pictcode / lib / Cake / Controller / Component / Auth / BaseAuthenticate.php @ 635eef61
履歴 | 表示 | アノテート | ダウンロード (7.256 KB)
1 | 635eef61 | spyder1211 | <?php
|
---|---|---|---|
2 | /**
|
||
3 | * CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
|
||
4 | * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
|
||
5 | *
|
||
6 | * Licensed under The MIT License
|
||
7 | * For full copyright and license information, please see the LICENSE.txt
|
||
8 | * Redistributions of files must retain the above copyright notice.
|
||
9 | *
|
||
10 | * @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
|
||
11 | * @link http://cakephp.org CakePHP(tm) Project
|
||
12 | * @license http://www.opensource.org/licenses/mit-license.php MIT License
|
||
13 | */
|
||
14 | |||
15 | App::uses('Security', 'Utility'); |
||
16 | App::uses('Hash', 'Utility'); |
||
17 | App::uses('CakeEventListener', 'Event'); |
||
18 | |||
19 | /**
|
||
20 | * Base Authentication class with common methods and properties.
|
||
21 | *
|
||
22 | * @package Cake.Controller.Component.Auth
|
||
23 | */
|
||
24 | abstract class BaseAuthenticate implements CakeEventListener { |
||
25 | |||
26 | /**
|
||
27 | * Settings for this object.
|
||
28 | *
|
||
29 | * - `fields` The fields to use to identify a user by.
|
||
30 | * - `userModel` The model name of the User, defaults to User.
|
||
31 | * - `userFields` Array of fields to retrieve from User model, null to retrieve all. Defaults to null.
|
||
32 | * - `scope` Additional conditions to use when looking up and authenticating users,
|
||
33 | * i.e. `array('User.is_active' => 1).`
|
||
34 | * - `recursive` The value of the recursive key passed to find(). Defaults to 0.
|
||
35 | * - `contain` Extra models to contain and store in session.
|
||
36 | * - `passwordHasher` Password hasher class. Can be a string specifying class name
|
||
37 | * or an array containing `className` key, any other keys will be passed as
|
||
38 | * settings to the class. Defaults to 'Simple'.
|
||
39 | *
|
||
40 | * @var array
|
||
41 | */
|
||
42 | public $settings = array( |
||
43 | 'fields' => array( |
||
44 | 'username' => 'username', |
||
45 | 'password' => 'password' |
||
46 | ), |
||
47 | 'userModel' => 'User', |
||
48 | 'userFields' => null, |
||
49 | 'scope' => array(), |
||
50 | 'recursive' => 0, |
||
51 | 'contain' => null, |
||
52 | 'passwordHasher' => 'Simple' |
||
53 | ); |
||
54 | |||
55 | /**
|
||
56 | * A Component collection, used to get more components.
|
||
57 | *
|
||
58 | * @var ComponentCollection
|
||
59 | */
|
||
60 | protected $_Collection; |
||
61 | |||
62 | /**
|
||
63 | * Password hasher instance.
|
||
64 | *
|
||
65 | * @var AbstractPasswordHasher
|
||
66 | */
|
||
67 | protected $_passwordHasher; |
||
68 | |||
69 | /**
|
||
70 | * Implemented events
|
||
71 | *
|
||
72 | * @return array of events => callbacks.
|
||
73 | */
|
||
74 | public function implementedEvents() { |
||
75 | return array(); |
||
76 | } |
||
77 | |||
78 | /**
|
||
79 | * Constructor
|
||
80 | *
|
||
81 | * @param ComponentCollection $collection The Component collection used on this request.
|
||
82 | * @param array $settings Array of settings to use.
|
||
83 | */
|
||
84 | public function __construct(ComponentCollection $collection, $settings) { |
||
85 | $this->_Collection = $collection; |
||
86 | $this->settings = Hash::merge($this->settings, $settings); |
||
87 | } |
||
88 | |||
89 | /**
|
||
90 | * Find a user record using the standard options.
|
||
91 | *
|
||
92 | * The $username parameter can be a (string)username or an array containing
|
||
93 | * conditions for Model::find('first'). If the $password param is not provided
|
||
94 | * the password field will be present in returned array.
|
||
95 | *
|
||
96 | * Input passwords will be hashed even when a user doesn't exist. This
|
||
97 | * helps mitigate timing attacks that are attempting to find valid usernames.
|
||
98 | *
|
||
99 | * @param string|array $username The username/identifier, or an array of find conditions.
|
||
100 | * @param string $password The password, only used if $username param is string.
|
||
101 | * @return bool|array Either false on failure, or an array of user data.
|
||
102 | */
|
||
103 | protected function _findUser($username, $password = null) { |
||
104 | $userModel = $this->settings['userModel']; |
||
105 | list(, $model) = pluginSplit($userModel); |
||
106 | $fields = $this->settings['fields']; |
||
107 | |||
108 | if (is_array($username)) { |
||
109 | $conditions = $username; |
||
110 | } else {
|
||
111 | $conditions = array( |
||
112 | $model . '.' . $fields['username'] => $username |
||
113 | ); |
||
114 | } |
||
115 | |||
116 | if (!empty($this->settings['scope'])) { |
||
117 | $conditions = array_merge($conditions, $this->settings['scope']); |
||
118 | } |
||
119 | |||
120 | $userFields = $this->settings['userFields']; |
||
121 | if ($password !== null && $userFields !== null) { |
||
122 | $userFields[] = $model . '.' . $fields['password']; |
||
123 | } |
||
124 | |||
125 | $result = ClassRegistry::init($userModel)->find('first', array( |
||
126 | 'conditions' => $conditions, |
||
127 | 'recursive' => $this->settings['recursive'], |
||
128 | 'fields' => $userFields, |
||
129 | 'contain' => $this->settings['contain'], |
||
130 | )); |
||
131 | if (empty($result[$model])) { |
||
132 | $this->passwordHasher()->hash($password); |
||
133 | return false; |
||
134 | } |
||
135 | |||
136 | $user = $result[$model]; |
||
137 | if ($password !== null) { |
||
138 | if (!$this->passwordHasher()->check($password, $user[$fields['password']])) { |
||
139 | return false; |
||
140 | } |
||
141 | unset($user[$fields['password']]); |
||
142 | } |
||
143 | |||
144 | unset($result[$model]); |
||
145 | return array_merge($user, $result); |
||
146 | } |
||
147 | |||
148 | /**
|
||
149 | * Return password hasher object
|
||
150 | *
|
||
151 | * @return AbstractPasswordHasher Password hasher instance
|
||
152 | * @throws CakeException If password hasher class not found or
|
||
153 | * it does not extend AbstractPasswordHasher
|
||
154 | */
|
||
155 | public function passwordHasher() { |
||
156 | if ($this->_passwordHasher) { |
||
157 | return $this->_passwordHasher; |
||
158 | } |
||
159 | |||
160 | $config = array(); |
||
161 | if (is_string($this->settings['passwordHasher'])) { |
||
162 | $class = $this->settings['passwordHasher']; |
||
163 | } else {
|
||
164 | $class = $this->settings['passwordHasher']['className']; |
||
165 | $config = $this->settings['passwordHasher']; |
||
166 | unset($config['className']); |
||
167 | } |
||
168 | list($plugin, $class) = pluginSplit($class, true); |
||
169 | $className = $class . 'PasswordHasher'; |
||
170 | App::uses($className, $plugin . 'Controller/Component/Auth'); |
||
171 | if (!class_exists($className)) { |
||
172 | throw new CakeException(__d('cake_dev', 'Password hasher class "%s" was not found.', $class)); |
||
173 | } |
||
174 | if (!is_subclass_of($className, 'AbstractPasswordHasher')) { |
||
175 | throw new CakeException(__d('cake_dev', 'Password hasher must extend AbstractPasswordHasher class.')); |
||
176 | } |
||
177 | $this->_passwordHasher = new $className($config); |
||
178 | return $this->_passwordHasher; |
||
179 | } |
||
180 | |||
181 | /**
|
||
182 | * Hash the plain text password so that it matches the hashed/encrypted password
|
||
183 | * in the datasource.
|
||
184 | *
|
||
185 | * @param string $password The plain text password.
|
||
186 | * @return string The hashed form of the password.
|
||
187 | * @deprecated 3.0.0 Since 2.4. Use a PasswordHasher class instead.
|
||
188 | */
|
||
189 | protected function _password($password) { |
||
190 | return Security::hash($password, null, true); |
||
191 | } |
||
192 | |||
193 | /**
|
||
194 | * Authenticate a user based on the request information.
|
||
195 | *
|
||
196 | * @param CakeRequest $request Request to get authentication information from.
|
||
197 | * @param CakeResponse $response A response object that can have headers added.
|
||
198 | * @return mixed Either false on failure, or an array of user data on success.
|
||
199 | */
|
||
200 | abstract public function authenticate(CakeRequest $request, CakeResponse $response); |
||
201 | |||
202 | /**
|
||
203 | * Allows you to hook into AuthComponent::logout(),
|
||
204 | * and implement specialized logout behavior.
|
||
205 | *
|
||
206 | * All attached authentication objects will have this method
|
||
207 | * called when a user logs out.
|
||
208 | *
|
||
209 | * @param array $user The user about to be logged out.
|
||
210 | * @return void
|
||
211 | */
|
||
212 | public function logout($user) { |
||
213 | } |
||
214 | |||
215 | /**
|
||
216 | * Get a user based on information in the request. Primarily used by stateless authentication
|
||
217 | * systems like basic and digest auth.
|
||
218 | *
|
||
219 | * @param CakeRequest $request Request object.
|
||
220 | * @return mixed Either false or an array of user information
|
||
221 | */
|
||
222 | public function getUser(CakeRequest $request) { |
||
223 | return false; |
||
224 | } |
||
225 | |||
226 | /**
|
||
227 | * Handle unauthenticated access attempt.
|
||
228 | *
|
||
229 | * @param CakeRequest $request A request object.
|
||
230 | * @param CakeResponse $response A response object.
|
||
231 | * @return mixed Either true to indicate the unauthenticated request has been
|
||
232 | * dealt with and no more action is required by AuthComponent or void (default).
|
||
233 | */
|
||
234 | public function unauthenticated(CakeRequest $request, CakeResponse $response) { |
||
235 | } |
||
236 | |||
237 | } |