diff options
Diffstat (limited to 'framework/Security')
-rw-r--r-- | framework/Security/TAuthorizationRule.php | 54 | ||||
-rw-r--r-- | framework/Security/TAuthorizationRuleCollection.php | 61 | ||||
-rw-r--r-- | framework/Security/TDbUser.php | 121 | ||||
-rw-r--r-- | framework/Security/TDbUserManager.php | 114 | ||||
-rw-r--r-- | framework/Security/TSecurityManager.php | 26 | ||||
-rw-r--r-- | framework/Security/TSecurityManagerValidationMode.php | 32 | ||||
-rw-r--r-- | framework/Security/TUserManager.php | 24 | ||||
-rw-r--r-- | framework/Security/TUserManagerPasswordMode.php | 31 |
8 files changed, 250 insertions, 213 deletions
diff --git a/framework/Security/TAuthorizationRule.php b/framework/Security/TAuthorizationRule.php index aa9bed90..6da784c7 100644 --- a/framework/Security/TAuthorizationRule.php +++ b/framework/Security/TAuthorizationRule.php @@ -238,56 +238,4 @@ class TAuthorizationRule extends TComponent { return ($this->_verb==='*' || strcasecmp($verb,$this->_verb)===0); } -} - - -/** - * TAuthorizationRuleCollection class. - * TAuthorizationRuleCollection represents a collection of authorization rules {@link TAuthorizationRule}. - * To check if a user is allowed, call {@link isUserAllowed}. - * - * @author Qiang Xue <qiang.xue@gmail.com> - * @package System.Security - * @since 3.0 - */ -class TAuthorizationRuleCollection extends TList -{ - /** - * @param IUser the user to be authorized - * @param string verb, can be empty, 'post' or 'get'. - * @param string the request IP address - * @return boolean whether the user is allowed - */ - public function isUserAllowed($user,$verb,$ip) - { - if($user instanceof IUser) - { - $verb=strtolower(trim($verb)); - foreach($this as $rule) - { - if(($decision=$rule->isUserAllowed($user,$verb,$ip))!==0) - return ($decision>0); - } - return true; - } - else - return false; - } - - /** - * Inserts an item at the specified position. - * This overrides the parent implementation by performing additional - * operations for each newly added TAuthorizationRule object. - * @param integer the specified position. - * @param mixed new item - * @throws TInvalidDataTypeException if the item to be inserted is not a TAuthorizationRule object. - */ - public function insertAt($index,$item) - { - if($item instanceof TAuthorizationRule) - parent::insertAt($index,$item); - else - throw new TInvalidDataTypeException('authorizationrulecollection_authorizationrule_required'); - } -} - +}
\ No newline at end of file diff --git a/framework/Security/TAuthorizationRuleCollection.php b/framework/Security/TAuthorizationRuleCollection.php new file mode 100644 index 00000000..d83cb567 --- /dev/null +++ b/framework/Security/TAuthorizationRuleCollection.php @@ -0,0 +1,61 @@ +<?php +/** + * TAuthorizationRule, TAuthorizationRuleCollection class file + * + * @author Qiang Xue <qiang.xue@gmail.com> + * @link http://www.pradosoft.com/ + * @copyright Copyright © 2005-2014 PradoSoft + * @license http://www.pradosoft.com/license/ + * @package System.Security + */ + + +/** + * TAuthorizationRuleCollection class. + * TAuthorizationRuleCollection represents a collection of authorization rules {@link TAuthorizationRule}. + * To check if a user is allowed, call {@link isUserAllowed}. + * + * @author Qiang Xue <qiang.xue@gmail.com> + * @package System.Security + * @since 3.0 + */ +class TAuthorizationRuleCollection extends TList +{ + /** + * @param IUser the user to be authorized + * @param string verb, can be empty, 'post' or 'get'. + * @param string the request IP address + * @return boolean whether the user is allowed + */ + public function isUserAllowed($user,$verb,$ip) + { + if($user instanceof IUser) + { + $verb=strtolower(trim($verb)); + foreach($this as $rule) + { + if(($decision=$rule->isUserAllowed($user,$verb,$ip))!==0) + return ($decision>0); + } + return true; + } + else + return false; + } + + /** + * Inserts an item at the specified position. + * This overrides the parent implementation by performing additional + * operations for each newly added TAuthorizationRule object. + * @param integer the specified position. + * @param mixed new item + * @throws TInvalidDataTypeException if the item to be inserted is not a TAuthorizationRule object. + */ + public function insertAt($index,$item) + { + if($item instanceof TAuthorizationRule) + parent::insertAt($index,$item); + else + throw new TInvalidDataTypeException('authorizationrulecollection_authorizationrule_required'); + } +}
\ No newline at end of file diff --git a/framework/Security/TDbUser.php b/framework/Security/TDbUser.php new file mode 100644 index 00000000..0939b41c --- /dev/null +++ b/framework/Security/TDbUser.php @@ -0,0 +1,121 @@ +<?php +/** + * TDbUserManager class + * + * @author Qiang Xue <qiang.xue@gmail.com> + * @link http://www.pradosoft.com/ + * @copyright Copyright © 2005-2014 PradoSoft + * @license http://www.pradosoft.com/license/ + * @package System.Security + */ + + +/** + * TDbUser class + * + * TDbUser is the base user class for using together with {@link TDbUserManager}. + * Two methods are declared and must be implemented in the descendant classes: + * - {@link validateUser()}: validates if username and password are correct entries. + * - {@link createUser()}: creates a new user instance given the username + * + * @author Qiang Xue <qiang.xue@gmail.com> + * @package System.Security + * @since 3.1.0 + */ +abstract class TDbUser extends TUser +{ + private $_connection; + + /** + * Returns a database connection that may be used to retrieve data from database. + * + * @return TDbConnection database connection that may be used to retrieve data from database + */ + public function getDbConnection() + { + if($this->_connection===null) + { + $userManager=$this->getManager(); + if($userManager instanceof TDbUserManager) + { + $connection=$userManager->getDbConnection(); + if($connection instanceof TDbConnection) + { + $connection->setActive(true); + $this->_connection=$connection; + } + } + if($this->_connection===null) + throw new TConfigurationException('dbuser_dbconnection_invalid'); + } + return $this->_connection; + } + + /** + * Validates if username and password are correct entries. + * Usually, this is accomplished by checking if the user database + * contains this (username, password) pair. + * You may use {@link getDbConnection DbConnection} to deal with database. + * @param string username (case-sensitive) + * @param string password + * @return boolean whether the validation succeeds + */ + abstract public function validateUser($username,$password); + + /** + * Creates a new user instance given the username. + * This method usually needs to retrieve necessary user information + * (e.g. role, name, rank, etc.) from the user database according to + * the specified username. The newly created user instance should be + * initialized with these information. + * + * If the username is invalid (not found in the user database), null + * should be returned. + * + * You may use {@link getDbConnection DbConnection} to deal with database. + * + * @param string username (case-sensitive) + * @return TDbUser the newly created and initialized user instance + */ + abstract public function createUser($username); + + /** + * Creates a new user instance given the cookie containing auth data. + * + * This method is invoked when {@link TAuthManager::setAllowAutoLogin AllowAutoLogin} is set true. + * The default implementation simply returns null, meaning no user instance can be created + * from the given cookie. + * + * If you want to support automatic login (remember login), you should override this method. + * Typically, you obtain the username and a unique token from the cookie's value. + * You then verify the token is valid and use the username to create a user instance. + * + * @param THttpCookie the cookie storing user authentication information + * @return TDbUser the user instance generated based on the cookie auth data, null if the cookie does not have valid auth data. + * @see saveUserToCookie + * @since 3.1.1 + */ + public function createUserFromCookie($cookie) + { + return null; + } + + /** + * Saves necessary auth data into a cookie. + * This method is invoked when {@link TAuthManager::setAllowAutoLogin AllowAutoLogin} is set true. + * The default implementation does nothing, meaning auth data is not stored in the cookie + * (and thus automatic login is not supported.) + * + * If you want to support automatic login (remember login), you should override this method. + * Typically, you generate a unique token according to the current login information + * and save it together with the username in the cookie's value. + * You should avoid revealing the password in the generated token. + * + * @param THttpCookie the cookie to store the user auth information + * @see createUserFromCookie + * @since 3.1.1 + */ + public function saveUserToCookie($cookie) + { + } +}
\ No newline at end of file diff --git a/framework/Security/TDbUserManager.php b/framework/Security/TDbUserManager.php index 0832dfe5..88910b9a 100644 --- a/framework/Security/TDbUserManager.php +++ b/framework/Security/TDbUserManager.php @@ -202,116 +202,4 @@ class TDbUserManager extends TModule implements IUserManager if($user instanceof TDbUser) $user->saveUserToCookie($cookie); } -} - - -/** - * TDbUser class - * - * TDbUser is the base user class for using together with {@link TDbUserManager}. - * Two methods are declared and must be implemented in the descendant classes: - * - {@link validateUser()}: validates if username and password are correct entries. - * - {@link createUser()}: creates a new user instance given the username - * - * @author Qiang Xue <qiang.xue@gmail.com> - * @package System.Security - * @since 3.1.0 - */ -abstract class TDbUser extends TUser -{ - private $_connection; - - /** - * Returns a database connection that may be used to retrieve data from database. - * - * @return TDbConnection database connection that may be used to retrieve data from database - */ - public function getDbConnection() - { - if($this->_connection===null) - { - $userManager=$this->getManager(); - if($userManager instanceof TDbUserManager) - { - $connection=$userManager->getDbConnection(); - if($connection instanceof TDbConnection) - { - $connection->setActive(true); - $this->_connection=$connection; - } - } - if($this->_connection===null) - throw new TConfigurationException('dbuser_dbconnection_invalid'); - } - return $this->_connection; - } - - /** - * Validates if username and password are correct entries. - * Usually, this is accomplished by checking if the user database - * contains this (username, password) pair. - * You may use {@link getDbConnection DbConnection} to deal with database. - * @param string username (case-sensitive) - * @param string password - * @return boolean whether the validation succeeds - */ - abstract public function validateUser($username,$password); - - /** - * Creates a new user instance given the username. - * This method usually needs to retrieve necessary user information - * (e.g. role, name, rank, etc.) from the user database according to - * the specified username. The newly created user instance should be - * initialized with these information. - * - * If the username is invalid (not found in the user database), null - * should be returned. - * - * You may use {@link getDbConnection DbConnection} to deal with database. - * - * @param string username (case-sensitive) - * @return TDbUser the newly created and initialized user instance - */ - abstract public function createUser($username); - - /** - * Creates a new user instance given the cookie containing auth data. - * - * This method is invoked when {@link TAuthManager::setAllowAutoLogin AllowAutoLogin} is set true. - * The default implementation simply returns null, meaning no user instance can be created - * from the given cookie. - * - * If you want to support automatic login (remember login), you should override this method. - * Typically, you obtain the username and a unique token from the cookie's value. - * You then verify the token is valid and use the username to create a user instance. - * - * @param THttpCookie the cookie storing user authentication information - * @return TDbUser the user instance generated based on the cookie auth data, null if the cookie does not have valid auth data. - * @see saveUserToCookie - * @since 3.1.1 - */ - public function createUserFromCookie($cookie) - { - return null; - } - - /** - * Saves necessary auth data into a cookie. - * This method is invoked when {@link TAuthManager::setAllowAutoLogin AllowAutoLogin} is set true. - * The default implementation does nothing, meaning auth data is not stored in the cookie - * (and thus automatic login is not supported.) - * - * If you want to support automatic login (remember login), you should override this method. - * Typically, you generate a unique token according to the current login information - * and save it together with the username in the cookie's value. - * You should avoid revealing the password in the generated token. - * - * @param THttpCookie the cookie to store the user auth information - * @see createUserFromCookie - * @since 3.1.1 - */ - public function saveUserToCookie($cookie) - { - } -} - +}
\ No newline at end of file diff --git a/framework/Security/TSecurityManager.php b/framework/Security/TSecurityManager.php index bdb85564..2f9ef464 100644 --- a/framework/Security/TSecurityManager.php +++ b/framework/Security/TSecurityManager.php @@ -1,5 +1,4 @@ <?php - /** * TSecurityManager class file * @@ -10,6 +9,7 @@ * @package System.Security */ + /** * TSecurityManager class * @@ -337,26 +337,4 @@ class TSecurityManager extends TModule { return $this->_mbstring ? mb_substr($string,$start,$length,'8bit') : substr($string,$start,$length); } -} - -/** - * TSecurityManagerValidationMode class. - * - * This class has been deprecated since version 3.2.1. - * - * TSecurityManagerValidationMode defines the enumerable type for the possible validation modes - * that can be used by {@link TSecurityManager}. - * - * The following enumerable values are defined: - * - MD5: an MD5 hash is generated from the data and used for validation. - * - SHA1: an SHA1 hash is generated from the data and used for validation. - * - * @author Qiang Xue <qiang.xue@gmail.com> - * @package System.Security - * @since 3.0.4 - */ -class TSecurityManagerValidationMode extends TEnumerable -{ - const MD5 = 'MD5'; - const SHA1 = 'SHA1'; -} +}
\ No newline at end of file diff --git a/framework/Security/TSecurityManagerValidationMode.php b/framework/Security/TSecurityManagerValidationMode.php new file mode 100644 index 00000000..fe1086b5 --- /dev/null +++ b/framework/Security/TSecurityManagerValidationMode.php @@ -0,0 +1,32 @@ +<?php +/** + * TSecurityManager class file + * + * @author Qiang Xue <qiang.xue@gmail.com> + * @link http://www.pradosoft.com/ + * @copyright Copyright © 2005-2014 PradoSoft + * @license http://www.pradosoft.com/license/ + * @package System.Security + */ + +/** + * TSecurityManagerValidationMode class. + * + * This class has been deprecated since version 3.2.1. + * + * TSecurityManagerValidationMode defines the enumerable type for the possible validation modes + * that can be used by {@link TSecurityManager}. + * + * The following enumerable values are defined: + * - MD5: an MD5 hash is generated from the data and used for validation. + * - SHA1: an SHA1 hash is generated from the data and used for validation. + * + * @author Qiang Xue <qiang.xue@gmail.com> + * @package System.Security + * @since 3.0.4 + */ +class TSecurityManagerValidationMode extends TEnumerable +{ + const MD5 = 'MD5'; + const SHA1 = 'SHA1'; +}
\ No newline at end of file diff --git a/framework/Security/TUserManager.php b/framework/Security/TUserManager.php index 4ad67a15..f3cce876 100644 --- a/framework/Security/TUserManager.php +++ b/framework/Security/TUserManager.php @@ -374,26 +374,4 @@ class TUserManager extends TModule implements IUserManager { $user->setIsGuest(true); } -} - -/** - * TUserManagerPasswordMode class. - * TUserManagerPasswordMode defines the enumerable type for the possible modes - * that user passwords can be specified for a {@link TUserManager}. - * - * The following enumerable values are defined: - * - Clear: the password is in plain text - * - MD5: the password is recorded as the MD5 hash value of the original password - * - SHA1: the password is recorded as the SHA1 hash value of the original password - * - * @author Qiang Xue <qiang.xue@gmail.com> - * @package System.Security - * @since 3.0.4 - */ -class TUserManagerPasswordMode extends TEnumerable -{ - const Clear='Clear'; - const MD5='MD5'; - const SHA1='SHA1'; -} - +}
\ No newline at end of file diff --git a/framework/Security/TUserManagerPasswordMode.php b/framework/Security/TUserManagerPasswordMode.php new file mode 100644 index 00000000..8737fb53 --- /dev/null +++ b/framework/Security/TUserManagerPasswordMode.php @@ -0,0 +1,31 @@ +<?php +/** + * TUserManager class + * + * @author Qiang Xue <qiang.xue@gmail.com> + * @link http://www.pradosoft.com/ + * @copyright Copyright © 2005-2014 PradoSoft + * @license http://www.pradosoft.com/license/ + * @package System.Security + */ + +/** + * TUserManagerPasswordMode class. + * TUserManagerPasswordMode defines the enumerable type for the possible modes + * that user passwords can be specified for a {@link TUserManager}. + * + * The following enumerable values are defined: + * - Clear: the password is in plain text + * - MD5: the password is recorded as the MD5 hash value of the original password + * - SHA1: the password is recorded as the SHA1 hash value of the original password + * + * @author Qiang Xue <qiang.xue@gmail.com> + * @package System.Security + * @since 3.0.4 + */ +class TUserManagerPasswordMode extends TEnumerable +{ + const Clear='Clear'; + const MD5='MD5'; + const SHA1='SHA1'; +}
\ No newline at end of file |