wCMF  3.6
 All Classes Namespaces Files Functions Variables Groups Pages
class.AuthUser.php
Go to the documentation of this file.
1 <?php
2 /**
3  * wCMF - wemove Content Management Framework
4  * Copyright (C) 2005-2014 wemove digital solutions GmbH
5  *
6  * Licensed under the terms of any of the following licenses
7  * at your choice:
8  *
9  * - GNU Lesser General Public License (LGPL)
10  * http://www.gnu.org/licenses/lgpl.html
11  * - Eclipse Public License (EPL)
12  * http://www.eclipse.org/org/documents/epl-v10.php
13  *
14  * See the license.txt file distributed with this work for
15  * additional information.
16  *
17  * $Id: class.AuthUser.php 1462 2014-02-04 23:52:27Z iherwig $
18  */
19 require_once(BASE."wcmf/lib/security/class.User.php");
20 require_once(BASE."wcmf/lib/security/class.UserManager.php");
21 require_once(BASE."wcmf/lib/security/class.RightsManager.php");
22 require_once(BASE."wcmf/lib/core/class.WCMFException.php");
23 require_once(BASE."wcmf/lib/util/class.ObjectFactory.php");
24 require_once(BASE."wcmf/lib/util/class.InifileParser.php");
25 
26 /**
27  * @class AuthUser
28  * @ingroup Security
29  * @brief AuthUser provides a storage and methods for user data used for
30  * authentication/authorization purposes. This class requires php >= 4.1.0
31  *
32  * @author ingo herwig <ingo@wemove.com>
33  */
34 class AuthUser extends User
35 {
36  var $_login_time = "";
37  var $_policies = array();
38  var $_defaulPolicy = true;
39  var $_user = null;
40 
41  /**
42  * Log a user into the application.
43  * @param login The login string of the user
44  * @param password The password string of the user
45  * @param isPasswordEncrypted True/False wether the password is encrypted or not [default: false]
46  * @return True/False whether login succeeded.
47  */
48  function login($login, $password, $isPasswordEncrypted=false)
49  {
50  $parser = &InifileParser::getInstance();
51 
52  // encrypt password if not done already
53  if (!$isPasswordEncrypted)
54  $password = UserManager::encryptPassword($password);
55 
56  // because there is no authorized user already, we propably have to deactivate the
57  // RightsManager for this operation to allow user retrieval from the persistent storage
58  $rightsManager = &RightsManager::getInstance();
59  $isAnonymous = $rightsManager->isAnonymous();
60  if (!$isAnonymous)
61  $rightsManager->deactivate();
62 
63  // try to receive the user with given credentials
64  $persistenceFacade = &PersistenceFacade::getInstance();
65  $userInstance = &$persistenceFacade->create(UserManager::getUserClassName(), BUILDDEPTH_SINGLE);
66  $user = &$userInstance->getUser($login, $password);
67 
68  // check if user exists
69  $loginOk = false;
70  if ($user != null)
71  {
72  // login succeeded, store the user instance
73  $this->_user = &$user->duplicate();
74  $this->setOID($user->getOID());
75 
76  // load user config initially
77  $config = $this->getConfig();
78  if (strlen($config) > 0)
79  {
80  if (!$parser->parseIniFile($GLOBALS['CONFIG_PATH'].$config, true))
81  WCMFException::throwEx($parser->getErrorMsg(), __FILE__, __LINE__);
82  }
83 
84  // add policies
85  if (($policies = $parser->getSection('authorization')) === false)
86  WCMFException::throwEx($parser->getErrorMsg(), __FILE__, __LINE__);
87  else
88  $this->addPolicies($policies);
89 
90  $this->_login_time = strftime("%c", mktime());
91  $loginOk = true;
92  }
93 
94  // reactivate the RightsManager if necessary
95  if (!$isAnonymous)
96  $rightsManager->activate();
97 
98  return $loginOk;
99  }
100 
101  /**
102  * Adds one ore more policies to the policy repository of the user.
103  * @param policies An associative array with the policy information (key=action, value=policy string).
104  * @note A policy string looks like this "+*, -guest, +admin"
105  */
106  function addPolicies($policies)
107  {
108  foreach ($policies AS $key => $value)
109  {
110  if (!isset($this->_policies[$key]))
111  {
112  $parsedPolicies = $this->parsePolicy($value);
113  $this->_policies[$key] = $parsedPolicies;
114  }
115  }
116  }
117 
118  /**
119  * Checks, if the user is authorized for this action.
120  * Returns defaulPolicy if action key is not defined.
121  * @param actionKey An action key string
122  * @return True/False whether authorization succeeded
123  */
124  function authorize($actionKey)
125  {
126  if ($actionKey == '')
127  return $this->_defaulPolicy;
128 
129  if (isset($this->_policies[$actionKey]))
130  return $this->matchRoles($this->_policies[$actionKey]);
131 
132  return $this->_defaulPolicy;
133  }
134 
135  /**
136  * Matches the roles of the user and the roles for a certain key
137  * @param val An array containing policy information as an associative array with the keys ('default', 'allow', 'deny'). Where
138  * 'allow', 'deny' are arrays itselves holding roles. 'allow' overwrites 'deny' overwrites 'default'
139  * @return True/False whether the user has access right according to this policy.
140  */
141  function matchRoles($val)
142  {
143  if (isset($val['allow']))
144  foreach ($val['allow'] as $value)
145  if ($this->hasRole($value))
146  return true;
147 
148  if (isset($val['deny']))
149  foreach ($val['deny'] as $value)
150  if ($this->hasRole($value))
151  return false;
152 
153  return $val['default'];
154  }
155 
156  /**
157  * Parse an policy string and returns an associative array with the keys ('default', 'allow', 'deny'). Where
158  * 'allow', 'deny' are arrays itselves holding roles. 'deny' overwrites 'allow' overwrites 'default'
159  * @param val An role string (+*, +admin, -guest, entries without '+' or '-' prefix default to allow rules).
160  * @return An array containing the policy data as an associative array with the keys 'default', 'allow', 'deny'.
161  */
162  function parsePolicy($val)
163  {
164  $rtn = array();
165 
166  $roles = explode(" ", $val);
167  foreach ($roles as $value)
168  {
169  $value=trim($value);
170  if (strlen($value)==2 && substr($value,1,1) == "*")
171  {
172  if (substr($value,0,1)=="+")
173  $rtn['default'] = true;
174  else if (substr($value,0,1)=="-")
175  $rtn['default'] = false;
176  }
177  else
178  {
179  if (substr($value,0,1)=="+")
180  $rtn['allow'][] = substr($value,1);
181  else if (substr($value,0,1)=="-")
182  $rtn['deny'][] = substr($value,1);
183  else
184  {
185  // entries without '+' or '-' prefix default to allow rules
186  $rtn['allow'][] = $value;
187  }
188  }
189  }
190  return $rtn;
191  }
192 
193  /**
194  * Assign the default policy.
195  * @param val A boolean value.
196  */
197  function setDefaultPolicy($val)
198  {
199  $this->_defaulPolicy = $val;
200  }
201 
202  /**
203  * Get login time of the user.
204  * @return A formatted time string.
205  */
206  function getLoginTime()
207  {
208  return $this->_login_time;
209  }
210 
211  /**
212  * Get a string representation of the user.
213  * @return The string
214  */
215  function toString()
216  {
217  if ($this->_user != null)
218  return $this->_user->toString();
219  return "";
220  }
221 
222  /**
223  * Implementation of abstract base class methods.
224  * Delegates to internal user instance.
225  */
226 
227  /**
228  * Get the type
229  */
230  function getType()
231  {
232  return UserManager::getUserClassName();
233  }
234 
235  /**
236  * @see User::setLogin()
237  */
238  function setLogin($login)
239  {
240  if ($this->_user != null)
241  $this->_user->setLogin($login);
242  }
243 
244  /**
245  * @see User::getLogin()
246  */
247  function getLogin()
248  {
249  if ($this->_user != null)
250  return $this->_user->getLogin();
251  return "";
252  }
253 
254  /**
255  * @see User::setPassword()
256  */
257  function setPassword($password)
258  {
259  if ($this->_user != null)
260  $this->_user->setPassword($password);
261  }
262 
263  /**
264  * @see User::getPassword()
265  */
266  function getPassword()
267  {
268  if ($this->_user != null)
269  return $this->_user->getPassword();
270  return "";
271  }
272 
273  /**
274  * @see User::setName()
275  */
276  function setName($name)
277  {
278  if ($this->_user != null)
279  $this->_user->setName($name);
280  }
281 
282  /**
283  * @see User::getName()
284  */
285  function getName()
286  {
287  if ($this->_user != null)
288  return $this->_user->getName();
289  return "";
290  }
291 
292  /**
293  * @see User::setFirstname()
294  */
295  function setFirstname($firstname)
296  {
297  if ($this->_user != null)
298  $this->_user->setFirstname($firstname);
299  }
300 
301  /**
302  * @see User::getFirstname()
303  */
304  function getFirstname()
305  {
306  if ($this->_user != null)
307  return $this->_user->getFirstname();
308  return "";
309  }
310 
311  /**
312  * @see User::setConfig()
313  */
314  function setConfig($config)
315  {
316  if ($this->_user != null)
317  $this->_user->setConfig($config);
318  }
319 
320  /**
321  * @see User::getConfig()
322  */
323  function getConfig()
324  {
325  // strip path from config name for compatibility with old versions,
326  // where the path was stored
327  if ($this->_user != null)
328  return basename($this->_user->getConfig());
329  return "";
330  }
331 
332  /**
333  * @see User::addRole()
334  */
335  function addRole($rolename)
336  {
337  // not supported by AuthUser
338  }
339 
340  /**
341  * @see User::removeRole()
342  */
343  function removeRole($rolename)
344  {
345  // not supported by AuthUser
346  }
347 
348  /**
349  * @see User::hasRole()
350  */
351  function hasRole($rolename)
352  {
353  if ($this->_user != null)
354  return $this->_user->hasRole($rolename);
355 
356  return false;
357  }
358 
359  /**
360  * @see User::getRoles()
361  */
362  function getRoles()
363  {
364  if ($this->_user != null)
365  return $this->_user->getRoles();
366 
367  return array();
368  }
369 
370  /**
371  * Implementation of the storable interface.
372  */
373 
374  /**
375  * @see Storable::getClassDefinitionFiles()
376  */
377  function getClassDefinitionFiles()
378  {
379  $parser = &InifileParser::getInstance();
380  $objectFactory = &ObjectFactory::getInstance();
381 
382  if (($userClassName = $parser->getValue('User', 'implementation')) === false)
383  WCMFException::throwEx($parser->getErrorMsg());
384  $userClassFile = $objectFactory->getClassfileFromConfig($userClassName);
385 
386  if (($roleClassName = $parser->getValue('Role', 'implementation')) === false)
387  WCMFException::throwEx($parser->getErrorMsg());
388  $roleClassName = $objectFactory->getClassfileFromConfig($roleClassName);
389 
390  return array(__FILE__, BASE.$userClassFile, BASE.$roleClassName);
391  }
392 
393  /**
394  * @see Storable::loadFromSession()
395  * Load the user object.
396  */
397  function loadFromSession()
398  {
399  }
400 }
401 ?>
AuthUser
AuthUser provides a storage and methods for user data used for authentication/authorization purposes...
Definition: class.AuthUser.php:34
AuthUser\setLogin
setLogin($login)
Definition: class.AuthUser.php:238
AuthUser\hasRole
hasRole($rolename)
Definition: class.AuthUser.php:351
User
Abstract base class for user classes that represent a system user.
Definition: class.User.php:31
AuthUser\addRole
addRole($rolename)
Definition: class.AuthUser.php:335
AuthUser\parsePolicy
parsePolicy($val)
Definition: class.AuthUser.php:162
WCMFException\throwEx
throwEx($message, $file='', $line='')
Definition: class.WCMFException.php:49
AuthUser\getClassDefinitionFiles
getClassDefinitionFiles()
Definition: class.AuthUser.php:377
AuthUser\setName
setName($name)
Definition: class.AuthUser.php:276
AuthUser\addPolicies
addPolicies($policies)
Definition: class.AuthUser.php:106
AuthUser\removeRole
removeRole($rolename)
Definition: class.AuthUser.php:343
AuthUser\setFirstname
setFirstname($firstname)
Definition: class.AuthUser.php:295
UserManager\encryptPassword
encryptPassword($password)
Definition: class.UserManager.php:79
AuthUser\setConfig
setConfig($config)
Definition: class.AuthUser.php:314
AuthUser\authorize
authorize($actionKey)
Definition: class.AuthUser.php:124
AuthUser\setDefaultPolicy
setDefaultPolicy($val)
Definition: class.AuthUser.php:197
AuthUser\matchRoles
matchRoles($val)
Definition: class.AuthUser.php:141
$GLOBALS
$GLOBALS['gJSONData']
Definition: class.JSONFormat.php:29
AuthUser\login
login($login, $password, $isPasswordEncrypted=false)
Definition: class.AuthUser.php:48
BUILDDEPTH_SINGLE
const BUILDDEPTH_SINGLE
Definition: class.NodeXMLDBMapper.php:38
AuthUser\setPassword
setPassword($password)
Definition: class.AuthUser.php:257