Esempio n. 1
0
 public function setUp()
 {
     parent::setUp();
     Zend_Registry::set('staticSalt', sha1(mt_rand()));
     $this->_authUser = UserTest::createRandomTestUser();
     $this->_authUser->setUsername('Admin');
     $this->_authUser->setPassword(UserService::encryptPassword('password', $this->_authUser->getSalt()));
     AclRoleService::create($this->_authUser->getRole());
     UserService::create($this->_authUser);
 }
Esempio n. 2
0
 /**
  * Render user edit link
  *
  * @param Rexmac\Zyndax\Entity\User|int $user User entity or ID
  * @return string
  */
 public function userEditLink($user = null)
 {
     if (is_numeric($user)) {
         $user = UserService::findOneById($user);
     }
     if (null === $user) {
         return '';
     }
     if (!Zend_Registry::get('acl')->isUserAllowed('mvc:admin:users:edit', 'view')) {
         return $this->view->escape($user->getUsername());
     }
     return sprintf('<a href="%s" title="Edit user">%s</a>', $this->view->url(array('userId' => $user->getId()), 'adminUserEdit'), $this->view->escape($user->getUsername()));
 }
Esempio n. 3
0
 public function testProfileActionWithExceptionalValues()
 {
     $user = UserService::findOneByUsername('testuser');
     $profile = $user->getProfile();
     $adminUser = UserService::findOneByUsername('admin');
     $this->assertNotEquals($adminUser->getEmail(), $user->getEmail());
     $this->_loginTestUser();
     $this->redispatch('/user/profile');
     $this->assertNotRedirect();
     $this->assertModule('default');
     $this->assertController('user');
     $this->assertAction('profile');
     $this->getRequest()->setMethod('POST')->setPost(array('email' => $adminUser->getEmail(), 'firstName' => $profile->getFirstName(), 'lastName' => $profile->getLastName()));
     $this->redispatch('/user/profile', false);
     $this->assertNotRedirect();
     $this->assertModule('default');
     $this->assertController('user');
     $this->assertAction('profile');
     $this->assertResponseCode(500);
     $this->assertBodyContains('Application error: UCPA001 - SQLSTATE[23000]: Integrity constraint violation: ', 'Missing application error');
 }
Esempio n. 4
0
 /**
  * Atempts to authenticate
  *
  * @throws Zend_Auth_Adapter_Exception if answering the authentication query is impossible
  * @return Zend_Auth_Result
  */
 public function authenticate()
 {
     if (null !== ($user = UserService::findOneByUsername($this->identity))) {
         if (!UserService::verifyPassword($user, $this->credential)) {
             $this->authResultInfo['code'] = AuthResult::FAILURE_CREDENTIAL_INVALID;
             $this->authResultInfo['messages'][] = 'Supplied credential is invalid.';
         } elseif (!$user->getActive()) {
             $this->authResultInfo['code'] = AuthResult::FAILURE_REQUIRES_EMAIL_VERIFICATION;
             $this->authResultInfo['messages'][] = 'User account requires email address verification.';
         } elseif ($user->getLocked()) {
             $this->authResultInfo['code'] = AuthResult::FAILURE_ACCOUNT_LOCKED;
             $this->authResultInfo['messages'][] = 'User account is locked.';
         } else {
             $this->user = $user;
             $user->setLastConnect(new \DateTime());
             UserService::update();
             $this->authResultInfo['code'] = AuthResult::SUCCESS;
             $this->authResultInfo['messages'][] = 'Authentication successful.';
         }
     } else {
         $this->authResultInfo['code'] = AuthResult::FAILURE_IDENTITY_NOT_FOUND;
         $this->authResultInfo['messages'][] = 'Identity not found.';
     }
     return $this->authenticateCreateAuthResult();
 }
Esempio n. 5
0
 /**
  * Update user
  *
  * @param User $user User to be updated
  * @param array $data User data to be updated
  * @throws Exception
  * @return bool True if changes were made
  */
 private function _updateUser(User $user, array $data)
 {
     Logger::debug(__METHOD__ . '::' . var_export($data, true));
     #if(isset($data['email']) && '' != $data['email'] && $data['email'] != $user->getEmail()) {
     #  $user->setEmail($data['email']);
     #}
     $profile = $user->getProfile();
     $social = $profile->getSocialNetworkIdentities();
     // Track changes
     $changes = array(PROFILE_EDIT => array(), SOCIAL_EDIT => array(), USER_EDIT => array());
     foreach ($data as $key => $newValue) {
         Logger::debug(__METHOD__ . ":: {$key}");
         if (in_array($key, array('firstName', 'lastName', 'phone'))) {
             Logger::debug(__METHOD__ . ':: Profile key');
             $type = PROFILE_EDIT;
             $oldValue = $profile->{'get' . ucfirst($key)}();
         } elseif (preg_match('/^social(\\d+)$/', $key, $matches)) {
             Logger::debug(__METHOD__ . ':: Social key: social' . $matches[1]);
             $type = SOCIAL_EDIT;
             $oldValue = $social[$matches[1] - 1];
         } else {
             Logger::debug(__METHOD__ . ':: User key');
             $type = USER_EDIT;
             $oldValue = $user->{'get' . ucfirst($key)}();
         }
         Logger::debug(__METHOD__ . ":: OLD => " . (is_object($oldValue) ? get_class($oldValue) : var_export($oldValue, true)));
         Logger::debug(__METHOD__ . ":: NEW => " . (is_object($newValue) ? get_class($newValue) : var_export($newValue, true)));
         // Only update changed properties, and keep track of the changes as well
         if ($this->_valueChanged($oldValue, $newValue)) {
             Logger::debug(__METHOD__ . ":: {$key} has changed");
             Logger::debug(__METHOD__ . ":: OLD => " . (is_object($oldValue) ? get_class($oldValue) : var_export($oldValue, true)));
             Logger::debug(__METHOD__ . ":: NEW => " . (is_object($newValue) ? get_class($newValue) : var_export($newValue, true)));
             $oldVal = $oldValue;
             $newVal = $newValue;
             if ($newValue instanceof Rexmac\Zyndax\Form\Element\SocialNetworkIdentity && $oldValue instanceof Rexmac\Zyndax\Entity\UserSocialNetworkIdentity) {
                 $newVal = $newValue->getIdentityName() . '@' . SocialNetworkService::findOneById($newValue->getNetwork())->getName();
                 $oldVal = $oldValue->getName() . '@' . $oldValue->getSocialNetwork()->getName();
             } elseif (is_object($newValue)) {
                 if (isset($oldValue)) {
                     $oldVal = $oldValue->getName();
                 } else {
                     $oldVal = '';
                 }
                 $newVal = $newValue->getName();
             } elseif (is_object($oldValue)) {
                 $oldVal = $oldValue->getName();
             }
             $changes[$type][] = array('item' => $key, 'oldValue' => $oldVal, 'newValue' => $newVal);
             // Set new value
             if ($type === SOCIAL_EDIT) {
                 if ('' === $newValue->getIdentityName()) {
                     $removed = $profile->removeSocialNetworkIdentity($oldValue);
                     Logger::debug(__METHOD__ . ':: Removed? ' . var_export($removed, true));
                     UserSocialNetworkIdentityService::delete($oldValue);
                     #$profile->setSocialNetworkIdentities(UserSocialNetworkIdentityService::findBy(array('userProfile', $profile->getId())));
                 } else {
                     $oldValue->setSocialNetwork(SocialNetworkService::findOneById($newValue->getNetwork()));
                     $oldValue->setName($newValue->getIdentityName());
                 }
             } elseif ($type === PROFILE_EDIT) {
                 $profile->{'set' . ucfirst($key)}($newValue);
             } else {
                 $user->{'set' . ucfirst($key)}($newValue);
             }
         }
     }
     UserService::update();
     UserProfileService::update();
     UserSocialNetworkIdentityService::update();
     // Any changes to record?
     $changed = false;
     foreach (array(PROFILE_EDIT, SOCIAL_EDIT, USER_EDIT) as $type) {
         Logger::debug(__METHOD__ . ':: Examining ' . $type . ' changes...');
         if (count($changes[$type]) > 0) {
             Logger::debug(__METHOD__ . ':: changes[\'' . $type . '\'] = ' . var_export($changes[$type], true));
             $description = '';
             foreach ($changes[$type] as $change) {
                 Logger::debug(__METHOD__ . ':: change = ' . var_export($change, true));
                 $description .= sprintf('%s changed from "%s" to "%s".', $change['item'], $change['oldValue'] === 0 ? '0' : $change['oldValue'], $change['newValue']) . PHP_EOL;
                 Logger::debug(__METHOD__ . ':: description = ' . $description);
             }
             UserEditEventService::create(array('user' => $user, 'editor' => $this->_user, 'ip' => $this->getRequest()->getServer('REMOTE_ADDR'), 'date' => new DateTime(), 'description' => rtrim($description)));
             $changed = true;
         }
     }
     return $changed;
 }
Esempio n. 6
0
 /**
  * Update User entity
  *
  * @param User $user
  * @param array $data
  * @return void
  */
 private function _updateUser(User $user, array $data)
 {
     if (isset($data['newPassword']) && '' != $data['newPassword']) {
         // Verify old password
         #if(!UserService::verifyPassword($this->_user, $data['password'])) {
         #  throw new Exception('Current password is invalid');
         #}
         $data['password'] = UserService::encryptPassword($data['newPassword']);
     } else {
         $data['password'] = $user->getPassword();
     }
     unset($data['newPassword']);
     unset($data['newPasswordConfirm']);
     if (isset($data['role'])) {
         $data['role'] = AclRoleService::findOneById($data['role']);
     }
     if (isset($data['timeZone'])) {
         $data['timeZone'] = TimeZoneService::findOneById($data['timeZone']);
     }
     // Track changes
     $changes = array();
     foreach ($data as $key => $newValue) {
         if ($key === 'userId') {
             continue;
         }
         $oldValue = $user->{'get' . ucfirst($key)}();
         Logger::debug(__METHOD__ . ":: {$key}");
         Logger::debug(__METHOD__ . ":: OLD => " . (is_object($oldValue) ? get_class($oldValue) : var_export($oldValue, true)));
         Logger::debug(__METHOD__ . ":: NEW => " . (is_object($newValue) ? get_class($newValue) : var_export($newValue, true)));
         // Only update changed properties, and keep track of the changes as well
         if ($this->_valueChanged($oldValue, $newValue)) {
             Logger::debug(__METHOD__ . ":: {$key} has changed");
             Logger::debug(__METHOD__ . ":: OLD => " . (is_object($oldValue) ? get_class($oldValue) : var_export($oldValue, true)));
             Logger::debug(__METHOD__ . ":: NEW => " . (is_object($newValue) ? get_class($newValue) : var_export($newValue, true)));
             $oldVal = $oldValue;
             $newVal = $newValue;
             if (is_object($newValue)) {
                 if (isset($oldValue)) {
                     $oldVal = $oldValue->getName();
                 } else {
                     $oldVal = '';
                 }
                 $newVal = $newValue->getName();
             } elseif (is_object($oldValue)) {
                 $oldVal = $oldValue->getName();
             }
             $changes[] = array('item' => $key, 'oldValue' => $oldVal, 'newValue' => $newVal);
             // Set new value
             $user->{'set' . ucfirst($key)}($newValue);
         }
     }
     UserService::update();
     // Any changes to record?
     if (count($changes) > 0) {
         $description = '';
         foreach ($changes as $change) {
             $description .= sprintf('%s changed from "%s" to "%s".', $change['item'], $change['oldValue'] === 0 ? '0' : $change['oldValue'], $change['newValue']) . PHP_EOL;
         }
         UserEditEventService::create(array('user' => $user, 'editor' => $this->_user, 'ip' => $this->getRequest()->getServer('REMOTE_ADDR'), 'date' => new DateTime(), 'description' => rtrim($description)));
         return true;
     }
     return false;
 }
Esempio n. 7
0
 /**
  * Called before an action is dispatched by Zend_Controller_Dispatcher.
  * Does nothing if current request matches a whitelisted route, or if
  * request is authenticated. Otherwise, redirects to login page.
  *
  * @param  AbstractRequest $request
  * @throws Zend_Controller_Dispatcher_Exception
  * @throws Zend_Controller_Action_Exception
  * @return void
  */
 public function preDispatch(AbstractRequest $request)
 {
     $route = strtolower(sprintf('%s/%s/%s', $request->getModuleName(), $request->getControllerName(), $request->getActionName()));
     Logger::debug(__METHOD__ . ':: route = ' . $route);
     $auth = Zend_Auth::getInstance();
     if ($auth->hasIdentity()) {
         Logger::debug(__METHOD__ . ":: Auth has identity...");
         $user = UserService::find($auth->getIdentity());
         $user->setLastConnect(new DateTime());
         UserService::update();
         Zend_Registry::set('user', $user);
         Logger::debug(__METHOD__ . ':: logged in as user: '******' - ' . $user->getUsername());
         if (!Zend_Session::$_unitTestEnabled) {
             // @codeCoverageIgnoreStart
             // If accessing non-admin UI and currently using LoginAs feature, then overwrite 'user' in registry
             $authCookieName = Zend_Registry::get('config')->session->auth->name;
             $ssa = new Zend_Session_Namespace($authCookieName);
             if (isset($ssa->loginAsUser) && 'admin' !== strtolower($request->getModuleName())) {
                 $user = UserService::find($ssa->loginAsUser);
                 #Logger::debug(__METHOD__.':: admin using login-as user: '******' - ' . $user->getUsername());
                 Zend_Registry::set('loginAs', true);
                 Zend_Registry::set('user', $user);
             }
         }
         // @codeCoverageIgnoreEnd
     }
     $this->_isDispatchable($request);
     if (null === $this->_whitelist) {
         $this->_whitelist = Zend_Registry::get('config')->auth->whitelist->toArray();
     }
     foreach ($this->_whitelist as $whitelistedRoute) {
         if (preg_match('|^' . $whitelistedRoute . '$|', $route)) {
             return;
         }
     }
     $auth = Zend_Auth::getInstance();
     if ($auth->hasIdentity()) {
         Logger::debug(__METHOD__ . ":: Auth has identity...");
         #if(isset($_SERVER["REMOTE_ADDR"])) { $ip = $_SERVER["REMOTE_ADDR"]; }
         #elseif(isset($_SERVER["HTTP_X_FORWARDED_FOR"])) { $ip = $_SERVER["HTTP_X_FORWARDED_FOR"]; }
         #elseif(isset($_SERVER["HTTP_CLIENT_IP"])) { $ip = $_SERVER["HTTP_CLIENT_IP"]; }
         #else { $ip = null; }
         return;
     }
     #$request->setDispatched(false);  // Cancel the current action
     // Handle unauthorized request...
     Logger::debug(__METHOD__ . ":: Unauthorized request. Redirecting...");
     if (!Zend_Session::$_unitTestEnabled) {
         // @codeCoverageIgnoreStart
         $session = new Zend_Session_Namespace('referrer');
         $session->uri = $request->getRequestUri();
     }
     // @codeCoverageIgnoreEnd
     if ($request->isXmlHttpRequest()) {
         return $this->getResponse()->setHttpResponseCode(500)->setBody(json_encode(array('redirect' => '/user/login')))->sendResponse();
     }
     $helper = HelperBroker::getStaticHelper('redirector');
     $helper->gotoUrl('/user/login');
 }
Esempio n. 8
0
 /**
  * Insert test data into test DB.
  *
  * @return void
  */
 private static function insertTestData()
 {
     // Insert test data
     $roles = array('admin' => AclRoleService::create(array('name' => 'Administrator', 'description' => 'Site Administrator')), 'user' => AclRoleService::create(array('name' => 'User', 'description' => 'Regular user')), 'guest' => AclRoleService::create(array('name' => 'Guest', 'description' => 'Anonymous guest')));
     $resources = array('default' => AclResourceService::create(array('identifier' => 'mvc:default:all', 'name' => 'Global non-admin access')), 'userLogin' => AclResourceService::create(array('identifier' => 'mvc:default:user:login', 'name' => 'User login')), 'admin' => AclResourceService::create(array('identifier' => 'mvc:admin', 'name' => 'Admin interface')));
     AclPermissionService::create(array('role' => $roles['guest'], 'resource' => $resources['default'], 'name' => 'view'));
     AclPermissionService::create(array('role' => $roles['guest'], 'resource' => $resources['userLogin'], 'name' => 'view'));
     AclPermissionService::create(array('role' => $roles['admin'], 'resource' => $resources['admin'], 'name' => 'view'));
     #AclPermissionService::create(array('role' => $roles['admin'], 'resource' => $resources['adminIndex'], 'name' => 'view'));
     $userData = array(array('username' => 'admin', 'firstName' => 'admin', 'lastName' => 'istrator', 'role' => $roles['admin']), array('username' => 'testuser', 'firstName' => 'test', 'lastName' => 'er', 'role' => $roles['user']));
     $timeZone = TimeZoneService::create(array('name' => 'America/Los_Angeles'));
     $users = array();
     foreach ($userData as $u) {
         $user = UserService::create(array('role' => $u['role'], 'username' => $u['username'], 'password' => $u['username'], 'email' => $u['username'] . '@example.com', 'dateCreated' => new \DateTime(), 'lastConnect' => new \DateTime(), 'active' => 1, 'locked' => 0));
         $user->setPassword(UserService::encryptPassword($user->getPassword()));
         $profile = UserProfileService::create(array('user' => $user, 'firstName' => $u['firstName'], 'lastName' => $u['lastName'], 'phone' => '408-555-5555', 'website' => '', 'timeZone' => $timeZone));
         $user->setProfile($profile);
         #UserService::update();
         #UserProfileService::update();
         $users[$u['username']] = $user;
     }
 }
Esempio n. 9
0
 public function testSendVerificationEmail()
 {
     $siteDomain = 'mytestsite.tld';
     $siteName = 'MY_TEST_SITE';
     $_SERVER['HTTP_HOST'] = $siteDomain;
     Zend_Registry::set('siteName', $siteName);
     $recipient = 'root@localhost';
     $user = UserTest::createTestUser();
     $user->setEmail($recipient);
     // Real address in case we actually send mail
     $mock = new MockMailTransport();
     UserService::sendVerificationEmail($user, $mock);
     $subject = '[' . $siteName . '] Email Verification';
     $this->assertTrue($mock->called);
     $this->assertEquals($subject, $mock->subject);
     $this->assertEquals('noreply@' . $siteDomain, $mock->from);
     $this->assertContains($recipient, $mock->recipients);
     $this->assertContains("Thank you for registering with {$siteName}.", $mock->mail->getBodyText()->getRawContent());
     $this->assertContains("From: {$siteName} <noreply@{$siteDomain}>", $mock->header);
     $this->assertContains("Subject: {$subject}", $mock->header);
     $this->assertContains("To: {$recipient}", $mock->header);
 }