update api documentation
This commit is contained in:
Manuel Raynaud
@@ -31,13 +31,15 @@ use Thelia\Core\Security\UserProvider\AdminUserProvider;
|
||||
use Thelia\Core\Security\Authentication\UsernamePasswordFormAuthenticator;
|
||||
use Thelia\Form\AdminLogin;
|
||||
|
||||
class AdminUsernamePasswordFormAuthenticator extends UsernamePasswordFormAuthenticator {
|
||||
|
||||
public function __construct(Request $request, AdminLogin $loginForm) {
|
||||
parent::__construct(
|
||||
$request,
|
||||
$loginForm,
|
||||
new AdminUserProvider()
|
||||
);
|
||||
}
|
||||
class AdminUsernamePasswordFormAuthenticator extends UsernamePasswordFormAuthenticator
|
||||
{
|
||||
public function __construct(Request $request, AdminLogin $loginForm)
|
||||
{
|
||||
parent::__construct(
|
||||
$request,
|
||||
$loginForm,
|
||||
new AdminUserProvider()
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -23,10 +23,11 @@
|
||||
|
||||
namespace Thelia\Core\Security\Authentication;
|
||||
|
||||
interface AuthenticatorInterface {
|
||||
|
||||
/**
|
||||
* Returns a UserInterface instance, authentified using the authenticator specific method
|
||||
*/
|
||||
public function getAuthentifiedUser();
|
||||
interface AuthenticatorInterface
|
||||
{
|
||||
/**
|
||||
* Returns a UserInterface instance, authentified using the authenticator specific method
|
||||
*/
|
||||
public function getAuthentifiedUser();
|
||||
}
|
||||
|
||||
|
||||
@@ -29,16 +29,18 @@ use Thelia\Core\Security\Authentication\UsernamePasswordFormAuthenticator;
|
||||
use Thelia\Form\CustomerLogin;
|
||||
use Thelia\Core\Security\UserProvider\CustomerUserProvider;
|
||||
|
||||
class CustomerUsernamePasswordFormAuthenticator extends UsernamePasswordFormAuthenticator {
|
||||
|
||||
public function __construct(Request $request, CustomerLogin $loginForm) {
|
||||
parent::__construct(
|
||||
$request,
|
||||
$loginForm,
|
||||
new CustomerUserProvider(),
|
||||
array(
|
||||
'username_field_name' => 'email'
|
||||
)
|
||||
);
|
||||
}
|
||||
class CustomerUsernamePasswordFormAuthenticator extends UsernamePasswordFormAuthenticator
|
||||
{
|
||||
public function __construct(Request $request, CustomerLogin $loginForm)
|
||||
{
|
||||
parent::__construct(
|
||||
$request,
|
||||
$loginForm,
|
||||
new CustomerUserProvider(),
|
||||
array(
|
||||
'username_field_name' => 'email'
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -32,64 +32,66 @@ use Thelia\Core\Security\Exception\UsernameNotFoundException;
|
||||
use Symfony\Component\Validator\Exception\ValidatorException;
|
||||
use Thelia\Form\BaseForm;
|
||||
|
||||
class UsernamePasswordFormAuthenticator implements AuthenticatorInterface {
|
||||
class UsernamePasswordFormAuthenticator implements AuthenticatorInterface
|
||||
{
|
||||
protected $request;
|
||||
protected $loginForm;
|
||||
protected $userProvider;
|
||||
protected $options;
|
||||
|
||||
protected $request;
|
||||
protected $loginForm;
|
||||
protected $userProvider;
|
||||
protected $options;
|
||||
protected $baseLoginForm;
|
||||
|
||||
protected $baseLoginForm;
|
||||
public function __construct(Request $request, BaseForm $loginForm, UserProviderInterface $userProvider, array $options = array())
|
||||
{
|
||||
$this->request = $request;
|
||||
$this->baseLoginForm = $loginForm;
|
||||
$this->loginForm = $this->baseLoginForm->getForm();
|
||||
$this->userProvider = $userProvider;
|
||||
|
||||
public function __construct(Request $request, BaseForm $loginForm, UserProviderInterface $userProvider, array $options = array()) {
|
||||
$this->request = $request;
|
||||
$this->baseLoginForm = $loginForm;
|
||||
$this->loginForm = $this->baseLoginForm->getForm();
|
||||
$this->userProvider = $userProvider;
|
||||
$defaults = array(
|
||||
'required_method' => 'POST',
|
||||
'username_field_name' => 'username',
|
||||
'password_field_name' => 'password'
|
||||
);
|
||||
|
||||
$defaults = array(
|
||||
'required_method' => 'POST',
|
||||
'username_field_name' => 'username',
|
||||
'password_field_name' => 'password'
|
||||
);
|
||||
$this->options = array_merge($defaults, $options);
|
||||
|
||||
$this->options = array_merge($defaults, $options);
|
||||
$this->loginForm->bind($this->request);
|
||||
}
|
||||
|
||||
$this->loginForm->bind($this->request);
|
||||
}
|
||||
/**
|
||||
* @return string the username value
|
||||
*/
|
||||
public function getUsername()
|
||||
{
|
||||
return $this->loginForm->get($this->options['username_field_name'])->getData();
|
||||
}
|
||||
|
||||
/**
|
||||
* @return string the username value
|
||||
*/
|
||||
public function getUsername() {
|
||||
return $this->loginForm->get($this->options['username_field_name'])->getData();
|
||||
}
|
||||
/**
|
||||
* @see \Thelia\Core\Security\Authentication\AuthenticatorInterface::getAuthentifiedUser()
|
||||
*/
|
||||
public function getAuthentifiedUser()
|
||||
{
|
||||
if ($this->request->isMethod($this->options['required_method'])) {
|
||||
|
||||
/**
|
||||
* @see \Thelia\Core\Security\Authentication\AuthenticatorInterface::getAuthentifiedUser()
|
||||
*/
|
||||
public function getAuthentifiedUser() {
|
||||
if (! $this->loginForm->isValid()) throw new ValidatorException("Form is not valid.");
|
||||
|
||||
if ($this->request->isMethod($this->options['required_method'])) {
|
||||
// Retreive user
|
||||
$username = $this->getUsername();
|
||||
$password = $this->loginForm->get($this->options['password_field_name'])->getData();
|
||||
|
||||
if (! $this->loginForm->isValid()) throw new ValidatorException("Form is not valid.");
|
||||
$user = $this->userProvider->getUser($username);
|
||||
|
||||
// Retreive user
|
||||
$username = $this->getUsername();
|
||||
$password = $this->loginForm->get($this->options['password_field_name'])->getData();
|
||||
if ($user === null) throw new UsernameNotFoundException(sprintf("Username '%s' was not found.", $username));
|
||||
|
||||
$user = $this->userProvider->getUser($username);
|
||||
// Check user password
|
||||
$authOk = $user->checkPassword($password) === true;
|
||||
|
||||
if ($user === null) throw new UsernameNotFoundException(sprintf("Username '%s' was not found.", $username));
|
||||
if ($authOk !== true) throw new WrongPasswordException(sprintf("Wrong password for user '%s'.", $username));
|
||||
return $user;
|
||||
}
|
||||
|
||||
// Check user password
|
||||
$authOk = $user->checkPassword($password) === true;
|
||||
|
||||
if ($authOk !== true) throw new WrongPasswordException(sprintf("Wrong password for user '%s'.", $username));
|
||||
|
||||
return $user;
|
||||
}
|
||||
|
||||
throw new \RuntimeException("Invalid method.");
|
||||
}
|
||||
throw new \RuntimeException("Invalid method.");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -25,25 +25,27 @@ namespace Thelia\Core\Security\Exception;
|
||||
|
||||
class AuthenticationException extends \Exception
|
||||
{
|
||||
/**
|
||||
* @var string The login template name
|
||||
*/
|
||||
protected $loginTemplate = "login";
|
||||
/**
|
||||
* @var string The login template name
|
||||
*/
|
||||
protected $loginTemplate = "login";
|
||||
|
||||
/**
|
||||
* @return string the login template name
|
||||
*/
|
||||
public function getLoginTemplate() {
|
||||
return $this->loginTemplate;
|
||||
}
|
||||
/**
|
||||
* @return string the login template name
|
||||
*/
|
||||
public function getLoginTemplate()
|
||||
{
|
||||
return $this->loginTemplate;
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the login template name
|
||||
*
|
||||
* @param string $loginPath the login template name
|
||||
*/
|
||||
public function setLoginTemplate($loginTemplate) {
|
||||
$this->loginTemplate = $loginTemplate;
|
||||
}
|
||||
/**
|
||||
* Set the login template name
|
||||
*
|
||||
* @param string $loginPath the login template name
|
||||
*/
|
||||
public function setLoginTemplate($loginTemplate)
|
||||
{
|
||||
$this->loginTemplate = $loginTemplate;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -39,8 +39,9 @@ class Role implements RoleInterface
|
||||
return $this->role;
|
||||
}
|
||||
|
||||
public function __toString() {
|
||||
return $this->role;
|
||||
public function __toString()
|
||||
{
|
||||
return $this->role;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -33,3 +33,4 @@ interface RoleInterface
|
||||
*/
|
||||
public function getRole();
|
||||
}
|
||||
|
||||
|
||||
@@ -23,9 +23,6 @@
|
||||
|
||||
namespace Thelia\Core\Security;
|
||||
|
||||
use Thelia\Core\Security\Authentication\AuthenticationProviderInterface;
|
||||
use Thelia\Core\Security\Exception\AuthenticationTokenNotFoundException;
|
||||
use Thelia\Core\Security\Token\TokenInterface;
|
||||
use Thelia\Core\Security\User\UserInterface;
|
||||
use Thelia\Core\HttpFoundation\Request;
|
||||
|
||||
@@ -34,73 +31,77 @@ use Thelia\Core\HttpFoundation\Request;
|
||||
*
|
||||
* @author Franck Allimant <franck@cqfdev.fr>
|
||||
*/
|
||||
class SecurityContext {
|
||||
class SecurityContext
|
||||
{
|
||||
const CONTEXT_FRONT_OFFICE = 'front';
|
||||
const CONTEXT_BACK_OFFICE = 'admin';
|
||||
|
||||
const CONTEXT_FRONT_OFFICE = 'front';
|
||||
const CONTEXT_BACK_OFFICE = 'admin';
|
||||
private $request;
|
||||
private $context;
|
||||
|
||||
private $request;
|
||||
private $context;
|
||||
public function __construct(Request $request)
|
||||
{
|
||||
$this->request = $request;
|
||||
|
||||
public function __construct(Request $request) {
|
||||
$this->context = null;
|
||||
}
|
||||
|
||||
$this->request = $request;
|
||||
public function setContext($context)
|
||||
{
|
||||
if ($context !== self::CONTEXT_FRONT_OFFICE && $context !== self::CONTEXT_BACK_OFFICE) {
|
||||
throw new \InvalidArgumentException(sprintf("Invalid or empty context identifier '%s'", $context));
|
||||
}
|
||||
|
||||
$this->context = null;
|
||||
}
|
||||
$this->context = $context;
|
||||
|
||||
public function setContext($context) {
|
||||
if ($context !== self::CONTEXT_FRONT_OFFICE && $context !== self::CONTEXT_BACK_OFFICE) {
|
||||
throw new \InvalidArgumentException(sprintf("Invalid or empty context identifier '%s'", $context));
|
||||
}
|
||||
return $this;
|
||||
}
|
||||
|
||||
$this->context = $context;
|
||||
public function getContext($exception_if_context_undefined = false)
|
||||
{
|
||||
if (null === $this->context && $exception_if_context_undefined === true)
|
||||
throw new \LogicException("No context defined. Please use setContext() first.");
|
||||
|
||||
return $this;
|
||||
}
|
||||
return $this->context;
|
||||
}
|
||||
|
||||
public function getContext($exception_if_context_undefined = false) {
|
||||
if (null === $this->context && $exception_if_context_undefined === true)
|
||||
throw new \LogicException("No context defined. Please use setContext() first.");
|
||||
private function getSession()
|
||||
{
|
||||
$session = $this->request->getSession();
|
||||
|
||||
return $this->context;
|
||||
}
|
||||
if ($session === null)
|
||||
throw new \LogicException("No session found.");
|
||||
|
||||
private function getSession() {
|
||||
$session = $this->request->getSession();
|
||||
|
||||
if ($session === null)
|
||||
throw new \LogicException("No session found.");
|
||||
|
||||
return $session;
|
||||
}
|
||||
return $session;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the currently authenticated user in the current context, or null if none is defined
|
||||
*
|
||||
* @return UserInterface|null A UserInterface instance or null if no user is available
|
||||
*/
|
||||
public function getUser() {
|
||||
$context = $this->getContext(true);
|
||||
public function getUser()
|
||||
{
|
||||
$context = $this->getContext(true);
|
||||
|
||||
if ($context === self::CONTEXT_FRONT_OFFICE)
|
||||
$user = $this->getSession()->getCustomerUser();
|
||||
else if ($context == self::CONTEXT_BACK_OFFICE)
|
||||
$user = $this->getSession()->getAdminUser();
|
||||
else
|
||||
$user = null;
|
||||
if ($context === self::CONTEXT_FRONT_OFFICE)
|
||||
$user = $this->getSession()->getCustomerUser();
|
||||
else if ($context == self::CONTEXT_BACK_OFFICE)
|
||||
$user = $this->getSession()->getAdminUser();
|
||||
else
|
||||
$user = null;
|
||||
|
||||
return $user;
|
||||
}
|
||||
return $user;
|
||||
}
|
||||
|
||||
final public function isAuthenticated()
|
||||
{
|
||||
if (null !== $this->getUser()) {
|
||||
return true;
|
||||
}
|
||||
final public function isAuthenticated()
|
||||
{
|
||||
if (null !== $this->getUser()) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if the current user is allowed
|
||||
@@ -111,51 +112,51 @@ class SecurityContext {
|
||||
{
|
||||
if ($this->isAuthenticated() === true) {
|
||||
|
||||
$user = $this->getUser();
|
||||
$user = $this->getUser();
|
||||
|
||||
// Check if user's roles matches required roles
|
||||
$userRoles = $user->getRoles();
|
||||
// Check if user's roles matches required roles
|
||||
$userRoles = $user->getRoles();
|
||||
|
||||
$roleFound = false;
|
||||
$roleFound = false;
|
||||
|
||||
foreach($userRoles as $role) {
|
||||
if (in_array($role, $roles)) {
|
||||
$roleFound = true;
|
||||
foreach ($userRoles as $role) {
|
||||
if (in_array($role, $roles)) {
|
||||
$roleFound = true;
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if ($roleFound) {
|
||||
if ($roleFound) {
|
||||
|
||||
if (empty($permissions)) {
|
||||
return true;
|
||||
}
|
||||
if (empty($permissions)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// Get permissions from profile
|
||||
// $userPermissions = $user->getPermissions();
|
||||
// Get permissions from profile
|
||||
// $userPermissions = $user->getPermissions(); FIXME
|
||||
|
||||
// TODO: Finalize permissions system !;
|
||||
// TODO: Finalize permissions system !;
|
||||
|
||||
$userPermissions = array('*'); // FIXME !
|
||||
$userPermissions = array('*'); // FIXME !
|
||||
|
||||
$permissionsFound = true;
|
||||
$permissionsFound = true;
|
||||
|
||||
// User have all permissions ?
|
||||
if (in_array('*', $userPermissions))
|
||||
return true;
|
||||
// User have all permissions ?
|
||||
if (in_array('*', $userPermissions))
|
||||
return true;
|
||||
|
||||
// Check that user's permissions matches required permissions
|
||||
foreach($permissions as $permission) {
|
||||
if (! in_array($permission, $userPermissions)) {
|
||||
$permissionsFound = false;
|
||||
// Check that user's permissions matches required permissions
|
||||
foreach ($permissions as $permission) {
|
||||
if (! in_array($permission, $userPermissions)) {
|
||||
$permissionsFound = false;
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
return $permissionsFound;
|
||||
}
|
||||
return $permissionsFound;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
@@ -168,25 +169,27 @@ class SecurityContext {
|
||||
*/
|
||||
public function setUser(UserInterface $user)
|
||||
{
|
||||
$context = $this->getContext(true);
|
||||
$context = $this->getContext(true);
|
||||
|
||||
$user->eraseCredentials();
|
||||
$user->eraseCredentials();
|
||||
|
||||
if ($context === self::CONTEXT_FRONT_OFFICE)
|
||||
$this->getSession()->setCustomerUser($user);
|
||||
else if ($context == self::CONTEXT_BACK_OFFICE)
|
||||
$this->getSession()->setAdminUser($user);
|
||||
if ($context === self::CONTEXT_FRONT_OFFICE)
|
||||
$this->getSession()->setCustomerUser($user);
|
||||
else if ($context == self::CONTEXT_BACK_OFFICE)
|
||||
$this->getSession()->setAdminUser($user);
|
||||
}
|
||||
|
||||
/**
|
||||
* Clear the user from the security context
|
||||
*/
|
||||
public function clear() {
|
||||
$context = $this->getContext(true);
|
||||
public function clear()
|
||||
{
|
||||
$context = $this->getContext(true);
|
||||
|
||||
if ($context === self::CONTEXT_FRONT_OFFICE)
|
||||
$this->getSession()->clearCustomerUser();
|
||||
else if ($context == self::CONTEXT_BACK_OFFICE)
|
||||
$this->getSession()->clearAdminUser();
|
||||
if ($context === self::CONTEXT_FRONT_OFFICE)
|
||||
$this->getSession()->clearCustomerUser();
|
||||
else if ($context == self::CONTEXT_BACK_OFFICE)
|
||||
$this->getSession()->clearAdminUser();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -8,8 +8,8 @@ namespace Thelia\Core\Security\User;
|
||||
* @author Franck Allimant <franck@cqfdev.fr>
|
||||
*
|
||||
*/
|
||||
interface UserInterface {
|
||||
|
||||
interface UserInterface
|
||||
{
|
||||
/**
|
||||
* Return the user unique name
|
||||
*/
|
||||
@@ -49,3 +49,4 @@ interface UserInterface {
|
||||
*/
|
||||
public function eraseCredentials();
|
||||
}
|
||||
|
||||
|
||||
@@ -4,10 +4,10 @@ namespace Thelia\Core\Security\UserProvider;
|
||||
use Thelia\Model\Admin;
|
||||
use Thelia\Model\AdminQuery;
|
||||
|
||||
class AdminUserProvider implements UserProviderInterface {
|
||||
|
||||
public function getUser($key) {
|
||||
|
||||
class AdminUserProvider implements UserProviderInterface
|
||||
{
|
||||
public function getUser($key)
|
||||
{
|
||||
$admin = AdminQuery::create()
|
||||
->filterByLogin($key)
|
||||
->findOne();
|
||||
@@ -15,3 +15,4 @@ class AdminUserProvider implements UserProviderInterface {
|
||||
return $admin;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -1,13 +1,12 @@
|
||||
<?php
|
||||
namespace Thelia\Core\Security\UserProvider;
|
||||
|
||||
|
||||
use Thelia\Action\Customer;
|
||||
use Thelia\Model\CustomerQuery;
|
||||
class CustomerUserProvider implements UserProviderInterface {
|
||||
|
||||
public function getUser($key) {
|
||||
|
||||
class CustomerUserProvider implements UserProviderInterface
|
||||
{
|
||||
public function getUser($key)
|
||||
{
|
||||
$customer = CustomerQuery::create()
|
||||
->filterByEmail($key)
|
||||
->findOne();
|
||||
@@ -15,3 +14,4 @@ class CustomerUserProvider implements UserProviderInterface {
|
||||
return $customer;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -2,7 +2,8 @@
|
||||
|
||||
namespace Thelia\Core\Security\UserProvider;
|
||||
|
||||
interface UserProviderInterface {
|
||||
interface UserProviderInterface
|
||||
{
|
||||
/**
|
||||
* Returns a UserInterface instance
|
||||
*
|
||||
@@ -11,4 +12,4 @@ interface UserProviderInterface {
|
||||
*/
|
||||
public function getUser($key);
|
||||
}
|
||||
?>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user