public function setUp()
{
parent::setUp();
$this->persistedUsernamePasswordProvider = new PersistedUsernamePasswordProvider('myTestProvider');
$this->accountFactory = new \TYPO3\Flow\Security\AccountFactory();
$this->accountRepository = new \TYPO3\Flow\Security\AccountRepository();
$this->authenticationToken = $this->getAccessibleMock(\TYPO3\Flow\Security\Authentication\Token\UsernamePassword::class, array('dummy'));
$account = $this->accountFactory->createAccountWithPassword('username', 'password', array(), 'myTestProvider');
$this->accountRepository->add($account);
$this->persistenceManager->persistAll();
}
/**
* Adds a new account to the system.
*
* @param string $username The username of the new administrator
* @param string $password The password of the new administrator
*/
public function createAdminUserCommand($username = '', $password = '')
{
// check if user + password are not empty
if ($username == '' || $password == '') {
// add a console output
$this->outputLine('Either username or password missing, cannot continue.');
return 1;
}
// let's create the user
$account = $this->accountFactory->createAccountWithPassword($username, $password, array('Roketi.Panel:Administrator'));
$this->accountRepository->add($account);
$this->outputLine('User ' . $username . ' created successfully.');
}
/**
* @param string $identifier
* @param string $password
* @return void
*/
public function createAction($identifier, $password)
{
if ($this->accountRepository->countByAccountIdentifier($identifier) == 1 && $this->userRepository->countByUsername($identifier) == 1) {
$this->addFlashMessage('Nickname already taken, please choose another one!');
$this->redirect('new');
} else {
$account = $this->accountFactory->createAccountWithPassword($identifier, $password);
$this->accountRepository->add($account);
$user = new User();
$user->setUsername($identifier);
$this->userRepository->add($user);
$this->addFlashMessage('Account ' . $identifier . ' successful created! You can login now!');
$this->redirect('index', 'Authentication');
}
}
/**
* Import Bearbeiter table into the FLOW domain_model tabel subugoe_germaniasacra_domain_model_bearbeiter and creates an account for every user
* @return int
*/
private function importAndJoinBearbeiterWithAccount()
{
/** @var \Doctrine\DBAL\Connection $sqlConnection */
$sqlConnection = $this->entityManager->getConnection();
$sql = 'SELECT ID, Bearbeiter FROM Bearbeiter ORDER BY ID ASC';
$bearbeiters = $sqlConnection->fetchAll($sql);
if (isset($bearbeiters) and is_array($bearbeiters)) {
$nBearbeiter = 0;
foreach ($bearbeiters as $be) {
$uid = $be['ID'];
$bearbeiter = $be['Bearbeiter'];
$userName = $this->createUsername($bearbeiter);
$password = $this->createPassword();
$account = $this->accountFactory->createAccountWithPassword($userName, $password, ['Flow.Login:Administrator']);
$this->accountRepository->add($account);
$bearbeiterObject = new Bearbeiter();
$bearbeiterObject->setUid($uid);
$bearbeiterObject->setBearbeiter($bearbeiter);
$bearbeiterObject->setAccount($account);
$this->bearbeiterRepository->add($bearbeiterObject);
$this->persistenceManager->persistAll();
$this->createUsernamePasswordFile($userName, $password, $uid);
$nBearbeiter++;
}
return $nBearbeiter;
}
}
/**
* Creates a user based on the given information
*
* The created user and account are automatically added to their respective repositories and thus be persisted.
*
* @param User $user
* @param string $username The username of the user to be created.
* @param string $password Password of the user to be created
* @param array $roleIdentifiers A list of role identifiers to assign
* @return void
*/
public function addUser(User $user, $username, $password, array $roleIdentifiers = array('Flowpack.Neos.FrontendLogin:User'))
{
$account = $this->accountFactory->createAccountWithPassword($username, $password, $roleIdentifiers, self::ACCOUNT_AUTHENTICATION_PROVIDER);
$user->addAccount($account);
$this->userRepository->add($user);
$this->accountRepository->add($account);
}
/**
* @param PersonDto $person
* @param NodeInterface $userStorageNode
* @param string $dateOfBirth
* @param array $password
* @param string $recaptcha_challenge_field
* @return void
*
* @throws \Exception
* @throws \TYPO3\Flow\Mvc\Exception\ForwardException
* @throws \TYPO3\Flow\Persistence\Exception\IllegalObjectTypeException
* @throws \TYPO3\Flow\Security\Exception
*
* @Flow\Validate(argumentName="password", type="\TYPO3\Neos\Validation\Validator\PasswordValidator", options={ "allowEmpty"=0, "minimum"=6, "maximum"=255 })
* @Flow\Validate(argumentName="recaptcha_challenge_field", type="\BuJitsuDo\Authentication\Validation\Validator\CaptchaValidator")
* @Flow\Validate(argumentName="person.emailAddress", type="\BuJitsuDo\Authentication\Validation\Validator\AccountDoesNotExistsValidator")
*/
public function registerAction(PersonDto $person, NodeInterface $userStorageNode, $dateOfBirth = NULL, array $password, $recaptcha_challenge_field = '')
{
$account = $this->accountFactory->createAccountWithPassword($person->getEmailAddress(), array_shift($password), $this->defaultRoles);
$party = $this->objectManager->get('\\TYPO3\\Neos\\Domain\\Model\\User');
if ($dateOfBirth !== NULL) {
$date = new \DateTime();
$date->setTimestamp(strtotime($dateOfBirth));
$person->setDateOfBirth($date);
}
if (!$party instanceof AbstractParty) {
throw new \Exception('The configured className did not result in an object that inherits from AbstractParty.', 1397043150);
}
/** @var $party User */
$party->setName(new PersonName('', $person->getFirstName(), '', $person->getLastName()));
$this->partyRepository->add($party);
$account->setParty($party);
$this->accountRepository->add($account);
$this->persistenceManager->persistAll();
$profile = $this->createProfileNode($account, $userStorageNode, $person);
if ($profile instanceof NodeInterface) {
$this->forward('show', 'Frontend\\Node', 'TYPO3.Neos', ['node' => $profile]);
} else {
throw new \Exception('No profile node returned', 1239187);
}
}
/**
* Authenticates against a crowd instance.
*
* @param \TYPO3\Flow\Security\Authentication\TokenInterface $authenticationToken The token to be authenticated
* @return void
* @throws \TYPO3\Flow\Security\Exception\UnsupportedAuthenticationTokenException
*/
public function authenticate(TokenInterface $authenticationToken)
{
if (!$authenticationToken instanceof UsernamePassword) {
throw new UnsupportedAuthenticationTokenException('This provider cannot authenticate the given token.', 1217339845);
}
$credentials = $authenticationToken->getCredentials();
if (is_array($credentials) && isset($credentials['username']) && isset($credentials['password'])) {
$crowdAuthenticationResponse = $this->crowdClient->authenticate($credentials['username'], $credentials['password']);
if ($crowdAuthenticationResponse !== NULL) {
/** @var $account \TYPO3\Flow\Security\Account */
$account = NULL;
$providerName = $this->name;
$accountRepository = $this->accountRepository;
$this->securityContext->withoutAuthorizationChecks(function () use($credentials, $providerName, $accountRepository, &$account) {
$account = $accountRepository->findActiveByAccountIdentifierAndAuthenticationProviderName($credentials['username'], $providerName);
});
if ($account === NULL) {
$account = new Account();
$account->setAuthenticationProviderName($providerName);
$account->setAccountIdentifier($credentials['username']);
$this->accountRepository->add($account);
}
$authenticateRole = $this->policyService->getRole($this->options['authenticateRole']);
if ($account->hasRole($authenticateRole) === FALSE) {
$account->addRole($authenticateRole);
}
$crowdUser = $this->partyService->getAssignedPartyOfAccount($account);
if ($crowdUser instanceof Person) {
if ($crowdUser->getName()->getFirstName() !== $crowdAuthenticationResponse['first-name']) {
$crowdUser->getName()->setFirstName($crowdAuthenticationResponse['first-name']);
$this->partyRepository->update($crowdUser);
}
if ($crowdUser->getName()->getLastName() !== $crowdAuthenticationResponse['last-name']) {
$crowdUser->getName()->setLastName($crowdAuthenticationResponse['last-name']);
$this->partyRepository->update($crowdUser);
}
if ($crowdUser->getPrimaryElectronicAddress()->getIdentifier() !== $crowdAuthenticationResponse['email']) {
$crowdUser->getPrimaryElectronicAddress()->setIdentifier($crowdAuthenticationResponse['email']);
$this->partyRepository->update($crowdUser);
}
} else {
$crowdUser = new Person();
$crowdUser->setName(new PersonName('', $crowdAuthenticationResponse['first-name'], '', $crowdAuthenticationResponse['last-name']));
$email = new ElectronicAddress();
$email->setIdentifier($crowdAuthenticationResponse['email']);
$email->setType(ElectronicAddress::TYPE_EMAIL);
$crowdUser->setPrimaryElectronicAddress($email);
$this->partyRepository->add($crowdUser);
$this->partyService->assignAccountToParty($account, $crowdUser);
}
$authenticationToken->setAuthenticationStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL);
$authenticationToken->setAccount($account);
} else {
$authenticationToken->setAuthenticationStatus(TokenInterface::WRONG_CREDENTIALS);
}
} elseif ($authenticationToken->getAuthenticationStatus() !== TokenInterface::AUTHENTICATION_SUCCESSFUL) {
$authenticationToken->setAuthenticationStatus(TokenInterface::NO_CREDENTIALS_GIVEN);
}
}
/**
* @return \TYPO3\Flow\Security\Account
* @throws Exception
* @throws \TYPO3\Flow\Persistence\Exception\IllegalObjectTypeException
*/
protected function generateTokenAccount()
{
$account = $this->securityContext->getAccount();
$tokenAccount = $this->accountFactory->createAccountWithPassword($account->getAccountIdentifier(), Algorithms::generateRandomString(25), array_keys($account->getRoles()), $this->apiToken->getAuthenticationProviderName());
$this->accountRepository->add($tokenAccount);
$this->persistenceManager->persistAll();
return $tokenAccount;
}
/**
* Persists new Account.
*
* @param Account $account
*
* @return void
*/
public function finalizePersistingNewUser(Account $account)
{
$party = $account->getParty();
if ($party instanceof AbstractParty) {
$this->partyRepository->add($party);
}
$this->accountRepository->add($account);
$this->persistenceManager->persistAll();
}
/**
* Tries to authenticate the given token. Sets isAuthenticated to TRUE if authentication succeeded.
*
* @param TokenInterface $authenticationToken The token to be authenticated
* @throws \TYPO3\Flow\Security\Exception\UnsupportedAuthenticationTokenException
* @return void
*/
public function authenticate(TokenInterface $authenticationToken)
{
if (!$authenticationToken instanceof AbstractClientToken) {
throw new UnsupportedAuthenticationTokenException('This provider cannot authenticate the given token.', 1383754993);
}
$credentials = $authenticationToken->getCredentials();
// Inspect the received access token as documented in https://developers.facebook.com/docs/facebook-login/login-flow-for-web-no-jssdk/
$tokenInformation = $this->facebookTokenEndpoint->requestValidatedTokenInformation($credentials['accessToken']);
if ($tokenInformation === FALSE) {
$authenticationToken->setAuthenticationStatus(TokenInterface::WRONG_CREDENTIALS);
return;
}
// Check if the permitted scopes suffice:
$necessaryScopes = $this->options['scopes'];
$scopesHavingPermissionFor = $tokenInformation['scopes'];
$requiredButNotPermittedScopes = array_diff($necessaryScopes, $scopesHavingPermissionFor);
if (count($requiredButNotPermittedScopes) > 0) {
$authenticationToken->setAuthenticationStatus(TokenInterface::WRONG_CREDENTIALS);
$this->securityLogger->log('The permitted scopes do not satisfy the required once.', LOG_NOTICE, array('necessaryScopes' => $necessaryScopes, 'allowedScopes' => $scopesHavingPermissionFor));
return;
}
// From here, we surely know the user is considered authenticated against the remote service,
// yet to check if there is an immanent account present.
$authenticationToken->setAuthenticationStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL);
/** @var $account \TYPO3\Flow\Security\Account */
$account = NULL;
$providerName = $this->name;
$accountRepository = $this->accountRepository;
$this->securityContext->withoutAuthorizationChecks(function () use($tokenInformation, $providerName, $accountRepository, &$account) {
$account = $accountRepository->findByAccountIdentifierAndAuthenticationProviderName($tokenInformation['user_id'], $providerName);
});
if ($account === NULL) {
$account = new Account();
$account->setAccountIdentifier($tokenInformation['user_id']);
$account->setAuthenticationProviderName($providerName);
$this->accountRepository->add($account);
}
$authenticationToken->setAccount($account);
// request long-live token and attach that to the account
$longLivedToken = $this->facebookTokenEndpoint->requestLongLivedToken($credentials['accessToken']);
$account->setCredentialsSource($longLivedToken);
$this->accountRepository->update($account);
}
/**
* Tries to authenticate the given token. Sets isAuthenticated to TRUE if authentication succeeded.
*
* @param TokenInterface $authenticationToken The token to be authenticated
* @throws \TYPO3\Flow\Security\Exception\UnsupportedAuthenticationTokenException
* @return void
*/
public function authenticate(TokenInterface $authenticationToken)
{
if (!$authenticationToken instanceof AbstractClientToken) {
throw new UnsupportedAuthenticationTokenException('This provider cannot authenticate the given token.', 1383754993);
}
$credentials = $authenticationToken->getCredentials();
// There is no way to validate the Token or check the scopes at the moment apart from "trying" (and possibly receiving an access denied)
// we could check the validity of the Token and the scopes here in the future when Instagram provides that
// Only check if an access Token is present at this time and do a single test call
if (isset($credentials['accessToken']) && $credentials['accessToken'] !== NULL) {
// check if a secure request is possible (https://www.instagram.com/developer/secure-api-requests/)
$userInfo = $this->instagramTokenEndpoint->validateSecureRequestCapability($credentials['accessToken']);
if ($userInfo === FALSE) {
$authenticationToken->setAuthenticationStatus(TokenInterface::WRONG_CREDENTIALS);
$this->securityLogger->log('A secure call to the API with the provided accessToken and clientSecret was not possible', LOG_NOTICE);
return FALSE;
}
} else {
}
// From here, we surely know the user is considered authenticated against the remote service,
// yet to check if there is an immanent account present.
$authenticationToken->setAuthenticationStatus(TokenInterface::AUTHENTICATION_SUCCESSFUL);
/** @var $account \TYPO3\Flow\Security\Account */
$account = NULL;
$providerName = $this->name;
$accountRepository = $this->accountRepository;
$this->securityContext->withoutAuthorizationChecks(function () use($userInfo, $providerName, $accountRepository, &$account) {
$account = $accountRepository->findByAccountIdentifierAndAuthenticationProviderName($userInfo['id'], $providerName);
});
if ($account === NULL) {
$account = new Account();
$account->setAccountIdentifier($userInfo['id']);
$account->setAuthenticationProviderName($providerName);
$this->accountRepository->add($account);
}
$authenticationToken->setAccount($account);
// the access token is valid for an "undefined time" according to instagram (so we cannot know when the user needs to log in again)
$account->setCredentialsSource($credentials['accessToken']);
$this->accountRepository->update($account);
// check if a user is already attached to this account
if ($this->partyService->getAssignedPartyOfAccount($account) === null || count($this->partyService->getAssignedPartyOfAccount($account)) < 1) {
$user = $this->userService->getCurrentUser();
if ($user !== null) {
$user->addAccount($account);
$this->userService->updateUser($user);
$this->persistenceManager->whitelistObject($user);
} else {
$this->securityLogger->logException(new Exception("The InstagramProvider was unable to determine the backend user, make sure the configuration Typo3BackendProvider requestPattern matches the Instagram Controller and the authentication strategy is set to 'atLeastOne' Token"));
}
}
// persistAll is called automatically at the end of this function, account gets whitelisted to allow
// persisting for an object thats tinkered with via a GET request
$this->persistenceManager->whitelistObject($account);
}
/**
* @dataProvider personsDataProvider
* @test
*/
public function personsAndAccountPersistingAndRetrievingWorksCorrectly($firstName, $middleName, $lastName, $emailAddress)
{
$person = new Domain\Model\Person();
$person->setName(new Domain\Model\PersonName('', $firstName, $middleName, $lastName));
$electronicAddress = new Domain\Model\ElectronicAddress();
$electronicAddress->setType(Domain\Model\ElectronicAddress::TYPE_EMAIL);
$electronicAddress->setIdentifier($emailAddress);
$person->setPrimaryElectronicAddress($electronicAddress);
$account = $this->accountFactory->createAccountWithPassword($emailAddress, $this->persistenceManager->getIdentifierByObject($person));
$this->accountRepository->add($account);
$person->addAccount($account);
$this->partyRepository->add($person);
$this->persistenceManager->persistAll();
$this->assertEquals(1, $this->partyRepository->countAll());
$this->persistenceManager->clearState();
$foundPerson = $this->partyRepository->findByIdentifier($this->persistenceManager->getIdentifierByObject($person));
$this->assertEquals($foundPerson->getName()->getFullName(), $person->getName()->getFullName());
$this->assertEquals($foundPerson->getName()->getFullName(), $firstName . ' ' . $middleName . ' ' . $lastName);
$this->assertEquals($foundPerson->getPrimaryElectronicAddress()->getIdentifier(), $emailAddress);
}
/**
* save the registration
* @param string $name
* @param string $pass
* @param string $pass2
* @param string $role
*/
public function createAction($name, $pass, $pass2, $role)
{
if ($name == '' || strlen($name) < 3) {
$this->flashMessageContainer->addMessage(new \TYPO3\Flow\Error\Error('Username too short or empty'));
$this->redirect('register', 'Login');
} else {
if ($pass == '' || $pass != $pass2) {
$this->flashMessageContainer->addMessage(new \TYPO3\Flow\Error\Error('Password too short or does not match'));
$this->redirect('register', 'Login');
} else {
// create a account with password an add it to the accountRepository
$account = $this->accountFactory->createAccountWithPassword($name, $pass, array($role));
$this->accountRepository->add($account);
// add a message and redirect to the login form
$this->flashMessageContainer->addMessage(new \TYPO3\Flow\Error\Error('Account created. Please login.'));
$this->redirect('index');
}
}
// redirect to the login form
$this->redirect('index', 'Login');
}
/**
* @param \DLigo\Animaltool\Domain\Model\User $newUser
* @param array $username
* @Flow\Validate(argumentName="$username", type="notEmpty")
* @param array $password
* @param string $role
* @Flow\Validate(argumentName="$password", type="\DLigo\Animaltool\Validation\Validator\PasswordValidator")
* @Flow\Validate(argumentName="$newUser", type="UniqueEntity")
* @Flow\Validate(argumentName="$username", type="\DLigo\Animaltool\Validation\Validator\AccountExistsValidator")
* @return void
*/
public function createAction(User $newUser, $username, $password, $role)
{
$account = $this->accountFactory->createAccountWithPassword($username['new'], $password[0], array($role));
$accountApp = $this->accountFactory->createAccountWithPassword($username['new'], $password[0], array($role), 'AppProvider');
$account->setParty($newUser);
$accountApp->setParty($newUser);
$this->accountRepository->add($account);
$this->accountRepository->add($accountApp);
$this->userRepository->add($newUser);
$this->addFlashMessage('Created a new user.', '', \TYPO3\Flow\Error\Message::SEVERITY_OK, array(), 'flash.user.new');
$this->redirect('index');
}
/**
* Adds a user whose User object has been created elsewhere
*
* This method basically "creates" a user like createUser() would, except that it does not create the User
* object itself. If you need to create the User object elsewhere, for example in your ActionController, make sure
* to call this method for registering the new user instead of adding it to the PartyRepository manually.
*
* This method also creates a new user workspace for the given user if no such workspace exist.
*
* @param string $username The username of the user to be created.
* @param string $password Password of the user to be created
* @param User $user The pre-built user object to start with
* @param array $roleIdentifiers A list of role identifiers to assign
* @param string $authenticationProviderName Name of the authentication provider to use. Example: "Typo3BackendProvider"
* @return User The same user object
* @api
*/
public function addUser($username, $password, User $user, array $roleIdentifiers = null, $authenticationProviderName = null)
{
if ($roleIdentifiers === null) {
$roleIdentifiers = array('TYPO3.Neos:Editor');
}
$roleIdentifiers = $this->normalizeRoleIdentifiers($roleIdentifiers);
$account = $this->accountFactory->createAccountWithPassword($username, $password, $roleIdentifiers, $authenticationProviderName ?: $this->defaultAuthenticationProviderName);
$user->addAccount($account);
$this->partyRepository->add($user);
$this->accountRepository->add($account);
$this->createUserWorkspace($username);
$this->emitUserCreated($user);
return $user;
}
/**
* In this method, actually create the user / account.
*
* NOTE: After this method is called, the $registrationFlow is DESTROYED, so you need to store all attributes
* in your object as you need them.
*
* @param RegistrationFlow $registrationFlow
* @return void
*/
public function createUserAndAccount(RegistrationFlow $registrationFlow)
{
// Create the account
$account = new Account();
$account->setAccountIdentifier($registrationFlow->getEmail());
$account->setCredentialsSource($registrationFlow->getEncryptedPassword());
$account->setAuthenticationProviderName('Sandstorm.UserManagement:Login');
// Assign preconfigured roles
foreach ($this->rolesForNewUsers as $roleString) {
$account->addRole(new Role($roleString));
}
// Create the user
$user = new User();
$name = new PersonName('', $registrationFlow->getAttributes()['firstName'], '', $registrationFlow->getAttributes()['lastName'], '', $registrationFlow->getEmail());
$user->setName($name);
// Assign them to each other and persist
$this->getPartyService()->assignAccountToParty($account, $user);
$this->getPartyRepository()->add($user);
$this->accountRepository->add($account);
$this->persistenceManager->whitelistObject($user);
$this->persistenceManager->whitelistObject($user->getPreferences());
$this->persistenceManager->whitelistObject($name);
$this->persistenceManager->whitelistObject($account);
}
/**
* Creates a temporary account
*
* @param string $accountIdentifier
* @param string $password
* @param string $firstName
* @param string $lastName
* @return Account
*/
protected function createTemporaryAccount($accountIdentifier, $password, $firstName, $lastName)
{
if (strlen($firstName) === 0 && strlen($lastName) === 0) {
$firstName = 'Santa';
$lastName = 'Claus';
}
$user = new User();
$user->setName(new PersonName('', $firstName, '', $lastName));
$user->getPreferences()->set('context.workspace', 'user-' . $accountIdentifier);
$this->partyRepository->add($user);
$account = $this->accountFactory->createAccountWithPassword($accountIdentifier, $password, array('TYPO3.Neos:Editor'), 'Typo3BackendProvider');
$account->setParty($user);
$account->setExpirationDate(new \DateTime('+1 week'));
$this->accountRepository->add($account);
}
/**
* save the registration
* @param string $lemail
* @param string $lpass
* @param string $lpass2
* @param string $firstName
* @param string $lastName
*/
public function createAction($lemail, $lpass, $lpass2, $firstName, $lastName = NULL)
{
$account = $this->accountRepository->findByAccountIdentifierAndAuthenticationProviderName($lemail, $this->providerName);
if ($account instanceof \TYPO3\Flow\Security\Account) {
$this->flashMessageContainer->addMessage(new \TYPO3\Flow\Error\Error($this->translator->translateById('login.login.usernameExist', array(), NULL, NULL, 'Main', 'Incvisio.LostFound')));
$this->redirect('index', 'Standard');
} else {
$defaultRole = array('Incvisio.LostFound:User');
if ($lemail == '' || strlen($lemail) < 3) {
$this->flashMessageContainer->addMessage(new \TYPO3\Flow\Error\Error('Username too short or empty'));
$this->redirect('index', 'Standard');
} else {
if ($lpass == '' || $lpass != $lpass2) {
$this->flashMessageContainer->addMessage(new \TYPO3\Flow\Error\Error('Password too short or does not match'));
$this->redirect('index', 'Standard');
} else {
if ($lastName == NULL) {
$lastName = " ";
}
// create a account with password an add it to the accountRepository
$user = $this->userFactory->create($lemail, $lpass, $firstName, $lastName, $defaultRole);
$user->setLikes(0);
$user->setDislike(0);
$this->userRepository->add($user);
$accounts = $user->getAccounts();
foreach ($accounts as $account) {
$account->setExpirationDate(new \TYPO3\Flow\Utility\Now());
$this->accountRepository->add($account);
}
$this->persistenceManager->persistAll();
$date = $this->time->getTimestamp();
$random = rand();
$json = json_encode(array('username' => $lemail, 'date' => $date, 'random' => $random));
$cryptKey = md5($this->providerName);
$cryptJson = urlencode(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $cryptKey, $json, MCRYPT_MODE_CBC, md5($cryptKey))));
$this->sendActivationEmail($lemail, $cryptJson, $firstName);
// add a message and redirect to the login form
$this->flashMessageContainer->addMessage(new \TYPO3\Flow\Error\Error($this->translator->translateById('main.messages.accountcreated', array(), NULL, NULL, 'Main', 'Incvisio.LostFound')));
$this->redirect('index', 'Standard');
}
}
// redirect to the login form
$this->redirect('index', 'Standard');
}
}
/**
* @param string $username Crowd Username
* @param string $providerName Name of the authentication provider, this account should be used with
* @return Account
*/
public function getLocalAccountForCrowdUser($username, $providerName)
{
$accountRepository = $this->accountRepository;
$this->securityContext->withoutAuthorizationChecks(function () use($username, $providerName, $accountRepository, &$account) {
$account = $accountRepository->findActiveByAccountIdentifierAndAuthenticationProviderName($username, $providerName);
});
if ($account === NULL) {
if ($this->getUser($username) === NULL) {
return NULL;
}
$account = new Account();
$account->setAuthenticationProviderName($providerName);
$account->setAccountIdentifier($username);
$roleIdentifier = $this->configurationManager->getConfiguration(ConfigurationManager::CONFIGURATION_TYPE_SETTINGS, 'TYPO3.Flow.security.authentication.providers.' . $providerName . '.providerOptions.authenticateRole');
$account->addRole($this->policyService->getRole($roleIdentifier));
$this->accountRepository->add($account);
$this->persistenceManager->persistAll();
}
return $account;
}
/**
* save the registration
* @param string $name
* @param string $pass
* @param string $pass2
*/
public function createAction($name, $pass, $pass2)
{
$defaultRole = 'Foxxshirts.Druckverwaltung:Visitor';
if ($name == '' || strlen($name) < 8) {
$this->flashMessageContainer->addMessage(new \TYPO3\Flow\Error\Error('Benutzername zu kurz oder leer. (min 8 Zeichen)'));
$this->redirect('register', 'Login');
} else {
if ($pass == '' || $pass != $pass2) {
$this->flashMessageContainer->addMessage(new \TYPO3\Flow\Error\Error('Die Passwoerter stimmen nicht ueberein'));
$this->redirect('register', 'Login');
} else {
// create a account with password an add it to the accountRepository
$account = $this->accountFactory->createAccountWithPassword($name, $pass, array($defaultRole));
$this->accountRepository->add($account);
// add a message and redirect to the login form
$this->flashMessageContainer->addMessage(new \TYPO3\Flow\Error\Error('Account angelegt. Bitte melden Sie sich an.'));
$this->redirect('login');
}
}
// redirect to the login form
$this->redirect('login', 'Login');
}
/**
* Create an admin account
*
* Creates a new account which has admin rights.
*
* @param string $identifier Account identifier, aka "user name"
* @param string $password Plain text password for the new account
* @param string $firstName First name of the account's holder
* @param string $lastName Last name of the account's holder
* @return void
*/
public function createAccountCommand($identifier, $password, $firstName, $lastName)
{
$this->initRoles();
$account = $this->accountFactory->createAccountWithPassword($identifier, $password, array('DLigo.Animaltool:Admin'));
$accountApp = $this->accountFactory->createAccountWithPassword($identifier, $password, array('DLigo.Animaltool:Admin'), 'AppProvider');
$user = new \DLigo\Animaltool\Domain\Model\User();
$user->setFirstname($firstName);
$user->setLastname($lastName);
$user->setPhone('');
$user->setStreet('');
$user->setNumber('');
$user->setZipCode('');
$user->setCity('');
$user->setRegion('');
$user->setCountry('');
$user->setComment('');
$user->setLastBoxID(0);
$this->userRepository->add($user);
$account->setParty($user);
$accountApp->setParty($user);
$this->accountRepository->add($account);
$this->accountRepository->add($accountApp);
$this->outputLine('The account "%s" was created.', array($identifier));
}
/**
* Executes this finisher
* @see AbstractFinisher::execute()
*
* @return void
* @throws \TYPO3\Flow\Mvc\Exception\StopActionException();
*/
protected function executeInternal()
{
/** @var \TYPO3\Form\Core\Runtime\FormRuntime $formRuntime */
$formRuntime = $this->finisherContext->getFormRuntime();
$formValueArray = $formRuntime->getFormState()->getFormValues();
if ($formRuntime->getRequest()->getParentRequest()->getControllerActionName() == 'editDataSheet') {
// we need to update the data sheet, we assume that the person is authenticated because a data sheet can only be edited by a authenticated user
/** @var \GIB\GradingTool\Domain\Model\Project $project */
$project = $this->projectRepository->findByIdentifier($formRuntime->getRequest()->getParentRequest()->getArgument('project'));
// make a HTML representation of a diff of the old and new data
$diffContent = DiffUtility::arrayDiffRecursive($project->getDataSheetContentArray(), $formValueArray);
// store changes to project
$project->setDataSheetContent($formValueArray);
$project->setLastUpdated(new \TYPO3\Flow\Utility\Now());
// update e-mail address (could have changed in the data sheet)
$projectManagerElectronicAddress = new \TYPO3\Party\Domain\Model\ElectronicAddress();
$projectManagerElectronicAddress->setIdentifier($formValueArray['projectManagerEmail']);
$projectManagerElectronicAddress->setType(\TYPO3\Party\Domain\Model\ElectronicAddress::TYPE_EMAIL);
$project->getProjectManager()->setPrimaryElectronicAddress($projectManagerElectronicAddress);
$this->partyRepository->update($project->getProjectManager());
$this->projectRepository->update($project);
$this->persistenceManager->persistAll();
// send a notification mail to the Administrator containing the changes
$templateIdentifierOverlay = $this->templateService->getTemplateIdentifierOverlay('editDataSheetNotification', $project);
$this->notificationMailService->sendNotificationMail($templateIdentifierOverlay, $project, NULL, '', '', $diffContent);
// add a flash message
$message = new \TYPO3\Flow\Error\Message('Your data sheet for project "%s" was successfully edited.', \TYPO3\Flow\Error\Message::SEVERITY_OK, array($project->getProjectTitle()));
$this->flashMessageContainer->addMessage($message);
} else {
// we need to add a new data sheet
/** @var \GIB\GradingTool\Domain\Model\Project $project */
$project = new \GIB\GradingTool\Domain\Model\Project();
$project->setProjectTitle($formValueArray['projectTitle']);
$project->setDataSheetFormIdentifier($this->settings['forms']['dataSheet']['default']);
$project->setSubmissionFormIdentifier($this->settings['forms']['submission']['default']);
// store identifier=userName and password for later usage
$identifier = $formValueArray['userName'];
$password = $formValueArray['password'];
// remove userName and password from data array so it doesn't get saved unencrypted
unset($formValueArray['userName']);
unset($formValueArray['password']);
$project->setDataSheetContent($formValueArray);
$project->setCreated(new \TYPO3\Flow\Utility\Now());
$this->projectRepository->add($project);
// add a flash message
$message = new \TYPO3\Flow\Error\Message('Your data sheet for project "%s" was successfully submitted.', \TYPO3\Flow\Error\Message::SEVERITY_OK, array($formValueArray['projectTitle']));
$this->flashMessageContainer->addMessage($message);
if (!$this->authenticationManager->isAuthenticated() || $this->authenticationManager->isAuthenticated() && $this->authenticationManager->getSecurityContext()->hasRole('GIB.GradingTool:Administrator')) {
// the product manager (supposedly) doesn't have an account yet, so we create one
$projectManager = new \GIB\GradingTool\Domain\Model\ProjectManager();
$projectManagerName = new \TYPO3\Party\Domain\Model\PersonName('', $formValueArray['projectManagerFirstName'], '', $formValueArray['projectManagerLastName']);
$projectManager->setName($projectManagerName);
$projectManagerElectronicAddress = new \TYPO3\Party\Domain\Model\ElectronicAddress();
$projectManagerElectronicAddress->setIdentifier($formValueArray['projectManagerEmail']);
$projectManagerElectronicAddress->setType(\TYPO3\Party\Domain\Model\ElectronicAddress::TYPE_EMAIL);
$projectManager->addElectronicAddress($projectManagerElectronicAddress);
$projectManager->setPrimaryElectronicAddress($projectManagerElectronicAddress);
// add account
$roles = array('GIB.GradingTool:ProjectManager');
$authenticationProviderName = 'DefaultProvider';
$account = $this->accountFactory->createAccountWithPassword($identifier, $password, $roles, $authenticationProviderName);
$this->accountRepository->add($account);
// add account to ProjectManager
$projectManager->addAccount($account);
// add project to ProjectManager
$projectManager->addProject($project);
// finally add the complete ProjectManager
$this->partyRepository->add($projectManager);
if (!$this->authenticationManager->getSecurityContext()->hasRole('GIB.GradingTool:Administrator')) {
// authenticate user if no Administrator is authenticated
$authenticationTokens = $this->securityContext->getAuthenticationTokensOfType('TYPO3\\Flow\\Security\\Authentication\\Token\\UsernamePassword');
if (count($authenticationTokens) === 1) {
$authenticationTokens[0]->setAccount($account);
$authenticationTokens[0]->setAuthenticationStatus(\TYPO3\Flow\Security\Authentication\TokenInterface::AUTHENTICATION_SUCCESSFUL);
}
// add a flash message
$message = new \TYPO3\Flow\Error\Message('The account "%s" was created and you were successfully logged in.', \TYPO3\Flow\Error\Message::SEVERITY_OK, array($identifier));
$this->flashMessageContainer->addMessage($message);
}
} elseif ($this->authenticationManager->isAuthenticated() && $this->authenticationManager->getSecurityContext()->hasRole('GIB.GradingTool:ProjectManager')) {
// a productManager is adding a new project to his account
/** @var \GIB\GradingTool\Domain\Model\ProjectManager $projectManager */
$projectManager = $this->authenticationManager->getSecurityContext()->getParty();
$projectManager->addProject($project);
$this->partyRepository->update($projectManager);
}
$this->persistenceManager->persistAll();
// send notification mail to project manager (bcc to team)
$templateIdentifierOverlay = $this->templateService->getTemplateIdentifierOverlay('newDataSheetProjectManagerNotification', $project);
$this->notificationMailService->sendNotificationMail($templateIdentifierOverlay, $project, $projectManager, $formValueArray['projectManagerFirstName'] . ' ' . $formValueArray['projectManagerLastName'], $formValueArray['projectManagerEmail']);
// send notification mail to the GIB team
$templateIdentifierOverlay = $this->templateService->getTemplateIdentifierOverlay('newDataSheetTeamNotification', $project);
$dataSheetArray = $this->dataSheetService->getProcessedDataSheet($project);
$this->notificationMailService->sendNotificationMail($templateIdentifierOverlay, $project, $projectManager, '', '', $dataSheetArray);
}
$this->persistenceManager->persistAll();
// redirect to dashboard
$formRuntime = $this->finisherContext->getFormRuntime();
$request = $formRuntime->getRequest()->getMainRequest();
$uriBuilder = new \TYPO3\Flow\Mvc\Routing\UriBuilder();
$uriBuilder->setRequest($request);
$uriBuilder->reset();
$uri = $uriBuilder->uriFor('editDatasheet', array('project' => $project), 'Project');
$response = $formRuntime->getResponse();
$mainResponse = $response;
while ($response = $response->getParentResponse()) {
$mainResponse = $response;
}
$mainResponse->setStatus(303);
$mainResponse->setHeader('Location', (string) $uri);
throw new \TYPO3\Flow\Mvc\Exception\StopActionException();
}
