Skip to content

Commit

Permalink
Update account auth
Browse files Browse the repository at this point in the history
  • Loading branch information
@nguyennv
nguyennv committed Aug 21, 2016
1 parent 04a441f commit 8cb29f6
Show file tree
Hide file tree
Showing 3 changed files with 211 additions and 24 deletions.
35 changes: 25 additions & 10 deletions src/Zimbra/Account/Base.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,16 +60,21 @@ public function __construct($location)
/**
* Authenticate for an account
*
* @param string|AccountSelector $account The user account.
* @param string $password The user password.
* @param PreAuth $key Pre authentication key
* @param AuthToken $token The authentication token.
* @param AccountSelector $account Specifies the account to authenticate against
* @param string $password Password to use in conjunction with an account
* @param PreAuth $preauth The preauth
* @param AuthToken $authToken An authToken can be passed instead of account/password/preauth to validate an existing auth token.
* @param string $virtualHost If specified (in conjunction with by="name"), virtual-host is used to determine the domain of the account name, if it does not include a domain component.
* @param AuthPrefs $prefs Preference.
* @param AuthAttrs $attrs The attributes.
* @param string $requestedSkin If specified the name of the skin requested by the client.
* @param string $persistAuthTokenCookie Controls whether the auth token cookie in the response should be persisted when the browser exits.
* @param AuthPrefs $prefs Preference
* @param AuthAttrs $attrs The attributes
* @param string $requestedSkin The requestedSkin. If specified the name of the skin requested by the client.
* @param string $twoFactorCode The TOTP code used for two-factor authentication
* @param string $trustedDeviceToken Whether the client represents a trusted device
* @param string $deviceId Unique device identifier; used to verify trusted mobile devices
* @param bool $persistAuthTokenCookie Controls whether the auth token cookie in the response should be persisted when the browser exits.
* @param bool $csrfTokenSecured Controls whether the client supports CSRF token.
* @param bool $deviceTrusted Whether the client represents a trusted device
* @param bool $generateDeviceId
* @return authentication token
*/
public function auth(
Expand All @@ -81,8 +86,13 @@ public function auth(
AuthPrefs $prefs = null,
AuthAttrs $attrs = null,
$requestedSkin = null,
$twoFactorCode = null,
$trustedDeviceToken = null,
$deviceId = null,
$persistAuthTokenCookie = null,
$csrfTokenSecured = null
$csrfTokenSecured = null,
$deviceTrusted = null,
$generateDeviceId = null
)
{
$request = new \Zimbra\Account\Request\Auth(
Expand All @@ -94,8 +104,13 @@ public function auth(
$prefs,
$attrs,
$requestedSkin,
$twoFactorCode,
$trustedDeviceToken,
$deviceId,
$persistAuthTokenCookie,
$csrfTokenSecured
$csrfTokenSecured,
$deviceTrusted,
$generateDeviceId
);
$result = $this->getClient()->doRequest($request);
if(isset($result->authToken) && !empty($result->authToken))
Expand Down
138 changes: 137 additions & 1 deletion src/Zimbra/Account/Request/Auth.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,13 @@ class Auth extends Base
* @param AuthPrefs $prefs Preference
* @param AuthAttrs $attrs The attributes
* @param string $requestedSkin The requestedSkin. If specified the name of the skin requested by the client.
* @param string $twoFactorCode The TOTP code used for two-factor authentication
* @param string $trustedDeviceToken Whether the client represents a trusted device
* @param string $deviceId Unique device identifier; used to verify trusted mobile devices
* @param bool $persistAuthTokenCookie Controls whether the auth token cookie in the response should be persisted when the browser exits.
* @param bool $csrfTokenSecured Controls whether the client supports CSRF token.
* @param bool $deviceTrusted Whether the client represents a trusted device
* @param bool $generateDeviceId
* @return self
*/
public function __construct(
Expand All @@ -50,8 +56,13 @@ public function __construct(
AuthPrefs $prefs = null,
AuthAttrs $attrs = null,
$requestedSkin = null,
$twoFactorCode = null,
$trustedDeviceToken = null,
$deviceId = null,
$persistAuthTokenCookie = null,
$csrfTokenSecured = null
$csrfTokenSecured = null,
$deviceTrusted = null,
$generateDeviceId = null
)
{
parent::__construct();
Expand Down Expand Up @@ -95,6 +106,18 @@ public function __construct(
{
$this->setChild('requestedSkin', trim($requestedSkin));
}
if(null !== $twoFactorCode)
{
$this->setChild('twoFactorCode', trim($twoFactorCode));
}
if(null !== $trustedDeviceToken)
{
$this->setChild('trustedToken', trim($trustedDeviceToken));
}
if(null !== $deviceId)
{
$this->setChild('deviceId', trim($deviceId));
}
if(null !== $persistAuthTokenCookie)
{
$this->setProperty('persistAuthTokenCookie', (bool) $persistAuthTokenCookie);
Expand All @@ -103,6 +126,14 @@ public function __construct(
{
$this->setProperty('csrfTokenSecured', (bool) $csrfTokenSecured);
}
if(null !== $deviceTrusted)
{
$this->setProperty('deviceTrusted', (bool) $deviceTrusted);
}
if(null !== $generateDeviceId)
{
$this->setProperty('generateDeviceId', (bool) $generateDeviceId);
}
}

/**
Expand Down Expand Up @@ -273,6 +304,69 @@ public function setRequestedSkin($requestedSkin)
return $this->setChild('requestedSkin', trim($requestedSkin));
}

/**
* Gets two-factor code
*
* @return string
*/
public function getTwoFactorCode()
{
return $this->getChild('twoFactorCode');
}

/**
* Sets two-factor code
*
* @param string $twoFactorCode
* @return self
*/
public function setTwoFactorCode($twoFactorCode)
{
return $this->setChild('twoFactorCode', trim($twoFactorCode));
}

/**
* Gets whether the client represents a trusted device
*
* @return string
*/
public function getTrustedDeviceToken()
{
return $this->getChild('trustedToken');
}

/**
* Sets whether the client represents a trusted device
*
* @param string $trustedDeviceToken
* @return self
*/
public function setTrustedDeviceToken($trustedDeviceToken)
{
return $this->setChild('trustedToken', trim($trustedDeviceToken));
}

/**
* Gets unique device identifier; used to verify trusted mobile devices
*
* @return string
*/
public function getDeviceId()
{
return $this->getChild('deviceId');
}

/**
* Sets unique device identifier; used to verify trusted mobile devices
*
* @param string $deviceId
* @return self
*/
public function setDeviceId($deviceId)
{
return $this->setChild('deviceId', trim($deviceId));
}

/**
* Gets controls whether the auth token cookie
*
Expand Down Expand Up @@ -314,4 +408,46 @@ public function setCsrfTokenSecured($csrfTokenSecured)
{
return $this->setProperty('csrfTokenSecured', (bool) $csrfTokenSecured);
}

/**
* Gets whether the client represents a trusted device
*
* @return bool
*/
public function getDeviceTrusted()
{
return $this->getProperty('deviceTrusted');
}

/**
* Sets whether the client represents a trusted device
*
* @param bool $deviceTrusted
* @return self
*/
public function setDeviceTrusted($deviceTrusted)
{
return $this->setProperty('deviceTrusted', (bool) $deviceTrusted);
}

/**
* Gets generate device Id
*
* @return bool
*/
public function getGenerateDeviceId()
{
return $this->getProperty('generateDeviceId');
}

/**
* Sets generate device Id
*
* @param bool $deviceTrusted
* @return self
*/
public function setGenerateDeviceId($generateDeviceId)
{
return $this->setProperty('generateDeviceId', (bool) $generateDeviceId);
}
}
62 changes: 49 additions & 13 deletions src/Zimbra/Account/Tests/Request/AuthTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,10 @@ public function testAuthRequest()
$password = $this->faker->word;
$virtualHost = $this->faker->word;
$requestedSkin = $this->faker->word;
$twoFactorCode = $this->faker->word;
$trustedToken = $this->faker->word;
$deviceId = $this->faker->word;

$time = time();

$account = new AccountSelector(AccountBy::NAME(), $value);
Expand All @@ -39,7 +43,8 @@ public function testAuthRequest()

$req = new Auth(
$account, $password, $preauth, $authToken, $virtualHost,
$prefs, $attrs, $requestedSkin, false, true
$prefs, $attrs, $requestedSkin, $twoFactorCode,
$trustedToken, $deviceId, false, false, false, false
);
$this->assertInstanceOf('Zimbra\Account\Request\Base', $req);
$this->assertSame($account, $req->getAccount());
Expand All @@ -50,9 +55,15 @@ public function testAuthRequest()
$this->assertSame($prefs, $req->getPrefs());
$this->assertSame($attrs, $req->getAttrs());
$this->assertSame($requestedSkin, $req->getRequestedSkin());
$this->assertSame($twoFactorCode, $req->getTwoFactorCode());
$this->assertSame($trustedToken, $req->getTrustedDeviceToken());
$this->assertSame($deviceId, $req->getDeviceId());
$this->assertFalse($req->getPersistAuthTokenCookie());
$this->assertTrue($req->getCsrfTokenSecured());
$this->assertFalse($req->getCsrfTokenSecured());
$this->assertFalse($req->getDeviceTrusted());
$this->assertFalse($req->getGenerateDeviceId());

$req = new Auth();
$req->setAccount($account)
->setPassword($password)
->setPreAuth($preauth)
Expand All @@ -61,8 +72,13 @@ public function testAuthRequest()
->setPrefs($prefs)
->setAttrs($attrs)
->setRequestedSkin($requestedSkin)
->setTwoFactorCode($twoFactorCode)
->setTrustedDeviceToken($trustedToken)
->setDeviceId($deviceId)
->setPersistAuthTokenCookie(true)
->setCsrfTokenSecured(false);
->setCsrfTokenSecured(true)
->setDeviceTrusted(true)
->setGenerateDeviceId(true);
$this->assertSame($account, $req->getAccount());
$this->assertSame($password, $req->getPassword());
$this->assertSame($preauth, $req->getPreAuth());
Expand All @@ -71,23 +87,31 @@ public function testAuthRequest()
$this->assertSame($prefs, $req->getPrefs());
$this->assertSame($attrs, $req->getAttrs());
$this->assertSame($requestedSkin, $req->getRequestedSkin());
$this->assertSame($twoFactorCode, $req->getTwoFactorCode());
$this->assertSame($trustedToken, $req->getTrustedDeviceToken());
$this->assertSame($deviceId, $req->getDeviceId());
$this->assertTrue($req->getPersistAuthTokenCookie());
$this->assertFalse($req->getCsrfTokenSecured());
$this->assertTrue($req->getCsrfTokenSecured());
$this->assertTrue($req->getDeviceTrusted());
$this->assertTrue($req->getGenerateDeviceId());

$xml = '<?xml version="1.0"?>' . "\n"
. '<AuthRequest persistAuthTokenCookie="true" csrfTokenSecured="false">'
. '<account by="' . AccountBy::NAME() . '">' . $value . '</account>'
. '<password>' . $password . '</password>'
. '<preauth timestamp="' . $time . '" expiresTimestamp="' . $time . '">' . $value . '</preauth>'
. '<authToken verifyAccount="true">' . $value . '</authToken>'
. '<virtualHost>' . $virtualHost . '</virtualHost>'
. '<AuthRequest persistAuthTokenCookie="true" csrfTokenSecured="true" deviceTrusted="true" generateDeviceId="true">'
. '<prefs>'
. '<pref name="' . $name . '" modified="' . $time . '">' . $value . '</pref>'
. '</prefs>'
. '<attrs>'
. '<attr name="' . $name . '" pd="true">' . $value . '</attr>'
. '</attrs>'
. '<account by="' . AccountBy::NAME() . '">' . $value . '</account>'
. '<password>' . $password . '</password>'
. '<preauth timestamp="' . $time . '" expiresTimestamp="' . $time . '">' . $value . '</preauth>'
. '<authToken verifyAccount="true">' . $value . '</authToken>'
. '<virtualHost>' . $virtualHost . '</virtualHost>'
. '<requestedSkin>' . $requestedSkin . '</requestedSkin>'
. '<twoFactorCode>' . $twoFactorCode . '</twoFactorCode>'
. '<trustedToken>' . $trustedToken . '</trustedToken>'
. '<deviceId>' . $deviceId . '</deviceId>'
. '</AuthRequest>';
$this->assertXmlStringEqualsXmlString($xml, (string) $req);

Expand Down Expand Up @@ -128,8 +152,13 @@ public function testAuthRequest()
],
],
'requestedSkin' => $requestedSkin,
'twoFactorCode' => $twoFactorCode,
'trustedToken' => $trustedToken,
'deviceId' => $deviceId,
'persistAuthTokenCookie' => true,
'csrfTokenSecured' => false,
'csrfTokenSecured' => true,
'deviceTrusted' => true,
'generateDeviceId' => true,
],
];
$this->assertEquals($array, $req->toArray());
Expand All @@ -142,6 +171,9 @@ public function testAuthApi()
$password = $this->faker->word;
$virtualHost = $this->faker->word;
$requestedSkin = $this->faker->word;
$twoFactorCode = $this->faker->word;
$trustedToken = $this->faker->word;
$deviceId = $this->faker->word;
$time = time();

$account = new AccountSelector(AccountBy::NAME(), $value);
Expand All @@ -156,15 +188,16 @@ public function testAuthApi()

$this->api->auth(
$account, $password, $preauth, $authToken, $virtualHost,
$prefs, $attrs, $requestedSkin, false, false
$prefs, $attrs, $requestedSkin, $twoFactorCode,
$trustedToken, $deviceId, false, false, true, true
);

$client = $this->api->getClient();
$req = $client->lastRequest();
$xml = '<?xml version="1.0"?>' . "\n"
. '<env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope" xmlns:urn="urn:zimbra" xmlns:urn1="urn:zimbraAccount">'
. '<env:Body>'
. '<urn1:AuthRequest persistAuthTokenCookie="false" csrfTokenSecured="false">'
. '<urn1:AuthRequest persistAuthTokenCookie="false" csrfTokenSecured="false" deviceTrusted="true" generateDeviceId="true">'
. '<urn1:account by="' . AccountBy::NAME() . '">' . $value . '</urn1:account>'
. '<urn1:password>' . $password . '</urn1:password>'
. '<urn1:preauth timestamp="' . $time . '" expiresTimestamp="' . $time . '">' . $value . '</urn1:preauth>'
Expand All @@ -177,6 +210,9 @@ public function testAuthApi()
. '<urn1:attr name="' . $name . '" pd="true">' . $value . '</urn1:attr>'
. '</urn1:attrs>'
. '<urn1:requestedSkin>' . $requestedSkin . '</urn1:requestedSkin>'
. '<urn1:twoFactorCode>' . $twoFactorCode . '</urn1:twoFactorCode>'
. '<urn1:trustedToken>' . $trustedToken . '</urn1:trustedToken>'
. '<urn1:deviceId>' . $deviceId . '</urn1:deviceId>'
. '</urn1:AuthRequest>'
. '</env:Body>'
. '</env:Envelope>';
Expand Down

0 comments on commit 8cb29f6

Please sign in to comment.