/** * In this method, actually create the user / account. * * NOTE: After this method is called, the $registrationFlow is DESTROYED, so you need to store all attributes * in your object as you need them. * * @param RegistrationFlow $registrationFlow * @return void */ public function createUserAndAccount(RegistrationFlow $registrationFlow) { // Create the account $account = new Account(); $account->setAccountIdentifier($registrationFlow->getEmail()); $account->setCredentialsSource($registrationFlow->getEncryptedPassword()); $account->setAuthenticationProviderName('Sandstorm.UserManagement:Login'); // Assign pre-configured roles foreach ($this->rolesForNewUsers as $roleString) { $account->addRole(new Role($roleString)); } // Create the user $user = new User(); $user->setAccount($account); $user->setEmail($registrationFlow->getEmail()); if (array_key_exists('salutation', $registrationFlow->getAttributes())) { $user->setGender($registrationFlow->getAttributes()['salutation']); } if (array_key_exists('firstName', $registrationFlow->getAttributes())) { $user->setFirstName($registrationFlow->getAttributes()['firstName']); } if (array_key_exists('lastName', $registrationFlow->getAttributes())) { $user->setLastName($registrationFlow->getAttributes()['lastName']); } // Persist user $this->userRepository->add($user); $this->persistenceManager->whitelistObject($user); $this->persistenceManager->whitelistObject($account); }
/** * @test */ public function addRoleSkipsRoleIfAssigned() { $account = new Account(); $account->setRoles(array($this->administratorRole)); $account->addRole($this->administratorRole); $this->assertCount(1, $account->getRoles()); }
/** * In this method, actually create the user / account. * * NOTE: After this method is called, the $registrationFlow is DESTROYED, so you need to store all attributes * in your object as you need them. * * @param RegistrationFlow $registrationFlow * @return void */ public function createUserAndAccount(RegistrationFlow $registrationFlow) { // Create the account $account = new Account(); $account->setAccountIdentifier($registrationFlow->getEmail()); $account->setCredentialsSource($registrationFlow->getEncryptedPassword()); $account->setAuthenticationProviderName('Sandstorm.UserManagement:Login'); // Assign preconfigured roles foreach ($this->rolesForNewUsers as $roleString) { $account->addRole(new Role($roleString)); } // Create the user $user = new User(); $name = new PersonName('', $registrationFlow->getAttributes()['firstName'], '', $registrationFlow->getAttributes()['lastName'], '', $registrationFlow->getEmail()); $user->setName($name); // Assign them to each other and persist $this->getPartyService()->assignAccountToParty($account, $user); $this->getPartyRepository()->add($user); $this->accountRepository->add($account); $this->persistenceManager->whitelistObject($user); $this->persistenceManager->whitelistObject($user->getPreferences()); $this->persistenceManager->whitelistObject($name); $this->persistenceManager->whitelistObject($account); }
/** * Sets the roles for the LDAP account. * Extend this Provider class and implement this method to update the party * * @param Account $account * @param array $ldapSearchResult * @return void */ protected function setRoles(Account $account, array $ldapSearchResult) { if (is_array($this->rolesConfiguration)) { $contextVariables = array('ldapUser' => $ldapSearchResult); if (isset($this->defaultContext) && is_array($this->defaultContext)) { foreach ($this->defaultContext as $contextVariable => $objectName) { $object = $this->objectManager->get($objectName); $contextVariables[$contextVariable] = $object; } } foreach ($this->rolesConfiguration['default'] as $roleIdentifier) { $role = $this->policyService->getRole($roleIdentifier); $account->addRole($role); } $eelContext = new Context($contextVariables); if (isset($this->partyConfiguration['dn'])) { $dn = $this->eelEvaluator->evaluate($this->partyConfiguration['dn'], $eelContext); foreach ($this->rolesConfiguration['userMapping'] as $roleIdentifier => $userDns) { if (in_array($dn, $userDns)) { $role = $this->policyService->getRole($roleIdentifier); $account->addRole($role); } } } elseif (!empty($this->rolesConfiguration['userMapping'])) { $this->logger->log('User mapping found but no party mapping for dn set', LOG_ALERT); } if (isset($this->partyConfiguration['username'])) { $username = $this->eelEvaluator->evaluate($this->partyConfiguration['username'], $eelContext); $groupMembership = $this->directoryService->getGroupMembership($username); foreach ($this->rolesConfiguration['groupMapping'] as $roleIdentifier => $remoteRoleIdentifiers) { foreach ($remoteRoleIdentifiers as $remoteRoleIdentifier) { $role = $this->policyService->getRole($roleIdentifier); if (isset($groupMembership[$remoteRoleIdentifier])) { $account->addRole($role); } } } } elseif (!empty($this->rolesConfiguration['groupMapping'])) { $this->logger->log('Group mapping found but no party mapping for username set', LOG_ALERT); } } }
/** * @param \Ag\Login\Domain\Model\Role $role */ public function addRole($role) { $this->login->addRole($this->roleToFlowRole($role)); }
/** * Adds the specified role to the given account and potentially carries out further actions which are needed to * properly reflect these changes. * * @param Account $account The account to add roles to * @param string $roleIdentifier A fully qualified role identifier, or a role identifier relative to the TYPO3.Neos namespace * @return integer How often this role has been added to the given account (effectively can be 1 or 0) * @api */ public function addRoleToAccount(Account $account, $roleIdentifier) { $roleIdentifier = $this->normalizeRoleIdentifier($roleIdentifier); $role = $this->policyService->getRole($roleIdentifier); if (!$account->hasRole($role)) { $account->addRole($role); $this->accountRepository->update($account); $this->emitRolesAdded($account, array($role)); return 1; } return 0; }
/** * @param string $username Crowd Username * @param string $providerName Name of the authentication provider, this account should be used with * @return Account */ public function getLocalAccountForCrowdUser($username, $providerName) { $accountRepository = $this->accountRepository; $this->securityContext->withoutAuthorizationChecks(function () use($username, $providerName, $accountRepository, &$account) { $account = $accountRepository->findActiveByAccountIdentifierAndAuthenticationProviderName($username, $providerName); }); if ($account === NULL) { if ($this->getUser($username) === NULL) { return NULL; } $account = new Account(); $account->setAuthenticationProviderName($providerName); $account->setAccountIdentifier($username); $roleIdentifier = $this->configurationManager->getConfiguration(ConfigurationManager::CONFIGURATION_TYPE_SETTINGS, 'TYPO3.Flow.security.authentication.providers.' . $providerName . '.providerOptions.authenticateRole'); $account->addRole($this->policyService->getRole($roleIdentifier)); $this->accountRepository->add($account); $this->persistenceManager->persistAll(); } return $account; }
/** * {@inheritDoc} */ public function addRole(\TYPO3\Flow\Security\Policy\Role $role) { $this->__initializer__ && $this->__initializer__->__invoke($this, 'addRole', array($role)); return parent::addRole($role); }
/** * Adds new roles from CAS server since last authentication if some was added in CAS-Server. * Is used only if Account was persisted. See persistAccount() method. * * @param string $providerName Provider name. WARNING: not in settings set useStaticProviderNameByPersistingAccounts. * @param Account $account * * @return void * * @todo : move persistAll() at shutdown */ private function updateRolesInAccount($providerName, Account &$account) { $casAttributes = $this->casManager->getCasAttributes($providerName); $casServerRoles = $this->getRoles($providerName, $casAttributes); $accountMustBeUpdated = false; foreach ($casServerRoles as $casServerRole) { $accountMustBeUpdated = $accountMustBeUpdated == true ? $accountMustBeUpdated : !$account->hasRole($casServerRole); $account->addRole($casServerRole); } if ($accountMustBeUpdated) { $this->accountRepository->update($account); } $this->persistenceManager->persistAll(); }