Esempio n. 1
0
 /**
  * @return string
  * @throws \DreamFactory\Core\Exceptions\UnauthorizedException
  */
 public static function refreshToken()
 {
     $token = Session::getSessionToken();
     try {
         $newToken = \JWTAuth::refresh($token);
         $payload = \JWTAuth::getPayload($newToken);
         $userId = $payload->get('user_id');
         $user = User::find($userId);
         $userInfo = $user->toArray();
         ArrayUtils::set($userInfo, 'is_sys_admin', $user->is_sys_admin);
         Session::setSessionToken($newToken);
         Session::setUserInfo($userInfo);
         static::setTokenMap($payload, $newToken);
     } catch (TokenExpiredException $e) {
         $payloadArray = \JWTAuth::manager()->getJWTProvider()->decode($token);
         $forever = boolval(ArrayUtils::get($payloadArray, 'forever'));
         if ($forever) {
             $userId = ArrayUtils::get($payloadArray, 'user_id');
             $user = User::find($userId);
             Session::setUserInfoWithJWT($user, $forever);
         } else {
             throw new UnauthorizedException($e->getMessage());
         }
     }
     return Session::getSessionToken();
 }
Esempio n. 2
0
 public function testSysAdmin()
 {
     $user = \DreamFactory\Core\Models\User::find(1);
     Session::setUserInfoWithJWT($user);
     $permission = Session::getServicePermissions('system', '*');
     $this->assertEquals($permission, VerbsMask::NONE_MASK | VerbsMask::GET_MASK | VerbsMask::POST_MASK | VerbsMask::PUT_MASK | VerbsMask::PATCH_MASK | VerbsMask::DELETE_MASK);
     $nonAdminUser = \DreamFactory\Core\Models\User::create(['name' => 'John Doe', 'first_name' => 'John', 'last_name' => 'Doe', 'email' => '*****@*****.**', 'password' => 'test1234', 'security_question' => 'Make of your first car?', 'security_answer' => 'mazda', 'is_active' => true]);
     Session::setUserInfoWithJWT($nonAdminUser);
     $permission = Session::getServicePermissions('system', '*');
     $this->assertEquals(VerbsMask::NONE_MASK, $permission);
 }
Esempio n. 3
0
 public function handleOAuthCallback()
 {
     /** @var Provider $driver */
     $driver = $this->getDriver();
     /** @var User $user */
     $user = $driver->user();
     $dfUser = $this->createShadowOAuthUser($user);
     $dfUser->last_login_date = Carbon::now()->toDateTimeString();
     $dfUser->confirm_code = null;
     $dfUser->save();
     Session::setUserInfoWithJWT($dfUser);
     return Session::getPublicInfo();
 }
Esempio n. 4
0
 public function testPOSTRegister()
 {
     $u = $this->user1;
     $password = Arr::get($u, 'password');
     $payload = ['first_name' => Arr::get($u, 'first_name'), 'last_name' => Arr::get($u, 'last_name'), 'name' => Arr::get($u, 'name'), 'email' => Arr::get($u, 'email'), 'phone' => Arr::get($u, 'phone'), 'security_question' => Arr::get($u, 'security_question'), 'security_answer' => Arr::get($u, 'security_answer'), 'password' => $password, 'password_confirmation' => Arr::get($u, 'password_confirmation', $password)];
     Session::setUserInfoWithJWT(User::find(1));
     $r = $this->makeRequest(Verbs::POST, static::RESOURCE, [], $payload);
     $c = $r->getContent();
     $this->assertTrue(Arr::get($c, 'success'));
     Session::set('role.name', 'test');
     Session::set('role.id', 1);
     $this->service = ServiceHandler::getService('user');
     $r = $this->makeRequest(Verbs::POST, 'session', [], ['email' => Arr::get($u, 'email'), 'password' => Arr::get($u, 'password')]);
     $c = $r->getContent();
     $this->assertTrue(!empty(Arr::get($c, 'session_id')));
 }
Esempio n. 5
0
 /**
  * Registers new user.
  *
  * @return array
  * @throws \DreamFactory\Core\Exceptions\BadRequestException
  * @throws \DreamFactory\Core\Exceptions\ForbiddenException
  */
 protected function handlePOST()
 {
     $payload = $this->getPayloadData();
     $login = $this->request->getParameterAsBool('login');
     $registrar = new Registrar();
     $password = ArrayUtils::get($payload, 'new_password', ArrayUtils::get($payload, 'password'));
     $data = ['first_name' => ArrayUtils::get($payload, 'first_name'), 'last_name' => ArrayUtils::get($payload, 'last_name'), 'name' => ArrayUtils::get($payload, 'name'), 'email' => ArrayUtils::get($payload, 'email'), 'phone' => ArrayUtils::get($payload, 'phone'), 'security_question' => ArrayUtils::get($payload, 'security_question'), 'security_answer' => ArrayUtils::get($payload, 'security_answer'), 'password' => $password, 'password_confirmation' => ArrayUtils::get($payload, 'password_confirmation', $password)];
     if (empty($data['first_name'])) {
         list($username, $domain) = explode('@', $data['email']);
         $data['first_name'] = $username;
     }
     if (empty($data['last_name'])) {
         $names = explode('.', $data['first_name']);
         if (isset($names[1])) {
             $data['last_name'] = $names[1];
             $data['first_name'] = $names[0];
         } else {
             $data['last_name'] = $names[0];
         }
     }
     if (empty($data['name'])) {
         $data['name'] = $data['first_name'] . ' ' . $data['last_name'];
     }
     ArrayUtils::removeNull($data);
     /** @var \Illuminate\Validation\Validator $validator */
     $validator = $registrar->validator($data);
     if ($validator->fails()) {
         $messages = $validator->errors()->getMessages();
         throw new BadRequestException('Validation failed', null, null, $messages);
     } else {
         $user = $registrar->create($data);
         if ($login) {
             if ($user->confirm_code !== 'y' && !is_null($user->confirm_code)) {
                 return ['success' => true, 'confirmation_required' => true];
             } else {
                 Session::setUserInfoWithJWT($user);
                 return ['success' => true, 'session_token' => Session::getSessionToken()];
             }
         } else {
             return ['success' => true];
         }
     }
 }
Esempio n. 6
0
 /**
  * Updates user profile.
  *
  * @return array
  * @throws NotFoundException
  * @throws \Exception
  */
 protected function handlePOST()
 {
     $payload = $this->getPayloadData();
     $data = ['first_name' => ArrayUtils::get($payload, 'first_name'), 'last_name' => ArrayUtils::get($payload, 'last_name'), 'name' => ArrayUtils::get($payload, 'name'), 'email' => ArrayUtils::get($payload, 'email'), 'phone' => ArrayUtils::get($payload, 'phone'), 'security_question' => ArrayUtils::get($payload, 'security_question'), 'security_answer' => ArrayUtils::get($payload, 'security_answer'), 'default_app_id' => ArrayUtils::get($payload, 'default_app_id')];
     ArrayUtils::removeNull($data);
     $user = Session::user();
     if (empty($user)) {
         throw new NotFoundException('No user session found.');
     }
     $oldToken = Session::getSessionToken();
     $email = $user->email;
     $user->update($data);
     if (!empty($oldToken) && $email !== ArrayUtils::get($data, 'email', $email)) {
         // Email change invalidates token. Need to create a new token.
         $forever = JWTUtilities::isForever($oldToken);
         Session::setUserInfoWithJWT($user, $forever);
         $newToken = Session::getSessionToken();
         return ['success' => true, 'session_token' => $newToken];
     }
     return ['success' => true];
 }
Esempio n. 7
0
 public function testPOSTProfile()
 {
     $user = $this->createUser(1);
     $userModel = User::find($user['id']);
     Session::setUserInfoWithJWT($userModel);
     $fName = 'Jack';
     $lName = 'Smith';
     $name = 'Jack';
     $email = '*****@*****.**';
     $this->user1['email'] = $email;
     $phone = '123-475-7383';
     $sQuestion = 'Foo?';
     $sAnswer = 'bar';
     $payload = ['first_name' => $fName, 'last_name' => $lName, 'name' => $name, 'email' => $email, 'phone' => $phone, 'security_question' => $sQuestion, 'security_answer' => $sAnswer];
     $r = $this->makeRequest(Verbs::POST, static::RESOURCE, [], $payload);
     $c = $r->getContent();
     $this->assertTrue(Arr::get($c, 'success'));
     $userModel = User::find($user['id']);
     $r = $this->makeRequest(Verbs::GET, static::RESOURCE);
     $c = $r->getContent();
     $this->assertTrue(Hash::check($sAnswer, $userModel->security_answer));
     unset($payload['security_answer']);
     $this->assertEquals($payload, $c);
 }
Esempio n. 8
0
 /**
  * @param array   $credentials
  * @param bool    $remember
  * @param bool    $login
  * @param integer $appId
  *
  * @return bool
  * @throws \Exception
  */
 public static function authenticate(array $credentials, $remember = false, $login = true, $appId = null)
 {
     if (\Auth::attempt($credentials, false, false)) {
         $user = \Auth::getLastAttempted();
         static::checkRole($user->id);
         if ($login) {
             $user->last_login_date = Carbon::now()->toDateTimeString();
             $user->confirm_code = 'y';
             $user->save();
             Session::setUserInfoWithJWT($user, $remember, $appId);
         }
         return true;
     } else {
         return false;
     }
 }
Esempio n. 9
0
 /**
  * Handles login using this service.
  *
  * @param array $credential
  * @param bool  $remember
  *
  * @return array
  * @throws \DreamFactory\Core\Exceptions\UnauthorizedException
  */
 public function handleLogin(array $credential, $remember = false)
 {
     $username = ArrayUtils::get($credential, 'username');
     $password = ArrayUtils::get($credential, 'password');
     $auth = $this->driver->authenticate($username, $password);
     if ($auth) {
         $ldapUser = $this->driver->getUser();
         $user = $this->createShadowADLdapUser($ldapUser);
         $user->last_login_date = Carbon::now()->toDateTimeString();
         $user->confirm_code = null;
         $user->save();
         Session::setUserInfoWithJWT($user, $remember);
         return Session::getPublicInfo();
     } else {
         throw new UnauthorizedException('Invalid username and password provided.');
     }
 }