/**
* @param AdapterChainEvent $e
*/
public function authenticate(AdapterChainEvent $e)
{
if (!$this->isValidRequestAndResponse()) {
return;
}
$serieToken = $this->getRememberMeService()->createNew($e->getIdentity());
$this->getCookieService()->writeSerie($this->getResponse(), $serieToken);
}
public function authenticate(AdapterChainEvent $e)
{
if ($this->isSatisfied()) {
$storage = $this->getStorage()->read();
$e->setIdentity($storage['identity'])->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.'));
return;
}
$identity = $e->getRequest()->getPost()->get('identity');
$credential = $e->getRequest()->getPost()->get('credential');
$userObject = null;
// Cycle through the configured identity sources and test each
$fields = $this->getOptions()->getAuthIdentityFields();
while (!is_object($userObject) && count($fields) > 0) {
$mode = array_shift($fields);
switch ($mode) {
case 'username':
$userObject = $this->getMapper()->findByUsername($identity);
break;
case 'email':
$userObject = $this->getMapper()->findByEmail($identity);
break;
}
}
if (!$userObject) {
$e->setCode(AuthenticationResult::FAILURE_IDENTITY_NOT_FOUND)->setMessages(array('A record with the supplied identity could not be found.'));
$this->setSatisfied(false);
return false;
}
if ($this->getOptions()->getEnableUserState()) {
// Don't allow user to login if state is not in allowed list
if (!in_array($userObject->getState(), $this->getOptions()->getAllowedLoginStates())) {
$e->setCode(AuthenticationResult::FAILURE_UNCATEGORIZED)->setMessages(array('A record with the supplied identity is not active.'));
$this->setSatisfied(false);
return false;
}
}
$bcrypt = new Bcrypt();
$bcrypt->setCost($this->getOptions()->getPasswordCost());
if (!$bcrypt->verify($credential, $userObject->getPassword())) {
// Password does not match
$e->setCode(AuthenticationResult::FAILURE_CREDENTIAL_INVALID)->setMessages(array('Supplied credential is invalid.'));
$this->setSatisfied(false);
return false;
}
// regen the id
$session = new SessionContainer($this->getStorage()->getNameSpace());
$session->getManager()->regenerateId();
// Success!
$e->setIdentity($userObject->getId());
// Update user's password hash if the cost parameter has changed
$this->updateUserPasswordHash($userObject, $credential, $bcrypt);
$this->setSatisfied(true);
$storage = $this->getStorage()->read();
$storage['identity'] = $e->getIdentity();
$this->getStorage()->write($storage);
$e->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.'));
}
public function testGeneratesSerieToken()
{
$event = new AdapterChainEvent();
$event->setIdentity(3);
$returnToken = new SerieToken(3, 'abc', 'def');
$returnToken->setExpiresAt(new \DateTime('+3 days'));
$this->rememberMeService->expects($this->once())->method('createNew')->with(3)->will($this->returnValue($returnToken));
$this->cookieService->expects($this->once())->method('writeSerie')->with($this->response, $returnToken);
$this->listener->authenticate($event);
}
public function authenticate(AuthEvent $e)
{
if ($this->isSatisfied()) {
$storage = $this->getStorage()->read();
$e->setIdentity($storage['identity'])->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.'));
return;
}
$identity = $e->getRequest()->post()->get('identity');
$credential = $e->getRequest()->post()->get('credential');
$credential = $this->preProcessCredential($credential);
$userObject = $this->getMapper()->findByEmail($identity);
if (!$userObject && ZfcUser::getOption('enable_username')) {
// Auth by username
$userObject = $this->getMapper()->findByUsername($identity);
}
if (!$userObject) {
$e->setCode(AuthenticationResult::FAILURE_IDENTITY_NOT_FOUND)->setMessages(array('A record with the supplied identity could not be found.'));
$this->setSatisfied(false);
return false;
}
$credentialHash = Password::hash($credential, $userObject->getPassword());
if ($credentialHash !== $userObject->getPassword()) {
// Password does not match
$e->setCode(AuthenticationResult::FAILURE_CREDENTIAL_INVALID)->setMessages(array('Supplied credential is invalid.'));
$this->setSatisfied(false);
return false;
}
// Success!
$e->setIdentity($userObject->getUserId());
$this->updateUserPasswordHash($userObject, $credential)->updateUserLastLogin($userObject)->setSatisfied(true);
$storage = $this->getStorage()->read();
$storage['identity'] = $e->getIdentity();
$this->getStorage()->write($storage);
$e->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.'));
}
/**
* {@inheritDoc}
*/
public function authenticate(AdapterChainEvent $e)
{
if ($e->getIdentity()) {
$user = $this->getEntityManager()->find('User\\Entity\\User', $e->getIdentity());
$registrationRecord = $this->getEntityManager()->getRepository('User\\Entity\\Registration')->findOneByUser($user);
if (!$registrationRecord || !$registrationRecord->getResponded()) {
$e->setCode(AuthenticationResult::FAILURE)->setMessages(['Email Address not verified yet']);
return false;
}
return true;
}
return false;
}
/**
* @param AdapterChainEvent $e
* @return bool
*/
public function authenticate(AdapterChainEvent $e)
{
if ($e->getIdentity()) {
$userObject = $this->userMapper->findById($e->getIdentity());
$registrationRecord = $this->userRegistrationMapper->findByUser($userObject);
if (!$registrationRecord || !$registrationRecord->isResponded()) {
$e->setCode(AuthenticationResult::FAILURE)->setMessages(array('Email Address not verified yet'));
return false;
}
return true;
}
return false;
}
/**
* {@inheritDoc}
*/
public function authenticate(AuthEvent $e)
{
// check if cookie needs to be set, only when prior auth has been successful
if ($e->getIdentity() !== null && $e->getRequest()->isPost() && array_key_exists('remember_me', $e->getRequest()->getPost())) {
$user = $this->getEntityManager()->find('User\\Entity\\User', $e->getIdentity());
// remove already set cookies
$rememberMe = $this->getEntityManager()->getRepository($this->getOptions()->getCookieEntityClass())->findOneByUser($user);
if ($rememberMe) {
$this->getCookieService()->removeCookie();
$this->getEntityManager()->remove($rememberMe);
$this->getEntityManager()->flush();
}
$this->getCookieService()->createSerie($user);
/**
* If the user has first logged in with a cookie,
* but afterwords login with identity/credential
* we remove the "cookieLogin" session.
*/
$session = new Container('zfcuser');
$session->offsetSet("cookieLogin", false);
return;
}
if ($this->isSatisfied()) {
$storage = $this->getStorage()->read();
$e->setIdentity($storage['identity'])->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.'));
return;
}
$cookies = $e->getRequest()->getCookie();
// no cookie present, skip authentication
if (!isset($cookies['remember_me'])) {
return false;
}
$cookie = explode("\n", $cookies['remember_me']);
$cookieUser = $this->getEntityManager()->find('User\\Entity\\User', $cookie[0]);
$rememberMe = $this->getEntityManager()->getRepository($this->getOptions()->getCookieEntityClass())->findOneBy(['user' => $cookieUser, 'sid' => $cookie[1]]);
if (!$rememberMe) {
$this->getCookieService()->removeCookie();
return false;
}
if ($rememberMe->getToken() !== $cookie[2]) {
$entities = $this->getEntityManager()->getRepository($this->getOptions()->getCookieEntityClass())->findByUser($user);
foreach ($entities as $entity) {
$this->getEntityManager()->remove($entity);
}
$this->getCookieService()->removeCookie();
$this->setSatisfied(false);
$e->setCode(AuthenticationResult::FAILURE)->setMessages(array('Possible identity theft detected.'));
$this->getEntityManager()->flush();
return false;
}
$this->getCookieService()->updateSerie($rememberMe);
$e->setIdentity($cookieUser->getId());
$this->setSatisfied(true);
$storage = $this->getStorage()->read();
$storage['identity'] = $e->getIdentity();
$this->getStorage()->write($storage);
$e->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.'));
$session = new Container('zfcuser');
$session->offsetSet("cookieLogin", true);
}
public function authenticate(AuthEvent $e)
{
if ($this->isSatisfied()) {
$storage = $this->getStorage()->read();
$e->setIdentity($storage['identity'])->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.'));
return;
}
$identity = $e->getRequest()->getPost()->get('identity');
$credential = $e->getRequest()->getPost()->get('credential');
$credential = $this->preProcessCredential($credential);
$userObject = NULL;
// Cycle through the configured identity sources and test each
$fields = $this->getOptions()->getAuthIdentityFields();
while (!is_object($userObject) && count($fields) > 0) {
$mode = array_shift($fields);
switch ($mode) {
case 'username':
$userObject = $this->getMapper()->findByUsername($identity);
break;
case 'email':
$userObject = $this->getMapper()->findByEmail($identity);
break;
}
}
if (!$userObject) {
$e->setCode(AuthenticationResult::FAILURE_IDENTITY_NOT_FOUND)->setMessages(array('A record with the supplied identity could not be found.'));
$this->setSatisfied(false);
return false;
}
$bcrypt = new Bcrypt();
$bcrypt->setCost($this->getOptions()->getPasswordCost());
if (!$bcrypt->verify($credential, $userObject->getPassword())) {
// Password does not match
$e->setCode(AuthenticationResult::FAILURE_CREDENTIAL_INVALID)->setMessages(array('Supplied credential is invalid.'));
$this->setSatisfied(false);
return false;
}
// Success!
$e->setIdentity($userObject->getId());
// Update user's password hash if the cost parameter has changed
$this->updateUserPasswordHash($userObject, $credential, $bcrypt);
$this->setSatisfied(true);
$storage = $this->getStorage()->read();
$storage['identity'] = $e->getIdentity();
$this->getStorage()->write($storage);
$e->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.'));
}
public function authenticate(AuthEvent $e)
{
$mapper = $this->getServiceManager()->get('apiuser_user_mapper');
$this->setMapper($mapper);
if ($this->isSatisfied()) {
$storage = $this->getStorage()->read();
$e->setIdentity($storage['identity'])->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.'));
return;
}
$identity = $e->getRequest()->getPost()->get('identity');
$credential = $e->getRequest()->getPost()->get('credential');
$credential = $this->preProcessCredential($credential);
$userObject = null;
// Cycle through the configured identity sources and test each
$fields = $this->getOptions()->getAuthIdentityFields();
while (!is_object($userObject) && count($fields) > 0) {
$mode = array_shift($fields);
switch ($mode) {
case 'apiKey':
$userObject = $this->getMapper()->findByApiKey($identity);
break;
}
}
if (!$userObject) {
$e->setCode(AuthenticationResult::FAILURE_IDENTITY_NOT_FOUND)->setMessages(array('A record with the supplied identity could not be found.'));
$this->setSatisfied(false);
return false;
}
if ($this->getOptions()->getEnableUserState()) {
// Don't allow user to login if state is not in allowed list
if (!in_array($userObject->getState(), $this->getOptions()->getAllowedLoginStates())) {
$e->setCode(AuthenticationResult::FAILURE_UNCATEGORIZED)->setMessages(array('A record with the supplied identity is not active.'));
$this->setSatisfied(false);
return false;
}
}
// Success!
$e->setIdentity($userObject->getId());
$this->setSatisfied(true);
$storage = $this->getStorage()->read();
$storage['identity'] = $e->getIdentity();
$this->getStorage()->write($storage);
$e->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.'));
}
public function testRequest()
{
$request = $this->getMock('Zend\\Stdlib\\RequestInterface');
$this->event->setRequest($request);
$this->assertInstanceOf('Zend\\Stdlib\\RequestInterface', $this->event->getRequest());
}
/**
* Realiza a autenticacao a partir do token de acesso
*
* @param AuthEvent $e
*
* @return bool
*/
public function authenticateByToken(AuthEvent $e)
{
if ($this->isSatisfied()) {
$storage = $this->getStorage()->read();
$e->setIdentity($storage['identity'])->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.'));
return true;
}
$hash = $e->getRequest()->getQuery()->get('userkey');
//voltar ao arrumar a gravação do hash
//$userObject = $this->getMapper()->findByHash($hash);
//remover
$userObject = $this->getMapper()->findById($hash);
if (!$userObject) {
$e->setCode(AuthenticationResult::FAILURE_IDENTITY_NOT_FOUND)->setMessages(array('falha identidade'));
$this->setSatisfied(false);
return false;
}
/* @var \Application\Entity\Usuario $userObject */
/*$validDate = new Carbon($userObject->getDataValidadeHash());
if ($validDate->diffInDays(Carbon::now(), false) > 0) {
$e->setCode(AuthenticationResult::FAILURE_IDENTITY_NOT_FOUND)
->setMessages(array(Mensagens::getMensagem('M05')));
$this->setSatisfied(false);
return false;
}*/
$this->getMapper()->resetAccessAttempts($userObject->getId());
$this->getMapper()->setLastAccess($userObject->getId());
// regen the id
$session = new SessionContainer($this->getStorage()->getNameSpace());
$session->getManager()->regenerateId();
// Success!
$e->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.'));
$e->setIdentity($userObject->getId());
$this->setSatisfied(true);
$storage = $this->getStorage()->read();
$storage['identity'] = $e->getIdentity();
$this->getStorage()->write($storage);
}
public function authenticate(AuthEvent $e)
{
$userObject = null;
$zulConfig = $this->serviceManager->get('ZfcUserLdap\\Config');
if ($this->isSatisfied()) {
$storage = $this->getStorage()->read();
$e->setIdentity($storage['identity'])->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.'));
return;
}
// Get POST values
$identity = $e->getRequest()->getPost()->get('identity');
$credential = $e->getRequest()->getPost()->get('credential');
// Start auth against LDAP
$ldapAuthAdapter = $this->serviceManager->get('ZfcUserLdap\\LdapAdapter');
if ($ldapAuthAdapter->authenticate($identity, $credential) !== true) {
// Password does not match
$e->setCode(AuthenticationResult::FAILURE_CREDENTIAL_INVALID)->setMessages(array('Supplied credential is invalid.'));
$this->setSatisfied(false);
return false;
}
$validator = new EmailAddress();
if ($validator->isValid($identity)) {
$ldapObj = $ldapAuthAdapter->findByEmail($identity);
} else {
$ldapObj = $ldapAuthAdapter->findByUsername($identity);
}
if (!is_array($ldapObj)) {
throw new UnexpectedExc('Ldap response is invalid returned: ' . var_export($ldapObj, true));
}
// LDAP auth Success!
$fields = $this->getOptions()->getAuthIdentityFields();
// Create the user object entity via the LDAP object
$userObject = $this->getMapper()->newEntity($ldapObj);
// If auto insertion is on, we will check against DB for existing user,
// then will create or update user depending on results and settings
if ($zulConfig['auto_insertion']['enabled']) {
$validator = new EmailAddress();
if ($validator->isValid($identity)) {
$userDbObject = $this->getMapper()->findByEmail($identity);
} else {
$userDbObject = $this->getMapper()->findByUsername($identity);
}
if ($userDbObject === false) {
$userObject = $this->getMapper()->updateDb($ldapObj, null);
} elseif ($zulConfig['auto_insertion']['auto_update']) {
$userObject = $this->getMapper()->updateDb($ldapObj, $userDbObject);
} else {
$userObject = $userDbObject;
}
}
// Something happened that should never happen
if (!$userObject) {
$e->setCode(AuthenticationResult::FAILURE_IDENTITY_NOT_FOUND)->setMessages(array('A record with the supplied identity could not be found.'));
$this->setSatisfied(false);
return false;
}
// We don't control state, however if someone manually alters
// the DB, this will throw the code then
if ($this->getOptions()->getEnableUserState()) {
// Don't allow user to login if state is not in allowed list
if (!in_array($userObject->getState(), $this->getOptions()->getAllowedLoginStates())) {
$e->setCode(AuthenticationResult::FAILURE_UNCATEGORIZED)->setMessages(array('A record with the supplied identity is not active.'));
$this->setSatisfied(false);
return false;
}
}
// Set the roles for stuff like ZfcRbac
$userObject->setRoles($this->getMapper()->getLdapRoles($ldapObj));
// Success!
$e->setIdentity($userObject);
$this->setSatisfied(true);
$storage = $this->getStorage()->read();
$storage['identity'] = $userObject;
$this->getStorage()->write($storage);
$e->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.'));
}
/**
* Realiza a autenticacao a partir do token de acesso
*
* @param AuthEvent $e
*
* @return bool
*/
public function authenticateByToken(AuthEvent $e)
{
if ($this->isSatisfied()) {
$storage = $this->getStorage()->read();
$e->setIdentity($storage['identity'])->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.'));
return true;
}
$hash = $e->getRequest()->getQuery()->get('userkey');
//voltar ao arrumar a gravação do hash
//$userObject = $this->getMapper()->findByHash($hash);
//remover
$userObject = $this->getMapper()->findById($hash);
if (!$userObject) {
$e->setCode(AuthenticationResult::FAILURE_IDENTITY_NOT_FOUND)->setMessages(array('ssMensagens'));
$this->setSatisfied(false);
return false;
}
$this->getMapper()->resetAccessAttempts($userObject->getId());
$this->getMapper()->setLastAccess($userObject->getId());
// regen the id
$session = new SessionContainer($this->getStorage()->getNameSpace());
$session->getManager()->regenerateId();
// Success!
$e->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.'));
$e->setIdentity($userObject->getId());
$this->setSatisfied(true);
$storage = $this->getStorage()->read();
$storage['identity'] = $e->getIdentity();
$this->getStorage()->write($storage);
}
public function authenticate(AuthEvent $authEvent)
{
if ($this->isSatisfied()) {
$storage = $this->getStorage()->read();
$authEvent->setIdentity($storage['identity'])->setCode(Result::SUCCESS)->setMessages(array('Authentication successful.'));
return;
}
$enabledProviders = $this->getOptions()->getEnabledProviders();
$provider = $authEvent->getRequest()->getMetadata('provider');
if (empty($provider) || !in_array($provider, $enabledProviders)) {
$authEvent->setCode(Result::FAILURE)->setMessages(array('Invalid provider'));
$this->setSatisfied(false);
return false;
}
try {
$hybridAuth = $this->getHybridAuth();
$adapter = $hybridAuth->authenticate($provider);
$userProfile = $adapter->getUserProfile();
$userProfile->email = $provider . ':' . $userProfile->email;
} catch (\Exception $ex) {
$authEvent->setCode(Result::FAILURE)->setMessages(array('Invalid provider'));
$this->setSatisfied(false);
return false;
}
if (!$userProfile) {
$authEvent->setCode(Result::FAILURE_IDENTITY_NOT_FOUND)->setMessages(array('A record with the supplied identity could not be found.'));
$this->setSatisfied(false);
return false;
}
$localUserProvider = $this->getMapper()->findUserByProviderId($userProfile->identifier, $provider);
if (false == $localUserProvider) {
if (!$this->getOptions()->getEnableSocialRegistration()) {
$authEvent->setCode(Result::FAILURE_IDENTITY_NOT_FOUND)->setMessages(array('A record with the supplied identity could not be found.'));
$this->setSatisfied(false);
return false;
}
$method = $provider . 'ToLocalUser';
if (method_exists($this, $method)) {
try {
$localUser = $this->{$method}($userProfile);
} catch (Exception\RuntimeException $ex) {
$authEvent->setCode($ex->getCode())->setMessages(array($ex->getMessage()))->stopPropagation();
$this->setSatisfied(false);
return false;
}
} else {
$localUser = $this->instantiateLocalUser();
$localUser->setDisplayName($userProfile->displayName)->setPassword($provider);
if (isset($userProfile->emailVerified) && !empty($userProfile->emailVerified)) {
$localUser->setEmail($userProfile->emailVerified);
}
$result = $this->insert($localUser, $provider, $userProfile);
}
$localUserProvider = clone $this->getMapper()->getEntityPrototype();
$localUserProvider->setUserId($localUser->getId())->setProviderId($userProfile->identifier)->setProvider($provider);
// Trigger register.pre event
$this->getEventManager()->trigger('register.pre', $this, array('user' => $localUser, 'userProvider' => $localUserProvider, 'userProfile' => $userProfile));
$this->getMapper()->insert($localUserProvider);
// Trigger register.post event
$this->getEventManager()->trigger('register.post', $this, array('user' => $localUser, 'userProvider' => $localUserProvider));
} else {
$mapper = $this->getZfcUserMapper();
$localUser = $mapper->findById($localUserProvider->getUserId());
if ($localUser instanceof UserInterface) {
$this->update($localUser, $provider, $userProfile);
}
}
$zfcUserOptions = $this->getZfcUserOptions();
if ($zfcUserOptions->getEnableUserState()) {
// Don't allow user to login if state is not in allowed list
$mapper = $this->getZfcUserMapper();
$user = $mapper->findById($localUserProvider->getUserId());
if (!in_array($user->getState(), $zfcUserOptions->getAllowedLoginStates())) {
$authEvent->setCode(Result::FAILURE_UNCATEGORIZED)->setMessages(array('A record with the supplied identity is not active.'));
$this->setSatisfied(false);
return false;
}
}
$authEvent->setIdentity($localUserProvider->getUserId());
$this->setSatisfied(true);
$storage = $this->getStorage()->read();
$storage['identity'] = $authEvent->getIdentity();
$this->getStorage()->write($storage);
$authEvent->setCode(Result::SUCCESS)->setMessages(array('Authentication successful.'));
}
public function authenticate(AuthEvent $e)
{
$mapper = new \ZfcUserLdap\Mapper\User($this->getServiceManager()->get('ldap_interface'), $this->getServiceManager()->get('zfcuser_module_options'));
$this->setMapper($mapper);
if ($this->isSatisfied()) {
$storage = $this->getStorage()->read();
$e->setIdentity($storage['identity'])->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.'));
return;
}
$identity = $e->getRequest()->getPost()->get('identity');
$credential = $e->getRequest()->getPost()->get('credential');
$userObject = NULL;
/*
* In some special case scenarios some LDAP providers allow LDAP
* logins via email address both as uid or as mail address lookup,
* so to provide an interface to both we do a validator instead of
* a loop to verify if it's an email address or not and pull the user.
*
* Authentication will then be done on the *actual* username set in LDAP
* which in some cases may be case sensitive which could cause an issue
* where users do not exist if their email was created with upper case
* letters and the user types in lower case.
*
* $fields = $this->getOptions()->getAuthIdentityFields();
*/
$zulConfig = $this->getServiceManager()->get('config')['ZfcUserLdap'];
// var_dump($zulConfig);
// var_dump($zulConfig['auto_insertion']['enabled']);
// exit();
$em = $this->getServiceManager()->get('doctrine.entitymanager.orm_default');
$validator = new \Zend\Validator\EmailAddress();
if ($validator->isValid($identity)) {
$userObject = $this->getMapper()->findByEmail($identity);
} else {
$userObject = $this->getMapper()->findByUsername($identity);
}
if (!$userObject) {
$e->setCode(AuthenticationResult::FAILURE_IDENTITY_NOT_FOUND)->setMessages(array('A record with the supplied identity could not be found.'));
$this->setSatisfied(false);
return false;
}
if ($this->getOptions()->getEnableUserState()) {
// Don't allow user to login if state is not in allowed list
if (!in_array($userObject->getState(), $this->getOptions()->getAllowedLoginStates())) {
$e->setCode(AuthenticationResult::FAILURE_UNCATEGORIZED)->setMessages(array('A record with the supplied identity is not active.'));
$this->setSatisfied(false);
return false;
}
}
if ($auth = $this->getMapper()->authenticate($userObject->getUsername(), $credential) !== TRUE) {
// var_dump($this->getMapper()->authenticate($userObject->getUsername(), $credential));
// exit();
// Password does not match
$e->setCode(AuthenticationResult::FAILURE_CREDENTIAL_INVALID)->setMessages(array($auth));
$this->setSatisfied(false);
return false;
}
// If auto insertion is on, we will check against DB for existing user,
// then will create or update user depending on results and settings
if ($zulConfig['auto_insertion']['enabled']) {
$validator = new \Zend\Validator\EmailAddress();
if ($validator->isValid($identity)) {
$userDbObject = $em->getRepository('ZfcUserLdap\\Entity\\User')->findOneBy(array('mail' => $identity));
} else {
$userDbObject = $em->getRepository('ZfcUserLdap\\Entity\\User')->findOneBy(array('username' => $identity));
}
if ($userDbObject === NULL) {
$supportedRoles = array();
$roles = $em->getRepository('ZfcUserLdap\\Entity\\Role')->findAll();
foreach ($roles as $role) {
$supportedRoles[$role->getRoleId()] = $role->getId();
}
$em->persist($userObject);
foreach ($userObject->getMemberof() as $k => $v) {
foreach ($roles as $r) {
if ($v == $r->getRoleId()) {
$userObject->addRole($r);
}
}
}
$roles = $em->getRepository('ZfcUserLdap\\Entity\\Role')->findBy(array("roleId" => "user"));
if (count($roles)) {
$userObject->addRole($roles[0]);
}
// var_dump($roles);
// exit();
$em->persist($userObject);
$em->flush();
} elseif ($zulConfig['auto_insertion']['auto_update']) {
$supportedRoles = array();
$roles = $em->getRepository('ZfcUserLdap\\Entity\\Role')->findAll();
foreach ($roles as $role) {
$supportedRoles[$role->getRoleId()] = $role->getId();
}
$member_off = array();
foreach ($userObject->getMemberof() as $k => $v) {
if (isset($supportedRoles[$v])) {
$member_off[] = $v;
}
}
$exists_roles = array();
foreach ($userDbObject->getRoles() as $k => $v) {
$exists_roles[] = $v;
}
/**
* ������� ��� ����, ������� ������� �� ���������
*/
foreach ($userDbObject->getRolesObj() as $role1) {
if (!in_array($role1->getRoleId(), $member_off) && $role1->getRoleId() != 'user') {
$userDbObject->getRolesObj()->removeElement($role1);
}
}
/**
* ��������� ����, ������� ��������� ��� ������� ������������
*/
foreach ($userObject->getMemberof() as $k => $v) {
foreach ($roles as $r) {
if ($v == $r->getRoleId()) {
$userObject->addRole($r);
}
}
}
/**
* ��������� ���, Email
*/
$userDbObject->setDisplayName($userObject->getDisplayName());
$userDbObject->setEmail($userObject->getEmail());
$em->persist($userDbObject);
$em->flush();
$userObject = $userDbObject;
} else {
$userObject = $userDbObject;
}
}
// var_dump($userObject);
// exit();
// Success!
$e->setIdentity($userObject);
// var_dump($e->getIdentity());
// exit();
$this->setSatisfied(true);
$storage = $this->getStorage()->read();
$storage['identity'] = $e->getIdentity();
$session = new Container('ZfcUserLdap');
// $session->offsetSet('ldapObj', $this->getServiceManager()->get('ldap_interface')->findById($userObject->getId()));
$session->offsetSet('ldapObj', $userObject);
$this->getStorage()->write($storage);
$e->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.'));
}
/**
* @depends testCodeAndMessages
* @covers \ZfcUser\Authentication\Adapter\AdapterChainEvent::getIdentity
* @covers \ZfcUser\Authentication\Adapter\AdapterChainEvent::setIdentity
*/
public function testIdentity()
{
$testCode = 123;
$testMessages = array('The message.');
$testIdentity = 'the_user';
$this->event->setCode($testCode);
$this->event->setMessages($testMessages);
$this->event->setIdentity($testIdentity);
$this->assertEquals($testCode, $this->event->getCode(), "Asserting the code persisted.");
$this->assertEquals($testMessages, $this->event->getMessages(), "Asserting the messages persisted.");
$this->assertEquals($testIdentity, $this->event->getIdentity(), "Asserting the identity matches");
$this->event->setIdentity();
$this->assertNull($this->event->getCode(), "Asserting the code has been cleared.");
$this->assertEquals(array(), $this->event->getMessages(), "Asserting the messages have been cleared.");
$this->assertNull($this->event->getIdentity(), "Asserting the identity has been cleared");
}
public function authenticate(AuthEvent $e)
{
// check if cookie needs to be set, only when prior auth has been successful
if ($e->getIdentity() !== null && $e->getRequest()->isPost() && $e->getRequest()->getPost()->get('remember_me') == 1) {
$userObject = $this->getUserMapper()->findById($e->getIdentity());
$this->getRememberMeService()->createSerie($userObject->getId());
/**
* If the user has first logged in with a cookie,
* but afterwords login with identity/credential
* we remove the "cookieLogin" session.
*/
$session = new \Zend\Session\Container('zfcuser');
$session->offsetSet("cookieLogin", false);
return;
}
if ($this->isSatisfied()) {
$storage = $this->getStorage()->read();
$e->setIdentity($storage['identity'])->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.'));
return;
}
$cookies = $e->getRequest()->getCookie();
// no cookie present, skip authentication
if (!isset($cookies['remember_me'])) {
return false;
}
$cookie = explode("\n", $cookies['remember_me']);
$rememberMe = $this->getRememberMeMapper()->findByIdSerie($cookie[0], $cookie[1]);
if (!$rememberMe) {
$this->getRememberMeService()->removeCookie();
return false;
}
if ($rememberMe->getToken() !== $cookie[2]) {
// H4x0r
// @TODO: Inform user of theft, change password?
$this->getRememberMeMapper()->removeAll($cookie[0]);
$this->getRememberMeService()->removeCookie();
$this->setSatisfied(false);
$e->setCode(AuthenticationResult::FAILURE)->setMessages(array('Possible identity theft detected.'));
return false;
}
$userObject = $this->getUserMapper()->findById($cookie[0]);
$this->getRememberMeService()->updateSerie($rememberMe);
// Success!
$e->setIdentity($userObject->getId());
$this->setSatisfied(true);
$storage = $this->getStorage()->read();
$storage['identity'] = $e->getIdentity();
$this->getStorage()->write($storage);
$e->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.'));
// Reference for weak login. Should not be allowed to change PW etc.
$session = new \Zend\Session\Container('zfcuser');
$session->offsetSet("cookieLogin", true);
}
/**
* Set an event to use during dispatch
*
* By default, will re-cast to AdapterChainEvent if another event type is provided.
*
* @param Event $e
* @return AdapterChain
*/
public function setEvent(Event $e)
{
if (!$e instanceof AdapterChainEvent) {
$eventParams = $e->getParams();
$e = new AdapterChainEvent();
$e->setParams($eventParams);
}
$this->event = $e;
return $this;
}
public function authenticate(AuthEvent $e)
{
if ($this->isSatisfied()) {
$storage = $this->getStorage()->read();
$e->setIdentity($storage['identity'])->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.'));
return;
}
$identity = $e->getRequest()->getPost()->get('identity');
$credential = $e->getRequest()->getPost()->get('credential');
$credential = $this->preProcessCredential($credential);
$userObject = null;
// Cycle through the configured identity sources and test each
$fields = $this->getOptions()->getAuthIdentityFields();
while (!is_object($userObject) && count($fields) > 0) {
$mode = array_shift($fields);
switch ($mode) {
case 'code':
$userObject = $this->getMapper()->findByCode($identity);
break;
case 'email':
$userObject = $this->getMapper()->findByEmail($identity);
break;
}
}
if (!$userObject) {
$e->setCode(AuthenticationResult::FAILURE_IDENTITY_NOT_FOUND)->setMessages(array("Ce compte n'existe pas."));
$this->setSatisfied(false);
return false;
}
if ($this->getOptions()->getEnableUserActive()) {
// Don't allow user to login if active is not in allowed list
if (!in_array($userObject->isValid(), $this->getOptions()->getAllowedLoginActives())) {
$e->setCode(AuthenticationResult::FAILURE_UNCATEGORIZED)->setMessages(array("Ce compte n'est plus actif."));
$this->setSatisfied(false);
return false;
}
}
/**
* @todo change password process
*/
/*$bcrypt = new Bcrypt();
$bcrypt->setCost($this->getOptions()->getPasswordCost());
if (!$bcrypt->verify($credential, $userObject->getPassword())) {
// Password does not match
$e->setCode(AuthenticationResult::FAILURE_CREDENTIAL_INVALID)
->setMessages(array('Supplied credential is invalid.'));
$this->setSatisfied(false);
return false;
}*/
if (!$userObject->hashPassword($userObject, $credential)) {
// Password does not match
$e->setCode(AuthenticationResult::FAILURE_CREDENTIAL_INVALID)->setMessages(array('Mot de passe incorect.'));
$this->setSatisfied(false);
return false;
}
// regen the id
$session = new SessionContainer($this->getStorage()->getNameSpace());
$session->getManager()->regenerateId();
// Success!
$e->setIdentity($userObject->getId());
// Update user's password hash if the cost parameter has changed
//$this->updateUserPasswordHash($userObject, $credential, $bcrypt);
// Retrieve entity
$em = $this->getServiceManager()->get('Doctrine\\ORM\\EntityManager');
$accountId = $userObject->getId();
$entity = $userObject->getAccountType()->getEntity();
$repository = $em->getRepository('Application\\Entity\\' . ucfirst($entity) . 'Account');
$entityAccount = $repository->findOneByAccount($accountId);
$container = new SessionContainer('entity');
$container->entity = $entity;
$container->entityAccount = $entityAccount;
$this->setSatisfied(true);
$storage = $this->getStorage()->read();
$storage['identity'] = $e->getIdentity();
$this->getStorage()->write($storage);
$e->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.'));
}
