentType', 'sectionId', 'ownerId', 'alwaysAvailable', 'remoteId', 'mainLanguageCode', 'modificationDate'];
     foreach ($properties as $property) {
         if (isset($contentCreateStruct->{$property})) {
             $userCreateStruct->{$property} = $contentCreateStruct->{$property};
         }
     }
     $userGroup = $this->repository->getUserService()->loadUserGroup($restContentCreateStruct->locationCreateStruct->parentLocationId);
     return [$userCreateStruct, $userGroup];
 }
Example #11
0
 /**
  * Get User Service
  *
  * Get service object to perform operations on Users and UserGroup
  *
  * @return \eZ\Publish\API\Repository\UserService
  */
 public function getUserService()
 {
     if ($this->userService !== null) {
         return $this->userService;
     }
     $this->userService = new UserService($this->repository->getUserService(), $this->signalDispatcher);
     return $this->userService;
 }
Example #12
0
 /**
  * {@inheritdoc}
  */
 protected function initialize(InputInterface $input, OutputInterface $output)
 {
     $input;
     // phpmd trick
     $output;
     // phpmd trick
     $this->eZPublishRepository = $this->getContainer()->get("ezpublish.api.repository");
     $this->eZPublishRepository->setCurrentUser($this->eZPublishRepository->getUserService()->loadUser(14));
 }
Example #13
0
 /**
  * Builds the API UserGroupRoleAssignment object from provided SPI RoleAssignment object
  *
  * @param \eZ\Publish\SPI\Persistence\User\RoleAssignment $spiRoleAssignment
  * @param \eZ\Publish\API\Repository\Values\User\UserGroup $userGroup
  * @param \eZ\Publish\API\Repository\Values\User\Role $role
  *
  * @return \eZ\Publish\API\Repository\Values\User\UserGroupRoleAssignment
  */
 public function buildDomainUserGroupRoleAssignmentObject(SPIRoleAssignment $spiRoleAssignment, UserGroup $userGroup = null, APIRole $role = null)
 {
     $limitation = null;
     if (!empty($spiRoleAssignment->limitationIdentifier)) {
         $limitation = $this->getLimitationType($spiRoleAssignment->limitationIdentifier)->buildValue($spiRoleAssignment->values);
     }
     $userGroup = $userGroup ?: $this->repository->getUserService()->loadUserGroup($spiRoleAssignment->contentId);
     $role = $role ?: $this->loadRole($spiRoleAssignment->roleId);
     return new UserGroupRoleAssignment(array('limitation' => $limitation, 'role' => $role, 'userGroup' => $userGroup));
 }
Example #14
0
 public function __construct(Repository $repository, CategoryServiceInterface $categoryService, PostServiceInterface $postService)
 {
     $this->repository = $repository;
     $this->categoryService = $categoryService;
     $this->postService = $postService;
     $this->searchService = $repository->getSearchService();
     $this->contentService = $repository->getContentService();
     $this->locationService = $repository->getLocationService();
     $this->contentTypeService = $repository->getContentTypeService();
     $this->userService = $repository->getUserService();
 }
Example #15
0
 /**
  * @param UserEvent $event
  */
 public function onImplicitLogin(UserEvent $event)
 {
     $originalUser = $event->getUser();
     if ($originalUser instanceof eZUser || !$originalUser instanceof UserInterface) {
         return;
     }
     // Already Authenticated Token ( we are in ImplicitLogin of FOS)
     $token = $this->tokenStorage->getToken();
     $subLoginEvent = new InteractiveLoginEvent($event->getRequest(), $token);
     $this->eventDispatcher->dispatch(MVCEvents::INTERACTIVE_LOGIN, $subLoginEvent);
     if ($subLoginEvent->hasAPIUser()) {
         $apiUser = $subLoginEvent->getAPIUser();
     } else {
         $apiUser = $this->repository->getUserService()->loadUser($this->configResolver->getParameter('anonymous_user_id'));
     }
     $this->repository->setCurrentUser($apiUser);
     $providerKey = method_exists($token, 'getProviderKey') ? $token->getProviderKey() : __CLASS__;
     $interactiveToken = new InteractiveLoginToken(new UserWrapped($originalUser, $apiUser), get_class($token), $token->getCredentials(), $providerKey, $token->getRoles());
     $interactiveToken->setAttributes($token->getAttributes());
     $this->tokenStorage->setToken($interactiveToken);
 }
Example #16
0
 protected function checkAuthentication(UserInterface $user, UsernamePasswordToken $token)
 {
     if (!$user instanceof EzUserInterface) {
         return parent::checkAuthentication($user, $token);
     }
     // $currentUser can either be an instance of UserInterface or just the username (e.g. during form login).
     /** @var EzUserInterface|string $currentUser */
     $currentUser = $token->getUser();
     if ($currentUser instanceof UserInterface) {
         if ($currentUser->getAPIUser()->passwordHash !== $user->getAPIUser()->passwordHash) {
             throw new BadCredentialsException('The credentials were changed from another session.');
         }
         $apiUser = $currentUser->getAPIUser();
     } else {
         try {
             $apiUser = $this->repository->getUserService()->loadUserByCredentials($token->getUsername(), $token->getCredentials());
         } catch (NotFoundException $e) {
             throw new BadCredentialsException('Invalid credentials', 0, $e);
         }
     }
     // Finally inject current user in the Repository
     $this->repository->setCurrentUser($apiUser);
 }
Example #17
0
 /**
  * @see \eZ\Publish\API\Repository\RoleService::getRoleAssignmentsForUser()
  */
 public function getRoleAssignmentsForUser(User $user, $inherited = false)
 {
     if ($this->repository->hasAccess('role', 'read') !== true) {
         throw new UnauthorizedException('role', 'read');
     }
     $roleAssignments = array();
     $spiRoleAssignments = $this->userHandler->loadRoleAssignmentsByGroupId($user->id, $inherited);
     foreach ($spiRoleAssignments as $spiRoleAssignment) {
         $role = $this->loadRole($spiRoleAssignment->roleId);
         if (!$inherited || $spiRoleAssignment->contentId == $user->id) {
             $roleAssignments[] = $this->roleDomainMapper->buildDomainUserRoleAssignmentObject($spiRoleAssignment, $user, $role);
         } else {
             $userGroup = $this->repository->getUserService()->loadUserGroup($spiRoleAssignment->contentId);
             $roleAssignments[] = $this->roleDomainMapper->buildDomainUserGroupRoleAssignmentObject($spiRoleAssignment, $userGroup, $role);
         }
     }
     return $roleAssignments;
 }
Example #18
0
 /**
  * Validates input ContentType create struct.
  *
  * @throws \eZ\Publish\Core\Base\Exceptions\InvalidArgumentException
  * @throws \eZ\Publish\Core\Base\Exceptions\InvalidArgumentType
  * @throws \eZ\Publish\Core\Base\Exceptions\InvalidArgumentValue
  *
  * @param \eZ\Publish\API\Repository\Values\ContentType\ContentTypeCreateStruct $contentTypeCreateStruct
  *
  * @return void
  */
 protected function validateInputContentTypeCreateStruct(APIContentTypeCreateStruct $contentTypeCreateStruct)
 {
     // Required properties
     if ($contentTypeCreateStruct->identifier === null) {
         throw new InvalidArgumentException("\$contentTypeCreateStruct", "Property 'identifier' is required");
     }
     if (!is_string($contentTypeCreateStruct->identifier)) {
         throw new InvalidArgumentType("\$contentTypeCreateStruct->identifier", "string", $contentTypeCreateStruct->identifier);
     }
     if ($contentTypeCreateStruct->identifier === "") {
         throw new InvalidArgumentValue("\$contentTypeCreateStruct->identifier", $contentTypeCreateStruct->identifier);
     }
     if ($contentTypeCreateStruct->mainLanguageCode === null) {
         throw new InvalidArgumentException("\$contentTypeCreateStruct", "Property 'mainLanguageCode' is required");
     }
     if (!is_string($contentTypeCreateStruct->mainLanguageCode)) {
         throw new InvalidArgumentType("\$contentTypeCreateStruct->mainLanguageCode", "string", $contentTypeCreateStruct->mainLanguageCode);
     }
     if ($contentTypeCreateStruct->mainLanguageCode === "") {
         throw new InvalidArgumentValue("\$contentTypeCreateStruct->mainLanguageCode", $contentTypeCreateStruct->mainLanguageCode);
     }
     if ($contentTypeCreateStruct->names !== null) {
         $this->domainMapper->validateTranslatedList($contentTypeCreateStruct->names, "\$contentTypeCreateStruct->names");
     }
     if (!isset($contentTypeCreateStruct->names[$contentTypeCreateStruct->mainLanguageCode]) || $contentTypeCreateStruct->names[$contentTypeCreateStruct->mainLanguageCode] === "") {
         throw new InvalidArgumentException("\$contentTypeCreateStruct->names", "At least one name in the main language is required");
     }
     // Optional properties
     if ($contentTypeCreateStruct->descriptions !== null) {
         $this->domainMapper->validateTranslatedList($contentTypeCreateStruct->descriptions, "\$contentTypeCreateStruct->descriptions");
     }
     if ($contentTypeCreateStruct->defaultSortField !== null && !$this->domainMapper->isValidLocationSortField($contentTypeCreateStruct->defaultSortField)) {
         throw new InvalidArgumentValue("\$contentTypeCreateStruct->defaultSortField", $contentTypeCreateStruct->defaultSortField);
     }
     if ($contentTypeCreateStruct->defaultSortOrder !== null && !$this->domainMapper->isValidLocationSortOrder($contentTypeCreateStruct->defaultSortOrder)) {
         throw new InvalidArgumentValue("\$contentTypeCreateStruct->defaultSortOrder", $contentTypeCreateStruct->defaultSortOrder);
     }
     if ($contentTypeCreateStruct->creatorId !== null) {
         $this->repository->getUserService()->loadUser($contentTypeCreateStruct->creatorId);
     }
     if ($contentTypeCreateStruct->creationDate !== null && !$contentTypeCreateStruct->creationDate instanceof DateTime) {
         throw new InvalidArgumentType("\$contentTypeCreateStruct->creationDate", "DateTime", $contentTypeCreateStruct->creationDate);
     }
     if ($contentTypeCreateStruct->defaultAlwaysAvailable !== null && !is_bool($contentTypeCreateStruct->defaultAlwaysAvailable)) {
         throw new InvalidArgumentType("\$contentTypeCreateStruct->defaultAlwaysAvailable", "boolean", $contentTypeCreateStruct->defaultAlwaysAvailable);
     }
     if ($contentTypeCreateStruct->isContainer !== null && !is_bool($contentTypeCreateStruct->isContainer)) {
         throw new InvalidArgumentType("\$contentTypeCreateStruct->isContainer", "boolean", $contentTypeCreateStruct->isContainer);
     }
     if ($contentTypeCreateStruct->remoteId !== null && !is_string($contentTypeCreateStruct->remoteId)) {
         throw new InvalidArgumentType("\$contentTypeCreateStruct->remoteId", "string", $contentTypeCreateStruct->remoteId);
     }
     if ($contentTypeCreateStruct->nameSchema !== null && !is_string($contentTypeCreateStruct->nameSchema)) {
         throw new InvalidArgumentType("\$contentTypeCreateStruct->nameSchema", "string", $contentTypeCreateStruct->nameSchema);
     }
     if ($contentTypeCreateStruct->urlAliasSchema !== null && !is_string($contentTypeCreateStruct->urlAliasSchema)) {
         throw new InvalidArgumentType("\$contentTypeCreateStruct->urlAliasSchema", "string", $contentTypeCreateStruct->urlAliasSchema);
     }
     if (empty($contentTypeCreateStruct->fieldDefinitions)) {
         throw new InvalidArgumentException("\$contentTypeCreateStruct", "Argument must contain at least one FieldDefinitionCreateStruct");
     }
     foreach ($contentTypeCreateStruct->fieldDefinitions as $key => $fieldDefinitionCreateStruct) {
         if (!$fieldDefinitionCreateStruct instanceof FieldDefinitionCreateStruct) {
             throw new InvalidArgumentType("\$contentTypeCreateStruct->fieldDefinitions[{$key}]", "eZ\\Publish\\API\\Repository\\Values\\ContentType\\FieldDefinitionCreateStruct", $fieldDefinitionCreateStruct);
         }
         $this->validateInputFieldDefinitionCreateStruct($fieldDefinitionCreateStruct, "\$contentTypeCreateStruct->fieldDefinitions[{$key}]");
     }
 }
Example #19
0
 /**
  * Sets the current ez user to the user with the given user name.
  *
  * @param string $username
  */
 private function setMigrationUser($username)
 {
     $this->repository->setCurrentUser($this->repository->getUserService()->loadUserByLogin($username));
 }
Example #20
0
 public function login($username, $password)
 {
     $this->repository->setCurrentUser($this->repository->getUserService()->loadUserByCredentials($username, $password));
 }
Example #21
0
 public function authenticate(TokenInterface $token)
 {
     $token = parent::authenticate($token);
     $this->repository->setCurrentUser($this->repository->getUserService()->loadUser($this->configResolver->getParameter('anonymous_user_id')));
     return $token;
 }