/**
* In this method, actually create the user / account.
*
* NOTE: After this method is called, the $registrationFlow is DESTROYED, so you need to store all attributes
* in your object as you need them.
*
* @param RegistrationFlow $registrationFlow
* @return void
*/
public function createUserAndAccount(RegistrationFlow $registrationFlow)
{
// Create the account
$account = new Account();
$account->setAccountIdentifier($registrationFlow->getEmail());
$account->setCredentialsSource($registrationFlow->getEncryptedPassword());
$account->setAuthenticationProviderName('Sandstorm.UserManagement:Login');
// Assign pre-configured roles
foreach ($this->rolesForNewUsers as $roleString) {
$account->addRole(new Role($roleString));
}
// Create the user
$user = new User();
$user->setAccount($account);
$user->setEmail($registrationFlow->getEmail());
if (array_key_exists('salutation', $registrationFlow->getAttributes())) {
$user->setGender($registrationFlow->getAttributes()['salutation']);
}
if (array_key_exists('firstName', $registrationFlow->getAttributes())) {
$user->setFirstName($registrationFlow->getAttributes()['firstName']);
}
if (array_key_exists('lastName', $registrationFlow->getAttributes())) {
$user->setLastName($registrationFlow->getAttributes()['lastName']);
}
// Persist user
$this->userRepository->add($user);
$this->persistenceManager->whitelistObject($user);
$this->persistenceManager->whitelistObject($account);
}
/**
* @test
*/
public function addRoleSkipsRoleIfAssigned()
{
$account = new Account();
$account->setRoles(array($this->administratorRole));
$account->addRole($this->administratorRole);
$this->assertCount(1, $account->getRoles());
}
/**
* In this method, actually create the user / account.
*
* NOTE: After this method is called, the $registrationFlow is DESTROYED, so you need to store all attributes
* in your object as you need them.
*
* @param RegistrationFlow $registrationFlow
* @return void
*/
public function createUserAndAccount(RegistrationFlow $registrationFlow)
{
// Create the account
$account = new Account();
$account->setAccountIdentifier($registrationFlow->getEmail());
$account->setCredentialsSource($registrationFlow->getEncryptedPassword());
$account->setAuthenticationProviderName('Sandstorm.UserManagement:Login');
// Assign preconfigured roles
foreach ($this->rolesForNewUsers as $roleString) {
$account->addRole(new Role($roleString));
}
// Create the user
$user = new User();
$name = new PersonName('', $registrationFlow->getAttributes()['firstName'], '', $registrationFlow->getAttributes()['lastName'], '', $registrationFlow->getEmail());
$user->setName($name);
// Assign them to each other and persist
$this->getPartyService()->assignAccountToParty($account, $user);
$this->getPartyRepository()->add($user);
$this->accountRepository->add($account);
$this->persistenceManager->whitelistObject($user);
$this->persistenceManager->whitelistObject($user->getPreferences());
$this->persistenceManager->whitelistObject($name);
$this->persistenceManager->whitelistObject($account);
}
/**
* Sets the roles for the LDAP account.
* Extend this Provider class and implement this method to update the party
*
* @param Account $account
* @param array $ldapSearchResult
* @return void
*/
protected function setRoles(Account $account, array $ldapSearchResult)
{
if (is_array($this->rolesConfiguration)) {
$contextVariables = array('ldapUser' => $ldapSearchResult);
if (isset($this->defaultContext) && is_array($this->defaultContext)) {
foreach ($this->defaultContext as $contextVariable => $objectName) {
$object = $this->objectManager->get($objectName);
$contextVariables[$contextVariable] = $object;
}
}
foreach ($this->rolesConfiguration['default'] as $roleIdentifier) {
$role = $this->policyService->getRole($roleIdentifier);
$account->addRole($role);
}
$eelContext = new Context($contextVariables);
if (isset($this->partyConfiguration['dn'])) {
$dn = $this->eelEvaluator->evaluate($this->partyConfiguration['dn'], $eelContext);
foreach ($this->rolesConfiguration['userMapping'] as $roleIdentifier => $userDns) {
if (in_array($dn, $userDns)) {
$role = $this->policyService->getRole($roleIdentifier);
$account->addRole($role);
}
}
} elseif (!empty($this->rolesConfiguration['userMapping'])) {
$this->logger->log('User mapping found but no party mapping for dn set', LOG_ALERT);
}
if (isset($this->partyConfiguration['username'])) {
$username = $this->eelEvaluator->evaluate($this->partyConfiguration['username'], $eelContext);
$groupMembership = $this->directoryService->getGroupMembership($username);
foreach ($this->rolesConfiguration['groupMapping'] as $roleIdentifier => $remoteRoleIdentifiers) {
foreach ($remoteRoleIdentifiers as $remoteRoleIdentifier) {
$role = $this->policyService->getRole($roleIdentifier);
if (isset($groupMembership[$remoteRoleIdentifier])) {
$account->addRole($role);
}
}
}
} elseif (!empty($this->rolesConfiguration['groupMapping'])) {
$this->logger->log('Group mapping found but no party mapping for username set', LOG_ALERT);
}
}
}
/**
* @param \Ag\Login\Domain\Model\Role $role
*/
public function addRole($role)
{
$this->login->addRole($this->roleToFlowRole($role));
}
/**
* Adds the specified role to the given account and potentially carries out further actions which are needed to
* properly reflect these changes.
*
* @param Account $account The account to add roles to
* @param string $roleIdentifier A fully qualified role identifier, or a role identifier relative to the TYPO3.Neos namespace
* @return integer How often this role has been added to the given account (effectively can be 1 or 0)
* @api
*/
public function addRoleToAccount(Account $account, $roleIdentifier)
{
$roleIdentifier = $this->normalizeRoleIdentifier($roleIdentifier);
$role = $this->policyService->getRole($roleIdentifier);
if (!$account->hasRole($role)) {
$account->addRole($role);
$this->accountRepository->update($account);
$this->emitRolesAdded($account, array($role));
return 1;
}
return 0;
}
/**
* @param string $username Crowd Username
* @param string $providerName Name of the authentication provider, this account should be used with
* @return Account
*/
public function getLocalAccountForCrowdUser($username, $providerName)
{
$accountRepository = $this->accountRepository;
$this->securityContext->withoutAuthorizationChecks(function () use($username, $providerName, $accountRepository, &$account) {
$account = $accountRepository->findActiveByAccountIdentifierAndAuthenticationProviderName($username, $providerName);
});
if ($account === NULL) {
if ($this->getUser($username) === NULL) {
return NULL;
}
$account = new Account();
$account->setAuthenticationProviderName($providerName);
$account->setAccountIdentifier($username);
$roleIdentifier = $this->configurationManager->getConfiguration(ConfigurationManager::CONFIGURATION_TYPE_SETTINGS, 'TYPO3.Flow.security.authentication.providers.' . $providerName . '.providerOptions.authenticateRole');
$account->addRole($this->policyService->getRole($roleIdentifier));
$this->accountRepository->add($account);
$this->persistenceManager->persistAll();
}
return $account;
}
/**
* {@inheritDoc}
*/
public function addRole(\TYPO3\Flow\Security\Policy\Role $role)
{
$this->__initializer__ && $this->__initializer__->__invoke($this, 'addRole', array($role));
return parent::addRole($role);
}
/**
* Adds new roles from CAS server since last authentication if some was added in CAS-Server.
* Is used only if Account was persisted. See persistAccount() method.
*
* @param string $providerName Provider name. WARNING: not in settings set useStaticProviderNameByPersistingAccounts.
* @param Account $account
*
* @return void
*
* @todo : move persistAll() at shutdown
*/
private function updateRolesInAccount($providerName, Account &$account)
{
$casAttributes = $this->casManager->getCasAttributes($providerName);
$casServerRoles = $this->getRoles($providerName, $casAttributes);
$accountMustBeUpdated = false;
foreach ($casServerRoles as $casServerRole) {
$accountMustBeUpdated = $accountMustBeUpdated == true ? $accountMustBeUpdated : !$account->hasRole($casServerRole);
$account->addRole($casServerRole);
}
if ($accountMustBeUpdated) {
$this->accountRepository->update($account);
}
$this->persistenceManager->persistAll();
}
