/** * Checks the given token for validity and sets the token authentication status * accordingly (success, wrong credentials or no credentials given). * * @param TokenInterface $authenticationToken The token to be authenticated * @return void * @throws UnsupportedAuthenticationTokenException */ public function authenticate(TokenInterface $authenticationToken) { if (!$authenticationToken instanceof UsernamePassword) { throw new UnsupportedAuthenticationTokenException('This provider cannot authenticate the given token.', 1217339840); } /** @var $account Account */ $account = null; $credentials = $authenticationToken->getCredentials(); if ($authenticationToken->getAuthenticationStatus() !== TokenInterface::AUTHENTICATION_SUCCESSFUL) { $authenticationToken->setAuthenticationStatus(TokenInterface::NO_CREDENTIALS_GIVEN); } if (!is_array($credentials) || !isset($credentials['username']) || !isset($credentials['password'])) { return; } $providerName = $this->name; $accountRepository = $this->accountRepository; $this->securityContext->withoutAuthorizationChecks(function () use($credentials, $providerName, $accountRepository, &$account) { $account = $accountRepository->findActiveByAccountIdentifierAndAuthenticationProviderName($credentials['username'], $providerName); }); $authenticationToken->setAuthenticationStatus(TokenInterface::WRONG_CREDENTIALS); if ($account === null) { $this->hashService->validatePassword($credentials['password'], 'bcrypt=>$2a$14$DummySaltToPreventTim,.ingAttacksOnThisProvider'); return; } if ($this->hashService->validatePassword($credentials['password'], $account->getCredentialsSource())) { $account->authenticationAttempted(TokenInterface::AUTHENTICATION_SUCCESSFUL); $authenticationToken->setAuthenticationStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL); $authenticationToken->setAccount($account); } else { $account->authenticationAttempted(TokenInterface::WRONG_CREDENTIALS); } $this->accountRepository->update($account); $this->persistenceManager->whitelistObject($account); }
/** * @test */ public function authenticationFailsWithWrongCredentialsInAnUsernamePasswordToken() { $this->mockHashService->expects($this->once())->method('validatePassword')->with('wrong password', '8bf0abbb93000e2e47f0e0a80721e834,80f117a78cff75f3f73793fd02aa9086')->will($this->returnValue(false)); $this->mockAccount->expects($this->once())->method('getCredentialsSource')->will($this->returnValue('8bf0abbb93000e2e47f0e0a80721e834,80f117a78cff75f3f73793fd02aa9086')); $this->mockAccountRepository->expects($this->once())->method('findActiveByAccountIdentifierAndAuthenticationProviderName')->with('admin', 'myProvider')->will($this->returnValue($this->mockAccount)); $this->mockToken->expects($this->once())->method('getCredentials')->will($this->returnValue(['username' => 'admin', 'password' => 'wrong password'])); $this->mockToken->expects($this->at(2))->method('setAuthenticationStatus')->with(\Neos\Flow\Security\Authentication\TokenInterface::NO_CREDENTIALS_GIVEN); $this->mockToken->expects($this->at(3))->method('setAuthenticationStatus')->with(\Neos\Flow\Security\Authentication\TokenInterface::WRONG_CREDENTIALS); $this->persistedUsernamePasswordProvider->authenticate($this->mockToken); }
/** * @dataProvider personsDataProvider * @test */ public function personsAndAccountPersistingAndRetrievingWorksCorrectly($firstName, $middleName, $lastName, $emailAddress) { $person = new Person(); $person->setName(new PersonName('', $firstName, $middleName, $lastName)); $electronicAddress = new ElectronicAddress(); $electronicAddress->setType(ElectronicAddress::TYPE_EMAIL); $electronicAddress->setIdentifier($emailAddress); $person->setPrimaryElectronicAddress($electronicAddress); $account = $this->accountFactory->createAccountWithPassword($emailAddress, $this->persistenceManager->getIdentifierByObject($person)); $this->accountRepository->add($account); $person->addAccount($account); $this->partyRepository->add($person); $this->persistenceManager->persistAll(); $this->assertEquals(1, $this->partyRepository->countAll()); $this->persistenceManager->clearState(); $foundPerson = $this->partyRepository->findByIdentifier($this->persistenceManager->getIdentifierByObject($person)); $this->assertEquals($foundPerson->getName()->getFullName(), $person->getName()->getFullName()); $this->assertEquals($foundPerson->getName()->getFullName(), $firstName . ' ' . $middleName . ' ' . $lastName); $this->assertEquals($foundPerson->getPrimaryElectronicAddress()->getIdentifier(), $emailAddress); }
/** * @test */ public function authenticationWithCorrectCredentialsResetsFailedAuthenticationCount() { $this->authenticationToken->_set('credentials', ['username' => 'username', 'password' => 'wrongPW']); $this->persistedUsernamePasswordProvider->authenticate($this->authenticationToken); $account = $this->accountRepository->findActiveByAccountIdentifierAndAuthenticationProviderName('username', 'myTestProvider'); $this->assertEquals(1, $account->getFailedAuthenticationCount()); $this->authenticationToken->_set('credentials', ['username' => 'username', 'password' => 'password']); $this->persistedUsernamePasswordProvider->authenticate($this->authenticationToken); $account = $this->accountRepository->findActiveByAccountIdentifierAndAuthenticationProviderName('username', 'myTestProvider'); $this->assertEquals((new \DateTime())->format(\DateTime::W3C), $account->getLastSuccessfulAuthenticationDate()->format(\DateTime::W3C)); $this->assertEquals(0, $account->getFailedAuthenticationCount()); }
/** * Deactivates the given user * * @param User $user The user to deactivate * @return void * @api */ public function deactivateUser(User $user) { /** @var Account $account */ foreach ($user->getAccounts() as $account) { $account->setExpirationDate($this->now); $this->accountRepository->update($account); } $this->emitUserDeactivated($user); }