/**
* @param \TYPO3\FLOW3\Security\Account $account
* @param array $password
* @FLOW3\Validate(argumentName="password", type="\TYPO3\TYPO3\Validation\Validator\PasswordValidator", options={ "allowEmpty"=1, "minimum"=1, "maximum"=255 })
* @return void
* @todo Handle validation errors for account (accountIdentifier) & check if there's another account with the same accountIdentifier when changing it
* @todo Security
*/
public function updateAction(\TYPO3\FLOW3\Security\Account $account, array $password = array())
{
$password = array_shift($password);
if (strlen(trim(strval($password))) > 0) {
$account->setCredentialsSource($this->hashService->hashPassword($password, 'default'));
}
$this->accountRepository->update($account);
$this->partyRepository->update($account->getParty());
$this->addFlashMessage('The user profile has been updated.');
$this->redirect('index');
}
/**
* Returns TRUE, if the given property ($value) is a valid array consistent of two equal passwords and their length
* is between 'minimum' (defaults to 0 if not specified) and 'maximum' (defaults to infinite if not specified)
* to be specified in the validation options.
*
* If at least one error occurred, the result is FALSE.
*
* @param mixed $value The value that should be validated
* @return void
* @throws \TYPO3\FLOW3\Validation\Exception\InvalidSubjectException
*/
protected function isValid($value)
{
if (!is_string($value)) {
throw new \TYPO3\FLOW3\Validation\Exception\InvalidSubjectException('The given value was not a string.', 1325155784);
}
$authenticationProviderName = isset($this->options['authenticationProviderName']) ? $this->options['authenticationProviderName'] : 'Typo3BackendProvider';
$account = $this->accountRepository->findByAccountIdentifierAndAuthenticationProviderName($value, $authenticationProviderName);
if ($account !== NULL) {
$this->addError('The username is already in use.', 1325156008);
}
}
/**
* @param \TYPO3\FLOW3\Security\Account $account
* @return void
* @todo Security
*/
public function deleteAction(\TYPO3\FLOW3\Security\Account $account)
{
if ($this->securityContext->getAccount() === $account) {
$this->addFlashMessage('You can not remove current logged in user');
$this->redirect('index');
}
$this->accountRepository->remove($account);
$this->addFlashMessage('The user has been deleted.');
$this->redirect('index');
}
/**
* This method is called when the form of this step has been submitted
*
* @param array $formValues
* @return void
*/
public function postProcessFormValues(array $formValues)
{
$user = new \TYPO3\TYPO3\Domain\Model\User();
$name = new \TYPO3\Party\Domain\Model\PersonName('', $formValues['firstName'], '', $formValues['lastName'], '', $formValues['username']);
$user->setName($name);
$user->getPreferences()->set('context.workspace', 'user-' . $formValues['username']);
$this->partyRepository->add($user);
$account = $this->accountFactory->createAccountWithPassword($formValues['username'], $formValues['password'], array('Administrator'), 'Typo3BackendProvider');
$account->setParty($user);
$this->accountRepository->add($account);
}
/**
* Sets isAuthenticated to TRUE for all tokens.
*
* @param \TYPO3\FLOW3\Security\Authentication\TokenInterface $authenticationToken The token to be authenticated
* @return void
* @throws \TYPO3\FLOW3\Security\Exception\UnsupportedAuthenticationTokenException
* @FLOW3\Session(autoStart=true)
*/
public function authenticate(\TYPO3\FLOW3\Security\Authentication\TokenInterface $authenticationToken)
{
if (!$authenticationToken instanceof \TYPO3\FLOW3\Security\Authentication\Token\UsernamePassword) {
throw new \TYPO3\FLOW3\Security\Exception\UnsupportedAuthenticationTokenException('This provider cannot authenticate the given token.', 1217339840);
}
$account = NULL;
$credentials = $authenticationToken->getCredentials();
if (is_array($credentials) && isset($credentials['username'])) {
$account = $this->accountRepository->findActiveByAccountIdentifierAndAuthenticationProviderName($credentials['username'], $this->name);
}
if (is_object($account)) {
if ($this->hashService->validatePassword($credentials['password'], $account->getCredentialsSource())) {
$authenticationToken->setAuthenticationStatus(\TYPO3\FLOW3\Security\Authentication\TokenInterface::AUTHENTICATION_SUCCESSFUL);
$authenticationToken->setAccount($account);
} else {
$authenticationToken->setAuthenticationStatus(\TYPO3\FLOW3\Security\Authentication\TokenInterface::WRONG_CREDENTIALS);
}
} elseif ($authenticationToken->getAuthenticationStatus() !== \TYPO3\FLOW3\Security\Authentication\TokenInterface::AUTHENTICATION_SUCCESSFUL) {
$authenticationToken->setAuthenticationStatus(\TYPO3\FLOW3\Security\Authentication\TokenInterface::NO_CREDENTIALS_GIVEN);
}
}
/**
* Sets isAuthenticated to TRUE for all tokens.
*
* @param \TYPO3\FLOW3\Security\Authentication\TokenInterface $authenticationToken The token to be authenticated
* @return void
* @throws \TYPO3\FLOW3\Security\Exception\UnsupportedAuthenticationTokenException
* @FLOW3\Session(autoStart=true)
*/
public function authenticate(\TYPO3\FLOW3\Security\Authentication\TokenInterface $authenticationToken)
{
if (!$authenticationToken instanceof \TYPO3\FLOW3\Security\Authentication\Token\Typo3OrgSsoToken) {
throw new \TYPO3\FLOW3\Security\Exception\UnsupportedAuthenticationTokenException('This provider cannot authenticate the given token.', 1217339840);
}
$account = NULL;
$credentials = $authenticationToken->getCredentials();
if (is_array($credentials) && isset($credentials['username'])) {
$account = $this->accountRepository->findActiveByAccountIdentifierAndAuthenticationProviderName($credentials['username'], $this->name);
}
if (is_object($account)) {
$authenticationData = 'version=' . $credentials['version'] . '&user='******'username'] . '&tpa_id=' . $credentials['tpaId'] . '&expires=' . $credentials['expires'] . '&action=' . $credentials['action'] . '&flags=' . $credentials['flags'] . '&userdata=' . $credentials['userdata'];
if ($this->rsaWalletService->verifySignature($authenticationData, $credentials['signature'], $this->options['rsaKeyUuid']) && $credentials['expires'] > time()) {
$authenticationToken->setAuthenticationStatus(\TYPO3\FLOW3\Security\Authentication\TokenInterface::AUTHENTICATION_SUCCESSFUL);
$authenticationToken->setAccount($account);
} else {
$authenticationToken->setAuthenticationStatus(\TYPO3\FLOW3\Security\Authentication\TokenInterface::WRONG_CREDENTIALS);
}
} elseif ($authenticationToken->getAuthenticationStatus() !== \TYPO3\FLOW3\Security\Authentication\TokenInterface::AUTHENTICATION_SUCCESSFUL) {
$authenticationToken->setAuthenticationStatus(\TYPO3\FLOW3\Security\Authentication\TokenInterface::NO_CREDENTIALS_GIVEN);
}
}
/**
* Remove a role from a user
*
* @param string $username Email address of the user
* @param string $role Role ot be removed from the user
* @return void
*/
public function removeRoleCommand($username, $role)
{
$account = $this->accountRepository->findByAccountIdentifierAndAuthenticationProviderName($username, 'Typo3BackendProvider');
if (!$account instanceof \TYPO3\FLOW3\Security\Account) {
$this->outputLine('User "%s" does not exists.', array($username));
$this->quit(1);
}
$role = new \TYPO3\FLOW3\Security\Policy\Role($role);
if (!$account->hasRole($role)) {
$this->outputLine('User "%s" does not have the role "%s" assigned.', array($username, $role));
$this->quit(1);
}
$account->removeRole($role);
$this->accountRepository->update($account);
$this->outputLine('Removed role "%s" from user "%s".', array($role, $username));
}
/**
* @param \Planetflow3\Domain\Model\User $object
*/
public function remove($object)
{
$this->accountRepository->remove($object->getPrimaryAccount());
parent::remove($object);
}
