Context Navigation

← Previous Change
Next Change →

auth

Timestamp:

09/25/2008 10:47:04 PM (2 months ago)

Author:

Shadowhand

Message:

Updated Auth:

Created a "session_key" configuration option to change the name of the session key that auth uses, fixes #844
Refactored Auth_Driver into an abstract class
Removed auth/driver directory, moving drivers up one level
Updated Auth, Auth_ORM, and Auth_File to match changes

Location:

trunk/modules/auth

Files:

: 4 modified
: 2 moved

classes/auth.php (modified) (2 diffs)
classes/auth/driver.php (modified) (6 diffs)
classes/auth/file.php (moved) (moved from trunk/modules/auth/classes/auth/driver/file.php) (5 diffs)
classes/auth/orm.php (moved) (moved from trunk/modules/auth/classes/auth/driver/orm.php) (7 diffs)
config/auth.php (modified) (2 diffs)
views/auth/install.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/modules/auth/classes/auth.php

r3484	r3488
59	59
60	60	// Set the driver class name
61		$driver = 'Auth_~~Driver_~~'.$config['driver'];
	61	$driver = 'Auth_'.$config['driver'];
62	62
63	63	if ( ! Kohana::auto_load($driver))
…	…
95	95	public function get_user()
96	96	{
97		if ($this->~~driver->logged_in(NULL~~))
98		{
99		return Session::instance()->get(~~'auth_user'~~, FALSE);
	97	if ($this->logged_in())
	98	{
	99	return Session::instance()->get($this->config['session_key'], FALSE);
100	100	}
101	101

trunk/modules/auth/classes/auth/driver.php

r3398	r3488
1	1	<?php
2	2	/**
3		* A~~uth driver interface~~.
	3	* Abstract Auth driver, must be extended by all drivers.
4	4	*
5	5	* $Id$
…	…
10	10	* @license http://kohanaphp.com/license.html
11	11	*/
12		interface Auth_Driver {
	12	abstract class Auth_Driver {
	13
	14	// Session instance
	15	protected $session;
	16
	17	// Configuration
	18	protected $config;
	19
	20	/**
	21	* Creates a new driver instance, loading the session and storing config.
	22	*
	23	* @param array configuration
	24	* @return void
	25	*/
	26	public function __construct(array $config)
	27	{
	28	// Load Session
	29	$this->session = Session::instance();
	30
	31	// Store config
	32	$this->config = $config;
	33	}
	34
	35	/**
	36	* Checks if a session is active.
	37	*
	38	* @param string role name (not supported)
	39	* @return boolean
	40	*/
	41	public function logged_in($role)
	42	{
	43	return isset($_SESSION[$this->config['session_key']]);
	44	}
13	45
14	46	/**
…	…
20	52	* @return boolean
21	53	*/
22		public function login($username, $password, $remember);
	54	abstract public function login($username, $password, $remember);
23	55
24	56	/**
…	…
28	60	* @return boolean
29	61	*/
30		public function force_login($username);
	62	abstract public function force_login($username);
31	63
32	64	/**
33	65	* Logs a user in, based on stored credentials, typically cookies.
	66	* Not supported by default.
34	67	*
35	68	* @return boolean
36	69	*/
37		public function auto_login();
	70	public function auto_login()
	71	{
	72	return FALSE;
	73	}
38	74
39	75	/**
…	…
43	79	* @return boolean
44	80	*/
45		public function logout($destroy);
	81	public function logout($destroy)
	82	{
	83	if ($destroy === TRUE)
	84	{
	85	// Destroy the session completely
	86	Session::instance()->destroy();
	87	}
	88	else
	89	{
	90	// Remove the user from the session
	91	$this->session->delete($this->config['session_key']);
46	92
47		/**
48		* Checks if a session is active.
49		*
50		* @param string role name
51		* @return boolean
52		*/
53		~~public function logged_in($role);~~
	93	// Regenerate session_id
	94	$this->session->regenerate();
	95	}
	96
	97	// Double check
	98	return ! $this->logged_in(NULL);
	99	}
54	100
55	101	/**
…	…
59	105	* @return string
60	106	*/
61		public function password($username);
	107	abstract public function password($username);
	108
	109	/**
	110	* Completes a login by assigning the user to the session key.
	111	*
	112	* @param string username
	113	* @return TRUE
	114	*/
	115	protected function complete_login($user)
	116	{
	117	// Regenerate session_id
	118	$this->session->regenerate();
	119
	120	// Store username in session
	121	$_SESSION[$this->config['session_key']] = $user;
	122
	123	return TRUE;
	124	}
62	125
63	126	} // End Auth_Driver Interface

trunk/modules/auth/classes/auth/file.php

r3398	r3488
11	11	* @license http://kohanaphp.com/license.html
12	12	*/
13		class Auth_~~Driver_File_Core implement~~s Auth_Driver {
	13	class Auth_File extends Auth_Driver {
14	14
15	15	// User list
16	16	protected $users;
17
18		~~// Session instance~~
19		~~protected $session;~~
20	17
21	18	/**
…	…
24	21	public function __construct(array $config)
25	22	{
	23	parent::__construct($config);
	24
26	25	// Load user list
27	26	$this->users = empty($config['users']) ? array() : $config['users'];
28
29		~~// Load Session~~
30		~~$this->session = Session::instance();~~
31	27	}
32	28
…	…
44	40	if ($this->password($username) === $password)
45	41	{
46		// Regenerate session_id
47		$this->session->regenerate();
48
49		// Store username in session
50		$_SESSION['auth_user'] = $username;
51
52		return TRUE;
	42	// Complete the login
	43	return $this->complete_login($username);
53	44	}
54	45
…	…
65	56	public function force_login($username)
66	57	{
67		// Regenerate session_id
68		$this->session->regenerate();
69
70		// Store username in session
71		$_SESSION['auth_user'] = $username;
72
73		return TRUE;
74		}
75
76		/**
77		* Logs a user in, based on stored credentials. (not supported)
78		*
79		* @return boolean
80		*/
81		public function auto_login()
82		{
83		return FALSE;
84		}
85
86		/**
87		* Log a user out.
88		*
89		* @param boolean completely destroy the session
90		* @return boolean
91		*/
92		public function logout($destroy)
93		{
94		if ($destroy === TRUE)
95		{
96		// Destroy the session completely
97		Session::instance()->destroy();
98		}
99		else
100		{
101		// Remove the user session
102		unset($_SESSION['auth_user']);
103
104		// Regenerate session_id
105		$this->session->regenerate();
106		}
107
108		// Double check
109		return ! $this->logged_in(NULL);
110		}
111
112		/**
113		* Checks if a session is active.
114		*
115		* @param string role name (not supported)
116		* @return boolean
117		*/
118		public function logged_in($role)
119		{
120		return isset($_SESSION['auth_user']);
	58	// Complete the login
	59	return $this->complate_login($username);
121	60	}
122	61
…	…
129	68	public function password($username)
130	69	{
131		return ~~(isset($this->users[$username])~~) ? $this->users[$username] : FALSE;
	70	return isset($this->users[$username]) ? $this->users[$username] : FALSE;
132	71	}
133	72

trunk/modules/auth/classes/auth/orm.php

r3399	r3488
10	10	* @license http://kohanaphp.com/license.html
11	11	*/
12		class Auth_Driver_ORM_Core implements Auth_Driver {
13
14		protected $config;
15
16		// Session library
17		protected $session;
18
19		/**
20		* Constructor. Loads the Session instance.
21		*
22		* @return void
23		*/
24		public function __construct(array $config)
25		{
26		// Load config
27		$this->config = $config;
28
29		// Load libraries
30		$this->session = Session::instance();
31		}
32
	12	class Auth_ORM extends Auth_Driver {
	13
	14	/**
	15	* Checks if a session is active.
	16	*
	17	* @param string role name
	18	* @return boolean
	19	*/
33	20	public function logged_in($role)
34	21	{
35	22	$status = FALSE;
36	23
37		// Checks if a user is logged in and valid
38		if ( ! empty($_SESSION['auth_user']) AND is_object($_SESSION['auth_user'])
39		AND ($_SESSION['auth_user'] instanceof Model_User) AND $_SESSION['auth_user']->loaded)
	24	// Get the user from the session
	25	$user = $this->session->get($this->config['session_key']);
	26
	27	if (is_object($user) AND $user instanceof Model_User AND $user->loaded)
40	28	{
41	29	// Everything is okay so far
…	…
44	32	if ( ! empty($role))
45	33	{
	34	if ( ! is_object($role))
	35	{
	36	// Load the role
	37	$role = ORM::factory('role', $role);
	38	}
	39
46	40	// Check that the user has the given role
47		$status = $~~_SESSION['auth_user']->has(ORM::factory('role', $role)~~);
	41	$status = $user->has($role);
48	42	}
49	43	}
…	…
52	46	}
53	47
	48	/**
	49	* Logs a user in.
	50	*
	51	* @param string username
	52	* @param string password
	53	* @param boolean enable auto-login
	54	* @return boolean
	55	*/
54	56	public function login($user, $password, $remember)
55	57	{
…	…
87	89	}
88	90
	91	/**
	92	* Forces a user to be logged in, without specifying a password.
	93	*
	94	* @param mixed username
	95	* @return boolean
	96	*/
89	97	public function force_login($user)
90	98	{
…	…
95	103	}
96	104
97		~~// Mark the session as forced, to prevent users from changing account information~~
98		~~$_SESSION['auth_forced'] = TRUE;~~
99
100	105	// Run the standard completion
101	106	$this->complete_login($user);
102	107	}
103	108
	109	/**
	110	* Logs a user in, based on the authautologin cookie.
	111	*
	112	* @return boolean
	113	*/
104	114	public function auto_login()
105	115	{
…	…
134	144	}
135	145
	146	/**
	147	* Log a user out and remove any auto-login cookies.
	148	*
	149	* @param boolean completely destroy the session
	150	* @return boolean
	151	*/
136	152	public function logout($destroy)
137	153	{
138		// Delete the autologin cookie if it exists
139		cookie::get('authautologin') and cookie::delete('authautologin');
140
141		if ($destroy === TRUE)
142		{
143		// Destroy the session completely
144		Session::instance()->destroy();
145		}
146		else
147		{
148		// Remove the user object from the session
149		unset($_SESSION['auth_user']);
150
151		// Regenerate session_id
152		$this->session->regenerate();
153		}
154
155		// Double check
156		return ! isset($_SESSION['auth_user']);
157		}
158
	154	if (cookie::get('authautologin'))
	155	{
	156	// Delete the autologin cookie to prevent re-login
	157	cookie::delete('authautologin');
	158	}
	159
	160	return parent::logout($destroy);
	161	}
	162
	163	/**
	164	* Get the stored password for a username.
	165	*
	166	* @param mixed username
	167	* @return string
	168	*/
159	169	public function password($user)
160	170	{
…	…
186	196	$user->save();
187	197
188		// Regenerate session_id
189		$this->session->regenerate();
190
191		// Store session data
192		$_SESSION['auth_user'] = $user;
	198	return parent::complete_login($user);
193	199	}
194	200

trunk/modules/auth/config/auth.php

r3326	r3488
10	10
11	11	/**
12		* Driver to use for authentication. By default, ~~LDAP~~ and ORM are available.
	12	* Driver to use for authentication. By default, File and ORM are available.
13	13	*/
14	14	$config['driver'] = 'ORM';
…	…
36	36
37	37	/**
	38	* Set the session key that will be used to store the current user.
	39	*/
	40	$config['session_key'] = 'auth_user';
	41
	42	/**
38	43	* Usernames (keys) and hashed passwords (values) used by the File driver.
	44	* Default admin password is "admin". You are encouraged to change this.
39	45	*/
40	46	$config['users'] = array
41	47	(
42		// 'admin' => '~~4ccd0e25c2a7ffefd4b92ecbbd4781752920145f826a881073~~',
	48	// 'admin' => 'b3154acf3a344170077d11bdb5fff31532f679a1919e716a02',
43	49	);

trunk/modules/auth/views/auth/install.php

r3403	r3488
6	6
7	7	<p>After the tables have been installed, you will be able to <?php echo html::anchor('auth/create', 'create a user') ?>.</p>
	8	<p>If you have already created an account, <?php echo html::anchor('auth/login', 'login now') ?>.</p>
8	9
9	10	<p><em>This query is MySQL-specific, but should be easy to adapt to an database that supports foreign keys.</em></p>

Context Navigation

Changeset 3488 for trunk/modules/auth

Legend:

trunk/modules/auth/classes/auth.php

trunk/modules/auth/classes/auth/driver.php

trunk/modules/auth/classes/auth/file.php

trunk/modules/auth/classes/auth/orm.php

trunk/modules/auth/config/auth.php

trunk/modules/auth/views/auth/install.php

Download in other formats: