/** * @dataProvider providerTestMigration */ public function testMigration($kuserId) { $this->assertNull($this->kuser); $this->kuser = kuserPeer::retrieveByPK($kuserId); $this->assertNotNull($this->kuser); $this->assertEquals($this->kuser->getFullName(), trim($this->kuser->getFirstName() . ' ' . $this->kuser->getLastName())); if ($this->kuser->getSalt() && $this->kuser->getSha1Password() && in_array($this->kuser->getPartnerId(), $this->loginPartnerIds)) { $this->assertTrue($this->kuser->getLoginDataId()); $loginData1 = UserLoginDataPeer::retrieveByPK($this->kuser->getLoginDataId()); $this->assertNotNull($loginData1); $loginData2 = UserLoginDataPeer::getByEmail($this->kuser->getEmail()); $this->assertNotNull($loginData2); $this->assertEquals($loginData1->getId(), $loginData2->getId()); $this->assertEquals($this->kuser->getSalt(), $loginData2->getSalt()); $this->assertEquals($this->kuser->getSha1Password(), $loginData2->getSha1Password()); $this->assertEquals($this->kuser->getEmail(), $loginData2->getLoginEmail()); $c = new Criteria(); $c->addAnd(UserLoginDataPeer::LOGIN_EMAIL, $this->kuser->getEmail()); $loginDatas = UserLoginDataPeer::doSelect($c); $this->assertEquals(count($loginDatas), 1); $this->assertEquals($loginDatas[0]->getId(), $loginData1->getId()); $allKusers = kuserPeer::getByLoginDataAndPartner($this->kuser->getLoginDataId(), $this->kuser->getPartnerId()); $this->assertEquals(count($allKusers), 1); } else { if ($this->kuser->getPartnerId() != $this->adminConsolePartnerId && substr($this->kuser->getPuserId(), 0, 9) != '__ADMIN__') { $this->assertNull($this->kuser->getLoginDataId()); } } if ($this->kuser->getPartnerId() == $this->adminConsolePartnerId || substr($this->kuser->getPuserId(), 0, 9) == '__ADMIN__') { $this->assertTrue($this->kuser->getIsAdmin()); } else { $this->assertFalse($this->kuser->getIsAdmin()); } if ($this->kuser->getIsAdmin()) { $this->assertTrue($this->kuser->getIsAdmin()); } }
} $new_kuser = new kuser(); $new_login_data = new UserLoginData(); $partner = PartnerPeer::retrieveByPK($user->getPartnerId()); if (!$partner) { KalturaLog::alert('!!! ERROR - Partner ID [' . $user->getPartnerId() . '] not found on DB but set for admin user id [' . $lastUser . '] !!!'); echo '!!! ERROR - Partner ID [' . $user->getPartnerId() . '] not found on DB but set for admin user id [' . $lastUser . '] !!!'; continue; } list($firstName, $lastName) = kString::nameSplit($user->getFullName()); $c = new Criteria(); $c->addAnd(UserLoginDataPeer::LOGIN_EMAIL, $user->getEmail()); $existing_login_data = UserLoginDataPeer::doSelectOne($c); if ($existing_login_data) { if ($user->getPartnerId() === $existing_login_data->getConfigPartnerId()) { $checkKuser = kuserPeer::getByLoginDataAndPartner($existing_login_data->getId(), $user->getPartnerId()); if ($checkKuser && $checkKuser->getIsAdmin()) { KalturaLog::notice('!!! NOTICE - Existing ADMIN login data found with id [' . $existing_login_data->getId() . '] partner [' . $existing_login_data->getConfigPartnerId() . '] - skipping user id [' . $lastUser . '] of partner [' . $user->getPartnerId() . '] since this was probably caused by a bug'); echo '!!! NOTICE - Existing ADMIN login data found with id [' . $existing_login_data->getId() . '] partner [' . $existing_login_data->getConfigPartnerId() . '] - skipping user id [' . $lastUser . '] of partner [' . $user->getPartnerId() . '] since this was probably caused by a bug'; continue; } } KalturaLog::alert('!!! ERROR - Existing login data found with id [' . $existing_login_data->getId() . '] partner [' . $existing_login_data->getConfigPartnerId() . '] - skipping user id [' . $lastUser . '] of partner [' . $user->getPartnerId() . '] !!!!'); echo '!!! ERROR - Existing login data found with id [' . $existing_login_data->getId() . '] partner [' . $existing_login_data->getConfigPartnerId() . '] - skipping user id [' . $lastUser . '] of partner [' . $user->getPartnerId() . '] !!!!'; continue; } $new_login_data->setConfigPartnerId($user->getPartnerId()); $new_login_data->setLoginEmail($user->getEmail()); $new_login_data->setFirstName($firstName); $new_login_data->setLastName($lastName); $new_login_data->setSalt($user->getSalt());
/** * Adds a new user login data record * @param unknown_type $loginEmail * @param unknown_type $password * @param unknown_type $partnerId * @param unknown_type $firstName * @param unknown_type $lastName * @param bool $checkPasswordStructure backward compatibility - some extensions are registering a partner and setting its first password without checking its structure * * @throws kUserException::INVALID_EMAIL * @throws kUserException::INVALID_PARTNER * @throws kUserException::PASSWORD_STRUCTURE_INVALID * @throws kUserException::LOGIN_ID_ALREADY_USED * @throws kUserException::ADMIN_LOGIN_USERS_QUOTA_EXCEEDED */ public static function addLoginData($loginEmail, $password, $partnerId, $firstName, $lastName, $isAdminUser, $checkPasswordStructure = true, &$alreadyExisted = null) { if (!kString::isEmailString($loginEmail)) { throw new kUserException('', kUserException::INVALID_EMAIL); } $partner = partnerPeer::retrieveByPK($partnerId); if (!$partner) { throw new kUserException('', kUserException::INVALID_PARTNER); } if ($isAdminUser) { $userQuota = $partner->getAdminLoginUsersQuota(); $adminLoginUsersNum = $partner->getAdminLoginUsersNumber(); // check if login users quota exceeded - value -1 means unlimited if ($adminLoginUsersNum && (is_null($userQuota) || $userQuota != -1 && $userQuota <= $adminLoginUsersNum)) { throw new kUserException('', kUserException::ADMIN_LOGIN_USERS_QUOTA_EXCEEDED); } } $existingData = self::getByEmail($loginEmail); if (!$existingData) { if ($checkPasswordStructure && !UserLoginDataPeer::isPasswordStructureValid($password)) { throw new kUserException('', kUserException::PASSWORD_STRUCTURE_INVALID); } // create a new login data record $loginData = new UserLoginData(); $loginData->setConfigPartnerId($partnerId); $loginData->setLoginEmail($loginEmail); $loginData->setFirstName($firstName); $loginData->setLastName($lastName); $loginData->setPassword($password); $loginData->setLoginAttempts(0); $loginData->setLoginBlockedUntil(null); $loginData->resetPreviousPasswords(); $loginData->save(); // now $loginData has an id and hash key can be generated $hashKey = $loginData->newPassHashKey(); $loginData->setPasswordHashKey($hashKey); $loginData->save(); $alreadyExisted = false; return $loginData; } else { // add existing login data if password is valid $existingKuser = kuserPeer::getByLoginDataAndPartner($existingData->getId(), $partnerId); if ($existingKuser) { // partner already has a user with the same login data throw new kUserException('', kUserException::LOGIN_ID_ALREADY_USED); } KalturaLog::debug('Existing login data with the same email & password exists - returning id [' . $existingData->getId() . ']'); $alreadyExisted = true; if ($isAdminUser && !$existingData->isLastLoginPartnerIdSet()) { $existingData->setLastLoginPartnerId($partnerId); $existingData->save(); } return $existingData; } }
/** * Tests UserService->addAction() */ public function testAddAction() { $this->startSession(KalturaSessionType::ADMIN, null); $this->dummyPartner->setAdminLoginUsersQuota(5); $this->dummyPartner->save(); // -- add a normal end user $newUser = $this->createUser(false, false, __FUNCTION__); // check the returned user $createdUser = $this->addUser($newUser); $this->assertNotNull($createdUser); $this->assertEquals($newUser->id, $createdUser->id); $this->assertEquals($newUser->email, $createdUser->email); $this->assertEquals($newUser->firstName, $createdUser->firstName); $this->assertEquals($newUser->lastName, $createdUser->lastName); $this->assertEquals('', $createdUser->roleIds); // check the user returned from the api $getUser = $this->client->user->get($newUser->id); $this->assertNotNull($getUser); $this->assertEquals($createdUser, $getUser); $dbUser = kuserPeer::getKuserByPartnerAndUid(self::TEST_PARTNER_ID, $newUser->id); $this->assertNotNull($dbUser); // check that no login data was created $this->assertNull($dbUser->getLoginDataId()); $this->assertFalse($getUser->loginEnabled); $newUser = null; $getUser = null; $createdUser = null; $newUserId = null; // -- add a login end user $newUser = $this->createUser(true, false, __FUNCTION__); $createdUser = $this->addUser($newUser); $this->assertEquals($newUser->id, $createdUser->id); $this->assertEquals($newUser->email, $createdUser->email); $this->assertEquals($newUser->firstName, $createdUser->firstName); $this->assertEquals($newUser->lastName, $createdUser->lastName); $this->assertEquals('', $createdUser->roleIds); $dbUser = kuserPeer::getKuserByPartnerAndUid(self::TEST_PARTNER_ID, $newUser->id); $this->assertNotNull($dbUser); // check the user returned from the api $getUser = $this->client->user->get($newUser->id); $this->assertNotNull($getUser); $this->assertEquals($createdUser, $getUser); // check that login data was created $this->assertNotNull($dbUser->getLoginDataId()); $loginData = UserLoginDataPeer::retrieveByPK($dbUser->getLoginDataId()); $this->assertTrue($getUser->loginEnabled); $this->assertEquals($dbUser->getLoginDataId(), $loginData->getId()); $dbUser2 = kuserPeer::getByLoginDataAndPartner($dbUser->getLoginDataId(), self::TEST_PARTNER_ID); $this->assertNotNull($dbUser2); $this->assertEquals($dbUser, $dbUser2); $this->assertEquals($newUser->firstName, $loginData->getFirstName()); $this->assertEquals($newUser->lastName, $loginData->getLastName()); $this->assertEquals($newUser->email, $loginData->getLoginEmail()); $this->assertEquals(self::TEST_PARTNER_ID, $loginData->getConfigPartnerId()); // try to login with the new data and check that ks is not an admin ks $ks = $this->client->user->loginByLoginId($getUser->email, $newUser->password, self::TEST_PARTNER_ID); $this->assertNotNull($ks); $ks = kSessionUtils::crackKs($ks); $this->assertNotNull($ks); $this->assertFalse($ks->isAdmin()); $ks2 = $this->client->user->login(self::TEST_PARTNER_ID, $newUser->id, $newUser->password); $this->assertNotNull($ks2); $ks2 = kSessionUtils::crackKs($ks2); $this->assertNotNull($ks2); $this->assertFalse($ks2->isAdmin()); }
/** * Disallow user to login with an id/password. * Passing either a loginId or a userId is allowed. * * @action disableLogin * * @param string $userId * @param string $loginId * * @return KalturaUser * * @throws KalturaErrors::USER_LOGIN_ALREADY_DISABLED * @throws KalturaErrors::PROPERTY_VALIDATION_CANNOT_BE_NULL * @throws KalturaErrors::USER_NOT_FOUND * @throws KalturaErrors::CANNOT_DISABLE_LOGIN_FOR_ADMIN_USER * */ public function disableLoginAction($userId = null, $loginId = null) { if (!$loginId && !userId) { throw new KalturaAPIException(KalturaErrors::PROPERTY_VALIDATION_CANNOT_BE_NULL, 'userId'); } $user = null; try { if ($loginId) { $loginData = UserLoginDataPeer::getByEmail($loginId); if (!$loginData) { throw new KalturaAPIException(KalturaErrors::USER_NOT_FOUND); } $user = kuserPeer::getByLoginDataAndPartner($loginData->getId(), $this->getPartnerId()); } else { $user = kuserPeer::getKuserByPartnerAndUid($this->getPArtnerId(), $userId); } if (!$user) { throw new KalturaAPIException(KalturaErrors::USER_NOT_FOUND); } $user->disableLogin(); } catch (Exception $e) { $code = $e->getCode(); if ($code == kUserException::USER_LOGIN_ALREADY_DISABLED) { throw new KalturaAPIException(KalturaErrors::USER_LOGIN_ALREADY_DISABLED); } if ($code == kUserException::CANNOT_DISABLE_LOGIN_FOR_ADMIN_USER) { throw new KalturaAPIException(KalturaErrors::CANNOT_DISABLE_LOGIN_FOR_ADMIN_USER); } throw $e; } $apiUser = new KalturaUser(); $apiUser->fromObject($user); return $apiUser; }