/**
* @param ServiceLocatorInterface $serviceLocator
* @return UserService
*/
public function createService(ServiceLocatorInterface $serviceLocator)
{
$service = new UserService();
/** @var EntityManager $em */
$em = $serviceLocator->get(EntityManager::class);
$service->setEntityManager($em);
return $service;
}
public function indexAction()
{
$options = new Options();
$options = $this->getOptions($options);
$userService = new UserService();
$users = $userService->getUsers($options);
$this->content = View::RenderView($this->router, array('rows' => $users));
}
public function indexAction()
{
$options = new Options();
$options = $this->getOptions($options);
$userService = new UserService();
$users = $userService->getUsers($options);
// echo "<pre>";
header("Content-Type: application/json");
print_r(json_encode($users));
// echo "</pre>";
die;
$this->content = View::RenderView($this->router, array('rows' => $users));
}
public function loadCredentials($userOrId)
{
if (!$userOrId instanceof \Application\Model\UserModel) {
$userOrId = \Application\Service\UserService::getInstance()->load($userOrId);
}
return $this->setCredentials($userOrId->getId(), $userOrId->getUserName(), $userOrId->getOrganizationId());
}
/**
* @param DownloadTokenModel $downloadToken
* @return DownloadTokenModel
*/
public function create(models\ModelAbstract $downloadToken)
{
if (!$downloadToken instanceof DownloadTokenModel) {
throw new InvalidArgumentException('Supplied data must be a download token model');
}
$downloadToken->token = UserService::getInstance()->generatePassword(60);
$brandService = BrandService::getInstance();
$brand = $brandService->loadByOrganization(\App::getOrgUserLogged());
$router = \Zend_Controller_Front::getInstance()->getRouter();
$downloadToken->url = $brand->endPoint . $router->assemble(array('controller' => $downloadToken->controller, 'action' => $downloadToken->action, 'token' => $downloadToken->token), 'downloadToken');
$downloadToken->orgId = \App::getOrgUserLogged()->getId();
$downloadToken->expireDatetime = \App::config('downloadTokenLifeTime', "+1 day");
$ident = \Zend_Auth::getInstance()->getIdentity();
if (isset($ident['username'])) {
$downloadToken->username = $ident['username'];
}
if (isset($ident['authType'])) {
$downloadToken->authType = $ident['authType'];
}
if (isset($ident['apiId'])) {
$downloadToken->apiId = $ident['apiId'];
}
if (isset($ident['impersonation'])) {
$downloadToken->impersonation = $ident['impersonation'];
}
return parent::create($downloadToken);
}
public function impersonateAction()
{
// Session user
$user = $this->_getUser();
if ($this->getRequest()->isPost()) {
if (!$this->_hasParam('orgId')) {
throw new InvalidArgumentException("Organization Id is required");
}
$orgId = $this->_getParam('orgId');
$org = $this->_orgSrv->load($orgId);
if (!isset($org)) {
throw new InvalidArgumentException("Invalid organization: " . $orgId);
}
$this->_helper->allowed('impersonate', $org);
$this->_userSrv->impersonate($org);
$this->view->data = $orgId;
} else {
if ($this->getRequest()->isDelete()) {
if (!$user->isImpersonating()) {
throw new InvalidArgumentException("User is not impersonating.");
}
$this->_userSrv->impersonate();
$this->view->data = true;
} else {
throw new ForbiddenException("Impersonate must be a post or delete request");
}
}
}
/**
* Route shutdown hook -- Check for router exceptions
*
* @param Zend_Controller_Request_Abstract $request
*/
public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request)
{
$auth = Zend_Auth::getInstance();
$orgService = \Application\Service\OrgService::getInstance();
$identity = $auth->getIdentity();
//Bypass other auth methods
if ($identity['authType'] != App_Controller_Plugin_Auth::AUTH_TYPE_AUTH_TOKEN) {
return;
}
$front = Zend_Controller_Front::getInstance();
$bs = $front->getParam('bootstrap');
// Fetch logs and apply the token to them
$multilog = $bs->getPluginResource('multiplelog');
if (empty($identity['impersonation']) || empty($identity['impersonation']['orgId'])) {
return;
}
$orgId = $identity['impersonation']['orgId'];
$userSrv = UserService::getInstance();
\App::log()->info($identity['username'] . " is running as " . $orgId . " admin");
$user = $userSrv->loadByUsername($identity['username']);
$userSrv->generateImpersonatedUser($user, $identity['impersonation']);
foreach ($multilog->getLogs() as $log) {
$log->setEventItem('impersonated', "as {$orgId} admin");
$log->setEventItem('impersonatedOrgId', "{$orgId}");
$log->setEventItem('username', $identity['username'] . " as {$orgId} admin");
}
// Application\Model\Mapper\ProtoAbstractMapper::$accountingUserId .= "_impersonated";
Application\Model\Mapper\ProtoAbstractMapper::$organizationId = $orgId;
App_ListFilter::addDefaultExtraData('impersonated_org', $orgId);
$org = OrgService::getInstance()->load($orgId);
\App::getOrgUserLogged($org);
}
public function indexAction()
{
$userService = new UserService();
$users = $userService->GetUsers($this->options);
$data = json_encode($users);
return $data;
die;
echo "<pre>";
print_r($data);
echo "</pre>";
/** API */
$users = json_decode($data);
echo "<pre>";
print_r($users);
echo "</pre>";
$this->content = View::RenderView($this->router, array('users' => $users));
return $this->content;
}
/**
*
*/
public function unblockAction()
{
/**
* @var $user \Application\Model\UserModel
*/
$user = $this->_getUser();
$this->_helper->allowed('unblock', $user);
if ($user->status !== \Application\Model\UserModel::USER_STATUS_BLOCKED) {
throw new InvalidArgumentException("Invalid parameter value unblock: unblockUser");
}
$this->_userSrv->resetPassword($user);
}
public function testUserChangePasswordAction()
{
$this->loginByUserId(App_Test_PHPUnit_Framework_TestCase::PROVIDER_COMMERCIAL_USER_ID);
$userId = App_Test_PHPUnit_Framework_TestCase::CUSTOMER_USER_ID;
$this->post(self::NS . '/reset-password', array(), array('userId' => $userId));
$this->assertResponseCode("200");
// Reset password action sets user status to pending
// Undo it to avoid breaking next tests...
$user = \Application\Service\UserService::getInstance()->load($userId);
$user->setStatus(\Application\Model\UserModel::USER_STATUS_ACTIVATED);
$user->save();
}
/**
* Validate element value
*
* @param array $data
* @param mixed $context
* @return boolean
*/
public function isValid($data, $context = null, $removeNotPresentFields = false)
{
if ($context && isset($context['id'])) {
$this->_userId = $context['id'];
}
//This validation is only for service provider users
$user = UserService::getInstance()->load($this->_userId);
if ($user->getOrgType() !== Application\Model\Organization\OrgServiceProviderModel::ORG_TYPE) {
return true;
}
$encriptedPassword = sha1($data);
return parent::isValid($encriptedPassword, $context, $removeNotPresentFields);
}
/**
* Deletes the given user
*/
public function deleteAction()
{
// Try to load the chosen user
$userId = $this->getRequest()->getParam('id');
$user = $this->_userSrv->load($userId);
if (empty($user)) {
throw new NotFoundException('User ' . $userId . ' not found', 404);
}
// Check permissions
$this->_helper->allowed('delete', $user);
// Remove the user
$this->_userSrv->delete($userId);
$this->view->data = true;
}
/**
*
* @expectedException Application\Exceptions\ValidateException
*/
public function testLastUsedPasswordsMaxReached()
{
// User should be a service provider
$user = clone $this->_user;
$user->id = null;
$user->setOrganizationId(self::PROVIDER_COMMERCIAL_ORG_ID);
$user->save();
// Update password N times
$limit = \app::config('lastUsedPasswordsLimit');
$loops = $limit + 5;
for ($i = 0; $i < $loops; $i++) {
$lastPassword = '******' . rand(1000, 9999);
$user = $this->_service->updatePassword($user, $lastPassword);
$lastUsedPasswords = $this->_service->getLastUsedPasswords($user->id);
$this->assertNotEmpty($lastUsedPasswords);
}
$this->assertEquals(count($lastUsedPasswords), $limit);
// Try to insert an existent password in a list
$this->_service->updatePassword($user, $lastPassword);
}
/**
* @param string $message
* @param array|object $resource
* @param null|string|Default_Model_User $user
*/
public function direct($message, $resource, $user = null)
{
/** @var $log Zend_Log */
$boot = $this->getFrontController()->getParam('bootstrap');
$multilog = $boot->getPluginResource('multiplelog');
$log = $multilog->getLog('audit');
// Assign username
if (NULL === $user) {
$ident = Zend_Auth::getInstance()->getIdentity();
$user = new UserModel(array('userName' => $ident['username']));
//Impersonation
if (isset($ident['impersonation']) && isset($ident['impersonation'])) {
UserService::getInstance()->generateImpersonatedUser($user, $ident['impersonation']);
}
} else {
if (!$user instanceof UserModel) {
$user = new UserModel(array('userName' => $user));
}
}
$log->setEventItem('username', $user->userName);
if ($user->isImpersonating()) {
$log->setEventItem('impersonated', "as " . $user->impersonatingOrgId . " admin");
}
// Set the origin flag indicating an external API call
if (!empty(\Application\Model\Mapper\OrganizationMapper::$accountingTransactionPrefix) && \Application\Model\Mapper\OrganizationMapper::$accountingTransactionPrefix == 'externalAuth') {
$log->setEventItem('origin', 'external');
} else {
$log->setEventItem('origin', 'portal');
}
// Convert single resources to arrays
if (!is_array($resource)) {
$resource = array($resource);
}
// For each given resource log the action
foreach ($resource as $res) {
$log->setEventItem('resource', (string) $res);
$log->audit($message);
}
}
* @var MongoCollection
*/
$db = $cli->getResource('mongo');
$config = $cli->getConfig('resources.inactivity.lastLogin');
$regex = new MongoRegex("/^(" . implode('|', $config['orgTypes']) . ").+/i");
$time = time() - $config['interval'];
$cursor = $db->user->find(array("organizationId" => $regex, "lastLogin" => array('$lt' => new \MongoDate($time)), "status" => 'activated', "deleted" => array('$exists' => false)));
$count = 0;
foreach ($cursor as $data) {
try {
//echo json_encode($data) . "\n";
$user = \Application\Service\UserService::getInstance()->load($data['_id']);
// Prepare request
App_Controller_Plugin_TrackingToken::generateToken($user->getUserName(), $user->getOrganizationId());
$org = \Application\Service\OrgService::getInstance()->load($user->getOrganizationId());
App::getOrgUserLogged($org);
// Send request
\Application\Service\UserService::getInstance()->blockDueToInactivity($user);
$count++;
} catch (Exception $e) {
echo "Error with user " . $data['_id'] . ": " . $e->getMessage();
}
}
echo "{$count} inactive users successfully blocked \n";
} catch (Exception $e) {
echo 'AN ERROR HAS OCCURRED:' . PHP_EOL;
echo $e->getMessage() . PHP_EOL;
exit(1);
}
// generally speaking, this script will be run from the command line
exit(0);
public function setUp()
{
$this->_validateCollection = new Validate\UserPasswordValidate();
$ident = Zend_Auth::getInstance()->getIdentity();
$this->_user = \Application\Service\UserService::getInstance()->load($ident['id']);
}
/**
* @return JsonModel
*/
public function registrationAction()
{
$data = $this->getPostData();
$this->service->registerOperator($data);
return new JsonModel(['success' => true]);
}
public function loginByUserName($userName, $authType = null)
{
$user = \Application\Service\UserService::getInstance()->loadByUsername($userName);
\App_Test_PHPUnit_Framework_TestCase::initAuthUser($user, $authType);
}
protected function _checkUserPassword($user)
{
$now = time();
$last = $user->getLastPasswordChange();
$type = OrgService::getInstance()->getTypeById($user->getOrganizationId());
// Check depends on user organization type
if ($last && in_array($type, self::$_lastPasswordInactivity['orgTypes']) && $now - $last > self::$_lastPasswordInactivity['interval']) {
// Inject change password token
$passwordToken = UserService::getInstance()->generateAndSaveLostPasswordToken($user);
$this->getResponse()->setHeader('X-M2M-PasswordExpiredToken', $passwordToken->getToken(), true);
// Stop auth process
throw new \Application\Exceptions\ForbiddenException("User password has expired", PermissionCodes::AUTH_PASSWORD_HAS_EXPIRED);
}
}
/**
* Return an Instance of the user logged
*
* @return \Application\Model\CurrentUserModel
*/
public static function getUserLogged($setUser = NULL, $reset = false)
{
static $user;
if ($reset) {
$user = null;
}
if (NULL !== $setUser) {
if (!$setUser instanceof CurrentUserModel) {
$setUser = UserService::getInstance()->generateCurrentUser($setUser);
}
$user = $setUser;
}
if (empty($user)) {
$user = UserService::getInstance()->generateCurrentUser();
}
return $user;
}
public function create($data)
{
$hydrator = new ObjectProperty();
$data = $hydrator->extract($data);
return $this->userService->save($data);
}
public function init()
{
$this->_simSrv = \Application\Service\SimService::getInstance();
$this->_userSrv = \Application\Service\UserService::getInstance();
$this->_orgSrv = \Application\Service\OrgService::getInstance();
}
public function init()
{
$this->_userSrv = UserService::getInstance();
}
public function delete($orgOrId)
{
if (!isset($orgOrId) && !strlen($orgOrId)) {
throw new InvalidArgumentException('function param cannot be null');
}
if (!$orgOrId instanceof \Application\Model\OrgModelAbstract) {
$org = $this->load($orgOrId);
} else {
$org = $orgOrId;
}
$validator = new \Application\Model\Validate\Organization\CustomerIsErasable();
if (!$validator->isValid($org)) {
throw new ValidateException("customer {$orgOrId} is not erasable", array('validationErrors' => $validator->getMessages()));
}
$type = $this->getChildrenTypeByOrg($org);
$filterListOrgService = $this->buildFilterList(array('type' => $type, \Application\Model\Filter\OrgFilterFields::PARENT_ID => $org->getId()));
if ($org->getType() != OrgAggregatorModel::ORG_TYPE) {
$list = $this->listAll($type, array('filterList' => $filterListOrgService));
$items = $list->getItems();
if (count($items) > 0) {
throw new InvalidArgumentException('The organization has ChildOrgs and can not be deleted');
}
}
$templateService = TemplateService::getInstance();
$userService = UserService::getInstance();
$APPIdService = APIIdService::getInstance();
$this->deleteOrgElements($org, $templateService);
$this->deleteOrgElements($org, $userService);
$this->deleteOrgElements($org, $APPIdService);
$mapper = $this->getMapperByType($this->getTypeById($org->getId()));
$result = $mapper->delete($org->getId());
WatcherService::getInstance()->removeByScope('organization', $org->id);
\App::audit('The organization with Id ' . $org->getId() . "has been deleted", $org);
$this->_sendEvent('delete', $org);
return $result;
}
/**
* Called before Zend_Controller_Front exits its dispatch loop.
*
* @return void
*/
public function dispatchLoopShutdown()
{
if (!Zend_Session::sessionExists() || !Zend_Auth::getInstance()->hasIdentity()) {
return;
}
$ident = Zend_Auth::getInstance()->getIdentity();
// Session management by auth type
$isTemporalLogin = in_array($ident['authType'], array(self::AUTH_TYPE_REGULAR, self::AUTH_TYPE_CORE, self::AUTH_TYPE_ACTIVATION_TOKEN, self::AUTH_TYPE_LOST_PASSWORD_TOKEN, self::AUTH_TYPE_PASSWORD_EXPIRED_TOKEN));
$isVaporLogin = in_array($ident['authType'], array(self::AUTH_TYPE_LOST_PASSWORD, self::AUTH_TYPE_ASYNC, self::AUTH_TYPE_EXTERNAL, self::AUTH_TYPE_DOWNLOAD_TOKEN, self::AUTH_TYPE_THIRD_PARTY));
/*
* When request has used a vapor login or a failed temporal login we regenerate session.
* But if request is a success temporal login we add auth token header
*/
if ($isVaporLogin) {
// Destroy the session
Zend_Session::destroy();
$this->getResponse()->clearHeader('X-Csrf-Token');
$_SESSION = array();
} else {
if ($isTemporalLogin) {
if ($this->getResponse()->isException()) {
// Destroy the identity
Zend_Auth::getInstance()->clearIdentity();
// Regenerate a new session
if (!Zend_Session::isRegenerated()) {
Zend_Session::regenerateId();
}
} else {
if (!empty($ident['id'])) {
// Regenerate session
$this->getResponse()->setHeader('X-M2M-AuthToken', $ident['token'], true);
// Save last user access
$user = UserService::getInstance()->load($ident['id']);
$user->setLastLogin(time());
$user->save();
// Add user language (UX requirement)
$this->getResponse()->setHeader('X-M2M-UserLanguage', $user->getLanguage(), true);
}
}
}
}
}
