libSmalldb  v0.7-57-g12e9bf1
Public Member Functions | Protected Member Functions | Protected Attributes | List of all members
CookieAuth Class Reference

Description

IAuth implementation using Smalldb state machine and shared session token in a cookie to identify SharedTokenMachine instance.

This class handles cookies only, it is up to session machine to maintain session.

To log in, use getSessionMachine() and invoke a login transition. To log out, use a logout transition. The registered callback will take care of the cookies in both cases.

Warning
Always use the same reference provided by getSessionMachine() to manipulate the current session, otherwise the cookies will not be updated, because other references does not have the Reference::afterTransition() hook registered.
See also
http://smalldb.org/security/

Inheritance diagram for CookieAuth

Public Member Functions

 __construct ($config, %Smalldb $smalldb)
 Constructor. More...
 
 checkSession ()
 Check session - read & update cookies, setup session state machine and register callbacks. More...
 
 getSessionMachine ()
 Get session machine which manages all stuff around login and session. More...
 
 getUserId ()
 Get user's ID. More...
 
 hasUserRoles ($roles)
 Check whether user has given role(s). More...
 
 isAllMighty ()
 Is user all mighty? (Admin or something like that.) More...
 

Protected Member Functions

 getUserRoles ()
 Get list of user's roles, or null if not logged in. More...
 

Protected Attributes

 $smalldb
 Smalldb backend More...
 
 $session_machine
 Reference to session state machine. More...
 

Configuration

 $cookie_name = 'AuthToken'
 Cookie name. More...
 
 $cookie_ttl = 2592000
 Cookie duration [seconds] (default: 30 days) More...
 
 $user_id_property = 'user_id'
 Name of the session machine property with user's ID. More...
 
 $user_roles_property = 'user_roles'
 Name of the session machine property with user's role. More...
 
 $all_mighty_user_role = null
 Name of all mighty user role (admin) More...
 
 $all_mighty_cli = false
 Is command line all mighty? More...
 
 $session_machine_null_ref = 'session'
 Null reference to session machine (array; use session_machine_ref_prefix if not set) More...
 
 $session_machine_ref_prefix = 'session'
 Prefix of session machine reference (array; token ID will be appended) More...
 

Constructor & Destructor Documentation

◆ __construct()

__construct (   $config,
%Smalldb  $smalldb 
)

Constructor.

Parameters
$configConfiguration options - see Configuration section.
$smalldbSmalldb entry point.

Member Function Documentation

◆ checkSession()

checkSession ( )

Check session - read & update cookies, setup session state machine and register callbacks.

This must be called before using any state machines. No transitions are invoked at this point, only the session state machine reference is created.

Implements IAuth.

◆ getSessionMachine()

getSessionMachine ( )

Get session machine which manages all stuff around login and session.

◆ getUserId()

getUserId ( )

Get user's ID.

User's ID is limited to single scalar value (any integer or string).

Returns
User's ID, or NULL when nobody is logged in.

Implements IAuth.

◆ hasUserRoles()

hasUserRoles (   $roles)

Check whether user has given role(s).

Smalldb does not understand user roles, it can only check whether user's roles contain one of required values. User's roles are global and they are not related to any instance of anything.

User may have any number of roles.

Parameters
$rolesName of required role (string), or array of required roles (array of strings).
Returns
TRUE when user has at least one of requested roles, or FALSE otherwise.

Implements IAuth.

◆ isAllMighty()

isAllMighty ( )

Is user all mighty? (Admin or something like that.)

When this function returns true, access control will be disabled.

Implements IAuth.

◆ getUserRoles()

getUserRoles ( )
protected

Get list of user's roles, or null if not logged in.

Note
User's roles are typically not property of the session machine, but they can be calculated property of the machine. Therefore, there is no need to complicate this API with users.

Member Data Documentation

◆ $smalldb

$smalldb
protected

Smalldb backend

◆ $session_machine

$session_machine
protected

Reference to session state machine.

◆ $cookie_name

$cookie_name = 'AuthToken'
protected

Cookie name.

◆ $cookie_ttl

$cookie_ttl = 2592000
protected

Cookie duration [seconds] (default: 30 days)

◆ $user_id_property

$user_id_property = 'user_id'
protected

Name of the session machine property with user's ID.

◆ $user_roles_property

$user_roles_property = 'user_roles'
protected

Name of the session machine property with user's role.

◆ $all_mighty_user_role

$all_mighty_user_role = null
protected

Name of all mighty user role (admin)

◆ $all_mighty_cli

$all_mighty_cli = false
protected

Is command line all mighty?

◆ $session_machine_null_ref

$session_machine_null_ref = 'session'
protected

Null reference to session machine (array; use session_machine_ref_prefix if not set)

◆ $session_machine_ref_prefix

$session_machine_ref_prefix = 'session'
protected

Prefix of session machine reference (array; token ID will be appended)