/**
* Authorizes the user with his username and password. Initializes
* the user session if the user data are valid.
*
* @access protected
* @param \Zepi\Turbo\Framework $framework
* @param \Zepi\Turbo\Request\RequestAbstract $request
* @param \Zepi\Turbo\Response\Response $response
* @return string|boolean
*/
protected function generateNewPassword(Framework $framework, RequestAbstract $request, Response $response)
{
$uuid = $request->getRouteParam('uuid');
$token = $request->getRouteParam('token');
if ($uuid === false || !$this->userManager->hasUserForUuid($uuid) || $token === false) {
$response->redirectTo('/');
return;
}
// Load the user
$user = $this->userManager->getUserForUuid($uuid);
if ($user->getMetaData('passwordRequestToken') == '') {
return array('result' => false, 'message' => $this->translate('You haven\'t requested a new password.', '\\Zepi\\Web\\AccessControl'));
}
// If the validate function returned a string there was an error in the validation.
if ($user->getMetaData('passwordRequestToken') !== $token || $user->getMetaData('passwordRequestTokenLifetime') < time()) {
return array('result' => false, 'message' => $this->translate('The given token is invalid or expired. Please request a new password.', '\\Zepi\\Web\\AccessControl'));
}
// Generate a new password
$password = $this->generateRandomPassword();
// Save the new password
$user->setNewPassword($password);
// Reset the token
$user->setMetaData('passwordRequestToken', '');
$user->setMetaData('passwordRequestTokenLifetime', 0);
// Update the user
$this->userManager->updateUser($user);
// Send the request mail
$this->mailHelper->sendMail($user->getMetaData('email'), $this->translate('New password generated', '\\Zepi\\Web\\AccessControl'), $this->render('\\Zepi\\Web\\AccessControl\\Mail\\GenerateNewPassword', array('user' => $user, 'password' => $password)));
return array('result' => true, 'message' => $this->translate('Your new password is generated and saved. You will receive an email with the new password.', '\\Zepi\\Web\\AccessControl'));
}
/**
* Verifies the session tokens and the session token life time and
* loads the user for the session.
*
* @access protected
* @param \Zepi\Turbo\Framework $framework
* @param \Zepi\Turbo\Request\WebRequest $request
* @param \Zepi\Turbo\Response\Response $response
* @return boolean
*/
protected function reinitializeUserSession(Framework $framework, WebRequest $request, Response $response)
{
$token = $request->getSessionData('userSessionToken');
$lifetime = $request->getSessionData('userSessionTokenLifetime');
list($notValid, $token, $lifetime, $userUuid) = $this->verifyToken($request, $token, $lifetime);
// We do not load any user session because this session isn't
// okey. Our session token is not set or the lifetime is invalid or expired.
// This is maybe an expired session or a hijacking attack...
if ($notValid) {
$this->cleanupSession($request);
$this->regenerateSession($request);
return false;
}
// Load the user
$user = $this->userManager->getUserForUuid($userUuid);
// If the user is disabled we cannot initialize the session
if (!$user->hasAccess('\\Global\\*') && $user->hasAccess('\\Global\\Disabled')) {
return false;
}
// Generate a new session object
$session = new Session($user, $token, $lifetime);
$request->setSession($session);
// Generate a new token if the lifetime expires soon...
if ($lifetime - 30 < time()) {
$this->initializeUserSession($request, $response, $user);
}
return true;
}
/**
* Displays the edit user form and saves the data to the database.
*
* @access public
* @param \Zepi\Turbo\Framework $framework
* @param \Zepi\Turbo\Request\WebRequest $request
* @param \Zepi\Turbo\Response\Response $response
*/
public function execute(Framework $framework, WebRequest $request, Response $response)
{
$uuid = $request->getRouteParam('uuid');
// If there is a request parameter we need to edit a user. Otherwise we create a new one.
if (is_string($uuid)) {
$additionalTitle = $this->translate('Modify user', '\\Zepi\\Web\\AccessControl');
$user = $this->userManager->getUserForUuid($uuid);
} else {
$additionalTitle = $this->translate('Add user', '\\Zepi\\Web\\AccessControl');
$user = new User('', '', '', '', array());
}
$title = $this->translate('User management', '\\Zepi\\Web\\AccessControl');
$this->layout->setUser($user);
// Prepare the page
$this->activateMenuEntry('user-administration');
$this->setTitle($title, $additionalTitle);
// Process the data
$result = $this->processFormData($request, $user);
if ($result === true) {
// Display the successful saved message
$response->setOutput($this->render('\\Zepi\\Web\\AccessControl\\Templates\\Administration\\EditUserFinished', array('title' => $this->getTitle())));
} else {
// Display the form
$response->setOutput($this->render('\\Zepi\\Web\\AccessControl\\Templates\\Administration\\EditUserForm', array('user' => $user, 'title' => $this->getTitle(), 'layout' => $this->layout->getLayout(), 'layoutRenderer' => $this->getLayoutRenderer())));
}
}
/**
* Activates the user or returns an error message
*
* @access protected
* @param string $uuid
* @param string $activationToken
* @return array
*/
protected function activateUser($uuid, $activationToken)
{
// Check the uuid
if (!$this->userManager->hasUserForUuid($uuid)) {
return array('result' => false, 'message' => $this->translate('Account with the given UUID does not exist.', '\\Zepi\\Web\\AccessControl'));
}
// Compare the activation token
$user = $this->userManager->getUserForUuid($uuid);
if ($user->getMetaData('activationToken') !== $activationToken) {
return array('result' => false, 'message' => $this->translate('The given activation token is not valid.', '\\Zepi\\Web\\AccessControl'));
}
// Remove the disabled access level
$this->accessControlManager->revokePermission($uuid, get_class($user), '\\Global\\Disabled');
$this->accessControlManager->grantPermission($uuid, get_class($user), '\\Global\\Active', 'Activation');
return array('result' => true, 'message' => $this->translate('Your account was activated successfully.', '\\Zepi\\Web\\AccessControl'));
}
/**
* Displays the edit user form and saves the data to the database.
*
* @access public
* @param \Zepi\Turbo\Framework $framework
* @param \Zepi\Turbo\Request\WebRequest $request
* @param \Zepi\Turbo\Response\Response $response
*/
public function execute(Framework $framework, WebRequest $request, Response $response)
{
// Prepare the page
$additionalTitle = $this->translate('Delete user', '\\Zepi\\Web\\AccessControl');
$title = $this->translate('User management', '\\Zepi\\Web\\AccessControl') . ' - ' . $additionalTitle;
$this->setTitle($title, $additionalTitle);
$this->activateMenuEntry('user-administration');
// Get the user
$uuid = $request->getRouteParam('uuid');
// If the UUID does not exists redirect to the overview page
if (!is_string($uuid) || !$this->userManager->hasUserForUuid($uuid)) {
$response->redirectTo($request->getFullRoute('/administration/users/'));
return;
}
$user = $this->userManager->getUserForUuid($uuid);
// If $result isn't true, display the edit user form
if ($request->getRouteParam('confirmation') === 'confirmed') {
$this->userManager->deleteUser($user);
$response->setOutput($this->render('\\Zepi\\Web\\AccessControl\\Templates\\Administration\\DeleteUserFinished', array('user' => $user)));
} else {
// Display the delete user confirmation
$response->setOutput($this->render('\\Zepi\\Web\\AccessControl\\Templates\\Administration\\DeleteUser', array('user' => $user)));
}
}
