Пример #1
0
 /**
  * Simple test.  Return NON-NULL if valid logged in.
  */
 public function testCreatePersonValidUser()
 {
     $accountName = 'foo-' . rand();
     $accountPassword = '******' . rand();
     $this->setZendAuthIdentity($accountName);
     $account = new Opus_Account();
     $account->setLogin($accountName)->setPassword($accountPassword)->store();
     $model = new Publish_Model_LoggedUser();
     $this->assertNotNull($model->getUserId());
     $person = $model->createPerson();
     $this->assertNotNull($person);
     $this->assertEquals($account->getId(), $model->getUserId());
 }
Пример #2
0
 public function testRoleNameLikeUserName()
 {
     $userAccount = new Opus_Account();
     $userAccount->setLogin('_test')->setPassword('role_tester');
     $userAccount->setRole(new Opus_UserRole($this->roleId));
     $userId = $userAccount->store();
     Zend_Auth::getInstance()->getStorage()->write('_test');
     $aclProvider = new Application_Security_AclProvider();
     $acl = $aclProvider->getAcls();
     $userAccount->delete();
     $this->assertTrue($acl instanceof Zend_Acl, 'Excpected instance of Zend_Acl');
     $this->assertTrue($acl->isAllowed(Application_Security_AclProvider::ACTIVE_ROLE, 'documents'), "expected user has access to resource 'documents'");
     $this->assertFalse($acl->isAllowed(Application_Security_AclProvider::ACTIVE_ROLE, 'accounts'), "expected user has no access to resource 'account'");
 }
Пример #3
0
 public function changePasswordAction()
 {
     $this->_helper->layout()->disableLayout();
     $this->_helper->viewRenderer->setNoRender(true);
     $request = $this->getRequest();
     $login = $request->getParam('login');
     $password = $request->getParam('password');
     if (is_null($password) || !is_string($password) || $password == '') {
         $this->getResponse()->setHttpResponseCode(400);
         $this->getResponse()->setBody("ERROR: Empty password given.");
         return;
     }
     $account = Opus_Account::fetchAccountByLogin($login);
     if (is_null($account)) {
         $this->getResponse()->setHttpResponseCode(400);
         $this->getResponse()->setBody("ERROR: Account '{$login}' does not exist.");
         return;
     }
     try {
         $account->setPassword($password);
         $account->store();
     } catch (Opus_Security_Exception $e) {
         $this->getResponse()->setHttpResponseCode(400);
         $this->getResponse()->setBody("ERROR: " . $e->getMessage());
         return;
     }
     $this->getResponse()->setBody('SUCCESS');
 }
Пример #4
0
 public function tearDown()
 {
     $this->logoutUser();
     $this->restoreSecuritySetting();
     $user = Opus_Account::fetchAccountByLogin($this->userName);
     $user->delete();
     $userRole = Opus_UserRole::fetchByName($this->roleName);
     $userRole->delete();
     parent::tearDown();
 }
Пример #5
0
 public function __construct()
 {
     $this->_log = Zend_Registry::get("Zend_Log");
     $login = Zend_Auth::getInstance()->getIdentity();
     if (is_null($login) or trim($login) == '') {
         return;
     }
     $account = Opus_Account::fetchAccountByLogin($login);
     if (is_null($account) or $account->isNewRecord()) {
         $this->_log->err("Error checking logged user: Invalid account returned for user '{$login}'!");
         return;
     }
     $this->_login = $login;
     $this->_account = $account;
 }
Пример #6
0
 /**
  * Performs an authentication attempt
  *
  * @throws Zend_Auth_Adapter_Exception If authentication cannot be performed.
  * @return Zend_Auth_Result
  */
 public function authenticate()
 {
     $config = new Zend_Config_Ini('../application/configs/config.ini', 'production');
     $log_path = $config->ldap->log_path;
     $admins = explode(',', $config->ldap->admin_accounts);
     $options = $config->ldap->toArray();
     unset($options['log_path']);
     unset($options['admin_accounts']);
     try {
         // first check local DB with parent class
         $result = parent::authenticate();
         $user = new Zend_Session_Namespace('loggedin');
         $user->usernumber = $this->_login;
     } catch (Exception $e) {
         throw $e;
     }
     if ($result->isValid() !== true) {
         try {
             $auth = Zend_Auth::getInstance();
             $adapter = new Zend_Auth_Adapter_Ldap($options, $this->_login, $this->_password);
             $result = $auth->authenticate($adapter);
             // log the result if a log path has been defined in config.ini
             if ($log_path) {
                 $messages = $result->getMessages();
                 $logger = new Zend_Log();
                 $logger->addWriter(new Zend_Log_Writer_Stream($log_path));
                 $filter = new Zend_Log_Filter_Priority(Zend_Log::DEBUG);
                 $logger->addFilter($filter);
                 foreach ($messages as $i => $message) {
                     if ($i-- > 1) {
                         // $messages[2] and up are log messages
                         $message = str_replace("\n", "\n  ", $message);
                         $logger->log("Ldap: {$i}: {$message}", Zend_Log::DEBUG);
                     }
                 }
             }
             // if authentication was successfull and user is not already in OPUS DB
             // register user as publisher to OPUS database
             try {
                 $account = new Opus_Account(null, null, $this->_login);
             } catch (Exception $ex) {
                 if ($result->isValid() === true) {
                     $user = new Zend_Session_Namespace('loggedin');
                     $user->usernumber = $this->_login;
                     $account = new Opus_Account();
                     $account->setLogin($this->_login);
                     $account->setPassword($this->_password);
                     $account->store();
                     $roles = Opus_Role::getAll();
                     // look for the publisher role in OPUS DB
                     foreach ($roles as $role) {
                         if ($role->getDisplayName() === 'publisher') {
                             $publisherId = $role->getId();
                         }
                         if ($role->getDisplayName() === 'administrator') {
                             $adminId = $role->getId();
                         }
                     }
                     if ($publisherId > 0) {
                         $accessRole = new Opus_Role($publisherId);
                     } else {
                         // if there is no publisher role in DB, create it
                         $accessRole = new Opus_Role();
                         $accessRole->setName('publisher');
                         // the publisher role needs publish access!
                         $privilege = new Opus_Privilege();
                         $privilege->setPrivilege('publish');
                         $accessRole->addPrivilege($privilege);
                         $accessRole->store();
                     }
                     if ($adminId > 0) {
                         $adminRole = new Opus_Role($adminId);
                     } else {
                         // if there is no publisher role in DB, create it
                         $adminRole = new Opus_Role();
                         $adminRole->setName('administrator');
                         // the publisher role needs publish access!
                         $adminprivilege = new Opus_Privilege();
                         $adminprivilege->setPrivilege('administrate');
                         $adminRole->addPrivilege($adminprivilege);
                         $adminRole->store();
                     }
                     if (in_array($this->_login, $admins) === true) {
                         $account->addRole($adminRole);
                     } else {
                         $account->addRole($accessRole);
                     }
                     $account->store();
                 }
             }
         } catch (Zend_Auth_Adapter_Exception $e) {
             throw $e;
         }
     }
     return $result;
 }
Пример #7
0
 public function getRecipients($users = null)
 {
     if (!is_array($users)) {
         $users = array($users);
     }
     $allRecipients = array();
     foreach ($users as $user) {
         $account = Opus_Account::fetchAccountByLogin($user);
         if (is_null($account)) {
             $this->_logger->warn(__CLASS__ . ": User '{$user}' does not exist... skipping mail.");
             continue;
         }
         $mail = $account->getEmail();
         if (is_null($mail) or trim($mail) == '') {
             $this->_logger->warn(__CLASS__ . ": No mail address for user '{$user}'... skipping mail.");
             continue;
         }
         $allRecipients[] = array('name' => $account->getFirstName() . ' ' . $account->getLastName(), 'address' => $mail);
     }
     return $allRecipients;
 }
Пример #8
0
 public function testAccessUserToFileRegression3281()
 {
     $this->enableSecurity();
     // test document access as user with document access rights
     $doc = $this->createTestDocument();
     $doc->setServerState('published');
     $publishedDocId = $doc->store();
     $doc = $this->createTestDocument();
     $doc->setServerState('unpublished');
     $unpublishedDocId = $doc->store();
     $testRole = new Opus_UserRole();
     $testRole->setName('test_access');
     $testRole->appendAccessDocument($unpublishedDocId);
     $testRole->appendAccessDocument($publishedDocId);
     $this->roleId = $testRole->store();
     $userAccount = new Opus_Account();
     $userAccount->setLogin('test_account')->setPassword('role_tester_user2');
     $userAccount->setRole($testRole);
     $this->userId = $userAccount->store();
     $this->loginUser('test_account', 'role_tester_user2');
     $this->tryAccessForDocument($publishedDocId, true);
     $this->tryAccessForDocument($unpublishedDocId, true);
     $this->logoutUser();
 }
 /**
  * Get a list of all accounts with reviewer role.
  *
  * @return array
  */
 private function __fetchReviewers()
 {
     $role = Opus_UserRole::fetchByName('reviewer');
     $reviewerSelect = array('' => '-- please choose --');
     foreach ($role->getAllAccountIds() as $id) {
         $user = new Opus_Account($id);
         $login = strtolower($user->getLogin());
         if (is_null($user)) {
             $this->getLogger()->warn("-- skipping name: " . $login . " (user does not exist)");
             continue;
         }
         $key = $user->getId();
         $firstname = trim($user->getFirstName());
         $lastname = trim($user->getLastName());
         $displayValue = "--- user-id: " . $key . ' ---';
         if (!empty($firstname) or !empty($lastname)) {
             $displayValue = $lastname . ", " . $firstname;
         } else {
             $this->getLogger()->warn("-- incomplete name: " . $login . " (missing first/last name)");
         }
         $reviewerSelect[$key] = $displayValue;
     }
     asort($reviewerSelect);
     return $reviewerSelect;
 }
Пример #10
0
 public function testEditValidationSameAccount()
 {
     $user = new Opus_Account(null, null, 'user');
     $form = new Admin_Form_Account($user->getId());
     // check that form was populated
     $this->assertEquals('user', $form->getElement('username')->getValue());
     $postData = array('username' => 'user', 'oldLogin' => 'user', 'roleguest' => '1', 'password' => 'notchanged', 'confirmPassword' => 'notchanged');
     $this->assertTrue($form->isValid($postData));
 }
Пример #11
0
 /**
  * Deletes account.
  */
 public function deleteAction()
 {
     $accountId = $this->getRequest()->getParam('id');
     $message = null;
     if (!empty($accountId)) {
         $account = new Opus_Account($accountId);
         if (!empty($account)) {
             $currentUser = Zend_Auth::getInstance()->getIdentity();
             // Check that user does not delete himself and protect admin
             // account
             if ($currentUser === strtolower($account->getLogin())) {
                 $message = 'admin_account_error_delete_self';
             } else {
                 if (strtolower($account->getLogin()) === 'admin') {
                     $message = 'admin_account_error_delete_admin';
                 } else {
                     $account->delete();
                 }
             }
         } else {
             $message = 'admin_account_error_badid';
         }
     } else {
         $message = 'admin_account_error_missingid';
     }
     $messages = array();
     if ($message === null) {
         $messages['notice'] = $this->view->translate('admin_account_delete_success');
     } else {
         $messages['failure'] = $this->view->translate($message);
     }
     $this->_redirectTo('index', $messages);
 }
Пример #12
0
 public function getSubmitter()
 {
     $return = array();
     foreach ($this->document->getEnrichment() as $e) {
         if ($e->getKeyName() != 'submitter.user_id') {
             continue;
         }
         $user_id = $e->getValue();
         $account = new Opus_Account($user_id);
         $return[$account->getId()] = strtolower($account->getLogin());
     }
     return $return;
 }
Пример #13
0
 * Foundation and the European Regional Development Fund.
 *
 * LICENCE
 * OPUS is free software; you can redistribute it and/or modify it under the
 * terms of the GNU General Public License as published by the Free Software
 * Foundation; either version 2 of the Licence, or any later version.
 * OPUS is distributed in the hope that it will be useful, but WITHOUT ANY
 * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
 * details. You should have received a copy of the GNU General Public License 
 * along with OPUS; if not, write to the Free Software Foundation, Inc., 51 
 * Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 *
 * @category    Application
 * @author      Thoralf Klein <*****@*****.**>
 * @copyright   Copyright (c) 2009-2010, OPUS 4 development team
 * @license     http://www.gnu.org/licenses/gpl.html General Public License
 * @version     $Id: change-password.php 8423 2011-05-27 16:58:20Z sszott $
 */
// Bootstrapping
require_once dirname(__FILE__) . '/common/bootstrap.php';
$programm = array_shift($argv);
if (count($argv) < 2) {
    echo "usage: {$programm} [name of existing user] [new password]\n";
    exit;
}
$username = array_shift($argv);
$password = array_shift($argv);
// Set passwort of $user to $password.
$a = new Opus_Account(null, null, $username);
$a->setPassword($password)->store();
 /**
  * Simple test action to check "add" module.
  */
 public function testChangePasswordAction()
 {
     $this->addTestAccountWithRoles();
     // Test if changing password works...
     $password = "******" . rand();
     $requestData = array('login' => $this->login, 'password' => $password);
     /* Creating first collection to work with. */
     $this->request->setMethod('POST')->setPost($requestData);
     $this->dispatch('/remotecontrol/account/change-password');
     // Make sure, this request returned successfully.
     $this->assertResponseCode(200);
     $this->assertController('account');
     $this->assertAction('change-password');
     $body = $this->getResponse()->getBody();
     $this->checkForBadStringsInHtml($body);
     $this->assertContains('SUCCESS', $body);
     // Test if created account really exists...
     $account = Opus_Account::fetchAccountByLogin($this->login);
     $this->assertTrue($account instanceof Opus_Account);
     $this->assertEquals($this->login, $account->getLogin());
     $this->assertTrue($account->isPasswordCorrect($password));
     $this->assertFalse($account->isPasswordCorrect($this->password));
 }
Пример #15
0
 /**
  * Performs an authentication attempt
  *
  * @throws Zend_Auth_Adapter_Exception If authentication cannot be performed.
  * @return Zend_Auth_Result
  */
 public function authenticate()
 {
     // Try to get the account information
     try {
         $account = new Opus_Account(null, null, $this->_login);
     } catch (Exception $ex) {
         return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_IDENTITY_NOT_FOUND, $this->_login, array('auth_error_invalid_credentials'));
     }
     // Check if password is correcct, but for old hashes.  Neede for
     // migrating md5-hashed passwords to SHA1-hashes.
     if ($account->isPasswordCorrectOldHash($this->_password) === true) {
         Zend_Registry::get('Zend_Log')->warn('Migrating old password-hash for user: '******'auth_login_success'));
     }
     return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_CREDENTIAL_INVALID, $this->_login, array('auth_error_invalid_credentials'));
 }
 /**
  * Test changing login.
  */
 public function testChangeLoginSuccess()
 {
     $config = Zend_Registry::get('Zend_Config');
     $config->account->editOwnAccount = 1;
     $this->deleteUser('john2');
     $this->loginUser('john', 'testpwd');
     $this->getRequest()->setMethod('POST')->setPost(array('username' => 'john2', 'firstname' => '', 'lastname' => '', 'email' => ''));
     $this->dispatch('/account/index/save');
     $this->assertRedirect();
     // Check if new user exists (with proper password) and old does not...
     $account = Opus_Account::fetchAccountByLogin('john2');
     $this->assertNotNull($account);
     $this->assertTrue($account->isPasswordCorrect('testpwd'));
     $account = Opus_Account::fetchAccountByLogin('john');
     $this->assertNull($account);
     // Delete user 'john2' if we're done...
     $this->deleteUser('john2');
 }
Пример #17
0
 /**
  * Stores the accounts credentials. Throws exception if something failes
  * during the store operation.
  *
  * @throws Opus_Security_Exception If storing failes.
  * @return void
  */
 public function store()
 {
     // Check for a proper credentials
     if ($this->isValid() === false) {
         throw new Opus_Security_Exception('Credentials are invalid.');
     }
     // Check if there is a account with the same
     // loginname before creating a new record.
     if (is_null($this->getId()) === true) {
         $row = Opus_Account::fetchAccountRowByLogin($this->getLogin());
         if (is_null($row) === false) {
             throw new Opus_Security_Exception('Account with login name ' . $this->getLogin() . ' already exists.');
         }
     }
     // Now really store.
     try {
         return parent::store();
     } catch (Exception $ex) {
         $logger = Zend_Registry::get('Zend_Log');
         if (null !== $logger) {
             $message = "Unknown exception while storing account: ";
             $message .= $ex->getMessage();
             $logger->err(__METHOD__ . ': ' . $message);
         }
         $message = "Caught exception.  Please consult the server logfile.";
         throw new Opus_Security_Exception($message);
     }
 }
Пример #18
0
 /**
  * Save account information.
  * @return <type>
  *
  * TODO move logic into model or form
  */
 public function saveAction()
 {
     $login = Zend_Auth::getInstance()->getIdentity();
     $config = $this->getConfig();
     $logger = $this->getLogger();
     if (!empty($login) && $this->getRequest()->isPost()) {
         $accountForm = new Account_Form_Account();
         $account = new Opus_Account(null, null, $login);
         $accountForm->populateFromModel($account);
         $postData = $this->getRequest()->getPost();
         $isPasswordChanged = true;
         if (empty($postData['password'])) {
             // modify to pass default validation
             // TODO think about better solution
             $postData[Account_Form_Account::ELEMENT_PASSWORD] = 'notchanged';
             $postData[Account_Form_Account::ELEMENT_CONFIRM_PASSWORD] = 'notchanged';
             $isPasswordChanged = false;
         }
         // check if username was provided and if it may be changed
         if (!isset($postData['username']) || isset($config->account->editPasswordOnly) && $config->account->editPasswordOnly || isset($config->account->changeLogin) && !$config->account->changeLogin) {
             $postData['username'] = $login;
         }
         $postData['oldLogin'] = $login;
         if ($accountForm->isValid($postData)) {
             $account = new Opus_Account(null, null, $login);
             $newLogin = $postData['username'];
             $password = $postData['password'];
             $firstname = $postData['firstname'];
             $lastname = $postData['lastname'];
             $email = $postData['email'];
             $isLoginChanged = false;
             if (isset($config->account->editPasswordOnly) && !$config->account->editPasswordOnly) {
                 $account->setFirstName($firstname);
                 $account->setLastName($lastname);
                 $account->setEmail($email);
                 $logger->debug('login = '******'new login = '******'admin') {
                     $logger->debug('login changed');
                     $account->setLogin($newLogin);
                 }
             }
             if ($isPasswordChanged) {
                 $logger->debug('Password changed');
                 $account->setPassword($password);
             }
             $account->store();
             if ($isLoginChanged || $isPasswordChanged) {
                 Zend_Auth::getInstance()->clearIdentity();
             }
         } else {
             $actionUrl = $this->view->url(array('action' => 'save'));
             $accountForm->setAction($actionUrl);
             return $this->renderForm($accountForm);
         }
     }
     $this->_helper->redirector('index');
 }
 public function testUserAccessToInstituteWithInstituteRightsRegression3245()
 {
     $testRole = new Opus_UserRole();
     $testRole->setName('TestRole');
     $testRole->appendAccessModule('admin');
     $testRole->appendAccessModule('resource_institutions');
     $this->roleId = $testRole->store();
     $userAccount = new Opus_Account();
     $userAccount->setLogin('role_tester')->setPassword('role_tester');
     $userAccount->setRole($testRole);
     $this->userId = $userAccount->store();
     $this->enableSecurity();
     $this->loginUser('role_tester', 'role_tester');
     $this->useEnglish();
     $this->dispatch('/admin/dnbinstitute/edit/id/1');
     $this->assertNotRedirect();
     $this->assertNotRedirectTo('/auth', 'User is not able to edit dnb-institutions, ' . 'although he has the right to do it');
     $this->assertQueryContentContains('//label', 'Department', 'User is not able to edit dnb-institutions, ' . 'although he has the right to do it');
 }
 public function testHideDeleteLinkForCurrentUser()
 {
     $this->enableSecurity();
     $this->loginUser('security4', 'security4pwd');
     $this->dispatch('/admin/account');
     $this->assertResponseCode(200, $this->getResponse()->getBody());
     $this->logoutUser();
     $this->restoreSecuritySetting();
     $user = new Opus_Account(null, null, 'security4');
     $this->assertQueryCount("a[@href='" . $this->getRequest()->getBaseUrl() . "/admin/account/delete/id/" . $user->getId() . "']", 0, "There should be no delete link for current user'.");
 }