/** * @test */ public function assignAccountToPartyCachesAssignedParty() { $this->mockPersistenceManager->expects($this->any())->method('getIdentifierByObject')->will($this->returnValue('723e3913-f803-42c8-a44c-fd7115f555c3')); $this->partyService->assignAccountToParty($this->account, $this->party); $assignedParty = $this->partyService->getAssignedPartyOfAccount($this->account); $this->assertSame($this->party, $assignedParty); }
/** * Authenticates against a crowd instance. * * @param \TYPO3\Flow\Security\Authentication\TokenInterface $authenticationToken The token to be authenticated * @return void * @throws \TYPO3\Flow\Security\Exception\UnsupportedAuthenticationTokenException */ public function authenticate(TokenInterface $authenticationToken) { if (!$authenticationToken instanceof UsernamePassword) { throw new UnsupportedAuthenticationTokenException('This provider cannot authenticate the given token.', 1217339845); } $credentials = $authenticationToken->getCredentials(); if (is_array($credentials) && isset($credentials['username']) && isset($credentials['password'])) { $crowdAuthenticationResponse = $this->crowdClient->authenticate($credentials['username'], $credentials['password']); if ($crowdAuthenticationResponse !== NULL) { /** @var $account \TYPO3\Flow\Security\Account */ $account = NULL; $providerName = $this->name; $accountRepository = $this->accountRepository; $this->securityContext->withoutAuthorizationChecks(function () use($credentials, $providerName, $accountRepository, &$account) { $account = $accountRepository->findActiveByAccountIdentifierAndAuthenticationProviderName($credentials['username'], $providerName); }); if ($account === NULL) { $account = new Account(); $account->setAuthenticationProviderName($providerName); $account->setAccountIdentifier($credentials['username']); $this->accountRepository->add($account); } $authenticateRole = $this->policyService->getRole($this->options['authenticateRole']); if ($account->hasRole($authenticateRole) === FALSE) { $account->addRole($authenticateRole); } $crowdUser = $this->partyService->getAssignedPartyOfAccount($account); if ($crowdUser instanceof Person) { if ($crowdUser->getName()->getFirstName() !== $crowdAuthenticationResponse['first-name']) { $crowdUser->getName()->setFirstName($crowdAuthenticationResponse['first-name']); $this->partyRepository->update($crowdUser); } if ($crowdUser->getName()->getLastName() !== $crowdAuthenticationResponse['last-name']) { $crowdUser->getName()->setLastName($crowdAuthenticationResponse['last-name']); $this->partyRepository->update($crowdUser); } if ($crowdUser->getPrimaryElectronicAddress()->getIdentifier() !== $crowdAuthenticationResponse['email']) { $crowdUser->getPrimaryElectronicAddress()->setIdentifier($crowdAuthenticationResponse['email']); $this->partyRepository->update($crowdUser); } } else { $crowdUser = new Person(); $crowdUser->setName(new PersonName('', $crowdAuthenticationResponse['first-name'], '', $crowdAuthenticationResponse['last-name'])); $email = new ElectronicAddress(); $email->setIdentifier($crowdAuthenticationResponse['email']); $email->setType(ElectronicAddress::TYPE_EMAIL); $crowdUser->setPrimaryElectronicAddress($email); $this->partyRepository->add($crowdUser); $this->partyService->assignAccountToParty($account, $crowdUser); } $authenticationToken->setAuthenticationStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL); $authenticationToken->setAccount($account); } else { $authenticationToken->setAuthenticationStatus(TokenInterface::WRONG_CREDENTIALS); } } elseif ($authenticationToken->getAuthenticationStatus() !== TokenInterface::AUTHENTICATION_SUCCESSFUL) { $authenticationToken->setAuthenticationStatus(TokenInterface::NO_CREDENTIALS_GIVEN); } }
/** * @param TokenInterface $foreignAccountToken * @param AbstractClientToken $possibleOAuthTokenAuthenticatedWithoutParty */ public function setPartyOfAuthenticatedTokenAndAttachToAccountFor(TokenInterface $foreignAccountToken, AbstractClientToken $possibleOAuthTokenAuthenticatedWithoutParty) { $oauthAccount = $possibleOAuthTokenAuthenticatedWithoutParty->getAccount(); // TODO: this must be properly specifiable (the Roles to add) #$oauthAccount->setRoles(); $this->partyService->assignAccountToParty($oauthAccount, $this->partyService->getAssignedPartyOfAccount($foreignAccountToken)); $this->accountRepository->update($oauthAccount); }
/** * Adds a user whose User object has been created elsewhere * * This method basically "creates" a user like createUser() would, except that it does not create the User * object itself. If you need to create the User object elsewhere, for example in your ActionController, make sure * to call this method for registering the new user instead of adding it to the PartyRepository manually. * * This method also creates a new user workspace for the given user if no such workspace exist. * * @param string $username The username of the user to be created. * @param string $password Password of the user to be created * @param User $user The pre-built user object to start with * @param array $roleIdentifiers A list of role identifiers to assign * @param string $authenticationProviderName Name of the authentication provider to use. Example: "Typo3BackendProvider" * @return User The same user object * @api */ public function addUser($username, $password, User $user, array $roleIdentifiers = null, $authenticationProviderName = null) { if ($roleIdentifiers === null) { $roleIdentifiers = array('TYPO3.Neos:Editor'); } $roleIdentifiers = $this->normalizeRoleIdentifiers($roleIdentifiers); $account = $this->accountFactory->createAccountWithPassword($username, $password, $roleIdentifiers, $authenticationProviderName ?: $this->defaultAuthenticationProviderName); $this->partyService->assignAccountToParty($account, $user); $this->partyRepository->add($user); $this->accountRepository->add($account); $this->createPersonalWorkspace($user, $account); $this->emitUserCreated($user); return $user; }
/** * @param Account $account * @param array $userdata * @return \TYPO3\Flow\Security\Account */ protected function updateAccount(Account $account, array $userdata) { $person = $this->partyService->getAssignedPartyOfAccount($account); if ($person === null) { $person = new Person(); $this->partyRepository->add($person); $this->partyService->assignAccountToParty($account, $person); } if (!$account->getRoles()) { $account->setRoles(array($this->policyService->getRole('T3DD.Backend:Authenticated'))); } $this->updatePerson($person, $userdata); $this->accountRepository->update($account); $this->persistenceManager->persistAll(); return $account; }