UserController.php
1 <?php
2 /**
3  * wCMF - wemove Content Management Framework
4  * Copyright (C) 2005-2020 wemove digital solutions GmbH
5  *
6  * Licensed under the terms of the MIT License.
7  *
8  * See the LICENSE file distributed with this work for
9  * additional information.
10  */
12 
28 
29 /**
30  * UserController is used to change the current user's password.
31  *
32  * The controller supports the following actions:
33  *
34  * <div class="controller-action">
35  * <div> __Action__ _default_ </div>
36  * <div>
37  * Handle actions regarding the current user
38  *
39  * For details about the parameters, see documentation of the methods.
40  *
41  * | __Response Actions__ | |
42  * |------------------------|-------------------------
43  * | `ok` | In all cases
44  * </div>
45  * </div>
46  *
47  * @author ingo herwig <ingo@wemove.com>
48  */
49 class UserController extends Controller {
50  use \wcmf\lib\presentation\ControllerMethods;
51 
52  private $principalFactory = null;
53  private $eventManager = null;
54  private $tempPermissions = [];
55 
56  /**
57  * Constructor
58  * @param $session
59  * @param $persistenceFacade
60  * @param $permissionManager
61  * @param $actionMapper
62  * @param $localization
63  * @param $message
64  * @param $configuration
65  * @param $principalFactory
66  * @param $eventManager
67  */
68  public function __construct(Session $session,
69  PersistenceFacade $persistenceFacade,
70  PermissionManager $permissionManager,
71  ActionMapper $actionMapper,
72  Localization $localization,
73  Message $message,
74  Configuration $configuration,
75  PrincipalFactory $principalFactory,
76  EventManager $eventManager) {
77  parent::__construct($session, $persistenceFacade, $permissionManager,
78  $actionMapper, $localization, $message, $configuration);
79  $this->principalFactory = $principalFactory;
80  $this->eventManager = $eventManager;
81  // add transaction listener
82  $this->eventManager->addListener(TransactionEvent::NAME, [$this, 'afterCommit']);
83  }
84 
85  /**
86  * Change the user's password
87  *
88  * | Parameter | Description
89  * |---------------------|----------------------
90  * | _in_ `oldpassword` | The old password
91  * | _in_ `newpassword1` | The new password
92  * | _in_ `newpassword2` | The new password
93  */
94  public function changePassword() {
95  $this->requireTransaction();
96  $session = $this->getSession();
97  $permissionManager = $this->getPermissionManager();
98  $request = $this->getRequest();
99  $response = $this->getResponse();
100 
101  // load model
102  $authUser = $this->principalFactory->getUser($session->getAuthUser());
103  if ($authUser) {
104  // add permissions for this operation
105  $oidStr = $authUser->getOID()->__toString();
106  $this->tempPermissions[] = $permissionManager->addTempPermission($oidStr, '', PersistenceAction::READ);
107  $this->tempPermissions[] = $permissionManager->addTempPermission($oidStr.'.password', '', PersistenceAction::UPDATE);
108 
109  $this->changePasswordImpl($authUser, $request->getValue('oldpassword'),
110  $request->getValue('newpassword1'), $request->getValue('newpassword2'));
111  }
112  // success
113  $response->setAction('ok');
114  }
115 
116  /**
117  * Set a configuration for the user
118  *
119  * | Parameter | Description
120  * |--------------|-----------------------------
121  * | _in_ `name` | The configuration name
122  * | _in_ `value` | The configuration value
123  */
124  public function setConfigValue() {
125  $this->requireTransaction();
126  $session = $this->getSession();
127  $request = $this->getRequest();
128  $response = $this->getResponse();
129  $persistenceFacade = $this->getPersistenceFacade();
130 
131  // load model
132  $authUser = $this->principalFactory->getUser($session->getAuthUser());
133  if ($authUser) {
134  $configKey = $request->getValue('name');
135  $configValue = $request->getValue('value');
136 
137  // find configuration
138  $configObj = null;
139  $configList = Node::filter($authUser->getValue('UserConfig'), null, null,
140  ['name' => $configKey]);
141  if (sizeof($configList) > 0) {
142  $configObj = $configList[0];
143  }
144  else {
145  $configObj = $persistenceFacade->create('UserConfig');
146  $configObj->setValue('name', $configKey);
147  $authUser->addNode($configObj);
148  }
149 
150  // set value
151  if ($configObj != null) {
152  $configObj->setValue('value', $configValue);
153  }
154  }
155 
156  // success
157  $response->setAction('ok');
158  }
159 
160  /**
161  * Get a configuration for the user
162  *
163  * | Parameter | Description
164  * |---------------|----------------------------
165  * | _in_ `name` | The configuration name
166  * | _out_ `value` | The configuration value
167  */
168  public function getConfigValue() {
169  $session = $this->getSession();
170  $request = $this->getRequest();
171  $response = $this->getResponse();
172 
173  // load model
174  $value = null;
175  $authUser = $this->principalFactory->getUser($session->getAuthUser());
176  if ($authUser) {
177  $configKey = $request->getValue('name');
178 
179  // find configuration
180  $configObj = null;
181  $configList = Node::filter($authUser->getValue('UserConfig'), null, null,
182  ['name' => $configKey]);
183  $value = sizeof($configList) > 0 ?
184  $configObj = $configList[0]->getValue('value') : null;
185  }
186  $response->setValue('value', $value);
187 
188  // success
189  $response->setAction('ok');
190  }
191 
192  /**
193  * Change a users password.
194  * @param $user The User instance
195  * @param $oldPassword The old password of the user
196  * @param $newPassword The new password for the user
197  * @param $newPasswordRepeated The new password of the user again
198  */
199  protected function changePasswordImpl(User $user, $oldPassword, $newPassword, $newPasswordRepeated) {
200  $message = $this->getMessage();
201  // check old password
202  if (!$user->verifyPassword($oldPassword)) {
203  throw new IllegalArgumentException($message->getText("The old password is incorrect"));
204  }
205  if (strlen($newPassword) == 0) {
206  throw new IllegalArgumentException($message->getText("The password can't be empty"));
207  }
208  if ($newPassword != $newPasswordRepeated) {
209  throw new IllegalArgumentException($message->getText("The given passwords don't match"));
210  }
211  // set password
212  $user->setPassword($newPassword);
213  }
214 
215  /**
216  * Remove temporary permissions after commit
217  * @param $event
218  */
219  public function afterCommit(TransactionEvent $event) {
220  if ($event->getPhase() == TransactionEvent::AFTER_COMMIT) {
221  // remove temporary permissions
222  $permissionManager = $this->getPermissionManager();
223  foreach ($this->tempPermissions as $permission) {
224  $permissionManager->removeTempPermission($permission);
225  }
226  }
227  }
228 }
229 ?>
Session is the interface for session implementations and defines access to session variables.
Definition: Session.php:19
getConfigValue()
Get a configuration for the user.
changePasswordImpl(User $user, $oldPassword, $newPassword, $newPasswordRepeated)
Change a users password.
EventManager is responsible for dispatching events to registered listeners.
IllegalArgumentException signals an exception in method arguments.
const AFTER_COMMIT
An AFTER_COMMIT event occurs after the transaction is committed.
TransactionEvent instances are fired at different phases of a transaction.
afterCommit(TransactionEvent $event)
Remove temporary permissions after commit.
verifyPassword($password)
Verify the given password against the password of the user.
getPermissionManager()
Get the PermissionManager instance.
Definition: Controller.php:291
requireTransaction()
Start or join a transaction that will be committed at the end of execution.
Definition: Controller.php:334
Implementations of Configuration give access to the application configuration.
getMessage()
Get the Message instance.
Definition: Controller.php:315
setPassword($password)
Set the password of the user.
changePassword()
Change the user's password.
PersistenceFacade defines the interface for PersistenceFacade implementations.
getPhase()
Get the phase at which the event occurred.
getPersistenceFacade()
Get the PersistenceFacade instance.
Definition: Controller.php:283
getRequest()
Get the Request instance.
Definition: Controller.php:251
static filter(array $nodeList, ObjectId $oid=null, $type=null, $values=null, $properties=null, $useRegExp=true)
Get Nodes that match given conditions from a list.
Definition: Node.php:182
Node adds the concept of relations to PersistentObject.
Definition: Node.php:34
setConfigValue()
Set a configuration for the user.
Application controllers.
Definition: namespaces.php:3
Controller is the base class of all controllers.
Definition: Controller.php:49
ActionMapper implementations are responsible for instantiating and executing Controllers based on the...
PrincipalFactory implementations are used to retrieve User and Role instances.
addListener($eventName, $callback)
Register a listener for a given event.
getResponse()
Get the Response instance.
Definition: Controller.php:259
PermissionManager implementations are used to handle all authorization requests.
PersistenceAction values are used to define actions on PersistentObject instances.
getSession()
Get the Session instance.
Definition: Controller.php:275
User is the interface for users.
Definition: User.php:18
UserController is used to change the current user's password.
Localization defines the interface for storing localized entity instances and retrieving them back.
Message is used to get localized messages to be used in the user interface.
Definition: Message.php:23
__construct(Session $session, PersistenceFacade $persistenceFacade, PermissionManager $permissionManager, ActionMapper $actionMapper, Localization $localization, Message $message, Configuration $configuration, PrincipalFactory $principalFactory, EventManager $eventManager)
Constructor.