public function postRegister()
{
$validator = $this->registerValidator();
if ($validator->fails()) {
if ($this->request->wantsJson()) {
return $this->respondWithError('Validation Failed', 400, ['validatonErrors' => $validator->errors()]);
}
return redirect()->to(config('stormpath.web.register.uri'))->withErrors($validator)->withInput();
}
try {
$registerFields = $this->setRegisterFields();
$account = \Stormpath\Resource\Account::instantiate($registerFields);
$application = app('stormpath.application');
$account = $application->createAccount($account);
if ($this->request->wantsJson()) {
return $this->respondWithAccount($account);
}
if (config('stormpath.web.verifyEmail.enabled') == true) {
return redirect()->route('stormpath.login', ['status' => 'unverified']);
}
if (config('stormpath.web.register.autoAuthorize') == false) {
return redirect()->route('stormpath.login', ['status' => 'created']);
}
$login = isset($registerFields['username']) ? $registerFields['username'] : null;
$login = isset($registerFields['email']) ? $registerFields['email'] : $login;
$result = $this->authenticate($login, $registerFields['password']);
return redirect()->to(config('stormpath.web.register.nextUri'))->withCookies([config('stormpath.web.accessTokenCookie.name') => cookie(config('stormpath.web.accessTokenCookie.name'), $result->getAccessTokenString(), $result->getExpiresIn(), config('stormpath.web.accessTokenCookie.path'), config('stormpath.web.accessTokenCookie.domain'), config('stormpath.web.accessTokenCookie.secure'), config('stormpath.web.accessTokenCookie.httpOnly')), config('stormpath.web.refreshTokenCookie.name') => cookie(config('stormpath.web.refreshTokenCookie.name'), $result->getRefreshTokenString(), $result->getExpiresIn(), config('stormpath.web.refreshTokenCookie.path'), config('stormpath.web.refreshTokenCookie.domain'), config('stormpath.web.refreshTokenCookie.secure'), config('stormpath.web.refreshTokenCookie.httpOnly'))]);
} catch (\Stormpath\Resource\ResourceError $re) {
if ($this->request->wantsJson()) {
return $this->respondWithError($re->getMessage(), $re->getStatus());
}
return redirect()->to(config('stormpath.web.register.uri'))->withErrors(['errors' => [$re->getMessage()]])->withInput();
}
}
protected static function init()
{
self::$application = \Stormpath\Resource\Application::instantiate(array('name' => 'Main App for the tests' . md5(time() . microtime() . uniqid()), 'description' => 'Description of Main App', 'status' => 'enabled'));
self::createResource(\Stormpath\Resource\Application::PATH, self::$application, array('createDirectory' => true));
self::$account = \Stormpath\Resource\Account::instantiate(array('givenName' => 'Account Name', 'middleName' => 'Middle Name', 'surname' => 'Surname', 'username' => md5(time() . microtime() . uniqid()) . 'username', 'email' => md5(time() . microtime() . uniqid()) . '@unknown123.kot', 'password' => 'superP4ss'));
self::$application->createAccount(self::$account);
self::$inited = true;
}
public static function setUpBeforeClass()
{
parent::setUpBeforeClass();
self::$application = \Stormpath\Resource\Application::instantiate(array('name' => 'Main App for the tests' . md5(time()), 'description' => 'Description of Main App', 'status' => 'enabled'));
parent::createResource(\Stormpath\Resource\Application::PATH, self::$application, array('createDirectory' => true));
self::$account = \Stormpath\Resource\Account::instantiate(array('givenName' => 'PHP', 'middleName' => 'BasicRequestAuthenticator', 'surname' => 'Test', 'username' => md5(time() . microtime() . uniqid()) . 'username', 'email' => md5(time() . microtime() . uniqid()) . '@unknown123.kot', 'password' => 'superP4ss'));
self::$application->createAccount(self::$account);
}
public static function setUpBeforeClass()
{
parent::setUpBeforeClass();
self::$application = \Stormpath\Resource\Application::instantiate(array('name' => makeUniqueName('Application ApiRequestAuthenticatorTest'), 'description' => 'Application for ApiRequestAuthenticatorTest', 'status' => 'enabled'));
parent::createResource(\Stormpath\Resource\Application::PATH, self::$application, array('createDirectory' => true));
self::$account = \Stormpath\Resource\Account::instantiate(array('givenName' => 'PHP', 'middleName' => 'ApiRequestAuthenticatorTest', 'surname' => 'Test', 'username' => makeUniqueName('ApiRequestAuthenticatorTest'), 'email' => makeUniqueName('ApiRequestAuthenticatorTest') . '@unknown123.kot', 'password' => 'superP4ss'));
self::$application->createAccount(self::$account);
self::$apiKey = self::$account->createApiKey();
}
public static function setUpBeforeClass()
{
parent::setUpBeforeClass();
self::$application = \Stormpath\Resource\Application::instantiate(array('name' => uniqid() . 'ApplicationTest', 'description' => 'Description of Main App', 'status' => 'enabled'));
self::createResource(\Stormpath\Resource\Application::PATH, self::$application, array('createDirectory' => true));
self::$account = \Stormpath\Resource\Account::instantiate(array('givenName' => 'Account Name', 'middleName' => 'Middle Name', 'surname' => 'Surname', 'username' => 'username' . uniqid(), 'email' => 'username' . uniqid() . '@unknown123.kot', 'password' => 'superP4ss'));
self::$application->createAccount(self::$account);
self::$provider = new \Stormpath\StormpathUserProvider(self::$client, self::$application);
}
public function addUser()
{
$result = DB::table('user_table')->insert(['user_id' => $_POST['user_id'], 'user_name' => $_POST['user_name'], 'user_lastname' => $_POST['user_lastname'], 'user_firstname' => $_POST['user_firstname'], 'user_motto' => $_POST['user_motto'], 'email' => $_POST['email'], 'password' => $_POST['password'], 'avatar' => $_POST['avatar'], 'linked_account' => $_POST['linked_account'], 'linked_account_type' => $_POST['linked_account_type'], 'status' => $_POST['status'], 'location' => $_POST['location'], 'background_img' => $_POST['background_img'], 'insert_date' => DB::raw('CURRENT_TIMESTAMP'), 'update_at' => $_POST['update_at']]);
//此处前台必须添加限制
$id = $_ENV['STORMPATH_ID'];
$secret = $_ENV['STORMPATH_SECRET'];
\Stormpath\Client::$apiKeyProperties = "apiKey.id={$id}\napiKey.secret={$secret}";
$application = \Stormpath\Resource\Application::get($_ENV['STORMPATH_APPLICATION']);
$account = \Stormpath\Resource\Account::instantiate(array('givenName' => $_POST['user_firstname'], 'surname' => $_POST['user_lastname'], 'email' => $_POST['email'], 'password' => $_POST['password']));
$application->createAccount($account);
return response()->json(['result' => $result]);
}
public function testCreateAccount()
{
$directory = self::$directory;
$directory->status = 'enabled';
$directory->save();
$account = \Stormpath\Resource\Account::instantiate(array('givenName' => 'Account Name', 'surname' => 'Surname', 'email' => makeUniqueName('DirectoryTest createAccount') . '@unknown123.kot', 'password' => 'superP4ss'));
$directory->createAccount($account, array('registrationWorkflowEnabled' => false));
$account = \Stormpath\Resource\Account::get($account->href);
$this->assertContains('Main_Directory', $account->directory->name);
$this->assertEquals('Account Name', $account->givenName);
$account->delete();
}
/**
* @expectedException \Stormpath\Resource\ResourceError
*/
public function testDelete()
{
$group = \Stormpath\Resource\Group::instantiate(array('name' => 'Another New Group' . md5(time())));
self::$directory->createGroup($group);
$account = \Stormpath\Resource\Account::instantiate(array('givenName' => 'Account Name', 'surname' => 'Surname', 'email' => md5(time()) . '@unknown12345678.kot', 'password' => 'superP4ss'));
self::$directory->createAccount($account);
$groupMembership = \Stormpath\Resource\GroupMembership::create(array('account' => $account, 'group' => $group));
$groupMembership = \Stormpath\Resource\GroupMembership::get($groupMembership->href);
$this->assertInstanceOf('\\Stormpath\\Resource\\GroupMembership', $groupMembership);
$this->assertContains('Another New Group', $groupMembership->group->name);
$this->assertContains('@unknown12345678.kot', $groupMembership->account->email);
$href = $groupMembership->href;
$groupMembership->delete();
\Stormpath\Resource\GroupMembership::get($href);
}
public function testAddAccount()
{
$group = self::$group;
$email = makeUniqueName('GroupTest addAccount') . '@unknown123.kot';
$account = \Stormpath\Resource\Account::instantiate(array('givenName' => 'Account Name', 'surname' => 'Surname', 'email' => $email, 'password' => 'superP4ss'));
self::$directory->createAccount($account);
$group->addAccount($account);
$accountFound = false;
foreach ($group->accounts as $acc) {
if ($email == $acc->email) {
$accountFound = true;
break;
}
}
$account->delete();
$this->assertTrue($accountFound);
}
public function testImportingAPasswordViaStaticCreates()
{
// SomePassw0rd!
$username = md5(time() . microtime() . uniqid()) . 'username';
self::$application = \Stormpath\Resource\Application::instantiate(array('name' => 'Main App for passwordImport' . md5(time() . microtime() . uniqid()), 'description' => 'Description of Main App', 'status' => 'enabled'));
self::createResource(\Stormpath\Resource\Application::PATH, self::$application, array('createDirectory' => true));
$account = \Stormpath\Resource\Account::instantiate(array('givenName' => 'Account Name', 'middleName' => 'Middle Name', 'surname' => 'Surname', 'username' => $username, 'email' => md5(time() . microtime() . uniqid()) . '@unknown123.kot', 'password' => '$2a$08$VbNS17zvQNYtMyfRiYXxWuec2F2y3SuLB/e7hU8RWdcCxxluUB3m.'));
self::$application->createAccount($account, array('passwordFormat' => 'mcf'));
$result = self::$application->authenticate($username, 'SomePassw0rd!');
$this->assertEquals($username, $result->account->username);
$account->delete();
}
public function testApiKeyManagement()
{
$application = self::$application;
$account = \Stormpath\Resource\Account::instantiate(array('givenName' => 'Account Name', 'surname' => 'Surname', 'username' => md5(time()) . 'username', 'email' => md5(time()) . '@unknown123.kot', 'password' => 'superP4ss'));
$application->createAccount($account);
$account = \Stormpath\Resource\Account::get($account->href);
$newApiKey = $account->createApiKey();
$this->assertNotEmpty($newApiKey->id);
$apiKey = $application->getApiKey($newApiKey->id);
$this->assertEquals($newApiKey, $apiKey);
$encryptedApiKey = $application->getApiKey($newApiKey->id, array('encryptSecret' => true));
$this->assertEquals($apiKey->secret, $encryptedApiKey->secret);
$apiKey->status = 'DISABLED';
$apiKey->save();
$this->assertEquals('DISABLED', $apiKey->status);
$apiKey->delete();
$apiKey = $application->getApiKey($newApiKey->id);
$this->assertNull($apiKey);
$account->delete();
}
/**
* @expectedException \Stormpath\Resource\ResourceError
*/
public function testDelete()
{
$account = \Stormpath\Resource\Account::instantiate(array('givenName' => 'Account Name', 'middleName' => 'Middle Name', 'surname' => 'Surname', 'username' => md5(time() . microtime() . uniqid()) . 'username', 'email' => md5(time() . microtime() . uniqid()) . '@unknown123.kot', 'password' => 'superP4ss'));
self::$directory->createAccount($account);
$href = $account->href;
$account = \Stormpath\Resource\Account::get($href);
// make sure the account exists before deleting
$this->assertInstanceOf('Stormpath\\Resource\\Account', $account);
$this->assertEquals('Account Name', $account->givenName);
$account->delete();
// should throw the expected exception after deleting
\Stormpath\Resource\Account::get($href);
}
public function postRegister()
{
$validator = $this->registerValidator();
if ($validator->fails()) {
if ($this->request->wantsJson()) {
return $this->respondWithValidationErrorForJson($validator);
}
return redirect()->to(config('stormpath.web.register.uri'))->withErrors($validator)->withInput();
}
if (($errorFields = $this->isAcceptedPostFields($this->request->all())) !== true) {
return $this->respondWithErrorJson('We do not allow arbitrary data to be posted to an account\'s custom data object. `' . array_shift($errorFields) . '` is either disabled or not defined in the config.', 400);
}
try {
$registerFields = $this->setRegisterFields();
// the form has passed validation. It's time to fire the
// `UserIsRegistering` event
//
if (false === Event::fire(new UserIsRegistering($registerFields), [], true)) {
throw new ActionAbortedException();
}
$account = \Stormpath\Resource\Account::instantiate($registerFields);
app('cache.store')->forget('stormpath.application');
$application = app('stormpath.application');
$account = $application->createAccount($account);
// the account has been created. Now I need to add any non-standard
// fields from the `$registerFields` array to the
// `$account->customData` object and re-save the account
// a flag to track whether custom data has been added - if we don't
// add any custom data, we don't need to re-save the account
//
$customDataAdded = false;
// what follows here is a bit of a kludge. There is no easy way to
// determine which values in the `$registerFields` array are
// "normal" data and which are custom data for an account. This is
// because the `instantiate` method simply sends all the data to the
// server & doesn't check to see which values are used and which are
// not. So in the loop below, I am checking each item in the
// `$registerFields` array - if it exists as a property on the
// `$account` object, then it doesn't need to be added as a custom
// data value.
//
foreach ($registerFields as $key => $value) {
// make sure we're not adding the password or passwordConfirm
// fields
//
if ($key != 'password' && $key != 'confirmPassword') {
if ($account->{$key} != $registerFields[$key]) {
$account->customData->{$key} = $value;
$customDataAdded = true;
}
}
}
// was any custom data added? if so, save the account object
//
if ($customDataAdded) {
$account->save();
}
// the account has been created. Time to fire the
// `UserHasRegistered` event.
//
Event::fire(new UserHasRegistered($account));
if ($this->request->wantsJson()) {
return $this->respondWithAccount($account);
}
if (config('stormpath.web.verifyEmail.enabled') == true) {
return redirect()->route('stormpath.login', ['status' => 'unverified']);
}
if (config('stormpath.web.register.autoAuthorize') == false) {
return redirect()->route('stormpath.login', ['status' => 'created']);
}
$login = isset($registerFields['username']) ? $registerFields['username'] : null;
$login = isset($registerFields['email']) ? $registerFields['email'] : $login;
$result = $this->authenticate($login, $registerFields['password']);
$this->queueAccessToken($result->getAccessTokenString());
$this->queueRefreshToken($result->getRefreshTokenString());
return redirect()->to(config('stormpath.web.register.nextUri'));
} catch (\Stormpath\Resource\ResourceError $re) {
if ($this->request->wantsJson()) {
return $this->respondWithErrorJson($re->getMessage(), $re->getStatus());
}
return redirect()->to(config('stormpath.web.register.uri'))->withErrors(['errors' => [$re->getMessage()]])->withInput();
}
}
public function createAccount($overrides = [])
{
$account = \Stormpath\Resource\Account::instantiate(array_merge(['givenName' => 'Test', 'surname' => 'Account', 'email' => '*****@*****.**', 'password' => 'superP4ss!'], $overrides));
$account = $this->application->createAccount($account);
return $account;
}
public function testAuthenticateWithAccountStore()
{
$application = self::$application;
$groupA = new \stdClass();
$groupA->name = 'New Group in town A: ' . md5(time());
$groupA = \Stormpath\Resource\Group::instantiate($groupA);
$application->createGroup($groupA);
$groupB = new \stdClass();
$groupB->name = 'New Group in town B: ' . md5(time());
$groupB = \Stormpath\Resource\Group::instantiate($groupB);
$application->createGroup($groupB);
$accountStoreMappingA = \Stormpath\Resource\AccountStoreMapping::instantiate(array('accountStore' => $groupA));
$application->createAccountStoreMapping($accountStoreMappingA);
$accountStoreMappingB = \Stormpath\Resource\AccountStoreMapping::instantiate(array('accountStore' => $groupB));
$application->createAccountStoreMapping($accountStoreMappingB);
$account = \Stormpath\Resource\Account::instantiate(array('givenName' => 'Account Name', 'surname' => 'Surname', 'username' => 'super_unique_username', 'email' => '*****@*****.**', 'password' => 'superP4ss'));
$application->createAccount($account);
$groupA->addAccount($account);
$authenticationRequest = new \Stormpath\Authc\UsernamePasswordRequest('*****@*****.**', 'superP4ss', array('accountStore' => $accountStoreMappingA->getAccountStore()));
$result = $application->authenticateAccount($authenticationRequest);
$this->assertEquals('*****@*****.**', $result->account->email);
try {
$authenticationRequest = new \Stormpath\Authc\UsernamePasswordRequest('*****@*****.**', 'superP4ss', array('accountStore' => $accountStoreMappingB->getAccountStore()));
$application->authenticateAccount($authenticationRequest);
$account->delete();
$accountStoreMappingB->delete();
$accountStoreMappingA->delete();
$groupB->delete();
$groupA->delete();
$this->fail('Authentication should have failed.');
} catch (\Stormpath\Resource\ResourceError $re) {
$this->assertEquals(400, $re->getStatus());
$this->assertEquals(7104, $re->getErrorCode());
$this->assertContains('Invalid', $re->getMessage());
$this->assertEquals("Login attempt failed because there is no Account in the Application's associated Account Stores with the specified username or email.", $re->getDeveloperMessage());
$this->assertContains('7104', $re->getMoreInfo());
}
try {
new \Stormpath\Authc\UsernamePasswordRequest('*****@*****.**', 'superP4ss', array('accountStore' => 'not an instance of AccountStore'));
$this->fail('UsernamePasswordRequest instantiation should have failed.');
} catch (\InvalidArgumentException $iae) {
$this->assertEquals("The value for accountStore in the \$options array should be an instance of \\Stormpath\\Resource\\AccountStore", $iae->getMessage());
} catch (\Exception $e) {
$this->fail('UsernamePasswordRequest instantiation with wrong type for account store should have thrown InvalidArgumentException.');
}
$account->delete();
$accountStoreMappingB->delete();
$accountStoreMappingA->delete();
$groupB->delete();
$groupA->delete();
}
