/** * @param \TYPO3\FLOW3\Security\Account $account * @param array $password * @FLOW3\Validate(argumentName="password", type="\TYPO3\TYPO3\Validation\Validator\PasswordValidator", options={ "allowEmpty"=1, "minimum"=1, "maximum"=255 }) * @return void * @todo Handle validation errors for account (accountIdentifier) & check if there's another account with the same accountIdentifier when changing it * @todo Security */ public function updateAction(\TYPO3\FLOW3\Security\Account $account, array $password = array()) { $password = array_shift($password); if (strlen(trim(strval($password))) > 0) { $account->setCredentialsSource($this->hashService->hashPassword($password, 'default')); } $this->accountRepository->update($account); $this->partyRepository->update($account->getParty()); $this->addFlashMessage('The user profile has been updated.'); $this->redirect('index'); }
/** * Creates a new account and sets the given password and roles * * @param string $identifier Identifier of the account, must be unique * @param string $password The clear text password * @param array $roleIdentifiers Optionally an array of role identifiers to assign to the new account * @param string $authenticationProviderName Optional name of the authentication provider the account is affiliated with * @param string $passwordHashingStrategy Optional password hashing strategy to use for the password * @return \TYPO3\FLOW3\Security\Account A new account, not yet added to the account repository */ public function createAccountWithPassword($identifier, $password, $roleIdentifiers = array(), $authenticationProviderName = 'DefaultProvider', $passwordHashingStrategy = 'default') { $roles = array(); foreach ($roleIdentifiers as $roleIdentifier) { $roles[] = new \TYPO3\FLOW3\Security\Policy\Role($roleIdentifier); } $account = new \TYPO3\FLOW3\Security\Account(); $account->setAccountIdentifier($identifier); $account->setCredentialsSource($this->hashService->hashPassword($password, $passwordHashingStrategy)); $account->setAuthenticationProviderName($authenticationProviderName); $account->setRoles($roles); return $account; }
/** * Sets isAuthenticated to TRUE for all tokens. * * @param \TYPO3\FLOW3\Security\Authentication\TokenInterface $authenticationToken The token to be authenticated * @return void * @throws \TYPO3\FLOW3\Security\Exception\UnsupportedAuthenticationTokenException */ public function authenticate(\TYPO3\FLOW3\Security\Authentication\TokenInterface $authenticationToken) { if (!$authenticationToken instanceof \TYPO3\FLOW3\Security\Authentication\Token\PasswordToken) { throw new \TYPO3\FLOW3\Security\Exception\UnsupportedAuthenticationTokenException('This provider cannot authenticate the given token.', 1217339840); } $credentials = $authenticationToken->getCredentials(); if (is_array($credentials) && isset($credentials['password'])) { if ($this->hashService->validatePassword($credentials['password'], $this->fileBasedSimpleKeyService->getKey($this->options['keyName']))) { $authenticationToken->setAuthenticationStatus(\TYPO3\FLOW3\Security\Authentication\TokenInterface::AUTHENTICATION_SUCCESSFUL); } else { $authenticationToken->setAuthenticationStatus(\TYPO3\FLOW3\Security\Authentication\TokenInterface::WRONG_CREDENTIALS); } } elseif ($authenticationToken->getAuthenticationStatus() !== \TYPO3\FLOW3\Security\Authentication\TokenInterface::AUTHENTICATION_SUCCESSFUL) { $authenticationToken->setAuthenticationStatus(\TYPO3\FLOW3\Security\Authentication\TokenInterface::NO_CREDENTIALS_GIVEN); } }
/** * @test */ public function validateAndStripHmacReturnsTheStringWithoutHmac() { $string = ' Some arbitrary string with special characters: öäüß!"§$ '; $hashedString = $this->hashService->appendHmac($string); $actualResult = $this->hashService->validateAndStripHmac($hashedString); $this->assertSame($string, $actualResult); }
/** * Returns an ActionRequest which referred to this request, if any. * * The referring request is not set or determined automatically but must be * explicitly set through the corresponding internal argument "__referrer". * This mechanism is used by FLOW3's form and validation mechanisms. * * @return \TYPO3\FLOW3\Mvc\ActionRequest the referring request, or NULL if no referrer found */ public function getReferringRequest() { if ($this->referringRequest !== NULL) { return $this->referringRequest; } if (!isset($this->internalArguments['__referrer'])) { return NULL; } if (is_array($this->internalArguments['__referrer'])) { $referrerArray = $this->internalArguments['__referrer']; $referringRequest = $this->getHttpRequest()->createActionRequest(); $arguments = array(); if (isset($referrerArray['arguments'])) { $serializedArgumentsWithHmac = $referrerArray['arguments']; $serializedArguments = $this->hashService->validateAndStripHmac($serializedArgumentsWithHmac); $arguments = unserialize(base64_decode($serializedArguments)); unset($referrerArray['arguments']); } $referringRequest->setArguments(\TYPO3\FLOW3\Utility\Arrays::arrayMergeRecursiveOverrule($arguments, $referrerArray)); return $referringRequest; } else { $this->referringRequest = $this->internalArguments['__referrer']; } return $this->referringRequest; }
/** * Set a new password for the given user * * This allows for setting a new password for an existing user account. * * @param string $username Username of the account to modify * @param string $password The new password * @return void */ public function setPasswordCommand($username, $password) { $account = $this->accountRepository->findByAccountIdentifierAndAuthenticationProviderName($username, 'Typo3BackendProvider'); if (!$account instanceof \TYPO3\FLOW3\Security\Account) { $this->outputLine('User "%s" does not exists.', array($username)); $this->quit(1); } $account->setCredentialsSource($this->hashService->hashPassword($password, 'default')); $this->accountRepository->update($account); $this->outputLine('The new password for user "%s" was set.', array($username)); }
/** * Persists a key to the file system * * @param string $name * @param string $password * @return void * @throws \TYPO3\FLOW3\Security\Exception */ protected function persistKey($name, $password) { $hashedPassword = $this->hashService->hashPassword($password, $this->passwordHashingStrategy); $keyPathAndFilename = $this->getKeyPathAndFilename($name); if (!is_dir($this->getPath())) { Files::createDirectoryRecursively($this->getPath()); } $result = file_put_contents($keyPathAndFilename, $hashedPassword); if ($result === FALSE) { throw new \TYPO3\FLOW3\Security\Exception(sprintf('The key could not be stored ("%s").', $keyPathAndFilename), 1305812921); } }
/** * Sets isAuthenticated to TRUE for all tokens. * * @param \TYPO3\FLOW3\Security\Authentication\TokenInterface $authenticationToken The token to be authenticated * @return void * @throws \TYPO3\FLOW3\Security\Exception\UnsupportedAuthenticationTokenException * @FLOW3\Session(autoStart=true) */ public function authenticate(\TYPO3\FLOW3\Security\Authentication\TokenInterface $authenticationToken) { if (!$authenticationToken instanceof \TYPO3\FLOW3\Security\Authentication\Token\UsernamePassword) { throw new \TYPO3\FLOW3\Security\Exception\UnsupportedAuthenticationTokenException('This provider cannot authenticate the given token.', 1217339840); } $account = NULL; $credentials = $authenticationToken->getCredentials(); if (is_array($credentials) && isset($credentials['username'])) { $account = $this->accountRepository->findActiveByAccountIdentifierAndAuthenticationProviderName($credentials['username'], $this->name); } if (is_object($account)) { if ($this->hashService->validatePassword($credentials['password'], $account->getCredentialsSource())) { $authenticationToken->setAuthenticationStatus(\TYPO3\FLOW3\Security\Authentication\TokenInterface::AUTHENTICATION_SUCCESSFUL); $authenticationToken->setAccount($account); } else { $authenticationToken->setAuthenticationStatus(\TYPO3\FLOW3\Security\Authentication\TokenInterface::WRONG_CREDENTIALS); } } elseif ($authenticationToken->getAuthenticationStatus() !== \TYPO3\FLOW3\Security\Authentication\TokenInterface::AUTHENTICATION_SUCCESSFUL) { $authenticationToken->setAuthenticationStatus(\TYPO3\FLOW3\Security\Authentication\TokenInterface::NO_CREDENTIALS_GIVEN); } }
/** * Initialize the property mapping configuration in $controllerArguments if * the trusted properties are set inside the request. * * @param \TYPO3\FLOW3\Mvc\ActionRequest $request * @param \TYPO3\FLOW3\Mvc\Controller\Arguments $controllerArguments * @return void */ public function initializePropertyMappingConfigurationFromRequest(\TYPO3\FLOW3\Mvc\ActionRequest $request, \TYPO3\FLOW3\Mvc\Controller\Arguments $controllerArguments) { $trustedPropertiesToken = $request->getInternalArgument('__trustedProperties'); if (!is_string($trustedPropertiesToken)) { return; } $serializedTrustedProperties = $this->hashService->validateAndStripHmac($trustedPropertiesToken); $trustedProperties = unserialize($serializedTrustedProperties); foreach ($trustedProperties as $propertyName => $propertyConfiguration) { if (!$controllerArguments->hasArgument($propertyName)) { continue; } $propertyMappingConfiguration = $controllerArguments->getArgument($propertyName)->getPropertyMappingConfiguration(); $this->modifyPropertyMappingConfiguration($propertyConfiguration, $propertyMappingConfiguration); } }
/** * @param string $password */ public function setPassword($password) { $account = $this->getPrimaryAccount(); $account->setCredentialsSource($this->hashService->hashPassword($password)); }