Feature #5846

Implement Account Factory

Added by Robert Lemke almost 12 years ago. Updated about 11 years ago.

Status:
Resolved
Priority:
Should have
Assignee:
Category:
Security
Start date:
2010-03-10
Due date:
% Done:

100%

Estimated time:
1.00 h
PHP Version:
Has patch:
Complexity:

Description

Currently the typical code for creating a password-based account looks like this:

        $roles = array(
            $this->objectFactory->create('F3\FLOW3\Security\ACL\Role', 'Participant'),
        );

        $salt = substr(md5(uniqid(rand(), TRUE)), 0, rand(6, 10));

        $account = $this->objectFactory->create('F3\Party\Domain\Model\Account');
        $account->setAccountIdentifier($accountIdentifier);
        $account->setCredentialsSource(md5(md5($password) . $salt) . ',' . $salt);
        $account->setAuthenticationProviderName('DefaultProvider');
        $account->setRoles($roles);

        $newPerson->addAccount($account);
        $this->personRepository->add($newPerson);

It is not very intuitive and probably error prone for newbies having to write that much code
in order to create an account. Another problem is that we rely on a third developer's ability
to create a secure salt.

We therefore should provide some kind of account factory which allows for easy creation of
typical accounts:

   $newAccount = $accountFactory->createAccountWithPassword('identifier', 'password', array('role1', 'role2'));

This would also be a good opportunity to move the Account model to the FLOW3 Security sub package because
it belongs more to security than to Party. The setParty() and getParty() methods should refer to a PartyInterface
rather than a specific implementation

Also available in: Atom PDF