pictcode / lib / Cake / Controller / Component / Auth / BaseAuthenticate.php @ d510f2df
履歴 | 表示 | アノテート | ダウンロード (7.256 KB)
| 1 |
<?php
|
|---|---|
| 2 |
/**
|
| 3 |
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
|
| 4 |
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
|
| 5 |
*
|
| 6 |
* Licensed under The MIT License
|
| 7 |
* For full copyright and license information, please see the LICENSE.txt
|
| 8 |
* Redistributions of files must retain the above copyright notice.
|
| 9 |
*
|
| 10 |
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
|
| 11 |
* @link http://cakephp.org CakePHP(tm) Project
|
| 12 |
* @license http://www.opensource.org/licenses/mit-license.php MIT License
|
| 13 |
*/
|
| 14 |
|
| 15 |
App::uses('Security', 'Utility'); |
| 16 |
App::uses('Hash', 'Utility'); |
| 17 |
App::uses('CakeEventListener', 'Event'); |
| 18 |
|
| 19 |
/**
|
| 20 |
* Base Authentication class with common methods and properties.
|
| 21 |
*
|
| 22 |
* @package Cake.Controller.Component.Auth
|
| 23 |
*/
|
| 24 |
abstract class BaseAuthenticate implements CakeEventListener { |
| 25 |
|
| 26 |
/**
|
| 27 |
* Settings for this object.
|
| 28 |
*
|
| 29 |
* - `fields` The fields to use to identify a user by.
|
| 30 |
* - `userModel` The model name of the User, defaults to User.
|
| 31 |
* - `userFields` Array of fields to retrieve from User model, null to retrieve all. Defaults to null.
|
| 32 |
* - `scope` Additional conditions to use when looking up and authenticating users,
|
| 33 |
* i.e. `array('User.is_active' => 1).`
|
| 34 |
* - `recursive` The value of the recursive key passed to find(). Defaults to 0.
|
| 35 |
* - `contain` Extra models to contain and store in session.
|
| 36 |
* - `passwordHasher` Password hasher class. Can be a string specifying class name
|
| 37 |
* or an array containing `className` key, any other keys will be passed as
|
| 38 |
* settings to the class. Defaults to 'Simple'.
|
| 39 |
*
|
| 40 |
* @var array
|
| 41 |
*/
|
| 42 |
public $settings = array( |
| 43 |
'fields' => array( |
| 44 |
'username' => 'username', |
| 45 |
'password' => 'password' |
| 46 |
), |
| 47 |
'userModel' => 'User', |
| 48 |
'userFields' => null, |
| 49 |
'scope' => array(), |
| 50 |
'recursive' => 0, |
| 51 |
'contain' => null, |
| 52 |
'passwordHasher' => 'Simple' |
| 53 |
); |
| 54 |
|
| 55 |
/**
|
| 56 |
* A Component collection, used to get more components.
|
| 57 |
*
|
| 58 |
* @var ComponentCollection
|
| 59 |
*/
|
| 60 |
protected $_Collection; |
| 61 |
|
| 62 |
/**
|
| 63 |
* Password hasher instance.
|
| 64 |
*
|
| 65 |
* @var AbstractPasswordHasher
|
| 66 |
*/
|
| 67 |
protected $_passwordHasher; |
| 68 |
|
| 69 |
/**
|
| 70 |
* Implemented events
|
| 71 |
*
|
| 72 |
* @return array of events => callbacks.
|
| 73 |
*/
|
| 74 |
public function implementedEvents() { |
| 75 |
return array(); |
| 76 |
} |
| 77 |
|
| 78 |
/**
|
| 79 |
* Constructor
|
| 80 |
*
|
| 81 |
* @param ComponentCollection $collection The Component collection used on this request.
|
| 82 |
* @param array $settings Array of settings to use.
|
| 83 |
*/
|
| 84 |
public function __construct(ComponentCollection $collection, $settings) { |
| 85 |
$this->_Collection = $collection; |
| 86 |
$this->settings = Hash::merge($this->settings, $settings); |
| 87 |
} |
| 88 |
|
| 89 |
/**
|
| 90 |
* Find a user record using the standard options.
|
| 91 |
*
|
| 92 |
* The $username parameter can be a (string)username or an array containing
|
| 93 |
* conditions for Model::find('first'). If the $password param is not provided
|
| 94 |
* the password field will be present in returned array.
|
| 95 |
*
|
| 96 |
* Input passwords will be hashed even when a user doesn't exist. This
|
| 97 |
* helps mitigate timing attacks that are attempting to find valid usernames.
|
| 98 |
*
|
| 99 |
* @param string|array $username The username/identifier, or an array of find conditions.
|
| 100 |
* @param string $password The password, only used if $username param is string.
|
| 101 |
* @return bool|array Either false on failure, or an array of user data.
|
| 102 |
*/
|
| 103 |
protected function _findUser($username, $password = null) { |
| 104 |
$userModel = $this->settings['userModel']; |
| 105 |
list(, $model) = pluginSplit($userModel); |
| 106 |
$fields = $this->settings['fields']; |
| 107 |
|
| 108 |
if (is_array($username)) { |
| 109 |
$conditions = $username; |
| 110 |
} else {
|
| 111 |
$conditions = array( |
| 112 |
$model . '.' . $fields['username'] => $username |
| 113 |
); |
| 114 |
} |
| 115 |
|
| 116 |
if (!empty($this->settings['scope'])) { |
| 117 |
$conditions = array_merge($conditions, $this->settings['scope']); |
| 118 |
} |
| 119 |
|
| 120 |
$userFields = $this->settings['userFields']; |
| 121 |
if ($password !== null && $userFields !== null) { |
| 122 |
$userFields[] = $model . '.' . $fields['password']; |
| 123 |
} |
| 124 |
|
| 125 |
$result = ClassRegistry::init($userModel)->find('first', array( |
| 126 |
'conditions' => $conditions, |
| 127 |
'recursive' => $this->settings['recursive'], |
| 128 |
'fields' => $userFields, |
| 129 |
'contain' => $this->settings['contain'], |
| 130 |
)); |
| 131 |
if (empty($result[$model])) { |
| 132 |
$this->passwordHasher()->hash($password); |
| 133 |
return false; |
| 134 |
} |
| 135 |
|
| 136 |
$user = $result[$model]; |
| 137 |
if ($password !== null) { |
| 138 |
if (!$this->passwordHasher()->check($password, $user[$fields['password']])) { |
| 139 |
return false; |
| 140 |
} |
| 141 |
unset($user[$fields['password']]); |
| 142 |
} |
| 143 |
|
| 144 |
unset($result[$model]); |
| 145 |
return array_merge($user, $result); |
| 146 |
} |
| 147 |
|
| 148 |
/**
|
| 149 |
* Return password hasher object
|
| 150 |
*
|
| 151 |
* @return AbstractPasswordHasher Password hasher instance
|
| 152 |
* @throws CakeException If password hasher class not found or
|
| 153 |
* it does not extend AbstractPasswordHasher
|
| 154 |
*/
|
| 155 |
public function passwordHasher() { |
| 156 |
if ($this->_passwordHasher) { |
| 157 |
return $this->_passwordHasher; |
| 158 |
} |
| 159 |
|
| 160 |
$config = array(); |
| 161 |
if (is_string($this->settings['passwordHasher'])) { |
| 162 |
$class = $this->settings['passwordHasher']; |
| 163 |
} else {
|
| 164 |
$class = $this->settings['passwordHasher']['className']; |
| 165 |
$config = $this->settings['passwordHasher']; |
| 166 |
unset($config['className']); |
| 167 |
} |
| 168 |
list($plugin, $class) = pluginSplit($class, true); |
| 169 |
$className = $class . 'PasswordHasher'; |
| 170 |
App::uses($className, $plugin . 'Controller/Component/Auth'); |
| 171 |
if (!class_exists($className)) { |
| 172 |
throw new CakeException(__d('cake_dev', 'Password hasher class "%s" was not found.', $class)); |
| 173 |
} |
| 174 |
if (!is_subclass_of($className, 'AbstractPasswordHasher')) { |
| 175 |
throw new CakeException(__d('cake_dev', 'Password hasher must extend AbstractPasswordHasher class.')); |
| 176 |
} |
| 177 |
$this->_passwordHasher = new $className($config); |
| 178 |
return $this->_passwordHasher; |
| 179 |
} |
| 180 |
|
| 181 |
/**
|
| 182 |
* Hash the plain text password so that it matches the hashed/encrypted password
|
| 183 |
* in the datasource.
|
| 184 |
*
|
| 185 |
* @param string $password The plain text password.
|
| 186 |
* @return string The hashed form of the password.
|
| 187 |
* @deprecated 3.0.0 Since 2.4. Use a PasswordHasher class instead.
|
| 188 |
*/
|
| 189 |
protected function _password($password) { |
| 190 |
return Security::hash($password, null, true); |
| 191 |
} |
| 192 |
|
| 193 |
/**
|
| 194 |
* Authenticate a user based on the request information.
|
| 195 |
*
|
| 196 |
* @param CakeRequest $request Request to get authentication information from.
|
| 197 |
* @param CakeResponse $response A response object that can have headers added.
|
| 198 |
* @return mixed Either false on failure, or an array of user data on success.
|
| 199 |
*/
|
| 200 |
abstract public function authenticate(CakeRequest $request, CakeResponse $response); |
| 201 |
|
| 202 |
/**
|
| 203 |
* Allows you to hook into AuthComponent::logout(),
|
| 204 |
* and implement specialized logout behavior.
|
| 205 |
*
|
| 206 |
* All attached authentication objects will have this method
|
| 207 |
* called when a user logs out.
|
| 208 |
*
|
| 209 |
* @param array $user The user about to be logged out.
|
| 210 |
* @return void
|
| 211 |
*/
|
| 212 |
public function logout($user) { |
| 213 |
} |
| 214 |
|
| 215 |
/**
|
| 216 |
* Get a user based on information in the request. Primarily used by stateless authentication
|
| 217 |
* systems like basic and digest auth.
|
| 218 |
*
|
| 219 |
* @param CakeRequest $request Request object.
|
| 220 |
* @return mixed Either false or an array of user information
|
| 221 |
*/
|
| 222 |
public function getUser(CakeRequest $request) { |
| 223 |
return false; |
| 224 |
} |
| 225 |
|
| 226 |
/**
|
| 227 |
* Handle unauthenticated access attempt.
|
| 228 |
*
|
| 229 |
* @param CakeRequest $request A request object.
|
| 230 |
* @param CakeResponse $response A response object.
|
| 231 |
* @return mixed Either true to indicate the unauthenticated request has been
|
| 232 |
* dealt with and no more action is required by AuthComponent or void (default).
|
| 233 |
*/
|
| 234 |
public function unauthenticated(CakeRequest $request, CakeResponse $response) { |
| 235 |
} |
| 236 |
|
| 237 |
} |