/**
* @param DownloadTokenModel $downloadToken
* @return DownloadTokenModel
*/
public function create(models\ModelAbstract $downloadToken)
{
if (!$downloadToken instanceof DownloadTokenModel) {
throw new InvalidArgumentException('Supplied data must be a download token model');
}
$downloadToken->token = UserService::getInstance()->generatePassword(60);
$brandService = BrandService::getInstance();
$brand = $brandService->loadByOrganization(\App::getOrgUserLogged());
$router = \Zend_Controller_Front::getInstance()->getRouter();
$downloadToken->url = $brand->endPoint . $router->assemble(array('controller' => $downloadToken->controller, 'action' => $downloadToken->action, 'token' => $downloadToken->token), 'downloadToken');
$downloadToken->orgId = \App::getOrgUserLogged()->getId();
$downloadToken->expireDatetime = \App::config('downloadTokenLifeTime', "+1 day");
$ident = \Zend_Auth::getInstance()->getIdentity();
if (isset($ident['username'])) {
$downloadToken->username = $ident['username'];
}
if (isset($ident['authType'])) {
$downloadToken->authType = $ident['authType'];
}
if (isset($ident['apiId'])) {
$downloadToken->apiId = $ident['apiId'];
}
if (isset($ident['impersonation'])) {
$downloadToken->impersonation = $ident['impersonation'];
}
return parent::create($downloadToken);
}
/**
* Route shutdown hook -- Check for router exceptions
*
* @param Zend_Controller_Request_Abstract $request
*/
public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request)
{
$auth = Zend_Auth::getInstance();
$orgService = \Application\Service\OrgService::getInstance();
$identity = $auth->getIdentity();
//Bypass other auth methods
if ($identity['authType'] != App_Controller_Plugin_Auth::AUTH_TYPE_AUTH_TOKEN) {
return;
}
$front = Zend_Controller_Front::getInstance();
$bs = $front->getParam('bootstrap');
// Fetch logs and apply the token to them
$multilog = $bs->getPluginResource('multiplelog');
if (empty($identity['impersonation']) || empty($identity['impersonation']['orgId'])) {
return;
}
$orgId = $identity['impersonation']['orgId'];
$userSrv = UserService::getInstance();
\App::log()->info($identity['username'] . " is running as " . $orgId . " admin");
$user = $userSrv->loadByUsername($identity['username']);
$userSrv->generateImpersonatedUser($user, $identity['impersonation']);
foreach ($multilog->getLogs() as $log) {
$log->setEventItem('impersonated', "as {$orgId} admin");
$log->setEventItem('impersonatedOrgId', "{$orgId}");
$log->setEventItem('username', $identity['username'] . " as {$orgId} admin");
}
// Application\Model\Mapper\ProtoAbstractMapper::$accountingUserId .= "_impersonated";
Application\Model\Mapper\ProtoAbstractMapper::$organizationId = $orgId;
App_ListFilter::addDefaultExtraData('impersonated_org', $orgId);
$org = OrgService::getInstance()->load($orgId);
\App::getOrgUserLogged($org);
}
public function loadCredentials($userOrId)
{
if (!$userOrId instanceof \Application\Model\UserModel) {
$userOrId = \Application\Service\UserService::getInstance()->load($userOrId);
}
return $this->setCredentials($userOrId->getId(), $userOrId->getUserName(), $userOrId->getOrganizationId());
}
public function testUserChangePasswordAction()
{
$this->loginByUserId(App_Test_PHPUnit_Framework_TestCase::PROVIDER_COMMERCIAL_USER_ID);
$userId = App_Test_PHPUnit_Framework_TestCase::CUSTOMER_USER_ID;
$this->post(self::NS . '/reset-password', array(), array('userId' => $userId));
$this->assertResponseCode("200");
// Reset password action sets user status to pending
// Undo it to avoid breaking next tests...
$user = \Application\Service\UserService::getInstance()->load($userId);
$user->setStatus(\Application\Model\UserModel::USER_STATUS_ACTIVATED);
$user->save();
}
public function setUp()
{
$this->_org = new OrgMasterModel(array('name' => 'ORG_TEST' . microtime(true), 'description' => 'Description', 'status' => \Application\Model\OrgModelAbstract::ORG_STATUS_ACTIVATED, 'type' => OrgMasterModel::ORG_TYPE, 'defaultLanguage' => "es", 'primaryContact' => array('firstName' => 'pcfn', 'lastName' => 'pcln', 'phone' => '933453212', 'email' => '*****@*****.**', 'mobile' => '665348765', 'fax' => '933453232'), 'companyAddress' => array('line1' => 'line1', 'line2' => 'line2', 'city' => 'Barcelona', 'state' => 'Catalunya', 'country' => "ES", 'postalCode' => '08005'), 'customFieldName1' => 'a', 'customFieldName2' => 'b', 'customFieldName3' => 'c', 'customFieldName4' => 'd'));
//Delete org if exist by name
$org = OrgMasterMapper::getInstance()->findOneByName($this->_org->getName());
if ($org) {
$org->delete();
}
$this->_org->save();
$this->_user = new UserModel(array('userName' => 'userservicetest', 'password' => 'testing1234', 'email' => '*****@*****.**', 'firstName' => 'Tester', 'lastName' => 'Testal', 'phone' => '+34654654654', 'organizationId' => $this->_org->getId(), 'country' => "ES", 'language' => "es", 'timezone' => 'Europe/Madrid', 'role' => 'user', 'status' => 'pending', 'domains' => array('Domain Test 1', 'Domain Test 2'), 'monetaryDataAccess' => true));
$this->_service = UserService::getInstance();
self::initAuthUser(self::PROVIDER_COMMERCIAL_USER_ID);
}
/**
* Validate element value
*
* @param array $data
* @param mixed $context
* @return boolean
*/
public function isValid($data, $context = null, $removeNotPresentFields = false)
{
if ($context && isset($context['id'])) {
$this->_userId = $context['id'];
}
//This validation is only for service provider users
$user = UserService::getInstance()->load($this->_userId);
if ($user->getOrgType() !== Application\Model\Organization\OrgServiceProviderModel::ORG_TYPE) {
return true;
}
$encriptedPassword = sha1($data);
return parent::isValid($encriptedPassword, $context, $removeNotPresentFields);
}
/**
* @param string $message
* @param array|object $resource
* @param null|string|Default_Model_User $user
*/
public function direct($message, $resource, $user = null)
{
/** @var $log Zend_Log */
$boot = $this->getFrontController()->getParam('bootstrap');
$multilog = $boot->getPluginResource('multiplelog');
$log = $multilog->getLog('audit');
// Assign username
if (NULL === $user) {
$ident = Zend_Auth::getInstance()->getIdentity();
$user = new UserModel(array('userName' => $ident['username']));
//Impersonation
if (isset($ident['impersonation']) && isset($ident['impersonation'])) {
UserService::getInstance()->generateImpersonatedUser($user, $ident['impersonation']);
}
} else {
if (!$user instanceof UserModel) {
$user = new UserModel(array('userName' => $user));
}
}
$log->setEventItem('username', $user->userName);
if ($user->isImpersonating()) {
$log->setEventItem('impersonated', "as " . $user->impersonatingOrgId . " admin");
}
// Set the origin flag indicating an external API call
if (!empty(\Application\Model\Mapper\OrganizationMapper::$accountingTransactionPrefix) && \Application\Model\Mapper\OrganizationMapper::$accountingTransactionPrefix == 'externalAuth') {
$log->setEventItem('origin', 'external');
} else {
$log->setEventItem('origin', 'portal');
}
// Convert single resources to arrays
if (!is_array($resource)) {
$resource = array($resource);
}
// For each given resource log the action
foreach ($resource as $res) {
$log->setEventItem('resource', (string) $res);
$log->audit($message);
}
}
public function init()
{
$this->_userSrv = \Application\Service\UserService::getInstance();
$this->_orgSrv = \Application\Service\OrgService::getInstance();
}
/**
* Return an Instance of the user logged
*
* @return \Application\Model\CurrentUserModel
*/
public static function getUserLogged($setUser = NULL, $reset = false)
{
static $user;
if ($reset) {
$user = null;
}
if (NULL !== $setUser) {
if (!$setUser instanceof CurrentUserModel) {
$setUser = UserService::getInstance()->generateCurrentUser($setUser);
}
$user = $setUser;
}
if (empty($user)) {
$user = UserService::getInstance()->generateCurrentUser();
}
return $user;
}
public function delete($orgOrId)
{
if (!isset($orgOrId) && !strlen($orgOrId)) {
throw new InvalidArgumentException('function param cannot be null');
}
if (!$orgOrId instanceof \Application\Model\OrgModelAbstract) {
$org = $this->load($orgOrId);
} else {
$org = $orgOrId;
}
$validator = new \Application\Model\Validate\Organization\CustomerIsErasable();
if (!$validator->isValid($org)) {
throw new ValidateException("customer {$orgOrId} is not erasable", array('validationErrors' => $validator->getMessages()));
}
$type = $this->getChildrenTypeByOrg($org);
$filterListOrgService = $this->buildFilterList(array('type' => $type, \Application\Model\Filter\OrgFilterFields::PARENT_ID => $org->getId()));
if ($org->getType() != OrgAggregatorModel::ORG_TYPE) {
$list = $this->listAll($type, array('filterList' => $filterListOrgService));
$items = $list->getItems();
if (count($items) > 0) {
throw new InvalidArgumentException('The organization has ChildOrgs and can not be deleted');
}
}
$templateService = TemplateService::getInstance();
$userService = UserService::getInstance();
$APPIdService = APIIdService::getInstance();
$this->deleteOrgElements($org, $templateService);
$this->deleteOrgElements($org, $userService);
$this->deleteOrgElements($org, $APPIdService);
$mapper = $this->getMapperByType($this->getTypeById($org->getId()));
$result = $mapper->delete($org->getId());
WatcherService::getInstance()->removeByScope('organization', $org->id);
\App::audit('The organization with Id ' . $org->getId() . "has been deleted", $org);
$this->_sendEvent('delete', $org);
return $result;
}
public function init()
{
$this->_userSrv = UserService::getInstance();
$this->_orgSrv = OrgService::getInstance();
$this->_presetModelValues = array_merge(array('organizationId' => App::getOrgUserLogged()->id), $this->_presetModelValues);
}
public function init()
{
$this->_userSrv = UserService::getInstance();
}
protected function _checkUserPassword($user)
{
$now = time();
$last = $user->getLastPasswordChange();
$type = OrgService::getInstance()->getTypeById($user->getOrganizationId());
// Check depends on user organization type
if ($last && in_array($type, self::$_lastPasswordInactivity['orgTypes']) && $now - $last > self::$_lastPasswordInactivity['interval']) {
// Inject change password token
$passwordToken = UserService::getInstance()->generateAndSaveLostPasswordToken($user);
$this->getResponse()->setHeader('X-M2M-PasswordExpiredToken', $passwordToken->getToken(), true);
// Stop auth process
throw new \Application\Exceptions\ForbiddenException("User password has expired", PermissionCodes::AUTH_PASSWORD_HAS_EXPIRED);
}
}
public function loginByUserName($userName, $authType = null)
{
$user = \Application\Service\UserService::getInstance()->loadByUsername($userName);
\App_Test_PHPUnit_Framework_TestCase::initAuthUser($user, $authType);
}
public function setUp()
{
$this->_validateCollection = new Validate\UserPasswordValidate();
$ident = Zend_Auth::getInstance()->getIdentity();
$this->_user = \Application\Service\UserService::getInstance()->load($ident['id']);
}
/**
* Called before Zend_Controller_Front exits its dispatch loop.
*
* @return void
*/
public function dispatchLoopShutdown()
{
if (!Zend_Session::sessionExists() || !Zend_Auth::getInstance()->hasIdentity()) {
return;
}
$ident = Zend_Auth::getInstance()->getIdentity();
// Session management by auth type
$isTemporalLogin = in_array($ident['authType'], array(self::AUTH_TYPE_REGULAR, self::AUTH_TYPE_CORE, self::AUTH_TYPE_ACTIVATION_TOKEN, self::AUTH_TYPE_LOST_PASSWORD_TOKEN, self::AUTH_TYPE_PASSWORD_EXPIRED_TOKEN));
$isVaporLogin = in_array($ident['authType'], array(self::AUTH_TYPE_LOST_PASSWORD, self::AUTH_TYPE_ASYNC, self::AUTH_TYPE_EXTERNAL, self::AUTH_TYPE_DOWNLOAD_TOKEN, self::AUTH_TYPE_THIRD_PARTY));
/*
* When request has used a vapor login or a failed temporal login we regenerate session.
* But if request is a success temporal login we add auth token header
*/
if ($isVaporLogin) {
// Destroy the session
Zend_Session::destroy();
$this->getResponse()->clearHeader('X-Csrf-Token');
$_SESSION = array();
} else {
if ($isTemporalLogin) {
if ($this->getResponse()->isException()) {
// Destroy the identity
Zend_Auth::getInstance()->clearIdentity();
// Regenerate a new session
if (!Zend_Session::isRegenerated()) {
Zend_Session::regenerateId();
}
} else {
if (!empty($ident['id'])) {
// Regenerate session
$this->getResponse()->setHeader('X-M2M-AuthToken', $ident['token'], true);
// Save last user access
$user = UserService::getInstance()->load($ident['id']);
$user->setLastLogin(time());
$user->save();
// Add user language (UX requirement)
$this->getResponse()->setHeader('X-M2M-UserLanguage', $user->getLanguage(), true);
}
}
}
}
}
* @var MongoCollection
*/
$db = $cli->getResource('mongo');
$config = $cli->getConfig('resources.inactivity.lastLogin');
$regex = new MongoRegex("/^(" . implode('|', $config['orgTypes']) . ").+/i");
$time = time() - $config['interval'];
$cursor = $db->user->find(array("organizationId" => $regex, "lastLogin" => array('$lt' => new \MongoDate($time)), "status" => 'activated', "deleted" => array('$exists' => false)));
$count = 0;
foreach ($cursor as $data) {
try {
//echo json_encode($data) . "\n";
$user = \Application\Service\UserService::getInstance()->load($data['_id']);
// Prepare request
App_Controller_Plugin_TrackingToken::generateToken($user->getUserName(), $user->getOrganizationId());
$org = \Application\Service\OrgService::getInstance()->load($user->getOrganizationId());
App::getOrgUserLogged($org);
// Send request
\Application\Service\UserService::getInstance()->blockDueToInactivity($user);
$count++;
} catch (Exception $e) {
echo "Error with user " . $data['_id'] . ": " . $e->getMessage();
}
}
echo "{$count} inactive users successfully blocked \n";
} catch (Exception $e) {
echo 'AN ERROR HAS OCCURRED:' . PHP_EOL;
echo $e->getMessage() . PHP_EOL;
exit(1);
}
// generally speaking, this script will be run from the command line
exit(0);
