1: <?php
2:
3: 4: 5: 6: 7: 8: 9: 10: 11:
12:
13:
14:
15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27:
28: class NUser extends NObject implements IUser
29: {
30:
31: const MANUAL = 1,
32: INACTIVITY = 2,
33: BROWSER_CLOSED = 3;
34:
35:
36: public $guestRole = 'guest';
37:
38:
39: public $authenticatedRole = 'authenticated';
40:
41:
42: public $onLoggedIn;
43:
44:
45: public $onLoggedOut;
46:
47:
48: private $namespace = '';
49:
50:
51: private $session;
52:
53:
54: private $context;
55:
56:
57:
58: public function __construct(IDIContainer $context)
59: {
60: $this->context = $context;
61: }
62:
63:
64:
65:
66:
67:
68:
69: 70: 71: 72: 73: 74: 75:
76: public function login($username = NULL, $password = NULL)
77: {
78: $this->logout(TRUE);
79: $credentials = func_get_args();
80: $this->setIdentity($this->context->authenticator->authenticate($credentials));
81: $this->setAuthenticated(TRUE);
82: $this->onLoggedIn($this);
83: }
84:
85:
86:
87: 88: 89: 90: 91:
92: final public function logout($clearIdentity = FALSE)
93: {
94: if ($this->isLoggedIn()) {
95: $this->setAuthenticated(FALSE);
96: $this->onLoggedOut($this);
97: }
98:
99: if ($clearIdentity) {
100: $this->setIdentity(NULL);
101: }
102: }
103:
104:
105:
106: 107: 108: 109:
110: final public function isLoggedIn()
111: {
112: $session = $this->getSessionSection(FALSE);
113: return $session && $session->authenticated;
114: }
115:
116:
117:
118: 119: 120: 121:
122: final public function getIdentity()
123: {
124: $session = $this->getSessionSection(FALSE);
125: return $session ? $session->identity : NULL;
126: }
127:
128:
129:
130: 131: 132: 133:
134: public function getId()
135: {
136: $identity = $this->getIdentity();
137: return $identity ? $identity->getId() : NULL;
138: }
139:
140:
141:
142: 143: 144: 145: 146:
147: public function setAuthenticator(IAuthenticator $handler)
148: {
149: $this->context->removeService('authenticator');
150: $this->context->authenticator = $handler;
151: return $this;
152: }
153:
154:
155:
156: 157: 158: 159:
160: final public function getAuthenticator()
161: {
162: return $this->context->authenticator;
163: }
164:
165:
166:
167: 168: 169: 170: 171:
172: public function setNamespace($namespace)
173: {
174: if ($this->namespace !== $namespace) {
175: $this->namespace = (string) $namespace;
176: $this->session = NULL;
177: }
178: return $this;
179: }
180:
181:
182:
183: 184: 185: 186:
187: final public function getNamespace()
188: {
189: return $this->namespace;
190: }
191:
192:
193:
194: 195: 196: 197: 198: 199: 200:
201: public function setExpiration($time, $whenBrowserIsClosed = TRUE, $clearIdentity = FALSE)
202: {
203: $session = $this->getSessionSection(TRUE);
204: if ($time) {
205: $time = NDateTime53::from($time)->format('U');
206: $session->expireTime = $time;
207: $session->expireDelta = $time - time();
208:
209: } else {
210: unset($session->expireTime, $session->expireDelta);
211: }
212:
213: $session->expireIdentity = (bool) $clearIdentity;
214: $session->expireBrowser = (bool) $whenBrowserIsClosed;
215: $session->browserCheck = TRUE;
216: $session->setExpiration(0, 'browserCheck');
217: return $this;
218: }
219:
220:
221:
222: 223: 224: 225:
226: final public function getLogoutReason()
227: {
228: $session = $this->getSessionSection(FALSE);
229: return $session ? $session->reason : NULL;
230: }
231:
232:
233:
234: 235: 236: 237:
238: protected function getSessionSection($need)
239: {
240: if ($this->session !== NULL) {
241: return $this->session;
242: }
243:
244: if (!$need && !$this->context->session->exists()) {
245: return NULL;
246: }
247:
248: $this->session = $session = $this->context->session->getSection('Nette.Web.User/' . $this->namespace);
249:
250: if (!$session->identity instanceof IIdentity || !is_bool($session->authenticated)) {
251: $session->remove();
252: }
253:
254: if ($session->authenticated && $session->expireBrowser && !$session->browserCheck) {
255: $session->reason = self::BROWSER_CLOSED;
256: $session->authenticated = FALSE;
257: $this->onLoggedOut($this);
258: if ($session->expireIdentity) {
259: unset($session->identity);
260: }
261: }
262:
263: if ($session->authenticated && $session->expireDelta > 0) {
264: if ($session->expireTime < time()) {
265: $session->reason = self::INACTIVITY;
266: $session->authenticated = FALSE;
267: $this->onLoggedOut($this);
268: if ($session->expireIdentity) {
269: unset($session->identity);
270: }
271: }
272: $session->expireTime = time() + $session->expireDelta;
273: }
274:
275: if (!$session->authenticated) {
276: unset($session->expireTime, $session->expireDelta, $session->expireIdentity,
277: $session->expireBrowser, $session->browserCheck, $session->authTime);
278: }
279:
280: return $this->session;
281: }
282:
283:
284:
285: 286: 287: 288: 289:
290: protected function setAuthenticated($state)
291: {
292: $session = $this->getSessionSection(TRUE);
293: $session->authenticated = (bool) $state;
294:
295:
296: $this->context->session->regenerateId();
297:
298: if ($state) {
299: $session->reason = NULL;
300: $session->authTime = time();
301:
302: } else {
303: $session->reason = self::MANUAL;
304: $session->authTime = NULL;
305: }
306: return $this;
307: }
308:
309:
310:
311: 312: 313: 314: 315:
316: protected function setIdentity(IIdentity $identity = NULL)
317: {
318: $this->getSessionSection(TRUE)->identity = $identity;
319: return $this;
320: }
321:
322:
323:
324:
325:
326:
327:
328: 329: 330: 331:
332: public function getRoles()
333: {
334: if (!$this->isLoggedIn()) {
335: return array($this->guestRole);
336: }
337:
338: $identity = $this->getIdentity();
339: return $identity ? $identity->getRoles() : array($this->authenticatedRole);
340: }
341:
342:
343:
344: 345: 346: 347: 348:
349: final public function isInRole($role)
350: {
351: return in_array($role, $this->getRoles(), TRUE);
352: }
353:
354:
355:
356: 357: 358: 359: 360: 361: 362:
363: public function isAllowed($resource = IAuthorizator::ALL, $privilege = IAuthorizator::ALL)
364: {
365: $authorizator = $this->context->authorizator;
366: foreach ($this->getRoles() as $role) {
367: if ($authorizator->isAllowed($role, $resource, $privilege)) {
368: return TRUE;
369: }
370: }
371:
372: return FALSE;
373: }
374:
375:
376:
377: 378: 379: 380: 381:
382: public function setAuthorizator(IAuthorizator $handler)
383: {
384: $this->context->removeService('authorizator');
385: $this->context->authorizator = $handler;
386: return $this;
387: }
388:
389:
390:
391: 392: 393: 394:
395: final public function getAuthorizator()
396: {
397: return $this->context->authorizator;
398: }
399:
400:
401:
402:
403:
404:
405: function setAuthenticationHandler($v)
406: {
407: trigger_error(__METHOD__ . '() is deprecated; use setAuthenticator() instead.', E_USER_WARNING);
408: return $this->setAuthenticator($v);
409: }
410:
411:
412: function setAuthorizationHandler($v)
413: {
414: trigger_error(__METHOD__ . '() is deprecated; use setAuthorizator() instead.', E_USER_WARNING);
415: return $this->setAuthorizator($v);
416: }
417:
418: }
419: