1: <?php
2:
3: 4: 5: 6: 7: 8: 9: 10:
11:
12: namespace Nette\Http;
13:
14: use Nette,
15: Nette\Security\IAuthenticator,
16: Nette\Security\IAuthorizator,
17: Nette\Security\IIdentity;
18:
19:
20:
21: 22: 23: 24: 25: 26: 27: 28: 29: 30: 31: 32:
33: class User extends Nette\Object implements IUser
34: {
35:
36: const MANUAL = 1,
37: INACTIVITY = 2,
38: BROWSER_CLOSED = 3;
39:
40:
41: public $guestRole = 'guest';
42:
43:
44: public $authenticatedRole = 'authenticated';
45:
46:
47: public $onLoggedIn;
48:
49:
50: public $onLoggedOut;
51:
52:
53: private $namespace = '';
54:
55:
56: private $session;
57:
58:
59: private $context;
60:
61:
62:
63: public function __construct(Nette\DI\IContainer $context)
64: {
65: $this->context = $context;
66: }
67:
68:
69:
70:
71:
72:
73:
74: 75: 76: 77: 78: 79: 80:
81: public function login($username = NULL, $password = NULL)
82: {
83: $this->logout(TRUE);
84: $credentials = func_get_args();
85: $this->setIdentity($this->context->authenticator->authenticate($credentials));
86: $this->setAuthenticated(TRUE);
87: $this->onLoggedIn($this);
88: }
89:
90:
91:
92: 93: 94: 95: 96:
97: final public function logout($clearIdentity = FALSE)
98: {
99: if ($this->isLoggedIn()) {
100: $this->setAuthenticated(FALSE);
101: $this->onLoggedOut($this);
102: }
103:
104: if ($clearIdentity) {
105: $this->setIdentity(NULL);
106: }
107: }
108:
109:
110:
111: 112: 113: 114:
115: final public function isLoggedIn()
116: {
117: $session = $this->getSessionSection(FALSE);
118: return $session && $session->authenticated;
119: }
120:
121:
122:
123: 124: 125: 126:
127: final public function getIdentity()
128: {
129: $session = $this->getSessionSection(FALSE);
130: return $session ? $session->identity : NULL;
131: }
132:
133:
134:
135: 136: 137: 138:
139: public function getId()
140: {
141: $identity = $this->getIdentity();
142: return $identity ? $identity->getId() : NULL;
143: }
144:
145:
146:
147: 148: 149: 150: 151:
152: public function setAuthenticator(IAuthenticator $handler)
153: {
154: $this->context->removeService('authenticator');
155: $this->context->authenticator = $handler;
156: return $this;
157: }
158:
159:
160:
161: 162: 163: 164:
165: final public function getAuthenticator()
166: {
167: return $this->context->authenticator;
168: }
169:
170:
171:
172: 173: 174: 175: 176:
177: public function setNamespace($namespace)
178: {
179: if ($this->namespace !== $namespace) {
180: $this->namespace = (string) $namespace;
181: $this->session = NULL;
182: }
183: return $this;
184: }
185:
186:
187:
188: 189: 190: 191:
192: final public function getNamespace()
193: {
194: return $this->namespace;
195: }
196:
197:
198:
199: 200: 201: 202: 203: 204: 205:
206: public function setExpiration($time, $whenBrowserIsClosed = TRUE, $clearIdentity = FALSE)
207: {
208: $session = $this->getSessionSection(TRUE);
209: if ($time) {
210: $time = Nette\DateTime::from($time)->format('U');
211: $session->expireTime = $time;
212: $session->expireDelta = $time - time();
213:
214: } else {
215: unset($session->expireTime, $session->expireDelta);
216: }
217:
218: $session->expireIdentity = (bool) $clearIdentity;
219: $session->expireBrowser = (bool) $whenBrowserIsClosed;
220: $session->browserCheck = TRUE;
221: $session->setExpiration(0, 'browserCheck');
222: return $this;
223: }
224:
225:
226:
227: 228: 229: 230:
231: final public function getLogoutReason()
232: {
233: $session = $this->getSessionSection(FALSE);
234: return $session ? $session->reason : NULL;
235: }
236:
237:
238:
239: 240: 241: 242:
243: protected function getSessionSection($need)
244: {
245: if ($this->session !== NULL) {
246: return $this->session;
247: }
248:
249: if (!$need && !$this->context->session->exists()) {
250: return NULL;
251: }
252:
253: $this->session = $session = $this->context->session->getSection('Nette.Web.User/' . $this->namespace);
254:
255: if (!$session->identity instanceof IIdentity || !is_bool($session->authenticated)) {
256: $session->remove();
257: }
258:
259: if ($session->authenticated && $session->expireBrowser && !$session->browserCheck) {
260: $session->reason = self::BROWSER_CLOSED;
261: $session->authenticated = FALSE;
262: $this->onLoggedOut($this);
263: if ($session->expireIdentity) {
264: unset($session->identity);
265: }
266: }
267:
268: if ($session->authenticated && $session->expireDelta > 0) {
269: if ($session->expireTime < time()) {
270: $session->reason = self::INACTIVITY;
271: $session->authenticated = FALSE;
272: $this->onLoggedOut($this);
273: if ($session->expireIdentity) {
274: unset($session->identity);
275: }
276: }
277: $session->expireTime = time() + $session->expireDelta;
278: }
279:
280: if (!$session->authenticated) {
281: unset($session->expireTime, $session->expireDelta, $session->expireIdentity,
282: $session->expireBrowser, $session->browserCheck, $session->authTime);
283: }
284:
285: return $this->session;
286: }
287:
288:
289:
290: 291: 292: 293: 294:
295: protected function setAuthenticated($state)
296: {
297: $session = $this->getSessionSection(TRUE);
298: $session->authenticated = (bool) $state;
299:
300:
301: $this->context->session->regenerateId();
302:
303: if ($state) {
304: $session->reason = NULL;
305: $session->authTime = time();
306:
307: } else {
308: $session->reason = self::MANUAL;
309: $session->authTime = NULL;
310: }
311: return $this;
312: }
313:
314:
315:
316: 317: 318: 319: 320:
321: protected function setIdentity(IIdentity $identity = NULL)
322: {
323: $this->getSessionSection(TRUE)->identity = $identity;
324: return $this;
325: }
326:
327:
328:
329:
330:
331:
332:
333: 334: 335: 336:
337: public function getRoles()
338: {
339: if (!$this->isLoggedIn()) {
340: return array($this->guestRole);
341: }
342:
343: $identity = $this->getIdentity();
344: return $identity ? $identity->getRoles() : array($this->authenticatedRole);
345: }
346:
347:
348:
349: 350: 351: 352: 353:
354: final public function isInRole($role)
355: {
356: return in_array($role, $this->getRoles(), TRUE);
357: }
358:
359:
360:
361: 362: 363: 364: 365: 366: 367:
368: public function isAllowed($resource = IAuthorizator::ALL, $privilege = IAuthorizator::ALL)
369: {
370: $authorizator = $this->context->authorizator;
371: foreach ($this->getRoles() as $role) {
372: if ($authorizator->isAllowed($role, $resource, $privilege)) {
373: return TRUE;
374: }
375: }
376:
377: return FALSE;
378: }
379:
380:
381:
382: 383: 384: 385: 386:
387: public function setAuthorizator(IAuthorizator $handler)
388: {
389: $this->context->removeService('authorizator');
390: $this->context->authorizator = $handler;
391: return $this;
392: }
393:
394:
395:
396: 397: 398: 399:
400: final public function getAuthorizator()
401: {
402: return $this->context->authorizator;
403: }
404:
405:
406:
407:
408:
409:
410: function setAuthenticationHandler($v)
411: {
412: trigger_error(__METHOD__ . '() is deprecated; use setAuthenticator() instead.', E_USER_WARNING);
413: return $this->setAuthenticator($v);
414: }
415:
416:
417: function setAuthorizationHandler($v)
418: {
419: trigger_error(__METHOD__ . '() is deprecated; use setAuthorizator() instead.', E_USER_WARNING);
420: return $this->setAuthorizator($v);
421: }
422:
423: }
424: