From a43d46f5f51781b6155b0574d25c248c7954337b Mon Sep 17 00:00:00 2001
From: Dmitriy Simushev <simushevds@ossg.ru>
Date: Thu, 13 Nov 2014 11:19:53 +0000
Subject: [PATCH] Extract SessionAuthenticationManager

---
 .../Authentication/AuthenticationManager.php  |  71 ++-------
 .../SessionAuthenticationManager.php          | 144 ++++++++++++++++++
 2 files changed, 155 insertions(+), 60 deletions(-)
 create mode 100644 src/mibew/libs/classes/Mibew/Authentication/SessionAuthenticationManager.php

diff --git a/src/mibew/libs/classes/Mibew/Authentication/AuthenticationManager.php b/src/mibew/libs/classes/Mibew/Authentication/AuthenticationManager.php
index 06d77d51..e0c533a1 100644
--- a/src/mibew/libs/classes/Mibew/Authentication/AuthenticationManager.php
+++ b/src/mibew/libs/classes/Mibew/Authentication/AuthenticationManager.php
@@ -28,33 +28,17 @@ use Symfony\Component\HttpFoundation\Response;
 
 /**
  * Controls operator's authentication.
+ *
+ * This is the base authentication manager for the system.
  */
-class AuthenticationManager implements AuthenticationManagerInterface, CookieFactoryAwareInterface
+class AuthenticationManager extends SessionAuthenticationManager implements CookieFactoryAwareInterface
 {
-    /**
-     * Indicates if the operator is logged in.
-     * @var boolean
-     */
-    protected $loggedIn = false;
-
     /**
      * Indicates if the operator should be remembered after login.
      * @var boolean
      */
     protected $remember = false;
 
-    /**
-     * Indicates if the current operator is logged out.
-     * @var boolean
-     */
-    protected $loggedOut = false;
-
-    /**
-     * The current operator.
-     * @var array|null
-     */
-    protected $operator = null;
-
     /**
      * @var CookieFactory|null
      */
@@ -89,9 +73,7 @@ class AuthenticationManager implements AuthenticationManagerInterface, CookieFac
     public function setOperatorFromRequest(Request $request)
     {
         // Try to get operator from session.
-        if (isset($_SESSION[SESSION_PREFIX . 'operator'])) {
-            $this->operator = $_SESSION[SESSION_PREFIX . 'operator'];
-
+        if (parent::setOperatorFromRequest($request)) {
             return true;
         }
 
@@ -106,8 +88,6 @@ class AuthenticationManager implements AuthenticationManagerInterface, CookieFac
                 && calculate_password_hash($op['vclogin'], $op['vcpassword']) == $pwd
                 && !operator_is_disabled($op);
             if ($can_login) {
-                // Cache operator in the session data
-                $_SESSION[SESSION_PREFIX . 'operator'] = $op;
                 $this->operator = $op;
 
                 return true;
@@ -123,8 +103,6 @@ class AuthenticationManager implements AuthenticationManagerInterface, CookieFac
         $dispatcher->triggerEvent(Events::OPERATOR_AUTHENTICATE, $args);
 
         if (!empty($args['operator'])) {
-            // Cache operator in the session
-            $_SESSION[SESSION_PREFIX . 'operator'] = $args['operator'];
             $this->operator = $args['operator'];
 
             return true;
@@ -139,11 +117,9 @@ class AuthenticationManager implements AuthenticationManagerInterface, CookieFac
      */
     public function attachOperatorToResponse(Response $response)
     {
-        if ($this->loggedOut) {
-            // An operator is logged out. Clean up session data.
-            unset($_SESSION[SESSION_PREFIX . 'operator']);
-            unset($_SESSION['backpath']);
+        parent::attachOperatorToResponse($response);
 
+        if ($this->loggedOut) {
             // Clear remember cookie.
             $cookie_factory = $this->getCookieFactory();
             $response->headers->clearCookie(
@@ -152,9 +128,6 @@ class AuthenticationManager implements AuthenticationManagerInterface, CookieFac
                 $cookie_factory->getDomain()
             );
         } elseif ($this->loggedIn) {
-            // An operator is logged in. Update operator in the session.
-            $_SESSION[SESSION_PREFIX . 'operator'] = $this->operator;
-
             // Set remember me cookie if needed
             if ($this->remember) {
                 $password_hash = calculate_password_hash(
@@ -170,38 +143,21 @@ class AuthenticationManager implements AuthenticationManagerInterface, CookieFac
 
                 $response->headers->setCookie($remember_cookie);
             }
-        } elseif ($this->operator) {
-            // Update the current operator.
-            $_SESSION[SESSION_PREFIX . 'operator'] = $this->operator;
         }
     }
 
-    /**
-     * {@inheritdoc}
-     */
-    public function getOperator()
-    {
-        return $this->operator;
-    }
-
     /**
      * {@inheritdoc}
      */
     public function setOperator($operator)
     {
-        $operator_updated = $operator
-            && $this->operator
-            && ($this->operator['operatorid'] == $operator['operatorid']);
-        if (!$operator_updated) {
+        if ($this->isOperatorChanged($operator)) {
             // If the current operator is changed (not updated) we should
-            // reset all login/logout flags.
-            $this->loggedIn = false;
-            $this->loggedOut = false;
+            // reset remember flag.
             $this->remember = false;
         }
 
-        // Update the current operator
-        $this->operator = $operator;
+        parent::setOperator($operator);
     }
 
     /**
@@ -211,10 +167,8 @@ class AuthenticationManager implements AuthenticationManagerInterface, CookieFac
      */
     public function loginOperator($operator, $remember)
     {
-        $this->loggedIn = true;
+        parent::loginOperator($operator, $remember);
         $this->remember = $remember;
-        $this->loggedOut = false;
-        $this->operator = $operator;
 
         // Trigger login event
         $args = array(
@@ -232,12 +186,9 @@ class AuthenticationManager implements AuthenticationManagerInterface, CookieFac
      */
     public function logoutOperator()
     {
-        $this->loggedOut = true;
-        $this->loggedIn = false;
+        parent::logoutOperator();
         $this->remember = false;
 
-        $this->operator = null;
-
         // Trigger logout event
         $dispatcher = EventDispatcher::getInstance();
         $dispatcher->triggerEvent(Events::OPERATOR_LOGOUT);
diff --git a/src/mibew/libs/classes/Mibew/Authentication/SessionAuthenticationManager.php b/src/mibew/libs/classes/Mibew/Authentication/SessionAuthenticationManager.php
new file mode 100644
index 00000000..9429cc7e
--- /dev/null
+++ b/src/mibew/libs/classes/Mibew/Authentication/SessionAuthenticationManager.php
@@ -0,0 +1,144 @@
+<?php
+/*
+ * This file is a part of Mibew Messenger.
+ *
+ * Copyright 2005-2014 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+namespace Mibew\Authentication;
+
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+/**
+ * Controls operator's authentication.
+ *
+ * This manager stores operator only within session and does not provide a way
+ * to remember him.
+ */
+class SessionAuthenticationManager implements AuthenticationManagerInterface
+{
+    /**
+     * Indicates if the operator is logged in.
+     * @var boolean
+     */
+    protected $loggedIn = false;
+
+    /**
+     * Indicates if the current operator is logged out.
+     * @var boolean
+     */
+    protected $loggedOut = false;
+
+    /**
+     * The current operator.
+     * @var array|null
+     */
+    protected $operator = null;
+
+    /**
+     * {@inheritdoc}
+     */
+    public function setOperatorFromRequest(Request $request)
+    {
+        // Try to get operator from session.
+        if (isset($_SESSION[SESSION_PREFIX . 'operator'])) {
+            $this->operator = $_SESSION[SESSION_PREFIX . 'operator'];
+
+            return true;
+        }
+
+        // Operator's data cannot be extracted from the request.
+        return false;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function attachOperatorToResponse(Response $response)
+    {
+        if ($this->loggedOut) {
+            // An operator is logged out. Clean up session data.
+            unset($_SESSION[SESSION_PREFIX . 'operator']);
+            unset($_SESSION['backpath']);
+        } elseif ($this->loggedIn) {
+            // An operator is logged in. Update operator in the session.
+            $_SESSION[SESSION_PREFIX . 'operator'] = $this->operator;
+        } elseif ($this->operator) {
+            // Update the current operator.
+            $_SESSION[SESSION_PREFIX . 'operator'] = $this->operator;
+        }
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getOperator()
+    {
+        return $this->operator;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function setOperator($operator)
+    {
+        if ($this->isOperatorChanged($operator)) {
+            // If the current operator is changed (not updated) we should
+            // reset all login/logout flags.
+            $this->loggedIn = false;
+            $this->loggedOut = false;
+        }
+
+        // Update the current operator
+        $this->operator = $operator;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function loginOperator($operator, $remember)
+    {
+        $this->loggedIn = true;
+        $this->loggedOut = false;
+        $this->operator = $operator;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function logoutOperator()
+    {
+        $this->loggedOut = true;
+        $this->loggedIn = false;
+        $this->operator = null;
+    }
+
+    /**
+     * Checks if the operator changed.
+     *
+     * @param array $operator Operator's data.
+     * @return boolean
+     */
+    protected function isOperatorChanged($operator)
+    {
+        // Check if the operator is the same but has been updated.
+        $same_operator = $operator
+            && $this->operator
+            && ($this->operator['operatorid'] == $operator['operatorid']);
+
+        return !$same_operator;
+    }
+}