예제 #1
0
 /**
  * @return \Ag\Login\Domain\Model\Account
  */
 protected function getSimpleAccount()
 {
     $login = new \TYPO3\Flow\Security\Account();
     $login->setAccountIdentifier('*****@*****.**');
     $account = new \Ag\Login\Domain\Model\Account($login, 'Henrik', '1234');
     return $account;
 }
예제 #2
0
 public function setUp()
 {
     $this->factory = new \Ag\Login\Domain\Factory\AccountFactory();
     $loginFactory = m::mock('\\TYPO3\\Flow\\Security\\AccountFactory');
     $loginFactory->shouldReceive('createAccountWithPassword')->andReturnUsing(function ($email, $password) {
         $login = new \TYPO3\Flow\Security\Account();
         $login->setAccountIdentifier($email);
         return $login;
     });
     \TYPO3\Flow\Reflection\ObjectAccess::setProperty($this->factory, 'accountFactory', $loginFactory, TRUE);
     \TYPO3\Flow\Reflection\ObjectAccess::setProperty($this->factory, 'emailAddressValidator', new \TYPO3\Flow\Validation\Validator\EmailAddressValidator(), TRUE);
 }
 /**
  * Sets isAuthenticated to TRUE for all tokens.
  *
  * @param \TYPO3\Flow\Security\Authentication\TokenInterface $authenticationToken The token to be authenticated
  * @return void
  * @throws \TYPO3\Flow\Security\Exception\UnsupportedAuthenticationTokenException
  */
 public function authenticate(\TYPO3\Flow\Security\Authentication\TokenInterface $authenticationToken)
 {
     if (!$authenticationToken instanceof \TYPO3\Flow\Security\Authentication\Token\PasswordToken) {
         throw new \TYPO3\Flow\Security\Exception\UnsupportedAuthenticationTokenException('This provider cannot authenticate the given token.', 1217339840);
     }
     $credentials = $authenticationToken->getCredentials();
     if (is_array($credentials) && isset($credentials['password'])) {
         if ($this->hashService->validatePassword($credentials['password'], $this->fileBasedSimpleKeyService->getKey($this->options['keyName']))) {
             $authenticationToken->setAuthenticationStatus(\TYPO3\Flow\Security\Authentication\TokenInterface::AUTHENTICATION_SUCCESSFUL);
             $account = new \TYPO3\Flow\Security\Account();
             $roles = array();
             foreach ($this->options['authenticateRoles'] as $roleIdentifier) {
                 $roles[] = new Role($roleIdentifier, Role::SOURCE_SYSTEM);
             }
             $account->setRoles($roles);
             $authenticationToken->setAccount($account);
         } else {
             $authenticationToken->setAuthenticationStatus(\TYPO3\Flow\Security\Authentication\TokenInterface::WRONG_CREDENTIALS);
         }
     } elseif ($authenticationToken->getAuthenticationStatus() !== \TYPO3\Flow\Security\Authentication\TokenInterface::AUTHENTICATION_SUCCESSFUL) {
         $authenticationToken->setAuthenticationStatus(\TYPO3\Flow\Security\Authentication\TokenInterface::NO_CREDENTIALS_GIVEN);
     }
 }
 /**
  * Creates a new account and sets the given password and roles
  *
  * @param string $identifier Identifier of the account, must be unique
  * @param string $password The clear text password
  * @param array $roleIdentifiers Optionally an array of role identifiers to assign to the new account
  * @param string $authenticationProviderName Optional name of the authentication provider the account is affiliated with
  * @param string $passwordHashingStrategy Optional password hashing strategy to use for the password
  * @return \TYPO3\Flow\Security\Account A new account, not yet added to the account repository
  */
 public function createAccountWithPassword($identifier, $password, $roleIdentifiers = array(), $authenticationProviderName = 'DefaultProvider', $passwordHashingStrategy = 'default')
 {
     $account = new \TYPO3\Flow\Security\Account();
     $account->setAccountIdentifier($identifier);
     $account->setCredentialsSource($this->hashService->hashPassword($password, $passwordHashingStrategy));
     $account->setAuthenticationProviderName($authenticationProviderName);
     $roles = array();
     foreach ($roleIdentifiers as $roleIdentifier) {
         $roles[] = $this->policyService->getRole($roleIdentifier);
     }
     $account->setRoles($roles);
     return $account;
 }
 /**
  * @param \Flowpack\SingleSignOn\Client\Domain\Model\SsoClient $ssoClient
  * @param array $globalAccountData
  * @return \TYPO3\Flow\Security\Account
  */
 public function getAccount(SsoClient $ssoClient, array $globalAccountData)
 {
     $account = new \TYPO3\Flow\Security\Account();
     // TODO Check validity of globalAccountData
     $account->setAccountIdentifier($globalAccountData['accountIdentifier']);
     $account->setAuthenticationProviderName('SingleSignOn');
     $account->setRoles(array_map(function ($roleIdentifier) {
         return new \TYPO3\Flow\Security\Policy\Role($roleIdentifier);
     }, $globalAccountData['roles']));
     if (isset($globalAccountData['party'])) {
         $party = $this->mapParty($globalAccountData['party']);
         if ($party !== NULL) {
             $account->setParty($party);
         }
     }
     return $account;
 }
예제 #6
0
 /**
  * @test
  */
 public function hasRoleWorksWithRecursiveRoles()
 {
     $everybodyRole = new Role('Everybody', Role::SOURCE_SYSTEM);
     $testRole1 = new Role('Acme.Demo:TestRole1');
     $testRole2 = new Role('Acme.Demo:TestRole2');
     // Set parents
     $testRole1->setParentRoles(array($testRole2));
     $account = new \TYPO3\Flow\Security\Account();
     $account->setRoles(array($testRole1));
     $mockAuthenticationManager = $this->getMock('TYPO3\\Flow\\Security\\Authentication\\AuthenticationManagerInterface');
     $mockAuthenticationManager->expects($this->atLeastOnce())->method('isAuthenticated')->will($this->returnValue(TRUE));
     $mockToken = $this->getMock('TYPO3\\Flow\\Security\\Authentication\\TokenInterface');
     $mockToken->expects($this->atLeastOnce())->method('isAuthenticated')->will($this->returnValue(TRUE));
     $mockToken->expects($this->atLeastOnce())->method('getAccount')->will($this->returnValue($account));
     $mockPolicyService = $this->getAccessibleMock('TYPO3\\Flow\\Security\\Policy\\PolicyService', array('getRole', 'initializeRolesFromPolicy'));
     $mockPolicyService->expects($this->atLeastOnce())->method('getRole')->will($this->returnCallback(function ($roleIdentifier) use($everybodyRole) {
         switch ($roleIdentifier) {
             case 'Everybody':
                 return $everybodyRole;
         }
     }));
     $securityContext = $this->getAccessibleMock('TYPO3\\Flow\\Security\\Context', array('initialize', 'getAccount'));
     $securityContext->expects($this->any())->method('getAccount')->will($this->returnValue($account));
     $securityContext->_set('activeTokens', array($mockToken));
     $securityContext->_set('policyService', $mockPolicyService);
     $securityContext->_set('authenticationManager', $mockAuthenticationManager);
     $this->assertTrue($securityContext->hasRole('Acme.Demo:TestRole2'));
 }
 /**
  * @test
  */
 public function administratorsCanSeeOthersRestrictableEntites()
 {
     $ownAccount = $this->authenticateRoles(array('TYPO3.Flow:Administrator', 'TYPO3.Flow:Customer'));
     $ownAccount->setAccountIdentifier('ownAccount');
     $ownAccount->setAuthenticationProviderName('SomeProvider');
     $ownAccount->setCredentialsSource('foobar');
     $otherAccount = new \TYPO3\Flow\Security\Account();
     $otherAccount->setAccountIdentifier('othersAccount');
     $otherAccount->setAuthenticationProviderName('SomeProvider');
     $otherAccount->setCredentialsSource('foobar');
     $this->persistenceManager->add($ownAccount);
     $this->persistenceManager->add($otherAccount);
     $ownEntity = new Fixtures\RestrictableEntity('ownEntity');
     $ownEntity->setOwnerAccount($ownAccount);
     $othersEntity = new Fixtures\RestrictableEntity('othersEntity');
     $othersEntity->setOwnerAccount($otherAccount);
     $this->restrictableEntityRepository->add($ownEntity);
     $ownEntityIdentifier = $this->persistenceManager->getIdentifierByObject($ownEntity);
     $this->restrictableEntityRepository->add($othersEntity);
     $othersEntityIdentifier = $this->persistenceManager->getIdentifierByObject($othersEntity);
     $this->persistenceManager->persistAll();
     $this->persistenceManager->clearState();
     $result = $this->restrictableEntityRepository->findAll();
     $this->assertTrue(count($result) === 2);
     $this->assertNotNull($this->persistenceManager->getObjectByIdentifier($ownEntityIdentifier, 'TYPO3\\Flow\\Tests\\Functional\\Security\\Fixtures\\RestrictableEntity'));
     $this->assertNotNull($this->persistenceManager->getObjectByIdentifier($othersEntityIdentifier, 'TYPO3\\Flow\\Tests\\Functional\\Security\\Fixtures\\RestrictableEntity'));
     $this->restrictableEntityRepository->removeAll();
     $this->persistenceManager->persistAll();
     $this->persistenceManager->clearState();
 }
 /**
  * Creates a new account, assigns it the given roles and authenticates it.
  * The created account is returned for further modification, for example for attaching a Party object to it.
  *
  * @param array $roleNames A list of roles the new account should have
  * @return \TYPO3\Flow\Security\Account The created account
  * @api
  */
 protected function authenticateRoles(array $roleNames)
 {
     $account = new \TYPO3\Flow\Security\Account();
     $roles = array();
     foreach ($roleNames as $roleName) {
         $roles[] = $this->policyService->getRole($roleName);
     }
     $account->setRoles($roles);
     $this->authenticateAccount($account);
     return $account;
 }
 /**
  * @test
  */
 public function administratorsCanSeeTestEntityAAssociatedToATestEntityBSomeoneElsesAccount()
 {
     $myAccount = $this->authenticateRoles(array('TYPO3.Flow:Administrator'));
     $myAccount->setAccountIdentifier('MyAccount');
     $myAccount->setAuthenticationProviderName('SomeProvider');
     $andisAccount = new \TYPO3\Flow\Security\Account();
     $andisAccount->setAccountIdentifier('Andi');
     $andisAccount->setAuthenticationProviderName('SomeProvider');
     $this->persistenceManager->add($myAccount);
     $this->persistenceManager->add($andisAccount);
     $testEntityB = new Fixtures\TestEntityB('testEntityB');
     $testEntityB->setOwnerAccount($myAccount);
     $testEntityA = new Fixtures\TestEntityA($testEntityB);
     $testEntityB2 = new Fixtures\TestEntityB('testEntityB2');
     $testEntityB2->setOwnerAccount($andisAccount);
     $testEntityA2 = new Fixtures\TestEntityA($testEntityB2);
     $this->testEntityADoctrineRepository->add($testEntityA);
     $this->testEntityADoctrineRepository->add($testEntityA2);
     $testEntityAIdentifier = $this->persistenceManager->getIdentifierByObject($testEntityA);
     $testEntityA2Identifier = $this->persistenceManager->getIdentifierByObject($testEntityA2);
     $this->persistenceManager->persistAll();
     $this->persistenceManager->clearState();
     $result = $this->testEntityADoctrineRepository->findAllWithDql();
     $this->assertTrue(count($result) === 2);
     $this->assertNotNull($this->persistenceManager->getObjectByIdentifier($testEntityAIdentifier, \TYPO3\Flow\Tests\Functional\Security\Fixtures\TestEntityA::class));
     $this->assertNotNull($this->persistenceManager->getObjectByIdentifier($testEntityA2Identifier, \TYPO3\Flow\Tests\Functional\Security\Fixtures\TestEntityA::class));
     $this->restrictableEntityDoctrineRepository->removeAll();
     $this->persistenceManager->persistAll();
     $this->persistenceManager->clearState();
 }