One class per file: framework/Security

8 files changed, 250 insertions, 213 deletions

diff --git a/framework/Security/TAuthorizationRule.php b/framework/Security/TAuthorizationRule.php
index aa9bed90..6da784c7 100644
--- a/framework/Security/TAuthorizationRule.php
+++ b/framework/Security/TAuthorizationRule.php
@@ -238,56 +238,4 @@ class TAuthorizationRule extends TComponent
 	{
 		return ($this->_verb==='*' || strcasecmp($verb,$this->_verb)===0);
 	}
-}
-
-
-/**
- * TAuthorizationRuleCollection class.
- * TAuthorizationRuleCollection represents a collection of authorization rules {@link TAuthorizationRule}.
- * To check if a user is allowed, call {@link isUserAllowed}.
- *
- * @author Qiang Xue <qiang.xue@gmail.com>
- * @package System.Security
- * @since 3.0
- */
-class TAuthorizationRuleCollection extends TList
-{
-	/**
-	 * @param IUser the user to be authorized
-	 * @param string verb, can be empty, 'post' or 'get'.
-	 * @param string the request IP address
-	 * @return boolean whether the user is allowed
-	 */
-	public function isUserAllowed($user,$verb,$ip)
-	{
-		if($user instanceof IUser)
-		{
-			$verb=strtolower(trim($verb));
-			foreach($this as $rule)
-			{
-				if(($decision=$rule->isUserAllowed($user,$verb,$ip))!==0)
-					return ($decision>0);
-			}
-			return true;
-		}
-		else
-			return false;
-	}
-
-	/**
-	 * Inserts an item at the specified position.
-	 * This overrides the parent implementation by performing additional
-	 * operations for each newly added TAuthorizationRule object.
-	 * @param integer the specified position.
-	 * @param mixed new item
-	 * @throws TInvalidDataTypeException if the item to be inserted is not a TAuthorizationRule object.
-	 */
-	public function insertAt($index,$item)
-	{
-		if($item instanceof TAuthorizationRule)
-			parent::insertAt($index,$item);
-		else
-			throw new TInvalidDataTypeException('authorizationrulecollection_authorizationrule_required');
-	}
-}
-
+}
\ No newline at end of file
diff --git a/framework/Security/TAuthorizationRuleCollection.php b/framework/Security/TAuthorizationRuleCollection.php
new file mode 100644
index 00000000..d83cb567
--- /dev/null
+++ b/framework/Security/TAuthorizationRuleCollection.php
@@ -0,0 +1,61 @@
+<?php
+/**
+ * TAuthorizationRule, TAuthorizationRuleCollection class file
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright &copy; 2005-2014 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ * @package System.Security
+ */
+
+
+/**
+ * TAuthorizationRuleCollection class.
+ * TAuthorizationRuleCollection represents a collection of authorization rules {@link TAuthorizationRule}.
+ * To check if a user is allowed, call {@link isUserAllowed}.
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @package System.Security
+ * @since 3.0
+ */
+class TAuthorizationRuleCollection extends TList
+{
+	/**
+	 * @param IUser the user to be authorized
+	 * @param string verb, can be empty, 'post' or 'get'.
+	 * @param string the request IP address
+	 * @return boolean whether the user is allowed
+	 */
+	public function isUserAllowed($user,$verb,$ip)
+	{
+		if($user instanceof IUser)
+		{
+			$verb=strtolower(trim($verb));
+			foreach($this as $rule)
+			{
+				if(($decision=$rule->isUserAllowed($user,$verb,$ip))!==0)
+					return ($decision>0);
+			}
+			return true;
+		}
+		else
+			return false;
+	}
+
+	/**
+	 * Inserts an item at the specified position.
+	 * This overrides the parent implementation by performing additional
+	 * operations for each newly added TAuthorizationRule object.
+	 * @param integer the specified position.
+	 * @param mixed new item
+	 * @throws TInvalidDataTypeException if the item to be inserted is not a TAuthorizationRule object.
+	 */
+	public function insertAt($index,$item)
+	{
+		if($item instanceof TAuthorizationRule)
+			parent::insertAt($index,$item);
+		else
+			throw new TInvalidDataTypeException('authorizationrulecollection_authorizationrule_required');
+	}
+}
\ No newline at end of file
diff --git a/framework/Security/TDbUser.php b/framework/Security/TDbUser.php
new file mode 100644
index 00000000..0939b41c
--- /dev/null
+++ b/framework/Security/TDbUser.php
@@ -0,0 +1,121 @@
+<?php
+/**
+ * TDbUserManager class
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright &copy; 2005-2014 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ * @package System.Security
+ */
+
+
+/**
+ * TDbUser class
+ *
+ * TDbUser is the base user class for using together with {@link TDbUserManager}.
+ * Two methods are declared and must be implemented in the descendant classes:
+ * - {@link validateUser()}: validates if username and password are correct entries.
+ * - {@link createUser()}: creates a new user instance given the username
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @package System.Security
+ * @since 3.1.0
+ */
+abstract class TDbUser extends TUser
+{
+	private $_connection;
+
+	/**
+	 * Returns a database connection that may be used to retrieve data from database.
+	 *
+	 * @return TDbConnection database connection that may be used to retrieve data from database
+	 */
+	public function getDbConnection()
+	{
+		if($this->_connection===null)
+		{
+			$userManager=$this->getManager();
+			if($userManager instanceof TDbUserManager)
+			{
+				$connection=$userManager->getDbConnection();
+				if($connection instanceof TDbConnection)
+				{
+					$connection->setActive(true);
+					$this->_connection=$connection;
+				}
+			}
+			if($this->_connection===null)
+				throw new TConfigurationException('dbuser_dbconnection_invalid');
+		}
+		return $this->_connection;
+	}
+
+	/**
+	 * Validates if username and password are correct entries.
+	 * Usually, this is accomplished by checking if the user database
+	 * contains this (username, password) pair.
+	 * You may use {@link getDbConnection DbConnection} to deal with database.
+	 * @param string username (case-sensitive)
+	 * @param string password
+	 * @return boolean whether the validation succeeds
+	 */
+	abstract public function validateUser($username,$password);
+
+	/**
+	 * Creates a new user instance given the username.
+	 * This method usually needs to retrieve necessary user information
+	 * (e.g. role, name, rank, etc.) from the user database according to
+	 * the specified username. The newly created user instance should be
+	 * initialized with these information.
+	 *
+	 * If the username is invalid (not found in the user database), null
+	 * should be returned.
+	 *
+	 * You may use {@link getDbConnection DbConnection} to deal with database.
+	 *
+	 * @param string username (case-sensitive)
+	 * @return TDbUser the newly created and initialized user instance
+	 */
+	abstract public function createUser($username);
+
+	/**
+	 * Creates a new user instance given the cookie containing auth data.
+	 *
+	 * This method is invoked when {@link TAuthManager::setAllowAutoLogin AllowAutoLogin} is set true.
+	 * The default implementation simply returns null, meaning no user instance can be created
+	 * from the given cookie.
+	 *
+	 * If you want to support automatic login (remember login), you should override this method.
+	 * Typically, you obtain the username and a unique token from the cookie's value.
+	 * You then verify the token is valid and use the username to create a user instance.
+	 *
+	 * @param THttpCookie the cookie storing user authentication information
+	 * @return TDbUser the user instance generated based on the cookie auth data, null if the cookie does not have valid auth data.
+	 * @see saveUserToCookie
+	 * @since 3.1.1
+	 */
+	public function createUserFromCookie($cookie)
+	{
+		return null;
+	}
+
+	/**
+	 * Saves necessary auth data into a cookie.
+	 * This method is invoked when {@link TAuthManager::setAllowAutoLogin AllowAutoLogin} is set true.
+	 * The default implementation does nothing, meaning auth data is not stored in the cookie
+	 * (and thus automatic login is not supported.)
+	 *
+	 * If you want to support automatic login (remember login), you should override this method.
+	 * Typically, you generate a unique token according to the current login information
+	 * and save it together with the username in the cookie's value.
+	 * You should avoid revealing the password in the generated token.
+	 *
+	 * @param THttpCookie the cookie to store the user auth information
+	 * @see createUserFromCookie
+	 * @since 3.1.1
+	 */
+	public function saveUserToCookie($cookie)
+	{
+	}
+}
\ No newline at end of file
diff --git a/framework/Security/TDbUserManager.php b/framework/Security/TDbUserManager.php
index 0832dfe5..88910b9a 100644
--- a/framework/Security/TDbUserManager.php
+++ b/framework/Security/TDbUserManager.php
@@ -202,116 +202,4 @@ class TDbUserManager extends TModule implements IUserManager
 		if($user instanceof TDbUser)
 			$user->saveUserToCookie($cookie);
 	}
-}
-
-
-/**
- * TDbUser class
- *
- * TDbUser is the base user class for using together with {@link TDbUserManager}.
- * Two methods are declared and must be implemented in the descendant classes:
- * - {@link validateUser()}: validates if username and password are correct entries.
- * - {@link createUser()}: creates a new user instance given the username
- *
- * @author Qiang Xue <qiang.xue@gmail.com>
- * @package System.Security
- * @since 3.1.0
- */
-abstract class TDbUser extends TUser
-{
-	private $_connection;
-
-	/**
-	 * Returns a database connection that may be used to retrieve data from database.
-	 *
-	 * @return TDbConnection database connection that may be used to retrieve data from database
-	 */
-	public function getDbConnection()
-	{
-		if($this->_connection===null)
-		{
-			$userManager=$this->getManager();
-			if($userManager instanceof TDbUserManager)
-			{
-				$connection=$userManager->getDbConnection();
-				if($connection instanceof TDbConnection)
-				{
-					$connection->setActive(true);
-					$this->_connection=$connection;
-				}
-			}
-			if($this->_connection===null)
-				throw new TConfigurationException('dbuser_dbconnection_invalid');
-		}
-		return $this->_connection;
-	}
-
-	/**
-	 * Validates if username and password are correct entries.
-	 * Usually, this is accomplished by checking if the user database
-	 * contains this (username, password) pair.
-	 * You may use {@link getDbConnection DbConnection} to deal with database.
-	 * @param string username (case-sensitive)
-	 * @param string password
-	 * @return boolean whether the validation succeeds
-	 */
-	abstract public function validateUser($username,$password);
-
-	/**
-	 * Creates a new user instance given the username.
-	 * This method usually needs to retrieve necessary user information
-	 * (e.g. role, name, rank, etc.) from the user database according to
-	 * the specified username. The newly created user instance should be
-	 * initialized with these information.
-	 *
-	 * If the username is invalid (not found in the user database), null
-	 * should be returned.
-	 *
-	 * You may use {@link getDbConnection DbConnection} to deal with database.
-	 *
-	 * @param string username (case-sensitive)
-	 * @return TDbUser the newly created and initialized user instance
-	 */
-	abstract public function createUser($username);
-
-	/**
-	 * Creates a new user instance given the cookie containing auth data.
-	 *
-	 * This method is invoked when {@link TAuthManager::setAllowAutoLogin AllowAutoLogin} is set true.
-	 * The default implementation simply returns null, meaning no user instance can be created
-	 * from the given cookie.
-	 *
-	 * If you want to support automatic login (remember login), you should override this method.
-	 * Typically, you obtain the username and a unique token from the cookie's value.
-	 * You then verify the token is valid and use the username to create a user instance.
-	 *
-	 * @param THttpCookie the cookie storing user authentication information
-	 * @return TDbUser the user instance generated based on the cookie auth data, null if the cookie does not have valid auth data.
-	 * @see saveUserToCookie
-	 * @since 3.1.1
-	 */
-	public function createUserFromCookie($cookie)
-	{
-		return null;
-	}
-
-	/**
-	 * Saves necessary auth data into a cookie.
-	 * This method is invoked when {@link TAuthManager::setAllowAutoLogin AllowAutoLogin} is set true.
-	 * The default implementation does nothing, meaning auth data is not stored in the cookie
-	 * (and thus automatic login is not supported.)
-	 *
-	 * If you want to support automatic login (remember login), you should override this method.
-	 * Typically, you generate a unique token according to the current login information
-	 * and save it together with the username in the cookie's value.
-	 * You should avoid revealing the password in the generated token.
-	 *
-	 * @param THttpCookie the cookie to store the user auth information
-	 * @see createUserFromCookie
-	 * @since 3.1.1
-	 */
-	public function saveUserToCookie($cookie)
-	{
-	}
-}
-
+}
\ No newline at end of file
diff --git a/framework/Security/TSecurityManager.php b/framework/Security/TSecurityManager.php
index bdb85564..2f9ef464 100644
--- a/framework/Security/TSecurityManager.php
+++ b/framework/Security/TSecurityManager.php
@@ -1,5 +1,4 @@
 <?php
-
 /**
  * TSecurityManager class file
  *
@@ -10,6 +9,7 @@
  * @package System.Security
  */
 
+
 /**
  * TSecurityManager class
  *
@@ -337,26 +337,4 @@ class TSecurityManager extends TModule
 	{
 		return $this->_mbstring ? mb_substr($string,$start,$length,'8bit') : substr($string,$start,$length);
 	}
-}
-
-/**
- * TSecurityManagerValidationMode class.
- *
- * This class has been deprecated since version 3.2.1.
- *
- * TSecurityManagerValidationMode defines the enumerable type for the possible validation modes
- * that can be used by {@link TSecurityManager}.
- *
- * The following enumerable values are defined:
- * - MD5: an MD5 hash is generated from the data and used for validation.
- * - SHA1: an SHA1 hash is generated from the data and used for validation.
- *
- * @author Qiang Xue <qiang.xue@gmail.com>
- * @package System.Security
- * @since 3.0.4
- */
-class TSecurityManagerValidationMode extends TEnumerable
-{
-	const MD5 = 'MD5';
-	const SHA1 = 'SHA1';
-}
+}
\ No newline at end of file
diff --git a/framework/Security/TSecurityManagerValidationMode.php b/framework/Security/TSecurityManagerValidationMode.php
new file mode 100644
index 00000000..fe1086b5
--- /dev/null
+++ b/framework/Security/TSecurityManagerValidationMode.php
@@ -0,0 +1,32 @@
+<?php
+/**
+ * TSecurityManager class file
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright &copy; 2005-2014 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ * @package System.Security
+ */
+
+/**
+ * TSecurityManagerValidationMode class.
+ *
+ * This class has been deprecated since version 3.2.1.
+ *
+ * TSecurityManagerValidationMode defines the enumerable type for the possible validation modes
+ * that can be used by {@link TSecurityManager}.
+ *
+ * The following enumerable values are defined:
+ * - MD5: an MD5 hash is generated from the data and used for validation.
+ * - SHA1: an SHA1 hash is generated from the data and used for validation.
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @package System.Security
+ * @since 3.0.4
+ */
+class TSecurityManagerValidationMode extends TEnumerable
+{
+	const MD5 = 'MD5';
+	const SHA1 = 'SHA1';
+}
\ No newline at end of file
diff --git a/framework/Security/TUserManager.php b/framework/Security/TUserManager.php
index 4ad67a15..f3cce876 100644
--- a/framework/Security/TUserManager.php
+++ b/framework/Security/TUserManager.php
@@ -374,26 +374,4 @@ class TUserManager extends TModule implements IUserManager
 	{
 		$user->setIsGuest(true);
 	}
-}
-
-/**
- * TUserManagerPasswordMode class.
- * TUserManagerPasswordMode defines the enumerable type for the possible modes
- * that user passwords can be specified for a {@link TUserManager}.
- *
- * The following enumerable values are defined:
- * - Clear: the password is in plain text
- * - MD5: the password is recorded as the MD5 hash value of the original password
- * - SHA1: the password is recorded as the SHA1 hash value of the original password
- *
- * @author Qiang Xue <qiang.xue@gmail.com>
- * @package System.Security
- * @since 3.0.4
- */
-class TUserManagerPasswordMode extends TEnumerable
-{
-	const Clear='Clear';
-	const MD5='MD5';
-	const SHA1='SHA1';
-}
-
+}
\ No newline at end of file
diff --git a/framework/Security/TUserManagerPasswordMode.php b/framework/Security/TUserManagerPasswordMode.php
new file mode 100644
index 00000000..8737fb53
--- /dev/null
+++ b/framework/Security/TUserManagerPasswordMode.php
@@ -0,0 +1,31 @@
+<?php
+/**
+ * TUserManager class
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright &copy; 2005-2014 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ * @package System.Security
+ */
+
+/**
+ * TUserManagerPasswordMode class.
+ * TUserManagerPasswordMode defines the enumerable type for the possible modes
+ * that user passwords can be specified for a {@link TUserManager}.
+ *
+ * The following enumerable values are defined:
+ * - Clear: the password is in plain text
+ * - MD5: the password is recorded as the MD5 hash value of the original password
+ * - SHA1: the password is recorded as the SHA1 hash value of the original password
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @package System.Security
+ * @since 3.0.4
+ */
+class TUserManagerPasswordMode extends TEnumerable
+{
+	const Clear='Clear';
+	const MD5='MD5';
+	const SHA1='SHA1';
+}
\ No newline at end of file