Select Git revision
AbstractDb.php
Forked from
lib / unicaen / authentification
57 commits behind the upstream repository.
Jean-Philippe Metivier authored
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
AbstractDb.php 3.76 KiB
<?php
namespace UnicaenAuthentification\Authentication\Adapter;
use UnicaenAuthentification\Options\Traits\ModuleOptionsAwareTrait;
use Zend\Authentication\Result as AuthenticationResult;
use Zend\EventManager\EventInterface;
use Zend\Session\Container as SessionContainer;
use ZfcUser\Authentication\Adapter\AdapterChainEvent;
use ZfcUser\Entity\UserInterface;
use ZfcUser\Mapper\UserInterface as UserMapperInterface;
/**
* Classe abstraite des adpater d'authentification à partir de la base de données.
*
* Ajout par rapport à la classe mère : si aucune base de données ou table n'existe,
* l'authentification ne plante pas (i.e. renvoit false).
*
* @author Bertrand GAUTHIER <bertrand.gauthier@unicaen.fr>
*/
abstract class AbstractDb extends AbstractAdapter
{
use ModuleOptionsAwareTrait;
/**
* @var string
*/
protected $type;
/**
* @var AdapterChainEvent
*/
protected $event;
/**
* @var UserMapperInterface
*/
protected $mapper;
/**
* @inheritDoc
*/
// public function authenticate(EventInterface $e): bool
public function authenticate( $e): bool
{
// NB: Dans la version 3.0.0 de zf-commons/zfc-user, cette méthode prend un EventInterface.
// Mais dans la branche 3.x, c'est un AdapterChainEvent !
// Si un jour c'est un AdapterChainEvent qui est attendu, plus besoin de faire $e->getTarget().
$this->event = $e->getTarget();
if ($this->event->getIdentity()) {
return true;
}
if ($this->isSatisfied()) {
$storage = $this->getStorage()->read();
$this->event
->setIdentity($storage['identity'])
->setCode(AuthenticationResult::SUCCESS)
->setMessages(array('Authentication successful.'));
return true;
}
$userObject = $this->fetchUserObject();
if ($userObject === null) {
return false;
}
if ($this->moduleOptions->getEnableUserState()) {
// Don't allow user to login if state is not in allowed list if (!in_array($userObject->getState(), $this->moduleOptions->getAllowedLoginStates())) {
$this->event
->setCode(AuthenticationResult::FAILURE_UNCATEGORIZED)
->setMessages(["Ce compte utilisateur a été désactivé"]);
$this->setSatisfied(false);
return false;
}
}
$result = $this->authenticateUserObject($userObject);
if ($result === false) {
return false;
}
// regen the id
$session = new SessionContainer($this->getStorage()->getNamespace());
$session->getManager()->regenerateId();
// Success!
$identity = $this->createSessionIdentity($userObject->getUsername());
$this->event->setIdentity($identity);
$this->setSatisfied(true);
$storage = $this->getStorage()->read();
$storage['identity'] = $this->event->getIdentity();
$this->getStorage()->write($storage);
$this->event
->setCode(AuthenticationResult::SUCCESS)
->setMessages(array('Authentication successful.'));
return true;
}
/**
* @return \ZfcUser\Entity\UserInterface|null
*/
abstract protected function fetchUserObject(): ?UserInterface;
/**
* @param \ZfcUser\Entity\UserInterface $userObject
* @return bool
*/
abstract protected function authenticateUserObject(UserInterface $userObject): bool;
/**
* setMapper
*
* @param UserMapperInterface $mapper
* @return self
*/
public function setMapper(UserMapperInterface $mapper): self
{
$this->mapper = $mapper;
return $this;
}
}