public function resetProcess($code, $newPassword)
{
$this->trigger('resetprocess.pre');
if (!$this->verifyRequestCode($code)) {
throw new \Exception('Password reset code verify failed');
}
$codeItem = $this->getItem('User\\Item\\Code');
$userId = $codeItem->user_id;
$this->setItem(array('id' => $userId));
$item = $this->getItem();
$item->self(array('*'));
$salt = $item->salt;
$oldPassword = $item->password;
$bcrypt = new \Zend\Crypt\Password\Bcrypt();
$bcrypt->setSalt($salt);
$item->password = $bcrypt->create($newPassword);
$item->oldPassword = $oldPassword;
$item->lastPasswordChangeTime = \Eva\Date\Date::getNow();
$this->trigger('resetprocess');
$item->save();
$codeItem->clear();
$codeItem->getDataClass()->where(array('code' => $code))->save(array('codeStatus' => 'used', 'used_by_id' => $userId, 'usedTime' => \Eva\Date\Date::getNow()));
//One code used will expire all other active codes
$codeItem->getDataClass()->where(array('codeType' => 'resetPassword', 'codeStatus' => 'active', 'user_id' => $userId))->save(array('codeStatus' => 'expired', 'expiredTime' => \Eva\Date\Date::getNow()));
$this->trigger('resetprocess.post');
}
public function getPassword()
{
if (!$this->password) {
return null;
}
$salt = $this->getSalt();
$bcrypt = new \Zend\Crypt\Password\Bcrypt();
$bcrypt->setSalt($salt);
return $this->password = $bcrypt->create($this->password);
}
public static function verifyPassword($password, $data)
{
$userModel = \Eva\Api::_()->getModel('User\\Model\\User');
$user = $userModel->getUser($data['id']);
$salt = $user->salt;
$bcrypt = new \Zend\Crypt\Password\Bcrypt();
$bcrypt->setSalt($salt);
$verifyPassword = $bcrypt->create($password);
if ($verifyPassword === $user->password) {
return true;
}
return false;
}
<?php
/**
* Global Configuration Override
*
* You can use this file for overriding configuration values from modules, etc.
* You would place values in here that are agnostic to the environment and not
* sensitive to security.
*
* @NOTE: In practice, this file will typically be INCLUDED in your source
* control, so do not include passwords or other sensitive information in this
* file.
*/
return array('phpSettings' => array('display_startup_errors' => true, 'display_errors' => true, 'date.timezone' => 'Europe/Paris', 'intl.default_locale' => 'fr_FR'), 'doctrine' => array('entitymanager' => array('orm_default' => array('connection' => 'orm_default', 'configuration' => 'orm_default')), 'configuration' => array('orm_default' => array('proxy_dir' => __DIR__ . '/../../data/orm/proxies', 'proxy_namespace' => 'Orm\\Resource\\Proxy', 'generate_proxies' => false, 'metadata_cache' => 'array', 'query_cache' => 'array', 'result_cache' => 'array', 'driver' => 'orm_default')), 'authentication' => array('orm_default' => array('object_manager' => 'Doctrine\\ORM\\EntityManager', 'identity_class' => 'Application\\Entity\\User', 'identity_property' => 'email', 'credential_property' => 'password', 'credential_callable' => function ($identity, $credential) {
$bCrypt = new \Zend\Crypt\Password\Bcrypt();
return $bCrypt->verify($credential, $identity->getPassword());
}))), 'translator' => array('locale' => 'fr_FR', 'translation_file_patterns' => array(array('type' => 'phparray', 'base_dir' => __DIR__ . '/../../language', 'pattern' => '%s.php'))));
});
$events('on', 'app.services', function ($container) {
$container['authentication_storage'] = function ($c) {
return new GrEduLabs\Authentication\Storage\PhpSession();
};
$container['authentication_adapter'] = function ($c) {
return new GrEduLabs\Authentication\Adapter\RedBeanPHP($c['events'], $c['identity_class_resolver'], $c['authentication_crypt']);
};
$container['authentication_service'] = function ($c) {
return new Zend\Authentication\AuthenticationService($c['authentication_storage'], $c['authentication_adapter']);
};
$container['identity_class_resolver'] = $container->protect(function () {
return 'GrEduLabs\\Authentication\\Identity';
});
$container['authentication_crypt'] = function ($c) {
$service = new Zend\Crypt\Password\Bcrypt();
if (isset($c['settings']['authentication']['bcrypt']['salt'])) {
$service->setSalt($c->settings['authentication']['bcrypt']['salt']);
}
if (isset($c['settings']['authentication']['bcrypt']['cost'])) {
$service->setCost($c->settings['authentication']['bcrypt']['cost']);
}
return $service;
};
$container[GrEduLabs\Authentication\Action\User\Login::class] = function ($c) {
return new GrEduLabs\Authentication\Action\User\Login($c['view'], $c['authentication_service'], $c['flash'], $c['router']->pathFor('index'));
};
$container[GrEduLabs\Authentication\Action\User\Logout::class] = function ($c) {
return new GrEduLabs\Authentication\Action\User\Logout($c['authentication_service'], $c['events'], $c['router']->pathFor('index'));
};
$nav = $container['settings']->get('navigation');
<?php
namespace User;
return array('controllers' => array('invokables' => array('User\\Controller\\Group' => 'User\\Controller\\GroupController', 'User\\Controller\\Permission' => 'User\\Controller\\PermissionController', 'User\\Controller\\Role' => 'User\\Controller\\RoleController', 'User\\Controller\\User' => 'User\\Controller\\UserController', 'User\\Controller\\UserSearch' => 'User\\Controller\\UserSearchController', 'User\\Controller\\UserInformation' => 'User\\Controller\\UserInformationController', 'User\\Controller\\Payment' => 'User\\Controller\\PaymentController', 'User\\Controller\\UserWebsite' => 'User\\Controller\\UserWebsiteController', 'User\\Controller\\UserEmail' => 'User\\Controller\\UserEmailController', 'User\\Controller\\UserPhone' => 'User\\Controller\\UserPhoneController', 'User\\Controller\\Authentication' => 'User\\Controller\\AuthenticationController', 'User\\Controller\\Registration' => 'User\\Controller\\RegistrationController', 'User\\Controller\\UserAvatar' => 'User\\Controller\\UserAvatarController', 'User\\Controller\\UserCompany' => 'User\\Controller\\UserCompanyController', 'User\\Controller\\LoggedChangePassword' => 'User\\Controller\\LoggedChangePasswordController', 'User\\Controller\\ChangePassword' => 'User\\Controller\\ChangePasswordController', 'User\\Controller\\RequestChangePassword' => 'User\\Controller\\RequestChangePasswordController', 'User\\Controller\\ValidateHash' => 'User\\Controller\\ValidateHashController', 'User\\Controller\\Options' => 'User\\Controller\\OptionsController')), 'router' => array('routes' => array('user' => array('type' => 'segment', 'options' => array('route' => '/user[/:id]', 'constraints' => array('id' => '[0-9]+'), 'defaults' => array('controller' => 'User\\Controller\\User'))), 'user-search' => array('type' => 'segment', 'options' => array('route' => '/user-search[/:id]', 'constraints' => array('id' => '[0-9]+'), 'defaults' => array('controller' => 'User\\Controller\\UserSearch'))), 'user-information' => array('type' => 'segment', 'options' => array('route' => '/user-information[/:id]', 'constraints' => array('id' => '[0-9]+'), 'defaults' => array('controller' => 'User\\Controller\\UserInformation'))), 'user-payment' => array('type' => 'segment', 'options' => array('route' => '/payment[/:id]', 'constraints' => array('id' => '[0-9]+'), 'defaults' => array('controller' => 'User\\Controller\\Payment'))), 'user-avatar' => array('type' => 'segment', 'options' => array('route' => '/user-avatar[/:id]', 'constraints' => array('id' => '[0-9]+'), 'defaults' => array('controller' => 'User\\Controller\\UserAvatar'))), 'user-website' => array('type' => 'segment', 'options' => array('route' => '/user-website[/:id]', 'constraints' => array('id' => '[0-9]+'), 'defaults' => array('controller' => 'User\\Controller\\UserWebsite'))), 'user-email' => array('type' => 'segment', 'options' => array('route' => '/user-email[/:id]', 'constraints' => array('id' => '[0-9]+'), 'defaults' => array('controller' => 'User\\Controller\\UserEmail'))), 'user-phone' => array('type' => 'segment', 'options' => array('route' => '/user-phone[/:id]', 'constraints' => array('id' => '[0-9]+'), 'defaults' => array('controller' => 'User\\Controller\\UserPhone'))), 'user-company' => array('type' => 'segment', 'options' => array('route' => '/user-company[/:id]', 'constraints' => array('id' => '[0-9]+'), 'defaults' => array('controller' => 'User\\Controller\\UserCompany'))), 'logged-user-change-password' => array('type' => 'segment', 'options' => array('route' => '/logged-change-password[/:id]', 'constraints' => array('id' => '[0-9]+'), 'defaults' => array('controller' => 'User\\Controller\\LoggedChangePassword'))), 'user-change-password' => array('type' => 'segment', 'options' => array('route' => '/change-password[/:id]', 'constraints' => array('id' => '[0-9]+'), 'defaults' => array('controller' => 'User\\Controller\\ChangePassword'))), 'validate-change-password-hash' => array('type' => 'segment', 'options' => array('route' => '/validate-hash[/:id]', 'constraints' => array('id' => '[0-9]+'), 'defaults' => array('controller' => 'User\\Controller\\ValidateHash'))), 'user-request-password' => array('type' => 'segment', 'options' => array('route' => '/request-password[/:id]', 'constraints' => array('id' => '[0-9]+'), 'defaults' => array('controller' => 'User\\Controller\\RequestChangePassword'))), 'group-rest' => array('type' => 'segment', 'options' => array('route' => '/group[/:id]', 'constraints' => array('id' => '[0-9]+'), 'defaults' => array('controller' => 'User\\Controller\\Group'))), 'roles-rest' => array('type' => 'segment', 'options' => array('route' => '/role[/:id]', 'constraints' => array('id' => '[0-9]+'), 'defaults' => array('controller' => 'User\\Controller\\Role'))), 'authentication-rest' => array('type' => 'segment', 'options' => array('route' => '/auth[/:id]', 'constraints' => array('id' => '[0-9]+'), 'defaults' => array('controller' => 'User\\Controller\\Authentication'))), 'registration-rest' => array('type' => 'segment', 'options' => array('route' => '/register[/:id]', 'constraints' => array('id' => '[0-9]+'), 'defaults' => array('controller' => 'User\\Controller\\Registration'))), 'user-options' => array('type' => 'segment', 'options' => array('route' => '/options[/:id]', 'constraints' => array('id' => '[0-9]+'), 'defaults' => array('controller' => 'User\\Controller\\Options'))))), 'view_manager' => array('strategies' => array('ViewJsonStrategy')), 'service_manager' => array('factories' => array('user.service' => function () {
return new Service\User();
}, 'group.service' => function () {
return new Service\Group();
}, 'role.service' => function () {
return new Service\Role();
}, 'permission.service' => function () {
return new Service\Permission();
}, 'payment.service' => function () {
return new Service\Payment();
})), 'controller_plugins' => array('invokables' => array('Permission' => 'User\\Plugin\\Permission')), 'doctrine' => array('driver' => array('application_entities' => array('class' => 'Doctrine\\ORM\\Mapping\\Driver\\AnnotationDriver', 'cache' => 'array', 'paths' => array(__DIR__ . '/../src/' . __NAMESPACE__ . '/Entity')), 'orm_default' => array('drivers' => array(__NAMESPACE__ . '\\Entity' => 'application_entities'))), 'authentication' => array('orm_default' => array('object_manager' => 'Doctrine\\ORM\\EntityManager', 'identity_class' => 'User\\Entity\\User', 'identity_property' => 'login', 'credential_property' => 'hash', 'credential_callable' => function ($user, $passwordGiven) {
$bcrypt = new \Zend\Crypt\Password\Bcrypt();
return $bcrypt->verify($passwordGiven, $user->getHash());
}))));
<?php
return array('doctrine' => array('driver' => array('MyDoctrineAuth_Entities' => array('class' => 'Doctrine\\ORM\\Mapping\\Driver\\AnnotationDriver', 'cache' => 'array', 'paths' => array(__DIR__ . '/../src/MyDoctrineAuth/Entity')), 'orm_default' => array('drivers' => array('MyDoctrineAuth\\Entity' => 'MyDoctrineAuth_Entities'))), 'authentication' => array('orm_default' => array('object_manager' => 'Doctrine\\ORM\\EntityManager', 'identity_class' => 'MyDoctrineAuth\\Entity\\User', 'identity_property' => 'email', 'credential_property' => 'password', 'credential_callable' => function (\MyDoctrineAuth\Entity\User $user, $passwordGiven) {
// using Bcrypt
$bcrypt = new \Zend\Crypt\Password\Bcrypt();
$bcrypt->setSalt('m3s3Cr3tS4lty34h');
// $passwordGiven is unhashed password that inputted by user
// $user->getPassword() is hashed password that saved in db
return $bcrypt->verify($passwordGiven, $user->getPassword());
}))), 'doctrine_factories' => array('authenticationadapter' => 'MyDoctrineAuth\\Factory\\Authentication\\AdapterFactory'), 'service_manager' => array('factories' => array('Zend\\Authentication\\AuthenticationService' => function ($serviceManager) {
return $serviceManager->get('doctrine.authenticationservice.orm_default');
}), 'invokables' => array('MySampleListener' => 'MyDoctrineAuth\\Event\\MySampleListener')), 'controllers' => array('factories' => array('MyDoctrineAuth\\Controller\\Auth' => function ($controller) {
$authController = new \MyDoctrineAuth\Controller\AuthController($controller->getServiceLocator()->get('Zend\\Authentication\\AuthenticationService'));
return $authController;
})), 'router' => array('routes' => array('auth' => array('type' => 'Literal', 'options' => array('route' => '/auth', 'defaults' => array('__NAMESPACE__' => 'MyDoctrineAuth\\Controller', 'controller' => 'Auth', 'action' => 'index')), 'may_terminate' => true, 'child_routes' => array('process' => array('type' => 'Segment', 'options' => array('route' => '/[:action]', 'constraints' => array('controller' => '[a-zA-Z][a-zA-Z0-9_-]*', 'action' => '[a-zA-Z][a-zA-Z0-9_-]*'), 'defaults' => array())))), 'save-user' => array('type' => 'Literal', 'options' => array('route' => '/auth/save-user', 'defaults' => array('__NAMESPACE__' => 'MyDoctrineAuth\\Controller', 'controller' => 'Auth', 'action' => 'saveUser')), 'may_terminate' => true, 'child_routes' => array('process' => array('type' => 'Segment', 'options' => array('route' => '/[:action]', 'constraints' => array('controller' => '[a-zA-Z][a-zA-Z0-9_-]*', 'action' => '[a-zA-Z][a-zA-Z0-9_-]*'), 'defaults' => array())))), 'login' => array('type' => 'Literal', 'options' => array('route' => '/login', 'defaults' => array('__NAMESPACE__' => 'MyDoctrineAuth\\Controller', 'controller' => 'Auth', 'action' => 'login')), 'may_terminate' => true, 'child_routes' => array('process' => array('type' => 'Segment', 'options' => array('route' => '/[:action]', 'constraints' => array('controller' => '[a-zA-Z][a-zA-Z0-9_-]*', 'action' => '[a-zA-Z][a-zA-Z0-9_-]*'), 'defaults' => array())))))), 'view_manager' => array('template_path_stack' => array('auth' => __DIR__ . '/../view')));
public static function encryptPassword($password)
{
$bcrypt = new \Zend\Crypt\Password\Bcrypt(array('cost' => 10));
return $bcrypt->create($password);
}
/**
* Get service configuration.
*
* @return array Service configuration
*/
public function getServiceConfig()
{
return array('aliases' => array('Zend\\Authentication\\AuthenticationService' => 'user_auth_service'), 'invokables' => array('user_auth_storage' => 'Zend\\Authentication\\Storage\\Session', 'user_service_user' => 'User\\Service\\User', 'user_service_email' => 'User\\Service\\Email'), 'factories' => array('user_bcrypt' => function ($sm) {
$bcrypt = new \Zend\Crypt\Password\Bcrypt();
$config = $sm->get('config');
$bcrypt->setCost($config['bcrypt_cost']);
return $bcrypt;
}, 'user_form_activate' => function ($sm) {
return new \User\Form\Activate($sm->get('translator'));
}, 'user_form_register' => function ($sm) {
return new \User\Form\Register($sm->get('translator'));
}, 'user_form_login' => function ($sm) {
return new \User\Form\Login($sm->get('translator'));
}, 'user_mapper_user' => function ($sm) {
return new \User\Mapper\User($sm->get('user_doctrine_em'));
}, 'user_mapper_newuser' => function ($sm) {
return new \User\Mapper\NewUser($sm->get('user_doctrine_em'));
}, 'user_mail_transport' => function ($sm) {
$config = $sm->get('config');
$config = $config['email'];
$class = '\\Zend\\Mail\\Transport\\' . $config['transport'];
$optionsClass = '\\Zend\\Mail\\Transport\\' . $config['transport'] . 'Options';
$transport = new $class();
$transport->setOptions(new $optionsClass($config['options']));
return $transport;
}, 'user_auth_adapter' => function ($sm) {
$adapter = new \User\Authentication\Adapter\Mapper($sm->get('user_bcrypt'));
$adapter->setMapper($sm->get('user_mapper_user'));
return $adapter;
}, 'user_auth_service' => function ($sm) {
return new \Zend\Authentication\AuthenticationService($sm->get('user_auth_storage'), $sm->get('user_auth_adapter'));
}, 'user_role' => function ($sm) {
$authService = $sm->get('user_auth_service');
if ($authService->hasIdentity()) {
return $authService->getIdentity();
}
return 'guest';
}, 'acl' => function ($sm) {
// initialize the ACL
$acl = new Acl();
// define basic roles
$acl->addRole(new Role('guest'));
// simple guest
$acl->addRole(new Role('user'), 'guest');
// simple user
$acl->addRole(new Role('admin'));
// administrator
$user = $sm->get('user_role');
// add user to registry
if ('guest' != $user) {
$roles = $user->getRoleNames();
// if the user has no roles, add the 'user' role by default
if (empty($roles)) {
$roles = array('user');
}
$acl->addRole($user, $roles);
}
// admins are allowed to do everything
$acl->allow('admin');
return $acl;
}, 'user_doctrine_em' => function ($sm) {
return $sm->get('doctrine.entitymanager.orm_default');
}), 'shared' => array('user_role' => false));
}
protected function verifyPassword($password, $hash)
{
$bcrypt = new \Zend\Crypt\Password\Bcrypt();
return $bcrypt->verify($password, $hash);
}
/**
* Verify Secured Password
*
* @return boolean
*/
public static function verifySecuredPassword($password, $securedPassword)
{
self::$bcrypt = self::init();
return self::$bcrypt->verify($password, $securedPassword);
}
<?php
namespace Auth;
return array('controllers' => array('invokables' => array('Auth\\Controller\\Index' => 'Auth\\Controller\\IndexController', 'Auth\\Controller\\Registration' => 'Auth\\Controller\\RegistrationController', 'Auth\\Controller\\Admin' => 'Auth\\Controller\\AdminController')), 'router' => array('routes' => array('auth' => array('type' => 'Literal', 'options' => array('route' => '/auth', 'defaults' => array('__NAMESPACE__' => 'Auth\\Controller', 'controller' => 'Index', 'action' => 'login')), 'may_terminate' => true, 'child_routes' => array('default' => array('type' => 'Segment', 'options' => array('route' => '/[:controller[/:action[/:id]]]', 'constraints' => array('controller' => '[a-zA-Z][a-zA-Z0-9_-]*', 'action' => '[a-zA-Z][a-zA-Z0-9_-]*'), 'defaults' => array())))))), 'view_manager' => array('template_path_stack' => array('auth' => __DIR__ . '/../view'), 'display_exceptions' => true), 'doctrine' => array('authentication' => array('orm_default' => array('object_manager' => 'Doctrine\\ORM\\EntityManager', 'identity_class' => 'Auth\\Entity\\User', 'identity_property' => 'usrName', 'credential_property' => 'usrPassword', 'credential_callable' => function (Entity\User $user, $passwordGiven) {
// not only User
// return my_awesome_check_test($user->getPassword(), $passwordGiven);
// echo '<h1>callback user->getPassword = '******' passwordGiven = ' . $passwordGiven . '</h1>';
//- if ($user->getPassword() == md5($passwordGiven)) { // original
// ToDo find a way to access the Service Manager and get the static salt from config array
$bcrypt = new \Zend\Crypt\Password\Bcrypt();
return $bcrypt->verify($passwordGiven, $user->getUsrPassword());
})), 'driver' => array(__NAMESPACE__ . '_driver' => array('class' => 'Doctrine\\ORM\\Mapping\\Driver\\AnnotationDriver', 'cache' => 'array', 'paths' => array(__DIR__ . '/../src/' . __NAMESPACE__ . '/Entity')), 'orm_default' => array('drivers' => array(__NAMESPACE__ . '\\Entity' => __NAMESPACE__ . '_driver')))));
public function saveUserAction()
{
$em = $this->getEntityManager();
$request = $this->getRequest();
// print_r($request->getPost());
$user = new User();
$user->setEmail($request->getPost('email'));
$bcrypt = new \Zend\Crypt\Password\Bcrypt();
$bcrypt->setSalt('m3s3Cr3tS4lty34h');
$user->setPassword($bcrypt->create($request->getPost('password')));
$user->setIsActive(1);
$user->setUsersalt($bcrypt->create($user->getEmail()));
$em->persist($user);
$em->flush();
return new JsonModel(array(array('user' => $user)));
}
/**
* Get service configuration.
*
* @return array Service configuration
*/
public function getServiceConfig()
{
return ['aliases' => ['Zend\\Authentication\\AuthenticationService' => 'user_auth_service'], 'invokables' => ['user_auth_storage' => 'Zend\\Authentication\\Storage\\Session', 'user_service_user' => 'User\\Service\\User', 'user_service_apiuser' => 'User\\Service\\ApiUser', 'user_service_email' => 'User\\Service\\Email'], 'factories' => ['user_bcrypt' => function ($sm) {
$bcrypt = new \Zend\Crypt\Password\Bcrypt();
$config = $sm->get('config');
$bcrypt->setCost($config['bcrypt_cost']);
return $bcrypt;
}, 'user_hydrator' => function ($sm) {
return new \DoctrineModule\Stdlib\Hydrator\DoctrineObject($sm->get('user_doctrine_em'));
}, 'user_form_activate' => function ($sm) {
return new \User\Form\Activate($sm->get('translator'));
}, 'user_form_register' => function ($sm) {
return new \User\Form\Register($sm->get('translator'));
}, 'user_form_login' => function ($sm) {
return new \User\Form\Login($sm->get('translator'));
}, 'user_form_password' => function ($sm) {
return new \User\Form\Password($sm->get('translator'));
}, 'user_form_passwordreset' => function ($sm) {
return new \User\Form\Register($sm->get('translator'));
}, 'user_form_passwordactivate' => function ($sm) {
return new \User\Form\Activate($sm->get('translator'));
}, 'user_form_apitoken' => function ($sm) {
$form = new \User\Form\ApiToken($sm->get('translator'));
$form->setHydrator($sm->get('user_hydrator'));
return $form;
}, 'user_mapper_user' => function ($sm) {
return new \User\Mapper\User($sm->get('user_doctrine_em'));
}, 'user_mapper_newuser' => function ($sm) {
return new \User\Mapper\NewUser($sm->get('user_doctrine_em'));
}, 'user_mapper_apiuser' => function ($sm) {
return new \User\Mapper\ApiUser($sm->get('user_doctrine_em'));
}, 'user_mail_transport' => function ($sm) {
$config = $sm->get('config');
$config = $config['email'];
$class = '\\Zend\\Mail\\Transport\\' . $config['transport'];
$optionsClass = '\\Zend\\Mail\\Transport\\' . $config['transport'] . 'Options';
$transport = new $class();
$transport->setOptions(new $optionsClass($config['options']));
return $transport;
}, 'user_auth_adapter' => function ($sm) {
$adapter = new \User\Authentication\Adapter\Mapper($sm->get('user_bcrypt'), $sm->get('application_service_legacy'));
$adapter->setMapper($sm->get('user_mapper_user'));
return $adapter;
}, 'user_pin_auth_adapter' => function ($sm) {
$adapter = new \User\Authentication\Adapter\PinMapper($sm->get('application_service_legacy'));
$adapter->setMapper($sm->get('user_mapper_user'));
return $adapter;
}, 'user_auth_service' => function ($sm) {
return new \Zend\Authentication\AuthenticationService($sm->get('user_auth_storage'), $sm->get('user_auth_adapter'));
}, 'user_pin_auth_service' => function ($sm) {
return new \Zend\Authentication\AuthenticationService($sm->get('user_auth_storage'), $sm->get('user_pin_auth_adapter'));
}, 'user_remoteaddress' => function ($sm) {
$remote = new \Zend\Http\PhpEnvironment\RemoteAddress();
return $remote->getIpAddress();
}, 'user_role' => function ($sm) {
$authService = $sm->get('user_auth_service');
if ($authService->hasIdentity()) {
return $authService->getIdentity();
}
$apiService = $sm->get('user_service_apiuser');
if ($apiService->hasIdentity()) {
return 'apiuser';
}
$range = $sm->get('config')['tue_range'];
if (strpos($sm->get('user_remoteaddress'), $range) === 0) {
return 'tueguest';
}
return 'guest';
}, 'acl' => function ($sm) {
// initialize the ACL
$acl = new Acl();
/**
* Define all basic roles.
*
* - guest: everyone gets at least this access level
* - tueguest: guest from the TU/e
* - user: GEWIS-member
* - apiuser: Automated tool given access by an admin
* - admin: Defined administrators
*/
$acl->addRole(new Role('guest'));
$acl->addRole(new Role('tueguest'), 'guest');
$acl->addRole(new Role('user'), 'tueguest');
$acl->addrole(new Role('apiuser'), 'guest');
$acl->addrole(new Role('sosuser'), 'apiuser');
$acl->addrole(new Role('active_member'), 'user');
$acl->addRole(new Role('admin'));
$user = $sm->get('user_role');
// add user to registry
if ($user instanceof User) {
$roles = $user->getRoleNames();
// if the user has no roles, add the 'user' role by default
if (empty($roles)) {
$roles = ['user'];
}
// TODO: change this to getActiveOrganInstalltions() once 529 is fixed
if (count($user->getMember()->getOrganInstallations()) > 0) {
$roles[] = 'active_member';
}
$acl->addRole($user, $roles);
}
// admins are allowed to do everything
$acl->allow('admin');
// board members also are admins
$acl->allow('user', null, null, new \User\Permissions\Assertion\IsBoardMember());
// configure the user ACL
$acl->addResource(new Resource('apiuser'));
$acl->addResource(new Resource('user'));
$acl->allow('user', 'user', ['password_change']);
// sosusers can't do anything
$acl->deny('sosuser');
return $acl;
}, 'user_doctrine_em' => function ($sm) {
return $sm->get('doctrine.entitymanager.orm_default');
}], 'shared' => ['user_role' => false]];
}
/**
* Bcrypt utility
*
* Generates the bcrypt hash value of a string
*/
$autoload = realpath(__DIR__ . '/../vendor/autoload.php');
if (!$autoload) {
// Attempt to locate it relative to the application root
$autoload = realpath(__DIR__ . '/../../../autoload.php');
}
$zf2Env = "ZF2_PATH";
if (file_exists($autoload)) {
include $autoload;
} elseif (getenv($zf2Env)) {
include getenv($zf2Env) . '/Zend/Loader/AutoloaderFactory.php';
Zend\Loader\AutoloaderFactory::factory(array('Zend\\Loader\\StandardAutoloader' => array('autoregister_zf' => true)));
}
if (!class_exists('Zend\\Loader\\AutoloaderFactory')) {
throw new RuntimeException('Unable to load ZF2. Run `php composer.phar install` or define a ZF2_PATH environment variable.');
}
$bcrypt = new Zend\Crypt\Password\Bcrypt();
if ($argc < 2) {
printf("Usage: php bcrypt.php <password> [cost]\n");
printf("where <password> is the user's password and [cost] is the value\nof the cost parameter of bcrypt (default is %d).\n", $bcrypt->getCost());
exit(1);
}
if (isset($argv[2])) {
$bcrypt->setCost($argv[2]);
}
printf("%s\n", $bcrypt->create($argv[1]));
<?php
/**
* Bcrypt utility
*
* Generates the bcrypt hash value of a string
*/
$autoload = realpath(__DIR__ . '/..vendor/autoload.php');
$zf2Env = "ZF2_PATH";
if (file_exists($autoload)) {
include $autoload;
} elseif (getenv($zf2Env)) {
include getenv($zf2Env) . '/Zend/Loader/AutoloaderFactory.php';
Zend\Loader\AutoloaderFactory::factory(array('Zend\\Loader\\StandardAutoloader' => array('autoregister_zf' => true)));
}
if (!class_exists('Zend\\Loader\\AutoloaderFactory')) {
throw new RuntimeException('Unable to load ZF2. Run `php composer.phar install` or define a ZF2_PATH environment variable.');
}
if ($argc < 2) {
printf("Usage: php bcrypt.php <password> [cost]\n");
printf("where <password> is the user's password and [cost] is the value\nof the cost parameter of bcrypt (default is 14).\n");
exit(1);
}
$bcrypt = new Zend\Crypt\Password\Bcrypt();
if (isset($argv[2])) {
$bcrypt->setCost($argv[2]);
}
printf("%s\n", $bcrypt->create($argv[1]));
public function loginByPassword($loginIdentity, $password)
{
$identityType = 'userName';
if (is_numeric($loginIdentity)) {
$identityType = 'mobile';
} else {
$validator = new \Zend\Validator\EmailAddress();
if ($validator->isValid($loginIdentity)) {
$identityType = 'email';
}
}
switch ($identityType) {
case 'email':
$dbWhere = array('email' => $loginIdentity);
$identityColumn = 'email';
break;
case 'mobile':
$dbWhere = array('mobile' => $loginIdentity);
$identityColumn = 'mobile';
break;
default:
$dbWhere = array('userName' => $loginIdentity);
$identityColumn = 'userName';
}
$auth = Auth::factory();
$user = $this->getItem()->getDataClass()->columns(array('id', 'salt', 'userName'))->where($dbWhere)->find('one');
if (!$user || !$user['id']) {
return $this->loginResult = new Result(Result::FAILURE_IDENTITY_NOT_FOUND, $loginIdentity, array(Result::FAILURE_IDENTITY_NOT_FOUND => 'A record with the supplied identity could not be found.'));
}
if (!$user['salt']) {
throw new \Exception(sprintf('User authention salt not found'));
}
$bcrypt = new \Zend\Crypt\Password\Bcrypt();
$bcrypt->setSalt($user['salt']);
$password = $bcrypt->create($password);
$this->loginResult = $loginResult = $auth->getAuthService(array('tableName' => 'user_users', 'identityColumn' => $identityColumn, 'credentialColumn' => 'password'))->getAdapter()->setIdentity($loginIdentity)->setCredential($password)->authenticate();
if ($loginResult->isValid()) {
return $this->loginById($user['id']);
}
return $loginResult;
}
