application/libraries/Auth.php

   1 <?php defined('SYSPATH') OR die('No direct access allowed.');
   2
   3 require_once('op5/auth/Auth.php');
   4 require_once('op5/auth/User_NoAuth.php');
   5 require_once('op5/auth/User_AlwaysAuth.php');
   6
   7 /**
   8  * User authentication and authorization library.
   9  *
  10  * @package    Auth
  11  * @author
  12  * @copyright
  13  * @license
  14  */
  15 class Auth {
  16         /**
  17          * Used to override instance, to break exception loop
  18          */
  19         private static $fake_instance = false;
  20
  21         /**
  22          * Create an instance of Auth.
  23          *
  24          * @return  object
  25          */
  26         public static function factory($config = array(), $driver_config = array())
  27         {
  28                 Op5Auth::factory($config, $driver_config);
  29                 return new self();
  30         }
  31
  32         /**
  33          * @param $rights_to_exclude array
  34          * @return array
  35          */
  36         public static function get_groups_without_rights(array $rights_to_exclude)
  37         {
  38                 $groups = Op5Config::instance()->getConfig('auth_groups');
  39                 foreach($groups as $group => $rights) {
  40                         if(array_intersect($rights_to_exclude, $rights)) {
  41                                 unset($groups[$group]);
  42                         }
  43                 }
  44                 return $groups;
  45         }
  46
  47         /**
  48          * Return a static instance of Auth.
  49          *
  50          * @return  object
  51          */
  52         public static function instance($config = array(), $driver_config = array())
  53         {
  54                 if (self::$fake_instance !== false) return self::$fake_instance;
  55                 // Load the Auth instance
  56                 try {
  57                         $instance = new Auth($config, $driver_config);
  58                 }
  59                 catch( Exception $e ) {
  60                         self::disable_auth_subsystem();
  61                         throw $e;
  62                 }
  63                 return $instance;
  64         }
  65
  66         public function __construct( $config = NULL, $driver_config = array() )
  67         {
  68                 Op5Auth::instance( $config, $driver_config );
  69         }
  70
  71         /**
  72          * Check if there is an active session. Optionally allows checking for a
  73          * specific role.
  74          *
  75          * @param   string   role name
  76          * @return  boolean
  77          */
  78         public function logged_in($role = NULL)
  79         {
  80                 if( $role !== NULL ) {
  81                         return false;
  82                 }
  83                 return op5auth::instance()->logged_in();
  84         }
  85
  86         /**
  87          * Returns the currently logged in user, or NoAuth user.
  88          *
  89          * @return  mixed
  90          */
  91         public function get_user()
  92         {
  93                 $user = op5auth::instance()->get_user();
  94                 return $user;
  95         }
  96
  97         /**
  98          * Attempt to log in a user by using an ORM object and plain-text password.
  99          *
 100          * @param   string   username to log in
 101          * @param   string   password to check against
 102          * @param   boolean  enable auto-login
 103          * @return  boolean     True on success
 104          */
 105         public function login($username, $password, $auth_method = false)
 106         {
 107                 $res = op5auth::instance()->login( $username, $password, $auth_method );
 108                 return $res;
 109         }
 110
 111         /**
 112          * Attempt to automatically log a user in.
 113          *
 114          * @return  boolean
 115          */
 116         public function auto_login()
 117         {
 118                 return false;
 119         }
 120
 121         /**
 122          * Force a login for a specific username.
 123          *
 124          * @param   mixed    username
 125          * @return  boolean
 126          */
 127         public function force_login($username)
 128         {
 129                 return false;
 130         }
 131
 132         /**
 133          * Log out a user by removing the related session variables.
 134          *
 135          * @param   boolean  completely destroy the session
 136          * @return  boolean
 137          */
 138         public function logout($destroy = FALSE)
 139         {
 140                 return op5auth::instance()->logout();
 141         }
 142
 143         /**
 144          * Verify password for a logged in user.
 145          *
 146          * Usable for form validation of critical user data, for example validate a
 147          * password change.
 148          *
 149          * This method doesn't use APC
 150          *
 151          * @param $user     Op5User User object to verify
 152          * @param $password string  Password to test
 153          * @return          boolean true if password is ok
 154          */
 155         public function verify_password( $user, $password )
 156         {
 157                 return op5auth::instance()->verify_password( $user, $password );
 158         }
 159
 160         /**
 161          * Update password for a given user.
 162          *
 163          * @param $user     Op5User User object to verify
 164          * @param $password string  New password
 165          * @return          boolean true if password is ok
 166          */
 167         public function update_password( $user, $password )
 168         {
 169                 return op5auth::instance()->update_password( $user, $password );
 170         }
 171
 172         /**
 173          * Returns true if current session has access for a given authorization point
 174          *
 175          * @param   string   authorization point
 176          * @return  boolean  true if access
 177          */
 178         public function authorized_for( $authorization_point )
 179         {
 180                 return op5auth::instance()->authorized_for( $authorization_point );
 181         }
 182
 183         /**
 184          * Returns an array of authentication methods.
 185          *
 186          * @return  array  list of authentication methods, or false if only a single
 187          *                 is avalible
 188          */
 189         public function get_authentication_methods()
 190         {
 191                 return op5auth::instance()->get_authentication_methods();
 192         }
 193
 194         /**
 195          * Returns name of default authentication method.
 196          *
 197          * @return      string  default authentication method
 198          *
 199          */
 200         public function get_default_auth()
 201         {
 202                 return op5auth::instance()->get_default_auth();
 203         }
 204
 205         /**
 206          * Take an op5User object, and force the auth module to recognize it as the
 207          * currently logged in user
 208          */
 209         public function force_user($user)
 210         {
 211                 return op5auth::instance()->force_user($user);
 212         }
 213
 214         /**
 215          * Register noauth as auth subsystem, so we can't login, logout or anything.
 216          *
 217          * This effectivly reduces possibilities for auth-related errors. Because lot
 218          * of things depend on auth, even when rendering, this is needed to be loaded
 219          * when displaying error pages.
 220          */
 221         public static function disable_auth_subsystem() {
 222                 self::$fake_instance = new Auth_NoAuth();
 223         }
 224 } // End Auth
 225
 226
 227 /**
 228  * This class is just to fill in as Auth if exception if thrown in factory.
 229  *
 230  * When showing an error page (as from exception in factory method), the instance
 231  * needs to be set, so not a new exception will be thrown when rendering the error
 232  * page
 233  */
 234 class Auth_NoAuth extends Auth {
 235
 236         public function __construct($config = NULL)
 237         {
 238         }
 239
 240         public function logged_in($role = NULL)
 241         {
 242                 return false;
 243         }
 244
 245         public function get_user()
 246         {
 247                 return new Op5User_NoAuth();
 248         }
 249
 250         public function login($username, $password, $auth_method = false)
 251         {
 252                 return false;
 253         }
 254
 255         public function logout($destroy = FALSE)
 256         {
 257                 return false;
 258         }
 259
 260         public function verify_password( $user, $password )
 261         {
 262                 return false;
 263         }
 264
 265         public function update_password( $user, $password )
 266         {
 267                 return false;
 268         }
 269
 270         public function authorized_for( $authorization_point )
 271         {
 272                 return false;
 273         }
 274
 275         public function get_authentication_methods()
 276         {
 277                 return false;
 278         }
 279 }