From 6228873cf9d6471463d2413e7dfd7447f759baf2 Mon Sep 17 00:00:00 2001 From: "christophe.boulain" <> Date: Wed, 3 Dec 2008 14:22:03 +0000 Subject: Merge from trunk --- framework/Security/IUserManager.php | 1 - framework/Security/TAuthManager.php | 61 +++++++++++++++++++++++++++++-- framework/Security/TAuthorizationRule.php | 1 - framework/Security/TDbUserManager.php | 1 - framework/Security/TSecurityManager.php | 1 - framework/Security/TUser.php | 1 - framework/Security/TUserManager.php | 2 +- 7 files changed, 58 insertions(+), 10 deletions(-) (limited to 'framework/Security') diff --git a/framework/Security/IUserManager.php b/framework/Security/IUserManager.php index d8907160..37cf632f 100644 --- a/framework/Security/IUserManager.php +++ b/framework/Security/IUserManager.php @@ -56,4 +56,3 @@ interface IUserManager public function validateUser($username,$password); } -?> diff --git a/framework/Security/TAuthManager.php b/framework/Security/TAuthManager.php index 64422845..40d94e19 100644 --- a/framework/Security/TAuthManager.php +++ b/framework/Security/TAuthManager.php @@ -4,7 +4,7 @@ * * @author Qiang Xue * @link http://www.pradosoft.com/ - * @copyright Copyright © 2005-2008 PradoSoft + * @copyright Copyright © 2005-2008 PradoSoft * @license http://www.pradosoft.com/license/ * @version $Id$ * @package System.Security @@ -25,6 +25,13 @@ Prado::using('System.Security.IUserManager'); * browser to a login page that is specified via the {@link setLoginPage LoginPage}. * To login or logout a user, call {@link login} or {@link logout}, respectively. * + * The {@link setAuthExpire AuthExpire} property can be used to define the time + * in seconds after which the authentication should expire. + * {@link setAllowAutoLogin AllowAutoLogin} specifies if the login information + * should be stored in a cookie to perform automatic login. Enabling this + * feature will cause that {@link setAuthExpire AuthExpire} has no effect + * since the user will be logged in again on authentication expiration. + * * To load TAuthManager, configure it in application configuration as follows, * * @@ -68,6 +75,10 @@ class TAuthManager extends TModule * @var string variable name used to store user session or cookie */ private $_userKey; + /** + * @var integer authentication expiration time in seconds. Defaults to zero (no expiration) + */ + private $_authExpire=0; /** * Initializes this module. @@ -241,6 +252,24 @@ class TAuthManager extends TModule $this->_allowAutoLogin=TPropertyValue::ensureBoolean($value); } + /** + * @return integer authentication expiration time in seconds. Defaults to zero (no expiration). + * @since 3.1.3 + */ + public function getAuthExpire() + { + return $this->_authExpire; + } + + /** + * @param integer authentication expiration time in seconds. Defaults to zero (no expiration). + * @since 3.1.3 + */ + public function setAuthExpire($value) + { + $this->_authExpire=TPropertyValue::ensureInteger($value); + } + /** * Performs the real authentication work. * An OnAuthenticate event will be raised if there is any handler attached to it. @@ -260,8 +289,12 @@ class TAuthManager extends TModule $sessionInfo=$session->itemAt($this->getUserKey()); $user=$this->_userManager->getUser(null)->loadFromString($sessionInfo); + // check for authentication expiration + $isAuthExpired = $this->_authExpire>0 && !$user->getIsGuest() && + ($expiretime=$session->itemAt('AuthExpireTime')) && $expiretimegetAllowAutoLogin() && $user->getIsGuest()) + if($this->getAllowAutoLogin() && ($user->getIsGuest() || $isAuthExpired)) { $cookie=$this->getRequest()->getCookies()->itemAt($this->getUserKey()); if($cookie instanceof THttpCookie) @@ -270,17 +303,37 @@ class TAuthManager extends TModule { $user=$user2; $this->updateSessionUser($user); + // user is restored from cookie, auth may not expire + $isAuthExpired = false; } } } $application->setUser($user); + // handle authentication expiration or update expiration time + if($isAuthExpired) + $this->onAuthExpire($param); + else + $session->add('AuthExpireTime', time() + $this->_authExpire); + // event handler gets a chance to do further auth work if($this->hasEventHandler('OnAuthenticate')) $this->raiseEvent('OnAuthenticate',$this,$application); } - + + /** + * Performs user logout on authentication expiration. + * An 'OnAuthExpire' event will be raised if there is any handler attached to it. + * @param mixed parameter to be passed to OnAuthExpire event. + */ + public function onAuthExpire($param) + { + $this->logout(); + if($this->hasEventHandler('OnAuthExpire')) + $this->raiseEvent('OnAuthExpire',$this,$param); + } + /** * Performs the real authorization work. * Authorization rules obtained from the application will be used to check @@ -401,4 +454,4 @@ class TAuthManager extends TModule } } -?> +?> diff --git a/framework/Security/TAuthorizationRule.php b/framework/Security/TAuthorizationRule.php index d301737b..896ce376 100644 --- a/framework/Security/TAuthorizationRule.php +++ b/framework/Security/TAuthorizationRule.php @@ -294,4 +294,3 @@ class TAuthorizationRuleCollection extends TList } } -?> diff --git a/framework/Security/TDbUserManager.php b/framework/Security/TDbUserManager.php index bd70de8d..873d43f8 100644 --- a/framework/Security/TDbUserManager.php +++ b/framework/Security/TDbUserManager.php @@ -318,4 +318,3 @@ abstract class TDbUser extends TUser } } -?> diff --git a/framework/Security/TSecurityManager.php b/framework/Security/TSecurityManager.php index 9fbadd10..d43c9fec 100644 --- a/framework/Security/TSecurityManager.php +++ b/framework/Security/TSecurityManager.php @@ -279,4 +279,3 @@ class TSecurityManagerValidationMode extends TEnumerable const SHA1='SHA1'; } -?> diff --git a/framework/Security/TUser.php b/framework/Security/TUser.php index d0e850cf..35e3e3a5 100644 --- a/framework/Security/TUser.php +++ b/framework/Security/TUser.php @@ -220,4 +220,3 @@ class TUser extends TComponent implements IUser } } -?> diff --git a/framework/Security/TUserManager.php b/framework/Security/TUserManager.php index 6326803d..dbaa5ffb 100644 --- a/framework/Security/TUserManager.php +++ b/framework/Security/TUserManager.php @@ -148,7 +148,7 @@ class TUserManager extends TModule implements IUserManager * Loads user/role information from an XML node. * @param TXmlElement the XML node containing the user information */ - private function loadUserDataFromXml($xmlNode) + protected function loadUserDataFromXml($xmlNode) { foreach($xmlNode->getElementsByTagName('user') as $node) { -- cgit v1.2.3