brmlab/brmbiolab_sklad
9
0
Fork 0
mirror of https://github.com/brmlab/brmbiolab_sklad.git synced 2025-10-30 15:04:02 +01:00
Code Issues Projects Releases Packages Wiki Activity

Initial commit

Browse source
This commit is contained in:
mareksebera 2014-09-10 20:20:58 +02:00
commit 3b93da31de
1004 changed files with 265840 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

72
lib/Cake/Controller/Component/Auth/AbstractPasswordHasher.php Normal file
View file

@ -0,0 +1,72 @@
<?php
/**
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @since CakePHP(tm) v 2.4.0
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
/**
* Abstract password hashing class
*
* @package Cake.Controller.Component.Auth
*/
abstract class AbstractPasswordHasher {
/**
* Configurations for this object. Settings passed from authenticator class to
* the constructor are merged with this property.
*
* @var array
*/
protected $_config = array();
/**
* Constructor
*
* @param array $config Array of config.
*/
public function __construct($config = array()) {
$this->config($config);
}
/**
* Get/Set the config
*
* @param array $config Sets config, if null returns existing config
* @return array Returns configs
*/
public function config($config = null) {
if (is_array($config)) {
$this->_config = array_merge($this->_config, $config);
}
return $this->_config;
}
/**
* Generates password hash.
*
* @param string|array $password Plain text password to hash or array of data
* required to generate password hash.
* @return string Password hash
*/
abstract public function hash($password);
/**
* Check hash. Generate hash from user provided password string or data array
* and check against existing hash.
*
* @param string|array $password Plain text password to hash or data array.
* @param string $hashedPassword Existing hashed password.
* @return bool True if hashes match else false.
*/
abstract public function check($password, $hashedPassword);
}

41
lib/Cake/Controller/Component/Auth/ActionsAuthorize.php Normal file
View file

@ -0,0 +1,41 @@
<?php
/**
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
App::uses('BaseAuthorize', 'Controller/Component/Auth');
/**
* An authorization adapter for AuthComponent. Provides the ability to authorize using the AclComponent,
* If AclComponent is not already loaded it will be loaded using the Controller's ComponentCollection.
*
* @package Cake.Controller.Component.Auth
* @since 2.0
* @see AuthComponent::$authenticate
* @see AclComponent::check()
*/
class ActionsAuthorize extends BaseAuthorize {
/**
* Authorize a user using the AclComponent.
*
* @param array $user The user to authorize
* @param CakeRequest $request The request needing authorization.
* @return bool
*/
public function authorize($user, CakeRequest $request) {
$Acl = $this->_Collection->load('Acl');
$user = array($this->settings['userModel'] => $user);
return $Acl->check($user, $this->action($request));
}
}

219
lib/Cake/Controller/Component/Auth/BaseAuthenticate.php Normal file
View file

@ -0,0 +1,219 @@
<?php
/**
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
App::uses('Security', 'Utility');
App::uses('Hash', 'Utility');
/**
* Base Authentication class with common methods and properties.
*
* @package Cake.Controller.Component.Auth
*/
abstract class BaseAuthenticate {
/**
* Settings for this object.
*
* - `fields` The fields to use to identify a user by.
* - `userModel` The model name of the User, defaults to User.
* - `scope` Additional conditions to use when looking up and authenticating users,
* i.e. `array('User.is_active' => 1).`
* - `recursive` The value of the recursive key passed to find(). Defaults to 0.
* - `contain` Extra models to contain and store in session.
* - `passwordHasher` Password hasher class. Can be a string specifying class name
* or an array containing `className` key, any other keys will be passed as
* settings to the class. Defaults to 'Simple'.
*
* @var array
*/
public $settings = array(
'fields' => array(
'username' => 'username',
'password' => 'password'
),
'userModel' => 'User',
'scope' => array(),
'recursive' => 0,
'contain' => null,
'passwordHasher' => 'Simple'
);
/**
* A Component collection, used to get more components.
*
* @var ComponentCollection
*/
protected $_Collection;
/**
* Password hasher instance.
*
* @var AbstractPasswordHasher
*/
protected $_passwordHasher;
/**
* Constructor
*
* @param ComponentCollection $collection The Component collection used on this request.
* @param array $settings Array of settings to use.
*/
public function __construct(ComponentCollection $collection, $settings) {
$this->_Collection = $collection;
$this->settings = Hash::merge($this->settings, $settings);
}
/**
* Find a user record using the standard options.
*
* The $username parameter can be a (string)username or an array containing
* conditions for Model::find('first'). If the $password param is not provided
* the password field will be present in returned array.
*
* Input passwords will be hashed even when a user doesn't exist. This
* helps mitigate timing attacks that are attempting to find valid usernames.
*
* @param string|array $username The username/identifier, or an array of find conditions.
* @param string $password The password, only used if $username param is string.
* @return bool|array Either false on failure, or an array of user data.
*/
protected function _findUser($username, $password = null) {
$userModel = $this->settings['userModel'];
list(, $model) = pluginSplit($userModel);
$fields = $this->settings['fields'];
if (is_array($username)) {
$conditions = $username;
} else {
$conditions = array(
$model . '.' . $fields['username'] => $username
);
}
if (!empty($this->settings['scope'])) {
$conditions = array_merge($conditions, $this->settings['scope']);
}
$result = ClassRegistry::init($userModel)->find('first', array(
'conditions' => $conditions,
'recursive' => $this->settings['recursive'],
'contain' => $this->settings['contain'],
));
if (empty($result[$model])) {
$this->passwordHasher()->hash($password);
return false;
}
$user = $result[$model];
if ($password !== null) {
if (!$this->passwordHasher()->check($password, $user[$fields['password']])) {
return false;
}
unset($user[$fields['password']]);
}
unset($result[$model]);
return array_merge($user, $result);
}
/**
* Return password hasher object
*
* @return AbstractPasswordHasher Password hasher instance
* @throws CakeException If password hasher class not found or
* it does not extend AbstractPasswordHasher
*/
public function passwordHasher() {
if ($this->_passwordHasher) {
return $this->_passwordHasher;
}
$config = array();
if (is_string($this->settings['passwordHasher'])) {
$class = $this->settings['passwordHasher'];
} else {
$class = $this->settings['passwordHasher']['className'];
$config = $this->settings['passwordHasher'];
unset($config['className']);
}
list($plugin, $class) = pluginSplit($class, true);
$className = $class . 'PasswordHasher';
App::uses($className, $plugin . 'Controller/Component/Auth');
if (!class_exists($className)) {
throw new CakeException(__d('cake_dev', 'Password hasher class "%s" was not found.', $class));
}
if (!is_subclass_of($className, 'AbstractPasswordHasher')) {
throw new CakeException(__d('cake_dev', 'Password hasher must extend AbstractPasswordHasher class.'));
}
$this->_passwordHasher = new $className($config);
return $this->_passwordHasher;
}
/**
* Hash the plain text password so that it matches the hashed/encrypted password
* in the datasource.
*
* @param string $password The plain text password.
* @return string The hashed form of the password.
* @deprecated Since 2.4. Use a PasswordHasher class instead.
*/
protected function _password($password) {
return Security::hash($password, null, true);
}
/**
* Authenticate a user based on the request information.
*
* @param CakeRequest $request Request to get authentication information from.
* @param CakeResponse $response A response object that can have headers added.
* @return mixed Either false on failure, or an array of user data on success.
*/
abstract public function authenticate(CakeRequest $request, CakeResponse $response);
/**
* Allows you to hook into AuthComponent::logout(),
* and implement specialized logout behavior.
*
* All attached authentication objects will have this method
* called when a user logs out.
*
* @param array $user The user about to be logged out.
* @return void
*/
public function logout($user) {
}
/**
* Get a user based on information in the request. Primarily used by stateless authentication
* systems like basic and digest auth.
*
* @param CakeRequest $request Request object.
* @return mixed Either false or an array of user information
*/
public function getUser(CakeRequest $request) {
return false;
}
/**
* Handle unauthenticated access attempt.
*
* @param CakeRequest $request A request object.
* @param CakeResponse $response A response object.
* @return mixed Either true to indicate the unauthenticated request has been
* dealt with and no more action is required by AuthComponent or void (default).
*/
public function unauthenticated(CakeRequest $request, CakeResponse $response) {
}
}

168
lib/Cake/Controller/Component/Auth/BaseAuthorize.php Normal file
View file

@ -0,0 +1,168 @@
<?php
/**
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
App::uses('Hash', 'Utility');
/**
* Abstract base authorization adapter for AuthComponent.
*
* @package Cake.Controller.Component.Auth
* @since 2.0
* @see AuthComponent::$authenticate
*/
abstract class BaseAuthorize {
/**
* Controller for the request.
*
* @var Controller
*/
protected $_Controller = null;
/**
* Component collection instance for getting more components.
*
* @var ComponentCollection
*/
protected $_Collection;
/**
* Settings for authorize objects.
*
* - `actionPath` - The path to ACO nodes that contains the nodes for controllers. Used as a prefix
* when calling $this->action();
* - `actionMap` - Action -> crud mappings. Used by authorization objects that want to map actions to CRUD roles.
* - `userModel` - Model name that ARO records can be found under. Defaults to 'User'.
*
* @var array
*/
public $settings = array(
'actionPath' => null,
'actionMap' => array(
'index' => 'read',
'add' => 'create',
'edit' => 'update',
'view' => 'read',
'delete' => 'delete',
'remove' => 'delete'
),
'userModel' => 'User'
);
/**
* Constructor
*
* @param ComponentCollection $collection The controller for this request.
* @param string $settings An array of settings. This class does not use any settings.
*/
public function __construct(ComponentCollection $collection, $settings = array()) {
$this->_Collection = $collection;
$controller = $collection->getController();
$this->controller($controller);
$this->settings = Hash::merge($this->settings, $settings);
}
/**
* Checks user authorization.
*
* @param array $user Active user data
* @param CakeRequest $request Request instance.
* @return bool
*/
abstract public function authorize($user, CakeRequest $request);
/**
* Accessor to the controller object.
*
* @param Controller $controller null to get, a controller to set.
* @return mixed
* @throws CakeException
*/
public function controller(Controller $controller = null) {
if ($controller) {
if (!$controller instanceof Controller) {
throw new CakeException(__d('cake_dev', '$controller needs to be an instance of Controller'));
}
$this->_Controller = $controller;
return true;
}
return $this->_Controller;
}
/**
* Get the action path for a given request. Primarily used by authorize objects
* that need to get information about the plugin, controller, and action being invoked.
*
* @param CakeRequest $request The request a path is needed for.
* @param string $path Path format.
* @return string the action path for the given request.
*/
public function action(CakeRequest $request, $path = '/:plugin/:controller/:action') {
$plugin = empty($request['plugin']) ? null : Inflector::camelize($request['plugin']) . '/';
$path = str_replace(
array(':controller', ':action', ':plugin/'),
array(Inflector::camelize($request['controller']), $request['action'], $plugin),
$this->settings['actionPath'] . $path
);
$path = str_replace('//', '/', $path);
return trim($path, '/');
}
/**
* Maps crud actions to actual action names. Used to modify or get the current mapped actions.
*
* Create additional mappings for a standard CRUD operation:
*
* {{{
* $this->Auth->mapActions(array('create' => array('add', 'register'));
* }}}
*
* Or equivalently:
*
* {{{
* $this->Auth->mapActions(array('register' => 'create', 'add' => 'create'));
* }}}
*
* Create mappings for custom CRUD operations:
*
* {{{
* $this->Auth->mapActions(array('range' => 'search'));
* }}}
*
* You can use the custom CRUD operations to create additional generic permissions
* that behave like CRUD operations. Doing this will require additional columns on the
* permissions lookup. For example if one wanted an additional search CRUD operation
* one would create and additional column '_search' in the aros_acos table. One could
* create a custom admin CRUD operation for administration functions similarly if needed.
*
* @param array $map Either an array of mappings, or undefined to get current values.
* @return mixed Either the current mappings or null when setting.
* @see AuthComponent::mapActions()
*/
public function mapActions($map = array()) {
if (empty($map)) {
return $this->settings['actionMap'];
}
foreach ($map as $action => $type) {
if (is_array($type)) {
foreach ($type as $typedAction) {
$this->settings['actionMap'][$typedAction] = $action;
}
} else {
$this->settings['actionMap'][$action] = $type;
}
}
}
}

117
lib/Cake/Controller/Component/Auth/BasicAuthenticate.php Normal file
View file

@ -0,0 +1,117 @@
<?php
/**
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
App::uses('BaseAuthenticate', 'Controller/Component/Auth');
/**
* Basic Authentication adapter for AuthComponent.
*
* Provides Basic HTTP authentication support for AuthComponent. Basic Auth will
* authenticate users against the configured userModel and verify the username
* and passwords match.
*
* ### Using Basic auth
*
* In your controller's components array, add auth + the required settings.
* {{{
* public $components = array(
* 'Auth' => array(
* 'authenticate' => array('Basic')
* )
* );
* }}}
*
* You should also set `AuthComponent::$sessionKey = false;` in your AppController's
* beforeFilter() to prevent CakePHP from sending a session cookie to the client.
*
* Since HTTP Basic Authentication is stateless you don't need a login() action
* in your controller. The user credentials will be checked on each request. If
* valid credentials are not provided, required authentication headers will be sent
* by this authentication provider which triggers the login dialog in the browser/client.
*
* You may also want to use `$this->Auth->unauthorizedRedirect = false;`.
* By default, unauthorized users are redirected to the referrer URL,
* `AuthComponent::$loginAction`, or '/'. If unauthorizedRedirect is set to
* false, a ForbiddenException exception is thrown instead of redirecting.
*
* @package Cake.Controller.Component.Auth
* @since 2.0
*/
class BasicAuthenticate extends BaseAuthenticate {
/**
* Constructor, completes configuration for basic authentication.
*
* @param ComponentCollection $collection The Component collection used on this request.
* @param array $settings An array of settings.
*/
public function __construct(ComponentCollection $collection, $settings) {
parent::__construct($collection, $settings);
if (empty($this->settings['realm'])) {
$this->settings['realm'] = env('SERVER_NAME');
}
}
/**
* Authenticate a user using HTTP auth. Will use the configured User model and attempt a
* login using HTTP auth.
*
* @param CakeRequest $request The request to authenticate with.
* @param CakeResponse $response The response to add headers to.
* @return mixed Either false on failure, or an array of user data on success.
*/
public function authenticate(CakeRequest $request, CakeResponse $response) {
return $this->getUser($request);
}
/**
* Get a user based on information in the request. Used by cookie-less auth for stateless clients.
*
* @param CakeRequest $request Request object.
* @return mixed Either false or an array of user information
*/
public function getUser(CakeRequest $request) {
$username = env('PHP_AUTH_USER');
$pass = env('PHP_AUTH_PW');
if (!is_string($username) || $username === '' || !is_string($pass) || $pass === '') {
return false;
}
return $this->_findUser($username, $pass);
}
/**
* Handles an unauthenticated access attempt by sending appropriate login headers
*
* @param CakeRequest $request A request object.
* @param CakeResponse $response A response object.
* @return void
* @throws UnauthorizedException
*/
public function unauthenticated(CakeRequest $request, CakeResponse $response) {
$Exception = new UnauthorizedException();
$Exception->responseHeader(array($this->loginHeaders()));
throw $Exception;
}
/**
* Generate the login headers
*
* @return string Headers for logging in.
*/
public function loginHeaders() {
return sprintf('WWW-Authenticate: Basic realm="%s"', $this->settings['realm']);
}
}

53
lib/Cake/Controller/Component/Auth/BlowfishAuthenticate.php Normal file
View file

@ -0,0 +1,53 @@
<?php
/**
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of the files must retain the above copyright notice.
*
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
App::uses('FormAuthenticate', 'Controller/Component/Auth');
/**
* An authentication adapter for AuthComponent. Provides the ability to authenticate using POST data using Blowfish
* hashing. Can be used by configuring AuthComponent to use it via the AuthComponent::$authenticate setting.
*
* {{{
* $this->Auth->authenticate = array(
* 'Blowfish' => array(
* 'scope' => array('User.active' => 1)
* )
* )
* }}}
*
* When configuring BlowfishAuthenticate you can pass in settings to which fields, model and additional conditions
* are used. See FormAuthenticate::$settings for more information.
*
* For initial password hashing/creation see Security::hash(). Other than how the password is initially hashed,
* BlowfishAuthenticate works exactly the same way as FormAuthenticate.
*
* @package Cake.Controller.Component.Auth
* @since CakePHP(tm) v 2.3
* @see AuthComponent::$authenticate
* @deprecated Since 2.4. Just use FormAuthenticate with 'passwordHasher' setting set to 'Blowfish'
*/
class BlowfishAuthenticate extends FormAuthenticate {
/**
* Constructor. Sets default passwordHasher to Blowfish
*
* @param ComponentCollection $collection The Component collection used on this request.
* @param array $settings Array of settings to use.
*/
public function __construct(ComponentCollection $collection, $settings) {
$this->settings['passwordHasher'] = 'Blowfish';
parent::__construct($collection, $settings);
}
}

48
lib/Cake/Controller/Component/Auth/BlowfishPasswordHasher.php Normal file
View file

@ -0,0 +1,48 @@
<?php
/**
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @since CakePHP(tm) v 2.4.0
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
App::uses('AbstractPasswordHasher', 'Controller/Component/Auth');
App::uses('Security', 'Utility');
/**
* Blowfish password hashing class.
*
* @package Cake.Controller.Component.Auth
*/
class BlowfishPasswordHasher extends AbstractPasswordHasher {
/**
* Generates password hash.
*
* @param string $password Plain text password to hash.
* @return string Password hash
* @link http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#using-bcrypt-for-passwords
*/
public function hash($password) {
return Security::hash($password, 'blowfish', false);
}
/**
* Check hash. Generate hash for user provided password and check against existing hash.
*
* @param string $password Plain text password to hash.
* @param string $hashedPassword Existing hashed password.
* @return bool True if hashes match else false.
*/
public function check($password, $hashedPassword) {
return $hashedPassword === Security::hash($password, 'blowfish', $hashedPassword);
}
}

66
lib/Cake/Controller/Component/Auth/ControllerAuthorize.php Normal file
View file

@ -0,0 +1,66 @@
<?php
/**
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
App::uses('BaseAuthorize', 'Controller/Component/Auth');
/**
* An authorization adapter for AuthComponent. Provides the ability to authorize using a controller callback.
* Your controller's isAuthorized() method should return a boolean to indicate whether or not the user is authorized.
*
* {{{
* public function isAuthorized($user) {
* if (!empty($this->request->params['admin'])) {
* return $user['role'] === 'admin';
* }
* return !empty($user);
* }
* }}}
*
* the above is simple implementation that would only authorize users of the 'admin' role to access
* admin routing.
*
* @package Cake.Controller.Component.Auth
* @since 2.0
* @see AuthComponent::$authenticate
*/
class ControllerAuthorize extends BaseAuthorize {
/**
* Get/set the controller this authorize object will be working with. Also checks that isAuthorized is implemented.
*
* @param Controller $controller null to get, a controller to set.
* @return mixed
* @throws CakeException
*/
public function controller(Controller $controller = null) {
if ($controller) {
if (!method_exists($controller, 'isAuthorized')) {
throw new CakeException(__d('cake_dev', '$controller does not implement an %s method.', 'isAuthorized()'));
}
}
return parent::controller($controller);
}
/**
* Checks user authorization using a controller callback.
*
* @param array $user Active user data
* @param CakeRequest $request Request instance.
* @return bool
*/
public function authorize($user, CakeRequest $request) {
return (bool)$this->_Controller->isAuthorized($user);
}
}

101
lib/Cake/Controller/Component/Auth/CrudAuthorize.php Normal file
View file

@ -0,0 +1,101 @@
<?php
/**
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
App::uses('BaseAuthorize', 'Controller/Component/Auth');
App::uses('Router', 'Routing');
/**
* An authorization adapter for AuthComponent. Provides the ability to authorize using CRUD mappings.
* CRUD mappings allow you to translate controller actions into *C*reate *R*ead *U*pdate *D*elete actions.
* This is then checked in the AclComponent as specific permissions.
*
* For example, taking `/posts/index` as the current request. The default mapping for `index`, is a `read` permission
* check. The Acl check would then be for the `posts` controller with the `read` permission. This allows you
* to create permission systems that focus more on what is being done to resources, rather than the specific actions
* being visited.
*
* @package Cake.Controller.Component.Auth
* @since 2.0
* @see AuthComponent::$authenticate
* @see AclComponent::check()
*/
class CrudAuthorize extends BaseAuthorize {
/**
* Sets up additional actionMap values that match the configured `Routing.prefixes`.
*
* @param ComponentCollection $collection The component collection from the controller.
* @param string $settings An array of settings. This class does not use any settings.
*/
public function __construct(ComponentCollection $collection, $settings = array()) {
parent::__construct($collection, $settings);
$this->_setPrefixMappings();
}
/**
* sets the crud mappings for prefix routes.
*
* @return void
*/
protected function _setPrefixMappings() {
$crud = array('create', 'read', 'update', 'delete');
$map = array_combine($crud, $crud);
$prefixes = Router::prefixes();
if (!empty($prefixes)) {
foreach ($prefixes as $prefix) {
$map = array_merge($map, array(
$prefix . '_index' => 'read',
$prefix . '_add' => 'create',
$prefix . '_edit' => 'update',
$prefix . '_view' => 'read',
$prefix . '_remove' => 'delete',
$prefix . '_create' => 'create',
$prefix . '_read' => 'read',
$prefix . '_update' => 'update',
$prefix . '_delete' => 'delete'
));
}
}
$this->mapActions($map);
}
/**
* Authorize a user using the mapped actions and the AclComponent.
*
* @param array $user The user to authorize
* @param CakeRequest $request The request needing authorization.
* @return bool
*/
public function authorize($user, CakeRequest $request) {
if (!isset($this->settings['actionMap'][$request->params['action']])) {
trigger_error(__d('cake_dev',
'CrudAuthorize::authorize() - Attempted access of un-mapped action "%1$s" in controller "%2$s"',
$request->action,
$request->controller
),
E_USER_WARNING
);
return false;
}
$user = array($this->settings['userModel'] => $user);
$Acl = $this->_Collection->load('Acl');
return $Acl->check(
$user,
$this->action($request, ':controller'),
$this->settings['actionMap'][$request->params['action']]
);
}
}

224
lib/Cake/Controller/Component/Auth/DigestAuthenticate.php Normal file
View file

@ -0,0 +1,224 @@
<?php
/**
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
App::uses('BasicAuthenticate', 'Controller/Component/Auth');
/**
* Digest Authentication adapter for AuthComponent.
*
* Provides Digest HTTP authentication support for AuthComponent. Unlike most AuthComponent adapters,
* DigestAuthenticate requires a special password hash that conforms to RFC2617. You can create this
* password using `DigestAuthenticate::password()`. If you wish to use digest authentication alongside other
* authentication methods, its recommended that you store the digest authentication separately.
*
* Clients using Digest Authentication must support cookies. Since AuthComponent identifies users based
* on Session contents, clients without support for cookies will not function properly.
*
* ### Using Digest auth
*
* In your controller's components array, add auth + the required settings.
* {{{
* public $components = array(
* 'Auth' => array(
* 'authenticate' => array('Digest')
* )
* );
* }}}
*
* In your login function just call `$this->Auth->login()` without any checks for POST data. This
* will send the authentication headers, and trigger the login dialog in the browser/client.
*
* ### Generating passwords compatible with Digest authentication.
*
* Due to the Digest authentication specification, digest auth requires a special password value. You
* can generate this password using `DigestAuthenticate::password()`
*
* `$digestPass = DigestAuthenticate::password($username, env('SERVER_NAME'), $password);`
*
* Its recommended that you store this digest auth only password separate from password hashes used for other
* login methods. For example `User.digest_pass` could be used for a digest password, while `User.password` would
* store the password hash for use with other methods like Basic or Form.
*
* @package Cake.Controller.Component.Auth
* @since 2.0
*/
class DigestAuthenticate extends BasicAuthenticate {
/**
* Settings for this object.
*
* - `fields` The fields to use to identify a user by.
* - `userModel` The model name of the User, defaults to User.
* - `scope` Additional conditions to use when looking up and authenticating users,
* i.e. `array('User.is_active' => 1).`
* - `recursive` The value of the recursive key passed to find(). Defaults to 0.
* - `contain` Extra models to contain and store in session.
* - `realm` The realm authentication is for, Defaults to the servername.
* - `nonce` A nonce used for authentication. Defaults to `uniqid()`.
* - `qop` Defaults to auth, no other values are supported at this time.
* - `opaque` A string that must be returned unchanged by clients.
* Defaults to `md5($settings['realm'])`
*
* @var array
*/
public $settings = array(
'fields' => array(
'username' => 'username',
'password' => 'password'
),
'userModel' => 'User',
'scope' => array(),
'recursive' => 0,
'contain' => null,
'realm' => '',
'qop' => 'auth',
'nonce' => '',
'opaque' => '',
'passwordHasher' => 'Simple',
);
/**
* Constructor, completes configuration for digest authentication.
*
* @param ComponentCollection $collection The Component collection used on this request.
* @param array $settings An array of settings.
*/
public function __construct(ComponentCollection $collection, $settings) {
parent::__construct($collection, $settings);
if (empty($this->settings['nonce'])) {
$this->settings['nonce'] = uniqid('');
}
if (empty($this->settings['opaque'])) {
$this->settings['opaque'] = md5($this->settings['realm']);
}
}
/**
* Get a user based on information in the request. Used by cookie-less auth for stateless clients.
*
* @param CakeRequest $request Request object.
* @return mixed Either false or an array of user information
*/
public function getUser(CakeRequest $request) {
$digest = $this->_getDigest();
if (empty($digest)) {
return false;
}
list(, $model) = pluginSplit($this->settings['userModel']);
$user = $this->_findUser(array(
$model . '.' . $this->settings['fields']['username'] => $digest['username']
));
if (empty($user)) {
return false;
}
$password = $user[$this->settings['fields']['password']];
unset($user[$this->settings['fields']['password']]);
if ($digest['response'] === $this->generateResponseHash($digest, $password)) {
return $user;
}
return false;
}
/**
* Gets the digest headers from the request/environment.
*
* @return array Array of digest information.
*/
protected function _getDigest() {
$digest = env('PHP_AUTH_DIGEST');
if (empty($digest) && function_exists('apache_request_headers')) {
$headers = apache_request_headers();
if (!empty($headers['Authorization']) && substr($headers['Authorization'], 0, 7) === 'Digest ') {
$digest = substr($headers['Authorization'], 7);
}
}
if (empty($digest)) {
return false;
}
return $this->parseAuthData($digest);
}
/**
* Parse the digest authentication headers and split them up.
*
* @param string $digest The raw digest authentication headers.
* @return array An array of digest authentication headers
*/
public function parseAuthData($digest) {
if (substr($digest, 0, 7) === 'Digest ') {
$digest = substr($digest, 7);
}
$keys = $match = array();
$req = array('nonce' => 1, 'nc' => 1, 'cnonce' => 1, 'qop' => 1, 'username' => 1, 'uri' => 1, 'response' => 1);
preg_match_all('/(\w+)=([\'"]?)([a-zA-Z0-9\:\#\%@=.\/_-]+)\2/', $digest, $match, PREG_SET_ORDER);
foreach ($match as $i) {
$keys[$i[1]] = $i[3];
unset($req[$i[1]]);
}
if (empty($req)) {
return $keys;
}
return null;
}
/**
* Generate the response hash for a given digest array.
*
* @param array $digest Digest information containing data from DigestAuthenticate::parseAuthData().
* @param string $password The digest hash password generated with DigestAuthenticate::password()
* @return string Response hash
*/
public function generateResponseHash($digest, $password) {
return md5(
$password .
':' . $digest['nonce'] . ':' . $digest['nc'] . ':' . $digest['cnonce'] . ':' . $digest['qop'] . ':' .
md5(env('REQUEST_METHOD') . ':' . $digest['uri'])
);
}
/**
* Creates an auth digest password hash to store
*
* @param string $username The username to use in the digest hash.
* @param string $password The unhashed password to make a digest hash for.
* @param string $realm The realm the password is for.
* @return string the hashed password that can later be used with Digest authentication.
*/
public static function password($username, $password, $realm) {
return md5($username . ':' . $realm . ':' . $password);
}
/**
* Generate the login headers
*
* @return string Headers for logging in.
*/
public function loginHeaders() {
$options = array(
'realm' => $this->settings['realm'],
'qop' => $this->settings['qop'],
'nonce' => $this->settings['nonce'],
'opaque' => $this->settings['opaque']
);
$opts = array();
foreach ($options as $k => $v) {
$opts[] = sprintf('%s="%s"', $k, $v);
}
return 'WWW-Authenticate: Digest ' . implode(',', $opts);
}
}

82
lib/Cake/Controller/Component/Auth/FormAuthenticate.php Normal file
View file

@ -0,0 +1,82 @@
<?php
/**
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
App::uses('BaseAuthenticate', 'Controller/Component/Auth');
/**
* An authentication adapter for AuthComponent. Provides the ability to authenticate using POST
* data. Can be used by configuring AuthComponent to use it via the AuthComponent::$authenticate setting.
*
* {{{
* $this->Auth->authenticate = array(
* 'Form' => array(
* 'scope' => array('User.active' => 1)
* )
* )
* }}}
*
* When configuring FormAuthenticate you can pass in settings to which fields, model and additional conditions
* are used. See FormAuthenticate::$settings for more information.
*
* @package Cake.Controller.Component.Auth
* @since 2.0
* @see AuthComponent::$authenticate
*/
class FormAuthenticate extends BaseAuthenticate {
/**
* Checks the fields to ensure they are supplied.
*
* @param CakeRequest $request The request that contains login information.
* @param string $model The model used for login verification.
* @param array $fields The fields to be checked.
* @return bool False if the fields have not been supplied. True if they exist.
*/
protected function _checkFields(CakeRequest $request, $model, $fields) {
if (empty($request->data[$model])) {
return false;
}
foreach (array($fields['username'], $fields['password']) as $field) {
$value = $request->data($model . '.' . $field);
if (empty($value) && $value !== '0' || !is_string($value)) {
return false;
}
}
return true;
}
/**
* Authenticates the identity contained in a request. Will use the `settings.userModel`, and `settings.fields`
* to find POST data that is used to find a matching record in the `settings.userModel`. Will return false if
* there is no post data, either username or password is missing, or if the scope conditions have not been met.
*
* @param CakeRequest $request The request that contains login information.
* @param CakeResponse $response Unused response object.
* @return mixed False on login failure. An array of User data on success.
*/
public function authenticate(CakeRequest $request, CakeResponse $response) {
$userModel = $this->settings['userModel'];
list(, $model) = pluginSplit($userModel);
$fields = $this->settings['fields'];
if (!$this->_checkFields($request, $model, $fields)) {
return false;
}
return $this->_findUser(
$request->data[$model][$fields['username']],
$request->data[$model][$fields['password']]
);
}
}

55
lib/Cake/Controller/Component/Auth/SimplePasswordHasher.php Normal file
View file

@ -0,0 +1,55 @@
<?php
/**
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @since CakePHP(tm) v 2.4.0
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
App::uses('AbstractPasswordHasher', 'Controller/Component/Auth');
App::uses('Security', 'Utility');
/**
* Simple password hashing class.
*
* @package Cake.Controller.Component.Auth
*/
class SimplePasswordHasher extends AbstractPasswordHasher {
/**
* Config for this object.
*
* @var array
*/
protected $_config = array('hashType' => null);
/**
* Generates password hash.
*
* @param string $password Plain text password to hash.
* @return string Password hash
* @link http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#hashing-passwords
*/
public function hash($password) {
return Security::hash($password, $this->_config['hashType'], true);
}
/**
* Check hash. Generate hash for user provided password and check against existing hash.
*
* @param string $password Plain text password to hash.
* @param string $hashedPassword Existing hashed password.
* @return bool True if hashes match else false.
*/
public function check($password, $hashedPassword) {
return $hashedPassword === $this->hash($password);
}
}