/** * @param \TYPO3\FLOW3\Security\Account $account * @param array $password * @FLOW3\Validate(argumentName="password", type="\TYPO3\TYPO3\Validation\Validator\PasswordValidator", options={ "allowEmpty"=1, "minimum"=1, "maximum"=255 }) * @return void * @todo Handle validation errors for account (accountIdentifier) & check if there's another account with the same accountIdentifier when changing it * @todo Security */ public function updateAction(\TYPO3\FLOW3\Security\Account $account, array $password = array()) { $password = array_shift($password); if (strlen(trim(strval($password))) > 0) { $account->setCredentialsSource($this->hashService->hashPassword($password, 'default')); } $this->accountRepository->update($account); $this->partyRepository->update($account->getParty()); $this->addFlashMessage('The user profile has been updated.'); $this->redirect('index'); }
/** * Returns TRUE, if the given property ($value) is a valid array consistent of two equal passwords and their length * is between 'minimum' (defaults to 0 if not specified) and 'maximum' (defaults to infinite if not specified) * to be specified in the validation options. * * If at least one error occurred, the result is FALSE. * * @param mixed $value The value that should be validated * @return void * @throws \TYPO3\FLOW3\Validation\Exception\InvalidSubjectException */ protected function isValid($value) { if (!is_string($value)) { throw new \TYPO3\FLOW3\Validation\Exception\InvalidSubjectException('The given value was not a string.', 1325155784); } $authenticationProviderName = isset($this->options['authenticationProviderName']) ? $this->options['authenticationProviderName'] : 'Typo3BackendProvider'; $account = $this->accountRepository->findByAccountIdentifierAndAuthenticationProviderName($value, $authenticationProviderName); if ($account !== NULL) { $this->addError('The username is already in use.', 1325156008); } }
/** * @param \TYPO3\FLOW3\Security\Account $account * @return void * @todo Security */ public function deleteAction(\TYPO3\FLOW3\Security\Account $account) { if ($this->securityContext->getAccount() === $account) { $this->addFlashMessage('You can not remove current logged in user'); $this->redirect('index'); } $this->accountRepository->remove($account); $this->addFlashMessage('The user has been deleted.'); $this->redirect('index'); }
/** * This method is called when the form of this step has been submitted * * @param array $formValues * @return void */ public function postProcessFormValues(array $formValues) { $user = new \TYPO3\TYPO3\Domain\Model\User(); $name = new \TYPO3\Party\Domain\Model\PersonName('', $formValues['firstName'], '', $formValues['lastName'], '', $formValues['username']); $user->setName($name); $user->getPreferences()->set('context.workspace', 'user-' . $formValues['username']); $this->partyRepository->add($user); $account = $this->accountFactory->createAccountWithPassword($formValues['username'], $formValues['password'], array('Administrator'), 'Typo3BackendProvider'); $account->setParty($user); $this->accountRepository->add($account); }
/** * Sets isAuthenticated to TRUE for all tokens. * * @param \TYPO3\FLOW3\Security\Authentication\TokenInterface $authenticationToken The token to be authenticated * @return void * @throws \TYPO3\FLOW3\Security\Exception\UnsupportedAuthenticationTokenException * @FLOW3\Session(autoStart=true) */ public function authenticate(\TYPO3\FLOW3\Security\Authentication\TokenInterface $authenticationToken) { if (!$authenticationToken instanceof \TYPO3\FLOW3\Security\Authentication\Token\UsernamePassword) { throw new \TYPO3\FLOW3\Security\Exception\UnsupportedAuthenticationTokenException('This provider cannot authenticate the given token.', 1217339840); } $account = NULL; $credentials = $authenticationToken->getCredentials(); if (is_array($credentials) && isset($credentials['username'])) { $account = $this->accountRepository->findActiveByAccountIdentifierAndAuthenticationProviderName($credentials['username'], $this->name); } if (is_object($account)) { if ($this->hashService->validatePassword($credentials['password'], $account->getCredentialsSource())) { $authenticationToken->setAuthenticationStatus(\TYPO3\FLOW3\Security\Authentication\TokenInterface::AUTHENTICATION_SUCCESSFUL); $authenticationToken->setAccount($account); } else { $authenticationToken->setAuthenticationStatus(\TYPO3\FLOW3\Security\Authentication\TokenInterface::WRONG_CREDENTIALS); } } elseif ($authenticationToken->getAuthenticationStatus() !== \TYPO3\FLOW3\Security\Authentication\TokenInterface::AUTHENTICATION_SUCCESSFUL) { $authenticationToken->setAuthenticationStatus(\TYPO3\FLOW3\Security\Authentication\TokenInterface::NO_CREDENTIALS_GIVEN); } }
/** * Sets isAuthenticated to TRUE for all tokens. * * @param \TYPO3\FLOW3\Security\Authentication\TokenInterface $authenticationToken The token to be authenticated * @return void * @throws \TYPO3\FLOW3\Security\Exception\UnsupportedAuthenticationTokenException * @FLOW3\Session(autoStart=true) */ public function authenticate(\TYPO3\FLOW3\Security\Authentication\TokenInterface $authenticationToken) { if (!$authenticationToken instanceof \TYPO3\FLOW3\Security\Authentication\Token\Typo3OrgSsoToken) { throw new \TYPO3\FLOW3\Security\Exception\UnsupportedAuthenticationTokenException('This provider cannot authenticate the given token.', 1217339840); } $account = NULL; $credentials = $authenticationToken->getCredentials(); if (is_array($credentials) && isset($credentials['username'])) { $account = $this->accountRepository->findActiveByAccountIdentifierAndAuthenticationProviderName($credentials['username'], $this->name); } if (is_object($account)) { $authenticationData = 'version=' . $credentials['version'] . '&user='******'username'] . '&tpa_id=' . $credentials['tpaId'] . '&expires=' . $credentials['expires'] . '&action=' . $credentials['action'] . '&flags=' . $credentials['flags'] . '&userdata=' . $credentials['userdata']; if ($this->rsaWalletService->verifySignature($authenticationData, $credentials['signature'], $this->options['rsaKeyUuid']) && $credentials['expires'] > time()) { $authenticationToken->setAuthenticationStatus(\TYPO3\FLOW3\Security\Authentication\TokenInterface::AUTHENTICATION_SUCCESSFUL); $authenticationToken->setAccount($account); } else { $authenticationToken->setAuthenticationStatus(\TYPO3\FLOW3\Security\Authentication\TokenInterface::WRONG_CREDENTIALS); } } elseif ($authenticationToken->getAuthenticationStatus() !== \TYPO3\FLOW3\Security\Authentication\TokenInterface::AUTHENTICATION_SUCCESSFUL) { $authenticationToken->setAuthenticationStatus(\TYPO3\FLOW3\Security\Authentication\TokenInterface::NO_CREDENTIALS_GIVEN); } }
/** * Remove a role from a user * * @param string $username Email address of the user * @param string $role Role ot be removed from the user * @return void */ public function removeRoleCommand($username, $role) { $account = $this->accountRepository->findByAccountIdentifierAndAuthenticationProviderName($username, 'Typo3BackendProvider'); if (!$account instanceof \TYPO3\FLOW3\Security\Account) { $this->outputLine('User "%s" does not exists.', array($username)); $this->quit(1); } $role = new \TYPO3\FLOW3\Security\Policy\Role($role); if (!$account->hasRole($role)) { $this->outputLine('User "%s" does not have the role "%s" assigned.', array($username, $role)); $this->quit(1); } $account->removeRole($role); $this->accountRepository->update($account); $this->outputLine('Removed role "%s" from user "%s".', array($role, $username)); }
/** * @param \Planetflow3\Domain\Model\User $object */ public function remove($object) { $this->accountRepository->remove($object->getPrimaryAccount()); parent::remove($object); }