/**
* Creates a temporary system user with elevated privileges
* so that the token can be removed and the user password
* reset, despite having no authenticated user.
*
* @param mixed $token
*/
protected function flush($token)
{
$documentManager = $this->getDocumentManager();
$sysUser = new User();
$sysUser->addRole('sys::recoverpassword');
$serviceLocator = $this->options->getManifest()->getServiceManager();
$allowOverride = $serviceLocator->getAllowOverride();
$serviceLocator->setAllowOverride(true);
$serviceLocator->setService('user', $sysUser);
$documentManager->remove($token);
$documentManager->flush();
$serviceLocator->setAllowOverride($allowOverride);
$sysUser->removeRole('sys::recoverpassword');
}
public function getUser()
{
list($series, $token, $username) = $this->getCookieValues();
$documentManager = $this->options->getDocumentManager();
$repository = $documentManager->getRepository('Zoop\\GatewayModule\\DataModel\\RememberMe');
$record = $repository->findOneBy(['series' => $series]);
if (!$record) {
//If no record found matching the cookie, then ignore it, and remove the cookie.
$this->removeCookie();
return false;
}
if ($record->getUsername() != $username) {
//Something has gone very wrong if the username doesn't match, remove cookie, and db record
$this->removeCookie();
$this->removeSeriesRecord();
return false;
}
if ($record->getToken() != $token) {
//If tokens don't match, then session theft has occured. Delete all user records, and cookie.
$this->removeCookie();
$this->removeUserRecords();
return false;
}
//If we have got this far, then the user is good.
//Update the token.
$newToken = $this->createToken();
$record->setToken($newToken);
$documentManager->flush();
$this->setCookie($series, $newToken, $username);
$userRepository = $documentManager->getRepository($this->options->getUserClass());
$usernameProperty = $this->options->getUsernameProperty();
$shardServiceManager = $this->options->getShardServiceManager();
$allowOverride = $shardServiceManager->getAllowOverride();
$shardServiceManager->setAllowOverride(true);
$sysUser = new User();
$sysUser->addRole('sys::authenticate');
$shardServiceManager->setService('user', $sysUser);
$user = $userRepository->findOneBy([$usernameProperty => $username]);
if (!$user) {
//although the cookie and rememberme record match, there is no matching registered user!
$this->removeCookie();
$this->removeUserRecords();
$sysUser->removeRole('sys::authenticate');
$shardServiceManager->setAllowOverride($allowOverride);
return false;
}
$shardServiceManager->setService('user', $user);
$shardServiceManager->setAllowOverride($allowOverride);
return $user;
}
/**
* Authenticates against the supplied adapter
*
* @return Result
* @throws Exception\RuntimeException
*/
public function authenticate()
{
$allowOverride = $this->shardServiceManager->getAllowOverride();
$this->shardServiceManager->setAllowOverride(true);
$sysUser = new User();
$sysUser->addRole('sys::authenticate');
$this->shardServiceManager->setService('user', $sysUser);
$this->doctrineAdapter->setIdentity($this->identity);
$this->doctrineAdapter->setCredential($this->credential);
$result = $this->doctrineAdapter->authenticate();
if ($result->isValid()) {
$this->shardServiceManager->setService('user', $result->getIdentity());
} else {
$sysUser->removeRole('sys::authenticate');
}
$this->shardServiceManager->setAllowOverride($allowOverride);
return $result;
}
public static function create($serviceLocator, $documentManager)
{
//craete temp auth user
$sysUser = new User();
$sysUser->addRole('admin');
$serviceLocator->setService('user', $sysUser);
$user = new User();
$user->setUsername('toby');
$user->setFirstName('Toby');
$user->setLastName('McQueen');
$user->setEmail('*****@*****.**');
$user->setPassword('password1');
$user->setSalt('passwordpasswordpasswordpasswordpassword');
$documentManager->persist($user);
$documentManager->flush();
$sysUser->removeRole('admin');
$documentManager->clear();
}
public static function create($serviceLocator, $documentManager)
{
//Create data in the db to query against
$documentManager->getConnection()->selectDatabase('gomi-test');
//craete temp auth user
$sysUser = new User();
$sysUser->addRole('admin');
$serviceLocator->setService('user', $sysUser);
$user = new User();
$user->setUsername('toby');
$user->setFirstName('Toby');
$user->setLastName('Awesome');
$user->setPassword('password1');
$user->setEmail('*****@*****.**');
$documentManager->persist($user);
$documentManager->flush();
$documentManager->clear();
}
public function testChangePasswordWithUsername()
{
//first create the token
$accept = new Accept();
$accept->addMediaType('application/json');
$this->getRequest()->setMethod(Request::METHOD_POST)->setContent('{"username": "******"}')->getHeaders()->addHeaders([$accept, ContentType::fromString('Content-type: application/json')]);
$this->dispatch('/rest/recoverpasswordtoken');
$response = $this->getResponse();
$result = json_decode($response->getContent(), true);
$this->assertFalse(isset($result));
$this->assertResponseStatusCode(201);
$this->assertFalse($response->getHeaders()->has('Location'));
//check the email
$this->assertTrue(file_exists(__DIR__ . '/../../../../email/test_mail.tmp'));
//second, use the code in the email to change the password
$text = file_get_contents(__DIR__ . '/../../../../email/test_mail.tmp');
preg_match('/\\/rest\\/recoverpasswordtoken\\/[a-zA-Z0-9]+/', $text, $match);
$accept = new Accept();
$accept->addMediaType('application/json');
$this->getRequest()->setMethod(Request::METHOD_PUT)->setContent('{"password": "******"}')->getHeaders()->addHeaders([$accept, ContentType::fromString('Content-type: application/json')]);
$this->dispatch($match[0]);
$response = $this->getResponse();
$result = json_decode($response->getContent(), true);
$this->assertFalse(isset($result));
$this->assertResponseStatusCode(204);
//add sys user
$sysUser = new User();
$sysUser->addRole('sys::authenticate');
$this->shardServiceLocator->setAllowOverride(true);
$this->shardServiceLocator->setService('user', $sysUser);
$user = $this->documentManager->getRepository('Zoop\\GomiModule\\DataModel\\User')->findOneBy(['username' => 'toby']);
$basicHashService = new BasicHashService();
$this->assertTrue($basicHashService->hashValue('newPassword2', $user->getSalt()) == $user->getPassword());
}
/**
* @param MvcEvent $event
* @return mixed User
*/
protected function getUser(MvcEvent $event)
{
$data = $event->getParam('data');
$criteria = $this->getUserCriteria($data);
$userRepository = $this->getDocumentManager()->getRepository($this->getUserClassName());
$sysUser = new User();
$sysUser->addRole('sys::authenticate');
$serviceLocator = $this->options->getManifest()->getServiceManager();
$allowOverride = $serviceLocator->getAllowOverride();
$serviceLocator->setAllowOverride(true);
$serviceLocator->setService('user', $sysUser);
$user = $userRepository->findOneBy($criteria);
$sysUser->removeRole('sys::recoverpassword');
if (!isset($user)) {
$serviceLocator->setAllowOverride($allowOverride);
throw new Exception\DocumentNotFoundException();
}
$serviceLocator->setService('user', $user);
$serviceLocator->setAllowOverride($allowOverride);
return $user;
}
