1: <?php
  2: 
  3: /**
  4:  * This file is part of the Nette Framework (https://nette.org)
  5:  * Copyright (c) 2004 David Grudl (https://davidgrudl.com)
  6:  */
  7: 
  8: namespace Nette\Security;
  9: 
 10: use Nette;
 11: 
 12: 
 13: /**
 14:  * User authentication and authorization.
 15:  *
 16:  * @author     David Grudl
 17:  *
 18:  * @property-read bool $loggedIn
 19:  * @property-read IIdentity $identity
 20:  * @property-read mixed $id
 21:  * @property-read array $roles
 22:  * @property-read int $logoutReason
 23:  * @property-read IUserStorage $storage
 24:  * @property   IAuthenticator $authenticator
 25:  * @property   IAuthorizator $authorizator
 26:  */
 27: class User extends Nette\Object
 28: {
 29:     /** @deprecated */
 30:     const MANUAL = IUserStorage::MANUAL,
 31:         INACTIVITY = IUserStorage::INACTIVITY,
 32:         BROWSER_CLOSED = IUserStorage::BROWSER_CLOSED;
 33: 
 34:     /** @var string  default role for unauthenticated user */
 35:     public $guestRole = 'guest';
 36: 
 37:     /** @var string  default role for authenticated user without own identity */
 38:     public $authenticatedRole = 'authenticated';
 39: 
 40:     /** @var array of function (User $sender); Occurs when the user is successfully logged in */
 41:     public $onLoggedIn;
 42: 
 43:     /** @var array of function (User $sender); Occurs when the user is logged out */
 44:     public $onLoggedOut;
 45: 
 46:     /** @var IUserStorage Session storage for current user */
 47:     private $storage;
 48: 
 49:     /** @var IAuthenticator */
 50:     private $authenticator;
 51: 
 52:     /** @var IAuthorizator */
 53:     private $authorizator;
 54: 
 55: 
 56:     public function __construct(IUserStorage $storage, IAuthenticator $authenticator = NULL, IAuthorizator $authorizator = NULL)
 57:     {
 58:         $this->storage = $storage;
 59:         $this->authenticator = $authenticator;
 60:         $this->authorizator = $authorizator;
 61:     }
 62: 
 63: 
 64:     /**
 65:      * @return IUserStorage
 66:      */
 67:     public function getStorage()
 68:     {
 69:         return $this->storage;
 70:     }
 71: 
 72: 
 73:     /********************* Authentication ****************d*g**/
 74: 
 75: 
 76:     /**
 77:      * Conducts the authentication process. Parameters are optional.
 78:      * @param  mixed optional parameter (e.g. username or IIdentity)
 79:      * @param  mixed optional parameter (e.g. password)
 80:      * @return void
 81:      * @throws AuthenticationException if authentication was not successful
 82:      */
 83:     public function login($id = NULL, $password = NULL)
 84:     {
 85:         $this->logout(TRUE);
 86:         if (!$id instanceof IIdentity) {
 87:             $id = $this->getAuthenticator()->authenticate(func_get_args());
 88:         }
 89:         $this->storage->setIdentity($id);
 90:         $this->storage->setAuthenticated(TRUE);
 91:         $this->onLoggedIn($this);
 92:     }
 93: 
 94: 
 95:     /**
 96:      * Logs out the user from the current session.
 97:      * @param  bool  clear the identity from persistent storage?
 98:      * @return void
 99:      */
100:     public function logout($clearIdentity = FALSE)
101:     {
102:         if ($this->isLoggedIn()) {
103:             $this->onLoggedOut($this);
104:             $this->storage->setAuthenticated(FALSE);
105:         }
106:         if ($clearIdentity) {
107:             $this->storage->setIdentity(NULL);
108:         }
109:     }
110: 
111: 
112:     /**
113:      * Is this user authenticated?
114:      * @return bool
115:      */
116:     public function isLoggedIn()
117:     {
118:         return $this->storage->isAuthenticated();
119:     }
120: 
121: 
122:     /**
123:      * Returns current user identity, if any.
124:      * @return IIdentity|NULL
125:      */
126:     public function getIdentity()
127:     {
128:         return $this->storage->getIdentity();
129:     }
130: 
131: 
132:     /**
133:      * Returns current user ID, if any.
134:      * @return mixed
135:      */
136:     public function getId()
137:     {
138:         $identity = $this->getIdentity();
139:         return $identity ? $identity->getId() : NULL;
140:     }
141: 
142: 
143:     /**
144:      * Sets authentication handler.
145:      * @return self
146:      */
147:     public function setAuthenticator(IAuthenticator $handler)
148:     {
149:         $this->authenticator = $handler;
150:         return $this;
151:     }
152: 
153: 
154:     /**
155:      * Returns authentication handler.
156:      * @return IAuthenticator
157:      */
158:     public function getAuthenticator($need = TRUE)
159:     {
160:         if ($need && !$this->authenticator) {
161:             throw new Nette\InvalidStateException('Authenticator has not been set.');
162:         }
163:         return $this->authenticator;
164:     }
165: 
166: 
167:     /**
168:      * Enables log out after inactivity.
169:      * @param  string|int|DateTime number of seconds or timestamp
170:      * @param  bool  log out when the browser is closed?
171:      * @param  bool  clear the identity from persistent storage?
172:      * @return self
173:      */
174:     public function setExpiration($time, $whenBrowserIsClosed = TRUE, $clearIdentity = FALSE)
175:     {
176:         $flags = ($whenBrowserIsClosed ? IUserStorage::BROWSER_CLOSED : 0) | ($clearIdentity ? IUserStorage::CLEAR_IDENTITY : 0);
177:         $this->storage->setExpiration($time, $flags);
178:         return $this;
179:     }
180: 
181: 
182:     /**
183:      * Why was user logged out?
184:      * @return int
185:      */
186:     public function getLogoutReason()
187:     {
188:         return $this->storage->getLogoutReason();
189:     }
190: 
191: 
192:     /********************* Authorization ****************d*g**/
193: 
194: 
195:     /**
196:      * Returns a list of effective roles that a user has been granted.
197:      * @return array
198:      */
199:     public function getRoles()
200:     {
201:         if (!$this->isLoggedIn()) {
202:             return array($this->guestRole);
203:         }
204: 
205:         $identity = $this->getIdentity();
206:         return $identity && $identity->getRoles() ? $identity->getRoles() : array($this->authenticatedRole);
207:     }
208: 
209: 
210:     /**
211:      * Is a user in the specified effective role?
212:      * @param  string
213:      * @return bool
214:      */
215:     public function isInRole($role)
216:     {
217:         return in_array($role, $this->getRoles(), TRUE);
218:     }
219: 
220: 
221:     /**
222:      * Has a user effective access to the Resource?
223:      * If $resource is NULL, then the query applies to all resources.
224:      * @param  string  resource
225:      * @param  string  privilege
226:      * @return bool
227:      */
228:     public function isAllowed($resource = IAuthorizator::ALL, $privilege = IAuthorizator::ALL)
229:     {
230:         foreach ($this->getRoles() as $role) {
231:             if ($this->getAuthorizator()->isAllowed($role, $resource, $privilege)) {
232:                 return TRUE;
233:             }
234:         }
235: 
236:         return FALSE;
237:     }
238: 
239: 
240:     /**
241:      * Sets authorization handler.
242:      * @return self
243:      */
244:     public function setAuthorizator(IAuthorizator $handler)
245:     {
246:         $this->authorizator = $handler;
247:         return $this;
248:     }
249: 
250: 
251:     /**
252:      * Returns current authorization handler.
253:      * @return IAuthorizator
254:      */
255:     public function getAuthorizator($need = TRUE)
256:     {
257:         if ($need && !$this->authorizator) {
258:             throw new Nette\InvalidStateException('Authorizator has not been set.');
259:         }
260:         return $this->authorizator;
261:     }
262: 
263: }
264: