Exemplo n.º 1
0
 /**
  * Authorizes the user with his username and password. Initializes
  * the user session if the user data are valid.
  * 
  * @access protected
  * @param \Zepi\Turbo\Framework $framework
  * @param \Zepi\Turbo\Request\RequestAbstract $request
  * @param \Zepi\Turbo\Response\Response $response
  * @return string|boolean
  */
 protected function generateNewPassword(Framework $framework, RequestAbstract $request, Response $response)
 {
     $uuid = $request->getRouteParam('uuid');
     $token = $request->getRouteParam('token');
     if ($uuid === false || !$this->userManager->hasUserForUuid($uuid) || $token === false) {
         $response->redirectTo('/');
         return;
     }
     // Load the user
     $user = $this->userManager->getUserForUuid($uuid);
     if ($user->getMetaData('passwordRequestToken') == '') {
         return array('result' => false, 'message' => $this->translate('You haven\'t requested a new password.', '\\Zepi\\Web\\AccessControl'));
     }
     // If the validate function returned a string there was an error in the validation.
     if ($user->getMetaData('passwordRequestToken') !== $token || $user->getMetaData('passwordRequestTokenLifetime') < time()) {
         return array('result' => false, 'message' => $this->translate('The given token is invalid or expired. Please request a new password.', '\\Zepi\\Web\\AccessControl'));
     }
     // Generate a new password
     $password = $this->generateRandomPassword();
     // Save the new password
     $user->setNewPassword($password);
     // Reset the token
     $user->setMetaData('passwordRequestToken', '');
     $user->setMetaData('passwordRequestTokenLifetime', 0);
     // Update the user
     $this->userManager->updateUser($user);
     // Send the request mail
     $this->mailHelper->sendMail($user->getMetaData('email'), $this->translate('New password generated', '\\Zepi\\Web\\AccessControl'), $this->render('\\Zepi\\Web\\AccessControl\\Mail\\GenerateNewPassword', array('user' => $user, 'password' => $password)));
     return array('result' => true, 'message' => $this->translate('Your new password is generated and saved. You will receive an email with the new password.', '\\Zepi\\Web\\AccessControl'));
 }
Exemplo n.º 2
0
 /**
  * Verifies the given session token and lifetime
  * 
  * @param \Zepi\Turbo\Request\WebRequest $request
  * @param string $token
  * @param string $lifetime
  * @return array
  */
 protected function verifyToken(WebRequest $request, $token, $lifetime)
 {
     $notValid = false;
     // Cookie does not exists - this is maybe a session hijacking attack
     if ($request->getCookieData($token) === false) {
         $notValid = true;
     }
     // Check for the old data
     if ($notValid && $request->getSessionData('oldUserSessionToken') !== false) {
         $token = $request->getSessionData('oldUserSessionToken');
         $lifetime = $request->getSessionData('oldUserSessionTokenLifetime');
         // Look for the old session token cookie...
         if ($request->getCookieData($token) === false) {
             $notValid = true;
         }
     }
     // Check the lifetime of the cookie and the session
     if (!$notValid && $request->getCookieData($token) != $lifetime) {
         $notValid = true;
     }
     // If the session token expired more than 30 minutes ago
     // the session isn't valid anymore
     if (!$notValid && $lifetime < time() - 1800) {
         $notValid = true;
     }
     $userUuid = $request->getSessionData('userUuid');
     // If the given uuid doesn't exists, this session can't be valid
     if (!$notValid && !$this->userManager->hasUserForUuid($userUuid)) {
         $notValid = true;
     }
     return array($notValid, $token, $lifetime, $userUuid);
 }
Exemplo n.º 3
0
 /**
  * Validates the input user data
  * 
  * @param \Zepi\Turbo\Framework $framework
  * @param string $username
  * @return boolean|string
  */
 protected function validateData(Framework $framework, $username)
 {
     // If the given username doesn't exists
     if (!$this->userManager->hasUserForUsername($username)) {
         return $this->translate('The inserted username does not exist.', '\\Zepi\\Web\\AccessControl');
     }
     // Everything is okey
     return true;
 }
Exemplo n.º 4
0
 /**
  * Activates the user or returns an error message
  * 
  * @access protected
  * @param string $uuid
  * @param string $activationToken
  * @return array
  */
 protected function activateUser($uuid, $activationToken)
 {
     // Check the uuid
     if (!$this->userManager->hasUserForUuid($uuid)) {
         return array('result' => false, 'message' => $this->translate('Account with the given UUID does not exist.', '\\Zepi\\Web\\AccessControl'));
     }
     // Compare the activation token
     $user = $this->userManager->getUserForUuid($uuid);
     if ($user->getMetaData('activationToken') !== $activationToken) {
         return array('result' => false, 'message' => $this->translate('The given activation token is not valid.', '\\Zepi\\Web\\AccessControl'));
     }
     // Remove the disabled access level
     $this->accessControlManager->revokePermission($uuid, get_class($user), '\\Global\\Disabled');
     $this->accessControlManager->grantPermission($uuid, get_class($user), '\\Global\\Active', 'Activation');
     return array('result' => true, 'message' => $this->translate('Your account was activated successfully.', '\\Zepi\\Web\\AccessControl'));
 }
Exemplo n.º 5
0
 /**
  * Changes the password for the logged in user.
  * 
  * @access protected
  * @param \Zepi\Web\UserInterface\Form\Form $form
  * @param \Zepi\Turbo\Framework $framework
  * @param \Zepi\Turbo\Request\WebRequest $request
  * @param \Zepi\Turbo\Response\Response $response
  */
 protected function changePassword(Form $form, Framework $framework, WebRequest $request, Response $response)
 {
     // Get the logged in user
     $session = $request->getSession();
     $user = $session->getUser();
     // Get the password data
     $oldPassword = trim($form->getField('change-password', 'old-password')->getValue());
     $newPassword = trim($form->getField('change-password', 'new-password')->getValue());
     $newPasswordConfirmed = trim($form->getField('change-password', 'new-password-confirmed')->getValue());
     $result = $this->validateData($framework, $user, $oldPassword, $newPassword, $newPasswordConfirmed);
     // If the validate function returned a string there was an error in the validation.
     if ($result !== true) {
         return $result;
     }
     // Change the password
     $user->setNewPassword($newPassword);
     // Get the UserManager to update the user
     $result = $this->userManager->updateUser($user);
     return $result;
 }
Exemplo n.º 6
0
 /**
  * Validates the input user data
  * 
  * @param \Zepi\Turbo\Framework $framework
  * @param string $username
  * @param string $email
  * @param string $password
  * @param boolean $tos
  * @return boolean|string
  */
 protected function validateData(Framework $framework, $username, $email, $password, $tos)
 {
     // If the given username already exists
     if ($this->userManager->hasUserForUsername($username)) {
         return $this->translate('The inserted username is already in use. Please select a new username.', '\\Zepi\\Web\\AccessControl');
     }
     // Email
     if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
         return $this->translate('Please insert a valid email address.', '\\Zepi\\Web\\AccessControl');
     }
     // Password
     if (strlen($password) < 8) {
         return $this->translate('The password needs at least 8 characters.', '\\Zepi\\Web\\AccessControl');
     }
     // ToS
     if (!$tos) {
         return $this->translate('Please accept our terms of service.', '\\Zepi\\Web\\AccessControl');
     }
     // Everything is okey
     return true;
 }
Exemplo n.º 7
0
 /**
  * Validates the input user data
  * 
  * @param \Zepi\Turbo\Framework $framework
  * @param string $username
  * @param string $password
  * @return boolean|\Zepi\Web\AccessControl\Entity\User
  */
 protected function validateUserData(Framework $framework, $username, $password)
 {
     // If the password isn't at least 8 characters long
     if (strlen($password) < 8) {
         return false;
     }
     // If the given username doesn't exists
     if (!$this->userManager->hasUserForUsername($username)) {
         return false;
     }
     $user = $this->userManager->getUserForUsername($username);
     // If the user not is usable
     if ($user === false) {
         return false;
     }
     // If the inserted password not is correct
     if (!$user->comparePasswords($password)) {
         return false;
     }
     // Everything is okey
     return $user;
 }
Exemplo n.º 8
0
 /**
  * Execute the installation the access control module
  * 
  * @access public
  * @param \Zepi\Turbo\Framework $framework
  * @param \Zepi\Turbo\Request\CliRequest $request
  * @param \Zepi\Turbo\Response\Response $response
  */
 public function execute(Framework $framework, CliRequest $request, Response $response)
 {
     // Execute the installer only if there are no users
     $dataRequest = new \Zepi\DataSource\Core\Entity\DataRequest(1, 0, 'name', 'ASC');
     if ($this->userManager->count($dataRequest) > 0) {
         return;
     }
     $username = '';
     while ($username === '') {
         $username = trim($this->cliHelper->inputText('Please enter the username for the super-admin user:'******'';
     while ($password === '') {
         $password = trim($this->cliHelper->inputText('Please enter the password for the super-admin user:'******'', '', $username, '', array());
     $user->setNewPassword($password);
     // Save the super-admin user
     $user = $this->userManager->addUser($user);
     // Add the super-admin access level
     $this->accessControlManager->grantPermission($user->getUuid(), '\\Zepi\\Web\\AccessControl\\Entity\\User', '\\Global\\*', 'CLI');
 }
Exemplo n.º 9
0
 /**
  * Displays the edit user form and saves the data to the database.
  * 
  * @access public
  * @param \Zepi\Turbo\Framework $framework
  * @param \Zepi\Turbo\Request\WebRequest $request
  * @param \Zepi\Turbo\Response\Response $response
  */
 public function execute(Framework $framework, WebRequest $request, Response $response)
 {
     // Prepare the page
     $additionalTitle = $this->translate('Delete user', '\\Zepi\\Web\\AccessControl');
     $title = $this->translate('User management', '\\Zepi\\Web\\AccessControl') . ' - ' . $additionalTitle;
     $this->setTitle($title, $additionalTitle);
     $this->activateMenuEntry('user-administration');
     // Get the user
     $uuid = $request->getRouteParam('uuid');
     // If the UUID does not exists redirect to the overview page
     if (!is_string($uuid) || !$this->userManager->hasUserForUuid($uuid)) {
         $response->redirectTo($request->getFullRoute('/administration/users/'));
         return;
     }
     $user = $this->userManager->getUserForUuid($uuid);
     // If $result isn't true, display the edit user form
     if ($request->getRouteParam('confirmation') === 'confirmed') {
         $this->userManager->deleteUser($user);
         $response->setOutput($this->render('\\Zepi\\Web\\AccessControl\\Templates\\Administration\\DeleteUserFinished', array('user' => $user)));
     } else {
         // Display the delete user confirmation
         $response->setOutput($this->render('\\Zepi\\Web\\AccessControl\\Templates\\Administration\\DeleteUser', array('user' => $user)));
     }
 }
Exemplo n.º 10
0
 /**
  * Returns true if the username is in use and not is the edited user.
  * 
  * @param string $username
  * @param \Zepi\Web\AccessControl\Entity\User $user
  * @return boolean
  */
 protected function isUsernameInUse($username, User $user)
 {
     return $this->userManager->hasUserForUsername($username) && $this->userManager->getUserForUsername($username)->getUuid() != $user->getUuid();
 }