Source for file User.php
Documentation is available at User.php
6: * Copyright (c) 2004, 2009 David Grudl (http://davidgrudl.com)
8: * This source file is subject to the "Nette license" that is bundled
9: * with this package in the file license.txt.
11: * For more information please see http://nettephp.com
13: * @copyright Copyright (c) 2004, 2009 David Grudl
14: * @license http://nettephp.com/license Nette license
15: * @link http://nettephp.com
22: require_once dirname(__FILE__) .
'/../Object.php';
24: require_once dirname(__FILE__) .
'/../Web/IUser.php';
29: * Authentication and authorization.
31: * @author David Grudl
32: * @copyright Copyright (c) 2004, 2009 David Grudl
35: * @property-read IIdentity $identity
36: * @property IAuthenticator $authenticationHandler
37: * @property IAuthorizator $authorizationHandler
38: * @property-read int $signOutReason
39: * @property-read array $roles
40: * @property-read bool $authenticated
44: /**#@+ sign-out reason {@link User::getSignOutReason()} */
50: /** @var string default role for unauthenticated user */
53: /** @var string default role for authenticated user without own identity */
56: /** @var array of function(User $sender); Occurs when the user is successfully authenticated */
59: /** @var array of function(User $sender); Occurs when the user is logged off */
62: /** @var IAuthenticator */
63: private $authenticationHandler;
65: /** @var IAuthorizator */
66: private $authorizationHandler;
69: private $namespace =
'';
71: /** @var SessionNamespace */
76: /********************* Authentication ****************d*g**/
81: * Conducts the authentication process.
86: * @throws AuthenticationException if authentication was not successful
91: if ($handler ===
NULL) {
97: $credentials =
array(
105: $this->onAuthenticated($this);
111: * Logs off the user from the current session.
112: * @param bool clear the identity from persistent storage?
115: final public function signOut($clearIdentity =
FALSE)
119: $this->onSignedOut($this);
122: if ($clearIdentity) {
130: * Is this user authenticated?
136: return $session &&
$session->authenticated;
142: * Returns current user identity, if any.
148: return $session ?
$session->identity :
NULL;
154: * Sets authentication handler.
155: * @param IAuthenticator
160: $this->authenticationHandler =
$handler;
166: * Returns authentication handler.
167: * @return IAuthenticator
171: if ($this->authenticationHandler ===
NULL) {
174: return $this->authenticationHandler;
180: * Changes namespace; allows more users to share a session.
186: if ($this->namespace !==
$namespace) {
187: $this->namespace = (string)
$namespace;
188: $this->session =
NULL;
195: * Returns current namespace.
200: return $this->namespace;
206: * Enables sign out after inactivity.
207: * @param mixed number of seconds or timestamp
208: * @param bool sign out when the browser is closed?
209: * @param bool clear the identity from persistent storage?
212: public function setExpiration($seconds, $whenBrowserIsClosed =
TRUE, $clearIdentity =
FALSE)
223: $session->expireTime =
$seconds;
224: $session->expireDelta =
$seconds -
time();
227: unset($session->expireTime, $session->expireDelta);
230: $session->expireIdentity = (bool)
$clearIdentity;
231: $session->expireBrowser = (bool)
$whenBrowserIsClosed;
232: $session->browserCheck =
TRUE;
233: $session->setExpiration(0, 'browserCheck');
239: * Why was user signed out?
245: return $session ?
$session->reason :
NULL;
251: * Returns and initializes $this->session.
252: * @return SessionNamespace
256: if ($this->session !==
NULL) {
257: return $this->session;
261: if (!$need &&
!$sessionHandler->exists()) {
265: $this->session =
$session =
$sessionHandler->getNamespace('Nette.Web.User/' .
$this->namespace);
271: if ($session->authenticated &&
$session->expireBrowser &&
!$session->browserCheck) { // check if browser was closed?
272: $session->reason =
self::BROWSER_CLOSED;
273: $session->authenticated =
FALSE;
274: $this->onSignedOut($this);
275: if ($session->expireIdentity) {
276: unset($session->identity);
280: if ($session->authenticated &&
$session->expireDelta >
0) { // check time expiration
281: if ($session->expireTime <
time()) {
282: $session->reason =
self::INACTIVITY;
283: $session->authenticated =
FALSE;
284: $this->onSignedOut($this);
285: if ($session->expireIdentity) {
286: unset($session->identity);
289: $session->expireTime =
time() +
$session->expireDelta; // sliding expiration
292: if (!$session->authenticated) {
293: unset($session->expireTime, $session->expireDelta, $session->expireIdentity,
294: $session->expireBrowser, $session->browserCheck, $session->authTime);
297: return $this->session;
303: * Set the authenticated status of this user.
304: * @param bool flag indicating the authenticated status of user
310: $session->authenticated = (bool)
$state;
312: // Session Fixation defence
316: $session->reason =
NULL;
317: $session->authTime =
time(); // informative value
320: $session->reason =
self::MANUAL;
321: $session->authTime =
NULL;
334: /********************* Authorization ****************d*g**/
339: * Returns a list of effective roles that a user has been granted.
355: * Is a user in the specified effective role?
367: * Has a user effective access to the Resource?
368: * If $resource is NULL, then the query applies to all resources.
369: * @param string resource
370: * @param string privilege
373: public function isAllowed($resource =
NULL, $privilege =
NULL)
381: if ($handler->isAllowed($role, $resource, $privilege)) return TRUE;
390: * Sets authorization handler.
391: * @param IAuthorizator
396: $this->authorizationHandler =
$handler;
402: * Returns current authorization handler.
403: * @return IAuthorizator
407: if ($this->authorizationHandler ===
NULL) {
410: return $this->authorizationHandler;
415: /********************* backend ****************d*g**/
420: * Returns session handler.