1: <?php
  2: 
  3: /**
  4:  * This file is part of the Nette Framework (https://nette.org)
  5:  * Copyright (c) 2004 David Grudl (https://davidgrudl.com)
  6:  */
  7: 
  8: namespace Nette\Security;
  9: 
 10: use Nette;
 11: 
 12: 
 13: /**
 14:  * User authentication and authorization.
 15:  *
 16:  * @property-read bool $loggedIn
 17:  * @property-read IIdentity $identity
 18:  * @property-read mixed $id
 19:  * @property-read array $roles
 20:  * @property-read int $logoutReason
 21:  * @property   IAuthenticator $authenticator
 22:  * @property   IAuthorizator $authorizator
 23:  */
 24: class User
 25: {
 26:     use Nette\SmartObject;
 27: 
 28:     /** @deprecated */
 29:     const
 30:         MANUAL = IUserStorage::MANUAL,
 31:         INACTIVITY = IUserStorage::INACTIVITY;
 32: 
 33:     /** @deprecated */
 34:     const BROWSER_CLOSED = IUserStorage::BROWSER_CLOSED;
 35: 
 36:     /** @var string  default role for unauthenticated user */
 37:     public $guestRole = 'guest';
 38: 
 39:     /** @var string  default role for authenticated user without own identity */
 40:     public $authenticatedRole = 'authenticated';
 41: 
 42:     /** @var callable[]  function (User $sender); Occurs when the user is successfully logged in */
 43:     public $onLoggedIn;
 44: 
 45:     /** @var callable[]  function (User $sender); Occurs when the user is logged out */
 46:     public $onLoggedOut;
 47: 
 48:     /** @var IUserStorage Session storage for current user */
 49:     private $storage;
 50: 
 51:     /** @var IAuthenticator|null */
 52:     private $authenticator;
 53: 
 54:     /** @var IAuthorizator|null */
 55:     private $authorizator;
 56: 
 57: 
 58:     public function __construct(IUserStorage $storage, IAuthenticator $authenticator = null, IAuthorizator $authorizator = null)
 59:     {
 60:         $this->storage = $storage;
 61:         $this->authenticator = $authenticator;
 62:         $this->authorizator = $authorizator;
 63:     }
 64: 
 65: 
 66:     /**
 67:      * @return IUserStorage
 68:      */
 69:     public function getStorage()
 70:     {
 71:         return $this->storage;
 72:     }
 73: 
 74: 
 75:     /********************* Authentication ****************d*g**/
 76: 
 77: 
 78:     /**
 79:      * Conducts the authentication process. Parameters are optional.
 80:      * @param  string|IIdentity  username or Identity
 81:      * @param  string
 82:      * @return void
 83:      * @throws AuthenticationException if authentication was not successful
 84:      */
 85:     public function login($user, $password = null)
 86:     {
 87:         $this->logout(true);
 88:         if (!$user instanceof IIdentity) {
 89:             $user = $this->getAuthenticator()->authenticate(func_get_args());
 90:         }
 91:         $this->storage->setIdentity($user);
 92:         $this->storage->setAuthenticated(true);
 93:         $this->onLoggedIn($this);
 94:     }
 95: 
 96: 
 97:     /**
 98:      * Logs out the user from the current session.
 99:      * @param  bool  clear the identity from persistent storage?
100:      * @return void
101:      */
102:     public function logout($clearIdentity = false)
103:     {
104:         if ($this->isLoggedIn()) {
105:             $this->onLoggedOut($this);
106:             $this->storage->setAuthenticated(false);
107:         }
108:         if ($clearIdentity) {
109:             $this->storage->setIdentity(null);
110:         }
111:     }
112: 
113: 
114:     /**
115:      * Is this user authenticated?
116:      * @return bool
117:      */
118:     public function isLoggedIn()
119:     {
120:         return $this->storage->isAuthenticated();
121:     }
122: 
123: 
124:     /**
125:      * Returns current user identity, if any.
126:      * @return IIdentity|null
127:      */
128:     public function getIdentity()
129:     {
130:         return $this->storage->getIdentity();
131:     }
132: 
133: 
134:     /**
135:      * Returns current user ID, if any.
136:      * @return mixed
137:      */
138:     public function getId()
139:     {
140:         $identity = $this->getIdentity();
141:         return $identity ? $identity->getId() : null;
142:     }
143: 
144: 
145:     /**
146:      * Sets authentication handler.
147:      * @return static
148:      */
149:     public function setAuthenticator(IAuthenticator $handler)
150:     {
151:         $this->authenticator = $handler;
152:         return $this;
153:     }
154: 
155: 
156:     /**
157:      * Returns authentication handler.
158:      * @return IAuthenticator|null
159:      */
160:     public function getAuthenticator($throw = true)
161:     {
162:         if ($throw && !$this->authenticator) {
163:             throw new Nette\InvalidStateException('Authenticator has not been set.');
164:         }
165:         return $this->authenticator;
166:     }
167: 
168: 
169:     /**
170:      * Enables log out after inactivity.
171:      * @param  string|int|\DateTimeInterface number of seconds or timestamp
172:      * @param  int|bool  flag IUserStorage::CLEAR_IDENTITY
173:      * @param  bool  clear the identity from persistent storage? (deprecated)
174:      * @return static
175:      */
176:     public function setExpiration($time, $flags = null, $clearIdentity = false)
177:     {
178:         $clearIdentity = $clearIdentity || $flags === IUserStorage::CLEAR_IDENTITY;
179:         $this->storage->setExpiration($time, $clearIdentity ? IUserStorage::CLEAR_IDENTITY : 0);
180:         return $this;
181:     }
182: 
183: 
184:     /**
185:      * Why was user logged out?
186:      * @return int|null
187:      */
188:     public function getLogoutReason()
189:     {
190:         return $this->storage->getLogoutReason();
191:     }
192: 
193: 
194:     /********************* Authorization ****************d*g**/
195: 
196: 
197:     /**
198:      * Returns a list of effective roles that a user has been granted.
199:      * @return array
200:      */
201:     public function getRoles()
202:     {
203:         if (!$this->isLoggedIn()) {
204:             return [$this->guestRole];
205:         }
206: 
207:         $identity = $this->getIdentity();
208:         return $identity && $identity->getRoles() ? $identity->getRoles() : [$this->authenticatedRole];
209:     }
210: 
211: 
212:     /**
213:      * Is a user in the specified effective role?
214:      * @param  string
215:      * @return bool
216:      */
217:     public function isInRole($role)
218:     {
219:         return in_array($role, $this->getRoles(), true);
220:     }
221: 
222: 
223:     /**
224:      * Has a user effective access to the Resource?
225:      * If $resource is null, then the query applies to all resources.
226:      * @param  string  resource
227:      * @param  string  privilege
228:      * @return bool
229:      */
230:     public function isAllowed($resource = IAuthorizator::ALL, $privilege = IAuthorizator::ALL)
231:     {
232:         foreach ($this->getRoles() as $role) {
233:             if ($this->getAuthorizator()->isAllowed($role, $resource, $privilege)) {
234:                 return true;
235:             }
236:         }
237: 
238:         return false;
239:     }
240: 
241: 
242:     /**
243:      * Sets authorization handler.
244:      * @return static
245:      */
246:     public function setAuthorizator(IAuthorizator $handler)
247:     {
248:         $this->authorizator = $handler;
249:         return $this;
250:     }
251: 
252: 
253:     /**
254:      * Returns current authorization handler.
255:      * @return IAuthorizator|null
256:      */
257:     public function getAuthorizator($throw = true)
258:     {
259:         if ($throw && !$this->authorizator) {
260:             throw new Nette\InvalidStateException('Authorizator has not been set.');
261:         }
262:         return $this->authorizator;
263:     }
264: }
265: