/** * @return \Ag\Login\Domain\Model\Account */ protected function getSimpleAccount() { $login = new \TYPO3\Flow\Security\Account(); $login->setAccountIdentifier('*****@*****.**'); $account = new \Ag\Login\Domain\Model\Account($login, 'Henrik', '1234'); return $account; }
public function setUp() { $this->factory = new \Ag\Login\Domain\Factory\AccountFactory(); $loginFactory = m::mock('\\TYPO3\\Flow\\Security\\AccountFactory'); $loginFactory->shouldReceive('createAccountWithPassword')->andReturnUsing(function ($email, $password) { $login = new \TYPO3\Flow\Security\Account(); $login->setAccountIdentifier($email); return $login; }); \TYPO3\Flow\Reflection\ObjectAccess::setProperty($this->factory, 'accountFactory', $loginFactory, TRUE); \TYPO3\Flow\Reflection\ObjectAccess::setProperty($this->factory, 'emailAddressValidator', new \TYPO3\Flow\Validation\Validator\EmailAddressValidator(), TRUE); }
/** * Sets isAuthenticated to TRUE for all tokens. * * @param \TYPO3\Flow\Security\Authentication\TokenInterface $authenticationToken The token to be authenticated * @return void * @throws \TYPO3\Flow\Security\Exception\UnsupportedAuthenticationTokenException */ public function authenticate(\TYPO3\Flow\Security\Authentication\TokenInterface $authenticationToken) { if (!$authenticationToken instanceof \TYPO3\Flow\Security\Authentication\Token\PasswordToken) { throw new \TYPO3\Flow\Security\Exception\UnsupportedAuthenticationTokenException('This provider cannot authenticate the given token.', 1217339840); } $credentials = $authenticationToken->getCredentials(); if (is_array($credentials) && isset($credentials['password'])) { if ($this->hashService->validatePassword($credentials['password'], $this->fileBasedSimpleKeyService->getKey($this->options['keyName']))) { $authenticationToken->setAuthenticationStatus(\TYPO3\Flow\Security\Authentication\TokenInterface::AUTHENTICATION_SUCCESSFUL); $account = new \TYPO3\Flow\Security\Account(); $roles = array(); foreach ($this->options['authenticateRoles'] as $roleIdentifier) { $roles[] = new Role($roleIdentifier, Role::SOURCE_SYSTEM); } $account->setRoles($roles); $authenticationToken->setAccount($account); } else { $authenticationToken->setAuthenticationStatus(\TYPO3\Flow\Security\Authentication\TokenInterface::WRONG_CREDENTIALS); } } elseif ($authenticationToken->getAuthenticationStatus() !== \TYPO3\Flow\Security\Authentication\TokenInterface::AUTHENTICATION_SUCCESSFUL) { $authenticationToken->setAuthenticationStatus(\TYPO3\Flow\Security\Authentication\TokenInterface::NO_CREDENTIALS_GIVEN); } }
/** * Creates a new account and sets the given password and roles * * @param string $identifier Identifier of the account, must be unique * @param string $password The clear text password * @param array $roleIdentifiers Optionally an array of role identifiers to assign to the new account * @param string $authenticationProviderName Optional name of the authentication provider the account is affiliated with * @param string $passwordHashingStrategy Optional password hashing strategy to use for the password * @return \TYPO3\Flow\Security\Account A new account, not yet added to the account repository */ public function createAccountWithPassword($identifier, $password, $roleIdentifiers = array(), $authenticationProviderName = 'DefaultProvider', $passwordHashingStrategy = 'default') { $account = new \TYPO3\Flow\Security\Account(); $account->setAccountIdentifier($identifier); $account->setCredentialsSource($this->hashService->hashPassword($password, $passwordHashingStrategy)); $account->setAuthenticationProviderName($authenticationProviderName); $roles = array(); foreach ($roleIdentifiers as $roleIdentifier) { $roles[] = $this->policyService->getRole($roleIdentifier); } $account->setRoles($roles); return $account; }
/** * @param \Flowpack\SingleSignOn\Client\Domain\Model\SsoClient $ssoClient * @param array $globalAccountData * @return \TYPO3\Flow\Security\Account */ public function getAccount(SsoClient $ssoClient, array $globalAccountData) { $account = new \TYPO3\Flow\Security\Account(); // TODO Check validity of globalAccountData $account->setAccountIdentifier($globalAccountData['accountIdentifier']); $account->setAuthenticationProviderName('SingleSignOn'); $account->setRoles(array_map(function ($roleIdentifier) { return new \TYPO3\Flow\Security\Policy\Role($roleIdentifier); }, $globalAccountData['roles'])); if (isset($globalAccountData['party'])) { $party = $this->mapParty($globalAccountData['party']); if ($party !== NULL) { $account->setParty($party); } } return $account; }
/** * @test */ public function hasRoleWorksWithRecursiveRoles() { $everybodyRole = new Role('Everybody', Role::SOURCE_SYSTEM); $testRole1 = new Role('Acme.Demo:TestRole1'); $testRole2 = new Role('Acme.Demo:TestRole2'); // Set parents $testRole1->setParentRoles(array($testRole2)); $account = new \TYPO3\Flow\Security\Account(); $account->setRoles(array($testRole1)); $mockAuthenticationManager = $this->getMock('TYPO3\\Flow\\Security\\Authentication\\AuthenticationManagerInterface'); $mockAuthenticationManager->expects($this->atLeastOnce())->method('isAuthenticated')->will($this->returnValue(TRUE)); $mockToken = $this->getMock('TYPO3\\Flow\\Security\\Authentication\\TokenInterface'); $mockToken->expects($this->atLeastOnce())->method('isAuthenticated')->will($this->returnValue(TRUE)); $mockToken->expects($this->atLeastOnce())->method('getAccount')->will($this->returnValue($account)); $mockPolicyService = $this->getAccessibleMock('TYPO3\\Flow\\Security\\Policy\\PolicyService', array('getRole', 'initializeRolesFromPolicy')); $mockPolicyService->expects($this->atLeastOnce())->method('getRole')->will($this->returnCallback(function ($roleIdentifier) use($everybodyRole) { switch ($roleIdentifier) { case 'Everybody': return $everybodyRole; } })); $securityContext = $this->getAccessibleMock('TYPO3\\Flow\\Security\\Context', array('initialize', 'getAccount')); $securityContext->expects($this->any())->method('getAccount')->will($this->returnValue($account)); $securityContext->_set('activeTokens', array($mockToken)); $securityContext->_set('policyService', $mockPolicyService); $securityContext->_set('authenticationManager', $mockAuthenticationManager); $this->assertTrue($securityContext->hasRole('Acme.Demo:TestRole2')); }
/** * @test */ public function administratorsCanSeeOthersRestrictableEntites() { $ownAccount = $this->authenticateRoles(array('TYPO3.Flow:Administrator', 'TYPO3.Flow:Customer')); $ownAccount->setAccountIdentifier('ownAccount'); $ownAccount->setAuthenticationProviderName('SomeProvider'); $ownAccount->setCredentialsSource('foobar'); $otherAccount = new \TYPO3\Flow\Security\Account(); $otherAccount->setAccountIdentifier('othersAccount'); $otherAccount->setAuthenticationProviderName('SomeProvider'); $otherAccount->setCredentialsSource('foobar'); $this->persistenceManager->add($ownAccount); $this->persistenceManager->add($otherAccount); $ownEntity = new Fixtures\RestrictableEntity('ownEntity'); $ownEntity->setOwnerAccount($ownAccount); $othersEntity = new Fixtures\RestrictableEntity('othersEntity'); $othersEntity->setOwnerAccount($otherAccount); $this->restrictableEntityRepository->add($ownEntity); $ownEntityIdentifier = $this->persistenceManager->getIdentifierByObject($ownEntity); $this->restrictableEntityRepository->add($othersEntity); $othersEntityIdentifier = $this->persistenceManager->getIdentifierByObject($othersEntity); $this->persistenceManager->persistAll(); $this->persistenceManager->clearState(); $result = $this->restrictableEntityRepository->findAll(); $this->assertTrue(count($result) === 2); $this->assertNotNull($this->persistenceManager->getObjectByIdentifier($ownEntityIdentifier, 'TYPO3\\Flow\\Tests\\Functional\\Security\\Fixtures\\RestrictableEntity')); $this->assertNotNull($this->persistenceManager->getObjectByIdentifier($othersEntityIdentifier, 'TYPO3\\Flow\\Tests\\Functional\\Security\\Fixtures\\RestrictableEntity')); $this->restrictableEntityRepository->removeAll(); $this->persistenceManager->persistAll(); $this->persistenceManager->clearState(); }
/** * Creates a new account, assigns it the given roles and authenticates it. * The created account is returned for further modification, for example for attaching a Party object to it. * * @param array $roleNames A list of roles the new account should have * @return \TYPO3\Flow\Security\Account The created account * @api */ protected function authenticateRoles(array $roleNames) { $account = new \TYPO3\Flow\Security\Account(); $roles = array(); foreach ($roleNames as $roleName) { $roles[] = $this->policyService->getRole($roleName); } $account->setRoles($roles); $this->authenticateAccount($account); return $account; }
/** * @test */ public function administratorsCanSeeTestEntityAAssociatedToATestEntityBSomeoneElsesAccount() { $myAccount = $this->authenticateRoles(array('TYPO3.Flow:Administrator')); $myAccount->setAccountIdentifier('MyAccount'); $myAccount->setAuthenticationProviderName('SomeProvider'); $andisAccount = new \TYPO3\Flow\Security\Account(); $andisAccount->setAccountIdentifier('Andi'); $andisAccount->setAuthenticationProviderName('SomeProvider'); $this->persistenceManager->add($myAccount); $this->persistenceManager->add($andisAccount); $testEntityB = new Fixtures\TestEntityB('testEntityB'); $testEntityB->setOwnerAccount($myAccount); $testEntityA = new Fixtures\TestEntityA($testEntityB); $testEntityB2 = new Fixtures\TestEntityB('testEntityB2'); $testEntityB2->setOwnerAccount($andisAccount); $testEntityA2 = new Fixtures\TestEntityA($testEntityB2); $this->testEntityADoctrineRepository->add($testEntityA); $this->testEntityADoctrineRepository->add($testEntityA2); $testEntityAIdentifier = $this->persistenceManager->getIdentifierByObject($testEntityA); $testEntityA2Identifier = $this->persistenceManager->getIdentifierByObject($testEntityA2); $this->persistenceManager->persistAll(); $this->persistenceManager->clearState(); $result = $this->testEntityADoctrineRepository->findAllWithDql(); $this->assertTrue(count($result) === 2); $this->assertNotNull($this->persistenceManager->getObjectByIdentifier($testEntityAIdentifier, \TYPO3\Flow\Tests\Functional\Security\Fixtures\TestEntityA::class)); $this->assertNotNull($this->persistenceManager->getObjectByIdentifier($testEntityA2Identifier, \TYPO3\Flow\Tests\Functional\Security\Fixtures\TestEntityA::class)); $this->restrictableEntityDoctrineRepository->removeAll(); $this->persistenceManager->persistAll(); $this->persistenceManager->clearState(); }