public function testShouldRefuseMultipleRequestsInShortInterval() { $user_data = UserFactory::generateUser(); $r = new Request(array('email' => $user_data['email'])); $response = ResetController::apiCreate($r); try { ResetController::apiCreate($r); } catch (InvalidParameterException $expected) { $message = $expected->getMessage(); } $this->assertEquals('passwordResetMinWait', $message); // time travel $reset_sent_at = ApiUtils::GetStringTime(time() - PASSWORD_RESET_MIN_WAIT - 1); $user = UsersDAO::FindByEmail($user_data['email']); $user->setResetSentAt($reset_sent_at); UsersDAO::save($user); ResetController::apiCreate($r); }
/** * Given a username or a email, returns the user object * * @param type $userOrEmail * @return User * @throws ApiException * @throws InvalidDatabaseOperationException * @throws InvalidParameterException */ public static function resolveUser($userOrEmail) { Validators::isStringNonEmpty($userOrEmail, 'Username or email not found'); $user = null; try { if (!is_null($user = UsersDAO::FindByEmail($userOrEmail)) || !is_null($user = UsersDAO::FindByUsername($userOrEmail))) { return $user; } else { throw new NotFoundException('userOrMailNotFound'); } } catch (ApiException $apiException) { throw $apiException; } catch (Exception $e) { throw new InvalidDatabaseOperationException($e); } return $user; }
public function LoginViaFacebook() { //ok, the user does not have any auth token //if he wants to test facebook login //Facebook must send me the state=something //query, so i dont have to be testing //facebook sessions on every single petition //made from the front-end if (!isset($_GET['state'])) { return false; } //if that is not true, may still be logged with //facebook, lets test that $facebook = self::getFacebookInstance(); // Get User ID $fb_user = $facebook->getUser(); if ($fb_user == 0) { self::$log->info('FB session unavailable.'); return false; } // We may or may not have this data based on whether the user is logged in. // If we have a $fb_user id here, it means we know the user is logged into // Facebook, but we don't know if the access token is valid. An access // token is invalid if the user logged out of Facebook. try { // Proceed knowing you have a logged in user who's authenticated. $fb_user_profile = $facebook->api('/me'); } catch (FacebookApiException $e) { $fb_user = null; self::$log->error('FacebookException:' . $e); return false; } //ok we know the user is logged in, //lets look for his information on the database //if there is none, it means that its the first //time the user has been here, lets register his info self::$log->info('User is logged in via facebook !!'); $results = UsersDAO::FindByEmail($fb_user_profile['email']); if (!is_null($results)) { //user has been here before with facebook! $vo_User = $results; self::$log->info('user has been here before with facebook!'); } else { // The user has never been here before, let's register him // I have a problem with this: $username = self::getUniqueUsernameFromEmail($fb_user_profile['email']); // Even if the user gave us his/her email, we should not // just go ahead and assume its ok to share with the world // maybe we could do: // $username = str_replace(" ", "_", $fb_user_profile["name"] ), UserController::$permissionKey = uniqid(); $r = new Request(array('name' => $fb_user_profile['name'], 'username' => $username, 'email' => $fb_user_profile['email'], 'facebook_user_id' => $fb_user_profile['id'], 'password' => null, 'permission_key' => UserController::$permissionKey, 'ignore_password' => true)); try { $res = UserController::apiCreate($r); } catch (ApiException $e) { self::$log->error('Unable to login via Facebook ' . $e); return false; } $vo_User = UsersDAO::getByPK($res['user_id']); } //since we got here, this user does not have //any auth token, lets give him one //so we dont have to call facebook to see //if he is still logged in, and he can call //the api $this->RegisterSession($vo_User); }
/** * Test update main email api */ public function testUpdateMainEmail() { $user = UserFactory::createUser(); $r = new Request(array("auth_token" => self::login($user), "email" => "*****@*****.**")); $response = UserController::apiUpdateMainEmail($r); // Check email in db $user_in_db = UsersDAO::FindByEmail("*****@*****.**"); $this->assertEquals($user->getUserId(), $user_in_db->getUserId()); }
private static function validateUpdateRequest($r) { $user = UsersDAO::FindByEmail($r['email']); $reset_token = $r['reset_token']; $password = $r['password']; $password_confirmation = $r['password_confirmation']; if (is_null($user) || is_null($reset_token) || is_null($password) || is_null($password_confirmation)) { throw new InvalidParameterException('invalidParameters'); } if ($user->reset_digest !== hash('sha1', $reset_token)) { throw new InvalidParameterException('invalidResetToken'); } if ($password !== $password_confirmation) { throw new InvalidParameterException('passwordMismatch'); } SecurityTools::testStrongPassword($password); $seconds = time() - strtotime($user->reset_sent_at); if ($seconds > PASSWORD_RESET_TIMEOUT) { throw new InvalidParameterException('passwordResetResetExpired'); } }
public static function FindByEmail($keyWord, $index = 0, $limit = 10) { $index = (int) $index; $limit = (int) $limit; $keyWord = addslashes($keyWord); return UsersDAO::FindByEmail($keyWord, $index, $limit); }
public function testShouldLogInWithNewPassword() { $user_data = UserFactory::generateUser(); $r = new Request(array('email' => $user_data['email'])); $create_response = ResetController::apiCreate($r); $reset_token = $create_response['token']; $user_data['reset_token'] = $reset_token; $new_password = '******'; $user_data['password'] = $new_password; $user_data['password_confirmation'] = $new_password; $r = new Request($user_data); $user = UsersDAO::FindByEmail($user_data['email']); ResetController::apiUpdate($r); $user->password = $new_password; $this->login($user); }