$container['authentication_adapter'] = function ($c) {
return new GrEduLabs\Authentication\Adapter\RedBeanPHP($c['events'], $c['identity_class_resolver'], $c['authentication_crypt']);
};
$container['authentication_service'] = function ($c) {
return new Zend\Authentication\AuthenticationService($c['authentication_storage'], $c['authentication_adapter']);
};
$container['identity_class_resolver'] = $container->protect(function () {
return 'GrEduLabs\\Authentication\\Identity';
});
$container['authentication_crypt'] = function ($c) {
$service = new Zend\Crypt\Password\Bcrypt();
if (isset($c['settings']['authentication']['bcrypt']['salt'])) {
$service->setSalt($c->settings['authentication']['bcrypt']['salt']);
}
if (isset($c['settings']['authentication']['bcrypt']['cost'])) {
$service->setCost($c->settings['authentication']['bcrypt']['cost']);
}
return $service;
};
$container[GrEduLabs\Authentication\Action\User\Login::class] = function ($c) {
return new GrEduLabs\Authentication\Action\User\Login($c['view'], $c['authentication_service'], $c['flash'], $c['router']->pathFor('index'));
};
$container[GrEduLabs\Authentication\Action\User\Logout::class] = function ($c) {
return new GrEduLabs\Authentication\Action\User\Logout($c['authentication_service'], $c['events'], $c['router']->pathFor('index'));
};
$nav = $container['settings']->get('navigation');
$nav['authentication'] = ['login' => ['label' => 'Σύνδεση', 'route' => 'user.login', 'icon' => 'unlock'], 'logout' => ['label' => 'Αποσύνδεση', 'route' => 'user.logout', 'id' => 'nav-logout', 'icon' => 'lock']];
$container['settings']->set('navigation', $nav);
});
$events('on', 'app.services', function ($container) {
$container->extend('view', function ($view, $c) {
/**
* Get service configuration.
*
* @return array Service configuration
*/
public function getServiceConfig()
{
return ['aliases' => ['Zend\\Authentication\\AuthenticationService' => 'user_auth_service'], 'invokables' => ['user_auth_storage' => 'Zend\\Authentication\\Storage\\Session', 'user_service_user' => 'User\\Service\\User', 'user_service_apiuser' => 'User\\Service\\ApiUser', 'user_service_email' => 'User\\Service\\Email'], 'factories' => ['user_bcrypt' => function ($sm) {
$bcrypt = new \Zend\Crypt\Password\Bcrypt();
$config = $sm->get('config');
$bcrypt->setCost($config['bcrypt_cost']);
return $bcrypt;
}, 'user_hydrator' => function ($sm) {
return new \DoctrineModule\Stdlib\Hydrator\DoctrineObject($sm->get('user_doctrine_em'));
}, 'user_form_activate' => function ($sm) {
return new \User\Form\Activate($sm->get('translator'));
}, 'user_form_register' => function ($sm) {
return new \User\Form\Register($sm->get('translator'));
}, 'user_form_login' => function ($sm) {
return new \User\Form\Login($sm->get('translator'));
}, 'user_form_password' => function ($sm) {
return new \User\Form\Password($sm->get('translator'));
}, 'user_form_passwordreset' => function ($sm) {
return new \User\Form\Register($sm->get('translator'));
}, 'user_form_passwordactivate' => function ($sm) {
return new \User\Form\Activate($sm->get('translator'));
}, 'user_form_apitoken' => function ($sm) {
$form = new \User\Form\ApiToken($sm->get('translator'));
$form->setHydrator($sm->get('user_hydrator'));
return $form;
}, 'user_mapper_user' => function ($sm) {
return new \User\Mapper\User($sm->get('user_doctrine_em'));
}, 'user_mapper_newuser' => function ($sm) {
return new \User\Mapper\NewUser($sm->get('user_doctrine_em'));
}, 'user_mapper_apiuser' => function ($sm) {
return new \User\Mapper\ApiUser($sm->get('user_doctrine_em'));
}, 'user_mail_transport' => function ($sm) {
$config = $sm->get('config');
$config = $config['email'];
$class = '\\Zend\\Mail\\Transport\\' . $config['transport'];
$optionsClass = '\\Zend\\Mail\\Transport\\' . $config['transport'] . 'Options';
$transport = new $class();
$transport->setOptions(new $optionsClass($config['options']));
return $transport;
}, 'user_auth_adapter' => function ($sm) {
$adapter = new \User\Authentication\Adapter\Mapper($sm->get('user_bcrypt'), $sm->get('application_service_legacy'));
$adapter->setMapper($sm->get('user_mapper_user'));
return $adapter;
}, 'user_pin_auth_adapter' => function ($sm) {
$adapter = new \User\Authentication\Adapter\PinMapper($sm->get('application_service_legacy'));
$adapter->setMapper($sm->get('user_mapper_user'));
return $adapter;
}, 'user_auth_service' => function ($sm) {
return new \Zend\Authentication\AuthenticationService($sm->get('user_auth_storage'), $sm->get('user_auth_adapter'));
}, 'user_pin_auth_service' => function ($sm) {
return new \Zend\Authentication\AuthenticationService($sm->get('user_auth_storage'), $sm->get('user_pin_auth_adapter'));
}, 'user_remoteaddress' => function ($sm) {
$remote = new \Zend\Http\PhpEnvironment\RemoteAddress();
return $remote->getIpAddress();
}, 'user_role' => function ($sm) {
$authService = $sm->get('user_auth_service');
if ($authService->hasIdentity()) {
return $authService->getIdentity();
}
$apiService = $sm->get('user_service_apiuser');
if ($apiService->hasIdentity()) {
return 'apiuser';
}
$range = $sm->get('config')['tue_range'];
if (strpos($sm->get('user_remoteaddress'), $range) === 0) {
return 'tueguest';
}
return 'guest';
}, 'acl' => function ($sm) {
// initialize the ACL
$acl = new Acl();
/**
* Define all basic roles.
*
* - guest: everyone gets at least this access level
* - tueguest: guest from the TU/e
* - user: GEWIS-member
* - apiuser: Automated tool given access by an admin
* - admin: Defined administrators
*/
$acl->addRole(new Role('guest'));
$acl->addRole(new Role('tueguest'), 'guest');
$acl->addRole(new Role('user'), 'tueguest');
$acl->addrole(new Role('apiuser'), 'guest');
$acl->addrole(new Role('sosuser'), 'apiuser');
$acl->addrole(new Role('active_member'), 'user');
$acl->addRole(new Role('admin'));
$user = $sm->get('user_role');
// add user to registry
if ($user instanceof User) {
$roles = $user->getRoleNames();
// if the user has no roles, add the 'user' role by default
if (empty($roles)) {
$roles = ['user'];
}
// TODO: change this to getActiveOrganInstalltions() once 529 is fixed
if (count($user->getMember()->getOrganInstallations()) > 0) {
$roles[] = 'active_member';
}
$acl->addRole($user, $roles);
}
// admins are allowed to do everything
$acl->allow('admin');
// board members also are admins
$acl->allow('user', null, null, new \User\Permissions\Assertion\IsBoardMember());
// configure the user ACL
$acl->addResource(new Resource('apiuser'));
$acl->addResource(new Resource('user'));
$acl->allow('user', 'user', ['password_change']);
// sosusers can't do anything
$acl->deny('sosuser');
return $acl;
}, 'user_doctrine_em' => function ($sm) {
return $sm->get('doctrine.entitymanager.orm_default');
}], 'shared' => ['user_role' => false]];
}
/**
* Get service configuration.
*
* @return array Service configuration
*/
public function getServiceConfig()
{
return array('aliases' => array('Zend\\Authentication\\AuthenticationService' => 'user_auth_service'), 'invokables' => array('user_auth_storage' => 'Zend\\Authentication\\Storage\\Session', 'user_service_user' => 'User\\Service\\User', 'user_service_email' => 'User\\Service\\Email'), 'factories' => array('user_bcrypt' => function ($sm) {
$bcrypt = new \Zend\Crypt\Password\Bcrypt();
$config = $sm->get('config');
$bcrypt->setCost($config['bcrypt_cost']);
return $bcrypt;
}, 'user_form_activate' => function ($sm) {
return new \User\Form\Activate($sm->get('translator'));
}, 'user_form_register' => function ($sm) {
return new \User\Form\Register($sm->get('translator'));
}, 'user_form_login' => function ($sm) {
return new \User\Form\Login($sm->get('translator'));
}, 'user_mapper_user' => function ($sm) {
return new \User\Mapper\User($sm->get('user_doctrine_em'));
}, 'user_mapper_newuser' => function ($sm) {
return new \User\Mapper\NewUser($sm->get('user_doctrine_em'));
}, 'user_mail_transport' => function ($sm) {
$config = $sm->get('config');
$config = $config['email'];
$class = '\\Zend\\Mail\\Transport\\' . $config['transport'];
$optionsClass = '\\Zend\\Mail\\Transport\\' . $config['transport'] . 'Options';
$transport = new $class();
$transport->setOptions(new $optionsClass($config['options']));
return $transport;
}, 'user_auth_adapter' => function ($sm) {
$adapter = new \User\Authentication\Adapter\Mapper($sm->get('user_bcrypt'));
$adapter->setMapper($sm->get('user_mapper_user'));
return $adapter;
}, 'user_auth_service' => function ($sm) {
return new \Zend\Authentication\AuthenticationService($sm->get('user_auth_storage'), $sm->get('user_auth_adapter'));
}, 'user_role' => function ($sm) {
$authService = $sm->get('user_auth_service');
if ($authService->hasIdentity()) {
return $authService->getIdentity();
}
return 'guest';
}, 'acl' => function ($sm) {
// initialize the ACL
$acl = new Acl();
// define basic roles
$acl->addRole(new Role('guest'));
// simple guest
$acl->addRole(new Role('user'), 'guest');
// simple user
$acl->addRole(new Role('admin'));
// administrator
$user = $sm->get('user_role');
// add user to registry
if ('guest' != $user) {
$roles = $user->getRoleNames();
// if the user has no roles, add the 'user' role by default
if (empty($roles)) {
$roles = array('user');
}
$acl->addRole($user, $roles);
}
// admins are allowed to do everything
$acl->allow('admin');
return $acl;
}, 'user_doctrine_em' => function ($sm) {
return $sm->get('doctrine.entitymanager.orm_default');
}), 'shared' => array('user_role' => false));
}
/**
* Bcrypt utility
*
* Generates the bcrypt hash value of a string
*/
$autoload = realpath(__DIR__ . '/../vendor/autoload.php');
if (!$autoload) {
// Attempt to locate it relative to the application root
$autoload = realpath(__DIR__ . '/../../../autoload.php');
}
$zf2Env = "ZF2_PATH";
if (file_exists($autoload)) {
include $autoload;
} elseif (getenv($zf2Env)) {
include getenv($zf2Env) . '/Zend/Loader/AutoloaderFactory.php';
Zend\Loader\AutoloaderFactory::factory(array('Zend\\Loader\\StandardAutoloader' => array('autoregister_zf' => true)));
}
if (!class_exists('Zend\\Loader\\AutoloaderFactory')) {
throw new RuntimeException('Unable to load ZF2. Run `php composer.phar install` or define a ZF2_PATH environment variable.');
}
$bcrypt = new Zend\Crypt\Password\Bcrypt();
if ($argc < 2) {
printf("Usage: php bcrypt.php <password> [cost]\n");
printf("where <password> is the user's password and [cost] is the value\nof the cost parameter of bcrypt (default is %d).\n", $bcrypt->getCost());
exit(1);
}
if (isset($argv[2])) {
$bcrypt->setCost($argv[2]);
}
printf("%s\n", $bcrypt->create($argv[1]));
