diff options
Diffstat (limited to 'framework/Security')
-rw-r--r-- | framework/Security/IUserManager.php | 1 | ||||
-rw-r--r-- | framework/Security/TAuthManager.php | 61 | ||||
-rw-r--r-- | framework/Security/TAuthorizationRule.php | 1 | ||||
-rw-r--r-- | framework/Security/TDbUserManager.php | 1 | ||||
-rw-r--r-- | framework/Security/TSecurityManager.php | 1 | ||||
-rw-r--r-- | framework/Security/TUser.php | 1 | ||||
-rw-r--r-- | framework/Security/TUserManager.php | 2 |
7 files changed, 58 insertions, 10 deletions
diff --git a/framework/Security/IUserManager.php b/framework/Security/IUserManager.php index d8907160..37cf632f 100644 --- a/framework/Security/IUserManager.php +++ b/framework/Security/IUserManager.php @@ -56,4 +56,3 @@ interface IUserManager public function validateUser($username,$password);
}
-?> diff --git a/framework/Security/TAuthManager.php b/framework/Security/TAuthManager.php index 64422845..40d94e19 100644 --- a/framework/Security/TAuthManager.php +++ b/framework/Security/TAuthManager.php @@ -4,7 +4,7 @@ *
* @author Qiang Xue <qiang.xue@gmail.com>
* @link http://www.pradosoft.com/
- * @copyright Copyright © 2005-2008 PradoSoft + * @copyright Copyright © 2005-2008 PradoSoft
* @license http://www.pradosoft.com/license/
* @version $Id$
* @package System.Security
@@ -25,6 +25,13 @@ Prado::using('System.Security.IUserManager'); * browser to a login page that is specified via the {@link setLoginPage LoginPage}.
* To login or logout a user, call {@link login} or {@link logout}, respectively.
*
+ * The {@link setAuthExpire AuthExpire} property can be used to define the time
+ * in seconds after which the authentication should expire.
+ * {@link setAllowAutoLogin AllowAutoLogin} specifies if the login information
+ * should be stored in a cookie to perform automatic login. Enabling this
+ * feature will cause that {@link setAuthExpire AuthExpire} has no effect
+ * since the user will be logged in again on authentication expiration.
+ *
* To load TAuthManager, configure it in application configuration as follows,
* <module id="auth" class="System.Security.TAuthManager" UserManager="users" LoginPage="login" />
* <module id="users" class="System.Security.TUserManager" />
@@ -68,6 +75,10 @@ class TAuthManager extends TModule * @var string variable name used to store user session or cookie
*/
private $_userKey;
+ /**
+ * @var integer authentication expiration time in seconds. Defaults to zero (no expiration)
+ */
+ private $_authExpire=0;
/**
* Initializes this module.
@@ -242,6 +253,24 @@ class TAuthManager extends TModule }
/**
+ * @return integer authentication expiration time in seconds. Defaults to zero (no expiration).
+ * @since 3.1.3
+ */
+ public function getAuthExpire()
+ {
+ return $this->_authExpire;
+ }
+
+ /**
+ * @param integer authentication expiration time in seconds. Defaults to zero (no expiration).
+ * @since 3.1.3
+ */
+ public function setAuthExpire($value)
+ {
+ $this->_authExpire=TPropertyValue::ensureInteger($value);
+ }
+
+ /**
* Performs the real authentication work.
* An OnAuthenticate event will be raised if there is any handler attached to it.
* If the application already has a non-null user, it will return without further authentication.
@@ -260,8 +289,12 @@ class TAuthManager extends TModule $sessionInfo=$session->itemAt($this->getUserKey());
$user=$this->_userManager->getUser(null)->loadFromString($sessionInfo);
+ // check for authentication expiration
+ $isAuthExpired = $this->_authExpire>0 && !$user->getIsGuest() &&
+ ($expiretime=$session->itemAt('AuthExpireTime')) && $expiretime<time();
+
// try authenticating through cookie if possible
- if($this->getAllowAutoLogin() && $user->getIsGuest())
+ if($this->getAllowAutoLogin() && ($user->getIsGuest() || $isAuthExpired))
{
$cookie=$this->getRequest()->getCookies()->itemAt($this->getUserKey());
if($cookie instanceof THttpCookie)
@@ -270,17 +303,37 @@ class TAuthManager extends TModule {
$user=$user2;
$this->updateSessionUser($user);
+ // user is restored from cookie, auth may not expire
+ $isAuthExpired = false;
}
}
}
$application->setUser($user);
+ // handle authentication expiration or update expiration time
+ if($isAuthExpired)
+ $this->onAuthExpire($param);
+ else
+ $session->add('AuthExpireTime', time() + $this->_authExpire);
+
// event handler gets a chance to do further auth work
if($this->hasEventHandler('OnAuthenticate'))
$this->raiseEvent('OnAuthenticate',$this,$application);
}
-
+
+ /**
+ * Performs user logout on authentication expiration.
+ * An 'OnAuthExpire' event will be raised if there is any handler attached to it.
+ * @param mixed parameter to be passed to OnAuthExpire event.
+ */
+ public function onAuthExpire($param)
+ {
+ $this->logout();
+ if($this->hasEventHandler('OnAuthExpire'))
+ $this->raiseEvent('OnAuthExpire',$this,$param);
+ }
+
/**
* Performs the real authorization work.
* Authorization rules obtained from the application will be used to check
@@ -401,4 +454,4 @@ class TAuthManager extends TModule }
}
-?> +?>
diff --git a/framework/Security/TAuthorizationRule.php b/framework/Security/TAuthorizationRule.php index d301737b..896ce376 100644 --- a/framework/Security/TAuthorizationRule.php +++ b/framework/Security/TAuthorizationRule.php @@ -294,4 +294,3 @@ class TAuthorizationRuleCollection extends TList }
}
-?> diff --git a/framework/Security/TDbUserManager.php b/framework/Security/TDbUserManager.php index bd70de8d..873d43f8 100644 --- a/framework/Security/TDbUserManager.php +++ b/framework/Security/TDbUserManager.php @@ -318,4 +318,3 @@ abstract class TDbUser extends TUser }
}
-?> diff --git a/framework/Security/TSecurityManager.php b/framework/Security/TSecurityManager.php index 9fbadd10..d43c9fec 100644 --- a/framework/Security/TSecurityManager.php +++ b/framework/Security/TSecurityManager.php @@ -279,4 +279,3 @@ class TSecurityManagerValidationMode extends TEnumerable const SHA1='SHA1';
}
-?> diff --git a/framework/Security/TUser.php b/framework/Security/TUser.php index d0e850cf..35e3e3a5 100644 --- a/framework/Security/TUser.php +++ b/framework/Security/TUser.php @@ -220,4 +220,3 @@ class TUser extends TComponent implements IUser }
}
-?> diff --git a/framework/Security/TUserManager.php b/framework/Security/TUserManager.php index 6326803d..dbaa5ffb 100644 --- a/framework/Security/TUserManager.php +++ b/framework/Security/TUserManager.php @@ -148,7 +148,7 @@ class TUserManager extends TModule implements IUserManager * Loads user/role information from an XML node.
* @param TXmlElement the XML node containing the user information
*/
- private function loadUserDataFromXml($xmlNode)
+ protected function loadUserDataFromXml($xmlNode)
{
foreach($xmlNode->getElementsByTagName('user') as $node)
{
|