Packages

  • Nette
    • Application
      • Application\Diagnostics
      • Application\Responses
      • Application\Routers
      • Application\UI
    • Caching
      • Caching\Storages
    • ComponentModel
    • Config
    • Database
      • Database\Diagnostics
      • Database\Drivers
      • Database\Reflection
      • Database\Table
    • DI
    • Diagnostics
    • Forms
      • Forms\Controls
      • Forms\Rendering
    • Http
    • Iterators
    • Latte
      • Latte\Macros
    • Loaders
    • Localization
    • Mail
    • Reflection
    • Security
    • Templating
    • Utils
  • NetteModule
  • None
  • PHP

Classes

  • HttpContext
  • HttpRequest
  • HttpRequestFactory
  • HttpResponse
  • HttpUploadedFile
  • Session
  • SessionSection
  • Url
  • UrlScript
  • User

Interfaces

  • IHttpRequest
  • IHttpResponse
  • ISessionStorage
  • IUser
  • Overview
  • Package
  • Class
  • Tree
  1: <?php
  2: 
  3: /**
  4:  * This file is part of the Nette Framework (http://nette.org)
  5:  *
  6:  * Copyright (c) 2004, 2011 David Grudl (http://davidgrudl.com)
  7:  *
  8:  * For the full copyright and license information, please view
  9:  * the file license.txt that was distributed with this source code.
 10:  * @package Nette\Http
 11:  */
 12: 
 13: 
 14: 
 15: /**
 16:  * User authentication and authorization.
 17:  *
 18:  * @author     David Grudl
 19:  *
 20:  * @property-read IIdentity $identity
 21:  * @property   IAuthenticator $authenticator
 22:  * @property   IAuthorizator $authorizator
 23:  * @property-read int $logoutReason
 24:  * @property-read array $roles
 25:  * @property-read bool $authenticated
 26:  * @package Nette\Http
 27:  */
 28: class User extends Object implements IUser
 29: {
 30:     /** log-out reason {@link User::getLogoutReason()} */
 31:     const MANUAL = 1,
 32:         INACTIVITY = 2,
 33:         BROWSER_CLOSED = 3;
 34: 
 35:     /** @var string  default role for unauthenticated user */
 36:     public $guestRole = 'guest';
 37: 
 38:     /** @var string  default role for authenticated user without own identity */
 39:     public $authenticatedRole = 'authenticated';
 40: 
 41:     /** @var array of function(User $sender); Occurs when the user is successfully logged in */
 42:     public $onLoggedIn;
 43: 
 44:     /** @var array of function(User $sender); Occurs when the user is logged out */
 45:     public $onLoggedOut;
 46: 
 47:     /** @var string */
 48:     private $namespace = '';
 49: 
 50:     /** @var SessionSection */
 51:     private $session;
 52: 
 53:     /** @var IDIContainer */
 54:     private $context;
 55: 
 56: 
 57: 
 58:     public function __construct(IDIContainer $context)
 59:     {
 60:         $this->context = $context;
 61:     }
 62: 
 63: 
 64: 
 65:     /********************* Authentication ****************d*g**/
 66: 
 67: 
 68: 
 69:     /**
 70:      * Conducts the authentication process. Parameters are optional.
 71:      * @param  mixed optional parameter (e.g. username)
 72:      * @param  mixed optional parameter (e.g. password)
 73:      * @return void
 74:      * @throws AuthenticationException if authentication was not successful
 75:      */
 76:     public function login($username = NULL, $password = NULL)
 77:     {
 78:         $this->logout(TRUE);
 79:         $credentials = func_get_args();
 80:         $this->setIdentity($this->context->authenticator->authenticate($credentials));
 81:         $this->setAuthenticated(TRUE);
 82:         $this->onLoggedIn($this);
 83:     }
 84: 
 85: 
 86: 
 87:     /**
 88:      * Logs out the user from the current session.
 89:      * @param  bool  clear the identity from persistent storage?
 90:      * @return void
 91:      */
 92:     final public function logout($clearIdentity = FALSE)
 93:     {
 94:         if ($this->isLoggedIn()) {
 95:             $this->setAuthenticated(FALSE);
 96:             $this->onLoggedOut($this);
 97:         }
 98: 
 99:         if ($clearIdentity) {
100:             $this->setIdentity(NULL);
101:         }
102:     }
103: 
104: 
105: 
106:     /**
107:      * Is this user authenticated?
108:      * @return bool
109:      */
110:     final public function isLoggedIn()
111:     {
112:         $session = $this->getSessionSection(FALSE);
113:         return $session && $session->authenticated;
114:     }
115: 
116: 
117: 
118:     /**
119:      * Returns current user identity, if any.
120:      * @return IIdentity
121:      */
122:     final public function getIdentity()
123:     {
124:         $session = $this->getSessionSection(FALSE);
125:         return $session ? $session->identity : NULL;
126:     }
127: 
128: 
129: 
130:     /**
131:      * Returns current user ID, if any.
132:      * @return mixed
133:      */
134:     public function getId()
135:     {
136:         $identity = $this->getIdentity();
137:         return $identity ? $identity->getId() : NULL;
138:     }
139: 
140: 
141: 
142:     /**
143:      * Sets authentication handler.
144:      * @param  IAuthenticator
145:      * @return User  provides a fluent interface
146:      */
147:     public function setAuthenticator(IAuthenticator $handler)
148:     {
149:         $this->context->removeService('authenticator');
150:         $this->context->authenticator = $handler;
151:         return $this;
152:     }
153: 
154: 
155: 
156:     /**
157:      * Returns authentication handler.
158:      * @return IAuthenticator
159:      */
160:     final public function getAuthenticator()
161:     {
162:         return $this->context->authenticator;
163:     }
164: 
165: 
166: 
167:     /**
168:      * Changes namespace; allows more users to share a session.
169:      * @param  string
170:      * @return User  provides a fluent interface
171:      */
172:     public function setNamespace($namespace)
173:     {
174:         if ($this->namespace !== $namespace) {
175:             $this->namespace = (string) $namespace;
176:             $this->session = NULL;
177:         }
178:         return $this;
179:     }
180: 
181: 
182: 
183:     /**
184:      * Returns current namespace.
185:      * @return string
186:      */
187:     final public function getNamespace()
188:     {
189:         return $this->namespace;
190:     }
191: 
192: 
193: 
194:     /**
195:      * Enables log out after inactivity.
196:      * @param  string|int|DateTime number of seconds or timestamp
197:      * @param  bool  log out when the browser is closed?
198:      * @param  bool  clear the identity from persistent storage?
199:      * @return User  provides a fluent interface
200:      */
201:     public function setExpiration($time, $whenBrowserIsClosed = TRUE, $clearIdentity = FALSE)
202:     {
203:         $session = $this->getSessionSection(TRUE);
204:         if ($time) {
205:             $time = DateTime53::from($time)->format('U');
206:             $session->expireTime = $time;
207:             $session->expireDelta = $time - time();
208: 
209:         } else {
210:             unset($session->expireTime, $session->expireDelta);
211:         }
212: 
213:         $session->expireIdentity = (bool) $clearIdentity;
214:         $session->expireBrowser = (bool) $whenBrowserIsClosed;
215:         $session->browserCheck = TRUE;
216:         $session->setExpiration(0, 'browserCheck');
217:         return $this;
218:     }
219: 
220: 
221: 
222:     /**
223:      * Why was user logged out?
224:      * @return int
225:      */
226:     final public function getLogoutReason()
227:     {
228:         $session = $this->getSessionSection(FALSE);
229:         return $session ? $session->reason : NULL;
230:     }
231: 
232: 
233: 
234:     /**
235:      * Returns and initializes $this->session.
236:      * @return SessionSection
237:      */
238:     protected function getSessionSection($need)
239:     {
240:         if ($this->session !== NULL) {
241:             return $this->session;
242:         }
243: 
244:         if (!$need && !$this->context->session->exists()) {
245:             return NULL;
246:         }
247: 
248:         $this->session = $session = $this->context->session->getSection('Nette.Web.User/' . $this->namespace);
249: 
250:         if (!$session->identity instanceof IIdentity || !is_bool($session->authenticated)) {
251:             $session->remove();
252:         }
253: 
254:         if ($session->authenticated && $session->expireBrowser && !$session->browserCheck) { // check if browser was closed?
255:             $session->reason = self::BROWSER_CLOSED;
256:             $session->authenticated = FALSE;
257:             $this->onLoggedOut($this);
258:             if ($session->expireIdentity) {
259:                 unset($session->identity);
260:             }
261:         }
262: 
263:         if ($session->authenticated && $session->expireDelta > 0) { // check time expiration
264:             if ($session->expireTime < time()) {
265:                 $session->reason = self::INACTIVITY;
266:                 $session->authenticated = FALSE;
267:                 $this->onLoggedOut($this);
268:                 if ($session->expireIdentity) {
269:                     unset($session->identity);
270:                 }
271:             }
272:             $session->expireTime = time() + $session->expireDelta; // sliding expiration
273:         }
274: 
275:         if (!$session->authenticated) {
276:             unset($session->expireTime, $session->expireDelta, $session->expireIdentity,
277:                 $session->expireBrowser, $session->browserCheck, $session->authTime);
278:         }
279: 
280:         return $this->session;
281:     }
282: 
283: 
284: 
285:     /**
286:      * Sets the authenticated status of this user.
287:      * @param  bool  flag indicating the authenticated status of user
288:      * @return User  provides a fluent interface
289:      */
290:     protected function setAuthenticated($state)
291:     {
292:         $session = $this->getSessionSection(TRUE);
293:         $session->authenticated = (bool) $state;
294: 
295:         // Session Fixation defence
296:         $this->context->session->regenerateId();
297: 
298:         if ($state) {
299:             $session->reason = NULL;
300:             $session->authTime = time(); // informative value
301: 
302:         } else {
303:             $session->reason = self::MANUAL;
304:             $session->authTime = NULL;
305:         }
306:         return $this;
307:     }
308: 
309: 
310: 
311:     /**
312:      * Sets the user identity.
313:      * @param  IIdentity
314:      * @return User  provides a fluent interface
315:      */
316:     protected function setIdentity(IIdentity $identity = NULL)
317:     {
318:         $this->getSessionSection(TRUE)->identity = $identity;
319:         return $this;
320:     }
321: 
322: 
323: 
324:     /********************* Authorization ****************d*g**/
325: 
326: 
327: 
328:     /**
329:      * Returns a list of effective roles that a user has been granted.
330:      * @return array
331:      */
332:     public function getRoles()
333:     {
334:         if (!$this->isLoggedIn()) {
335:             return array($this->guestRole);
336:         }
337: 
338:         $identity = $this->getIdentity();
339:         return $identity ? $identity->getRoles() : array($this->authenticatedRole);
340:     }
341: 
342: 
343: 
344:     /**
345:      * Is a user in the specified effective role?
346:      * @param  string
347:      * @return bool
348:      */
349:     final public function isInRole($role)
350:     {
351:         return in_array($role, $this->getRoles(), TRUE);
352:     }
353: 
354: 
355: 
356:     /**
357:      * Has a user effective access to the Resource?
358:      * If $resource is NULL, then the query applies to all resources.
359:      * @param  string  resource
360:      * @param  string  privilege
361:      * @return bool
362:      */
363:     public function isAllowed($resource = IAuthorizator::ALL, $privilege = IAuthorizator::ALL)
364:     {
365:         $authorizator = $this->context->authorizator;
366:         foreach ($this->getRoles() as $role) {
367:             if ($authorizator->isAllowed($role, $resource, $privilege)) {
368:                 return TRUE;
369:             }
370:         }
371: 
372:         return FALSE;
373:     }
374: 
375: 
376: 
377:     /**
378:      * Sets authorization handler.
379:      * @param  IAuthorizator
380:      * @return User  provides a fluent interface
381:      */
382:     public function setAuthorizator(IAuthorizator $handler)
383:     {
384:         $this->context->removeService('authorizator');
385:         $this->context->authorizator = $handler;
386:         return $this;
387:     }
388: 
389: 
390: 
391:     /**
392:      * Returns current authorization handler.
393:      * @return IAuthorizator
394:      */
395:     final public function getAuthorizator()
396:     {
397:         return $this->context->authorizator;
398:     }
399: 
400: 
401: 
402:     /********************* deprecated ****************d*g**/
403: 
404:     /** @deprecated */
405:     function setAuthenticationHandler($v)
406:     {
407:         trigger_error(__METHOD__ . '() is deprecated; use setAuthenticator() instead.', E_USER_WARNING);
408:         return $this->setAuthenticator($v);
409:     }
410: 
411:     /** @deprecated */
412:     function setAuthorizationHandler($v)
413:     {
414:         trigger_error(__METHOD__ . '() is deprecated; use setAuthorizator() instead.', E_USER_WARNING);
415:         return $this->setAuthorizator($v);
416:     }
417: 
418: }
419: 
Nette Framework 2.0beta1 (for PHP 5.2) API API documentation generated by ApiGen 2.3.0