tyler.durden/icingaweb2
1
0
Fork 0
mirror of https://github.com/Icinga/icingaweb2.git synced 2025-07-23 13:54:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

lib: Reorder functions in Auth

Browse Source 
refs #9660
This commit is contained in:
Eric Lippmann 2015-07-29 15:52:56 +02:00
parent e7c7486097
commit 96e3111f58
1 changed files with 67 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

131
library/Icinga/Authentication/Auth.php
View File

@ -32,6 +32,9 @@ class Auth
private $user; private $user;
/**
* @see getInstance()
*/
private function __construct() private function __construct()
{ {
} }
@ -59,6 +62,21 @@ class Auth
return new AuthChain(); return new AuthChain();
} }
/**
* Whether the user is authenticated
*
* @param bool $ignoreSession True to prevent session authentication
*
* @return bool
*/
public function isAuthenticated($ignoreSession = false)
{
if ($this->user === null && ! $ignoreSession) {
$this->authenticateFromSession();
}
return is_object($this->user);
}
public function setAuthenticated(User $user, $persist = true) public function setAuthenticated(User $user, $persist = true)
{ {
$username = $user->getUsername(); $username = $user->getUsername();
@ -131,58 +149,14 @@ class Auth
} }
/** /**
* Writes the current user to the session * Getter for groups belonged to authenticated user
*
* @return array
* @see User::getGroups
*/ */
public function persistCurrentUser() public function getGroups()
{ {
Session::getSession()->set('user', $this->user)->refreshId(); return $this->user->getGroups();
}
/**
* Try to authenticate the user with the current session
*
* Authentication for externally-authenticated users will be revoked if the username changed or external
* authentication is no longer in effect
*/
public function authenticateFromSession()
{
$this->user = Session::getSession()->get('user');
if ($this->user !== null && $this->user->isExternalUser() === true) {
list($originUsername, $field) = $this->user->getExternalUserInformation();
if (! array_key_exists($field, $_SERVER) || $_SERVER[$field] !== $originUsername) {
$this->removeAuthorization();
}
}
}
/**
* Whether the user is authenticated
*
* @param bool $ignoreSession True to prevent session authentication
*
* @return bool
*/
public function isAuthenticated($ignoreSession = false)
{
if ($this->user === null && ! $ignoreSession) {
$this->authenticateFromSession();
}
return is_object($this->user);
}
/**
* Whether an authenticated user has a given permission
*
* @param string $permission Permission name
*
* @return bool True if the user owns the given permission, false if not or if not authenticated
*/
public function hasPermission($permission)
{
if (! $this->isAuthenticated()) {
return false;
}
return $this->user->can($permission);
} }
/** /**
@ -202,15 +176,6 @@ class Auth
return $this->user->getRestrictions($restriction); return $this->user->getRestrictions($restriction);
} }
/**
* Purges the current authorization information and session
*/
public function removeAuthorization()
{
$this->user = null;
Session::getSession()->purge();
}
/** /**
* Returns the current user or null if no user is authenticated * Returns the current user or null if no user is authenticated
* *
@ -222,13 +187,51 @@ class Auth
} }
/** /**
* Getter for groups belonged to authenticated user * Try to authenticate the user with the current session
* *
* @return array * Authentication for externally-authenticated users will be revoked if the username changed or external
* @see User::getGroups * authentication is no longer in effect
*/ */
public function getGroups() public function authenticateFromSession()
{ {
return $this->user->getGroups(); $this->user = Session::getSession()->get('user');
if ($this->user !== null && $this->user->isExternalUser() === true) {
list($originUsername, $field) = $this->user->getExternalUserInformation();
if (! array_key_exists($field, $_SERVER) || $_SERVER[$field] !== $originUsername) {
$this->removeAuthorization();
}
}
}
/**
* Whether an authenticated user has a given permission
*
* @param string $permission Permission name
*
* @return bool True if the user owns the given permission, false if not or if not authenticated
*/
public function hasPermission($permission)
{
if (! $this->isAuthenticated()) {
return false;
}
return $this->user->can($permission);
}
/**
* Writes the current user to the session
*/
public function persistCurrentUser()
{
Session::getSession()->set('user', $this->user)->refreshId();
}
/**
* Purges the current authorization information and session
*/
public function removeAuthorization()
{
$this->user = null;
Session::getSession()->purge();
} }
} }