public function testRegistration() { Yii::app()->controller = new YumRegistrationController('registration'); $user = new YumRegistrationForm(); $user->username = '******'; $this->assertFalse($user->validate()); $user->username = '******'; $user->password = '******'; $user->password = '******'; $this->assertFalse($user->validate()); $user->setAttributes(array('username' => 'A_Testuser', 'password' => 'hiddenpassword1', 'verifyPassword' => 'hiddenpassword1')); $this->assertTrue($user->validate()); $profile = new YumRegistrationForm(); $profile->setAttributes(array('firstname' => 'My first Name !"§$%&/()=', 'lastname' => 'My last Name !"§$%&/()=<?php die() ?>', 'password' => 'hiddenpassword1', 'verifyPassword' => 'hiddenpassword1')); $profile->setAttributes($user->getAttributes()); $this->assertTrue($profile->validate()); // it is good that $_POST is bloated here because we want to test if // only safe Attributes are being assigned: $_POST['YumRegistrationForm'] = $user->getAttributes(); $_POST['YumProfile'] = $profile->getAttributes(); }
public function loginByFacebook() { if (!Yum::module()->loginType & UserModule::LOGIN_BY_FACEBOOK) { throw new Exception('actionFacebook was called, but is not activated in application configuration'); } Yii::app()->user->logout(); Yii::import('application.modules.user.vendors.facebook.*'); $facebook = new Facebook(Yum::module()->facebookConfig); $fb_uid = $facebook->getUser(); if ($fb_uid) { $profile = YumProfile::model()->findByAttributes(array('facebook_id' => $fb_uid)); $user = $profile ? YumUser::model()->findByPk($profile->user_id) : null; try { $fb_user = $facebook->api('/me'); if (isset($fb_user['email'])) { $profile = YumProfile::model()->findByAttributes(array('email' => $fb_user['email'])); } else { return false; } if ($user === null && $profile === null) { // New account $user = new YumUser(); $user->username = '******' . YumRegistrationForm::genRandomString(Yum::module()->usernameRequirements['maxLen'] - 3); $user->password = YumUser::encrypt(YumUserChangePassword::createRandomPassword()); $user->activationKey = YumUser::encrypt(microtime() . $user->password); $user->createtime = time(); $user->superuser = 0; if ($user->save()) { $profile = new YumProfile(); $profile->user_id = $user->id; $profile->facebook_id = $fb_user['id']; $profile->email = $fb_user['email']; $profile->save(false); } } else { //No superuser account can log in using Facebook $user = $profile->user; if ($user->superuser) { Yum::log('A superuser tried to login by facebook', 'error'); return false; } //Current account and FB account blending $profile->facebook_id = $fb_uid; $profile->save(false); $user->username = '******' . YumRegistrationForm::genRandomString(Yum::module()->usernameRequirements['maxLen'] - 3); $user->superuser = 0; $user->save(); } $identity = new YumUserIdentity($fb_uid, $user->id); $identity->authenticateFacebook(true); switch ($identity->errorCode) { case YumUserIdentity::ERROR_NONE: $duration = 3600 * 24 * 30; //30 days Yii::app()->user->login($identity, $duration); Yum::log('User ' . $user->username . ' logged in via facebook'); return $user; break; case YumUserIdentity::ERROR_STATUS_INACTIVE: $user->addError('status', Yum::t('Your account is not activated.')); break; case YumUserIdentity::ERROR_STATUS_BANNED: $user->addError('status', Yum::t('Your account is blocked.')); break; case YumUserIdentity::ERROR_PASSWORD_INVALID: Yum::log(Yum::t('Failed login attempt for {username} via facebook', array('{username}' => $user->username)), 'error'); $user->addError('status', Yum::t('Password incorrect.')); break; } return false; } catch (FacebookApiException $e) { /* FIXME: Workaround for avoiding the 'Error validating access token.' * inmediatly after a user logs out. This is nasty. Any other * approach to solve this issue is more than welcomed. */ Yum::log('Failed login attempt for ' . $user->username . ' via facebook', 'error'); return false; } } else { return false; } }