Mibew/mibew
1
0
Fork 0
mirror of https://github.com/Mibew/mibew.git synced 2025-03-03 18:38:31 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Rewrite Authentication Manager to keep the current operator within it

Browse Source
This commit is contained in:
Dmitriy Simushev 2014-05-30 10:53:22 +00:00
parent 65a9e7c9e8
commit 1163023062
35 changed files with 507 additions and 215 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
src/mibew/libs/classes/Mibew/AccessControl/Check/AbstractCheck.php Normal file
View File

@ -0,0 +1,58 @@
<?php
/*
* Copyright 2005-2014 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
namespace Mibew\AccessControl\Check;
use Mibew\Authentication\AuthenticationManagerAwareInterface;
use Mibew\Authentication\AuthenticationManagerInterface;
/**
* Abstract check that provide an ability to use Authentication manager.
*/
abstract class AbstractCheck implements AuthenticationManagerAwareInterface
{
/**
* @var AuthenticationManagerInterface|null
*/
protected $authenticationManager = null;
/**
* {@inheritdoc}
*/
public function getAuthenticationManager()
{
return $this->authenticationManager;
}
/**
* {@inheritdoc}
*/
public function setAuthenticationManager(AuthenticationManagerInterface $manager)
{
$this->authenticationManager = $manager;
}
/**
* Returns the current operator.
*
* @return array Operator's data
*/
public function getOperator()
{
return $this->getAuthenticationManager()->getOperator();
}
}

32
src/mibew/libs/classes/Mibew/AccessControl/Check/CheckResolver.php
View File

@ -17,10 +17,28 @@
namespace Mibew\AccessControl\Check; namespace Mibew\AccessControl\Check;
use Mibew\Authentication\AuthenticationManagerAwareInterface;
use Mibew\Authentication\AuthenticationManagerInterface;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Request;
class CheckResolver class CheckResolver
{ {
/**
* @var AuthenticationManagerInterface|null
*/
protected $authenticationManager = null;
/**
* Class contructor.
*
* @param AuthenticationManagerInterface $manager An instance of
* authentication manager.
*/
public function __construct(AuthenticationManagerInterface $manager)
{
$this->authenticationManager = $manager;
}
/** /**
* Resolves access check callable by request. * Resolves access check callable by request.
* *
@ -43,7 +61,12 @@ class CheckResolver
// directly // directly
if (strpos($access_check, ':') === false) { if (strpos($access_check, ':') === false) {
if (method_exists($access_check, '__invoke')) { if (method_exists($access_check, '__invoke')) {
return new $access_check(); $object = new $access_check();
if ($object instanceof AuthenticationManagerAwareInterface) {
$object->setAuthenticationManager($this->authenticationManager);
}
return $object;
} elseif (function_exists($access_check)) { } elseif (function_exists($access_check)) {
return $access_check; return $access_check;
} else { } else {
@ -90,6 +113,11 @@ class CheckResolver
throw new \InvalidArgumentException(sprintf('Class "%s" does not exist.', $class)); throw new \InvalidArgumentException(sprintf('Class "%s" does not exist.', $class));
} }
return array(new $class(), $method); $object = new $class();
if ($object instanceof AuthenticationManagerAwareInterface) {
$object->setAuthenticationManager($this->authenticationManager);
}
return array($object, $method);
} }
} }

4
src/mibew/libs/classes/Mibew/AccessControl/Check/LoggedInCheck.php
View File

@ -22,10 +22,10 @@ use Symfony\Component\HttpFoundation\Request;
/** /**
* Checks if operator from the request is logged in. * Checks if operator from the request is logged in.
*/ */
class LoggedInCheck class LoggedInCheck extends AbstractCheck
{ {
public function __invoke(Request $request) public function __invoke(Request $request)
{ {
return (bool)$request->attributes->get('_operator'); return (bool)$this->getOperator();
} }
} }

2
src/mibew/libs/classes/Mibew/AccessControl/Check/OperatorEditCheck.php
View File

@ -39,7 +39,7 @@ class OperatorEditCheck extends LoggedInCheck
return false; return false;
} }
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$target_operator_id = $request->attributes->getInt('operator_id', false); $target_operator_id = $request->attributes->getInt('operator_id', false);
return is_capable(CAN_ADMINISTRATE, $operator) return is_capable(CAN_ADMINISTRATE, $operator)

2
src/mibew/libs/classes/Mibew/AccessControl/Check/OperatorViewCheck.php
View File

@ -39,7 +39,7 @@ class OperatorViewCheck extends LoggedInCheck
return false; return false;
} }
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$target_operator_id = $request->attributes->getInt('operator_id', false); $target_operator_id = $request->attributes->getInt('operator_id', false);
return is_capable(CAN_ADMINISTRATE, $operator) return is_capable(CAN_ADMINISTRATE, $operator)

2
src/mibew/libs/classes/Mibew/AccessControl/Check/PermissionsCheck.php
View File

@ -51,7 +51,7 @@ class PermissionsCheck extends LoggedInCheck
return false; return false;
} }
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$permissions = $request->attributes->get('_access_permissions', array()); $permissions = $request->attributes->get('_access_permissions', array());
foreach ($permissions as $permission) { foreach ($permissions as $permission) {
if (!is_capable($this->resolvePermission($permission), $operator)) { if (!is_capable($this->resolvePermission($permission), $operator)) {

21
src/mibew/libs/classes/Mibew/Application.php
View File

@ -74,9 +74,12 @@ class Application
{ {
$this->fileLocator = new FileLocator(array(MIBEW_FS_ROOT)); $this->fileLocator = new FileLocator(array(MIBEW_FS_ROOT));
$this->router = new Router(new RouteCollectionLoader($this->fileLocator)); $this->router = new Router(new RouteCollectionLoader($this->fileLocator));
$this->controllerResolver = new ControllerResolver($this->router);
$this->accessCheckResolver = new CheckResolver();
$this->authenticationManager = new AuthenticationManager(); $this->authenticationManager = new AuthenticationManager();
$this->controllerResolver = new ControllerResolver(
$this->router,
$this->authenticationManager
);
$this->accessCheckResolver = new CheckResolver($this->authenticationManager);
} }
/** /**
@ -95,6 +98,7 @@ class Application
// Actualize cookie factory in the authentication manager. // Actualize cookie factory in the authentication manager.
$cookie_factory = CookieFactory::fromRequest($request); $cookie_factory = CookieFactory::fromRequest($request);
$this->authenticationManager->setCookieFactory($cookie_factory); $this->authenticationManager->setCookieFactory($cookie_factory);
$this->authenticationManager->setOperatorFromRequest($request);
try { try {
// Try to match a route, check if the client can access it and add // Try to match a route, check if the client can access it and add
@ -102,10 +106,6 @@ class Application
try { try {
$parameters = $this->router->matchRequest($request); $parameters = $this->router->matchRequest($request);
$request->attributes->add($parameters); $request->attributes->add($parameters);
$request->attributes->set(
'_operator',
$this->authenticationManager->extractOperator($request)
);
// Check if the user can access the page // Check if the user can access the page
$access_check = $this->accessCheckResolver->getCheck($request); $access_check = $this->accessCheckResolver->getCheck($request);
@ -145,10 +145,9 @@ class Application
$response = new Response((string)$response); $response = new Response((string)$response);
} }
// Get modified operator from the request and attach authentication info // Attach operator's authentication info to the response to distinguish
// to the response to distinguish him in the next requests. // him in the next requests.
$operator = $request->attributes->get('_operator'); $this->authenticationManager->attachOperatorToResponse($response);
$this->authenticationManager->attachOperator($response, $operator);
return $response; return $response;
} }
@ -182,7 +181,7 @@ class Application
return $args['response']; return $args['response'];
} }
if ($request->attributes->get('_operator')) { if ($this->authenticationManager->getOperator()) {
// If the operator already logged in, display 403 page. // If the operator already logged in, display 403 page.
return new Response('Forbidden', 403); return new Response('Forbidden', 403);
} }

319
src/mibew/libs/classes/Mibew/Authentication/AuthenticationManager.php
View File

@ -25,136 +25,37 @@ use Symfony\Component\HttpFoundation\Response;
/** /**
* Controls operator's authentication. * Controls operator's authentication.
*/ */
class AuthenticationManager class AuthenticationManager implements AuthenticationManagerInterface
{ {
/**
* Indicates if the operator is logged in.
* @var boolean
*/
protected $loggedIn = false;
/**
* Indicates if the operator should be remembered after login.
* @var boolean
*/
protected $remember = false;
/**
* Indicates if the current operator is logged out.
* @var boolean
*/
protected $loggedOut = false;
/**
* The current operator.
* @var array|null
*/
protected $operator = null;
/** /**
* @var CookieFactory|null * @var CookieFactory|null
*/ */
protected $cookieFactory = null; protected $cookieFactory = null;
/**
* Extracts operator's data from the passed in request object.
*
* Triggers 'operatorAuthenticate' event if operator is not authenticated by
* the system and pass to it an associative array with following items:
* - 'operator': if a plugin has extracted operator from the request it
* should set operator's data to this field.
* - 'request': {@link Request}, incoming request. Can be used by a plugin
* to extract an operator.
*
* @param Request $request A request to extract operator from.
* @return array|bool Associative array with operator's data or boolean
* false if there is no operator related with the request.
*/
public function extractOperator(Request $request)
{
// Try to get operator from session.
if (isset($_SESSION[SESSION_PREFIX . 'operator'])) {
return $_SESSION[SESSION_PREFIX . 'operator'];
}
// Check if operator had used "remember me" feature.
if ($request->cookies->has(REMEMBER_OPERATOR_COOKIE_NAME)) {
$cookie_value = $request->cookies->get(REMEMBER_OPERATOR_COOKIE_NAME);
list($login, $pwd) = preg_split('/\x0/', base64_decode($cookie_value), 2);
$op = operator_by_login($login);
$can_login = $op
&& isset($pwd)
&& isset($op['vcpassword'])
&& calculate_password_hash($op['vclogin'], $op['vcpassword']) == $pwd
&& !operator_is_disabled($op);
if ($can_login) {
$_SESSION[SESSION_PREFIX . 'operator'] = $op;
return $op;
}
}
// Provide an ability for plugins to authenticate operator
$args = array(
'operator' => false,
'request' => $request,
);
$dispatcher = EventDispatcher::getInstance();
$dispatcher->triggerEvent('operatorAuthenticate', $args);
if (!empty($args['operator'])) {
$_SESSION[SESSION_PREFIX . 'operator'] = $args['operator'];
return $args['operator'];
}
// Operator's data cannot be extracted from the request.
return false;
}
/**
* Attaches operator's token to the response, thus is can be used to extract
* operator in the next request.
*
* @param Response $response The response object which will be sent to the
* client.
* @param array $operator Operator's data.
* @return Response Updated response.
*/
public function attachOperator(Response $response, $operator)
{
if ($operator) {
// Calculate password hashes for operator in the request and for the
// operator in session. If the hashes are different then operator's
// password or login was changed.
$password_hash = calculate_password_hash(
$operator['vclogin'],
$operator['vcpassword']
);
if (isset($_SESSION[SESSION_PREFIX . 'operator'])) {
$old_operator = $_SESSION[SESSION_PREFIX . 'operator'];
$old_password_hash = calculate_password_hash(
$old_operator['vclogin'],
$old_operator['vcpassword']
);
$credentials_changed = $password_hash != $old_password_hash;
} else {
$credentials_changed = false;
}
// Check if we need to remember the operator
if (isset($operator['remember_me'])) {
$remember = $operator['remember_me'];
unset($operator['remember_me']);
} else {
$remember = false;
}
// Update operator in the session
$_SESSION[SESSION_PREFIX . 'operator'] = $operator;
// Set or update remember me cookie if needed
if ($remember || $credentials_changed) {
$remember_cookie = $this->getCookieFactory()->createCookie(
REMEMBER_OPERATOR_COOKIE_NAME,
base64_encode($operator['vclogin'] . "\x0" . $password_hash),
time() + 60 * 60 * 24 * 1000,
true
);
$response->headers->setCookie($remember_cookie);
}
} else {
// Clean up session data
unset($_SESSION[SESSION_PREFIX . 'operator']);
unset($_SESSION['backpath']);
// Clear remember cookie
$cookie_factory = $this->getCookieFactory();
$response->headers->clearCookie(
REMEMBER_OPERATOR_COOKIE_NAME,
$cookie_factory->getPath(),
$cookie_factory->getDomain()
);
}
}
/** /**
* Updates instance of cookie factory related with the manager. * Updates instance of cookie factory related with the manager.
* *
@ -178,4 +79,174 @@ class AuthenticationManager
return $this->cookieFactory; return $this->cookieFactory;
} }
/**
* {@inheritdoc}
*
* Triggers 'operatorAuthenticate' event if operator is not authenticated by
* the system and pass to it an associative array with following items:
* - 'operator': if a plugin has extracted operator from the request it
* should set operator's data to this field.
* - 'request': {@link Request}, incoming request. Can be used by a plugin
* to extract an operator.
*/
public function setOperatorFromRequest(Request $request)
{
// Try to get operator from session.
if (isset($_SESSION[SESSION_PREFIX . 'operator'])) {
$this->operator = $_SESSION[SESSION_PREFIX . 'operator'];
return true;
}
// Check if operator had used "remember me" feature.
if ($request->cookies->has(REMEMBER_OPERATOR_COOKIE_NAME)) {
$cookie_value = $request->cookies->get(REMEMBER_OPERATOR_COOKIE_NAME);
list($login, $pwd) = preg_split('/\x0/', base64_decode($cookie_value), 2);
$op = operator_by_login($login);
$can_login = $op
&& isset($pwd)
&& isset($op['vcpassword'])
&& calculate_password_hash($op['vclogin'], $op['vcpassword']) == $pwd
&& !operator_is_disabled($op);
if ($can_login) {
// Cache operator in the session data
$_SESSION[SESSION_PREFIX . 'operator'] = $op;
$this->operator = $op;
return true;
}
}
// Provide an ability for plugins to authenticate operator
$args = array(
'operator' => false,
'request' => $request,
);
$dispatcher = EventDispatcher::getInstance();
$dispatcher->triggerEvent('operatorAuthenticate', $args);
if (!empty($args['operator'])) {
// Cache operator in the session
$_SESSION[SESSION_PREFIX . 'operator'] = $args['operator'];
$this->operator = $args['operator'];
return true;
}
// Operator's data cannot be extracted from the request.
return false;
}
/**
* {@inheritdoc}
*/
public function attachOperatorToResponse(Response $response)
{
if ($this->loggedOut) {
// An operator is logged out. Clean up session data.
unset($_SESSION[SESSION_PREFIX . 'operator']);
unset($_SESSION['backpath']);
// Clear remember cookie.
$cookie_factory = $this->getCookieFactory();
$response->headers->clearCookie(
REMEMBER_OPERATOR_COOKIE_NAME,
$cookie_factory->getPath(),
$cookie_factory->getDomain()
);
} elseif ($this->loggedIn) {
// An operator is logged in. Update operator in the session.
$_SESSION[SESSION_PREFIX . 'operator'] = $this->operator;
// Set remember me cookie if needed
if ($this->remember) {
$password_hash = calculate_password_hash(
$this->operator['vclogin'],
$this->operator['vcpassword']
);
$remember_cookie = $this->getCookieFactory()->createCookie(
REMEMBER_OPERATOR_COOKIE_NAME,
base64_encode($this->operator['vclogin'] . "\x0" . $password_hash),
time() + 60 * 60 * 24 * 1000,
true
);
$response->headers->setCookie($remember_cookie);
}
} elseif ($this->operator) {
// Update the current operator.
$_SESSION[SESSION_PREFIX . 'operator'] = $this->operator;
}
}
/**
* {@inheritdoc}
*/
public function getOperator()
{
return $this->operator;
}
/**
* {@inheritdoc}
*/
public function setOperator($operator)
{
$operator_updated = $operator
&& $this->operator
&& ($this->operator['operatorid'] == $operator['operatorid']);
if (!$operator_updated) {
// If the current operator is changed (not updated) we should
// reset all login/logout flags.
$this->loggedIn = false;
$this->loggedOut = false;
$this->remember = false;
}
// Update the current operator
$this->operator = $operator;
}
/**
* {@inheritdoc}
*
* Triggers 'operatorLogin' event after operator logged in and pass to it an
* associative array with following items:
* - 'operator': array of the logged in operator info;
* - 'remember': boolean, indicates if system should remember operator.
*/
public function loginOperator($operator, $remember)
{
$this->loggedIn = true;
$this->remember = $remember;
$this->loggedOut = false;
$this->operator = $operator;
// Trigger login event
$args = array(
'operator' => $operator,
'remember' => $remember,
);
$dispatcher = EventDispatcher::getInstance();
$dispatcher->triggerEvent('operatorLogin', $args);
}
/**
* {@inheritdoc}
*
* Triggers 'operatorLogout' event after operator logged out.
*/
public function logoutOperator()
{
$this->loggedOut = true;
$this->loggedIn = false;
$this->remember = false;
$this->operator = null;
// Trigger logout event
$dispatcher = EventDispatcher::getInstance();
$dispatcher->triggerEvent('operatorLogout');
}
} }

39
src/mibew/libs/classes/Mibew/Authentication/AuthenticationManagerAwareInterface.php Normal file
View File

@ -0,0 +1,39 @@
<?php
/*
* Copyright 2005-2014 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
namespace Mibew\Authentication;
/**
* Interface for all classes that knows about authentication manager.
*/
interface AuthenticationManagerAwareInterface
{
/**
* Sets internal instance of authentication manager.
*
* @param AuthenticationManagerInterface $manager An authentication manager
* instance.
*/
public function setAuthenticationManager(AuthenticationManagerInterface $manager);
/**
* Gets authentication manager instance.
*
* @returns AuthenticationManagerInterface
*/
public function getAuthenticationManager();
}

71
src/mibew/libs/classes/Mibew/Authentication/AuthenticationManagerInterface.php Normal file
View File

@ -0,0 +1,71 @@
<?php
/*
* Copyright 2005-2014 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
namespace Mibew\Authentication;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
/**
* Base interface for all authentication managers.
*/
interface AuthenticationManagerInterface
{
/**
* Set the current operator using request to extract him.
*
* @param Request $request Incoming request.
* @return boolean true if an operator was extracted from the request and
* false otherwise.
*/
public function setOperatorFromRequest(Request $request);
/**
* Attaches some data to the response that are needed to identify operator
* in the next requests.
*
* @param Response $response A response which will be returned to the client.
*/
public function attachOperatorToResponse(Response $response);
/**
* Returns the current operator.
*
* @return array Operator's data
*/
public function getOperator();
/**
* Sets the current operator.
*
* @param array $operator The current operator's data.
*/
public function setOperator($operator);
/**
* Login specified operator into the system and use him as the current
* operator.
*
* @param array $operator An operator to login.
*/
public function loginOperator($operator, $remember);
/**
* Logout the current operator from the system.
*/
public function logoutOperator();
}

35
src/mibew/libs/classes/Mibew/Controller/AbstractController.php
View File

@ -17,6 +17,8 @@
namespace Mibew\Controller; namespace Mibew\Controller;
use Mibew\Authentication\AuthenticationManagerAwareInterface;
use Mibew\Authentication\AuthenticationManagerInterface;
use Mibew\Routing\Router; use Mibew\Routing\Router;
use Mibew\Routing\RouterAwareInterface; use Mibew\Routing\RouterAwareInterface;
use Mibew\Style\StyleInterface; use Mibew\Style\StyleInterface;
@ -27,13 +29,18 @@ use Symfony\Component\HttpFoundation\RedirectResponse;
/** /**
* A base class for all controllers. * A base class for all controllers.
*/ */
abstract class AbstractController implements RouterAwareInterface abstract class AbstractController implements RouterAwareInterface, AuthenticationManagerAwareInterface
{ {
/** /**
* @var Router|null * @var Router|null
*/ */
protected $router = null; protected $router = null;
/**
* @var AuthenticationManagerInterface|null
*/
protected $authenticationManager = null;
/** /**
* @var StyleInterface|null * @var StyleInterface|null
*/ */
@ -55,6 +62,22 @@ abstract class AbstractController implements RouterAwareInterface
return $this->router; return $this->router;
} }
/**
* {@inheritdoc}
*/
public function setAuthenticationManager(AuthenticationManagerInterface $manager)
{
$this->authenticationManager = $manager;
}
/**
* {@inheritdoc}
*/
public function getAuthenticationManager()
{
return $this->authenticationManager;
}
/** /**
* Generates a URL from the given parameters. * Generates a URL from the given parameters.
* *
@ -121,4 +144,14 @@ abstract class AbstractController implements RouterAwareInterface
return $this->style; return $this->style;
} }
/**
* Returns the current operator.
*
* @return array Operator's data
*/
public function getOperator()
{
return $this->getAuthenticationManager()->getOperator();
}
} }

6
src/mibew/libs/classes/Mibew/Controller/BanController.php
View File

@ -39,7 +39,7 @@ class BanController extends AbstractController
set_csrf_token(); set_csrf_token();
setlocale(LC_TIME, getstring('time.locale')); setlocale(LC_TIME, getstring('time.locale'));
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$page = array( $page = array(
'errors' => array(), 'errors' => array(),
); );
@ -101,7 +101,7 @@ class BanController extends AbstractController
{ {
set_csrf_token(); set_csrf_token();
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$page = array( $page = array(
'banId' => '', 'banId' => '',
@ -178,7 +178,7 @@ class BanController extends AbstractController
{ {
csrf_check_token($request); csrf_check_token($request);
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$errors = array(); $errors = array();
$page = array( $page = array(

2
src/mibew/libs/classes/Mibew/Controller/ButtonCodeController.php
View File

@ -38,7 +38,7 @@ class ButtonCodeController extends AbstractController
*/ */
public function generateAction(Request $request) public function generateAction(Request $request)
{ {
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$page = array( $page = array(
'errors' => array(), 'errors' => array(),

6
src/mibew/libs/classes/Mibew/Controller/CannedMessageController.php
View File

@ -35,7 +35,7 @@ class CannedMessageController extends AbstractController
{ {
set_csrf_token(); set_csrf_token();
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$page = array( $page = array(
'errors' => array(), 'errors' => array(),
); );
@ -144,7 +144,7 @@ class CannedMessageController extends AbstractController
{ {
set_csrf_token(); set_csrf_token();
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$message_id = $request->attributes->getInt('message_id'); $message_id = $request->attributes->getInt('message_id');
$page = array( $page = array(
// Use errors list stored in the request. We need to do so to have // Use errors list stored in the request. We need to do so to have
@ -204,7 +204,7 @@ class CannedMessageController extends AbstractController
{ {
csrf_check_token($request); csrf_check_token($request);
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$message_id = $request->attributes->getInt('message_id'); $message_id = $request->attributes->getInt('message_id');
$errors = array(); $errors = array();

16
src/mibew/libs/classes/Mibew/Controller/ControllerResolver.php
View File

@ -17,6 +17,8 @@
namespace Mibew\Controller; namespace Mibew\Controller;
use Mibew\Authentication\AuthenticationManagerAwareInterface;
use Mibew\Authentication\AuthenticationManagerInterface;
use Mibew\Routing\RouterAwareInterface; use Mibew\Routing\RouterAwareInterface;
use Symfony\Component\Routing\RouterInterface; use Symfony\Component\Routing\RouterInterface;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Request;
@ -28,14 +30,22 @@ class ControllerResolver
*/ */
protected $router = null; protected $router = null;
/**
* @var AuthenticationManagerInterface|null
*/
protected $authenticationManager = null;
/** /**
* Class constructor. * Class constructor.
* *
* @param RouterInterface $router Router instance. * @param RouterInterface $router Router instance.
* @param AuthenticationManagerInterface $manager Authentication manager
* instance.
*/ */
public function __construct(RouterInterface $router) public function __construct(RouterInterface $router, AuthenticationManagerInterface $manager)
{ {
$this->router = $router; $this->router = $router;
$this->authenticationManager = $manager;
} }
/** /**
@ -95,6 +105,10 @@ class ControllerResolver
$object->setRouter($this->router); $object->setRouter($this->router);
} }
if ($object instanceof AuthenticationManagerAwareInterface) {
$object->setAuthenticationManager($this->authenticationManager);
}
return array($object, $method); return array($object, $method);
} }
} }

2
src/mibew/libs/classes/Mibew/Controller/Group/ManagementController.php
View File

@ -35,7 +35,7 @@ class ManagementController extends AbstractController
{ {
set_csrf_token(); set_csrf_token();
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$page = array( $page = array(
'errors' => array(), 'errors' => array(),
); );

2
src/mibew/libs/classes/Mibew/Controller/Group/MembersController.php
View File

@ -37,7 +37,7 @@ class MembersController extends AbstractController
{ {
set_csrf_token(); set_csrf_token();
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$group_id = $request->attributes->getInt('group_id'); $group_id = $request->attributes->getInt('group_id');
$page = array( $page = array(

2
src/mibew/libs/classes/Mibew/Controller/Group/SettingsController.php
View File

@ -37,7 +37,7 @@ class SettingsController extends AbstractController
{ {
set_csrf_token(); set_csrf_token();
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$group_id = $request->attributes->getInt('group_id'); $group_id = $request->attributes->getInt('group_id');
$page = array( $page = array(

6
src/mibew/libs/classes/Mibew/Controller/HistoryController.php
View File

@ -39,7 +39,7 @@ class HistoryController extends AbstractController
setlocale(LC_TIME, getstring("time.locale")); setlocale(LC_TIME, getstring("time.locale"));
$page = array(); $page = array();
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$query = $request->query->get('q', false); $query = $request->query->get('q', false);
$search_type = $request->query->get('type'); $search_type = $request->query->get('type');
@ -179,7 +179,7 @@ class HistoryController extends AbstractController
{ {
setlocale(LC_TIME, getstring("time.locale")); setlocale(LC_TIME, getstring("time.locale"));
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$page = array(); $page = array();
// Load thread info // Load thread info
@ -218,7 +218,7 @@ class HistoryController extends AbstractController
{ {
setlocale(LC_TIME, getstring("time.locale")); setlocale(LC_TIME, getstring("time.locale"));
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$user_id = $request->attributes->get('user_id', ''); $user_id = $request->attributes->get('user_id', '');
$page = array(); $page = array();

2
src/mibew/libs/classes/Mibew/Controller/InvitationController.php
View File

@ -34,7 +34,7 @@ class InvitationController extends AbstractController
*/ */
public function inviteAction(Request $request) public function inviteAction(Request $request)
{ {
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
// Get visitor ID from the request and check it // Get visitor ID from the request and check it
$visitor_id = $request->query->get('visitor'); $visitor_id = $request->query->get('visitor');

21
src/mibew/libs/classes/Mibew/Controller/LoginController.php
View File

@ -17,7 +17,6 @@
namespace Mibew\Controller; namespace Mibew\Controller;
use Mibew\EventDispatcher;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Request;
/** /**
@ -34,7 +33,7 @@ class LoginController extends AbstractController
public function showFormAction(Request $request) public function showFormAction(Request $request)
{ {
// Check if the operator already logged in // Check if the operator already logged in
if ($request->attributes->get('_operator')) { if ($this->getOperator()) {
// Redirect the operator to home page. // Redirect the operator to home page.
// TODO: Use a route for URI generation. // TODO: Use a route for URI generation.
return $this->redirect($request->getUriForPath('/operator')); return $this->redirect($request->getUriForPath('/operator'));
@ -93,28 +92,14 @@ class LoginController extends AbstractController
&& !operator_is_disabled($operator); && !operator_is_disabled($operator);
if ($operator_can_login) { if ($operator_can_login) {
if ($remember) { // Login the operator to the system
$operator['remember_me'] = true; $this->getAuthenticationManager()->loginOperator($operator, $remember);
}
// Update operator in the request. Doing so we tell the
// Authentication manager that operator should be associated with
// the session.
$request->attributes->set('_operator', $operator);
// Redirect the current operator to the needed page. // Redirect the current operator to the needed page.
$target = isset($_SESSION['backpath']) $target = isset($_SESSION['backpath'])
? $_SESSION['backpath'] ? $_SESSION['backpath']
: $request->getUriForPath('/operator'); : $request->getUriForPath('/operator');
// Trigger login event
$args = array(
'operator' => $operator,
'remember' => $remember,
);
$dispatcher = EventDispatcher::getInstance();
$dispatcher->triggerEvent('operatorLogin', $args);
return $this->redirect($target); return $this->redirect($target);
} else { } else {
if (operator_is_disabled($operator)) { if (operator_is_disabled($operator)) {

10
src/mibew/libs/classes/Mibew/Controller/LogoutController.php
View File

@ -17,7 +17,6 @@
namespace Mibew\Controller; namespace Mibew\Controller;
use Mibew\EventDispatcher;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Request;
/** /**
@ -35,13 +34,8 @@ class LogoutController extends AbstractController
*/ */
public function logoutAction(Request $request) public function logoutAction(Request $request)
{ {
// Detach operator's object from the request. This should tells // Login the operator from the system
// authentication manager that operator session should be closed. $this->getAuthenticationManager()->logoutOperator();
$request->attributes->remove('_operator');
// Trigger logout event
$dispatcher = EventDispatcher::getInstance();
$dispatcher->triggerEvent('operatorLogout');
// Redirect the current operator to the login page. // Redirect the current operator to the login page.
return $this->redirect($this->generateUrl('login')); return $this->redirect($this->generateUrl('login'));

12
src/mibew/libs/classes/Mibew/Controller/Operator/AvatarController.php
View File

@ -38,7 +38,7 @@ class AvatarController extends AbstractController
{ {
set_csrf_token(); set_csrf_token();
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$op_id = $request->attributes->get('operator_id'); $op_id = $request->attributes->get('operator_id');
$page = array( $page = array(
'opid' => $op_id, 'opid' => $op_id,
@ -84,7 +84,7 @@ class AvatarController extends AbstractController
{ {
csrf_check_token($request); csrf_check_token($request);
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$op_id = $request->attributes->getInt('operator_id'); $op_id = $request->attributes->getInt('operator_id');
$errors = array(); $errors = array();
@ -140,11 +140,11 @@ class AvatarController extends AbstractController
// Update path to avatar in the database // Update path to avatar in the database
update_operator_avatar($op['operatorid'], $avatar); update_operator_avatar($op['operatorid'], $avatar);
// Operator's data are cached in the request thus we need to update them // Operator's data are cached in the authentication manager thus we need
// manually. // to update them manually.
if ($avatar && $operator['operatorid'] == $op_id) { if ($avatar && $operator['operatorid'] == $op_id) {
$operator['vcavatar'] = $avatar; $operator['vcavatar'] = $avatar;
$request->attributes->set('_operator', $operator); $this->getAuthenticationManager()->setOperator($operator);
} }
// Redirect the operator to the same page using GET method. // Redirect the operator to the same page using GET method.
@ -168,7 +168,7 @@ class AvatarController extends AbstractController
{ {
csrf_check_token($request); csrf_check_token($request);
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$op_id = $request->attributes->getInt('operator_id'); $op_id = $request->attributes->getInt('operator_id');
// Try to load the target operator. // Try to load the target operator.

4
src/mibew/libs/classes/Mibew/Controller/Operator/GroupsController.php
View File

@ -37,7 +37,7 @@ class GroupsController extends AbstractController
{ {
set_csrf_token(); set_csrf_token();
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$operator_in_isolation = in_isolation($operator); $operator_in_isolation = in_isolation($operator);
$op_id = $request->attributes->getInt('operator_id'); $op_id = $request->attributes->getInt('operator_id');
@ -104,7 +104,7 @@ class GroupsController extends AbstractController
{ {
csrf_check_token($request); csrf_check_token($request);
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$operator_in_isolation = in_isolation($operator); $operator_in_isolation = in_isolation($operator);
$op_id = $request->attributes->getInt('operator_id'); $op_id = $request->attributes->getInt('operator_id');

6
src/mibew/libs/classes/Mibew/Controller/Operator/ManagementController.php
View File

@ -37,7 +37,7 @@ class ManagementController extends AbstractController
set_csrf_token(); set_csrf_token();
setlocale(LC_TIME, getstring('time.locale')); setlocale(LC_TIME, getstring('time.locale'));
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$page = array( $page = array(
// Use errors list stored in the request. We need to do so to have // Use errors list stored in the request. We need to do so to have
// an ability to pass the request from the "submitMembersForm" action. // an ability to pass the request from the "submitMembersForm" action.
@ -104,7 +104,7 @@ class ManagementController extends AbstractController
{ {
csrf_check_token($request); csrf_check_token($request);
$current_operator = $request->attributes->get('_operator'); $current_operator = $this->getOperator();
$operator_id = $request->attributes->getInt('operator_id'); $operator_id = $request->attributes->getInt('operator_id');
$errors = array(); $errors = array();
@ -145,7 +145,7 @@ class ManagementController extends AbstractController
{ {
csrf_check_token($request); csrf_check_token($request);
$current_operator = $request->attributes->get('_operator'); $current_operator = $this->getOperator();
$operator_id = $request->attributes->getInt('operator_id'); $operator_id = $request->attributes->getInt('operator_id');
$errors = array(); $errors = array();

10
src/mibew/libs/classes/Mibew/Controller/Operator/PermissionsController.php
View File

@ -37,7 +37,7 @@ class PermissionsController extends AbstractController
{ {
set_csrf_token(); set_csrf_token();
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$op_id = $request->attributes->get('operator_id'); $op_id = $request->attributes->get('operator_id');
$page = array( $page = array(
@ -94,7 +94,7 @@ class PermissionsController extends AbstractController
{ {
csrf_check_token($request); csrf_check_token($request);
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$op_id = $request->attributes->getInt('operator_id'); $op_id = $request->attributes->getInt('operator_id');
// Check if the target operator exists // Check if the target operator exists
@ -113,13 +113,13 @@ class PermissionsController extends AbstractController
} }
} }
// Update operator's permissions in the database and in cached request // Update operator's permissions in the database and in cached
// data if it is needed. // authentication manager data if it is needed.
update_operator_permissions($op['operatorid'], $new_permissions); update_operator_permissions($op['operatorid'], $new_permissions);
if ($operator['operatorid'] == $op_id) { if ($operator['operatorid'] == $op_id) {
$operator['iperm'] = $new_permissions; $operator['iperm'] = $new_permissions;
$request->attributes->set('_operator', $operator); $this->getAuthenticationManager()->setOperator($operator);
} }
// Redirect the current operator to the same page using GET method. // Redirect the current operator to the same page using GET method.

10
src/mibew/libs/classes/Mibew/Controller/Operator/ProfileController.php
View File

@ -37,7 +37,7 @@ class ProfileController extends AbstractController
{ {
set_csrf_token(); set_csrf_token();
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$page = array( $page = array(
'opid' => false, 'opid' => false,
// Use errors list stored in the request. We need to do so to have // Use errors list stored in the request. We need to do so to have
@ -116,7 +116,7 @@ class ProfileController extends AbstractController
csrf_check_token($request); csrf_check_token($request);
$errors = array(); $errors = array();
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$op_id = $request->attributes->getInt('operator_id'); $op_id = $request->attributes->getInt('operator_id');
if (is_capable(CAN_ADMINISTRATE, $operator)) { if (is_capable(CAN_ADMINISTRATE, $operator)) {
@ -206,15 +206,15 @@ class ProfileController extends AbstractController
// Update existing operator // Update existing operator
update_operator($op_id, $login, $email, $password, $local_name, $common_name, $code); update_operator($op_id, $login, $email, $password, $local_name, $common_name, $code);
// Operator data are cached in the request, thus we need to manually // Operator data are cached in the authentication manager, thus we need
// update them. // to manually update them.
if (!empty($password) && $op_id == $operator['operatorid']) { if (!empty($password) && $op_id == $operator['operatorid']) {
// Check if the admin has set his password for the first time. // Check if the admin has set his password for the first time.
$to_dashboard = check_password_hash($login, '', $operator['vcpassword']) && $password != ''; $to_dashboard = check_password_hash($login, '', $operator['vcpassword']) && $password != '';
// Update operator's password. // Update operator's password.
$operator['vcpassword'] = calculate_password_hash($login, $password); $operator['vcpassword'] = calculate_password_hash($login, $password);
$request->attributes->set('_operator', $operator); $this->getAuthenticationManager()->setOperator($operator);
// Redirect the admin to the home page if needed. // Redirect the admin to the home page if needed.
if ($to_dashboard) { if ($to_dashboard) {

2
src/mibew/libs/classes/Mibew/Controller/PasswordRecoveryController.php
View File

@ -35,7 +35,7 @@ class PasswordRecoveryController extends AbstractController
*/ */
public function indexAction(Request $request) public function indexAction(Request $request)
{ {
if ($request->attributes->get('_operator')) { if ($this->getOperator()) {
// If the operator is logged in just redirect him to the home page. // If the operator is logged in just redirect him to the home page.
return $this->redirect($request->getUriForPath('/operator')); return $this->redirect($request->getUriForPath('/operator'));
} }

2
src/mibew/libs/classes/Mibew/Controller/Settings/CommonController.php
View File

@ -40,7 +40,7 @@ class CommonController extends AbstractController
{ {
set_csrf_token(); set_csrf_token();
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$page = array( $page = array(
'agentId' => '', 'agentId' => '',

2
src/mibew/libs/classes/Mibew/Controller/Settings/FeaturesController.php
View File

@ -36,7 +36,7 @@ class FeaturesController extends AbstractController
{ {
set_csrf_token(); set_csrf_token();
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$page = array( $page = array(
'agentId' => '', 'agentId' => '',
'errors' => array(), 'errors' => array(),

2
src/mibew/libs/classes/Mibew/Controller/Settings/PerformanceController.php
View File

@ -36,7 +36,7 @@ class PerformanceController extends AbstractController
{ {
set_csrf_token(); set_csrf_token();
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$page = array( $page = array(
'agentId' => '', 'agentId' => '',
// Use errors list stored in the request. We need to do so to have // Use errors list stored in the request. We need to do so to have

2
src/mibew/libs/classes/Mibew/Controller/StatisticsController.php
View File

@ -38,7 +38,7 @@ class StatisticsController extends AbstractController
*/ */
public function indexAction(Request $request) public function indexAction(Request $request)
{ {
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$statistics_type = $request->attributes->get('type'); $statistics_type = $request->attributes->get('type');
setlocale(LC_TIME, getstring("time.locale")); setlocale(LC_TIME, getstring("time.locale"));

6
src/mibew/libs/classes/Mibew/Controller/TranslationController.php
View File

@ -32,7 +32,7 @@ class TranslationController extends AbstractController
*/ */
public function indexAction(Request $request) public function indexAction(Request $request)
{ {
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$source = $request->query->get('source'); $source = $request->query->get('source');
if (!preg_match("/^[\w-]{2,5}$/", $source)) { if (!preg_match("/^[\w-]{2,5}$/", $source)) {
@ -150,7 +150,7 @@ class TranslationController extends AbstractController
{ {
set_csrf_token(); set_csrf_token();
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$string_id = $request->attributes->get('string_id'); $string_id = $request->attributes->get('string_id');
$source = $request->query->get('source'); $source = $request->query->get('source');
@ -209,7 +209,7 @@ class TranslationController extends AbstractController
{ {
csrf_check_token($request); csrf_check_token($request);
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$string_id = $request->attributes->get('string_id'); $string_id = $request->attributes->get('string_id');
$errors = array(); $errors = array();

2
src/mibew/libs/classes/Mibew/Controller/UpdatesController.php
View File

@ -32,7 +32,7 @@ class UpdatesController extends AbstractController
*/ */
public function indexAction(Request $request) public function indexAction(Request $request)
{ {
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$default_extensions = array('mysql', 'gd', 'iconv'); $default_extensions = array('mysql', 'gd', 'iconv');
$page = array( $page = array(

2
src/mibew/libs/classes/Mibew/Controller/UsersController.php
View File

@ -35,7 +35,7 @@ class UsersController extends AbstractController
*/ */
public function indexAction(Request $request) public function indexAction(Request $request)
{ {
$operator = $request->attributes->get('_operator'); $operator = $this->getOperator();
$status = $request->query->has('away') ? 1 : 0; $status = $request->query->has('away') ? 1 : 0;
notify_operator_alive($operator['operatorid'], $status); notify_operator_alive($operator['operatorid'], $status);