Source for file User.php
Documentation is available at User.php
6: * Copyright (c) 2004, 2009 David Grudl (http://davidgrudl.com)
8: * This source file is subject to the "Nette license" that is bundled
9: * with this package in the file license.txt.
11: * For more information please see https://nette.org
13: * @copyright Copyright (c) 2004, 2009 David Grudl
14: * @license https://nette.org/license Nette license
15: * @link https://nette.org
23: require_once dirname(__FILE__) .
'/../Object.php';
25: require_once dirname(__FILE__) .
'/../Web/IUser.php';
30: * Authentication and authorization.
32: * @author David Grudl
33: * @copyright Copyright (c) 2004, 2009 David Grudl
38: /**#@+ sign-out reason {@link User::getSignOutReason()} */
44: /** @var string default role for unauthenticated user */
47: /** @var string default role for authenticated user without own identity */
50: /** @var array of event handlers; Occurs when the user is successfully authenticated; function(User $sender) */
53: /** @var array of event handlers; Occurs when the user is logged off; function(User $sender) */
56: /** @var IAuthenticator */
57: private $authenticationHandler;
59: /** @var IAuthorizator */
60: private $authorizationHandler;
63: private $namespace =
'';
65: /** @var SessionNamespace */
70: /********************* Authentication ****************d*g**/
75: * Conducts the authentication process.
80: * @throws AuthenticationException if authentication was not successful
85: if ($handler ===
NULL) {
91: $credentials =
array(
99: $this->onAuthenticated($this);
105: * Logs off the user from the current session.
106: * @param bool clear the identity from persistent storage?
109: final public function signOut($clearIdentity =
FALSE)
113: $this->onSignedOut($this);
116: if ($clearIdentity) {
124: * Is this user authenticated?
130: return $session &&
$session->authenticated;
136: * Returns current user identity, if any.
142: return $session ?
$session->identity :
NULL;
148: * Sets authentication handler.
149: * @param IAuthenticator
154: $this->authenticationHandler =
$handler;
160: * Returns authentication handler.
161: * @return IAuthenticator
165: if ($this->authenticationHandler ===
NULL) {
168: return $this->authenticationHandler;
174: * Changes namespace; allows more users to share a session.
180: if ($this->namespace !==
$namespace) {
181: $this->namespace = (string)
$namespace;
182: $this->session =
NULL;
189: * Returns current namespace.
194: return $this->namespace;
200: * Enables sign out after inactivity.
201: * @param int number of seconds or timestamp
202: * @param bool sign out when the browser is closed?
203: * @param bool clear the identity from persistent storage?
206: public function setExpiration($seconds, $whenBrowserIsClosed =
TRUE, $clearIdentity =
FALSE)
213: $session->expireTime =
$seconds;
214: $session->expireDelta =
$seconds -
time();
217: unset($session->expireTime, $session->expireDelta);
220: $session->expireIdentity = (bool)
$clearIdentity;
221: $session->expireBrowser = (bool)
$whenBrowserIsClosed;
227: * Why was user signed out?
233: return $session ?
$session->reason :
NULL;
239: * Returns and initializes $this->session.
240: * @return SessionNamespace
244: if ($this->session !==
NULL) {
245: return $this->session;
249: if (!$need &&
!$sessionHandler->exists()) {
253: $this->session =
$session =
$sessionHandler->getNamespace('Nette.Web.User/' .
$this->namespace);
263: if ($session->authenticated &&
$session->expireBrowser &&
!$session->browserCheck) { // check if browser was closed?
264: $session->reason =
self::BROWSER_CLOSED;
265: $session->authenticated =
FALSE;
266: $this->onSignedOut($this);
267: if ($session->expireIdentity) {
268: unset($session->identity);
272: if ($session->authenticated &&
$session->expireDelta >
0) { // check time expiration
273: if ($session->expireTime <
time()) {
274: $session->reason =
self::INACTIVITY;
275: $session->authenticated =
FALSE;
276: $this->onSignedOut($this);
277: if ($session->expireIdentity) {
278: unset($session->identity);
281: $session->expireTime =
time() +
$session->expireDelta; // sliding expiration
284: return $this->session;
290: * Set the authenticated status of this user.
291: * @param bool flag indicating the authenticated status of user
297: $session->authenticated = (bool)
$state;
299: // Session Fixation defence
303: $session->reason =
NULL;
304: $session->expireBrowser =
TRUE;
305: $session->authTime =
time(); // informative value
306: $session->browserCheck =
TRUE;
307: $session->setExpiration(0, 'browserCheck');
310: $session->reason =
self::MANUAL;
311: unset($session->browserCheck, $session->expireTime, $session->expireDelta,
312: $session->expireIdentity, $session->expireBrowser, $session->authTime);
325: /********************* Authorization ****************d*g**/
330: * Returns a list of effective roles that a user has been granted.
346: * Is a user in the specified effective role?
358: * Has a user effective access to the Resource?
359: * If $resource is NULL, then the query applies to all resources.
360: * @param string resource
361: * @param string privilege
364: public function isAllowed($resource =
NULL, $privilege =
NULL)
372: if ($handler->isAllowed($role, $resource, $privilege)) return TRUE;
381: * Sets authorization handler.
382: * @param IAuthorizator
387: $this->authorizationHandler =
$handler;
393: * Returns current authorization handler.
394: * @return IAuthorizator
398: if ($this->authorizationHandler ===
NULL) {
401: return $this->authorizationHandler;
406: /********************* backend ****************d*g**/
411: * Returns session handler.