diff options
Diffstat (limited to 'User')
| -rw-r--r-- | User/AccountChecker.php | 61 | ||||
| -rw-r--r-- | User/AccountCheckerInterface.php | 36 | ||||
| -rw-r--r-- | User/AccountInterface.php | 60 | ||||
| -rw-r--r-- | User/AdvancedAccountInterface.php | 48 | ||||
| -rw-r--r-- | User/InMemoryUserProvider.php | 78 | ||||
| -rw-r--r-- | User/User.php | 124 | ||||
| -rw-r--r-- | User/UserProviderInterface.php | 35 |
7 files changed, 442 insertions, 0 deletions
diff --git a/User/AccountChecker.php b/User/AccountChecker.php new file mode 100644 index 0000000..570f62b --- /dev/null +++ b/User/AccountChecker.php @@ -0,0 +1,61 @@ +<?php + +namespace Symfony\Component\Security\User; + +use Symfony\Component\Security\Exception\CredentialsExpiredException; +use Symfony\Component\Security\Exception\LockedException; +use Symfony\Component\Security\Exception\DisabledException; +use Symfony\Component\Security\Exception\AccountExpiredException; + +/* + * This file is part of the Symfony package. + * + * (c) Fabien Potencier <fabien.potencier@symfony-project.com> + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +/** + * AccountChecker checks the user account flags. + * + * @author Fabien Potencier <fabien.potencier@symfony-project.com> + */ +class AccountChecker implements AccountCheckerInterface +{ + /** + * {@inheritdoc} + */ + public function checkPreAuth(AccountInterface $account) + { + if (!$account instanceof AdvancedAccountInterface) { + return; + } + + if (!$account->isCredentialsNonExpired()) { + throw new CredentialsExpiredException("User credentials have expired.", $account); + } + } + + /** + * {@inheritdoc} + */ + public function checkPostAuth(AccountInterface $account) + { + if (!$account instanceof AdvancedAccountInterface) { + return; + } + + if (!$account->isAccountNonLocked()) { + throw new LockedException("User account is locked.", $account); + } + + if (!$account->isEnabled()) { + throw new DisabledException("User account is disabled.", $account); + } + + if (!$account->isAccountNonExpired()) { + throw new AccountExpiredException("User account has expired.", $account); + } + } +} diff --git a/User/AccountCheckerInterface.php b/User/AccountCheckerInterface.php new file mode 100644 index 0000000..d3cfe0b --- /dev/null +++ b/User/AccountCheckerInterface.php @@ -0,0 +1,36 @@ +<?php + +namespace Symfony\Component\Security\User; + +/* + * This file is part of the Symfony package. + * + * (c) Fabien Potencier <fabien.potencier@symfony-project.com> + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +/** + * AccountCheckerInterface checks user account when authentication occurs. + * + * This should not be used to make authentication decisions. + * + * @author Fabien Potencier <fabien.potencier@symfony-project.com> + */ +interface AccountCheckerInterface +{ + /** + * Checks the user account before authentication. + * + * @param AccountInterface $account An AccountInterface instance + */ + function checkPreAuth(AccountInterface $account); + + /** + * Checks the user account after authentication. + * + * @param AccountInterface $account An AccountInterface instance + */ + function checkPostAuth(AccountInterface $account); +} diff --git a/User/AccountInterface.php b/User/AccountInterface.php new file mode 100644 index 0000000..067366e --- /dev/null +++ b/User/AccountInterface.php @@ -0,0 +1,60 @@ +<?php + +namespace Symfony\Component\Security\User; + +/* + * This file is part of the Symfony package. + * + * (c) Fabien Potencier <fabien.potencier@symfony-project.com> + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +/** + * AccountInterface is the interface that user classes must implement. + * + * @author Fabien Potencier <fabien.potencier@symfony-project.com> + */ +interface AccountInterface +{ + /** + * Returns a string representation of the User. + * + * @return string A string return of the User + */ + function __toString(); + + /** + * Returns the roles granted to the user. + * + * @return Role[] The user roles + */ + function getRoles(); + + /** + * Returns the password used to authenticate the user. + * + * @return string The password + */ + function getPassword(); + + /** + * Returns the salt. + * + * @return string The salt + */ + function getSalt(); + + /** + * Returns the username used to authenticate the user. + * + * @return string The username + */ + function getUsername(); + + /** + * Removes sensitive data from the user. + */ + function eraseCredentials(); +} diff --git a/User/AdvancedAccountInterface.php b/User/AdvancedAccountInterface.php new file mode 100644 index 0000000..7cdd547 --- /dev/null +++ b/User/AdvancedAccountInterface.php @@ -0,0 +1,48 @@ +<?php + +namespace Symfony\Component\Security\User; + +/* + * This file is part of the Symfony package. + * + * (c) Fabien Potencier <fabien.potencier@symfony-project.com> + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +/** + * AdvancedAccountInterface adds status flags to a regular account. + * + * @author Fabien Potencier <fabien.potencier@symfony-project.com> + */ +interface AdvancedAccountInterface extends AccountInterface +{ + /** + * Checks whether the user's account has expired. + * + * @return Boolean true if the user's account is non expired, false otherwise + */ + function isAccountNonExpired(); + + /** + * Checks whether the user is locked. + * + * @return Boolean true if the user is not locked, false otherwise + */ + function isAccountNonLocked(); + + /** + * Checks whether the user's credentials (password) has expired. + * + * @return Boolean true if the user's credentials are non expired, false otherwise + */ + function isCredentialsNonExpired(); + + /** + * Checks whether the user is enabled. + * + * @return Boolean true if the user is enabled, false otherwise + */ + function isEnabled(); +} diff --git a/User/InMemoryUserProvider.php b/User/InMemoryUserProvider.php new file mode 100644 index 0000000..6e1febe --- /dev/null +++ b/User/InMemoryUserProvider.php @@ -0,0 +1,78 @@ +<?php + +namespace Symfony\Component\Security\User; + +use Symfony\Component\Security\Exception\UsernameNotFoundException; +use Symfony\Component\Security\Exception\AccessDeniedException; +use Symfony\Component\Security\Authentication\Token\UsernamePasswordToken; + +/* + * This file is part of the Symfony package. + * + * (c) Fabien Potencier <fabien.potencier@symfony-project.com> + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +/** + * InMemoryUserProvider is a simple non persistent user provider. + * + * Useful for testing, demonstration, prototyping, and for + * simple needs (a backend with a unique admin for instance) + * + * @author Fabien Potencier <fabien.potencier@symfony-project.com> + */ +class InMemoryUserProvider implements UserProviderInterface +{ + protected $users; + + /** + * Constructor. + * + * The user array is hash where the keys are usernames and the values are + * an array of attributes: 'password', 'enabled', and 'roles'. + * + * @param array $users An array of users + */ + public function __construct(array $users = array()) + { + foreach ($users as $username => $attributes) { + $password = isset($attributes['password']) ? $attributes['password'] : null; + $enabled = isset($attributes['enabled']) ? $attributes['enabled'] : true; + $roles = isset($attributes['roles']) ? $attributes['roles'] : array(); + $user = new User($username, $password, $roles, $enabled, true, true, true); + + $this->createUser($user); + } + } + + /** + * Adds a new User to the provider. + * + * @param AccountInterface $user A AccountInterface instance + */ + public function createUser(AccountInterface $user) + { + if (isset($this->users[strtolower($user->getUsername())])) { + throw new \LogicException('Another user with the same username already exist.'); + } + + $this->users[strtolower($user->getUsername())] = $user; + } + + /** + * {@inheritdoc} + */ + public function loadUserByUsername($username) + { + if (!isset($this->users[strtolower($username)])) { + throw new UsernameNotFoundException(sprintf('Username "%s" does not exist.', $username)); + } + + $user = $this->users[strtolower($username)]; + + return new User($user->getUsername(), $user->getPassword(), $user->getRoles(), $user->isEnabled(), $user->isAccountNonExpired(), + $user->isCredentialsNonExpired(), $user->isAccountNonLocked()); + } +} diff --git a/User/User.php b/User/User.php new file mode 100644 index 0000000..39c25fc --- /dev/null +++ b/User/User.php @@ -0,0 +1,124 @@ +<?php + +namespace Symfony\Component\Security\User; + +/* + * This file is part of the Symfony package. + * + * (c) Fabien Potencier <fabien.potencier@symfony-project.com> + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +/** + * User is the user implementation used by the in-memory user provider. + * + * This should not be used for anything else. + * + * @author Fabien Potencier <fabien.potencier@symfony-project.com> + */ +class User implements AdvancedAccountInterface +{ + protected $username; + protected $password; + protected $accountNonExpired; + protected $credentialsNonExpired; + protected $accountNonLocked; + protected $roles; + + public function __construct($username, $password, array $roles = array(), $enabled = true, $accountNonExpired = true, $credentialsNonExpired = true, $accountNonLocked = true) + { + if (empty($username)) { + throw new \InvalidArgumentException('The username cannot be empty.'); + } + + $this->username = $username; + $this->password = $password; + $this->enabled = $enabled; + $this->accountNonExpired = $accountNonExpired; + $this->credentialsNonExpired = $credentialsNonExpired; + $this->accountNonLocked = $accountNonLocked; + $this->roles = $roles; + } + + /** + * {@inheritdoc} + */ + public function __toString() + { + return $this->username; + } + + /** + * {@inheritdoc} + */ + public function getRoles() + { + return $this->roles; + } + + /** + * {@inheritdoc} + */ + public function getPassword() + { + return $this->password; + } + + /** + * {@inheritdoc} + */ + public function getSalt() + { + return null; + } + + /** + * {@inheritdoc} + */ + public function getUsername() + { + return $this->username; + } + + /** + * {@inheritdoc} + */ + public function isAccountNonExpired() + { + return $this->accountNonExpired; + } + + /** + * {@inheritdoc} + */ + public function isAccountNonLocked() + { + return $this->accountNonLocked; + } + + /** + * {@inheritdoc} + */ + public function isCredentialsNonExpired() + { + return $this->credentialsNonExpired; + } + + /** + * {@inheritdoc} + */ + public function isEnabled() + { + return $this->enabled; + } + + /** + * {@inheritdoc} + */ + public function eraseCredentials() + { + $this->password = null; + } +} diff --git a/User/UserProviderInterface.php b/User/UserProviderInterface.php new file mode 100644 index 0000000..0dd12ab --- /dev/null +++ b/User/UserProviderInterface.php @@ -0,0 +1,35 @@ +<?php + +namespace Symfony\Component\Security\User; + +use Symfony\Component\Security\Exception\UsernameNotFoundException; + +/* + * This file is part of the Symfony package. + * + * (c) Fabien Potencier <fabien.potencier@symfony-project.com> + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +/** + * UserProviderInterface is the implementation that all user provider must implement. + * + * @author Fabien Potencier <fabien.potencier@symfony-project.com> + */ +interface UserProviderInterface +{ + /** + * Loads the user for the given username. + * + * This method must throw UsernameNotFoundException if the user is not found. + * + * @param string $username The username + * + * @return AccountInterface A user instance + * + * @throws UsernameNotFoundException if the user is not found + */ + function loadUserByUsername($username); +} |