public function testShouldRejectExistingIfNotOwnedByMember()
{
$this->setExpectedException('ValidationException');
$this->member->logIn();
$this->address1->MemberID = 0;
$this->address1->write();
$this->assertTrue($this->config->validateData(array('BillingAddressBookCheckoutComponent_BillingAddressID' => $this->address1->ID)));
}
/**
* If the REMOTE_USER is set and is in the Member table, log that member in. If
* not, and Config::inst()->get('AuthRemoteUserExtension', 'auto_create_user') is set, add that
* Member to the configured group, and log the new user in. Otherwise, do nothing.
*/
public function onAfterInit()
{
if (isset($_SERVER['REMOTE_USER'])) {
$unique_identifier = $_SERVER['REMOTE_USER'];
} elseif (isset($_SERVER['REDIRECT_REMOTE_USER'])) {
$unique_identifier = $_SERVER['REDIRECT_REMOTE_USER'];
}
if (isset($unique_identifier)) {
$unique_identifier_field = Member::config()->unique_identifier_field;
$member = Member::get()->filter($unique_identifier_field, $unique_identifier)->first();
if ($member) {
$member->logIn();
$this->owner->redirectBack();
} elseif (Config::inst()->get('AuthRemoteUserExtension', 'auto_create_user') && strlen(Config::inst()->get('AuthRemoteUserExtension', 'auto_user_group'))) {
$group = Group::get()->filter('Title', Config::inst()->get('AuthRemoteUserExtension', 'auto_user_group'))->first();
if ($group) {
$member = new Member();
$member->{$unique_identifier_field} = $unique_identifier;
$member->write();
$member->Groups()->add($group);
$member->logIn();
}
}
}
}
/**
* Assertion Consumer Service
*
* The user gets sent back here after authenticating with the IdP, off-site.
* The earlier redirection to the IdP can be found in the SAMLAuthenticator::authenticate.
*
* After this handler completes, we end up with a rudimentary Member record (which will be created on-the-fly
* if not existent), with the user already logged in. Login triggers memberLoggedIn hooks, which allows
* LDAP side of this module to finish off loading Member data.
*
* @throws OneLogin_Saml2_Error
*/
public function acs()
{
$auth = Injector::inst()->get('SAMLHelper')->getSAMLAuth();
$auth->processResponse();
$error = $auth->getLastErrorReason();
if (!empty($error)) {
SS_Log::log($error, SS_Log::ERR);
Form::messageForForm("SAMLLoginForm_LoginForm", "Authentication error: '{$error}'", 'bad');
Session::save();
return $this->getRedirect();
}
if (!$auth->isAuthenticated()) {
Form::messageForForm("SAMLLoginForm_LoginForm", _t('Member.ERRORWRONGCRED'), 'bad');
Session::save();
return $this->getRedirect();
}
$decodedNameId = base64_decode($auth->getNameId());
// check that the NameID is a binary string (which signals that it is a guid
if (ctype_print($decodedNameId)) {
Form::messageForForm("SAMLLoginForm_LoginForm", "Name ID provided by IdP is not a binary GUID.", 'bad');
Session::save();
return $this->getRedirect();
}
// transform the NameId to guid
$guid = LDAPUtil::bin_to_str_guid($decodedNameId);
if (!LDAPUtil::validGuid($guid)) {
$errorMessage = "Not a valid GUID '{$guid}' recieved from server.";
SS_Log::log($errorMessage, SS_Log::ERR);
Form::messageForForm("SAMLLoginForm_LoginForm", $errorMessage, 'bad');
Session::save();
return $this->getRedirect();
}
// Write a rudimentary member with basic fields on every login, so that we at least have something
// if LDAP synchronisation fails.
$member = Member::get()->filter('GUID', $guid)->limit(1)->first();
if (!($member && $member->exists())) {
$member = new Member();
$member->GUID = $guid;
}
$attributes = $auth->getAttributes();
foreach ($member->config()->claims_field_mappings as $claim => $field) {
if (!isset($attributes[$claim][0])) {
SS_Log::log(sprintf('Claim rule \'%s\' configured in LDAPMember.claims_field_mappings, but wasn\'t passed through. Please check IdP claim rules.', $claim), SS_Log::WARN);
continue;
}
$member->{$field} = $attributes[$claim][0];
}
$member->SAMLSessionIndex = $auth->getSessionIndex();
// This will throw an exception if there are two distinct GUIDs with the same email address.
// We are happy with a raw 500 here at this stage.
$member->write();
// This will trigger LDAP update through LDAPMemberExtension::memberLoggedIn.
// Both SAML and LDAP identify Members by the GUID field.
$member->logIn();
return $this->getRedirect();
}
/**
* @param \Member $user
* @return ApiSession
*/
public static function createSession($user)
{
$user->logIn();
/** @var \Member $user */
$user = \DataObject::get(\Config::inst()->get('BaseRestController', 'Owner'))->byID($user->ID);
// create session
$session = ApiSession::create();
$session->User = $user;
$session->Token = AuthFactory::generate_token($user);
return $session;
}
function activate($data, $form, $request)
{
//Check if there's a temp member with a Verification Code equal to this
//if there is, register the new member and log him in
//if not, tell him the code is wrong
//Check if this member already exists
$tempMember = TempMember::codeExists($data);
if (!$tempMember) {
$form->sessionMessage(_t("Register.REGISTRATION ERROR", "There's no account waiting for activation with this code.\n\t\t\t\t\t\t\t\t\t If you already have an account log in here <a href=\"my-events/\">here</a>"), 'bad');
Director::redirectBack();
return;
}
// Create a new Member object
$member = new Member();
$member->FirstName = $tempMember->FirstName;
$member->Surname = $tempMember->Surname;
$member->Phone = $tempMember->Phone;
$member->Email = $tempMember->Email;
$member->Password = $tempMember->Password;
$member->ReceiveMail = $tempMember->ReceiveMail;
$member->ReceiveMail = $tempMember->ReceiveMail;
$member->RequestListedAsPresenter = $tempMember->RequestListedAsPresenter;
$member->LocationAddress = $tempMember->LocationAddress;
$member->LocationLatitude = $tempMember->LocationLatitude;
$member->LocationLongitude = $tempMember->LocationLongitude;
$member->Description = $tempMember->Description;
// Write to db.
// This needs to happen before we add it to a group
$member->write();
if ($tempMember->RequestListedAsPresenter) {
$presentorApproval = new PresentorApproval();
$presentorApproval->MemberID = $member->ID;
$presentorApproval->MemberName = $tempMember->FirstName . ' ' . $tempMember->Surname;
$presentorApproval->Message = $tempMember->Description;
$presentorApproval->Email = $tempMember->Email;
$presentorApproval->Confirmation = 'Pending';
$presentorApproval->IsDone = false;
$presentorApproval->write();
}
$tempMember->delete();
$member->logIn();
// Add the member to User Group
// Check if it exists first
if ($group = DataObject::get_one('Group', 'ID = 3')) {
$member->Groups()->add($group);
// Redirect based on URL
// TO EDIT
Director::redirect('SuccessVerification');
} else {
$form->sessionMessage(_t("Register.REGISTRATION ERROR", "Your registration wasn't successful please try again"), 'bad');
Director::redirectBack();
}
}
/**
* Adds or modifies a job on the website.
*
* @param array $data
* @param Form $form
*/
public function doJobForm()
{
$data = $this->request->postVars();
$form = new JobBoardForm($this);
$form->loadDataFrom($data);
$existed = false;
if (!isset($data['JobID']) && !$data['JobID']) {
$job = new Job();
} else {
$job = Job::get()->byId($data['JobID']);
$existed = true;
if ($job && !$job->canEdit()) {
return $this->owner->httpError(404);
} else {
$job = new Job();
}
}
$form->saveInto($job);
$job->isActive = true;
$job->write();
Session::set('JobID', $job->ID);
$member = Member::get()->filter(array('Email' => $data['Email']))->first();
if (!$member) {
$member = new Member();
$member->Email = $SQL_email;
$member->FirstName = isset($data['Company']) ? $data['Company'] : false;
$password = Member::create_new_password();
$member->Password = $password;
$member->write();
$member->addToGroupByCode('job-posters', _t('Jobboard.JOBPOSTERSGROUP', 'Job Posters'));
}
$member->logIn();
$job->MemberID = $member->ID;
$job->write();
if (!$existed) {
$email = new Email();
$email->setSubject($data['EmailSubject']);
$email->setFrom($data['EmailFrom']);
$email->setTo($member->Email);
// send the welcome email.
$email->setTemplate('JobPosting');
$email->populateTemplate(array('Member' => $member, 'Password' => isset($password) ? $password : false, 'FirstPost' => $password ? true : false, 'Holder' => $this, 'Job' => $job));
if ($notify = $form->getController()->getJobNotifyAddress()) {
$email->setBcc($notify);
}
$email->send();
}
return $this->redirect($data['BackURL']);
}
/**
* Log the user in via an existing Facebook account connection.
*
* @return SS_HTTPResponse
**/
public function login()
{
$form = $this->Form();
if ($this->request->getVar("error")) {
$form->sessionMessage("Unable to obtain access to Facebook.", "bad");
return $this->renderWith(array("FacebookController", "Page", "Controller"));
}
$facebookApp = FacebookApp::get()->first();
if (!$facebookApp || !$facebookApp->EnableFacebookLogin) {
$form->sessionMessage("Facebook Login is disabled.", "bad");
} else {
if ($member = Member::currentUser()) {
$member->logOut();
}
$facebook = $facebookApp->getFacebook();
$user = $facebook->getUser();
if ($user) {
$member = Member::get()->filter("FacebookUserID", $user)->first();
if ($member) {
$member->logIn();
$form->sessionMessage("You have logged in with your Facebook account.", "good");
$member->extend("onAfterMemberLogin");
} else {
if ($facebookApp->EnableFacebookSignup) {
// Attempt to sign the user up.
$member = new Member();
// Load the user from Faceook
$user_profile = $facebook->api("/me");
if ($user_profile) {
// Fill in the required fields.
$access_token = Session::get("fb_" . $facebookApp->FacebookConsumerKey . "_access_token");
$signup = $member->connectFacebookAccount($user_profile, $access_token, $facebookApp->config()->get("required_user_fields"));
if ($signup->valid()) {
$member->logIn();
$form->sessionMessage("You have signed up with your Facbeook account.", "good");
// Facebook Hooks
$this->extend("onAfterFacebookSignup", $member);
} else {
$form->sessionMessage($signup->message(), "bad");
}
} else {
$form->sessionMessage("Unable to load your Facbeook account.", "bad");
}
} else {
$form->sessionMessage("Unable to log in with Facebook.", "bad");
}
}
} else {
$params = $facebookApp->getLoginUrlParams();
$url = $facebook->getLoginUrl($params);
if ($url) {
return $this->redirect($url, 302);
} else {
$form->sessionMessage("Unable to login to Facebook at this time.", "bad");
}
}
}
// Extend Failed facebook login
if (!Member::currentUser()) {
$this->extend("onAfterFailedFacebookLogin");
}
return $this->renderWith(array("FacebookController", "Page", "Controller"));
}
public function testSetsOwnerOnFirstWrite()
{
Session::set('loggedInAs', null);
$member1 = new Member();
$member1->write();
$member2 = new Member();
$member2->write();
$file1 = new File();
$file1->write();
$this->assertEquals(0, $file1->OwnerID, 'Owner not written when no user is logged in');
$member1->logIn();
$file2 = new File();
$file2->write();
$this->assertEquals($member1->ID, $file2->OwnerID, 'Owner written when user is logged in');
$member2->logIn();
$file2->forceChange();
$file2->write();
$this->assertEquals($member1->ID, $file2->OwnerID, 'Owner not overwritten on existing files');
}
/**
* No validation errors occured, so we register the customer and send
* mails with further instructions for the double opt-in procedure.
*
* @param SS_HTTPRequest $data SS session data
* @param Form $form the form object
* @param array $formData CustomHTMLForms session data
* @param bool $doRedirect Set to true to redirect after submitSuccess
*
* @return void
*
* @author Sebastian Diel <*****@*****.**>,
* Roland Lehmann <*****@*****.**>,
* Sascha Koehler <*****@*****.**>
* @since 28.01.2015
*/
protected function submitSuccess($data, $form, $formData, $doRedirect = true)
{
$anonymousCustomer = false;
/*
* Logout anonymous users and save their shoppingcart temporarily.
*/
if (SilvercartCustomer::currentUser()) {
$anonymousCustomer = SilvercartCustomer::currentUser();
SilvercartCustomer::currentUser()->logOut();
}
// Aggregate Data and set defaults
$formData['MemberID'] = Member::currentUserID();
$formData['Locale'] = Translatable::get_current_locale();
if ($this->demandBirthdayDate()) {
$formData['Birthday'] = $formData['BirthdayYear'] . '-' . $formData['BirthdayMonth'] . '-' . $formData['BirthdayDay'];
if ($this->UseMinimumAgeToOrder()) {
if (!SilvercartConfig::CheckMinimumAgeToOrder($formData['Birthday'])) {
$this->errorMessages['BirthdayDay'] = array('message' => SilvercartConfig::MinimumAgeToOrderError(), 'fieldname' => _t('SilvercartPage.BIRTHDAY'), 'BirthdayDay' => array('message' => SilvercartConfig::MinimumAgeToOrderError()));
$this->errorMessages['BirthdayMonth'] = array('message' => SilvercartConfig::MinimumAgeToOrderError(), 'fieldname' => _t('SilvercartPage.BIRTHDAY'), 'BirthdayMonth' => array('message' => SilvercartConfig::MinimumAgeToOrderError()));
$this->errorMessages['BirthdayYear'] = array('message' => SilvercartConfig::MinimumAgeToOrderError(), 'fieldname' => _t('SilvercartPage.BIRTHDAY'), 'BirthdayYear' => array('message' => SilvercartConfig::MinimumAgeToOrderError()));
$this->setSubmitSuccess(false);
return $this->submitFailure($data, $form);
}
}
}
// Create new regular customer and perform a log in
$customer = new Member();
// Pass shoppingcart to registered customer and delete the anonymous
// customer.
if ($anonymousCustomer) {
$newShoppingCart = $anonymousCustomer->getCart()->duplicate(true);
foreach ($anonymousCustomer->getCart()->SilvercartShoppingCartPositions() as $shoppingCartPosition) {
$newShoppingCartPosition = $shoppingCartPosition->duplicate(false);
$newShoppingCartPosition->SilvercartShoppingCartID = $newShoppingCart->ID;
$newShoppingCartPosition->write();
$shoppingCartPosition->transferToNewPosition($newShoppingCartPosition);
}
$customer->SilvercartShoppingCartID = $newShoppingCart->ID;
$anonymousCustomer->delete();
}
$customer->castedUpdate($formData);
$customer->write();
$customer->logIn();
$customer->changePassword($formData['Password']);
$customerGroup = $this->getTargetCustomerGroup($formData);
if ($customerGroup) {
$customer->Groups()->add($customerGroup);
}
// Create ShippingAddress for customer and populate it with registration data
$address = new SilvercartAddress();
$address->castedUpdate($formData);
$country = DataObject::get_by_id('SilvercartCountry', (int) $formData['Country']);
if ($country) {
$address->SilvercartCountryID = $country->ID;
}
$address->write();
$this->extend('updateRegisteredAddress', $address, $data, $form, $formData);
//connect the ShippingAddress and the InvoiceAddress to the customer
$customer->SilvercartShippingAddressID = $address->ID;
$customer->SilvercartInvoiceAddressID = $address->ID;
$customer->SilvercartAddresses()->add($address);
$customer->write();
// Remove from the anonymous newsletter recipients list
if (SilvercartAnonymousNewsletterRecipient::doesExist($customer->Email)) {
$recipient = SilvercartAnonymousNewsletterRecipient::getByEmailAddress($customer->Email);
if ($recipient->NewsletterOptInStatus) {
$customer->NewsletterOptInStatus = 1;
$customer->NewsletterConfirmationHash = $recipient->NewsletterOptInConfirmationHash;
$customer->write();
}
SilvercartAnonymousNewsletterRecipient::removeByEmailAddress($customer->Email);
}
if ($customer->SubscribedToNewsletter && !$customer->NewsletterOptInStatus) {
SilvercartNewsletter::subscribeRegisteredCustomer($customer);
}
$this->extend('updateRegisteredCustomer', $customer, $data, $form, $formData);
if ($doRedirect) {
// Redirect to welcome page
if (array_key_exists('backlink', $formData) && !empty($formData['backlink'])) {
$this->controller->redirect($formData['backlink']);
} else {
$this->controller->redirect($this->controller->PageByIdentifierCode('SilvercartRegisterConfirmationPage')->Link());
}
}
}
/**
* Test that a member can be authenticated via their temp id
*/
public function testAuthenticateByTempID()
{
$member = new Member();
$member->Email = '*****@*****.**';
$member->PasswordEncryption = "sha1";
$member->Password = "******";
$member->write();
// Make form
$controller = new Security();
$form = new Form($controller, 'Form', new FieldList(), new FieldList());
// If the user has never logged in, then the tempid should be empty
$tempID = $member->TempIDHash;
$this->assertEmpty($tempID);
// If the user logs in then they have a temp id
$member->logIn(true);
$tempID = $member->TempIDHash;
$this->assertNotEmpty($tempID);
// Test correct login
$result = MemberAuthenticator::authenticate(array('tempid' => $tempID, 'Password' => 'mypassword'), $form);
$this->assertNotEmpty($result);
$this->assertEquals($result->ID, $member->ID);
$this->assertEmpty($form->Message());
// Test incorrect login
$form->clearMessage();
$result = MemberAuthenticator::authenticate(array('tempid' => $tempID, 'Password' => 'notmypassword'), $form);
$this->assertEmpty($result);
$this->assertEquals('The provided details don't seem to be correct. Please try again.', $form->Message());
$this->assertEquals('bad', $form->MessageType());
}
/**
* Creates an anonymous customer if there's no currentMember object.
*
* @return Member
*
* @author Sebastian Diel <*****@*****.**>,
* Sascha Koehler <*****@*****.**>
* @since 15.11.2014
*/
public static function createAnonymousCustomer()
{
$member = self::currentUser();
if (!$member) {
$member = new Member();
$member->write();
// Add customer to intermediate group
$customerGroup = Group::get()->filter('Code', 'anonymous')->first();
if ($customerGroup) {
$member->Groups()->add($customerGroup);
}
$member->logIn(true);
}
return $member;
}
