public function testRegistration()
{
Yii::app()->controller = new YumRegistrationController('registration');
$user = new YumRegistrationForm();
$user->username = '******';
$this->assertFalse($user->validate());
$user->username = '******';
$user->password = '******';
$user->password = '******';
$this->assertFalse($user->validate());
$user->setAttributes(array('username' => 'A_Testuser', 'password' => 'hiddenpassword1', 'verifyPassword' => 'hiddenpassword1'));
$this->assertTrue($user->validate());
$profile = new YumRegistrationForm();
$profile->setAttributes(array('firstname' => 'My first Name !"§$%&/()=', 'lastname' => 'My last Name !"§$%&/()=<?php die() ?>', 'password' => 'hiddenpassword1', 'verifyPassword' => 'hiddenpassword1'));
$profile->setAttributes($user->getAttributes());
$this->assertTrue($profile->validate());
// it is good that $_POST is bloated here because we want to test if
// only safe Attributes are being assigned:
$_POST['YumRegistrationForm'] = $user->getAttributes();
$_POST['YumProfile'] = $profile->getAttributes();
}
public function loginByFacebook()
{
if (!Yum::module()->loginType & UserModule::LOGIN_BY_FACEBOOK) {
throw new Exception('actionFacebook was called, but is not activated in application configuration');
}
Yii::app()->user->logout();
Yii::import('application.modules.user.vendors.facebook.*');
$facebook = new Facebook(Yum::module()->facebookConfig);
$fb_uid = $facebook->getUser();
if ($fb_uid) {
$profile = YumProfile::model()->findByAttributes(array('facebook_id' => $fb_uid));
$user = $profile ? YumUser::model()->findByPk($profile->user_id) : null;
try {
$fb_user = $facebook->api('/me');
if (isset($fb_user['email'])) {
$profile = YumProfile::model()->findByAttributes(array('email' => $fb_user['email']));
} else {
return false;
}
if ($user === null && $profile === null) {
// New account
$user = new YumUser();
$user->username = '******' . YumRegistrationForm::genRandomString(Yum::module()->usernameRequirements['maxLen'] - 3);
$user->password = YumUser::encrypt(YumUserChangePassword::createRandomPassword());
$user->activationKey = YumUser::encrypt(microtime() . $user->password);
$user->createtime = time();
$user->superuser = 0;
if ($user->save()) {
$profile = new YumProfile();
$profile->user_id = $user->id;
$profile->facebook_id = $fb_user['id'];
$profile->email = $fb_user['email'];
$profile->save(false);
}
} else {
//No superuser account can log in using Facebook
$user = $profile->user;
if ($user->superuser) {
Yum::log('A superuser tried to login by facebook', 'error');
return false;
}
//Current account and FB account blending
$profile->facebook_id = $fb_uid;
$profile->save(false);
$user->username = '******' . YumRegistrationForm::genRandomString(Yum::module()->usernameRequirements['maxLen'] - 3);
$user->superuser = 0;
$user->save();
}
$identity = new YumUserIdentity($fb_uid, $user->id);
$identity->authenticateFacebook(true);
switch ($identity->errorCode) {
case YumUserIdentity::ERROR_NONE:
$duration = 3600 * 24 * 30;
//30 days
Yii::app()->user->login($identity, $duration);
Yum::log('User ' . $user->username . ' logged in via facebook');
return $user;
break;
case YumUserIdentity::ERROR_STATUS_INACTIVE:
$user->addError('status', Yum::t('Your account is not activated.'));
break;
case YumUserIdentity::ERROR_STATUS_BANNED:
$user->addError('status', Yum::t('Your account is blocked.'));
break;
case YumUserIdentity::ERROR_PASSWORD_INVALID:
Yum::log(Yum::t('Failed login attempt for {username} via facebook', array('{username}' => $user->username)), 'error');
$user->addError('status', Yum::t('Password incorrect.'));
break;
}
return false;
} catch (FacebookApiException $e) {
/* FIXME: Workaround for avoiding the 'Error validating access token.'
* inmediatly after a user logs out. This is nasty. Any other
* approach to solve this issue is more than welcomed.
*/
Yum::log('Failed login attempt for ' . $user->username . ' via facebook', 'error');
return false;
}
} else {
return false;
}
}
