TheCoreDev/sterivein
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Introduction du package Thelia Security

Browse Source
This commit is contained in:
franck
2013-07-01 16:50:19 +02:00
parent 5c18e58c8d
commit c10086f6c9
13 changed files with 752 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
core/lib/Thelia/Core/Security/Security/Authentication/AuthenticationProviderInterface.php Normal file
View File

@@ -0,0 +1,60 @@
<?php
/*************************************************************************************/
/* */
/* Thelia */
/* */
/* Copyright (c) OpenStudio */
/* email : info@thelia.net */
/* web : http://www.thelia.net */
/* */
/* This program is free software; you can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 3 of the License */
/* */
/* This program is distributed in the hope that it will be useful, */
/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
/* GNU General Public License for more details. */
/* */
/* You should have received a copy of the GNU General Public License */
/* along with this program. If not, see <http://www.gnu.org/licenses/>. */
/* */
/*************************************************************************************/
namespace Thelia\Core\Security\Authentication;
use Thelia\Core\Security\UserNotFoundException;
use Thelia\Core\Security\IncorrectPasswordException;
/**
* Aunthentication providers are in charge or retrieving users, and check their
* credentials.
*
* @author Franck
*
*/
interface AuthenticationProviderInterface {
/**
* Set the authentication token
*
* @param TokenInterface $token the authentication token
*/
public function setToken(TokenInterface $token);
/**
* Set the authentication token
*
* @param unknown $key
*/
public function supportsToken(TokenInterface $token);
/**
* Authenticate the token
*
*@throws Exception if authentication was not successful
*/
public function authenticate();
}
?>

67
core/lib/Thelia/Core/Security/Security/Authentication/UsernamePasswordAuthenticator.php Normal file
View File

@@ -0,0 +1,67 @@
<?php
/*************************************************************************************/
/* */
/* Thelia */
/* */
/* Copyright (c) OpenStudio */
/* email : info@thelia.net */
/* web : http://www.thelia.net */
/* */
/* This program is free software; you can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 3 of the License */
/* */
/* This program is distributed in the hope that it will be useful, */
/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
/* GNU General Public License for more details. */
/* */
/* You should have received a copy of the GNU General Public License */
/* along with this program. If not, see <http://www.gnu.org/licenses/>. */
/* */
/*************************************************************************************/
namespace Thelia\Core\Security\Authentication;
use Thelia\Core\Security\Authentication\AuthenticationProviderInterface;
use Thelia\Core\Security\Encoder\PasswordEncoderInterface;
use Thelia\Core\Security\User\UserProviderInterface;
use Thelia\Security\Token\TokenInterface;
use Thelia\Core\Security\Exception\IncorrectPasswordException;
use Thelia\Core\Security\Token\UsernamePasswordToken;
class UsernamePasswordAuthenticator implements AuthenticationProviderInterface {
protected $userProvider;
protected $encoder;
private $token;
public function __construct(UserProviderInterface $userProvider, PasswordEncoderInterface $encoder) {
$this->userProvider = $userProvider;
$this->encoder = $encoder;
}
public function supportsToken(TokenInterface $token) {
return $token instanceof UsernamePasswordToken;
}
public function authenticate($token) {
if (!$this->supports($token)) {
return null;
}
// Retreive user
$user = $this->userProvider->getUser($this->token->getUsername());
// Check password
$authOk = $this->encoder->isEqual($password, $user->getPassword(), $user->getAlgo(), $user->getSalt()) === true;
$authenticatedToken = new UsernamePasswordToken($user, $token->getCredentials(), $authOk);
return $authenticatedToken;
}
}

52
core/lib/Thelia/Core/Security/Security/Encoder/PasswordEncoderInterface.php Normal file
View File

@@ -0,0 +1,52 @@
<?php
/*************************************************************************************/
/* */
/* Thelia */
/* */
/* Copyright (c) OpenStudio */
/* email : info@thelia.net */
/* web : http://www.thelia.net */
/* */
/* This program is free software; you can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 3 of the License */
/* */
/* This program is distributed in the hope that it will be useful, */
/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
/* GNU General Public License for more details. */
/* */
/* You should have received a copy of the GNU General Public License */
/* along with this program. If not, see <http://www.gnu.org/licenses/>. */
/* */
/*************************************************************************************/
namespace Thelia\Core\Security\Encoder;
/**
* This interface defines a password encoder.
*
* @author Franck Allimant <franck@cqfdev.fr>
*
*/
interface PasswordEncoderInterface {
/**
* Encode a string.
*
* @param string $password the password to encode
* @param string $algorithm the hash() algorithm
* @return string $salt the salt
*/
public function encode($password, $algorithm, $salt);
/**
* Check a string against an encoded password.
*
* @param string $string the string to compare against password
* @param string $password the encoded password
* @param string $algorithm the hash() algorithm
* @return string $salt the salt
*/
public function isEqual($string, $password, $algorithm, $salt);
}

66
core/lib/Thelia/Core/Security/Security/Encoder/PasswordHashEncoder.php Normal file
View File

@@ -0,0 +1,66 @@
<?php
/*************************************************************************************/
/* */
/* Thelia */
/* */
/* Copyright (c) OpenStudio */
/* email : info@thelia.net */
/* web : http://www.thelia.net */
/* */
/* This program is free software; you can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 3 of the License */
/* */
/* This program is distributed in the hope that it will be useful, */
/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
/* GNU General Public License for more details. */
/* */
/* You should have received a copy of the GNU General Public License */
/* along with this program. If not, see <http://www.gnu.org/licenses/>. */
/* */
/*************************************************************************************/
namespace Thelia\Core\Security\Encoder;
/**
* This interface defines a hash based password encoder.
*
* @author Franck Allimant <franck@cqfdev.fr>
*/
class PasswordHashEncoder implements PasswordEncoderInterface {
/**
* {@inheritdoc}
*/
public function encode($password, $algorithm, $salt)
{
if (!in_array($algorithm, hash_algos(), true)) {
throw new \LogicException(sprintf('The algorithm "%s" is not supported.', $algorithm));
}
// Salt the string
$salted = $password.$salt;
// Create the hash
$digest = hash($algorithm, $salted, true);
// "stretch" hash
for ($i = 1; $i < 5000; $i++) {
$digest = hash($algorithm, $digest.$salted, true);
}
return base64_encode($digest);
}
/**
* {@inheritdoc}
*/
public function isEqual($string, $password, $algorithm, $salt)
{
$encoded = $this->encode($password, $algorithm, $salt);
return $encoded == $string;
}
}

28
core/lib/Thelia/Core/Security/Security/Exception/AuthenticationTokenNotFoundException.php Normal file
View File

@@ -0,0 +1,28 @@
<?php
/*************************************************************************************/
/* */
/* Thelia */
/* */
/* Copyright (c) OpenStudio */
/* email : info@thelia.net */
/* web : http://www.thelia.net */
/* */
/* This program is free software; you can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 3 of the License */
/* */
/* This program is distributed in the hope that it will be useful, */
/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
/* GNU General Public License for more details. */
/* */
/* You should have received a copy of the GNU General Public License */
/* along with this program. If not, see <http://www.gnu.org/licenses/>. */
/* */
/*************************************************************************************/
namespace Thelia\Core\Security\Exception;
class AuthenticationTokenNotFoundException extends \Exception
{
}

81
core/lib/Thelia/Core/Security/Security/SecurityManager.php Normal file
View File

@@ -0,0 +1,81 @@
<?php
/*************************************************************************************/
/* */
/* Thelia */
/* */
/* Copyright (c) OpenStudio */
/* email : info@thelia.net */
/* web : http://www.thelia.net */
/* */
/* This program is free software; you can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 3 of the License */
/* */
/* This program is distributed in the hope that it will be useful, */
/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
/* GNU General Public License for more details. */
/* */
/* You should have received a copy of the GNU General Public License */
/* along with this program. If not, see <http://www.gnu.org/licenses/>. */
/* */
/*************************************************************************************/
namespace Thelia\Core\Security;
use Thelia\Core\Security\Authentication\AuthenticationProviderInterface;
use Thelia\Core\Security\Exception\AuthenticationTokenNotFoundException;
/**
* A simple security manager, in charge of authenticating users using various authentication systems.
*
* @author Franck Allimant <franck@cqfdev.fr>
*/
class SecurityManager {
protected $authProvider;
public function __construct(AuthenticationProviderInterface $authProvider) {
$this->authProvider = $authProvider;
}
/**
* Checks if the current token is authenticated
*
* @throws AuthenticationCredentialsNotFoundException when the security context has no authentication token.
*
* @return Boolean
*/
final public function isGranted()
{
if (null === $this->token) {
throw new AuthenticationTokenNotFoundException('The security context contains no authentication token.');
}
if (!$this->token->isAuthenticated()) {
$this->token = $this->authProvider->authenticate($this->token);
}
return $this->token->isAuthenticated();
}
/**
* Gets the currently authenticated token.
*
* @return TokenInterface|null A TokenInterface instance or null if no authentication information is available
*/
public function getToken()
{
return $this->token;
}
/**
* Sets the token.
*
* @param TokenInterface $token A TokenInterface token, or null if no further authentication information should be stored
*/
public function setToken(TokenInterface $token = null)
{
$this->token = $token;
}
}

148
core/lib/Thelia/Core/Security/Security/Token/AbstractToken.php Normal file
View File

@@ -0,0 +1,148 @@
<?php
namespace Thelia\Core\Security\Token;
use Thelia\Core\Security\User\UserInterface;
/**
* Base class for Token instances.
*
* @author Fabien Potencier <fabien@symfony.com>
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
*/
abstract class AbstractToken implements TokenInterface
{
private $user;
private $authenticated;
/**
* Constructor.
*
* @param RoleInterface[] $roles An array of roles
*
* @throws \InvalidArgumentException
*/
public function __construct()
{
$this->authenticated = false;
}
/**
* {@inheritdoc}
*/
public function getUsername()
{
if ($this->user instanceof UserInterface) {
return $this->user->getUsername();
}
return (string) $this->user;
}
public function getUser()
{
return $this->user;
}
/**
* Sets the user in the token.
*
* The user can be a UserInterface instance, or an object implementing
* a __toString method or the username as a regular string.
*
* @param mixed $user The user
* @throws \InvalidArgumentException
*/
public function setUser($user)
{
if (!($user instanceof UserInterface || is_string($user))) {
throw new \InvalidArgumentException('$user must be an instanceof UserInterface, or a primitive string.');
}
if (null === $this->user) {
$changed = false;
} elseif ($this->user instanceof UserInterface) {
if (!$user instanceof UserInterface) {
$changed = true;
} else {
$changed = $this->hasUserChanged($user);
}
} elseif ($user instanceof UserInterface) {
$changed = true;
} else {
$changed = (string) $this->user !== (string) $user;
}
if ($changed) {
$this->setAuthenticated(false);
}
$this->user = $user;
}
/**
* {@inheritdoc}
*/
public function isAuthenticated()
{
return $this->authenticated;
}
/**
* {@inheritdoc}
*/
public function setAuthenticated($authenticated)
{
$this->authenticated = (Boolean) $authenticated;
}
/**
* {@inheritdoc}
*/
public function eraseCredentials()
{
if ($this->getUser() instanceof UserInterface) {
$this->getUser()->eraseCredentials();
}
}
/**
* {@inheritdoc}
*/
public function serialize()
{
return serialize(array($this->user, $this->authenticated));
}
/**
* {@inheritdoc}
*/
public function unserialize($serialized)
{
list($this->user, $this->authenticated) = unserialize($serialized);
}
private function hasUserChanged(UserInterface $user)
{
if (!($this->user instanceof UserInterface)) {
throw new \BadMethodCallException('Method "hasUserChanged" should be called when current user class is instance of "UserInterface".');
}
if ($this->user instanceof EquatableInterface) {
return ! (Boolean) $this->user->isEqualTo($user);
}
if ($this->user->getPassword() !== $user->getPassword()) {
return true;
}
if ($this->user->getSalt() !== $user->getSalt()) {
return true;
}
if ($this->user->getUsername() !== $user->getUsername()) {
return true;
}
return false;
}
}

81
core/lib/Thelia/Core/Security/Security/Token/TokenInterface.php Normal file
View File

@@ -0,0 +1,81 @@
<?php
/*************************************************************************************/
/* */
/* Thelia */
/* */
/* Copyright (c) OpenStudio */
/* email : info@thelia.net */
/* web : http://www.thelia.net */
/* */
/* This program is free software; you can redistribute it and/or modify */
/* it under the terms of the GNU General Public License as published by */
/* the Free Software Foundation; either version 3 of the License */
/* */
/* This program is distributed in the hope that it will be useful, */
/* but WITHOUT ANY WARRANTY; without even the implied warranty of */
/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */
/* GNU General Public License for more details. */
/* */
/* You should have received a copy of the GNU General Public License */
/* along with this program. If not, see <http://www.gnu.org/licenses/>. */
/* */
/*************************************************************************************/
namespace Thelia\Core\Security\Token;
/**
* TokenInterface is the interface for the user authentication information.
*
* Parts borrowed from Symfony Security Framework (Fabien Potencier <fabien@symfony.com> / Johannes M. Schmitt <schmittjoh@gmail.com>)
*/
interface TokenInterface extends \Serializable
{
/**
* Returns the user credentials.
*
* @return mixed The user credentials
*/
public function getCredentials();
/**
* Returns a user representation.
*
* @return mixed either returns an object which implements __toString(), or
* a primitive string is returned.
*/
public function getUser();
/**
* Sets a user instance
*
* @param mixed $user
*/
public function setUser($user);
/**
* Returns the username.
*
* @return string
*/
public function getUsername();
/**
* Returns whether the user is authenticated or not.
*
* @return Boolean true if the token has been authenticated, false otherwise
*/
public function isAuthenticated();
/**
* Sets the authenticated flag.
*
* @param Boolean $isAuthenticated The authenticated flag
*/
public function setAuthenticated($isAuthenticated);
/**
* Removes sensitive information from the token.
*/
public function eraseCredentials();
}

75
core/lib/Thelia/Core/Security/Security/Token/UsernamePasswordToken.php Normal file
View File

@@ -0,0 +1,75 @@
<?php
namespace Thelia\Core\Security\Token;
use Thelia\Core\Security\User\UserInterface;
/**
* UsernamePasswordToken implements a username and password token.
*
* @author Fabien Potencier <fabien@symfony.com>
*/
class UsernamePasswordToken extends AbstractToken
{
private $credentials;
/**
* Constructor.
*
* @param string $user The username (like a nickname, email address, etc.), or a UserInterface instance or an object implementing a __toString method.
* @param string $password The password of the user
*
* @throws \InvalidArgumentException
*/
public function __construct($username, $password, $authenticated = false)
{
$this->setUser($username);
$this->credentials = $password;
parent::setAuthenticated($authenticated);
}
/**
* {@inheritdoc}
*/
public function setAuthenticated($isAuthenticated)
{
if ($isAuthenticated) {
throw new \LogicException('Cannot set this token to trusted after instantiation.');
}
parent::setAuthenticated(false);
}
public function getCredentials()
{
return $this->credentials;
}
/**
* {@inheritdoc}
*/
public function eraseCredentials()
{
parent::eraseCredentials();
$this->credentials = null;
}
/**
* {@inheritdoc}
*/
public function serialize()
{
return serialize(array($this->credentials, $this->providerKey, parent::serialize()));
}
/**
* {@inheritdoc}
*/
public function unserialize($serialized)
{
list($this->credentials, $this->providerKey, $parentStr) = unserialize($serialized);
parent::unserialize($parentStr);
}
}

18
core/lib/Thelia/Core/Security/Security/User/AdminUserProvider.php Normal file
View File

@@ -0,0 +1,18 @@
<?php
use Thelia\Core\Security\User\UserProviderInterface;
use Thelia\Model\Admin;
use Thelia\Core\Security\Encoder\PasswordEncoderInterface;
class AdminUserProvider implements UserProviderInterface {
public function getUser($key) {
$admin = new Admin();
$admin = AdminQuery::create()
->filterByLogin($key)
->findOne();
return $admin;
}
}

20
core/lib/Thelia/Core/Security/Security/User/CustomerUserProvider.php Normal file
View File

@@ -0,0 +1,20 @@
<?php
use Thelia\Core\Security\User\UserProviderInterface;
use Thelia\Model\Customer;
use Thelia\Model\CustomerQuery;
use Thelia\Core\Security\UserNotFoundException;
use Thelia\Core\Security\Encoder\PasswordEncoderInterface;
class CustomerUserProvider implements UserProviderInterface {
public function getUser($key) {
$customer = new Customer();
$customer = CustomerQuery::create()
->filterByEmail($key)
->findOne();
return $customer;
}
}

42
core/lib/Thelia/Core/Security/Security/User/UserInterface.php Normal file
View File

@@ -0,0 +1,42 @@
<?php
namespace Thelia\Core\Security\User;
/**
* This interface should be implemented by user classes
*
* @author Franck Allimant <franck@cqfdev.fr>
*
*/
interface UserInterface {
/**
* Return the user unique name
*/
public function getUsername();
/**
* Return the user encoded password
*/
public function getPassword();
/**
* return the salt used to calculate the user password
*/
public function getSalt();
/**
* return the algorithm used to calculate the user password
*/
public function getAlgo();
/**
* Removes sensitive data from the user.
*
* This is important if, at any given point, sensitive information like
* the plain-text password is stored on this object.
*
* @return void
*/
public function eraseCredentials();
}

14
core/lib/Thelia/Core/Security/Security/User/UserProviderInterface.php Normal file
View File

@@ -0,0 +1,14 @@
<?php
namespace Thelia\Core\Security\User;
interface UserProviderInterface {
/**
* Returns a UserInterface instance
*
* @param $key the unique user key (username, email address, etc.)
* @return a UserInterface instance, or null if none was found.
*/
public function getUser($key);
}
?>