Add Auth/Manager.php, currently without tests
The Auth Manager class incorporates the functionality of the Backend.php and Auth.php class and handles authentication. The authorization parts from the Auth.php (hasPermission(), etc.) have been removed and will be added to the user class refs #4265
This commit is contained in:
Jannis Moßhammer
Marius Hein
parent
9206b30254
commit
06b7b9ee2e
|
|
@ -0,0 +1,108 @@
|
|||
<?php
|
||||
|
||||
|
||||
namespace Icinga\Authentication;
|
||||
|
||||
use Icinga\Application\Logger as Logger;
|
||||
|
||||
class Manager
|
||||
{
|
||||
const BACKEND_TYPE_USER = "User";
|
||||
const BACKEND_TYPE_GROUP = "Group";
|
||||
|
||||
private $user = null;
|
||||
private $groups = array();
|
||||
private $userBackend = null;
|
||||
private $groupBackend = null;
|
||||
private $session = null;
|
||||
|
||||
private function __construct($config = null, array $options = array())
|
||||
{
|
||||
if ($config === null) {
|
||||
$config = Config::getInstance()->authentication;
|
||||
}
|
||||
|
||||
if (isset($options["userBackendClass"])) {
|
||||
$this->userBackend = $options["userBackendClass"];
|
||||
} elseif ($config->users !== null) {
|
||||
$this->userBackend = initBackend(BACKEND_TYPE_USER, $config->users);
|
||||
}
|
||||
|
||||
if (isset($options["groupBackendClass"])) {
|
||||
$this->userBackend = $options["groupBackendClass"];
|
||||
} elseif ($config->groups != null) {
|
||||
$this->groupBackend = initBackend(BACKEND_TYPE_GROUP, $config->groups);
|
||||
}
|
||||
|
||||
if (!isset($options["sessionClass"])) {
|
||||
$this->session = new PhpSession($config->session);
|
||||
} else {
|
||||
$options["sessionClass"];
|
||||
}
|
||||
}
|
||||
|
||||
public static function getInstance($config = null, array $options = array())
|
||||
{
|
||||
if (self::$instance === null) {
|
||||
self::$instance = new Auth($config, $options);
|
||||
}
|
||||
return self::$instance;
|
||||
}
|
||||
|
||||
private function initBackend($authenticationTarget, $authenticationSource)
|
||||
{
|
||||
$userbackend = ucwords(strtolower($authenticationSource->backend));
|
||||
$class = '\\Icinga\\Authentication\\' . $backend . $authenticationTarget. 'Backend';
|
||||
return new $class($authenticationSource);
|
||||
}
|
||||
|
||||
public function authenticate(Credentials $credentials)
|
||||
{
|
||||
if (!$this->userBackend->hasUsername($credentials)) {
|
||||
Logger::info("Unknown user %s tried to log in", $credentials->getUsername());
|
||||
return false;
|
||||
}
|
||||
$this->user = $this->userBackend->authenticate($credentials);
|
||||
if ($this->user == null) {
|
||||
Logger::info("Invalid credentials for user %s provided", $credentials->getUsername());
|
||||
return false;
|
||||
}
|
||||
|
||||
persistCurrentUser();
|
||||
return true;
|
||||
}
|
||||
|
||||
public function persistCurrentUser()
|
||||
{
|
||||
$this->session->set("user", $this->user->toSession());
|
||||
}
|
||||
|
||||
public function authenticateFromSession()
|
||||
{
|
||||
$this->user = User::fromSession($this->session->get("user", null));
|
||||
}
|
||||
|
||||
public function isAuthenticated()
|
||||
{
|
||||
if ($this->user === null) {
|
||||
$this->authenticateFromSession();
|
||||
}
|
||||
return is_object($this->user) && !empty($this->user->username);
|
||||
}
|
||||
|
||||
public function removeAuthorization()
|
||||
{
|
||||
$this->user = null;
|
||||
$this->session->delete();
|
||||
}
|
||||
|
||||
public function getUser()
|
||||
{
|
||||
return $this->user;
|
||||
}
|
||||
|
||||
public function getGroups()
|
||||
{
|
||||
return $this->user->getGroups();
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue