public function testUnauthorizedSessionRequest()
{
$user = $this->createUser(1);
Session::authenticate(['email' => $user['email'], 'password' => $this->user1['password']]);
//Using a new instance here. Prev instance is set for user resource.
$this->service = ServiceHandler::getService('system');
$this->setExpectedException('\\DreamFactory\\Core\\Exceptions\\UnauthorizedException');
$this->makeRequest(Verbs::GET, 'admin/session');
}
public function testUnauthorizedSessionRequest()
{
$user = $this->user1;
$this->makeRequest(Verbs::POST, 'user', [ApiOptions::FIELDS => '*', ApiOptions::RELATED => 'user_lookup_by_user_id'], [$user]);
Session::authenticate(['email' => $user['email'], 'password' => $user['password']]);
//Using a new instance here. Prev instance is set for user resource.
$this->service = ServiceHandler::getService('system');
$this->setExpectedException('\\DreamFactory\\Core\\Exceptions\\UnauthorizedException');
$this->makeRequest(Verbs::GET, static::RESOURCE . '/session');
}
public function testPATCHPassword()
{
$user = $this->createUser(1);
Arr::set($user, 'password', '1234');
$payload = json_encode($user, JSON_UNESCAPED_SLASHES);
$rs = $this->makeRequest(Verbs::PATCH, static::RESOURCE . '/' . $user['id'], [], $payload);
$content = $rs->getContent();
$this->assertFalse(Session::authenticate(['email' => $user['email'], 'password' => '1234']));
$this->assertTrue($this->adminCheck([$content]));
}
/**
* Performs login.
*
* @param array $credentials
* @param bool $remember
*
* @return array
* @throws BadRequestException
* @throws NotFoundException
* @throws UnauthorizedException
* @throws \Exception
*/
protected function handleLogin(array $credentials = [], $remember = false)
{
$email = ArrayUtils::get($credentials, 'email');
if (empty($email)) {
throw new BadRequestException('Login request is missing required email.');
}
$password = ArrayUtils::get($credentials, 'password');
if (empty($password)) {
throw new BadRequestException('Login request is missing required password.');
}
$credentials['is_active'] = 1;
// if user management not available then only system admins can login.
if (!class_exists('\\DreamFactory\\Core\\User\\Resources\\System\\User')) {
$credentials['is_sys_admin'] = 1;
}
if (Session::authenticate($credentials, $remember, true, static::getAppId())) {
return Session::getPublicInfo();
} else {
throw new UnauthorizedException('Invalid credentials supplied.');
}
}
/**
* Logs user in.
*
* @param $email
* @param $password
*
* @return bool
* @throws InternalServerErrorException
*/
protected static function userLogin($email, $password)
{
try {
$credentials = ['email' => $email, 'password' => $password];
Session::authenticate($credentials);
} catch (\Exception $ex) {
throw new InternalServerErrorException("Password set, but failed to login.\n{$ex->getMessage()}");
}
return true;
}
