Esempio n. 1
0
 public function __construct($username, $realname = 'Real Name', $email = '*****@*****.**', $groups = array())
 {
     $this->assertNotReal();
     $this->username = $username;
     $this->password = '******';
     $this->user = User::newFromName($this->username);
     $this->user->load();
     // In an ideal world we'd have a new wiki (or mock data store) for every single test.
     // But for now, we just need to create or update the user with the desired properties.
     // we particularly need the new password, since we just generated it randomly.
     // In core MediaWiki, there is no functionality to delete users, so this is the best we can do.
     if (!$this->user->isLoggedIn()) {
         // create the user
         $this->user = User::createNew($this->username, array("email" => $email, "real_name" => $realname));
         if (!$this->user) {
             throw new MWException("Error creating TestUser " . $username);
         }
     }
     // Update the user to use the password and other details
     $change = $this->setPassword($this->password) || $this->setEmail($email) || $this->setRealName($realname);
     // Adjust groups by adding any missing ones and removing any extras
     $currentGroups = $this->user->getGroups();
     foreach (array_diff($groups, $currentGroups) as $group) {
         $this->user->addGroup($group);
     }
     foreach (array_diff($currentGroups, $groups) as $group) {
         $this->user->removeGroup($group);
     }
     if ($change) {
         $this->user->saveSettings();
     }
 }
Esempio n. 2
0
 protected function setUp()
 {
     parent::setUp();
     $this->setMwGlobals(array('wgGroupPermissions' => array(), 'wgRevokePermissions' => array()));
     $this->setUpPermissionGlobals();
     $this->user = new User();
     $this->user->addGroup('unittesters');
 }
Esempio n. 3
0
 public function testGroup()
 {
     $groupTest = new Group("TEST_GROUP");
     $groupTest2 = new Group("TEST_GROUP_2");
     $this->assertEmpty($this->user->getGroup());
     $this->user->addGroup($groupTest);
     $this->assertEquals($groupTest, $this->user->getGroup()->first());
     $this->user->addGroup($groupTest2);
     $this->assertEquals(2, $this->user->getGroup()->count());
     $this->user->removeGroup($groupTest);
     $this->assertEquals(1, $this->user->getGroup()->count());
     $this->assertEquals($groupTest2, $this->user->getGroup()->first());
 }
 public static function provideAssert()
 {
     $anon = new User();
     $bot = new User();
     $bot->setName('Bot');
     $bot->addToDatabase();
     $bot->addGroup('bot');
     $user = new User();
     $user->setName('User');
     $user->addToDatabase();
     return array(array($anon, 'user', 'assertuserfailed'), array($user, 'user', false), array($user, 'bot', 'assertbotfailed'), array($bot, 'user', false), array($bot, 'bot', false));
 }
Esempio n. 5
0
 public function __construct($username, $realname = 'Real Name', $email = '*****@*****.**', $groups = [])
 {
     $this->assertNotReal();
     $this->username = $username;
     $this->password = '******';
     $this->user = User::newFromName($this->username);
     $this->user->load();
     // In an ideal world we'd have a new wiki (or mock data store) for every single test.
     // But for now, we just need to create or update the user with the desired properties.
     // we particularly need the new password, since we just generated it randomly.
     // In core MediaWiki, there is no functionality to delete users, so this is the best we can do.
     if (!$this->user->isLoggedIn()) {
         // create the user
         $this->user = User::createNew($this->username, ["email" => $email, "real_name" => $realname]);
         if (!$this->user) {
             throw new MWException("Error creating TestUser " . $username);
         }
     }
     // Update the user to use the password and other details
     $this->setPassword($this->password);
     $change = $this->setEmail($email) || $this->setRealName($realname);
     // Adjust groups by adding any missing ones and removing any extras
     $currentGroups = $this->user->getGroups();
     foreach (array_diff($groups, $currentGroups) as $group) {
         $this->user->addGroup($group);
     }
     foreach (array_diff($currentGroups, $groups) as $group) {
         $this->user->removeGroup($group);
     }
     if ($change) {
         // Disable CAS check before saving. The User object may have been initialized from cached
         // information that may be out of whack with the database during testing. If tests were
         // perfectly isolated, this would not happen. But if it does happen, let's just ignore the
         // inconsistency, and just write the data we want - during testing, we are not worried
         // about data loss.
         $this->user->mTouched = '';
         $this->user->saveSettings();
     }
 }
Esempio n. 6
0
 /**
  * @covers User::getRights
  */
 public function testUserGetRightsHooks()
 {
     $user = new User();
     $user->addGroup('unittesters');
     $user->addGroup('testwriters');
     $userWrapper = TestingAccessWrapper::newFromObject($user);
     $rights = $user->getRights();
     $this->assertContains('test', $rights, 'sanity check');
     $this->assertContains('runtest', $rights, 'sanity check');
     $this->assertContains('writetest', $rights, 'sanity check');
     $this->assertNotContains('nukeworld', $rights, 'sanity check');
     // Add a hook manipluating the rights
     $this->mergeMwGlobalArrayValue('wgHooks', ['UserGetRights' => [function ($user, &$rights) {
         $rights[] = 'nukeworld';
         $rights = array_diff($rights, ['writetest']);
     }]]);
     $userWrapper->mRights = null;
     $rights = $user->getRights();
     $this->assertContains('test', $rights);
     $this->assertContains('runtest', $rights);
     $this->assertNotContains('writetest', $rights);
     $this->assertContains('nukeworld', $rights);
     // Add a Session that limits rights
     $mock = $this->getMockBuilder(stdclass::class)->setMethods(['getAllowedUserRights', 'deregisterSession', 'getSessionId'])->getMock();
     $mock->method('getAllowedUserRights')->willReturn(['test', 'writetest']);
     $mock->method('getSessionId')->willReturn(new MediaWiki\Session\SessionId(str_repeat('X', 32)));
     $session = MediaWiki\Session\TestUtils::getDummySession($mock);
     $mockRequest = $this->getMockBuilder(FauxRequest::class)->setMethods(['getSession'])->getMock();
     $mockRequest->method('getSession')->willReturn($session);
     $userWrapper->mRequest = $mockRequest;
     $userWrapper->mRights = null;
     $rights = $user->getRights();
     $this->assertContains('test', $rights);
     $this->assertNotContains('runtest', $rights);
     $this->assertNotContains('writetest', $rights);
     $this->assertNotContains('nukeworld', $rights);
 }
Esempio n. 7
0
 public function testSerialize()
 {
     $group = new Group();
     $group->setName('Developers');
     $user = new User();
     $user->setEmail('*****@*****.**');
     $user->setPassword('123456');
     $user->addGroup($group);
     $user->save();
     $userId = $user->getId();
     $this->assertInternalType('int', $userId);
     $serialized = serialize($user);
     UserPeer::clearInstancePool();
     $this->assertCount(0, UserPeer::$instances);
     $unserialized = unserialize($serialized);
     $fetchedUser = UserQuery::create()->findOneById($userId);
     $this->assertInstanceOf('FOS\\UserBundle\\Propel\\User', $unserialized);
     $this->assertCount(1, UserPeer::$instances);
     $this->assertTrue($fetchedUser->equals($unserialized));
     $this->assertCount(1, $unserialized->getGroups());
 }
Esempio n. 8
0
 private function setUpUser()
 {
     $this->user = new User();
     $this->user->addGroup('unittesters');
 }
Esempio n. 9
0
 /**
  * Add given user to group
  *
  * @param User $user
  */
 public function addUser(User $user)
 {
     $user->addGroup($this);
     $this->users[] = $user;
 }
 /**
  * @covers WikiPage::doRollback
  */
 public function testDoRollbackFailureSameContent()
 {
     $admin = new User();
     $admin->setName("Admin");
     $admin->addGroup("sysop");
     #XXX: make the test user a sysop...
     $text = "one";
     $page = $this->newPage("WikiPageTest_testDoRollback");
     $page->doEditContent(ContentHandler::makeContent($text, $page->getTitle(), CONTENT_MODEL_WIKITEXT), "section one", EDIT_NEW, false, $admin);
     $rev1 = $page->getRevision();
     $user1 = new User();
     $user1->setName("127.0.1.11");
     $user1->addGroup("sysop");
     #XXX: make the test user a sysop...
     $text .= "\n\ntwo";
     $page = new WikiPage($page->getTitle());
     $page->doEditContent(ContentHandler::makeContent($text, $page->getTitle(), CONTENT_MODEL_WIKITEXT), "adding section two", 0, false, $user1);
     # now, do a the rollback from the same user was doing the edit before
     $resultDetails = array();
     $token = $user1->getEditToken(array($page->getTitle()->getPrefixedText(), $user1->getName()), null);
     $errors = $page->doRollback($user1->getName(), "testing revert same user", $token, false, $resultDetails, $admin);
     $this->assertEquals(array(), $errors, "Rollback failed same user");
     # now, try the rollback
     $resultDetails = array();
     $token = $admin->getEditToken(array($page->getTitle()->getPrefixedText(), $user1->getName()), null);
     $errors = $page->doRollback($user1->getName(), "testing revert", $token, false, $resultDetails, $admin);
     $this->assertEquals(array(array('alreadyrolled', 'WikiPageTest testDoRollback', '127.0.1.11', 'Admin')), $errors, "Rollback not failed");
     $page = new WikiPage($page->getTitle());
     $this->assertEquals($rev1->getSha1(), $page->getRevision()->getSha1(), "rollback did not revert to the correct revision");
     $this->assertEquals("one", $page->getContent()->getNativeData());
 }
 /**
  * Helper function for updateUser() and initUser(). Adds users into MediaWiki security groups
  * based upon groups retreived from LDAP.
  *
  * @param User $user
  * @access private
  */
 function setGroups(&$user)
 {
     global $wgGroupPermissions;
     // TODO: this is *really* ugly code. clean it up!
     $this->printDebug("Entering setGroups.", NONSENSITIVE);
     # Add ldap groups as local groups
     if ($this->getConf('GroupsPrevail')) {
         $this->printDebug("Adding all groups to wgGroupPermissions: ", SENSITIVE, $this->allLDAPGroups);
         foreach ($this->allLDAPGroups["short"] as $ldapgroup) {
             if (!array_key_exists($ldapgroup, $wgGroupPermissions)) {
                 $wgGroupPermissions[$ldapgroup] = array();
             }
         }
     }
     # add groups permissions
     $localAvailGrps = $user->getAllGroups();
     $localUserGrps = $user->getEffectiveGroups();
     $defaultLocallyManagedGrps = array('bot', 'sysop', 'bureaucrat');
     $locallyManagedGrps = $this->getConf('LocallyManagedGroups');
     if ($locallyManagedGrps) {
         $locallyManagedGrps = array_unique(array_merge($defaultLocallyManagedGrps, $locallyManagedGrps));
         $this->printDebug("Locally managed groups: ", SENSITIVE, $locallyManagedGrps);
     } else {
         $locallyManagedGrps = $defaultLocallyManagedGrps;
         $this->printDebug("Locally managed groups is unset, using defaults: ", SENSITIVE, $locallyManagedGrps);
     }
     $this->printDebug("Available groups are: ", NONSENSITIVE, $localAvailGrps);
     $this->printDebug("Effective groups are: ", NONSENSITIVE, $localUserGrps);
     # note: $localUserGrps does not need to be updated with $cGroup added,
     #       as $localAvailGrps contains $cGroup only once.
     foreach ($localAvailGrps as $cGroup) {
         # did we once add the user to the group?
         if (in_array($cGroup, $localUserGrps)) {
             $this->printDebug("Checking to see if we need to remove user from: {$cGroup}", NONSENSITIVE);
             if (!$this->hasLDAPGroup($cGroup) && !in_array($cGroup, $locallyManagedGrps)) {
                 $this->printDebug("Removing user from: {$cGroup}", NONSENSITIVE);
                 # the ldap group overrides the local group
                 # so as the user is currently not a member of the ldap group, he shall be removed from the local group
                 $user->removeGroup($cGroup);
             }
         } else {
             # no, but maybe the user has recently been added to the ldap group?
             $this->printDebug("Checking to see if user is in: {$cGroup}", NONSENSITIVE);
             if ($this->hasLDAPGroup($cGroup)) {
                 $this->printDebug("Adding user to: {$cGroup}", NONSENSITIVE);
                 $user->addGroup($cGroup);
             }
         }
     }
 }
Esempio n. 12
0
 public function register()
 {
     // POST: user_name, display_name, email, title, password, passwordc, captcha, spiderbro, csrf_token
     $post = $this->_app->request->post();
     // Get the alert message stream
     $ms = $this->_app->alerts;
     // Check the honeypot. 'spiderbro' is not a real field, it is hidden on the main page and must be submitted with its default value for this to be processed.
     if (!$post['spiderbro'] || $post['spiderbro'] != "http://") {
         error_log("Possible spam received:" . print_r($this->_app->request->post(), true));
         $ms->addMessage("danger", "Aww hellllls no!");
         $this->_app->halt(500);
         // Don't let on about why the request failed ;-)
     }
     // Load the request schema
     $requestSchema = new \Fortress\RequestSchema($this->_app->config('schema.path') . "/forms/register.json");
     // Set up Fortress to process the request
     $rf = new \Fortress\HTTPRequestFortress($ms, $requestSchema, $post);
     // Security measure: do not allow registering new users until the master account has been created.
     if (!UserLoader::exists($this->_app->config('user_id_master'))) {
         $ms->addMessageTranslated("danger", "MASTER_ACCOUNT_NOT_EXISTS");
         $this->_app->halt(403);
     }
     // Check if registration is currently enabled
     if (!$this->_app->site->can_register) {
         $ms->addMessageTranslated("danger", "ACCOUNT_REGISTRATION_DISABLED");
         $this->_app->halt(403);
     }
     // Prevent the user from registering if he/she is already logged in
     if (!$this->_app->user->isGuest()) {
         $ms->addMessageTranslated("danger", "ACCOUNT_REGISTRATION_LOGOUT");
         $this->_app->halt(200);
     }
     // Sanitize data
     $rf->sanitize();
     // Validate, and halt on validation errors.
     $error = !$rf->validate(true);
     // Get the filtered data
     $data = $rf->data();
     // Check captcha, if required
     if ($this->_app->site->enable_captcha == "1") {
         if (!$data['captcha'] || md5($data['captcha']) != $_SESSION['userfrosting']['captcha']) {
             $ms->addMessageTranslated("danger", "CAPTCHA_FAIL");
             $error = true;
         }
     }
     // Remove captcha, password confirmation from object data
     $rf->removeFields(['captcha', 'passwordc']);
     // Perform desired data transformations.  Is this a feature we could add to Fortress?
     $data['user_name'] = strtolower(trim($data['user_name']));
     $data['display_name'] = trim($data['display_name']);
     $data['email'] = strtolower(trim($data['email']));
     $data['locale'] = $this->_app->site->default_locale;
     if ($this->_app->site->require_activation) {
         $data['active'] = 0;
     } else {
         $data['active'] = 1;
     }
     // Check if username or email already exists
     if (UserLoader::exists($data['user_name'], 'user_name')) {
         $ms->addMessageTranslated("danger", "ACCOUNT_USERNAME_IN_USE", $data);
         $error = true;
     }
     if (UserLoader::exists($data['email'], 'email')) {
         $ms->addMessageTranslated("danger", "ACCOUNT_EMAIL_IN_USE", $data);
         $error = true;
     }
     // Halt on any validation errors
     if ($error) {
         $this->_app->halt(400);
     }
     // Get default primary group (is_default = GROUP_DEFAULT_PRIMARY)
     $primaryGroup = GroupLoader::fetch(GROUP_DEFAULT_PRIMARY, "is_default");
     $data['primary_group_id'] = $primaryGroup->id;
     // Set default title for new users
     $data['title'] = $primaryGroup->new_user_title;
     // Hash password
     $data['password'] = Authentication::hashPassword($data['password']);
     // Create the user
     $user = new User($data);
     // Add user to default groups, including default primary group
     $defaultGroups = GroupLoader::fetchAll(GROUP_DEFAULT, "is_default");
     $user->addGroup($primaryGroup->id);
     foreach ($defaultGroups as $group_id => $group) {
         $user->addGroup($group_id);
     }
     // Store new user to database
     $user->store();
     if ($this->_app->site->require_activation) {
         // Create and send activation email
         $mail = new \PHPMailer();
         $mail->From = $this->_app->site->admin_email;
         $mail->FromName = $this->_app->site->site_title;
         $mail->addAddress($user->email);
         // Add a recipient
         $mail->addReplyTo($this->_app->site->admin_email, $this->_app->site->site_title);
         $mail->Subject = $this->_app->site->site_title . " - please activate your account";
         $mail->Body = $this->_app->view()->render("common/mail/activate-new.html", ["user" => $user]);
         $mail->isHTML(true);
         // Set email format to HTML
         if (!$mail->send()) {
             $ms->addMessageTranslated("danger", "MAIL_ERROR");
             error_log('Mailer Error: ' . $mail->ErrorInfo);
             $this->_app->halt(500);
         }
         // Activation required
         $ms->addMessageTranslated("success", "ACCOUNT_REGISTRATION_COMPLETE_TYPE2");
     } else {
         // No activation required
         $ms->addMessageTranslated("success", "ACCOUNT_REGISTRATION_COMPLETE_TYPE1");
     }
 }
Esempio n. 13
0
 /**
  * When a user logs in, optionally fill in preferences and such.
  * For instance, you might pull the email address or real name from the
  * external user database.
  *
  * The User object is passed by reference so it can be modified; don't
  * forget the & on your function declaration.
  *
  * @param User $user
  * @access public
  */
 function updateUser(&$user)
 {
     if (!is_resource($this->db)) {
         $this->openDB();
     }
     $query = mysql_query("SELECT username,email,usergroup,additionalgroups FROM {$this->table_prefix}users WHERE username='******'", $this->db);
     $res = mysql_fetch_array($query);
     if ($res) {
         if (in_array($res['usergroup'], $this->admin_usergroups)) {
             $is_admin = true;
         }
         $memberships = explode(",", $res['additionalgroups']);
         for ($i = 0; $i < count($memberships); $i++) {
             if (in_array($memberships[$x], $this->admin_usergroups)) {
                 $is_admin = true;
             }
         }
         if ($is_admin == true) {
             // If a user is not a sysop, make them a sysop
             if (!in_array("sysop", $user->getEffectiveGroups())) {
                 $user->addGroup('sysop');
             }
         } else {
             if (in_array("sysop", $user->getEffectiveGroups())) {
                 $user->removeGroup('sysop');
                 return TRUE;
             }
         }
         $user->setEmail($res['email']);
         $user->setRealName($res['username']);
         return TRUE;
     }
     return false;
 }
Esempio n. 14
0
 /** 
  * Processes the request to create a new user (from the admin controls).
  * 
  * Processes the request from the user creation form, checking that:
  * 1. The username and email are not already in use;
  * 2. The logged-in user has the necessary permissions to update the posted field(s);
  * 3. The submitted data is valid.
  * This route requires authentication.
  * Request type: POST
  * @see formUserCreate
  */
 public function createUser()
 {
     $post = $this->_app->request->post();
     // Load the request schema
     $requestSchema = new \Fortress\RequestSchema($this->_app->config('schema.path') . "/forms/user-create.json");
     // Get the alert message stream
     $ms = $this->_app->alerts;
     // Access-controlled resource
     if (!$this->_app->user->checkAccess('create_account')) {
         $ms->addMessageTranslated("danger", "ACCESS_DENIED");
         $this->_app->halt(403);
     }
     // Set up Fortress to process the request
     $rf = new \Fortress\HTTPRequestFortress($ms, $requestSchema, $post);
     // Sanitize data
     $rf->sanitize();
     // Validate, and halt on validation errors.
     $error = !$rf->validate(true);
     // Get the filtered data
     $data = $rf->data();
     // Remove csrf_token from object data
     $rf->removeFields(['csrf_token']);
     // Perform desired data transformations on required fields.  Is this a feature we could add to Fortress?
     $data['display_name'] = trim($data['display_name']);
     $data['email'] = strtolower(trim($data['email']));
     $data['flag_verified'] = 1;
     // Set password as empty on initial creation.  We will then send email so new user can set it themselves via secret token
     $data['password'] = "";
     // Check if username or email already exists
     if (UserLoader::exists($data['user_name'], 'user_name')) {
         $ms->addMessageTranslated("danger", "ACCOUNT_USERNAME_IN_USE", $data);
         $error = true;
     }
     if (UserLoader::exists($data['email'], 'email')) {
         $ms->addMessageTranslated("danger", "ACCOUNT_EMAIL_IN_USE", $data);
         $error = true;
     }
     // Halt on any validation errors
     if ($error) {
         $this->_app->halt(400);
     }
     // Get default primary group (is_default = GROUP_DEFAULT_PRIMARY)
     $primaryGroup = GroupLoader::fetch(GROUP_DEFAULT_PRIMARY, "is_default");
     // Set default values if not specified or not authorized
     if (!isset($data['locale']) || !$this->_app->user->checkAccess("update_account_setting", ["property" => "locale"])) {
         $data['locale'] = $this->_app->site->default_locale;
     }
     if (!isset($data['title']) || !$this->_app->user->checkAccess("update_account_setting", ["property" => "title"])) {
         // Set default title for new users
         $data['title'] = $primaryGroup->new_user_title;
     }
     if (!isset($data['primary_group_id']) || !$this->_app->user->checkAccess("update_account_setting", ["property" => "primary_group_id"])) {
         $data['primary_group_id'] = $primaryGroup->id;
     }
     // Set groups to default groups if not specified or not authorized to set groups
     if (!isset($data['groups']) || !$this->_app->user->checkAccess("update_account_setting", ["property" => "groups"])) {
         $default_groups = GroupLoader::fetchAll(GROUP_DEFAULT, "is_default");
         $data['groups'] = [];
         foreach ($default_groups as $group_id => $group) {
             $data['groups'][$group_id] = "1";
         }
     }
     // Create the user
     $user = new User($data);
     // Add user to groups, including selected primary group
     $user->addGroup($data['primary_group_id']);
     foreach ($data['groups'] as $group_id => $is_member) {
         if ($is_member == "1") {
             $user->addGroup($group_id);
         }
     }
     // Create events - account creation and password reset
     $user->newEventSignUp($this->_app->user);
     $user->newEventPasswordReset();
     // Save user again after creating events
     $user->save();
     // Send an email to the user's email address to set up password
     $twig = $this->_app->view()->getEnvironment();
     $template = $twig->loadTemplate("mail/password-create.twig");
     $notification = new Notification($template);
     $notification->fromWebsite();
     // Automatically sets sender and reply-to
     $notification->addEmailRecipient($user->email, $user->display_name, ['user' => $user, 'create_password_expiration' => $this->_app->site->create_password_expiration / 3600 . " hours"]);
     try {
         $notification->send();
     } catch (\Exception\phpmailerException $e) {
         $ms->addMessageTranslated("danger", "MAIL_ERROR");
         error_log('Mailer Error: ' . $e->errorMessage());
         $this->_app->halt(500);
     }
     // Success message
     $ms->addMessageTranslated("success", "ACCOUNT_CREATION_COMPLETE", $data);
 }
 /**
  * Add groups based on the existence of attributes in the SAML assertion.
  *
  * @param User $user add MediaWiki permissions to this user from the current SAML assertion
  *
  * @return void $user is modified on return
  */
 protected static function setGroups(User $user)
 {
     global $wgSamlGroupMap;
     $attr = self::$as->getAttributes();
     foreach ($wgSamlGroupMap as $group => $rules) {
         foreach ($rules as $attrName => $needles) {
             if (!isset($attr[$attrName])) {
                 continue;
             }
             foreach ($needles as $needle) {
                 if (in_array($needle, $attr[$attrName])) {
                     $user->addGroup($group);
                 } else {
                     $user->removeGroup($group);
                 }
             }
         }
     }
 }
Esempio n. 16
0
 /**
  * On every page load, the user's permissions are recalculated. They are based
  * upon the groups to which the user belongs.
  */
 function manageMediawikiGroupsForUser(User $mediawiki_user, PFUser $tuleap_user, Group $group)
 {
     $groups_mapper = new MediawikiUserGroupsMapper(new MediawikiDao(), new User_ForgeUserGroupPermissionsDao());
     $mediawiki_groups = $groups_mapper->defineUserMediawikiGroups($tuleap_user, $group);
     foreach ($mediawiki_groups['removed'] as $group_to_remove) {
         $mediawiki_user->removeGroup($group_to_remove);
     }
     foreach ($mediawiki_groups['added'] as $group_to_add) {
         $mediawiki_user->addGroup($group_to_add);
     }
     return $mediawiki_user;
 }
Esempio n. 17
0
 /**
  * Helper function for updateUser() and initUser(). Adds users into MediaWiki security groups
  * based upon groups retreived from LDAP.
  *
  * @param User $user
  * @access private
  */
 function setGroups(&$user)
 {
     $this->printDebug("Pulling groups from LDAP.", 1);
     # add groups permissions
     $localAvailGrps = $user->getAllGroups();
     $localUserGrps = $user->getEffectiveGroups();
     $this->printDebug("Available groups are: " . implode(",", $localAvailGrps) . "", 1);
     $this->printDebug("Effective groups are: " . implode(",", $localUserGrps) . "", 1);
     # note: $localUserGrps does not need to be updated with $cGroup added,
     #       as $localAvailGrps contains $cGroup only once.
     foreach ($localAvailGrps as $cGroup) {
         # did we once add the user to the group?
         if (in_array($cGroup, $localUserGrps)) {
             $this->printDebug("Checking to see if we need to remove user from: {$cGroup}", 1);
             if (!$this->hasLDAPGroup($cGroup) && $this->isLDAPGroup($cGroup)) {
                 $this->printDebug("Removing user from: {$cGroup}", 1);
                 # the ldap group overrides the local group
                 # so as the user is currently not a member of the ldap group, he shall be removed from the local group
                 $user->removeGroup($cGroup);
             }
         } else {
             # no, but maybe the user has recently been added to the ldap group?
             $this->printDebug("Checking to see if user is in: {$cGroup}", 1);
             if ($this->hasLDAPGroup($cGroup)) {
                 $this->printDebug("Adding user to: {$cGroup}", 1);
                 # so use the addGroup function
                 $user->addGroup($cGroup);
                 # completedfor $cGroup.
             }
         }
     }
 }
 /**
  * When a user logs in, optionally fill in preferences and such.
  * For instance, you might pull the email address or real name from the
  * external user database.
  *
  * The User object is passed by reference so it can be modified; don't
  * forget the & on your function declaration.
  *
  * @param User $user
  * @public
  */
 function updateUser(&$user)
 {
     if ($this->debug) {
         echo 'updateUser';
     }
     $username = addslashes($user->getName());
     $find_user_query = "SELECT\n\t\t\tuser_id,\n\t\t\tuser_accesslevel, user_email, \n\t\t\tuser_name_short, user_name\n\t\t\tFROM users WHERE lower(user_name_short)=lower('{$username}')";
     $find_result = mysql_query($find_user_query, $this->database);
     // make sure that there is only one person with the username
     if (mysql_num_rows($find_result) == 1) {
         $userinfo = mysql_fetch_assoc($find_result);
         mysql_free_result($find_result);
         $user->setEmail($userinfo['user_email']);
         $user->confirmEmail();
         $user->setRealName($userinfo['user_name']);
         // Accessrights
         if ($userinfo['user_accesslevel'] > 2) {
             $user->addGroup('sysop');
         }
         $user->saveSettings();
         return true;
     }
     return false;
 }
Esempio n. 19
0
 /**
  * Put the user in the effective group 'artist' if she is not already in.
  * @param User $user 
  * @return boolean false if she is already in the group, true if just added
  */
 private static function addSubscribersGroupToUser($user)
 {
     if (!in_array(WP_SUBSCRIBERS_USER_GROUP, $user->getGroups())) {
         $user->addGroup(WP_SUBSCRIBERS_USER_GROUP);
         return true;
     }
     return false;
 }
Esempio n. 20
0
 /**
  * Save user groups changes in the database.
  *
  * @param User|UserRightsProxy $user
  * @param array $add Array of groups to add
  * @param array $remove Array of groups to remove
  * @param string $reason Reason for group change
  * @return array Tuple of added, then removed groups
  */
 function doSaveUserGroups($user, $add, $remove, $reason = '')
 {
     global $wgAuth;
     // Validate input set...
     $isself = $user->getName() == $this->getUser()->getName();
     $groups = $user->getGroups();
     $changeable = $this->changeableGroups();
     $addable = array_merge($changeable['add'], $isself ? $changeable['add-self'] : array());
     $removable = array_merge($changeable['remove'], $isself ? $changeable['remove-self'] : array());
     $remove = array_unique(array_intersect((array) $remove, $removable, $groups));
     $add = array_unique(array_diff(array_intersect((array) $add, $addable), $groups));
     $oldGroups = $user->getGroups();
     $newGroups = $oldGroups;
     // Remove then add groups
     if ($remove) {
         foreach ($remove as $index => $group) {
             if (!$user->removeGroup($group)) {
                 unset($remove[$index]);
             }
         }
         $newGroups = array_diff($newGroups, $remove);
     }
     if ($add) {
         foreach ($add as $index => $group) {
             if (!$user->addGroup($group)) {
                 unset($add[$index]);
             }
         }
         $newGroups = array_merge($newGroups, $add);
     }
     $newGroups = array_unique($newGroups);
     // Ensure that caches are cleared
     $user->invalidateCache();
     // update groups in external authentication database
     Hooks::run('UserGroupsChanged', array($user, $add, $remove, $this->getUser()));
     $wgAuth->updateExternalDBGroups($user, $add, $remove);
     wfDebug('oldGroups: ' . print_r($oldGroups, true) . "\n");
     wfDebug('newGroups: ' . print_r($newGroups, true) . "\n");
     // Deprecated in favor of UserGroupsChanged hook
     Hooks::run('UserRights', array(&$user, $add, $remove), '1.26');
     if ($newGroups != $oldGroups) {
         $this->addLogEntry($user, $oldGroups, $newGroups, $reason);
     }
     return array($add, $remove);
 }
Esempio n. 21
0
 /**
  * @covers AppBundle\Entity\User::addGroup
  * Implement testAddGroup().
  */
 public function testAddGroup()
 {
     $this->assertEmpty($this->user->getGroup());
     $this->user->addGroup($this->group);
     $this->assertNotEmpty($this->user->getGroup());
 }
Esempio n. 22
0
 /**
  * Processes a request to create the master account.
  *
  * Processes the request from the master account creation form, checking that:
  * 1. The honeypot has not been changed;
  * 2. The master account does not already exist;
  * 3. The correct configuration token was submitted;
  * 3. The submitted data is valid.
  * This route is "public access" (until the master account has been created, that is)
  * Request type: POST     
  */
 public function setupMasterAccount()
 {
     $post = $this->_app->request->post();
     // Get the alert message stream
     $ms = $this->_app->alerts;
     // Check the honeypot. 'spiderbro' is not a real field, it is hidden on the main page and must be submitted with its default value for this to be processed.
     if (!$post['spiderbro'] || $post['spiderbro'] != "http://") {
         error_log("Possible spam received:" . print_r($this->_app->request->post(), true));
         $ms->addMessage("danger", "Aww hellllls no!");
         $this->_app->halt(500);
         // Don't let on about why the request failed ;-)
     }
     // Do not allow registering a master account if one has already been created
     if (User::find($this->_app->config('user_id_master'))) {
         $ms->addMessageTranslated("danger", "MASTER_ACCOUNT_EXISTS");
         $this->_app->halt(403);
     }
     // Check the configuration token
     if ($post['root_account_config_token'] != $this->_app->site->root_account_config_token) {
         $ms->addMessageTranslated("danger", "CONFIG_TOKEN_MISMATCH");
         $this->_app->halt(403);
     }
     // Load the request schema
     $requestSchema = new \Fortress\RequestSchema($this->_app->config('schema.path') . "/forms/register.json");
     // Set up Fortress to process the request
     $rf = new \Fortress\HTTPRequestFortress($ms, $requestSchema, $post);
     // Sanitize data
     $rf->sanitize();
     // Validate, and halt on validation errors.
     $error = !$rf->validate(true);
     // Get the filtered data
     $data = $rf->data();
     // Remove configuration token, password confirmation from object data
     $rf->removeFields(['root_account_config_token', 'passwordc']);
     // Perform desired data transformations.  Is this a feature we could add to Fortress?
     $data['display_name'] = trim($data['display_name']);
     $data['flag_verified'] = 1;
     $data['locale'] = $this->_app->site->default_locale;
     // Halt on any validation errors
     if ($error) {
         $this->_app->halt(400);
     }
     // Get default primary group (is_default = GROUP_DEFAULT_PRIMARY)
     $primaryGroup = Group::where('is_default', GROUP_DEFAULT_PRIMARY)->first();
     $data['primary_group_id'] = $primaryGroup->id;
     // Set default title for new users
     $data['title'] = $primaryGroup->new_user_title;
     // Hash password
     $data['password'] = Authentication::hashPassword($data['password']);
     // Create the master user
     $user = new User($data);
     $user->id = $this->_app->config('user_id_master');
     // Add user to default groups, including default primary group
     $defaultGroups = Group::where('is_default', GROUP_DEFAULT)->get();
     $user->addGroup($primaryGroup->id);
     foreach ($defaultGroups as $group) {
         $group_id = $group->id;
         $user->addGroup($group_id);
     }
     // Add sign-up event
     $user->newEventSignUp();
     // Store new user to database
     $user->save();
     // No activation required
     $ms->addMessageTranslated("success", "ACCOUNT_REGISTRATION_COMPLETE_TYPE1");
     // Update install status
     $this->_app->site->install_status = "new";
     $this->_app->site->root_account_config_token = "";
     $this->_app->site->store();
 }
Esempio n. 23
0
 /** 
  * Processes the request to create a new user (from the admin controls).
  * 
  * Processes the request from the user creation form, checking that:
  * 1. The username and email are not already in use;
  * 2. The logged-in user has the necessary permissions to update the posted field(s);
  * 3. The submitted data is valid.
  * This route requires authentication.
  * Request type: POST
  * @see formUserCreate
  */
 public function createUser()
 {
     $post = $this->_app->request->post();
     // Load the request schema
     $requestSchema = new \Fortress\RequestSchema($this->_app->config('schema.path') . "/forms/user-create.json");
     // Get the alert message stream
     $ms = $this->_app->alerts;
     // Access-controlled resource
     if (!$this->_app->user->checkAccess('create_account')) {
         $ms->addMessageTranslated("danger", "ACCESS_DENIED");
         $this->_app->halt(403);
     }
     // Set up Fortress to process the request
     $rf = new \Fortress\HTTPRequestFortress($ms, $requestSchema, $post);
     // Sanitize data
     $rf->sanitize();
     // Validate, and halt on validation errors.
     $error = !$rf->validate(true);
     // Get the filtered data
     $data = $rf->data();
     // Remove csrf_token, password confirmation from object data
     $rf->removeFields(['csrf_token, passwordc']);
     // Perform desired data transformations on required fields.  Is this a feature we could add to Fortress?
     $data['user_name'] = strtolower(trim($data['user_name']));
     $data['display_name'] = trim($data['display_name']);
     $data['email'] = strtolower(trim($data['email']));
     $data['active'] = 1;
     // Check if username or email already exists
     if (UserLoader::exists($data['user_name'], 'user_name')) {
         $ms->addMessageTranslated("danger", "ACCOUNT_USERNAME_IN_USE", $data);
         $error = true;
     }
     if (UserLoader::exists($data['email'], 'email')) {
         $ms->addMessageTranslated("danger", "ACCOUNT_EMAIL_IN_USE", $data);
         $error = true;
     }
     // Halt on any validation errors
     if ($error) {
         $this->_app->halt(400);
     }
     // Get default primary group (is_default = GROUP_DEFAULT_PRIMARY)
     $primaryGroup = GroupLoader::fetch(GROUP_DEFAULT_PRIMARY, "is_default");
     // Set default values if not specified or not authorized
     if (!isset($data['locale']) || !$this->_app->user->checkAccess("update_account_setting", ["property" => "locale"])) {
         $data['locale'] = $this->_app->site->default_locale;
     }
     if (!isset($data['title']) || !$this->_app->user->checkAccess("update_account_setting", ["property" => "title"])) {
         // Set default title for new users
         $data['title'] = $primaryGroup->new_user_title;
     }
     if (!isset($data['primary_group_id']) || !$this->_app->user->checkAccess("update_account_setting", ["property" => "primary_group_id"])) {
         $data['primary_group_id'] = $primaryGroup->id;
     }
     // Set groups to default groups if not specified or not authorized to set groups
     if (!isset($data['groups']) || !$this->_app->user->checkAccess("update_account_setting", ["property" => "groups"])) {
         $default_groups = GroupLoader::fetchAll(GROUP_DEFAULT, "is_default");
         $data['groups'] = [];
         foreach ($default_groups as $group_id => $group) {
             $data['groups'][$group_id] = "1";
         }
     }
     // Hash password
     $data['password'] = Authentication::hashPassword($data['password']);
     // Create the user
     $user = new User($data);
     // Add user to groups, including selected primary group
     $user->addGroup($data['primary_group_id']);
     foreach ($data['groups'] as $group_id => $is_member) {
         if ($is_member == "1") {
             $user->addGroup($group_id);
         }
     }
     // Store new user to database
     $user->store();
     // Success message
     $ms->addMessageTranslated("success", "ACCOUNT_CREATION_COMPLETE", $data);
 }
Esempio n. 24
0
 /**
  * Processes an new account registration request.
  *
  * Processes the request from the form on the registration page, checking that:
  * 1. The honeypot was not modified;
  * 2. The master account has already been created (during installation);
  * 3. Account registration is enabled;
  * 4. The user is not already logged in;
  * 5. Valid information was entered;
  * 6. The captcha, if enabled, is correct;
  * 7. The username and email are not already taken.
  * Automatically sends an activation link upon success, if account activation is enabled.
  * This route is "public access".
  * Request type: POST
  * Returns the User Object for the user record that was created.
  */
 public function register()
 {
     // POST: user_name, display_name, email, title, password, passwordc, captcha, spiderbro, csrf_token
     $post = $this->_app->request->post();
     // Get the alert message stream
     $ms = $this->_app->alerts;
     // Check the honeypot. 'spiderbro' is not a real field, it is hidden on the main page and must be submitted with its default value for this to be processed.
     if (!$post['spiderbro'] || $post['spiderbro'] != "http://") {
         error_log("Possible spam received:" . print_r($this->_app->request->post(), true));
         $ms->addMessage("danger", "Aww hellllls no!");
         $this->_app->halt(500);
         // Don't let on about why the request failed ;-)
     }
     // Load the request schema
     $requestSchema = new \Fortress\RequestSchema($this->_app->config('schema.path') . "/forms/register.json");
     // Set up Fortress to process the request
     $rf = new \Fortress\HTTPRequestFortress($ms, $requestSchema, $post);
     // Security measure: do not allow registering new users until the master account has been created.
     if (!User::find($this->_app->config('user_id_master'))) {
         $ms->addMessageTranslated("danger", "MASTER_ACCOUNT_NOT_EXISTS");
         $this->_app->halt(403);
     }
     // Check if registration is currently enabled
     if (!$this->_app->site->can_register) {
         $ms->addMessageTranslated("danger", "ACCOUNT_REGISTRATION_DISABLED");
         $this->_app->halt(403);
     }
     // Prevent the user from registering if he/she is already logged in
     if (!$this->_app->user->isGuest()) {
         $ms->addMessageTranslated("danger", "ACCOUNT_REGISTRATION_LOGOUT");
         $this->_app->halt(200);
     }
     // Sanitize data
     $rf->sanitize();
     // Validate, and halt on validation errors.
     $error = !$rf->validate(true);
     // Get the filtered data
     $data = $rf->data();
     // Check captcha, if required
     if ($this->_app->site->enable_captcha == "1") {
         if (!$data['captcha'] || md5($data['captcha']) != $_SESSION['userfrosting']['captcha']) {
             $ms->addMessageTranslated("danger", "CAPTCHA_FAIL");
             $error = true;
         }
     }
     // Remove captcha, password confirmation from object data
     $rf->removeFields(['captcha', 'passwordc']);
     // Perform desired data transformations.  Is this a feature we could add to Fortress?
     $data['display_name'] = trim($data['display_name']);
     $data['locale'] = $this->_app->site->default_locale;
     if ($this->_app->site->require_activation) {
         $data['flag_verified'] = 0;
     } else {
         $data['flag_verified'] = 1;
     }
     // Check if username or email already exists
     if (User::where('user_name', $data['user_name'])->first()) {
         $ms->addMessageTranslated("danger", "ACCOUNT_USERNAME_IN_USE", $data);
         $error = true;
     }
     if (User::where('email', $data['email'])->first()) {
         $ms->addMessageTranslated("danger", "ACCOUNT_EMAIL_IN_USE", $data);
         $error = true;
     }
     // Halt on any validation errors
     if ($error) {
         $this->_app->halt(400);
     }
     // Get default primary group (is_default = GROUP_DEFAULT_PRIMARY)
     $primaryGroup = Group::where('is_default', GROUP_DEFAULT_PRIMARY)->first();
     // Check that a default primary group is actually set
     if (!$primaryGroup) {
         $ms->addMessageTranslated("danger", "ACCOUNT_REGISTRATION_BROKEN");
         error_log("Account registration is not working because a default primary group has not been set.");
         $this->_app->halt(500);
     }
     $data['primary_group_id'] = $primaryGroup->id;
     // Set default title for new users
     $data['title'] = $primaryGroup->new_user_title;
     // Hash password
     $data['password'] = Authentication::hashPassword($data['password']);
     // Create the user
     $user = new User($data);
     // Add user to default groups, including default primary group
     $defaultGroups = Group::where('is_default', GROUP_DEFAULT)->get();
     $user->addGroup($primaryGroup->id);
     foreach ($defaultGroups as $group) {
         $user->addGroup($group->id);
     }
     // Create sign-up event
     $user->newEventSignUp();
     // Store new user to database
     $user->save();
     if ($this->_app->site->require_activation) {
         // Create verification request event
         $user->newEventVerificationRequest();
         $user->save();
         // Re-save with verification event
         // Create and send verification email
         $twig = $this->_app->view()->getEnvironment();
         $template = $twig->loadTemplate("mail/activate-new.twig");
         $notification = new Notification($template);
         $notification->fromWebsite();
         // Automatically sets sender and reply-to
         $notification->addEmailRecipient($user->email, $user->display_name, ["user" => $user]);
         try {
             $notification->send();
         } catch (\phpmailerException $e) {
             $ms->addMessageTranslated("danger", "MAIL_ERROR");
             error_log('Mailer Error: ' . $e->errorMessage());
             $this->_app->halt(500);
         }
         $ms->addMessageTranslated("success", "ACCOUNT_REGISTRATION_COMPLETE_TYPE2");
     } else {
         // No activation required
         $ms->addMessageTranslated("success", "ACCOUNT_REGISTRATION_COMPLETE_TYPE1");
     }
     // Return the user object to the calling program
     return $user;
 }
Esempio n. 25
0
 function actaddgroup()
 {
     $model = new User();
     $model->addGroup();
     $this->redirect('/user/group/');
 }