summaryrefslogtreecommitdiff
path: root/framework/Security
diff options
context:
space:
mode:
Diffstat (limited to 'framework/Security')
-rw-r--r--framework/Security/TAuthorizationRule.php54
-rw-r--r--framework/Security/TAuthorizationRuleCollection.php61
-rw-r--r--framework/Security/TDbUser.php121
-rw-r--r--framework/Security/TDbUserManager.php114
-rw-r--r--framework/Security/TSecurityManager.php26
-rw-r--r--framework/Security/TSecurityManagerValidationMode.php32
-rw-r--r--framework/Security/TUserManager.php24
-rw-r--r--framework/Security/TUserManagerPasswordMode.php31
8 files changed, 250 insertions, 213 deletions
diff --git a/framework/Security/TAuthorizationRule.php b/framework/Security/TAuthorizationRule.php
index aa9bed90..6da784c7 100644
--- a/framework/Security/TAuthorizationRule.php
+++ b/framework/Security/TAuthorizationRule.php
@@ -238,56 +238,4 @@ class TAuthorizationRule extends TComponent
{
return ($this->_verb==='*' || strcasecmp($verb,$this->_verb)===0);
}
-}
-
-
-/**
- * TAuthorizationRuleCollection class.
- * TAuthorizationRuleCollection represents a collection of authorization rules {@link TAuthorizationRule}.
- * To check if a user is allowed, call {@link isUserAllowed}.
- *
- * @author Qiang Xue <qiang.xue@gmail.com>
- * @package System.Security
- * @since 3.0
- */
-class TAuthorizationRuleCollection extends TList
-{
- /**
- * @param IUser the user to be authorized
- * @param string verb, can be empty, 'post' or 'get'.
- * @param string the request IP address
- * @return boolean whether the user is allowed
- */
- public function isUserAllowed($user,$verb,$ip)
- {
- if($user instanceof IUser)
- {
- $verb=strtolower(trim($verb));
- foreach($this as $rule)
- {
- if(($decision=$rule->isUserAllowed($user,$verb,$ip))!==0)
- return ($decision>0);
- }
- return true;
- }
- else
- return false;
- }
-
- /**
- * Inserts an item at the specified position.
- * This overrides the parent implementation by performing additional
- * operations for each newly added TAuthorizationRule object.
- * @param integer the specified position.
- * @param mixed new item
- * @throws TInvalidDataTypeException if the item to be inserted is not a TAuthorizationRule object.
- */
- public function insertAt($index,$item)
- {
- if($item instanceof TAuthorizationRule)
- parent::insertAt($index,$item);
- else
- throw new TInvalidDataTypeException('authorizationrulecollection_authorizationrule_required');
- }
-}
-
+} \ No newline at end of file
diff --git a/framework/Security/TAuthorizationRuleCollection.php b/framework/Security/TAuthorizationRuleCollection.php
new file mode 100644
index 00000000..d83cb567
--- /dev/null
+++ b/framework/Security/TAuthorizationRuleCollection.php
@@ -0,0 +1,61 @@
+<?php
+/**
+ * TAuthorizationRule, TAuthorizationRuleCollection class file
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright &copy; 2005-2014 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ * @package System.Security
+ */
+
+
+/**
+ * TAuthorizationRuleCollection class.
+ * TAuthorizationRuleCollection represents a collection of authorization rules {@link TAuthorizationRule}.
+ * To check if a user is allowed, call {@link isUserAllowed}.
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @package System.Security
+ * @since 3.0
+ */
+class TAuthorizationRuleCollection extends TList
+{
+ /**
+ * @param IUser the user to be authorized
+ * @param string verb, can be empty, 'post' or 'get'.
+ * @param string the request IP address
+ * @return boolean whether the user is allowed
+ */
+ public function isUserAllowed($user,$verb,$ip)
+ {
+ if($user instanceof IUser)
+ {
+ $verb=strtolower(trim($verb));
+ foreach($this as $rule)
+ {
+ if(($decision=$rule->isUserAllowed($user,$verb,$ip))!==0)
+ return ($decision>0);
+ }
+ return true;
+ }
+ else
+ return false;
+ }
+
+ /**
+ * Inserts an item at the specified position.
+ * This overrides the parent implementation by performing additional
+ * operations for each newly added TAuthorizationRule object.
+ * @param integer the specified position.
+ * @param mixed new item
+ * @throws TInvalidDataTypeException if the item to be inserted is not a TAuthorizationRule object.
+ */
+ public function insertAt($index,$item)
+ {
+ if($item instanceof TAuthorizationRule)
+ parent::insertAt($index,$item);
+ else
+ throw new TInvalidDataTypeException('authorizationrulecollection_authorizationrule_required');
+ }
+} \ No newline at end of file
diff --git a/framework/Security/TDbUser.php b/framework/Security/TDbUser.php
new file mode 100644
index 00000000..0939b41c
--- /dev/null
+++ b/framework/Security/TDbUser.php
@@ -0,0 +1,121 @@
+<?php
+/**
+ * TDbUserManager class
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright &copy; 2005-2014 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ * @package System.Security
+ */
+
+
+/**
+ * TDbUser class
+ *
+ * TDbUser is the base user class for using together with {@link TDbUserManager}.
+ * Two methods are declared and must be implemented in the descendant classes:
+ * - {@link validateUser()}: validates if username and password are correct entries.
+ * - {@link createUser()}: creates a new user instance given the username
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @package System.Security
+ * @since 3.1.0
+ */
+abstract class TDbUser extends TUser
+{
+ private $_connection;
+
+ /**
+ * Returns a database connection that may be used to retrieve data from database.
+ *
+ * @return TDbConnection database connection that may be used to retrieve data from database
+ */
+ public function getDbConnection()
+ {
+ if($this->_connection===null)
+ {
+ $userManager=$this->getManager();
+ if($userManager instanceof TDbUserManager)
+ {
+ $connection=$userManager->getDbConnection();
+ if($connection instanceof TDbConnection)
+ {
+ $connection->setActive(true);
+ $this->_connection=$connection;
+ }
+ }
+ if($this->_connection===null)
+ throw new TConfigurationException('dbuser_dbconnection_invalid');
+ }
+ return $this->_connection;
+ }
+
+ /**
+ * Validates if username and password are correct entries.
+ * Usually, this is accomplished by checking if the user database
+ * contains this (username, password) pair.
+ * You may use {@link getDbConnection DbConnection} to deal with database.
+ * @param string username (case-sensitive)
+ * @param string password
+ * @return boolean whether the validation succeeds
+ */
+ abstract public function validateUser($username,$password);
+
+ /**
+ * Creates a new user instance given the username.
+ * This method usually needs to retrieve necessary user information
+ * (e.g. role, name, rank, etc.) from the user database according to
+ * the specified username. The newly created user instance should be
+ * initialized with these information.
+ *
+ * If the username is invalid (not found in the user database), null
+ * should be returned.
+ *
+ * You may use {@link getDbConnection DbConnection} to deal with database.
+ *
+ * @param string username (case-sensitive)
+ * @return TDbUser the newly created and initialized user instance
+ */
+ abstract public function createUser($username);
+
+ /**
+ * Creates a new user instance given the cookie containing auth data.
+ *
+ * This method is invoked when {@link TAuthManager::setAllowAutoLogin AllowAutoLogin} is set true.
+ * The default implementation simply returns null, meaning no user instance can be created
+ * from the given cookie.
+ *
+ * If you want to support automatic login (remember login), you should override this method.
+ * Typically, you obtain the username and a unique token from the cookie's value.
+ * You then verify the token is valid and use the username to create a user instance.
+ *
+ * @param THttpCookie the cookie storing user authentication information
+ * @return TDbUser the user instance generated based on the cookie auth data, null if the cookie does not have valid auth data.
+ * @see saveUserToCookie
+ * @since 3.1.1
+ */
+ public function createUserFromCookie($cookie)
+ {
+ return null;
+ }
+
+ /**
+ * Saves necessary auth data into a cookie.
+ * This method is invoked when {@link TAuthManager::setAllowAutoLogin AllowAutoLogin} is set true.
+ * The default implementation does nothing, meaning auth data is not stored in the cookie
+ * (and thus automatic login is not supported.)
+ *
+ * If you want to support automatic login (remember login), you should override this method.
+ * Typically, you generate a unique token according to the current login information
+ * and save it together with the username in the cookie's value.
+ * You should avoid revealing the password in the generated token.
+ *
+ * @param THttpCookie the cookie to store the user auth information
+ * @see createUserFromCookie
+ * @since 3.1.1
+ */
+ public function saveUserToCookie($cookie)
+ {
+ }
+} \ No newline at end of file
diff --git a/framework/Security/TDbUserManager.php b/framework/Security/TDbUserManager.php
index 0832dfe5..88910b9a 100644
--- a/framework/Security/TDbUserManager.php
+++ b/framework/Security/TDbUserManager.php
@@ -202,116 +202,4 @@ class TDbUserManager extends TModule implements IUserManager
if($user instanceof TDbUser)
$user->saveUserToCookie($cookie);
}
-}
-
-
-/**
- * TDbUser class
- *
- * TDbUser is the base user class for using together with {@link TDbUserManager}.
- * Two methods are declared and must be implemented in the descendant classes:
- * - {@link validateUser()}: validates if username and password are correct entries.
- * - {@link createUser()}: creates a new user instance given the username
- *
- * @author Qiang Xue <qiang.xue@gmail.com>
- * @package System.Security
- * @since 3.1.0
- */
-abstract class TDbUser extends TUser
-{
- private $_connection;
-
- /**
- * Returns a database connection that may be used to retrieve data from database.
- *
- * @return TDbConnection database connection that may be used to retrieve data from database
- */
- public function getDbConnection()
- {
- if($this->_connection===null)
- {
- $userManager=$this->getManager();
- if($userManager instanceof TDbUserManager)
- {
- $connection=$userManager->getDbConnection();
- if($connection instanceof TDbConnection)
- {
- $connection->setActive(true);
- $this->_connection=$connection;
- }
- }
- if($this->_connection===null)
- throw new TConfigurationException('dbuser_dbconnection_invalid');
- }
- return $this->_connection;
- }
-
- /**
- * Validates if username and password are correct entries.
- * Usually, this is accomplished by checking if the user database
- * contains this (username, password) pair.
- * You may use {@link getDbConnection DbConnection} to deal with database.
- * @param string username (case-sensitive)
- * @param string password
- * @return boolean whether the validation succeeds
- */
- abstract public function validateUser($username,$password);
-
- /**
- * Creates a new user instance given the username.
- * This method usually needs to retrieve necessary user information
- * (e.g. role, name, rank, etc.) from the user database according to
- * the specified username. The newly created user instance should be
- * initialized with these information.
- *
- * If the username is invalid (not found in the user database), null
- * should be returned.
- *
- * You may use {@link getDbConnection DbConnection} to deal with database.
- *
- * @param string username (case-sensitive)
- * @return TDbUser the newly created and initialized user instance
- */
- abstract public function createUser($username);
-
- /**
- * Creates a new user instance given the cookie containing auth data.
- *
- * This method is invoked when {@link TAuthManager::setAllowAutoLogin AllowAutoLogin} is set true.
- * The default implementation simply returns null, meaning no user instance can be created
- * from the given cookie.
- *
- * If you want to support automatic login (remember login), you should override this method.
- * Typically, you obtain the username and a unique token from the cookie's value.
- * You then verify the token is valid and use the username to create a user instance.
- *
- * @param THttpCookie the cookie storing user authentication information
- * @return TDbUser the user instance generated based on the cookie auth data, null if the cookie does not have valid auth data.
- * @see saveUserToCookie
- * @since 3.1.1
- */
- public function createUserFromCookie($cookie)
- {
- return null;
- }
-
- /**
- * Saves necessary auth data into a cookie.
- * This method is invoked when {@link TAuthManager::setAllowAutoLogin AllowAutoLogin} is set true.
- * The default implementation does nothing, meaning auth data is not stored in the cookie
- * (and thus automatic login is not supported.)
- *
- * If you want to support automatic login (remember login), you should override this method.
- * Typically, you generate a unique token according to the current login information
- * and save it together with the username in the cookie's value.
- * You should avoid revealing the password in the generated token.
- *
- * @param THttpCookie the cookie to store the user auth information
- * @see createUserFromCookie
- * @since 3.1.1
- */
- public function saveUserToCookie($cookie)
- {
- }
-}
-
+} \ No newline at end of file
diff --git a/framework/Security/TSecurityManager.php b/framework/Security/TSecurityManager.php
index bdb85564..2f9ef464 100644
--- a/framework/Security/TSecurityManager.php
+++ b/framework/Security/TSecurityManager.php
@@ -1,5 +1,4 @@
<?php
-
/**
* TSecurityManager class file
*
@@ -10,6 +9,7 @@
* @package System.Security
*/
+
/**
* TSecurityManager class
*
@@ -337,26 +337,4 @@ class TSecurityManager extends TModule
{
return $this->_mbstring ? mb_substr($string,$start,$length,'8bit') : substr($string,$start,$length);
}
-}
-
-/**
- * TSecurityManagerValidationMode class.
- *
- * This class has been deprecated since version 3.2.1.
- *
- * TSecurityManagerValidationMode defines the enumerable type for the possible validation modes
- * that can be used by {@link TSecurityManager}.
- *
- * The following enumerable values are defined:
- * - MD5: an MD5 hash is generated from the data and used for validation.
- * - SHA1: an SHA1 hash is generated from the data and used for validation.
- *
- * @author Qiang Xue <qiang.xue@gmail.com>
- * @package System.Security
- * @since 3.0.4
- */
-class TSecurityManagerValidationMode extends TEnumerable
-{
- const MD5 = 'MD5';
- const SHA1 = 'SHA1';
-}
+} \ No newline at end of file
diff --git a/framework/Security/TSecurityManagerValidationMode.php b/framework/Security/TSecurityManagerValidationMode.php
new file mode 100644
index 00000000..fe1086b5
--- /dev/null
+++ b/framework/Security/TSecurityManagerValidationMode.php
@@ -0,0 +1,32 @@
+<?php
+/**
+ * TSecurityManager class file
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright &copy; 2005-2014 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ * @package System.Security
+ */
+
+/**
+ * TSecurityManagerValidationMode class.
+ *
+ * This class has been deprecated since version 3.2.1.
+ *
+ * TSecurityManagerValidationMode defines the enumerable type for the possible validation modes
+ * that can be used by {@link TSecurityManager}.
+ *
+ * The following enumerable values are defined:
+ * - MD5: an MD5 hash is generated from the data and used for validation.
+ * - SHA1: an SHA1 hash is generated from the data and used for validation.
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @package System.Security
+ * @since 3.0.4
+ */
+class TSecurityManagerValidationMode extends TEnumerable
+{
+ const MD5 = 'MD5';
+ const SHA1 = 'SHA1';
+} \ No newline at end of file
diff --git a/framework/Security/TUserManager.php b/framework/Security/TUserManager.php
index 4ad67a15..f3cce876 100644
--- a/framework/Security/TUserManager.php
+++ b/framework/Security/TUserManager.php
@@ -374,26 +374,4 @@ class TUserManager extends TModule implements IUserManager
{
$user->setIsGuest(true);
}
-}
-
-/**
- * TUserManagerPasswordMode class.
- * TUserManagerPasswordMode defines the enumerable type for the possible modes
- * that user passwords can be specified for a {@link TUserManager}.
- *
- * The following enumerable values are defined:
- * - Clear: the password is in plain text
- * - MD5: the password is recorded as the MD5 hash value of the original password
- * - SHA1: the password is recorded as the SHA1 hash value of the original password
- *
- * @author Qiang Xue <qiang.xue@gmail.com>
- * @package System.Security
- * @since 3.0.4
- */
-class TUserManagerPasswordMode extends TEnumerable
-{
- const Clear='Clear';
- const MD5='MD5';
- const SHA1='SHA1';
-}
-
+} \ No newline at end of file
diff --git a/framework/Security/TUserManagerPasswordMode.php b/framework/Security/TUserManagerPasswordMode.php
new file mode 100644
index 00000000..8737fb53
--- /dev/null
+++ b/framework/Security/TUserManagerPasswordMode.php
@@ -0,0 +1,31 @@
+<?php
+/**
+ * TUserManager class
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @link http://www.pradosoft.com/
+ * @copyright Copyright &copy; 2005-2014 PradoSoft
+ * @license http://www.pradosoft.com/license/
+ * @package System.Security
+ */
+
+/**
+ * TUserManagerPasswordMode class.
+ * TUserManagerPasswordMode defines the enumerable type for the possible modes
+ * that user passwords can be specified for a {@link TUserManager}.
+ *
+ * The following enumerable values are defined:
+ * - Clear: the password is in plain text
+ * - MD5: the password is recorded as the MD5 hash value of the original password
+ * - SHA1: the password is recorded as the SHA1 hash value of the original password
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @package System.Security
+ * @since 3.0.4
+ */
+class TUserManagerPasswordMode extends TEnumerable
+{
+ const Clear='Clear';
+ const MD5='MD5';
+ const SHA1='SHA1';
+} \ No newline at end of file