public static function registerModule()
{
Consumer::registerModule();
Token::registerModule();
Access::registerModule();
Account::registerModule();
}
public function setupDatabaseContent()
{
$this->createIdentification('Student', 'Schüler / Eltern');
$this->createIdentification('Teacher', 'Lehrer');
$this->createIdentification('Management', 'Verwaltung');
$this->createIdentification('System', 'System');
$tblConsumer = Consumer::useService()->getConsumerById(1);
$tblIdentification = $this->getIdentificationByName('System');
$tblRole = Access::useService()->getRoleByName('Administrator');
// System (Gerd)
$tblToken = Token::useService()->getTokenByIdentifier('ccccccdilkui');
$tblAccount = $this->createAccount('System', 'System', $tblToken, $tblConsumer);
$this->addAccountAuthentication($tblAccount, $tblIdentification);
$this->addAccountAuthorization($tblAccount, $tblRole);
// System (Jens)
$tblToken = Token::useService()->getTokenByIdentifier('ccccccectjge');
$tblAccount = $this->createAccount('Kmiezik', 'System', $tblToken, $tblConsumer);
$this->addAccountAuthentication($tblAccount, $tblIdentification);
$this->addAccountAuthorization($tblAccount, $tblRole);
// System (Sidney)
$tblToken = Token::useService()->getTokenByIdentifier('ccccccectjgt');
$tblAccount = $this->createAccount('Rackel', 'System', $tblToken, $tblConsumer);
$this->addAccountAuthentication($tblAccount, $tblIdentification);
$this->addAccountAuthorization($tblAccount, $tblRole);
// System (Johannes)
$tblToken = Token::useService()->getTokenByIdentifier('ccccccectjgr');
$tblAccount = $this->createAccount('Kauschke', 'System', $tblToken, $tblConsumer);
$this->addAccountAuthentication($tblAccount, $tblIdentification);
$this->addAccountAuthorization($tblAccount, $tblRole);
}
/**
* @param null|string $CredentialKey
*
* @return Stage
*/
public function frontendYubiKey($CredentialKey)
{
$Stage = new Stage('Hardware-Schlüssel', 'YubiKey');
$tblTokenAll = Token::useService()->getTokenAll();
if ($tblTokenAll) {
array_walk($tblTokenAll, function (TblToken &$tblToken) {
/** @noinspection PhpUndefinedFieldInspection */
$tblToken->Name = strtoupper($tblToken->getIdentifier());
strtoupper($tblToken->getIdentifier());
if ($tblToken->getSerial() % 2 != 0) {
/** @noinspection PhpUndefinedFieldInspection */
$tblToken->Number = '0' . $tblToken->getSerial();
} else {
/** @noinspection PhpUndefinedFieldInspection */
$tblToken->Number = $tblToken->getSerial();
}
/** @noinspection PhpUndefinedFieldInspection */
$tblToken->Number = substr($tblToken->Number, 0, 4) . ' ' . substr($tblToken->Number, 4, 4);
/** @noinspection PhpUndefinedFieldInspection */
$tblToken->Option = new Danger('Löschen', '/Platform/Gatekeeper/Authorization/Access/PrivilegeGrantRight', new Remove(), array('Id' => $tblToken->getId()), 'Löschen');
});
}
$Stage->setContent(($tblTokenAll ? new TableData($tblTokenAll, new Title('Bestehende Hardware-Schlüssel'), array('Name' => 'Name', 'Number' => 'Seriennummer')) : new Warning('Keine Hardware-Schlüssel vorhanden')) . Token::useService()->createToken(new Form(new FormGroup(new FormRow(new FormColumn(new PasswordField('CredentialKey', 'YubiKey', 'YubiKey'))), new \SPHERE\Common\Frontend\Form\Repository\Title('Hardware-Schlüssel anlegen')), new Primary('Hinzufügen')), $CredentialKey));
return $Stage;
}
/**
* @return Stage
*/
public static function frontendAccount()
{
$Stage = new Stage('Benutzerkonnten');
$tblAccount = Account::useService()->getAccountBySession();
if ($tblAccount) {
$isSystem = Account::useService()->hasAuthorization($tblAccount, Access::useService()->getRoleByName('Administrator'));
} else {
$isSystem = false;
}
$tblConsumer = Consumer::useService()->getConsumerBySession();
// Token
$tblTokenAll = Token::useService()->getTokenAll();
array_walk($tblTokenAll, function (TblToken &$tblToken) {
if (Account::useService()->getAccountAllByToken($tblToken)) {
$tblToken = false;
} else {
$tblToken = new RadioBox('Account[Token]', implode(' ', str_split($tblToken->getSerial(), 4)), $tblToken->getId());
}
});
$tblTokenAll = array_filter($tblTokenAll);
array_unshift($tblTokenAll, new RadioBox('Account[Token]', new \SPHERE\Common\Frontend\Text\Repository\Danger('KEIN Hardware-Token'), null));
// Identification
$tblIdentificationAll = Account::useService()->getIdentificationAll();
/** @noinspection PhpUnusedParameterInspection */
array_walk($tblIdentificationAll, function (TblIdentification &$tblIdentification, $Index, $isSystem) {
if ($tblIdentification->getName() == 'System' && !$isSystem) {
$tblIdentification = false;
} else {
$tblIdentification = new RadioBox('Account[Identification]', $tblIdentification->getDescription(), $tblIdentification->getId());
}
}, $isSystem);
$tblIdentificationAll = array_filter($tblIdentificationAll);
// Role
$tblRoleAll = Access::useService()->getRoleAll();
/** @noinspection PhpUnusedParameterInspection */
array_walk($tblRoleAll, function (TblRole &$tblRole, $Index, $isSystem) {
if ($tblRole->getName() == 'Administrator' && !$isSystem) {
$tblRole = false;
} else {
$tblRole = new CheckBox('Account[Role][' . $tblRole->getId() . ']', $tblRole->getName(), $tblRole->getId());
}
}, $isSystem);
$tblRoleAll = array_filter($tblRoleAll);
// Account
$tblAccountAll = Account::useService()->getAccountAll();
array_walk($tblAccountAll, function (TblAccount &$tblAccount) {
/** @noinspection PhpUndefinedFieldInspection */
$tblAccount->Option = new Danger('Löschen', '/Platform/Gatekeeper/Authorization/Account/Destroy', new Remove(), array('Id' => $tblAccount->getId()), 'Löschen');
});
$Stage->setContent(($tblAccountAll ? new TableData($tblAccountAll, new Title('Bestehende Benutzerkonnten'), array('Username' => 'Benutzername')) : new Warning('Keine Benutzerkonnten vorhanden')) . new Form(array(new FormGroup(array(new FormRow(array(new FormColumn((new TextField('Account[Name]', 'Benutzername', 'Benutzername', new Person()))->setPrefixValue($tblConsumer->getAcronym()), 4), new FormColumn(new PasswordField('Account[Password]', 'Passwort', 'Passwort', new Lock()), 4), new FormColumn(new PasswordField('Account[PasswordSafety]', 'Passwort wiederholen', 'Passwort wiederholen', new Repeat()), 4)))), new \SPHERE\Common\Frontend\Form\Repository\Title('Benutzerkonnto anlegen')), new FormGroup(array(new FormRow(array(new FormColumn(array(new Panel('Authentifizierungstyp', $tblIdentificationAll)), 4), new FormColumn(array(new Panel('Berechtigungsstufe', $tblRoleAll)), 4), new FormColumn(array(new Panel('Hardware-Token', $tblTokenAll)), 4)))), new \SPHERE\Common\Frontend\Form\Repository\Title('Berechtigungen zuweisen'))), new Primary('Hinzufügen')));
return $Stage;
}
/**
* @param string $Username
* @param string $Password
* @param bool $TokenString
* @param TblIdentification $tblIdentification
*
* @return null|bool
*/
private function isCredentialValid($Username, $Password, $TokenString, TblIdentification $tblIdentification)
{
if (false === ($tblAccount = $this->getAccountByCredential($Username, $Password, $tblIdentification))) {
return false;
} else {
if (false === $TokenString) {
session_regenerate_id();
$this->createSession($tblAccount, session_id());
return true;
} else {
try {
if (Token::useService()->isTokenValid($TokenString)) {
if (false === ($Token = $tblAccount->getServiceTblToken())) {
return null;
} else {
if ($Token->getIdentifier() == substr($TokenString, 0, 12)) {
session_regenerate_id();
$this->createSession($tblAccount, session_id());
return true;
} else {
return null;
}
}
} else {
return null;
}
} catch (\Exception $E) {
return null;
}
}
}
}
/**
* @param IFormInterface $Form
* @param array $Account
*
* @return IFormInterface
*/
public function createAccount(IFormInterface $Form, $Account)
{
if (null === $Account) {
return $Form;
}
$Error = false;
$Username = trim($Account['Name']);
$Password = trim($Account['Password']);
$PasswordSafety = trim($Account['PasswordSafety']);
$tblConsumer = GatekeeperConsumer::useService()->getConsumerBySession();
if (!($tblToken = GatekeeperToken::useService()->getTokenById((int) $Account['Token']))) {
$tblToken = null;
}
if (empty($Username)) {
$Form->setError('Account[Name]', 'Bitte geben Sie einen Benutzernamen an');
$Error = true;
} else {
if (preg_match('!^[a-z0-9]{5,}$!is', $Username)) {
$Username = $tblConsumer->getAcronym() . '-' . $Username;
if (!GatekeeperAccount::useService()->getAccountByUsername($Username)) {
$Form->setSuccess('Account[Name]', '');
} else {
$Form->setError('Account[Name]', 'Der angegebene Benutzername ist bereits vergeben');
$Error = true;
}
} else {
$Form->setError('Account[Name]', 'Der Benutzername darf nur Buchstaben und Zahlen enthalten und muss mindestens 5 Zeichen lang sein');
$Error = true;
}
}
if (empty($Password)) {
$Form->setError('Account[Password]', 'Bitte geben Sie ein Passwort an');
$Error = true;
} else {
if (strlen($Password) >= 8) {
$Form->setSuccess('Account[Password]', '');
} else {
$Form->setError('Account[Password]', 'Das Passwort muss mindestens 8 Zeichen lang sein');
$Error = true;
}
}
if (empty($PasswordSafety)) {
$Form->setError('Account[PasswordSafety]', 'Bitte geben Sie das Passwort erneut an');
$Error = true;
}
if ($Password != $PasswordSafety) {
$Form->setError('Account[Password]', '');
$Form->setError('Account[PasswordSafety]', 'Die beiden Passworte stimmen nicht überein');
$Error = true;
} else {
if (!empty($Password) && !empty($PasswordSafety)) {
$Form->setSuccess('Account[PasswordSafety]', '');
} else {
$Form->setError('Account[PasswordSafety]', '');
}
}
if (!$Error) {
$tblAccount = GatekeeperAccount::useService()->insertAccount($Username, $Password, $tblToken, $tblConsumer);
if ($tblAccount) {
$tblIdentification = GatekeeperAccount::useService()->getIdentificationById($Account['Identification']);
GatekeeperAccount::useService()->addAccountAuthentication($tblAccount, $tblIdentification);
if (isset($Account['Role'])) {
foreach ((array) $Account['Role'] as $Role) {
$tblRole = GatekeeperAccess::useService()->getRoleById($Role);
GatekeeperAccount::useService()->addAccountAuthorization($tblAccount, $tblRole);
}
}
if (isset($Account['User'])) {
$tblPerson = Person::useService()->getPersonById($Account['User']);
GatekeeperAccount::useService()->addAccountPerson($tblAccount, $tblPerson);
}
return new Success('Das Benutzerkonnto wurde erstellt') . new Redirect('/Setting/Authorization/Account', 3);
} else {
return new Danger('Das Benutzerkonnto konnte nicht erstellt werden') . new Redirect('/Setting/Authorization/Account', 3);
}
}
return $Form;
}
/**
* @return bool|\SPHERE\Application\Platform\Gatekeeper\Authorization\Token\Service\Entity\TblToken
*/
public function getServiceTblToken()
{
if (null === $this->serviceTblToken) {
return false;
} else {
return Token::useService()->getTokenById($this->serviceTblToken);
}
}
/**
* @return Form
*/
private function formAccount()
{
$tblConsumer = Consumer::useService()->getConsumerBySession();
// Identification
$tblIdentificationAll = Account::useService()->getIdentificationAll();
array_walk($tblIdentificationAll, function (TblIdentification &$tblIdentification) {
if ($tblIdentification->getName() == 'System') {
$tblIdentification = false;
} else {
switch (strtoupper($tblIdentification->getName())) {
case 'STUDENT':
$Global = $this->getGlobal();
if (!isset($Global->POST['Account']['Identification'])) {
$Global->POST['Account']['Identification'] = $tblIdentification->getId();
$Global->savePost();
}
$Label = $tblIdentification->getDescription();
break;
default:
$Label = $tblIdentification->getDescription() . ' (' . new Key() . ')';
}
$tblIdentification = new RadioBox('Account[Identification]', $Label, $tblIdentification->getId());
}
});
$tblIdentificationAll = array_filter($tblIdentificationAll);
// Role
$tblRoleAll = Access::useService()->getRoleAll();
array_walk($tblRoleAll, function (TblRole &$tblRole) {
if ($tblRole->getName() == 'Administrator') {
$tblRole = false;
} else {
$tblRole = new CheckBox('Account[Role][' . $tblRole->getId() . ']', $tblRole->getName(), $tblRole->getId());
}
});
$tblRoleAll = array_filter($tblRoleAll);
// Token
$Global = $this->getGlobal();
if (!isset($Global->POST['Account']['Token'])) {
$Global->POST['Account']['Token'] = 0;
$Global->savePost();
}
$tblTokenAll = Token::useService()->getTokenAllByConsumer(Consumer::useService()->getConsumerBySession());
array_walk($tblTokenAll, function (TblToken &$tblToken) {
if (Account::useService()->getAccountAllByToken($tblToken)) {
$tblToken = false;
} else {
$tblToken = new RadioBox('Account[Token]', implode(' ', str_split($tblToken->getSerial(), 4)), $tblToken->getId());
}
});
$tblTokenAll = array_filter($tblTokenAll);
array_unshift($tblTokenAll, new RadioBox('Account[Token]', new Danger('KEIN Hardware-Schlüssel'), 0));
// Person
$tblPersonAll = Account::useService()->getPersonAllHavingNoAccount();
if ($tblPersonAll) {
array_walk($tblPersonAll, function (TblPerson &$tblPerson) {
$tblPerson = new RadioBox('Account[User]', $tblPerson->getFullName(), $tblPerson->getId());
});
$tblPersonAll = array_filter($tblPersonAll);
}
return new Form(array(new FormGroup(array(new FormRow(array(new FormColumn(new Panel(new PersonKey() . ' Benutzerkonto hinzufügen', array((new TextField('Account[Name]', 'Benutzername (min. 5 Zeichen)', 'Benutzername', new Person()))->setPrefixValue($tblConsumer->getAcronym()), new PasswordField('Account[Password]', 'Passwort (min. 8 Zeichen)', 'Passwort', new Lock()), new PasswordField('Account[PasswordSafety]', 'Passwort wiederholen', 'Passwort wiederholen', new Repeat())), Panel::PANEL_TYPE_INFO), 4), new FormColumn(array(new Panel(new Nameplate() . ' Berechtigungsstufe zuweisen', $tblRoleAll, Panel::PANEL_TYPE_INFO), new Panel(new Person() . ' Person zuweisen', $tblPersonAll, Panel::PANEL_TYPE_INFO, null, true)), 4), new FormColumn(array(new Panel(new Lock() . ' Authentifizierungstyp wählen', $tblIdentificationAll, Panel::PANEL_TYPE_INFO), new Panel(new Key() . ' Hardware-Schlüssel zuweisen', $tblTokenAll, Panel::PANEL_TYPE_INFO)), 4)))))));
}
