/**
* @return \Ag\Login\Domain\Model\Account
*/
protected function getSimpleAccount()
{
$login = new \TYPO3\Flow\Security\Account();
$login->setAccountIdentifier('*****@*****.**');
$account = new \Ag\Login\Domain\Model\Account($login, 'Henrik', '1234');
return $account;
}
public function setUp()
{
$this->factory = new \Ag\Login\Domain\Factory\AccountFactory();
$loginFactory = m::mock('\\TYPO3\\Flow\\Security\\AccountFactory');
$loginFactory->shouldReceive('createAccountWithPassword')->andReturnUsing(function ($email, $password) {
$login = new \TYPO3\Flow\Security\Account();
$login->setAccountIdentifier($email);
return $login;
});
\TYPO3\Flow\Reflection\ObjectAccess::setProperty($this->factory, 'accountFactory', $loginFactory, TRUE);
\TYPO3\Flow\Reflection\ObjectAccess::setProperty($this->factory, 'emailAddressValidator', new \TYPO3\Flow\Validation\Validator\EmailAddressValidator(), TRUE);
}
/**
* Sets isAuthenticated to TRUE for all tokens.
*
* @param \TYPO3\Flow\Security\Authentication\TokenInterface $authenticationToken The token to be authenticated
* @return void
* @throws \TYPO3\Flow\Security\Exception\UnsupportedAuthenticationTokenException
*/
public function authenticate(\TYPO3\Flow\Security\Authentication\TokenInterface $authenticationToken)
{
if (!$authenticationToken instanceof \TYPO3\Flow\Security\Authentication\Token\PasswordToken) {
throw new \TYPO3\Flow\Security\Exception\UnsupportedAuthenticationTokenException('This provider cannot authenticate the given token.', 1217339840);
}
$credentials = $authenticationToken->getCredentials();
if (is_array($credentials) && isset($credentials['password'])) {
if ($this->hashService->validatePassword($credentials['password'], $this->fileBasedSimpleKeyService->getKey($this->options['keyName']))) {
$authenticationToken->setAuthenticationStatus(\TYPO3\Flow\Security\Authentication\TokenInterface::AUTHENTICATION_SUCCESSFUL);
$account = new \TYPO3\Flow\Security\Account();
$roles = array();
foreach ($this->options['authenticateRoles'] as $roleIdentifier) {
$roles[] = new Role($roleIdentifier, Role::SOURCE_SYSTEM);
}
$account->setRoles($roles);
$authenticationToken->setAccount($account);
} else {
$authenticationToken->setAuthenticationStatus(\TYPO3\Flow\Security\Authentication\TokenInterface::WRONG_CREDENTIALS);
}
} elseif ($authenticationToken->getAuthenticationStatus() !== \TYPO3\Flow\Security\Authentication\TokenInterface::AUTHENTICATION_SUCCESSFUL) {
$authenticationToken->setAuthenticationStatus(\TYPO3\Flow\Security\Authentication\TokenInterface::NO_CREDENTIALS_GIVEN);
}
}
/**
* Creates a new account and sets the given password and roles
*
* @param string $identifier Identifier of the account, must be unique
* @param string $password The clear text password
* @param array $roleIdentifiers Optionally an array of role identifiers to assign to the new account
* @param string $authenticationProviderName Optional name of the authentication provider the account is affiliated with
* @param string $passwordHashingStrategy Optional password hashing strategy to use for the password
* @return \TYPO3\Flow\Security\Account A new account, not yet added to the account repository
*/
public function createAccountWithPassword($identifier, $password, $roleIdentifiers = array(), $authenticationProviderName = 'DefaultProvider', $passwordHashingStrategy = 'default')
{
$account = new \TYPO3\Flow\Security\Account();
$account->setAccountIdentifier($identifier);
$account->setCredentialsSource($this->hashService->hashPassword($password, $passwordHashingStrategy));
$account->setAuthenticationProviderName($authenticationProviderName);
$roles = array();
foreach ($roleIdentifiers as $roleIdentifier) {
$roles[] = $this->policyService->getRole($roleIdentifier);
}
$account->setRoles($roles);
return $account;
}
/**
* @param \Flowpack\SingleSignOn\Client\Domain\Model\SsoClient $ssoClient
* @param array $globalAccountData
* @return \TYPO3\Flow\Security\Account
*/
public function getAccount(SsoClient $ssoClient, array $globalAccountData)
{
$account = new \TYPO3\Flow\Security\Account();
// TODO Check validity of globalAccountData
$account->setAccountIdentifier($globalAccountData['accountIdentifier']);
$account->setAuthenticationProviderName('SingleSignOn');
$account->setRoles(array_map(function ($roleIdentifier) {
return new \TYPO3\Flow\Security\Policy\Role($roleIdentifier);
}, $globalAccountData['roles']));
if (isset($globalAccountData['party'])) {
$party = $this->mapParty($globalAccountData['party']);
if ($party !== NULL) {
$account->setParty($party);
}
}
return $account;
}
/**
* @test
*/
public function hasRoleWorksWithRecursiveRoles()
{
$everybodyRole = new Role('Everybody', Role::SOURCE_SYSTEM);
$testRole1 = new Role('Acme.Demo:TestRole1');
$testRole2 = new Role('Acme.Demo:TestRole2');
// Set parents
$testRole1->setParentRoles(array($testRole2));
$account = new \TYPO3\Flow\Security\Account();
$account->setRoles(array($testRole1));
$mockAuthenticationManager = $this->getMock('TYPO3\\Flow\\Security\\Authentication\\AuthenticationManagerInterface');
$mockAuthenticationManager->expects($this->atLeastOnce())->method('isAuthenticated')->will($this->returnValue(TRUE));
$mockToken = $this->getMock('TYPO3\\Flow\\Security\\Authentication\\TokenInterface');
$mockToken->expects($this->atLeastOnce())->method('isAuthenticated')->will($this->returnValue(TRUE));
$mockToken->expects($this->atLeastOnce())->method('getAccount')->will($this->returnValue($account));
$mockPolicyService = $this->getAccessibleMock('TYPO3\\Flow\\Security\\Policy\\PolicyService', array('getRole', 'initializeRolesFromPolicy'));
$mockPolicyService->expects($this->atLeastOnce())->method('getRole')->will($this->returnCallback(function ($roleIdentifier) use($everybodyRole) {
switch ($roleIdentifier) {
case 'Everybody':
return $everybodyRole;
}
}));
$securityContext = $this->getAccessibleMock('TYPO3\\Flow\\Security\\Context', array('initialize', 'getAccount'));
$securityContext->expects($this->any())->method('getAccount')->will($this->returnValue($account));
$securityContext->_set('activeTokens', array($mockToken));
$securityContext->_set('policyService', $mockPolicyService);
$securityContext->_set('authenticationManager', $mockAuthenticationManager);
$this->assertTrue($securityContext->hasRole('Acme.Demo:TestRole2'));
}
/**
* @test
*/
public function administratorsCanSeeOthersRestrictableEntites()
{
$ownAccount = $this->authenticateRoles(array('TYPO3.Flow:Administrator', 'TYPO3.Flow:Customer'));
$ownAccount->setAccountIdentifier('ownAccount');
$ownAccount->setAuthenticationProviderName('SomeProvider');
$ownAccount->setCredentialsSource('foobar');
$otherAccount = new \TYPO3\Flow\Security\Account();
$otherAccount->setAccountIdentifier('othersAccount');
$otherAccount->setAuthenticationProviderName('SomeProvider');
$otherAccount->setCredentialsSource('foobar');
$this->persistenceManager->add($ownAccount);
$this->persistenceManager->add($otherAccount);
$ownEntity = new Fixtures\RestrictableEntity('ownEntity');
$ownEntity->setOwnerAccount($ownAccount);
$othersEntity = new Fixtures\RestrictableEntity('othersEntity');
$othersEntity->setOwnerAccount($otherAccount);
$this->restrictableEntityRepository->add($ownEntity);
$ownEntityIdentifier = $this->persistenceManager->getIdentifierByObject($ownEntity);
$this->restrictableEntityRepository->add($othersEntity);
$othersEntityIdentifier = $this->persistenceManager->getIdentifierByObject($othersEntity);
$this->persistenceManager->persistAll();
$this->persistenceManager->clearState();
$result = $this->restrictableEntityRepository->findAll();
$this->assertTrue(count($result) === 2);
$this->assertNotNull($this->persistenceManager->getObjectByIdentifier($ownEntityIdentifier, 'TYPO3\\Flow\\Tests\\Functional\\Security\\Fixtures\\RestrictableEntity'));
$this->assertNotNull($this->persistenceManager->getObjectByIdentifier($othersEntityIdentifier, 'TYPO3\\Flow\\Tests\\Functional\\Security\\Fixtures\\RestrictableEntity'));
$this->restrictableEntityRepository->removeAll();
$this->persistenceManager->persistAll();
$this->persistenceManager->clearState();
}
/**
* Creates a new account, assigns it the given roles and authenticates it.
* The created account is returned for further modification, for example for attaching a Party object to it.
*
* @param array $roleNames A list of roles the new account should have
* @return \TYPO3\Flow\Security\Account The created account
* @api
*/
protected function authenticateRoles(array $roleNames)
{
$account = new \TYPO3\Flow\Security\Account();
$roles = array();
foreach ($roleNames as $roleName) {
$roles[] = $this->policyService->getRole($roleName);
}
$account->setRoles($roles);
$this->authenticateAccount($account);
return $account;
}
/**
* @test
*/
public function administratorsCanSeeTestEntityAAssociatedToATestEntityBSomeoneElsesAccount()
{
$myAccount = $this->authenticateRoles(array('TYPO3.Flow:Administrator'));
$myAccount->setAccountIdentifier('MyAccount');
$myAccount->setAuthenticationProviderName('SomeProvider');
$andisAccount = new \TYPO3\Flow\Security\Account();
$andisAccount->setAccountIdentifier('Andi');
$andisAccount->setAuthenticationProviderName('SomeProvider');
$this->persistenceManager->add($myAccount);
$this->persistenceManager->add($andisAccount);
$testEntityB = new Fixtures\TestEntityB('testEntityB');
$testEntityB->setOwnerAccount($myAccount);
$testEntityA = new Fixtures\TestEntityA($testEntityB);
$testEntityB2 = new Fixtures\TestEntityB('testEntityB2');
$testEntityB2->setOwnerAccount($andisAccount);
$testEntityA2 = new Fixtures\TestEntityA($testEntityB2);
$this->testEntityADoctrineRepository->add($testEntityA);
$this->testEntityADoctrineRepository->add($testEntityA2);
$testEntityAIdentifier = $this->persistenceManager->getIdentifierByObject($testEntityA);
$testEntityA2Identifier = $this->persistenceManager->getIdentifierByObject($testEntityA2);
$this->persistenceManager->persistAll();
$this->persistenceManager->clearState();
$result = $this->testEntityADoctrineRepository->findAllWithDql();
$this->assertTrue(count($result) === 2);
$this->assertNotNull($this->persistenceManager->getObjectByIdentifier($testEntityAIdentifier, \TYPO3\Flow\Tests\Functional\Security\Fixtures\TestEntityA::class));
$this->assertNotNull($this->persistenceManager->getObjectByIdentifier($testEntityA2Identifier, \TYPO3\Flow\Tests\Functional\Security\Fixtures\TestEntityA::class));
$this->restrictableEntityDoctrineRepository->removeAll();
$this->persistenceManager->persistAll();
$this->persistenceManager->clearState();
}
