From 3dc2a1c23cefab8eec0fc564ac7ca421e8e357e1 Mon Sep 17 00:00:00 2001 From: mikl <> Date: Wed, 15 Oct 2008 11:03:36 +0000 Subject: Ticket #857 (AuthExpire) --- HISTORY | 1 + framework/Security/TAuthManager.php | 61 ++++++++++++++++++++++++++++++++++--- 2 files changed, 58 insertions(+), 4 deletions(-) diff --git a/HISTORY b/HISTORY index 508a93ef..bcb6407f 100644 --- a/HISTORY +++ b/HISTORY @@ -42,6 +42,7 @@ ENH: Ticket#913 - PRADO Copyright notice in HTML source (Carl) NEW: Added Prado.Validation.validateControl(id) on client side to validate a specific control (Michael) NEW: Added MessageSource_Database to I18N (uses TDbConnection) (Michael) NEW: Ticket#935 - Add TDatePicker (Brad, Christophe) +NEW: Ticket#857 - Added Authentication expiration support to TAuthManager (Michael) NEW: Ticket#853 - Add Drag and drop components (Christophe) Version 3.1.2 April 21, 2008 diff --git a/framework/Security/TAuthManager.php b/framework/Security/TAuthManager.php index 64422845..40d94e19 100644 --- a/framework/Security/TAuthManager.php +++ b/framework/Security/TAuthManager.php @@ -4,7 +4,7 @@ * * @author Qiang Xue * @link http://www.pradosoft.com/ - * @copyright Copyright © 2005-2008 PradoSoft + * @copyright Copyright © 2005-2008 PradoSoft * @license http://www.pradosoft.com/license/ * @version $Id$ * @package System.Security @@ -25,6 +25,13 @@ Prado::using('System.Security.IUserManager'); * browser to a login page that is specified via the {@link setLoginPage LoginPage}. * To login or logout a user, call {@link login} or {@link logout}, respectively. * + * The {@link setAuthExpire AuthExpire} property can be used to define the time + * in seconds after which the authentication should expire. + * {@link setAllowAutoLogin AllowAutoLogin} specifies if the login information + * should be stored in a cookie to perform automatic login. Enabling this + * feature will cause that {@link setAuthExpire AuthExpire} has no effect + * since the user will be logged in again on authentication expiration. + * * To load TAuthManager, configure it in application configuration as follows, * * @@ -68,6 +75,10 @@ class TAuthManager extends TModule * @var string variable name used to store user session or cookie */ private $_userKey; + /** + * @var integer authentication expiration time in seconds. Defaults to zero (no expiration) + */ + private $_authExpire=0; /** * Initializes this module. @@ -241,6 +252,24 @@ class TAuthManager extends TModule $this->_allowAutoLogin=TPropertyValue::ensureBoolean($value); } + /** + * @return integer authentication expiration time in seconds. Defaults to zero (no expiration). + * @since 3.1.3 + */ + public function getAuthExpire() + { + return $this->_authExpire; + } + + /** + * @param integer authentication expiration time in seconds. Defaults to zero (no expiration). + * @since 3.1.3 + */ + public function setAuthExpire($value) + { + $this->_authExpire=TPropertyValue::ensureInteger($value); + } + /** * Performs the real authentication work. * An OnAuthenticate event will be raised if there is any handler attached to it. @@ -260,8 +289,12 @@ class TAuthManager extends TModule $sessionInfo=$session->itemAt($this->getUserKey()); $user=$this->_userManager->getUser(null)->loadFromString($sessionInfo); + // check for authentication expiration + $isAuthExpired = $this->_authExpire>0 && !$user->getIsGuest() && + ($expiretime=$session->itemAt('AuthExpireTime')) && $expiretimegetAllowAutoLogin() && $user->getIsGuest()) + if($this->getAllowAutoLogin() && ($user->getIsGuest() || $isAuthExpired)) { $cookie=$this->getRequest()->getCookies()->itemAt($this->getUserKey()); if($cookie instanceof THttpCookie) @@ -270,17 +303,37 @@ class TAuthManager extends TModule { $user=$user2; $this->updateSessionUser($user); + // user is restored from cookie, auth may not expire + $isAuthExpired = false; } } } $application->setUser($user); + // handle authentication expiration or update expiration time + if($isAuthExpired) + $this->onAuthExpire($param); + else + $session->add('AuthExpireTime', time() + $this->_authExpire); + // event handler gets a chance to do further auth work if($this->hasEventHandler('OnAuthenticate')) $this->raiseEvent('OnAuthenticate',$this,$application); } - + + /** + * Performs user logout on authentication expiration. + * An 'OnAuthExpire' event will be raised if there is any handler attached to it. + * @param mixed parameter to be passed to OnAuthExpire event. + */ + public function onAuthExpire($param) + { + $this->logout(); + if($this->hasEventHandler('OnAuthExpire')) + $this->raiseEvent('OnAuthExpire',$this,$param); + } + /** * Performs the real authorization work. * Authorization rules obtained from the application will be used to check @@ -401,4 +454,4 @@ class TAuthManager extends TModule } } -?> +?> -- cgit v1.2.3