public function setupDatabaseContent() { $this->createIdentification('Student', 'Schüler / Eltern'); $this->createIdentification('Teacher', 'Lehrer'); $this->createIdentification('Management', 'Verwaltung'); $this->createIdentification('System', 'System'); $tblConsumer = Consumer::useService()->getConsumerById(1); $tblIdentification = $this->getIdentificationByName('System'); $tblRole = Access::useService()->getRoleByName('Administrator'); // System (Gerd) $tblToken = Token::useService()->getTokenByIdentifier('ccccccdilkui'); $tblAccount = $this->createAccount('System', 'System', $tblToken, $tblConsumer); $this->addAccountAuthentication($tblAccount, $tblIdentification); $this->addAccountAuthorization($tblAccount, $tblRole); // System (Jens) $tblToken = Token::useService()->getTokenByIdentifier('ccccccectjge'); $tblAccount = $this->createAccount('Kmiezik', 'System', $tblToken, $tblConsumer); $this->addAccountAuthentication($tblAccount, $tblIdentification); $this->addAccountAuthorization($tblAccount, $tblRole); // System (Sidney) $tblToken = Token::useService()->getTokenByIdentifier('ccccccectjgt'); $tblAccount = $this->createAccount('Rackel', 'System', $tblToken, $tblConsumer); $this->addAccountAuthentication($tblAccount, $tblIdentification); $this->addAccountAuthorization($tblAccount, $tblRole); // System (Johannes) $tblToken = Token::useService()->getTokenByIdentifier('ccccccectjgr'); $tblAccount = $this->createAccount('Kauschke', 'System', $tblToken, $tblConsumer); $this->addAccountAuthentication($tblAccount, $tblIdentification); $this->addAccountAuthorization($tblAccount, $tblRole); }
/** * @param null|string $CredentialKey * * @return Stage */ public function frontendYubiKey($CredentialKey) { $Stage = new Stage('Hardware-Schlüssel', 'YubiKey'); $tblTokenAll = Token::useService()->getTokenAll(); if ($tblTokenAll) { array_walk($tblTokenAll, function (TblToken &$tblToken) { /** @noinspection PhpUndefinedFieldInspection */ $tblToken->Name = strtoupper($tblToken->getIdentifier()); strtoupper($tblToken->getIdentifier()); if ($tblToken->getSerial() % 2 != 0) { /** @noinspection PhpUndefinedFieldInspection */ $tblToken->Number = '0' . $tblToken->getSerial(); } else { /** @noinspection PhpUndefinedFieldInspection */ $tblToken->Number = $tblToken->getSerial(); } /** @noinspection PhpUndefinedFieldInspection */ $tblToken->Number = substr($tblToken->Number, 0, 4) . ' ' . substr($tblToken->Number, 4, 4); /** @noinspection PhpUndefinedFieldInspection */ $tblToken->Option = new Danger('Löschen', '/Platform/Gatekeeper/Authorization/Access/PrivilegeGrantRight', new Remove(), array('Id' => $tblToken->getId()), 'Löschen'); }); } $Stage->setContent(($tblTokenAll ? new TableData($tblTokenAll, new Title('Bestehende Hardware-Schlüssel'), array('Name' => 'Name', 'Number' => 'Seriennummer')) : new Warning('Keine Hardware-Schlüssel vorhanden')) . Token::useService()->createToken(new Form(new FormGroup(new FormRow(new FormColumn(new PasswordField('CredentialKey', 'YubiKey', 'YubiKey'))), new \SPHERE\Common\Frontend\Form\Repository\Title('Hardware-Schlüssel anlegen')), new Primary('Hinzufügen')), $CredentialKey)); return $Stage; }
/** * @return Stage */ public static function frontendAccount() { $Stage = new Stage('Benutzerkonnten'); $tblAccount = Account::useService()->getAccountBySession(); if ($tblAccount) { $isSystem = Account::useService()->hasAuthorization($tblAccount, Access::useService()->getRoleByName('Administrator')); } else { $isSystem = false; } $tblConsumer = Consumer::useService()->getConsumerBySession(); // Token $tblTokenAll = Token::useService()->getTokenAll(); array_walk($tblTokenAll, function (TblToken &$tblToken) { if (Account::useService()->getAccountAllByToken($tblToken)) { $tblToken = false; } else { $tblToken = new RadioBox('Account[Token]', implode(' ', str_split($tblToken->getSerial(), 4)), $tblToken->getId()); } }); $tblTokenAll = array_filter($tblTokenAll); array_unshift($tblTokenAll, new RadioBox('Account[Token]', new \SPHERE\Common\Frontend\Text\Repository\Danger('KEIN Hardware-Token'), null)); // Identification $tblIdentificationAll = Account::useService()->getIdentificationAll(); /** @noinspection PhpUnusedParameterInspection */ array_walk($tblIdentificationAll, function (TblIdentification &$tblIdentification, $Index, $isSystem) { if ($tblIdentification->getName() == 'System' && !$isSystem) { $tblIdentification = false; } else { $tblIdentification = new RadioBox('Account[Identification]', $tblIdentification->getDescription(), $tblIdentification->getId()); } }, $isSystem); $tblIdentificationAll = array_filter($tblIdentificationAll); // Role $tblRoleAll = Access::useService()->getRoleAll(); /** @noinspection PhpUnusedParameterInspection */ array_walk($tblRoleAll, function (TblRole &$tblRole, $Index, $isSystem) { if ($tblRole->getName() == 'Administrator' && !$isSystem) { $tblRole = false; } else { $tblRole = new CheckBox('Account[Role][' . $tblRole->getId() . ']', $tblRole->getName(), $tblRole->getId()); } }, $isSystem); $tblRoleAll = array_filter($tblRoleAll); // Account $tblAccountAll = Account::useService()->getAccountAll(); array_walk($tblAccountAll, function (TblAccount &$tblAccount) { /** @noinspection PhpUndefinedFieldInspection */ $tblAccount->Option = new Danger('Löschen', '/Platform/Gatekeeper/Authorization/Account/Destroy', new Remove(), array('Id' => $tblAccount->getId()), 'Löschen'); }); $Stage->setContent(($tblAccountAll ? new TableData($tblAccountAll, new Title('Bestehende Benutzerkonnten'), array('Username' => 'Benutzername')) : new Warning('Keine Benutzerkonnten vorhanden')) . new Form(array(new FormGroup(array(new FormRow(array(new FormColumn((new TextField('Account[Name]', 'Benutzername', 'Benutzername', new Person()))->setPrefixValue($tblConsumer->getAcronym()), 4), new FormColumn(new PasswordField('Account[Password]', 'Passwort', 'Passwort', new Lock()), 4), new FormColumn(new PasswordField('Account[PasswordSafety]', 'Passwort wiederholen', 'Passwort wiederholen', new Repeat()), 4)))), new \SPHERE\Common\Frontend\Form\Repository\Title('Benutzerkonnto anlegen')), new FormGroup(array(new FormRow(array(new FormColumn(array(new Panel('Authentifizierungstyp', $tblIdentificationAll)), 4), new FormColumn(array(new Panel('Berechtigungsstufe', $tblRoleAll)), 4), new FormColumn(array(new Panel('Hardware-Token', $tblTokenAll)), 4)))), new \SPHERE\Common\Frontend\Form\Repository\Title('Berechtigungen zuweisen'))), new Primary('Hinzufügen'))); return $Stage; }
/** * @param string $Username * @param string $Password * @param bool $TokenString * @param TblIdentification $tblIdentification * * @return null|bool */ private function isCredentialValid($Username, $Password, $TokenString, TblIdentification $tblIdentification) { if (false === ($tblAccount = $this->getAccountByCredential($Username, $Password, $tblIdentification))) { return false; } else { if (false === $TokenString) { session_regenerate_id(); $this->createSession($tblAccount, session_id()); return true; } else { try { if (Token::useService()->isTokenValid($TokenString)) { if (false === ($Token = $tblAccount->getServiceTblToken())) { return null; } else { if ($Token->getIdentifier() == substr($TokenString, 0, 12)) { session_regenerate_id(); $this->createSession($tblAccount, session_id()); return true; } else { return null; } } } else { return null; } } catch (\Exception $E) { return null; } } } }
/** * @param IFormInterface $Form * @param array $Account * * @return IFormInterface */ public function createAccount(IFormInterface $Form, $Account) { if (null === $Account) { return $Form; } $Error = false; $Username = trim($Account['Name']); $Password = trim($Account['Password']); $PasswordSafety = trim($Account['PasswordSafety']); $tblConsumer = GatekeeperConsumer::useService()->getConsumerBySession(); if (!($tblToken = GatekeeperToken::useService()->getTokenById((int) $Account['Token']))) { $tblToken = null; } if (empty($Username)) { $Form->setError('Account[Name]', 'Bitte geben Sie einen Benutzernamen an'); $Error = true; } else { if (preg_match('!^[a-z0-9]{5,}$!is', $Username)) { $Username = $tblConsumer->getAcronym() . '-' . $Username; if (!GatekeeperAccount::useService()->getAccountByUsername($Username)) { $Form->setSuccess('Account[Name]', ''); } else { $Form->setError('Account[Name]', 'Der angegebene Benutzername ist bereits vergeben'); $Error = true; } } else { $Form->setError('Account[Name]', 'Der Benutzername darf nur Buchstaben und Zahlen enthalten und muss mindestens 5 Zeichen lang sein'); $Error = true; } } if (empty($Password)) { $Form->setError('Account[Password]', 'Bitte geben Sie ein Passwort an'); $Error = true; } else { if (strlen($Password) >= 8) { $Form->setSuccess('Account[Password]', ''); } else { $Form->setError('Account[Password]', 'Das Passwort muss mindestens 8 Zeichen lang sein'); $Error = true; } } if (empty($PasswordSafety)) { $Form->setError('Account[PasswordSafety]', 'Bitte geben Sie das Passwort erneut an'); $Error = true; } if ($Password != $PasswordSafety) { $Form->setError('Account[Password]', ''); $Form->setError('Account[PasswordSafety]', 'Die beiden Passworte stimmen nicht überein'); $Error = true; } else { if (!empty($Password) && !empty($PasswordSafety)) { $Form->setSuccess('Account[PasswordSafety]', ''); } else { $Form->setError('Account[PasswordSafety]', ''); } } if (!$Error) { $tblAccount = GatekeeperAccount::useService()->insertAccount($Username, $Password, $tblToken, $tblConsumer); if ($tblAccount) { $tblIdentification = GatekeeperAccount::useService()->getIdentificationById($Account['Identification']); GatekeeperAccount::useService()->addAccountAuthentication($tblAccount, $tblIdentification); if (isset($Account['Role'])) { foreach ((array) $Account['Role'] as $Role) { $tblRole = GatekeeperAccess::useService()->getRoleById($Role); GatekeeperAccount::useService()->addAccountAuthorization($tblAccount, $tblRole); } } if (isset($Account['User'])) { $tblPerson = Person::useService()->getPersonById($Account['User']); GatekeeperAccount::useService()->addAccountPerson($tblAccount, $tblPerson); } return new Success('Das Benutzerkonnto wurde erstellt') . new Redirect('/Setting/Authorization/Account', 3); } else { return new Danger('Das Benutzerkonnto konnte nicht erstellt werden') . new Redirect('/Setting/Authorization/Account', 3); } } return $Form; }
/** * @return bool|\SPHERE\Application\Platform\Gatekeeper\Authorization\Token\Service\Entity\TblToken */ public function getServiceTblToken() { if (null === $this->serviceTblToken) { return false; } else { return Token::useService()->getTokenById($this->serviceTblToken); } }
/** * @return Form */ private function formAccount() { $tblConsumer = Consumer::useService()->getConsumerBySession(); // Identification $tblIdentificationAll = Account::useService()->getIdentificationAll(); array_walk($tblIdentificationAll, function (TblIdentification &$tblIdentification) { if ($tblIdentification->getName() == 'System') { $tblIdentification = false; } else { switch (strtoupper($tblIdentification->getName())) { case 'STUDENT': $Global = $this->getGlobal(); if (!isset($Global->POST['Account']['Identification'])) { $Global->POST['Account']['Identification'] = $tblIdentification->getId(); $Global->savePost(); } $Label = $tblIdentification->getDescription(); break; default: $Label = $tblIdentification->getDescription() . ' (' . new Key() . ')'; } $tblIdentification = new RadioBox('Account[Identification]', $Label, $tblIdentification->getId()); } }); $tblIdentificationAll = array_filter($tblIdentificationAll); // Role $tblRoleAll = Access::useService()->getRoleAll(); array_walk($tblRoleAll, function (TblRole &$tblRole) { if ($tblRole->getName() == 'Administrator') { $tblRole = false; } else { $tblRole = new CheckBox('Account[Role][' . $tblRole->getId() . ']', $tblRole->getName(), $tblRole->getId()); } }); $tblRoleAll = array_filter($tblRoleAll); // Token $Global = $this->getGlobal(); if (!isset($Global->POST['Account']['Token'])) { $Global->POST['Account']['Token'] = 0; $Global->savePost(); } $tblTokenAll = Token::useService()->getTokenAllByConsumer(Consumer::useService()->getConsumerBySession()); array_walk($tblTokenAll, function (TblToken &$tblToken) { if (Account::useService()->getAccountAllByToken($tblToken)) { $tblToken = false; } else { $tblToken = new RadioBox('Account[Token]', implode(' ', str_split($tblToken->getSerial(), 4)), $tblToken->getId()); } }); $tblTokenAll = array_filter($tblTokenAll); array_unshift($tblTokenAll, new RadioBox('Account[Token]', new Danger('KEIN Hardware-Schlüssel'), 0)); // Person $tblPersonAll = Account::useService()->getPersonAllHavingNoAccount(); if ($tblPersonAll) { array_walk($tblPersonAll, function (TblPerson &$tblPerson) { $tblPerson = new RadioBox('Account[User]', $tblPerson->getFullName(), $tblPerson->getId()); }); $tblPersonAll = array_filter($tblPersonAll); } return new Form(array(new FormGroup(array(new FormRow(array(new FormColumn(new Panel(new PersonKey() . ' Benutzerkonto hinzufügen', array((new TextField('Account[Name]', 'Benutzername (min. 5 Zeichen)', 'Benutzername', new Person()))->setPrefixValue($tblConsumer->getAcronym()), new PasswordField('Account[Password]', 'Passwort (min. 8 Zeichen)', 'Passwort', new Lock()), new PasswordField('Account[PasswordSafety]', 'Passwort wiederholen', 'Passwort wiederholen', new Repeat())), Panel::PANEL_TYPE_INFO), 4), new FormColumn(array(new Panel(new Nameplate() . ' Berechtigungsstufe zuweisen', $tblRoleAll, Panel::PANEL_TYPE_INFO), new Panel(new Person() . ' Person zuweisen', $tblPersonAll, Panel::PANEL_TYPE_INFO, null, true)), 4), new FormColumn(array(new Panel(new Lock() . ' Authentifizierungstyp wählen', $tblIdentificationAll, Panel::PANEL_TYPE_INFO), new Panel(new Key() . ' Hardware-Schlüssel zuweisen', $tblTokenAll, Panel::PANEL_TYPE_INFO)), 4))))))); }