/** * @param string $setting * @param UserInterface $user * @return mixed */ public function getUserSetting($setting, UserInterface $user = null) { if (!$user) { $user = $this->authenticationService->getIdentity(); } return $this->userSettingsService->getValue($setting, $user); }
public function __invoke(Request $req, Response $res) { $school = $req->getAttribute('school'); if ($req->isPost()) { $this->appFormInputFilter->setData(array_merge($req->getParams(), ['school_id' => $school->id, 'submitted_by' => $this->authService->getIdentity()->mail])); $isValid = $this->appFormInputFilter->isValid(); if ($isValid) { $data = $this->appFormInputFilter->getValues(); $appForm = $this->appFormService->submit($data); $_SESSION['applicationForm']['appForm'] = $appForm; $res = $res->withRedirect($this->successUrl); return $res; } $this->view['form'] = ['is_valid' => $isValid, 'values' => $this->appFormInputFilter->getValues(), 'raw_values' => $this->appFormInputFilter->getRawValues(), 'messages' => $this->appFormInputFilter->getMessages()]; } $loadForm = (bool) $req->getParam('load', false); $this->view['choose'] = !$loadForm && !$req->isPost(); if (!$req->isPost() && $loadForm) { if (null !== ($appForm = $this->appFormService->findSchoolApplicationForm($school->id))) { $this->view['form'] = ['values' => $appForm]; } } $labs = $this->labService->getLabsBySchoolId($school->id); $res = $this->view->render($res, 'application_form/form.twig', ['lab_choices' => array_map(function ($lab) { return ['value' => $lab['id'], 'label' => $lab['name']]; }, $labs), 'type_choices' => array_map(function ($category) { return ['value' => $category['id'], 'label' => $category['name']]; }, $this->assetsService->getAllItemCategories())]); return $res; }
/** * * @return Response */ public function indexAction() { if (!is_null($this->identity())) { $this->authenticationService->clearIdentity(); } return $this->redirect()->toRoute($this->loginRoute); }
/** * Handles redirects in case of dispatch errors caused by unauthorized access * * @param MvcEvent $event * @return void */ public function onError(MvcEvent $event) { if (!$event->getRequest() instanceof HttpRequest || !($routeMatch = $event->getRouteMatch())) { return; } if (null === $this->redirectUri) { if (null === $this->redirectRoute) { if ($this->authenticationService->hasIdentity()) { $this->setRedirectRoute($this->options->getAuthenticatedIdentityRedirectRoute()); } else { $this->setRedirectRoute($this->options->getUnauthenticatedIdentityRedirectRoute()); } } if (!($this->redirectRoute && $this->redirectRoute !== $routeMatch->getMatchedRouteName())) { return parent::onError($event); } $params = ['name' => $this->redirectRoute]; if ($this->options->getUseRedirectParameter()) { $redirectKey = $this->options->getRedirectKey(); $params['query'][$redirectKey] = $event->getRequest()->getUriString(); } $this->setRedirectUri($event->getRouter()->assemble([], $params)); } $response = $event->getResponse() ?: new HttpResponse(); $response->getHeaders()->addHeaderLine('Location', $this->redirectUri); $response->setStatusCode(302); $event->setResponse($response); }
/** * Main method to check authorization * * @param MvcEvent $e * * @return ResponseInterface */ public function checkAccess(MvcEvent $e) { /** @var Response $response */ $response = $e->getResponse(); /** @var UserEntity $identity */ $identity = $this->authService->getIdentity(); $role = $identity ? $identity->getRole() : UserEntity::ROLE_GUEST; list($moduleName, $controllerName, $actionName) = $this->namesResolver->resolve($e); if ($this->acl->isAllowed($role, $moduleName, $controllerName . ':' . $actionName)) { $e->getViewModel()->setVariable('acl', $this->acl); return $response; } $this->getEventManager()->trigger(self::EVENT_IS_NOT_ALLOWED, $e->getTarget()); $router = $e->getRouter(); if ($role !== UserEntity::ROLE_GUEST) { $url = $router->assemble(['controller' => 'no-access'], ['name' => 'auth/default']); } else { $url = $router->assemble(['controller' => 'login'], ['name' => 'access/default']); } $response->setStatusCode(302); $response->getHeaders()->clearHeaders(); $response->getHeaders()->addHeaderLine('Location', $url); $e->stopPropagation(); return $response; }
/** * @private * @param MvcEvent $event * @return void */ public function onError(MvcEvent $event) { // Do nothing if no error or if response is not HTTP response if (!$event->getParam('exception') instanceof UnauthorizedExceptionInterface || $event->getResult() instanceof HttpResponse || !$event->getResponse() instanceof HttpResponse) { return; } $router = $event->getRouter(); if ($this->authenticationService->hasIdentity()) { if (!$this->options->getRedirectWhenConnected()) { return; } $redirectRoute = $this->options->getRedirectToRouteConnected(); } else { $redirectRoute = $this->options->getRedirectToRouteDisconnected(); } $uri = $router->assemble([], ['name' => $redirectRoute]); if ($this->options->getAppendPreviousUri()) { $redirectKey = $this->options->getPreviousUriQueryKey(); $previousUri = $event->getRequest()->getUriString(); $uri = $router->assemble([], ['name' => $redirectRoute, 'query' => [$redirectKey => $previousUri]]); } $response = $event->getResponse() ?: new HttpResponse(); $response->getHeaders()->addHeaderLine('Location', $uri); $response->setStatusCode(302); $event->setResponse($response); $event->setResult($response); }
/** * @todo Remove the AnonymousIdentity instantiation. This belongs in an Authentication Adapter * @return Identity */ public function getIdentity() { $identity = $this->authenticationService->getIdentity(); if (is_null($identity)) { $identity = new AnonymousIdentity(); } return $identity; }
/** * @return Context */ public function createContext() { $context = new Context(); $token = $this->tokenStorage->getIdentity(); if (null !== $token) { $context->set('username', $this->tokenStorage->getIdentity()); } return $context; }
public function __invoke(Request $req, Response $res) { $result = $this->authService->authenticate(); if (!$result->isValid()) { $this->flash->addMessage('danger', reset($result->getMessages())); return $res->withRedirect($this->loginUrl); } return $res->withRedirect($this->successUrl); }
public function __invoke(ServerRequestInterface $req, Response $res) { if ($this->authService->hasIdentity()) { $identity = $this->authService->getIdentity(); $events = $this->events; $this->authService->clearIdentity(); $events('trigger', 'logout', $identity, $this->redirectUrl); } return $res->withRedirect($this->redirectUrl); }
public function assert(Acl $acl, RoleInterface $role = null, ResourceInterface $resource = null, $privilege = null) { $identity = $this->authService->getIdentity(); $user = R::load('user', $identity->id); if (!($school = $user->school)) { return false; } $appForm = $this->appFormService->findSchoolApplicationForm($school->id); return null === $appForm; }
/** * Retrieve the current identity, if any. * * If none is present, returns null. * * @return mixed|null * @throws Exception\RuntimeException */ public function __invoke() { if (!$this->authenticationService instanceof AuthenticationServiceInterface) { throw new Exception\RuntimeException('No AuthenticationServiceInterface instance provided; cannot lookup identity'); } if (!$this->authenticationService->hasIdentity()) { return; } return $this->authenticationService->getIdentity(); }
public function login(InputFilterInterface $filter) { if (!$filter->isValid()) { throw new \LogicException('Form is not valid'); } $this->authAdapter->setIdentity($filter->getValue('login')); $this->authAdapter->setCredential($filter->getValue('password')); $result = $this->authenticationService->authenticate($this->authAdapter); return $result->isValid(); }
/** * Attempt to authenticate the current request. * * @param Request $request * @param Response $response * @param MvcAuthEvent $mvcAuthEvent * @return false|IdentityInterface False on failure, IdentityInterface * otherwise */ public function authenticate(Request $request, Response $response, MvcAuthEvent $mvcAuthEvent) { $this->httpAuth->setRequest($request); $this->httpAuth->setResponse($response); $result = $this->authenticationService->authenticate($this->httpAuth); $mvcAuthEvent->setAuthenticationResult($result); if (! $result->isValid()) { return false; } $resultIdentity = $result->getIdentity(); // Pass fully discovered identity to AuthenticatedIdentity instance $identity = new Identity\AuthenticatedIdentity($resultIdentity); // But determine the name separately $name = $resultIdentity; if (is_array($resultIdentity)) { $name = isset($resultIdentity['username']) ? $resultIdentity['username'] : (string) array_shift($resultIdentity); } $identity->setName($name); return $identity; }
/** * Delegate checking of user credentials to ZfcUser's onboard adapter chain * * @param string $username * @param string $password * @return boolean */ public function checkUserCredentials($username, $password) { $request = new \Zend\Http\Request(); $request->getPost()->set('identity', $username); $request->getPost()->set('credential', $password); $adapterResult = $this->authAdapter->prepareForAuthentication($request); if ($adapterResult instanceof \Zend\Stdlib\ResponseInterface) { return false; } $authResult = $this->auth->authenticate($this->authAdapter); if (!$authResult->isValid()) { $this->authAdapter->resetAdapters(); return false; } return true; }
public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next = null) { $registration = $this->service->registrationPath(); $logout = $this->service->logoutPath(); $login = $this->service->loginPath(); $base = $this->service->basePath(); $uri = $request->getUri(); $path = $uri->getPath(); if ($path === $logout) { $this->service->clearIdentity(); // including the user session return $this->redirectTo($uri->withPath($login)); } // Disallow to render the view (by default) if not authenticated if (!$this->service->hasIdentity()) { switch ($path) { case $login: return $next($request, $response); case $registration: return $next($request, $response); default: return $this->redirectTo($uri->withPath($login)); } } switch ($path) { case $login: return $this->redirectTo($uri->withPath($base)); case $registration: return $this->redirectTo($uri->withPath($base)); } return $next($request, $response); }
public function __invoke(Request $req, Response $res) { $identity = $this->authService->getIdentity(); if (null === $identity) { return $res; } $user = R::load('user', $identity->id); if (!$user->school_id) { return $res; } $school_id = $user->school_id; $sync = $this->syncFromInventory; $result = $sync($school_id); if (false === $result) { return $res->withStatus(500); } return $res->withJson($result); }
/** * @dataProvider dataForPrepareExceptionViewModel */ public function testPrepareExceptionViewModel($error, $result, $exception, $hasIdentity, $isActive, $expectedSetResultCalled) { $this->event->expects($this->any())->method('getError')->willReturn($error); $this->event->expects($this->any())->method('getResult')->willReturn($result); $this->event->expects($this->any())->method('getParam')->with($this->equalTo('exception'))->willReturn($exception); $this->auth->expects($this->any())->method('hasIdentity')->willReturn($hasIdentity); $this->user->expects($this->any())->method('isActive')->willReturn($isActive); $this->event->expects($this->exactly($expectedSetResultCalled))->method('setResult'); $this->listener->prepareExceptionViewModel($this->event); }
public function __invoke(Request $req, Response $res, callable $next) { $res = $next($req, $res); $identity = $this->authService->getIdentity(); if (null === $identity) { return $res; } $user = R::load('user', $identity->id); if (!$user->school_id) { return $res; } $school_id = $user->school_id; if (0 < count($this->labService->getLabsBySchoolId($school_id))) { return $res; } $sync = $this->syncFromInventory; $sync($school_id); return $res; }
public function testValidLogin() { $request = new Request(); $response = new Response(); $serieTokenInCookie = new SerieToken(1, 'abc', 'def'); $newSerie = new SerieToken(1, 'abc', 'ghi'); // Assume valid user $this->userMapper->expects($this->once())->method('findById')->will($this->returnValue($this->getMock('ZfcUser\\Entity\\UserInterface'))); // Request contains cookie $this->cookieService->expects($this->once())->method('read')->with($request, $response)->will($this->returnValue($serieTokenInCookie)); // Response contains updated cookie $this->cookieService->expects($this->once())->method('writeSerie')->with($response, $newSerie); $newSerie->setExpiresAt(new \DateTime('+3 days')); $this->rememberMeService->expects($this->once())->method('getNextInSerie')->with($serieTokenInCookie)->will($this->returnValue($newSerie)); $this->authService->expects($this->once())->method('authenticate'); $eventManager = $this->getMock('Zend\\EventManager\\EventManagerInterface'); $this->service->setEventManager($eventManager); $eventManager->expects($this->once())->method('trigger')->with('login', $this->service, ['token' => $newSerie]); $this->service->loginFrom($request, $response); }
/** * Determines whether or not user has access to requested resource. * * @param ServerRequestInterface $request * @param ResponseInterface $response * @param callable $next * * @return ResponseInterface */ public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next) { $route = $request->getAttribute('route', null); if ($route === null) { // User likely accessing a nonexistent route. Calling next middleware. return $next($request, $response); } $role = $this->getRole($this->auth->getIdentity()); $resource = $route->getPattern(); /* * THIS BUG HAPPENED WHEN ROUTE DID NOT SET ->allow([roles]) * Hope fix problems when an optional / maybe followed by arguments * Route::group('/venues', function (){ Route::get('/', ... Route::get('[/{id:[0-9]+}]', ... dont work for groups that do not have a sub route like '/' */ // $resource = preg_replace("|\[\/[^\[].*\]|", "/", $route->getPattern()); // $resource = $route->getIdentifier(); $privilege = $request->getMethod(); // $isAllowed = false; // if(!$this->acl && $route instanceof AuthorizableRoute){ // $route->getAcl()->isAllowed($role, $resource, $privilege); // } else { // $this->acl->isAllowed($role, $resource, $privilege); // } // var_dump($this->acl); $isAllowed = $this->acl->isAllowed($role, $resource, $privilege); $isAuthenticated = $this->auth->hasIdentity(); if ($isAllowed) { return $next($request, $response); } if ($isAuthenticated) { // Authenticated but unauthorized for this resource return $this->handler->notAuthorized($response); } // Not authenticated and must be authenticated to access this resource return $this->handler->notAuthenticated($response); }
public function __construct(AuthenticationServiceInterface $authService, AclInterface $acl, $config = null) { $this->authService = $authService; if (is_array($config)) { if (isset($config['acl']) && !empty($config['acl']['defaultRole'])) { $defaultRole = $config['acl']['defaultRole']; if (!$defaultRole instanceof RoleInterface) { $defaultRole = new GenericRole($defaultRole); } $this->setDefaultRole($defaultRole); } } $this->setAcl($acl); $this->setDefaultAcl($acl); $identity = $this->authService->getIdentity(); if ($identity) { $role = $identity->getRole(); if (!$role instanceof RoleInterface) { $role = new GenericRole($role); } $this->setRole($role); } }
public function logout() { $this->authenticationService->clearIdentity(); }
/** * @return \Zend\Http\Response */ public function addEmailAction() { $this->addEmailService->addEmail($this->params()->fromPost(), $this->authService->getIdentity()); return $this->redirect()->toRoute('PServerCore/user', ['action' => 'index']); }
/** * {@inheritDoc} */ public function getIdentity() { return $this->authenticationService->getIdentity(); }
public function __invoke(Request $req, Response $res) { $school = $req->getAttribute('school'); if ($req->isPost()) { $reqParams = $req->getParams(); array_splice($reqParams['items'], 0, 0); $this->appFormInputFilter->setData(array_merge($reqParams, ['school_id' => $school->id, 'submitted_by' => $this->authService->getIdentity()->mail])); $isValid = $this->appFormInputFilter->isValid(); if ($isValid) { $data = $this->appFormInputFilter->getValues(); $appForm = $this->appFormService->submit($data); $_SESSION['applicationForm']['appForm'] = $appForm; $res = $res->withRedirect($this->successUrl); return $res; } $this->view['form'] = ['is_valid' => $isValid, 'values' => $this->appFormInputFilter->getValues(), 'raw_values' => $this->appFormInputFilter->getRawValues(), 'messages' => $this->appFormInputFilter->getMessages()]; } $loadForm = (bool) $req->getParam('load', false); $this->view['choose'] = !$loadForm && !$req->isPost(); if (!$req->isPost() && $loadForm) { // take care of new options in applications and migrate existing ones if (null !== ($appForm = $this->appFormService->findSchoolApplicationForm($school->id))) { /** * Do mapping of old items to new only if items do exist (old form) * and the map is available at the app settings. * TODO: Only one version migrations are supported. If the old items are * two or more versions older, they will not be handled. */ // get the existing (db) application form version $items_version = $this->version; if (isset($appForm['items']) && \count($appForm['items']) > 0) { $items_version = array_values($appForm['items'])[0]['version']; } if ($this->version != $items_version && isset($appForm['items']) && isset($this->container['settings']['application_form']['itemcategory']['map']) && $this->container['settings']['application_form']['itemcategory']['map']['fromversion'] == $items_version && $this->container['settings']['application_form']['itemcategory']['map']['toversion'] == $this->version && isset($this->container['settings']['application_form']['itemcategory']['map']['items'])) { // if map exists for this version, use it $items_map = $this->container['settings']['application_form']['itemcategory']['map']['items']; $appForm['items'] = array_map(function ($item) use($items_map) { $migrate_values = []; if (isset($items_map[$item['itemcategory_id']]) && intval($items_map[$item['itemcategory_id']]) > 0) { $migrate_values = ['itemcategory_prev' => $item['itemcategory_id'], 'itemcategory_id_prev' => $item['itemcategory_id'], 'itemcategory_id' => intval($items_map[$item['itemcategory_id']])]; } else { $migrate_values = ['itemcategory_prev' => '', 'itemcategory_id_prev' => -1]; } $migrate_values['prev_form_load'] = true; return array_merge($item, $migrate_values); }, $appForm['items']); } elseif ($this->version != $items_version && isset($appForm['items']) && isset($this->container['settings']['application_form']['itemcategory']['map']) && ($this->container['settings']['application_form']['itemcategory']['map']['fromversion'] != $items_version || $this->container['settings']['application_form']['itemcategory']['map']['toversion'] != $this->version)) { // if map does not exist for this version, notify user $items_map = $this->container['settings']['application_form']['itemcategory']['map']['items']; $appForm['items'] = array_map(function ($item) use($items_map) { $migrate_values = ['itemcategory_prev' => '', 'itemcategory_id_prev' => -2, 'prev_form_load' => true]; return array_merge($item, $migrate_values); }, $appForm['items']); } $this->view['form'] = ['values' => $appForm]; } } $labs = $this->labService->getLabsBySchoolId($school->id); $res = $this->view->render($res, 'application_form/form.twig', ['lab_choices' => array_map(function ($lab) { return ['value' => $lab['id'], 'label' => $lab['name']]; }, $labs), 'type_choices' => array_map(function ($category) { return ['value' => $category['id'], 'label' => $category['name']]; }, $this->assetsService->getAllItemCategories($this->version))]); return $res; }
private function logoutAndRediret(Response $res, $message) { $this->authService->clearIdentity(); $this->flash->addMessage('danger', $message); return $res->withRedirect($this->unitNotFoundRedirectUrl); }
public function init() { $this->add(['name' => 'token', 'required' => true]); $this->add(['name' => 'identity', 'required' => true]); $this->add(['name' => 'credential', 'required' => true, 'validators' => [['name' => 'Zend\\Authentication\\Validator\\Authentication', 'options' => ['adapter' => $this->authenticationService->getAdapter(), 'service' => $this->authenticationService, 'identity' => 'identity', 'credential' => 'credential']]]]); }