/**
* @param \TYPO3\FLOW3\Security\Account $account
* @param array $password
* @FLOW3\Validate(argumentName="password", type="\TYPO3\TYPO3\Validation\Validator\PasswordValidator", options={ "allowEmpty"=1, "minimum"=1, "maximum"=255 })
* @return void
* @todo Handle validation errors for account (accountIdentifier) & check if there's another account with the same accountIdentifier when changing it
* @todo Security
*/
public function updateAction(\TYPO3\FLOW3\Security\Account $account, array $password = array())
{
$password = array_shift($password);
if (strlen(trim(strval($password))) > 0) {
$account->setCredentialsSource($this->hashService->hashPassword($password, 'default'));
}
$this->accountRepository->update($account);
$this->partyRepository->update($account->getParty());
$this->addFlashMessage('The user profile has been updated.');
$this->redirect('index');
}
/**
* Creates a new account and sets the given password and roles
*
* @param string $identifier Identifier of the account, must be unique
* @param string $password The clear text password
* @param array $roleIdentifiers Optionally an array of role identifiers to assign to the new account
* @param string $authenticationProviderName Optional name of the authentication provider the account is affiliated with
* @param string $passwordHashingStrategy Optional password hashing strategy to use for the password
* @return \TYPO3\FLOW3\Security\Account A new account, not yet added to the account repository
*/
public function createAccountWithPassword($identifier, $password, $roleIdentifiers = array(), $authenticationProviderName = 'DefaultProvider', $passwordHashingStrategy = 'default')
{
$roles = array();
foreach ($roleIdentifiers as $roleIdentifier) {
$roles[] = new \TYPO3\FLOW3\Security\Policy\Role($roleIdentifier);
}
$account = new \TYPO3\FLOW3\Security\Account();
$account->setAccountIdentifier($identifier);
$account->setCredentialsSource($this->hashService->hashPassword($password, $passwordHashingStrategy));
$account->setAuthenticationProviderName($authenticationProviderName);
$account->setRoles($roles);
return $account;
}
/**
* Sets isAuthenticated to TRUE for all tokens.
*
* @param \TYPO3\FLOW3\Security\Authentication\TokenInterface $authenticationToken The token to be authenticated
* @return void
* @throws \TYPO3\FLOW3\Security\Exception\UnsupportedAuthenticationTokenException
*/
public function authenticate(\TYPO3\FLOW3\Security\Authentication\TokenInterface $authenticationToken)
{
if (!$authenticationToken instanceof \TYPO3\FLOW3\Security\Authentication\Token\PasswordToken) {
throw new \TYPO3\FLOW3\Security\Exception\UnsupportedAuthenticationTokenException('This provider cannot authenticate the given token.', 1217339840);
}
$credentials = $authenticationToken->getCredentials();
if (is_array($credentials) && isset($credentials['password'])) {
if ($this->hashService->validatePassword($credentials['password'], $this->fileBasedSimpleKeyService->getKey($this->options['keyName']))) {
$authenticationToken->setAuthenticationStatus(\TYPO3\FLOW3\Security\Authentication\TokenInterface::AUTHENTICATION_SUCCESSFUL);
} else {
$authenticationToken->setAuthenticationStatus(\TYPO3\FLOW3\Security\Authentication\TokenInterface::WRONG_CREDENTIALS);
}
} elseif ($authenticationToken->getAuthenticationStatus() !== \TYPO3\FLOW3\Security\Authentication\TokenInterface::AUTHENTICATION_SUCCESSFUL) {
$authenticationToken->setAuthenticationStatus(\TYPO3\FLOW3\Security\Authentication\TokenInterface::NO_CREDENTIALS_GIVEN);
}
}
/**
* @test
*/
public function validateAndStripHmacReturnsTheStringWithoutHmac()
{
$string = ' Some arbitrary string with special characters: öäüß!"§$ ';
$hashedString = $this->hashService->appendHmac($string);
$actualResult = $this->hashService->validateAndStripHmac($hashedString);
$this->assertSame($string, $actualResult);
}
/**
* Returns an ActionRequest which referred to this request, if any.
*
* The referring request is not set or determined automatically but must be
* explicitly set through the corresponding internal argument "__referrer".
* This mechanism is used by FLOW3's form and validation mechanisms.
*
* @return \TYPO3\FLOW3\Mvc\ActionRequest the referring request, or NULL if no referrer found
*/
public function getReferringRequest()
{
if ($this->referringRequest !== NULL) {
return $this->referringRequest;
}
if (!isset($this->internalArguments['__referrer'])) {
return NULL;
}
if (is_array($this->internalArguments['__referrer'])) {
$referrerArray = $this->internalArguments['__referrer'];
$referringRequest = $this->getHttpRequest()->createActionRequest();
$arguments = array();
if (isset($referrerArray['arguments'])) {
$serializedArgumentsWithHmac = $referrerArray['arguments'];
$serializedArguments = $this->hashService->validateAndStripHmac($serializedArgumentsWithHmac);
$arguments = unserialize(base64_decode($serializedArguments));
unset($referrerArray['arguments']);
}
$referringRequest->setArguments(\TYPO3\FLOW3\Utility\Arrays::arrayMergeRecursiveOverrule($arguments, $referrerArray));
return $referringRequest;
} else {
$this->referringRequest = $this->internalArguments['__referrer'];
}
return $this->referringRequest;
}
/**
* Set a new password for the given user
*
* This allows for setting a new password for an existing user account.
*
* @param string $username Username of the account to modify
* @param string $password The new password
* @return void
*/
public function setPasswordCommand($username, $password)
{
$account = $this->accountRepository->findByAccountIdentifierAndAuthenticationProviderName($username, 'Typo3BackendProvider');
if (!$account instanceof \TYPO3\FLOW3\Security\Account) {
$this->outputLine('User "%s" does not exists.', array($username));
$this->quit(1);
}
$account->setCredentialsSource($this->hashService->hashPassword($password, 'default'));
$this->accountRepository->update($account);
$this->outputLine('The new password for user "%s" was set.', array($username));
}
/**
* Persists a key to the file system
*
* @param string $name
* @param string $password
* @return void
* @throws \TYPO3\FLOW3\Security\Exception
*/
protected function persistKey($name, $password)
{
$hashedPassword = $this->hashService->hashPassword($password, $this->passwordHashingStrategy);
$keyPathAndFilename = $this->getKeyPathAndFilename($name);
if (!is_dir($this->getPath())) {
Files::createDirectoryRecursively($this->getPath());
}
$result = file_put_contents($keyPathAndFilename, $hashedPassword);
if ($result === FALSE) {
throw new \TYPO3\FLOW3\Security\Exception(sprintf('The key could not be stored ("%s").', $keyPathAndFilename), 1305812921);
}
}
/**
* Sets isAuthenticated to TRUE for all tokens.
*
* @param \TYPO3\FLOW3\Security\Authentication\TokenInterface $authenticationToken The token to be authenticated
* @return void
* @throws \TYPO3\FLOW3\Security\Exception\UnsupportedAuthenticationTokenException
* @FLOW3\Session(autoStart=true)
*/
public function authenticate(\TYPO3\FLOW3\Security\Authentication\TokenInterface $authenticationToken)
{
if (!$authenticationToken instanceof \TYPO3\FLOW3\Security\Authentication\Token\UsernamePassword) {
throw new \TYPO3\FLOW3\Security\Exception\UnsupportedAuthenticationTokenException('This provider cannot authenticate the given token.', 1217339840);
}
$account = NULL;
$credentials = $authenticationToken->getCredentials();
if (is_array($credentials) && isset($credentials['username'])) {
$account = $this->accountRepository->findActiveByAccountIdentifierAndAuthenticationProviderName($credentials['username'], $this->name);
}
if (is_object($account)) {
if ($this->hashService->validatePassword($credentials['password'], $account->getCredentialsSource())) {
$authenticationToken->setAuthenticationStatus(\TYPO3\FLOW3\Security\Authentication\TokenInterface::AUTHENTICATION_SUCCESSFUL);
$authenticationToken->setAccount($account);
} else {
$authenticationToken->setAuthenticationStatus(\TYPO3\FLOW3\Security\Authentication\TokenInterface::WRONG_CREDENTIALS);
}
} elseif ($authenticationToken->getAuthenticationStatus() !== \TYPO3\FLOW3\Security\Authentication\TokenInterface::AUTHENTICATION_SUCCESSFUL) {
$authenticationToken->setAuthenticationStatus(\TYPO3\FLOW3\Security\Authentication\TokenInterface::NO_CREDENTIALS_GIVEN);
}
}
/**
* Initialize the property mapping configuration in $controllerArguments if
* the trusted properties are set inside the request.
*
* @param \TYPO3\FLOW3\Mvc\ActionRequest $request
* @param \TYPO3\FLOW3\Mvc\Controller\Arguments $controllerArguments
* @return void
*/
public function initializePropertyMappingConfigurationFromRequest(\TYPO3\FLOW3\Mvc\ActionRequest $request, \TYPO3\FLOW3\Mvc\Controller\Arguments $controllerArguments)
{
$trustedPropertiesToken = $request->getInternalArgument('__trustedProperties');
if (!is_string($trustedPropertiesToken)) {
return;
}
$serializedTrustedProperties = $this->hashService->validateAndStripHmac($trustedPropertiesToken);
$trustedProperties = unserialize($serializedTrustedProperties);
foreach ($trustedProperties as $propertyName => $propertyConfiguration) {
if (!$controllerArguments->hasArgument($propertyName)) {
continue;
}
$propertyMappingConfiguration = $controllerArguments->getArgument($propertyName)->getPropertyMappingConfiguration();
$this->modifyPropertyMappingConfiguration($propertyConfiguration, $propertyMappingConfiguration);
}
}
/**
* @param string $password
*/
public function setPassword($password)
{
$account = $this->getPrimaryAccount();
$account->setCredentialsSource($this->hashService->hashPassword($password));
}
