/**
  * In this method, actually create the user / account.
  *
  * NOTE: After this method is called, the $registrationFlow is DESTROYED, so you need to store all attributes
  * in your object as you need them.
  *
  * @param RegistrationFlow $registrationFlow
  * @return void
  */
 public function createUserAndAccount(RegistrationFlow $registrationFlow)
 {
     // Create the account
     $account = new Account();
     $account->setAccountIdentifier($registrationFlow->getEmail());
     $account->setCredentialsSource($registrationFlow->getEncryptedPassword());
     $account->setAuthenticationProviderName('Sandstorm.UserManagement:Login');
     // Assign pre-configured roles
     foreach ($this->rolesForNewUsers as $roleString) {
         $account->addRole(new Role($roleString));
     }
     // Create the user
     $user = new User();
     $user->setAccount($account);
     $user->setEmail($registrationFlow->getEmail());
     if (array_key_exists('salutation', $registrationFlow->getAttributes())) {
         $user->setGender($registrationFlow->getAttributes()['salutation']);
     }
     if (array_key_exists('firstName', $registrationFlow->getAttributes())) {
         $user->setFirstName($registrationFlow->getAttributes()['firstName']);
     }
     if (array_key_exists('lastName', $registrationFlow->getAttributes())) {
         $user->setLastName($registrationFlow->getAttributes()['lastName']);
     }
     // Persist user
     $this->userRepository->add($user);
     $this->persistenceManager->whitelistObject($user);
     $this->persistenceManager->whitelistObject($account);
 }
 /**
  * @param object $object
  * @throws IllegalObjectTypeException
  */
 public function add($object)
 {
     $this->persistenceManager->whitelistObject($object);
     if ($this->removedResources->contains($object)) {
         $this->removedResources->detach($object);
     }
     if (!$this->addedResources->contains($object)) {
         $this->addedResources->attach($object);
         parent::add($object);
     }
 }
 /**
  * Checks the given token for validity and sets the token authentication status
  * accordingly (success, wrong credentials or no credentials given).
  *
  * @param \TYPO3\Flow\Security\Authentication\TokenInterface $authenticationToken The token to be authenticated
  * @return void
  * @throws \TYPO3\Flow\Security\Exception\UnsupportedAuthenticationTokenException
  */
 public function authenticate(TokenInterface $authenticationToken)
 {
     if (!$authenticationToken instanceof UsernamePassword) {
         throw new UnsupportedAuthenticationTokenException('This provider cannot authenticate the given token.', 1217339840);
     }
     /** @var $account \TYPO3\Flow\Security\Account */
     $account = null;
     $credentials = $authenticationToken->getCredentials();
     if (is_array($credentials) && isset($credentials['username'])) {
         $providerName = $this->name;
         $accountRepository = $this->accountRepository;
         $this->securityContext->withoutAuthorizationChecks(function () use($credentials, $providerName, $accountRepository, &$account) {
             $account = $accountRepository->findActiveByAccountIdentifierAndAuthenticationProviderName($credentials['username'], $providerName);
         });
     }
     if (is_object($account)) {
         if ($this->hashService->validatePassword($credentials['password'], $account->getCredentialsSource())) {
             $account->authenticationAttempted(TokenInterface::AUTHENTICATION_SUCCESSFUL);
             $authenticationToken->setAuthenticationStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL);
             $authenticationToken->setAccount($account);
         } else {
             $account->authenticationAttempted(TokenInterface::WRONG_CREDENTIALS);
             $authenticationToken->setAuthenticationStatus(TokenInterface::WRONG_CREDENTIALS);
         }
         $this->accountRepository->update($account);
         $this->persistenceManager->whitelistObject($account);
     } elseif ($authenticationToken->getAuthenticationStatus() !== TokenInterface::AUTHENTICATION_SUCCESSFUL) {
         $authenticationToken->setAuthenticationStatus(TokenInterface::NO_CREDENTIALS_GIVEN);
     }
 }
예제 #4
0
 /**
  * Refreshes this asset after the Resource or any other parameters affecting thumbnails have been modified
  *
  * @return void
  */
 public function refresh()
 {
     $assetClassType = str_replace('TYPO3\\Media\\Domain\\Model\\', '', get_class($this));
     $this->systemLogger->log(sprintf('%s: refresh() called, clearing all thumbnails. Filename: %s. Resource SHA1: %s', $assetClassType, $this->getResource()->getFilename(), $this->getResource()->getSha1()), LOG_DEBUG);
     // whitelist objects so they can be deleted (even during safe requests)
     $this->persistenceManager->whitelistObject($this);
     foreach ($this->thumbnails as $thumbnail) {
         $this->persistenceManager->whitelistObject($thumbnail);
     }
     $this->thumbnails->clear();
 }
 /**
  * Tries to authenticate the given token. Sets isAuthenticated to TRUE if authentication succeeded.
  *
  * @param TokenInterface $authenticationToken The token to be authenticated
  * @throws \TYPO3\Flow\Security\Exception\UnsupportedAuthenticationTokenException
  * @return void
  */
 public function authenticate(TokenInterface $authenticationToken)
 {
     if (!$authenticationToken instanceof AbstractClientToken) {
         throw new UnsupportedAuthenticationTokenException('This provider cannot authenticate the given token.', 1383754993);
     }
     $credentials = $authenticationToken->getCredentials();
     // There is no way to validate the Token or check the scopes at the moment apart from "trying" (and possibly receiving an access denied)
     // we could check the validity of the Token and the scopes here in the future when Instagram provides that
     // Only check if an access Token is present at this time and do a single test call
     if (isset($credentials['accessToken']) && $credentials['accessToken'] !== NULL) {
         // check if a secure request is possible (https://www.instagram.com/developer/secure-api-requests/)
         $userInfo = $this->instagramTokenEndpoint->validateSecureRequestCapability($credentials['accessToken']);
         if ($userInfo === FALSE) {
             $authenticationToken->setAuthenticationStatus(TokenInterface::WRONG_CREDENTIALS);
             $this->securityLogger->log('A secure call to the API with the provided accessToken and clientSecret was not possible', LOG_NOTICE);
             return FALSE;
         }
     } else {
     }
     // From here, we surely know the user is considered authenticated against the remote service,
     // yet to check if there is an immanent account present.
     $authenticationToken->setAuthenticationStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL);
     /** @var $account \TYPO3\Flow\Security\Account */
     $account = NULL;
     $providerName = $this->name;
     $accountRepository = $this->accountRepository;
     $this->securityContext->withoutAuthorizationChecks(function () use($userInfo, $providerName, $accountRepository, &$account) {
         $account = $accountRepository->findByAccountIdentifierAndAuthenticationProviderName($userInfo['id'], $providerName);
     });
     if ($account === NULL) {
         $account = new Account();
         $account->setAccountIdentifier($userInfo['id']);
         $account->setAuthenticationProviderName($providerName);
         $this->accountRepository->add($account);
     }
     $authenticationToken->setAccount($account);
     // the access token is valid for an "undefined time" according to instagram (so we cannot know when the user needs to log in again)
     $account->setCredentialsSource($credentials['accessToken']);
     $this->accountRepository->update($account);
     // check if a user is already attached to this account
     if ($this->partyService->getAssignedPartyOfAccount($account) === null || count($this->partyService->getAssignedPartyOfAccount($account)) < 1) {
         $user = $this->userService->getCurrentUser();
         if ($user !== null) {
             $user->addAccount($account);
             $this->userService->updateUser($user);
             $this->persistenceManager->whitelistObject($user);
         } else {
             $this->securityLogger->logException(new Exception("The InstagramProvider was unable to determine the backend user, make sure the configuration Typo3BackendProvider requestPattern matches the Instagram Controller and the authentication strategy is set to 'atLeastOne' Token"));
         }
     }
     // persistAll is called automatically at the end of this function, account gets whitelisted to allow
     // persisting for an object thats tinkered with via a GET request
     $this->persistenceManager->whitelistObject($account);
 }
 /**
  * In this method, actually create the user / account.
  *
  * NOTE: After this method is called, the $registrationFlow is DESTROYED, so you need to store all attributes
  * in your object as you need them.
  *
  * @param RegistrationFlow $registrationFlow
  * @return void
  */
 public function createUserAndAccount(RegistrationFlow $registrationFlow)
 {
     // Create the account
     $account = new Account();
     $account->setAccountIdentifier($registrationFlow->getEmail());
     $account->setCredentialsSource($registrationFlow->getEncryptedPassword());
     $account->setAuthenticationProviderName('Sandstorm.UserManagement:Login');
     // Assign preconfigured roles
     foreach ($this->rolesForNewUsers as $roleString) {
         $account->addRole(new Role($roleString));
     }
     // Create the user
     $user = new User();
     $name = new PersonName('', $registrationFlow->getAttributes()['firstName'], '', $registrationFlow->getAttributes()['lastName'], '', $registrationFlow->getEmail());
     $user->setName($name);
     // Assign them to each other and persist
     $this->getPartyService()->assignAccountToParty($account, $user);
     $this->getPartyRepository()->add($user);
     $this->accountRepository->add($account);
     $this->persistenceManager->whitelistObject($user);
     $this->persistenceManager->whitelistObject($user->getPreferences());
     $this->persistenceManager->whitelistObject($name);
     $this->persistenceManager->whitelistObject($account);
 }
 /**
  * If the specified workspace or its root node does not exist yet, the workspace and root node will be created.
  *
  * This method is basically a safeguard for legacy and potentially broken websites where users might not have
  * their own workspace yet. In a normal setup, the Domain User Service is responsible for creating and deleting
  * user workspaces.
  *
  * @param string $workspaceName Name of the workspace
  * @return void
  */
 protected function createWorkspaceAndRootNodeIfNecessary($workspaceName)
 {
     $workspace = $this->workspaceRepository->findOneByName($workspaceName);
     if ($workspace === NULL) {
         $liveWorkspace = $this->workspaceRepository->findOneByName('live');
         $workspace = new Workspace($workspaceName, $liveWorkspace);
         $this->workspaceRepository->add($workspace);
         $this->persistenceManager->whitelistObject($workspace);
     }
     $contentContext = $this->createContext($workspaceName);
     $rootNode = $contentContext->getRootNode();
     $this->persistenceManager->whitelistObject($rootNode);
     $this->persistenceManager->whitelistObject($rootNode->getNodeData());
     $this->persistenceManager->persistAll(TRUE);
 }
 /**
  * If the specified workspace or its root node does not exist yet, the workspace and root node will be created.
  *
  * This method is basically a safeguard for legacy and potentially broken websites where users might not have
  * their own workspace yet. In a normal setup, the Domain User Service is responsible for creating and deleting
  * user workspaces.
  *
  * @param string $workspaceName Name of the workspace
  * @return void
  */
 protected function createWorkspaceAndRootNodeIfNecessary($workspaceName)
 {
     $workspace = $this->workspaceRepository->findOneByName($workspaceName);
     if ($workspace === null) {
         $liveWorkspace = $this->workspaceRepository->findOneByName('live');
         $owner = $this->userService->getBackendUser();
         $workspace = new Workspace($workspaceName, $liveWorkspace, $owner);
         $this->workspaceRepository->add($workspace);
         $this->persistenceManager->whitelistObject($workspace);
     }
     $contentContext = $this->createContext($workspaceName);
     $rootNode = $contentContext->getRootNode();
     $this->persistenceManager->whitelistObject($rootNode);
     $this->persistenceManager->whitelistObject($rootNode->getNodeData());
     $this->persistenceManager->persistAll(true);
 }
 /**
  *
  *
  * @return void
  */
 public function updateEventsAfterPublish()
 {
     if (!$this->eventEmittingService->isEnabled()) {
         return;
     }
     /** @var $entityManager EntityManager */
     $entityManager = $this->entityManager;
     foreach ($this->scheduledNodeEventUpdates as $documentPublish) {
         /* @var $nodeEvent NodeEvent */
         $nodeEvent = $this->eventEmittingService->emit(self::DOCUMENT_PUBLISHED, array(), 'TYPO3\\Neos\\EventLog\\Domain\\Model\\NodeEvent');
         $nodeEvent->setNode($documentPublish['documentNode']);
         $nodeEvent->setWorkspaceName($documentPublish['targetWorkspace']);
         $this->persistenceManager->whitelistObject($nodeEvent);
         $this->persistenceManager->persistAll(true);
         $parentEventIdentifier = $this->persistenceManager->getIdentifierByObject($nodeEvent);
         $qb = $entityManager->createQueryBuilder();
         $qb->update('TYPO3\\Neos\\EventLog\\Domain\\Model\\NodeEvent', 'e')->set('e.parentEvent', $qb->expr()->literal($parentEventIdentifier))->where('e.parentEvent IS NULL')->andWhere('e.workspaceName = :workspaceName')->setParameter('workspaceName', $documentPublish['workspaceName'])->andWhere('e.documentNodeIdentifier = :documentNodeIdentifier')->setParameter('documentNodeIdentifier', $documentPublish['documentNode']->getIdentifier())->andWhere('e.eventType != :publishedEventType')->setParameter('publishedEventType', self::DOCUMENT_PUBLISHED)->getQuery()->execute();
     }
     $this->scheduledNodeEventUpdates = array();
 }