Source for file User.php
Documentation is available at User.php
6: * Copyright (c) 2004, 2009 David Grudl (http://davidgrudl.com)
8: * This source file is subject to the "Nette license" that is bundled
9: * with this package in the file license.txt.
11: * For more information please see http://nettephp.com
13: * @copyright Copyright (c) 2004, 2009 David Grudl
14: * @license http://nettephp.com/license Nette license
15: * @link http://nettephp.com
22: require_once dirname(__FILE__) .
'/../Object.php';
24: require_once dirname(__FILE__) .
'/../Web/IUser.php';
29: * Authentication and authorization.
31: * @author David Grudl
32: * @copyright Copyright (c) 2004, 2009 David Grudl
35: * @property-read IIdentity $identity
36: * @property IAuthenticator $authenticationHandler
37: * @property IAuthorizator $authorizationHandler
38: * @property-read int $signOutReason
39: * @property-read array $roles
40: * @property-read bool $authenticated
44: /**#@+ sign-out reason {@link User::getSignOutReason()} */
50: /** @var string default role for unauthenticated user */
53: /** @var string default role for authenticated user without own identity */
56: /** @var array of function(User $sender); Occurs when the user is successfully authenticated */
59: /** @var array of function(User $sender); Occurs when the user is logged off */
62: /** @var IAuthenticator */
63: private $authenticationHandler;
65: /** @var IAuthorizator */
66: private $authorizationHandler;
69: private $namespace =
'';
71: /** @var SessionNamespace */
76: /********************* Authentication ****************d*g**/
81: * Conducts the authentication process.
86: * @throws AuthenticationException if authentication was not successful
91: if ($handler ===
NULL) {
97: $credentials =
array(
105: $this->onAuthenticated($this);
111: * Logs off the user from the current session.
112: * @param bool clear the identity from persistent storage?
115: final public function signOut($clearIdentity =
FALSE)
119: $this->onSignedOut($this);
122: if ($clearIdentity) {
130: * Is this user authenticated?
136: return $session &&
$session->authenticated;
142: * Returns current user identity, if any.
148: return $session ?
$session->identity :
NULL;
154: * Sets authentication handler.
155: * @param IAuthenticator
156: * @return User provides a fluent interface
160: $this->authenticationHandler =
$handler;
167: * Returns authentication handler.
168: * @return IAuthenticator
172: if ($this->authenticationHandler ===
NULL) {
175: return $this->authenticationHandler;
181: * Changes namespace; allows more users to share a session.
183: * @return User provides a fluent interface
187: if ($this->namespace !==
$namespace) {
188: $this->namespace = (string)
$namespace;
189: $this->session =
NULL;
197: * Returns current namespace.
202: return $this->namespace;
208: * Enables sign out after inactivity.
209: * @param mixed number of seconds or timestamp
210: * @param bool sign out when the browser is closed?
211: * @param bool clear the identity from persistent storage?
212: * @return User provides a fluent interface
214: public function setExpiration($seconds, $whenBrowserIsClosed =
TRUE, $clearIdentity =
FALSE)
225: $session->expireTime =
$seconds;
226: $session->expireDelta =
$seconds -
time();
229: unset($session->expireTime, $session->expireDelta);
232: $session->expireIdentity = (bool)
$clearIdentity;
233: $session->expireBrowser = (bool)
$whenBrowserIsClosed;
234: $session->browserCheck =
TRUE;
235: $session->setExpiration(0, 'browserCheck');
242: * Why was user signed out?
248: return $session ?
$session->reason :
NULL;
254: * Returns and initializes $this->session.
255: * @return SessionNamespace
259: if ($this->session !==
NULL) {
260: return $this->session;
264: if (!$need &&
!$sessionHandler->exists()) {
268: $this->session =
$session =
$sessionHandler->getNamespace('Nette.Web.User/' .
$this->namespace);
274: if ($session->authenticated &&
$session->expireBrowser &&
!$session->browserCheck) { // check if browser was closed?
275: $session->reason =
self::BROWSER_CLOSED;
276: $session->authenticated =
FALSE;
277: $this->onSignedOut($this);
278: if ($session->expireIdentity) {
279: unset($session->identity);
283: if ($session->authenticated &&
$session->expireDelta >
0) { // check time expiration
284: if ($session->expireTime <
time()) {
285: $session->reason =
self::INACTIVITY;
286: $session->authenticated =
FALSE;
287: $this->onSignedOut($this);
288: if ($session->expireIdentity) {
289: unset($session->identity);
292: $session->expireTime =
time() +
$session->expireDelta; // sliding expiration
295: if (!$session->authenticated) {
296: unset($session->expireTime, $session->expireDelta, $session->expireIdentity,
297: $session->expireBrowser, $session->browserCheck, $session->authTime);
300: return $this->session;
306: * Sets the authenticated status of this user.
307: * @param bool flag indicating the authenticated status of user
308: * @return User provides a fluent interface
313: $session->authenticated = (bool)
$state;
315: // Session Fixation defence
319: $session->reason =
NULL;
320: $session->authTime =
time(); // informative value
323: $session->reason =
self::MANUAL;
324: $session->authTime =
NULL;
332: * Sets the user identity.
334: * @return User provides a fluent interface
344: /********************* Authorization ****************d*g**/
349: * Returns a list of effective roles that a user has been granted.
365: * Is a user in the specified effective role?
377: * Has a user effective access to the Resource?
378: * If $resource is NULL, then the query applies to all resources.
379: * @param string resource
380: * @param string privilege
383: public function isAllowed($resource =
NULL, $privilege =
NULL)
391: if ($handler->isAllowed($role, $resource, $privilege)) return TRUE;
400: * Sets authorization handler.
401: * @param IAuthorizator
402: * @return User provides a fluent interface
406: $this->authorizationHandler =
$handler;
413: * Returns current authorization handler.
414: * @return IAuthorizator
418: if ($this->authorizationHandler ===
NULL) {
421: return $this->authorizationHandler;
426: /********************* backend ****************d*g**/
431: * Returns session handler.