/** * @param AdapterChainEvent $e */ public function authenticate(AdapterChainEvent $e) { if (!$this->isValidRequestAndResponse()) { return; } $serieToken = $this->getRememberMeService()->createNew($e->getIdentity()); $this->getCookieService()->writeSerie($this->getResponse(), $serieToken); }
public function authenticate(AdapterChainEvent $e) { if ($this->isSatisfied()) { $storage = $this->getStorage()->read(); $e->setIdentity($storage['identity'])->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.')); return; } $identity = $e->getRequest()->getPost()->get('identity'); $credential = $e->getRequest()->getPost()->get('credential'); $userObject = null; // Cycle through the configured identity sources and test each $fields = $this->getOptions()->getAuthIdentityFields(); while (!is_object($userObject) && count($fields) > 0) { $mode = array_shift($fields); switch ($mode) { case 'username': $userObject = $this->getMapper()->findByUsername($identity); break; case 'email': $userObject = $this->getMapper()->findByEmail($identity); break; } } if (!$userObject) { $e->setCode(AuthenticationResult::FAILURE_IDENTITY_NOT_FOUND)->setMessages(array('A record with the supplied identity could not be found.')); $this->setSatisfied(false); return false; } if ($this->getOptions()->getEnableUserState()) { // Don't allow user to login if state is not in allowed list if (!in_array($userObject->getState(), $this->getOptions()->getAllowedLoginStates())) { $e->setCode(AuthenticationResult::FAILURE_UNCATEGORIZED)->setMessages(array('A record with the supplied identity is not active.')); $this->setSatisfied(false); return false; } } $bcrypt = new Bcrypt(); $bcrypt->setCost($this->getOptions()->getPasswordCost()); if (!$bcrypt->verify($credential, $userObject->getPassword())) { // Password does not match $e->setCode(AuthenticationResult::FAILURE_CREDENTIAL_INVALID)->setMessages(array('Supplied credential is invalid.')); $this->setSatisfied(false); return false; } // regen the id $session = new SessionContainer($this->getStorage()->getNameSpace()); $session->getManager()->regenerateId(); // Success! $e->setIdentity($userObject->getId()); // Update user's password hash if the cost parameter has changed $this->updateUserPasswordHash($userObject, $credential, $bcrypt); $this->setSatisfied(true); $storage = $this->getStorage()->read(); $storage['identity'] = $e->getIdentity(); $this->getStorage()->write($storage); $e->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.')); }
public function testGeneratesSerieToken() { $event = new AdapterChainEvent(); $event->setIdentity(3); $returnToken = new SerieToken(3, 'abc', 'def'); $returnToken->setExpiresAt(new \DateTime('+3 days')); $this->rememberMeService->expects($this->once())->method('createNew')->with(3)->will($this->returnValue($returnToken)); $this->cookieService->expects($this->once())->method('writeSerie')->with($this->response, $returnToken); $this->listener->authenticate($event); }
public function authenticate(AuthEvent $e) { if ($this->isSatisfied()) { $storage = $this->getStorage()->read(); $e->setIdentity($storage['identity'])->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.')); return; } $identity = $e->getRequest()->post()->get('identity'); $credential = $e->getRequest()->post()->get('credential'); $credential = $this->preProcessCredential($credential); $userObject = $this->getMapper()->findByEmail($identity); if (!$userObject && ZfcUser::getOption('enable_username')) { // Auth by username $userObject = $this->getMapper()->findByUsername($identity); } if (!$userObject) { $e->setCode(AuthenticationResult::FAILURE_IDENTITY_NOT_FOUND)->setMessages(array('A record with the supplied identity could not be found.')); $this->setSatisfied(false); return false; } $credentialHash = Password::hash($credential, $userObject->getPassword()); if ($credentialHash !== $userObject->getPassword()) { // Password does not match $e->setCode(AuthenticationResult::FAILURE_CREDENTIAL_INVALID)->setMessages(array('Supplied credential is invalid.')); $this->setSatisfied(false); return false; } // Success! $e->setIdentity($userObject->getUserId()); $this->updateUserPasswordHash($userObject, $credential)->updateUserLastLogin($userObject)->setSatisfied(true); $storage = $this->getStorage()->read(); $storage['identity'] = $e->getIdentity(); $this->getStorage()->write($storage); $e->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.')); }
/** * {@inheritDoc} */ public function authenticate(AdapterChainEvent $e) { if ($e->getIdentity()) { $user = $this->getEntityManager()->find('User\\Entity\\User', $e->getIdentity()); $registrationRecord = $this->getEntityManager()->getRepository('User\\Entity\\Registration')->findOneByUser($user); if (!$registrationRecord || !$registrationRecord->getResponded()) { $e->setCode(AuthenticationResult::FAILURE)->setMessages(['Email Address not verified yet']); return false; } return true; } return false; }
/** * @param AdapterChainEvent $e * @return bool */ public function authenticate(AdapterChainEvent $e) { if ($e->getIdentity()) { $userObject = $this->userMapper->findById($e->getIdentity()); $registrationRecord = $this->userRegistrationMapper->findByUser($userObject); if (!$registrationRecord || !$registrationRecord->isResponded()) { $e->setCode(AuthenticationResult::FAILURE)->setMessages(array('Email Address not verified yet')); return false; } return true; } return false; }
/** * {@inheritDoc} */ public function authenticate(AuthEvent $e) { // check if cookie needs to be set, only when prior auth has been successful if ($e->getIdentity() !== null && $e->getRequest()->isPost() && array_key_exists('remember_me', $e->getRequest()->getPost())) { $user = $this->getEntityManager()->find('User\\Entity\\User', $e->getIdentity()); // remove already set cookies $rememberMe = $this->getEntityManager()->getRepository($this->getOptions()->getCookieEntityClass())->findOneByUser($user); if ($rememberMe) { $this->getCookieService()->removeCookie(); $this->getEntityManager()->remove($rememberMe); $this->getEntityManager()->flush(); } $this->getCookieService()->createSerie($user); /** * If the user has first logged in with a cookie, * but afterwords login with identity/credential * we remove the "cookieLogin" session. */ $session = new Container('zfcuser'); $session->offsetSet("cookieLogin", false); return; } if ($this->isSatisfied()) { $storage = $this->getStorage()->read(); $e->setIdentity($storage['identity'])->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.')); return; } $cookies = $e->getRequest()->getCookie(); // no cookie present, skip authentication if (!isset($cookies['remember_me'])) { return false; } $cookie = explode("\n", $cookies['remember_me']); $cookieUser = $this->getEntityManager()->find('User\\Entity\\User', $cookie[0]); $rememberMe = $this->getEntityManager()->getRepository($this->getOptions()->getCookieEntityClass())->findOneBy(['user' => $cookieUser, 'sid' => $cookie[1]]); if (!$rememberMe) { $this->getCookieService()->removeCookie(); return false; } if ($rememberMe->getToken() !== $cookie[2]) { $entities = $this->getEntityManager()->getRepository($this->getOptions()->getCookieEntityClass())->findByUser($user); foreach ($entities as $entity) { $this->getEntityManager()->remove($entity); } $this->getCookieService()->removeCookie(); $this->setSatisfied(false); $e->setCode(AuthenticationResult::FAILURE)->setMessages(array('Possible identity theft detected.')); $this->getEntityManager()->flush(); return false; } $this->getCookieService()->updateSerie($rememberMe); $e->setIdentity($cookieUser->getId()); $this->setSatisfied(true); $storage = $this->getStorage()->read(); $storage['identity'] = $e->getIdentity(); $this->getStorage()->write($storage); $e->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.')); $session = new Container('zfcuser'); $session->offsetSet("cookieLogin", true); }
public function authenticate(AuthEvent $e) { if ($this->isSatisfied()) { $storage = $this->getStorage()->read(); $e->setIdentity($storage['identity'])->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.')); return; } $identity = $e->getRequest()->getPost()->get('identity'); $credential = $e->getRequest()->getPost()->get('credential'); $credential = $this->preProcessCredential($credential); $userObject = NULL; // Cycle through the configured identity sources and test each $fields = $this->getOptions()->getAuthIdentityFields(); while (!is_object($userObject) && count($fields) > 0) { $mode = array_shift($fields); switch ($mode) { case 'username': $userObject = $this->getMapper()->findByUsername($identity); break; case 'email': $userObject = $this->getMapper()->findByEmail($identity); break; } } if (!$userObject) { $e->setCode(AuthenticationResult::FAILURE_IDENTITY_NOT_FOUND)->setMessages(array('A record with the supplied identity could not be found.')); $this->setSatisfied(false); return false; } $bcrypt = new Bcrypt(); $bcrypt->setCost($this->getOptions()->getPasswordCost()); if (!$bcrypt->verify($credential, $userObject->getPassword())) { // Password does not match $e->setCode(AuthenticationResult::FAILURE_CREDENTIAL_INVALID)->setMessages(array('Supplied credential is invalid.')); $this->setSatisfied(false); return false; } // Success! $e->setIdentity($userObject->getId()); // Update user's password hash if the cost parameter has changed $this->updateUserPasswordHash($userObject, $credential, $bcrypt); $this->setSatisfied(true); $storage = $this->getStorage()->read(); $storage['identity'] = $e->getIdentity(); $this->getStorage()->write($storage); $e->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.')); }
public function authenticate(AuthEvent $e) { $mapper = $this->getServiceManager()->get('apiuser_user_mapper'); $this->setMapper($mapper); if ($this->isSatisfied()) { $storage = $this->getStorage()->read(); $e->setIdentity($storage['identity'])->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.')); return; } $identity = $e->getRequest()->getPost()->get('identity'); $credential = $e->getRequest()->getPost()->get('credential'); $credential = $this->preProcessCredential($credential); $userObject = null; // Cycle through the configured identity sources and test each $fields = $this->getOptions()->getAuthIdentityFields(); while (!is_object($userObject) && count($fields) > 0) { $mode = array_shift($fields); switch ($mode) { case 'apiKey': $userObject = $this->getMapper()->findByApiKey($identity); break; } } if (!$userObject) { $e->setCode(AuthenticationResult::FAILURE_IDENTITY_NOT_FOUND)->setMessages(array('A record with the supplied identity could not be found.')); $this->setSatisfied(false); return false; } if ($this->getOptions()->getEnableUserState()) { // Don't allow user to login if state is not in allowed list if (!in_array($userObject->getState(), $this->getOptions()->getAllowedLoginStates())) { $e->setCode(AuthenticationResult::FAILURE_UNCATEGORIZED)->setMessages(array('A record with the supplied identity is not active.')); $this->setSatisfied(false); return false; } } // Success! $e->setIdentity($userObject->getId()); $this->setSatisfied(true); $storage = $this->getStorage()->read(); $storage['identity'] = $e->getIdentity(); $this->getStorage()->write($storage); $e->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.')); }
public function testRequest() { $request = $this->getMock('Zend\\Stdlib\\RequestInterface'); $this->event->setRequest($request); $this->assertInstanceOf('Zend\\Stdlib\\RequestInterface', $this->event->getRequest()); }
/** * Realiza a autenticacao a partir do token de acesso * * @param AuthEvent $e * * @return bool */ public function authenticateByToken(AuthEvent $e) { if ($this->isSatisfied()) { $storage = $this->getStorage()->read(); $e->setIdentity($storage['identity'])->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.')); return true; } $hash = $e->getRequest()->getQuery()->get('userkey'); //voltar ao arrumar a gravação do hash //$userObject = $this->getMapper()->findByHash($hash); //remover $userObject = $this->getMapper()->findById($hash); if (!$userObject) { $e->setCode(AuthenticationResult::FAILURE_IDENTITY_NOT_FOUND)->setMessages(array('falha identidade')); $this->setSatisfied(false); return false; } /* @var \Application\Entity\Usuario $userObject */ /*$validDate = new Carbon($userObject->getDataValidadeHash()); if ($validDate->diffInDays(Carbon::now(), false) > 0) { $e->setCode(AuthenticationResult::FAILURE_IDENTITY_NOT_FOUND) ->setMessages(array(Mensagens::getMensagem('M05'))); $this->setSatisfied(false); return false; }*/ $this->getMapper()->resetAccessAttempts($userObject->getId()); $this->getMapper()->setLastAccess($userObject->getId()); // regen the id $session = new SessionContainer($this->getStorage()->getNameSpace()); $session->getManager()->regenerateId(); // Success! $e->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.')); $e->setIdentity($userObject->getId()); $this->setSatisfied(true); $storage = $this->getStorage()->read(); $storage['identity'] = $e->getIdentity(); $this->getStorage()->write($storage); }
public function authenticate(AuthEvent $e) { $userObject = null; $zulConfig = $this->serviceManager->get('ZfcUserLdap\\Config'); if ($this->isSatisfied()) { $storage = $this->getStorage()->read(); $e->setIdentity($storage['identity'])->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.')); return; } // Get POST values $identity = $e->getRequest()->getPost()->get('identity'); $credential = $e->getRequest()->getPost()->get('credential'); // Start auth against LDAP $ldapAuthAdapter = $this->serviceManager->get('ZfcUserLdap\\LdapAdapter'); if ($ldapAuthAdapter->authenticate($identity, $credential) !== true) { // Password does not match $e->setCode(AuthenticationResult::FAILURE_CREDENTIAL_INVALID)->setMessages(array('Supplied credential is invalid.')); $this->setSatisfied(false); return false; } $validator = new EmailAddress(); if ($validator->isValid($identity)) { $ldapObj = $ldapAuthAdapter->findByEmail($identity); } else { $ldapObj = $ldapAuthAdapter->findByUsername($identity); } if (!is_array($ldapObj)) { throw new UnexpectedExc('Ldap response is invalid returned: ' . var_export($ldapObj, true)); } // LDAP auth Success! $fields = $this->getOptions()->getAuthIdentityFields(); // Create the user object entity via the LDAP object $userObject = $this->getMapper()->newEntity($ldapObj); // If auto insertion is on, we will check against DB for existing user, // then will create or update user depending on results and settings if ($zulConfig['auto_insertion']['enabled']) { $validator = new EmailAddress(); if ($validator->isValid($identity)) { $userDbObject = $this->getMapper()->findByEmail($identity); } else { $userDbObject = $this->getMapper()->findByUsername($identity); } if ($userDbObject === false) { $userObject = $this->getMapper()->updateDb($ldapObj, null); } elseif ($zulConfig['auto_insertion']['auto_update']) { $userObject = $this->getMapper()->updateDb($ldapObj, $userDbObject); } else { $userObject = $userDbObject; } } // Something happened that should never happen if (!$userObject) { $e->setCode(AuthenticationResult::FAILURE_IDENTITY_NOT_FOUND)->setMessages(array('A record with the supplied identity could not be found.')); $this->setSatisfied(false); return false; } // We don't control state, however if someone manually alters // the DB, this will throw the code then if ($this->getOptions()->getEnableUserState()) { // Don't allow user to login if state is not in allowed list if (!in_array($userObject->getState(), $this->getOptions()->getAllowedLoginStates())) { $e->setCode(AuthenticationResult::FAILURE_UNCATEGORIZED)->setMessages(array('A record with the supplied identity is not active.')); $this->setSatisfied(false); return false; } } // Set the roles for stuff like ZfcRbac $userObject->setRoles($this->getMapper()->getLdapRoles($ldapObj)); // Success! $e->setIdentity($userObject); $this->setSatisfied(true); $storage = $this->getStorage()->read(); $storage['identity'] = $userObject; $this->getStorage()->write($storage); $e->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.')); }
/** * Realiza a autenticacao a partir do token de acesso * * @param AuthEvent $e * * @return bool */ public function authenticateByToken(AuthEvent $e) { if ($this->isSatisfied()) { $storage = $this->getStorage()->read(); $e->setIdentity($storage['identity'])->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.')); return true; } $hash = $e->getRequest()->getQuery()->get('userkey'); //voltar ao arrumar a gravação do hash //$userObject = $this->getMapper()->findByHash($hash); //remover $userObject = $this->getMapper()->findById($hash); if (!$userObject) { $e->setCode(AuthenticationResult::FAILURE_IDENTITY_NOT_FOUND)->setMessages(array('ssMensagens')); $this->setSatisfied(false); return false; } $this->getMapper()->resetAccessAttempts($userObject->getId()); $this->getMapper()->setLastAccess($userObject->getId()); // regen the id $session = new SessionContainer($this->getStorage()->getNameSpace()); $session->getManager()->regenerateId(); // Success! $e->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.')); $e->setIdentity($userObject->getId()); $this->setSatisfied(true); $storage = $this->getStorage()->read(); $storage['identity'] = $e->getIdentity(); $this->getStorage()->write($storage); }
public function authenticate(AuthEvent $authEvent) { if ($this->isSatisfied()) { $storage = $this->getStorage()->read(); $authEvent->setIdentity($storage['identity'])->setCode(Result::SUCCESS)->setMessages(array('Authentication successful.')); return; } $enabledProviders = $this->getOptions()->getEnabledProviders(); $provider = $authEvent->getRequest()->getMetadata('provider'); if (empty($provider) || !in_array($provider, $enabledProviders)) { $authEvent->setCode(Result::FAILURE)->setMessages(array('Invalid provider')); $this->setSatisfied(false); return false; } try { $hybridAuth = $this->getHybridAuth(); $adapter = $hybridAuth->authenticate($provider); $userProfile = $adapter->getUserProfile(); $userProfile->email = $provider . ':' . $userProfile->email; } catch (\Exception $ex) { $authEvent->setCode(Result::FAILURE)->setMessages(array('Invalid provider')); $this->setSatisfied(false); return false; } if (!$userProfile) { $authEvent->setCode(Result::FAILURE_IDENTITY_NOT_FOUND)->setMessages(array('A record with the supplied identity could not be found.')); $this->setSatisfied(false); return false; } $localUserProvider = $this->getMapper()->findUserByProviderId($userProfile->identifier, $provider); if (false == $localUserProvider) { if (!$this->getOptions()->getEnableSocialRegistration()) { $authEvent->setCode(Result::FAILURE_IDENTITY_NOT_FOUND)->setMessages(array('A record with the supplied identity could not be found.')); $this->setSatisfied(false); return false; } $method = $provider . 'ToLocalUser'; if (method_exists($this, $method)) { try { $localUser = $this->{$method}($userProfile); } catch (Exception\RuntimeException $ex) { $authEvent->setCode($ex->getCode())->setMessages(array($ex->getMessage()))->stopPropagation(); $this->setSatisfied(false); return false; } } else { $localUser = $this->instantiateLocalUser(); $localUser->setDisplayName($userProfile->displayName)->setPassword($provider); if (isset($userProfile->emailVerified) && !empty($userProfile->emailVerified)) { $localUser->setEmail($userProfile->emailVerified); } $result = $this->insert($localUser, $provider, $userProfile); } $localUserProvider = clone $this->getMapper()->getEntityPrototype(); $localUserProvider->setUserId($localUser->getId())->setProviderId($userProfile->identifier)->setProvider($provider); // Trigger register.pre event $this->getEventManager()->trigger('register.pre', $this, array('user' => $localUser, 'userProvider' => $localUserProvider, 'userProfile' => $userProfile)); $this->getMapper()->insert($localUserProvider); // Trigger register.post event $this->getEventManager()->trigger('register.post', $this, array('user' => $localUser, 'userProvider' => $localUserProvider)); } else { $mapper = $this->getZfcUserMapper(); $localUser = $mapper->findById($localUserProvider->getUserId()); if ($localUser instanceof UserInterface) { $this->update($localUser, $provider, $userProfile); } } $zfcUserOptions = $this->getZfcUserOptions(); if ($zfcUserOptions->getEnableUserState()) { // Don't allow user to login if state is not in allowed list $mapper = $this->getZfcUserMapper(); $user = $mapper->findById($localUserProvider->getUserId()); if (!in_array($user->getState(), $zfcUserOptions->getAllowedLoginStates())) { $authEvent->setCode(Result::FAILURE_UNCATEGORIZED)->setMessages(array('A record with the supplied identity is not active.')); $this->setSatisfied(false); return false; } } $authEvent->setIdentity($localUserProvider->getUserId()); $this->setSatisfied(true); $storage = $this->getStorage()->read(); $storage['identity'] = $authEvent->getIdentity(); $this->getStorage()->write($storage); $authEvent->setCode(Result::SUCCESS)->setMessages(array('Authentication successful.')); }
public function authenticate(AuthEvent $e) { $mapper = new \ZfcUserLdap\Mapper\User($this->getServiceManager()->get('ldap_interface'), $this->getServiceManager()->get('zfcuser_module_options')); $this->setMapper($mapper); if ($this->isSatisfied()) { $storage = $this->getStorage()->read(); $e->setIdentity($storage['identity'])->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.')); return; } $identity = $e->getRequest()->getPost()->get('identity'); $credential = $e->getRequest()->getPost()->get('credential'); $userObject = NULL; /* * In some special case scenarios some LDAP providers allow LDAP * logins via email address both as uid or as mail address lookup, * so to provide an interface to both we do a validator instead of * a loop to verify if it's an email address or not and pull the user. * * Authentication will then be done on the *actual* username set in LDAP * which in some cases may be case sensitive which could cause an issue * where users do not exist if their email was created with upper case * letters and the user types in lower case. * * $fields = $this->getOptions()->getAuthIdentityFields(); */ $zulConfig = $this->getServiceManager()->get('config')['ZfcUserLdap']; // var_dump($zulConfig); // var_dump($zulConfig['auto_insertion']['enabled']); // exit(); $em = $this->getServiceManager()->get('doctrine.entitymanager.orm_default'); $validator = new \Zend\Validator\EmailAddress(); if ($validator->isValid($identity)) { $userObject = $this->getMapper()->findByEmail($identity); } else { $userObject = $this->getMapper()->findByUsername($identity); } if (!$userObject) { $e->setCode(AuthenticationResult::FAILURE_IDENTITY_NOT_FOUND)->setMessages(array('A record with the supplied identity could not be found.')); $this->setSatisfied(false); return false; } if ($this->getOptions()->getEnableUserState()) { // Don't allow user to login if state is not in allowed list if (!in_array($userObject->getState(), $this->getOptions()->getAllowedLoginStates())) { $e->setCode(AuthenticationResult::FAILURE_UNCATEGORIZED)->setMessages(array('A record with the supplied identity is not active.')); $this->setSatisfied(false); return false; } } if ($auth = $this->getMapper()->authenticate($userObject->getUsername(), $credential) !== TRUE) { // var_dump($this->getMapper()->authenticate($userObject->getUsername(), $credential)); // exit(); // Password does not match $e->setCode(AuthenticationResult::FAILURE_CREDENTIAL_INVALID)->setMessages(array($auth)); $this->setSatisfied(false); return false; } // If auto insertion is on, we will check against DB for existing user, // then will create or update user depending on results and settings if ($zulConfig['auto_insertion']['enabled']) { $validator = new \Zend\Validator\EmailAddress(); if ($validator->isValid($identity)) { $userDbObject = $em->getRepository('ZfcUserLdap\\Entity\\User')->findOneBy(array('mail' => $identity)); } else { $userDbObject = $em->getRepository('ZfcUserLdap\\Entity\\User')->findOneBy(array('username' => $identity)); } if ($userDbObject === NULL) { $supportedRoles = array(); $roles = $em->getRepository('ZfcUserLdap\\Entity\\Role')->findAll(); foreach ($roles as $role) { $supportedRoles[$role->getRoleId()] = $role->getId(); } $em->persist($userObject); foreach ($userObject->getMemberof() as $k => $v) { foreach ($roles as $r) { if ($v == $r->getRoleId()) { $userObject->addRole($r); } } } $roles = $em->getRepository('ZfcUserLdap\\Entity\\Role')->findBy(array("roleId" => "user")); if (count($roles)) { $userObject->addRole($roles[0]); } // var_dump($roles); // exit(); $em->persist($userObject); $em->flush(); } elseif ($zulConfig['auto_insertion']['auto_update']) { $supportedRoles = array(); $roles = $em->getRepository('ZfcUserLdap\\Entity\\Role')->findAll(); foreach ($roles as $role) { $supportedRoles[$role->getRoleId()] = $role->getId(); } $member_off = array(); foreach ($userObject->getMemberof() as $k => $v) { if (isset($supportedRoles[$v])) { $member_off[] = $v; } } $exists_roles = array(); foreach ($userDbObject->getRoles() as $k => $v) { $exists_roles[] = $v; } /** * ������� ��� ����, ������� ������� �� ��������� */ foreach ($userDbObject->getRolesObj() as $role1) { if (!in_array($role1->getRoleId(), $member_off) && $role1->getRoleId() != 'user') { $userDbObject->getRolesObj()->removeElement($role1); } } /** * ��������� ����, ������� ��������� ��� ������� ������������ */ foreach ($userObject->getMemberof() as $k => $v) { foreach ($roles as $r) { if ($v == $r->getRoleId()) { $userObject->addRole($r); } } } /** * ��������� ���, Email */ $userDbObject->setDisplayName($userObject->getDisplayName()); $userDbObject->setEmail($userObject->getEmail()); $em->persist($userDbObject); $em->flush(); $userObject = $userDbObject; } else { $userObject = $userDbObject; } } // var_dump($userObject); // exit(); // Success! $e->setIdentity($userObject); // var_dump($e->getIdentity()); // exit(); $this->setSatisfied(true); $storage = $this->getStorage()->read(); $storage['identity'] = $e->getIdentity(); $session = new Container('ZfcUserLdap'); // $session->offsetSet('ldapObj', $this->getServiceManager()->get('ldap_interface')->findById($userObject->getId())); $session->offsetSet('ldapObj', $userObject); $this->getStorage()->write($storage); $e->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.')); }
/** * @depends testCodeAndMessages * @covers \ZfcUser\Authentication\Adapter\AdapterChainEvent::getIdentity * @covers \ZfcUser\Authentication\Adapter\AdapterChainEvent::setIdentity */ public function testIdentity() { $testCode = 123; $testMessages = array('The message.'); $testIdentity = 'the_user'; $this->event->setCode($testCode); $this->event->setMessages($testMessages); $this->event->setIdentity($testIdentity); $this->assertEquals($testCode, $this->event->getCode(), "Asserting the code persisted."); $this->assertEquals($testMessages, $this->event->getMessages(), "Asserting the messages persisted."); $this->assertEquals($testIdentity, $this->event->getIdentity(), "Asserting the identity matches"); $this->event->setIdentity(); $this->assertNull($this->event->getCode(), "Asserting the code has been cleared."); $this->assertEquals(array(), $this->event->getMessages(), "Asserting the messages have been cleared."); $this->assertNull($this->event->getIdentity(), "Asserting the identity has been cleared"); }
public function authenticate(AuthEvent $e) { // check if cookie needs to be set, only when prior auth has been successful if ($e->getIdentity() !== null && $e->getRequest()->isPost() && $e->getRequest()->getPost()->get('remember_me') == 1) { $userObject = $this->getUserMapper()->findById($e->getIdentity()); $this->getRememberMeService()->createSerie($userObject->getId()); /** * If the user has first logged in with a cookie, * but afterwords login with identity/credential * we remove the "cookieLogin" session. */ $session = new \Zend\Session\Container('zfcuser'); $session->offsetSet("cookieLogin", false); return; } if ($this->isSatisfied()) { $storage = $this->getStorage()->read(); $e->setIdentity($storage['identity'])->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.')); return; } $cookies = $e->getRequest()->getCookie(); // no cookie present, skip authentication if (!isset($cookies['remember_me'])) { return false; } $cookie = explode("\n", $cookies['remember_me']); $rememberMe = $this->getRememberMeMapper()->findByIdSerie($cookie[0], $cookie[1]); if (!$rememberMe) { $this->getRememberMeService()->removeCookie(); return false; } if ($rememberMe->getToken() !== $cookie[2]) { // H4x0r // @TODO: Inform user of theft, change password? $this->getRememberMeMapper()->removeAll($cookie[0]); $this->getRememberMeService()->removeCookie(); $this->setSatisfied(false); $e->setCode(AuthenticationResult::FAILURE)->setMessages(array('Possible identity theft detected.')); return false; } $userObject = $this->getUserMapper()->findById($cookie[0]); $this->getRememberMeService()->updateSerie($rememberMe); // Success! $e->setIdentity($userObject->getId()); $this->setSatisfied(true); $storage = $this->getStorage()->read(); $storage['identity'] = $e->getIdentity(); $this->getStorage()->write($storage); $e->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.')); // Reference for weak login. Should not be allowed to change PW etc. $session = new \Zend\Session\Container('zfcuser'); $session->offsetSet("cookieLogin", true); }
/** * Set an event to use during dispatch * * By default, will re-cast to AdapterChainEvent if another event type is provided. * * @param Event $e * @return AdapterChain */ public function setEvent(Event $e) { if (!$e instanceof AdapterChainEvent) { $eventParams = $e->getParams(); $e = new AdapterChainEvent(); $e->setParams($eventParams); } $this->event = $e; return $this; }
public function authenticate(AuthEvent $e) { if ($this->isSatisfied()) { $storage = $this->getStorage()->read(); $e->setIdentity($storage['identity'])->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.')); return; } $identity = $e->getRequest()->getPost()->get('identity'); $credential = $e->getRequest()->getPost()->get('credential'); $credential = $this->preProcessCredential($credential); $userObject = null; // Cycle through the configured identity sources and test each $fields = $this->getOptions()->getAuthIdentityFields(); while (!is_object($userObject) && count($fields) > 0) { $mode = array_shift($fields); switch ($mode) { case 'code': $userObject = $this->getMapper()->findByCode($identity); break; case 'email': $userObject = $this->getMapper()->findByEmail($identity); break; } } if (!$userObject) { $e->setCode(AuthenticationResult::FAILURE_IDENTITY_NOT_FOUND)->setMessages(array("Ce compte n'existe pas.")); $this->setSatisfied(false); return false; } if ($this->getOptions()->getEnableUserActive()) { // Don't allow user to login if active is not in allowed list if (!in_array($userObject->isValid(), $this->getOptions()->getAllowedLoginActives())) { $e->setCode(AuthenticationResult::FAILURE_UNCATEGORIZED)->setMessages(array("Ce compte n'est plus actif.")); $this->setSatisfied(false); return false; } } /** * @todo change password process */ /*$bcrypt = new Bcrypt(); $bcrypt->setCost($this->getOptions()->getPasswordCost()); if (!$bcrypt->verify($credential, $userObject->getPassword())) { // Password does not match $e->setCode(AuthenticationResult::FAILURE_CREDENTIAL_INVALID) ->setMessages(array('Supplied credential is invalid.')); $this->setSatisfied(false); return false; }*/ if (!$userObject->hashPassword($userObject, $credential)) { // Password does not match $e->setCode(AuthenticationResult::FAILURE_CREDENTIAL_INVALID)->setMessages(array('Mot de passe incorect.')); $this->setSatisfied(false); return false; } // regen the id $session = new SessionContainer($this->getStorage()->getNameSpace()); $session->getManager()->regenerateId(); // Success! $e->setIdentity($userObject->getId()); // Update user's password hash if the cost parameter has changed //$this->updateUserPasswordHash($userObject, $credential, $bcrypt); // Retrieve entity $em = $this->getServiceManager()->get('Doctrine\\ORM\\EntityManager'); $accountId = $userObject->getId(); $entity = $userObject->getAccountType()->getEntity(); $repository = $em->getRepository('Application\\Entity\\' . ucfirst($entity) . 'Account'); $entityAccount = $repository->findOneByAccount($accountId); $container = new SessionContainer('entity'); $container->entity = $entity; $container->entityAccount = $entityAccount; $this->setSatisfied(true); $storage = $this->getStorage()->read(); $storage['identity'] = $e->getIdentity(); $this->getStorage()->write($storage); $e->setCode(AuthenticationResult::SUCCESS)->setMessages(array('Authentication successful.')); }