/** * Initialize value with role assigned to user. * * @param int|null $value * @return int|null */ public function update($value) { if ($this->_userId) { $value = $this->_userFactory->create()->load($this->_userId)->getRoleId(); } return $value; }
/** * Test negative authentication with used nonce-timestamp pair. * * @expectedException Mage_Webapi_Model_Soap_Security_UsernameToken_NonceUsedException */ public function testAuthenticateWithNonceUsed() { $user = $this->_userFactory->create(); $user->load('test_username', 'api_key'); /** @var Mage_Webapi_Model_Soap_Security_UsernameToken $usernameToken */ $usernameToken = $this->_objectManager->create('Mage_Webapi_Model_Soap_Security_UsernameToken'); $created = date('c'); $nonce = mt_rand(); $password = base64_encode(hash('sha1', $nonce . $created . $user->getSecret(), true)); $nonce = base64_encode($nonce); $authenticatedUser = $usernameToken->authenticate($user->getApiKey(), $password, $created, $nonce); $this->assertEquals($user, $authenticatedUser); // Try to authenticate with the same nonce and timestamp $usernameToken->authenticate($user->getApiKey(), $password, $created, $nonce); }
/** * Authenticate username token data. * * @param string $username username value from token. * @param string $password password value from token. * @param string $created timestamp created value (must be in ISO-8601 format). * @param string $nonce timestamp nonce. * @return Mage_Webapi_Model_Acl_User * @throws Mage_Webapi_Model_Soap_Security_UsernameToken_InvalidCredentialException * @throws Mage_Webapi_Model_Soap_Security_UsernameToken_InvalidDateException */ public function authenticate($username, $password, $created, $nonce) { $createdTimestamp = $this->_getTimestampFromDate($created); if (!$createdTimestamp) { throw new Mage_Webapi_Model_Soap_Security_UsernameToken_InvalidDateException(); } $this->_nonceStorage->validateNonce($nonce, $createdTimestamp); $user = $this->_userFactory->create(); if (!$user->load($username, 'api_key')->getId()) { throw new Mage_Webapi_Model_Soap_Security_UsernameToken_InvalidCredentialException(); } $localPassword = $user->getSecret(); if ($this->_passwordType == self::PASSWORD_TYPE_DIGEST) { $baseString = base64_decode($nonce) . $created . $localPassword; $localPassword = base64_encode(hash('sha1', $baseString, true)); } if ($localPassword != $password) { throw new Mage_Webapi_Model_Soap_Security_UsernameToken_InvalidCredentialException(); } return $user; }
/** * Test create method */ public function testCreate() { $arguments = array('property' => 'value'); $this->_objectManager->expects($this->once())->method('create')->with('Mage_Webapi_Model_Acl_User', $arguments)->will($this->returnValue($this->_expectedObject)); $this->assertEquals($this->_expectedObject, $this->_model->create($arguments)); }