/** * @return string * @throws \DreamFactory\Core\Exceptions\UnauthorizedException */ public static function refreshToken() { $token = Session::getSessionToken(); try { $newToken = \JWTAuth::refresh($token); $payload = \JWTAuth::getPayload($newToken); $userId = $payload->get('user_id'); $user = User::find($userId); $userInfo = $user->toArray(); ArrayUtils::set($userInfo, 'is_sys_admin', $user->is_sys_admin); Session::setSessionToken($newToken); Session::setUserInfo($userInfo); static::setTokenMap($payload, $newToken); } catch (TokenExpiredException $e) { $payloadArray = \JWTAuth::manager()->getJWTProvider()->decode($token); $forever = boolval(ArrayUtils::get($payloadArray, 'forever')); if ($forever) { $userId = ArrayUtils::get($payloadArray, 'user_id'); $user = User::find($userId); Session::setUserInfoWithJWT($user, $forever); } else { throw new UnauthorizedException($e->getMessage()); } } return Session::getSessionToken(); }
public function testSysAdmin() { $user = \DreamFactory\Core\Models\User::find(1); Session::setUserInfoWithJWT($user); $permission = Session::getServicePermissions('system', '*'); $this->assertEquals($permission, VerbsMask::NONE_MASK | VerbsMask::GET_MASK | VerbsMask::POST_MASK | VerbsMask::PUT_MASK | VerbsMask::PATCH_MASK | VerbsMask::DELETE_MASK); $nonAdminUser = \DreamFactory\Core\Models\User::create(['name' => 'John Doe', 'first_name' => 'John', 'last_name' => 'Doe', 'email' => '*****@*****.**', 'password' => 'test1234', 'security_question' => 'Make of your first car?', 'security_answer' => 'mazda', 'is_active' => true]); Session::setUserInfoWithJWT($nonAdminUser); $permission = Session::getServicePermissions('system', '*'); $this->assertEquals(VerbsMask::NONE_MASK, $permission); }
public function handleOAuthCallback() { /** @var Provider $driver */ $driver = $this->getDriver(); /** @var User $user */ $user = $driver->user(); $dfUser = $this->createShadowOAuthUser($user); $dfUser->last_login_date = Carbon::now()->toDateTimeString(); $dfUser->confirm_code = null; $dfUser->save(); Session::setUserInfoWithJWT($dfUser); return Session::getPublicInfo(); }
public function testPOSTRegister() { $u = $this->user1; $password = Arr::get($u, 'password'); $payload = ['first_name' => Arr::get($u, 'first_name'), 'last_name' => Arr::get($u, 'last_name'), 'name' => Arr::get($u, 'name'), 'email' => Arr::get($u, 'email'), 'phone' => Arr::get($u, 'phone'), 'security_question' => Arr::get($u, 'security_question'), 'security_answer' => Arr::get($u, 'security_answer'), 'password' => $password, 'password_confirmation' => Arr::get($u, 'password_confirmation', $password)]; Session::setUserInfoWithJWT(User::find(1)); $r = $this->makeRequest(Verbs::POST, static::RESOURCE, [], $payload); $c = $r->getContent(); $this->assertTrue(Arr::get($c, 'success')); Session::set('role.name', 'test'); Session::set('role.id', 1); $this->service = ServiceHandler::getService('user'); $r = $this->makeRequest(Verbs::POST, 'session', [], ['email' => Arr::get($u, 'email'), 'password' => Arr::get($u, 'password')]); $c = $r->getContent(); $this->assertTrue(!empty(Arr::get($c, 'session_id'))); }
/** * Registers new user. * * @return array * @throws \DreamFactory\Core\Exceptions\BadRequestException * @throws \DreamFactory\Core\Exceptions\ForbiddenException */ protected function handlePOST() { $payload = $this->getPayloadData(); $login = $this->request->getParameterAsBool('login'); $registrar = new Registrar(); $password = ArrayUtils::get($payload, 'new_password', ArrayUtils::get($payload, 'password')); $data = ['first_name' => ArrayUtils::get($payload, 'first_name'), 'last_name' => ArrayUtils::get($payload, 'last_name'), 'name' => ArrayUtils::get($payload, 'name'), 'email' => ArrayUtils::get($payload, 'email'), 'phone' => ArrayUtils::get($payload, 'phone'), 'security_question' => ArrayUtils::get($payload, 'security_question'), 'security_answer' => ArrayUtils::get($payload, 'security_answer'), 'password' => $password, 'password_confirmation' => ArrayUtils::get($payload, 'password_confirmation', $password)]; if (empty($data['first_name'])) { list($username, $domain) = explode('@', $data['email']); $data['first_name'] = $username; } if (empty($data['last_name'])) { $names = explode('.', $data['first_name']); if (isset($names[1])) { $data['last_name'] = $names[1]; $data['first_name'] = $names[0]; } else { $data['last_name'] = $names[0]; } } if (empty($data['name'])) { $data['name'] = $data['first_name'] . ' ' . $data['last_name']; } ArrayUtils::removeNull($data); /** @var \Illuminate\Validation\Validator $validator */ $validator = $registrar->validator($data); if ($validator->fails()) { $messages = $validator->errors()->getMessages(); throw new BadRequestException('Validation failed', null, null, $messages); } else { $user = $registrar->create($data); if ($login) { if ($user->confirm_code !== 'y' && !is_null($user->confirm_code)) { return ['success' => true, 'confirmation_required' => true]; } else { Session::setUserInfoWithJWT($user); return ['success' => true, 'session_token' => Session::getSessionToken()]; } } else { return ['success' => true]; } } }
/** * Updates user profile. * * @return array * @throws NotFoundException * @throws \Exception */ protected function handlePOST() { $payload = $this->getPayloadData(); $data = ['first_name' => ArrayUtils::get($payload, 'first_name'), 'last_name' => ArrayUtils::get($payload, 'last_name'), 'name' => ArrayUtils::get($payload, 'name'), 'email' => ArrayUtils::get($payload, 'email'), 'phone' => ArrayUtils::get($payload, 'phone'), 'security_question' => ArrayUtils::get($payload, 'security_question'), 'security_answer' => ArrayUtils::get($payload, 'security_answer'), 'default_app_id' => ArrayUtils::get($payload, 'default_app_id')]; ArrayUtils::removeNull($data); $user = Session::user(); if (empty($user)) { throw new NotFoundException('No user session found.'); } $oldToken = Session::getSessionToken(); $email = $user->email; $user->update($data); if (!empty($oldToken) && $email !== ArrayUtils::get($data, 'email', $email)) { // Email change invalidates token. Need to create a new token. $forever = JWTUtilities::isForever($oldToken); Session::setUserInfoWithJWT($user, $forever); $newToken = Session::getSessionToken(); return ['success' => true, 'session_token' => $newToken]; } return ['success' => true]; }
public function testPOSTProfile() { $user = $this->createUser(1); $userModel = User::find($user['id']); Session::setUserInfoWithJWT($userModel); $fName = 'Jack'; $lName = 'Smith'; $name = 'Jack'; $email = '*****@*****.**'; $this->user1['email'] = $email; $phone = '123-475-7383'; $sQuestion = 'Foo?'; $sAnswer = 'bar'; $payload = ['first_name' => $fName, 'last_name' => $lName, 'name' => $name, 'email' => $email, 'phone' => $phone, 'security_question' => $sQuestion, 'security_answer' => $sAnswer]; $r = $this->makeRequest(Verbs::POST, static::RESOURCE, [], $payload); $c = $r->getContent(); $this->assertTrue(Arr::get($c, 'success')); $userModel = User::find($user['id']); $r = $this->makeRequest(Verbs::GET, static::RESOURCE); $c = $r->getContent(); $this->assertTrue(Hash::check($sAnswer, $userModel->security_answer)); unset($payload['security_answer']); $this->assertEquals($payload, $c); }
/** * @param array $credentials * @param bool $remember * @param bool $login * @param integer $appId * * @return bool * @throws \Exception */ public static function authenticate(array $credentials, $remember = false, $login = true, $appId = null) { if (\Auth::attempt($credentials, false, false)) { $user = \Auth::getLastAttempted(); static::checkRole($user->id); if ($login) { $user->last_login_date = Carbon::now()->toDateTimeString(); $user->confirm_code = 'y'; $user->save(); Session::setUserInfoWithJWT($user, $remember, $appId); } return true; } else { return false; } }
/** * Handles login using this service. * * @param array $credential * @param bool $remember * * @return array * @throws \DreamFactory\Core\Exceptions\UnauthorizedException */ public function handleLogin(array $credential, $remember = false) { $username = ArrayUtils::get($credential, 'username'); $password = ArrayUtils::get($credential, 'password'); $auth = $this->driver->authenticate($username, $password); if ($auth) { $ldapUser = $this->driver->getUser(); $user = $this->createShadowADLdapUser($ldapUser); $user->last_login_date = Carbon::now()->toDateTimeString(); $user->confirm_code = null; $user->save(); Session::setUserInfoWithJWT($user, $remember); return Session::getPublicInfo(); } else { throw new UnauthorizedException('Invalid username and password provided.'); } }