| [ Index ] |
|
Code source de PRADO 3.0.6 |
1 <?php 2 /** 3 * TAuthManager class file 4 * 5 * @author Qiang Xue <qiang.xue@gmail.com> 6 * @link http://www.pradosoft.com/ 7 * @copyright Copyright © 2005 PradoSoft 8 * @license http://www.pradosoft.com/license/ 9 * @version $Id: TAuthManager.php 1397 2006-09-07 07:55:53Z wei $ 10 * @package System.Security 11 */ 12 13 /** 14 * Using IUserManager interface 15 */ 16 Prado::using('System.Security.IUserManager'); 17 18 /** 19 * TAuthManager class 20 * 21 * TAuthManager performs user authentication and authorization for a Prado application. 22 * TAuthManager works together with a {@link IUserManager} module that can be 23 * specified via the {@link setUserManager UserManager} property. 24 * If an authorization fails, TAuthManager will try to redirect the client 25 * browser to a login page that is specified via the {@link setLoginPage LoginPage}. 26 * To login or logout a user, call {@link login} or {@link logout}, respectively. 27 * 28 * To load TAuthManager, configure it in application configuration as follows, 29 * <module id="auth" class="System.Security.TAuthManager" UserManager="users" LoginPage="login" /> 30 * <module id="users" class="System.Security.TUserManager" /> 31 * 32 * @author Qiang Xue <qiang.xue@gmail.com> 33 * @version $Id: TAuthManager.php 1397 2006-09-07 07:55:53Z wei $ 34 * @package System.Security 35 * @since 3.0 36 */ 37 class TAuthManager extends TModule 38 { 39 /** 40 * GET variable name for return url 41 */ 42 const RETURN_URL_VAR='ReturnUrl'; 43 /** 44 * @var boolean if the module has been initialized 45 */ 46 private $_initialized=false; 47 /** 48 * @var IUserManager user manager instance 49 */ 50 private $_userManager=null; 51 /** 52 * @var string login page 53 */ 54 private $_loginPage=null; 55 /** 56 * @var boolean whether authorization should be skipped 57 */ 58 private $_skipAuthorization=false; 59 60 /** 61 * Initializes this module. 62 * This method is required by the IModule interface. 63 * @param TXmlElement configuration for this module, can be null 64 * @throws TConfigurationException if user manager does not exist or is not IUserManager 65 */ 66 public function init($config) 67 { 68 if($this->_userManager===null) 69 throw new TConfigurationException('authmanager_usermanager_required'); 70 $application=$this->getApplication(); 71 if(is_string($this->_userManager)) 72 { 73 if(($users=$application->getModule($this->_userManager))===null) 74 throw new TConfigurationException('authmanager_usermanager_inexistent',$this->_userManager); 75 if(!($users instanceof IUserManager)) 76 throw new TConfigurationException('authmanager_usermanager_invalid',$this->_userManager); 77 $this->_userManager=$users; 78 } 79 $application->attachEventHandler('OnAuthentication',array($this,'doAuthentication')); 80 $application->attachEventHandler('OnEndRequest',array($this,'leave')); 81 $application->attachEventHandler('OnAuthorization',array($this,'doAuthorization')); 82 $this->_initialized=true; 83 } 84 85 /** 86 * @return IUserManager user manager instance 87 */ 88 public function getUserManager() 89 { 90 return $this->_userManager; 91 } 92 93 /** 94 * @param string|IUserManager the user manager module ID or the user mananger object 95 * @throws TInvalidOperationException if the module has been initialized or the user manager object is not IUserManager 96 */ 97 public function setUserManager($provider) 98 { 99 if($this->_initialized) 100 throw new TInvalidOperationException('authmanager_usermanager_unchangeable'); 101 if(!is_string($provider) && !($provider instanceof IUserManager)) 102 throw new TConfigurationException('authmanager_usermanager_invalid',$this->_userManager); 103 $this->_userManager=$provider; 104 } 105 106 /** 107 * @return string path of login page should login is required 108 */ 109 public function getLoginPage() 110 { 111 return $this->_loginPage; 112 } 113 114 /** 115 * Sets the login page that the client browser will be redirected to if login is needed. 116 * Login page should be specified in the format of page path. 117 * @param string path of login page should login is required 118 * @see TPageService 119 */ 120 public function setLoginPage($pagePath) 121 { 122 $this->_loginPage=$pagePath; 123 } 124 125 /** 126 * Performs authentication. 127 * This is the event handler attached to application's Authentication event. 128 * Do not call this method directly. 129 * @param mixed sender of the Authentication event 130 * @param mixed event parameter 131 */ 132 public function doAuthentication($sender,$param) 133 { 134 $this->onAuthenticate($param); 135 136 $service=$this->getService(); 137 if(($service instanceof TPageService) && $service->getRequestedPagePath()===$this->getLoginPage()) 138 $this->_skipAuthorization=true; 139 } 140 141 /** 142 * Performs authorization. 143 * This is the event handler attached to application's Authorization event. 144 * Do not call this method directly. 145 * @param mixed sender of the Authorization event 146 * @param mixed event parameter 147 */ 148 public function doAuthorization($sender,$param) 149 { 150 if(!$this->_skipAuthorization) 151 { 152 $this->onAuthorize($param); 153 } 154 } 155 156 /** 157 * Performs login redirect if authorization fails. 158 * This is the event handler attached to application's EndRequest event. 159 * Do not call this method directly. 160 * @param mixed sender of the event 161 * @param mixed event parameter 162 */ 163 public function leave($sender,$param) 164 { 165 $application=$this->getApplication(); 166 if($application->getResponse()->getStatusCode()===401) 167 { 168 $service=$application->getService(); 169 if($service instanceof TPageService) 170 { 171 $returnUrl=$application->getRequest()->getRequestUri(); 172 $application->getSession()->add(self::RETURN_URL_VAR,$returnUrl); 173 $url=$service->constructUrl($this->getLoginPage()); 174 $application->getResponse()->redirect($url); 175 } 176 } 177 } 178 179 /** 180 * @return string URL that the browser should be redirected to when login succeeds. 181 */ 182 public function getReturnUrl() 183 { 184 return $this->getSession()->itemAt(self::RETURN_URL_VAR); 185 } 186 187 /** 188 * Performs the real authentication work. 189 * An OnAuthenticate event will be raised if there is any handler attached to it. 190 * If the application already has a non-null user, it will return without further authentication. 191 * Otherwise, user information will be restored from session data. 192 * @param mixed parameter to be passed to OnAuthenticate event 193 * @throws TConfigurationException if session module does not exist. 194 */ 195 public function onAuthenticate($param) 196 { 197 $application=$this->getApplication(); 198 199 if(($session=$application->getSession())===null) 200 throw new TConfigurationException('authmanager_session_required'); 201 $session->open(); 202 $sessionInfo=$session->itemAt($this->generateUserSessionKey()); 203 $user=$this->_userManager->getUser(null)->loadFromString($sessionInfo); 204 $application->setUser($user); 205 206 // event handler gets a chance to do further auth work 207 if($this->hasEventHandler('OnAuthenticate')) 208 $this->raiseEvent('OnAuthenticate',$this,$application); 209 } 210 211 /** 212 * Performs the real authorization work. 213 * Authorization rules obtained from the application will be used to check 214 * if a user is allowed. If authorization fails, the response status code 215 * will be set as 401 and the application terminates. 216 * @param mixed parameter to be passed to OnAuthorize event 217 */ 218 public function onAuthorize($param) 219 { 220 $application=$this->getApplication(); 221 if($this->hasEventHandler('OnAuthorize')) 222 $this->raiseEvent('OnAuthorize',$this,$application); 223 if(!$application->getAuthorizationRules()->isUserAllowed($application->getUser(),$application->getRequest()->getRequestType())) 224 { 225 $application->getResponse()->setStatusCode(401); 226 $application->completeRequest(); 227 } 228 } 229 230 /** 231 * @return string a key used to store user information in session 232 */ 233 protected function generateUserSessionKey() 234 { 235 return md5($this->getApplication()->getUniqueID().'prado:user'); 236 } 237 238 /** 239 * Updates the user data stored in session. 240 * @param IUser user object 241 * @throws new TConfigurationException if session module is not loaded. 242 */ 243 public function updateSessionUser($user) 244 { 245 if(!$user->getIsGuest()) 246 { 247 if(($session=$this->getSession())===null) 248 throw new TConfigurationException('authmanager_session_required'); 249 else 250 $session->add($this->generateUserSessionKey(),$user->saveToString()); 251 } 252 } 253 254 /** 255 * Logs in a user with username and password. 256 * The username and password will be used to validate if login is successful. 257 * If yes, a user object will be created for the application. 258 * @param string username 259 * @param string password 260 * @return boolean if login is successful 261 */ 262 public function login($username,$password) 263 { 264 if($this->_userManager->validateUser($username,$password)) 265 { 266 $user=$this->_userManager->getUser($username); 267 $this->updateSessionUser($user); 268 $this->getApplication()->setUser($user); 269 return true; 270 } 271 else 272 return false; 273 } 274 275 /** 276 * Logs out a user. 277 * User session will be destroyed after this method is called. 278 * @throws TConfigurationException if session module is not loaded. 279 */ 280 public function logout() 281 { 282 if(($session=$this->getSession())===null) 283 throw new TConfigurationException('authmanager_session_required'); 284 else 285 { 286 $this->getUser()->setIsGuest(true); 287 $session->destroy(); 288 } 289 } 290 } 291 292 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Feb 25 21:07:04 2007 | par Balluche grâce à PHPXref 0.7 |