/**
*
* @param \Doctrine\ODM\MongoDB\Event\LifecycleEventArgs $eventArgs
*/
public function prePersist(LifecycleEventArgs $eventArgs)
{
$document = $eventArgs->getDocument();
$documentManager = $eventArgs->getDocumentManager();
$metadata = $documentManager->getClassMetadata(get_class($document));
if (isset($metadata->crypt['hash'])) {
foreach ($metadata->crypt['hash'] as $field => $config) {
HashService::hashField($field, $document, $metadata);
}
}
if (isset($metadata->crypt['blockCipher'])) {
foreach ($metadata->crypt['blockCipher'] as $field => $config) {
BlockCipherService::encryptField($field, $document, $metadata);
}
}
}
/**
* This will start the credential reset process for an identity.
* If the identity is found in the db, a new token is created, and
* that token is sent to the identity's email.
*
* @param type $data
* @return type
* @throws Exception\LoginFailedException
*/
public function create($data)
{
$documentManager = $this->options->getDocumentManager();
$identityMetadata = $documentManager->getClassMetadata($this->options->getIdentityClass());
$criteria = [];
if (isset($data['identityName']) && !$data['identityName'] == '') {
$criteria['identityName'] = $data['identityName'];
}
if (isset($data['email']) && $data['email'] != '') {
$criteria['email'] = BlockCipherService::encryptValue($data['email'], $identityMetadata->crypt['blockCipher']['email']);
}
if (count($criteria) == 0) {
throw new Exception\InvalidArgumentException('Either identityName or email must be provided');
}
$identityRepository = $documentManager->getRepository($this->options->getIdentityClass());
$identity = $identityRepository->findOneBy($criteria);
if (!isset($identity)) {
throw new Exception\DocumentNotFoundException();
}
// create unique recovery code
$code = base64_encode(Hash::hash(time(), $identity->getIdentityName()));
$code = substr($code, 0, strlen($code) - 2);
$expiry = $this->options->getExpiry();
// delete any existing tokens for the identity
$documentManager->createQueryBuilder($this->options->getDocumentClass())->remove()->field('identityName')->equals($identity->getIdentityName())->getQuery()->execute();
parent::create(['code' => $code, 'identityName' => $identity->getIdentityName(), 'expires' => $expiry + time()]);
//remove the Location header so the token isn't exposed in the response
$headers = $this->response->getHeaders();
$headers->removeHeader($headers->get('Location'));
$link = '/rest/' . $this->options->getEndpoint() . '/' . $code;
// Create email body
$body = new ViewModel(['identityName' => $identity->getIdentityName(), 'link' => $link, 'hours' => $expiry / (60 * 60)]);
$body->setTemplate('email/forgot-credential');
// Send the email
$mail = new Message();
$mail->setBody($this->options->getEmailRenderer()->render($body))->setFrom($this->options->getMailFrom())->addTo(BlockCipherService::decryptValue($identity->getEmail(), $identityMetadata->crypt['blockCipher']['email']))->setSubject($this->options->getMailSubject());
$this->options->getMailTransport()->send($mail);
$this->response->setStatusCode(201);
return $this->response;
}
public function testBlockCipher()
{
$documentManager = $this->documentManager;
$testDoc = new Simple();
$testDoc->setName('Toby');
$documentManager->persist($testDoc);
$documentManager->flush();
$id = $testDoc->getId();
$documentManager->clear();
$repository = $documentManager->getRepository(get_class($testDoc));
$testDoc = $repository->find($id);
$this->assertNotEquals('Toby', $testDoc->getName());
BlockCipherService::decryptDocument($testDoc, $documentManager->getClassMetadata(get_class($testDoc)));
$this->assertEquals('Toby', $testDoc->getName());
$testDoc->setName('Lucy');
$documentManager->flush();
$documentManager->clear();
$testDoc = $repository->find($id);
$this->assertNotEquals('Lucy', $testDoc->getName());
BlockCipherService::decryptDocument($testDoc, $documentManager->getClassMetadata(get_class($testDoc)));
$this->assertEquals('Lucy', $testDoc->getName());
}
public function testUpdateIdentity()
{
$documentManager = $this->documentManager;
$this->routeMatch->setParam('id', 'lucy');
$this->request->setMethod(Request::METHOD_PUT);
$this->request->getHeaders()->addHeader(GenericHeader::fromString('Content-type: application/json'));
$this->request->setContent('{
"lastname":"Smiles",
"email":"*****@*****.**"
}');
$result = $this->getController()->dispatch($this->request, $this->response);
$returnArray = $result->getVariables();
$this->assertEquals('lucy', $returnArray['identityName']);
$this->assertEquals('Smiles', $returnArray['lastname']);
//load the identity from db
$documentManager->clear();
$repository = $documentManager->getRepository($this->controller->getOptions()->getDocumentClass());
$identity = $repository->findOneBy(['identityName' => 'lucy']);
$this->assertTrue(isset($identity));
$this->assertEquals('Smiles', $identity->getLastname());
$this->assertEquals('Lucy', $identity->getFirstname());
$this->assertNotEquals('*****@*****.**', $identity->getEmail());
//check that the email can be retireved
BlockCipherService::decryptDocument($identity, $documentManager->getClassMetadata($this->controller->getOptions()->getDocumentClass()));
$this->assertEquals('*****@*****.**', $identity->getEmail());
}
