public function update($user)
{
if (!$user instanceof User) {
throw new EntityInvalidException(sprintf('Required object of type "%s" but got "%s"', EntityNames::USER, get_class($user)));
}
$dbUser = $this->em->getRepository(EntityNames::USER)->find($user->getId());
if (null === $dbUser) {
throw new EntityNotFoundException(sprintf('Could not find user with id "%s"', $user->getId()));
}
if ($user->getPlainPassword() === null || $user->getPlainPassword() === '') {
// user has not set a new password
$user->setPasswordHash($dbUser->getPasswordHash());
} else {
// hash provided plaintext password
$user->setPasswordHash(PasswordHandler::hash($user->getPlainPassword()));
$user->setPlainPassword('');
}
if ($user->getUserGroup() instanceof UserGroup) {
$user->setUserGroup($this->em->getRepository(EntityNames::USER_GROUP)->find($user->getUserGroup()->getId()));
}
$dbUser->update($user);
try {
$this->em->flush();
} catch (DBALException $dbalex) {
$this->log->error($dbalex);
throw new EntityNotUpdatedException($dbalex->getMessage());
}
return $dbUser;
}
public function completeRegistrationAction($token)
{
$em = $this->app->entityManager;
$registrationRepository = $em->getRepository(EntityNames::REGISTRATION);
$origRegistration = $registrationRepository->findOneBy(array('token' => $token));
$submittedPass = $this->app->request->post('password');
if (!$origRegistration instanceof Registration) {
$this->app->flashNow('registration.error', 'Token not found');
$this->app->render('registration-form.html.twig', array('token' => $token, 'user' => null));
return;
}
try {
PasswordValidator::validatePassword($submittedPass);
} catch (PasswordInvalidException $pie) {
$this->app->flashNow('registration.error', 'Password must be at least 8 characters long');
$this->app->render('registration-form.html.twig', array('token' => $token, 'user' => $origRegistration->getUser()));
return;
}
$passwordHash = PasswordHandler::hash($submittedPass);
$user = $origRegistration->getUser();
$user->setIsLocked(false);
$user->setHasEmailValidated(true);
$user->setPasswordHash($passwordHash);
$em->remove($origRegistration);
// force update
try {
$em->flush();
} catch (DBALException $dbalex) {
$now = new DateTime();
$this->app->log->error(sprintf('[%s]: %s', $now->format('d-m-Y H:i:s'), $dbalex->getMessage()));
ResponseFactory::createErrorJsonResponse($this->app, HttpStatusCodes::CONFLICT, $dbalex->getMessage());
return;
}
$this->app->redirect('/login');
}
/**
* Creates the admin user based on the configuration data.<br>
* Required keys in $config are
* <ul>
* <li>[username]</li>
* <li>[password]</li>
* <li>[email]</li>
* </ul>
*
* @param array $config The array holding the above keys
*/
protected function createAdminUser(array $config)
{
$userGroup = $this->app->entityManager->getRepository(EntityNames::USER_GROUP)->findOneBy(array('name' => 'Admin'));
$now = new DateTime();
$user = new User();
$user->setFirstName('');
$user->setLastName('');
$user->setUserName($config['username']);
$user->setPasswordHash(PasswordHandler::hash($config['password']));
$user->setEmail($config['email']);
$user->setIsLocked(false);
$user->setUserGroup($userGroup);
$user->setRegistrationDate($now);
$user->setLastLoginDate($now);
$user->setHasEmailValidated(false);
$this->app->registrationHandler->registerUser($user);
}
/**
* Checks whether a user with the given credentials exist.
*
* @param $userName string The username
* @param $password string The password
*
* @return \rmatil\cms\Entities\User The found user, on success
*
* @throws \rmatil\cms\Exceptions\UserNotFoundException If the user does not exist
* @throws \rmatil\cms\Exceptions\WrongCredentialsException If the credentials do not match
* @throws \rmatil\cms\Exceptions\UserLockedException If the uesr is locked
*/
public function authenticateUser($userName, $password)
{
$user = $this->em->getRepository(EntityNames::USER)->findOneBy(array('userName' => $userName));
if (!$user instanceof User) {
throw new UserNotFoundException(sprintf('User with username "%s" could not be found', $userName));
}
if (false === PasswordHandler::isEqual($password, $user->getPasswordHash())) {
throw new WrongCredentialsException('Password does not match');
}
if (true === $user->getIsLocked()) {
throw new UserLockedException(sprintf('User with username "%s" is locked', $userName));
}
return $user;
}
