/** * @test */ public function setRolesWorks() { $roles = array($this->administratorRole, $this->customerRole); $expectedRoles = array($this->administratorRole->getIdentifier() => $this->administratorRole, $this->customerRole->getIdentifier() => $this->customerRole); $this->account->setRoles($roles); $this->assertSame($expectedRoles, $this->account->getRoles()); }
/** * Creates a new account and sets the given password and roles * * @param string $identifier Identifier of the account, must be unique * @param string $password The clear text password * @param array $roleIdentifiers Optionally an array of role identifiers to assign to the new account * @param string $authenticationProviderName Optional name of the authentication provider the account is affiliated with * @param string $passwordHashingStrategy Optional password hashing strategy to use for the password * @return Account A new account, not yet added to the account repository */ public function createAccountWithPassword($identifier, $password, $roleIdentifiers = [], $authenticationProviderName = 'DefaultProvider', $passwordHashingStrategy = 'default') { $account = new Account(); $account->setAccountIdentifier($identifier); $account->setCredentialsSource($this->hashService->hashPassword($password, $passwordHashingStrategy)); $account->setAuthenticationProviderName($authenticationProviderName); $roles = []; foreach ($roleIdentifiers as $roleIdentifier) { $roles[] = $this->policyService->getRole($roleIdentifier); } $account->setRoles($roles); return $account; }
/** * Creates a new account, assigns it the given roles and authenticates it. * The created account is returned for further modification, for example for attaching a Party object to it. * * @param array $roleNames A list of roles the new account should have * @return Account The created account */ protected function authenticateRoles(array $roleNames) { // FIXME this is currently needed in order to correctly import the roles. Otherwise RepositoryInterface::isConnected() returns FALSE and importing is skipped in PolicyService::initializeRolesFromPolicy() $this->objectManager->get(\TYPO3\Flow\Security\AccountRepository::class)->countAll(); $account = new Account(); $account->setAccountIdentifier('TestAccount'); $roles = array(); foreach ($roleNames as $roleName) { $roles[] = $this->policyService->getRole($roleName); } $account->setRoles($roles); $this->authenticateAccount($account); return $account; }
/** * @param array $userdata * @return Account */ protected function createAccount(array $userdata) { if (!isset($userdata['username'])) { return; } $account = new Account(); $account->setCredentialsSource('typo3.org SSO'); $account->setAuthenticationProviderName($this->name); $account->setRoles(array($this->policyService->getRole('T3DD.Backend:Authenticated'))); $account->setAccountIdentifier($userdata['username']); $person = new Person(); $this->partyRepository->add($person); $this->partyService->assignAccountToParty($account, $person); $this->updatePerson($person, $userdata); $this->accountRepository->add($account); $this->persistenceManager->persistAll(); return $account; }
/** * Sets isAuthenticated to TRUE for all tokens. * * @param TokenInterface $authenticationToken The token to be authenticated * @return void * @throws UnsupportedAuthenticationTokenException */ public function authenticate(TokenInterface $authenticationToken) { if (!$authenticationToken instanceof PasswordToken) { throw new UnsupportedAuthenticationTokenException('This provider cannot authenticate the given token.', 1217339840); } $credentials = $authenticationToken->getCredentials(); if (is_array($credentials) && isset($credentials['password'])) { if ($this->hashService->validatePassword($credentials['password'], $this->fileBasedSimpleKeyService->getKey($this->options['keyName']))) { $authenticationToken->setAuthenticationStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL); $account = new Account(); $roles = array(); foreach ($this->options['authenticateRoles'] as $roleIdentifier) { $roles[] = $this->policyService->getRole($roleIdentifier); } $account->setRoles($roles); $authenticationToken->setAccount($account); } else { $authenticationToken->setAuthenticationStatus(TokenInterface::WRONG_CREDENTIALS); } } elseif ($authenticationToken->getAuthenticationStatus() !== TokenInterface::AUTHENTICATION_SUCCESSFUL) { $authenticationToken->setAuthenticationStatus(TokenInterface::NO_CREDENTIALS_GIVEN); } }
/** * {@inheritDoc} */ public function setRoles(array $roles) { $this->__initializer__ && $this->__initializer__->__invoke($this, 'setRoles', array($roles)); return parent::setRoles($roles); }