public function resetPassword($resetToken, $newPassword) { $token = $this->tokenRepository->findValidToken($resetToken); if ($token === null || $token->getType() != TokenManipulator::TYPE_PASSWORD) { $this->application->abort(401, 'A token is required'); } $this->userManipulator->setPassword($token->getUser(), $newPassword); $this->tokenManipulator->delete($token); }
public function authenticateAsGuest(PhraseaApplication $app, Request $request) { if (!$app->isGuestAllowed()) { $app->abort(403, $app->trans('Phraseanet guest-access is disabled')); } $context = new Context(Context::CONTEXT_GUEST); $app['dispatcher']->dispatch(PhraseaEvents::PRE_AUTHENTICATE, new PreAuthenticate($request, $context)); $user = $app['manipulator.user']->createUser(uniqid('guest'), \random::generatePassword(24)); $invite_user = $app['manipulator.user']->getRepository()->findByLogin(User::USER_GUEST); $usr_base_ids = array_keys($app['acl']->get($user)->get_granted_base()); $app['acl']->get($user)->revoke_access_from_bases($usr_base_ids); $invite_base_ids = array_keys($app['acl']->get($invite_user)->get_granted_base()); $app['acl']->get($user)->apply_model($invite_user, $invite_base_ids); $this->postAuthProcess($app, $user); $response = $this->generateAuthResponse($app, $app['browser'], $request->request->get('redirect')); $response->headers->setCookie(new Cookie('invite-usr-id', $user->getId())); $event = new PostAuthenticate($request, $response, $user, $context); $app['dispatcher']->dispatch(PhraseaEvents::POST_AUTHENTICATE, $event); return $response; }
/** * Update account informations * * @param PhraseaApplication $app A Silex application where the controller is mounted on * @param Request $request The current request * @return Response */ public function updateAccount(PhraseaApplication $app, Request $request) { $registrations = $request->request->get('registrations'); if (false === is_array($registrations)) { $app->abort(400, '"registrations" parameter must be an array of base ids.'); } if (0 !== count($registrations)) { foreach ($registrations as $baseId) { $app['manipulator.registration']->createRegistration($app['authentication']->getUser(), \collection::get_from_base_id($app, $baseId)); } $app->addFlash('success', $app->trans('Your registration requests have been taken into account.')); } $accountFields = ['form_gender', 'form_firstname', 'form_lastname', 'form_address', 'form_zip', 'form_phone', 'form_fax', 'form_function', 'form_company', 'form_activity', 'form_geonameid', 'form_addressFTP', 'form_loginFTP', 'form_pwdFTP', 'form_destFTP', 'form_prefixFTPfolder', 'form_retryFTP']; if (0 === count(array_diff($accountFields, array_keys($request->request->all())))) { $app['authentication']->getUser()->setGender($request->request->get("form_gender"))->setFirstName($request->request->get("form_firstname"))->setLastName($request->request->get("form_lastname"))->setAddress($request->request->get("form_address"))->setZipCode($request->request->get("form_zip"))->setPhone($request->request->get("form_phone"))->setFax($request->request->get("form_fax"))->setJob($request->request->get("form_activity"))->setCompany($request->request->get("form_company"))->setActivity($request->request->get("form_function"))->setMailNotificationsActivated((bool) $request->request->get("mail_notifications")); $app['manipulator.user']->setGeonameId($app['authentication']->getUser(), $request->request->get("form_geonameid")); $ftpCredential = $app['authentication']->getUser()->getFtpCredential(); if (null === $ftpCredential) { $ftpCredential = new FtpCredential(); $ftpCredential->setUser($app['authentication']->getUser()); } $ftpCredential->setActive($request->request->get("form_activeFTP")); $ftpCredential->setAddress($request->request->get("form_addressFTP")); $ftpCredential->setLogin($request->request->get("form_loginFTP")); $ftpCredential->setPassword($request->request->get("form_pwdFTP")); $ftpCredential->setPassive($request->request->get("form_passifFTP")); $ftpCredential->setReceptionFolder($request->request->get("form_destFTP")); $ftpCredential->setRepositoryPrefixName($request->request->get("form_prefixFTPfolder")); $app['EM']->persist($ftpCredential); $app['EM']->persist($app['authentication']->getUser()); $app['EM']->flush(); $app->addFlash('success', $app->trans('login::notification: Changements enregistres')); } $requestedNotifications = (array) $request->request->get('notifications', []); foreach ($app['events-manager']->list_notifications_available($app['authentication']->getUser()->getId()) as $notifications) { foreach ($notifications as $notification) { $app['manipulator.user']->setNotificationSetting($app['authentication']->getUser(), $notification['id'], isset($requestedNotifications[$notification['id']])); } } return $app->redirectPath('account'); }
$app->before(function (Request $request) use($app) { // register custom API format $request->setFormat(Result::FORMAT_JSON_EXTENDED, V1::$extendedContentTypes['json']); $request->setFormat(Result::FORMAT_YAML_EXTENDED, V1::$extendedContentTypes['yaml']); $request->setFormat(Result::FORMAT_JSONP_EXTENDED, V1::$extendedContentTypes['jsonp']); $request->setFormat(Result::FORMAT_JSONP, array('text/javascript', 'application/javascript')); // handle content negociation $priorities = array('application/json', 'application/yaml', 'text/yaml', 'text/javascript', 'application/javascript'); foreach (V1::$extendedContentTypes['json'] as $priorities[]) { } foreach (V1::$extendedContentTypes['yaml'] as $priorities[]) { } $format = $app['format.negociator']->getBest($request->headers->get('accept'), $priorities); // throw unacceptable http error if API can not handle asked format if (null === $format) { $app->abort(406); } // set request format according to negotiated content or override format with JSONP if callback parameter is defined if (trim($request->get('callback')) !== '') { $request->setRequestFormat(Result::FORMAT_JSONP); } else { $request->setRequestFormat($request->getFormat($format->getValue())); } // tells whether asked format is extended or not $request->attributes->set('_extended', in_array($request->getRequestFormat(Result::FORMAT_JSON), array(Result::FORMAT_JSON_EXTENDED, Result::FORMAT_YAML_EXTENDED, Result::FORMAT_JSONP_EXTENDED))); }, PhraseaApplication::EARLY_EVENT); $app->after(function (Request $request, Response $response) use($app) { if ($request->getRequestFormat(Result::FORMAT_JSON) === Result::FORMAT_JSONP && !$response->isOk() && !$response->isServerError()) { $response->setStatusCode(200); } // set response content type