brmlab/brmsklad
4
0
Fork 0
mirror of https://github.com/brmlab/brmsklad.git synced 2025-08-04 07:03:41 +02:00
Code Issues Projects Releases Packages Wiki Activity

Upgrade CakePHP from 2.2.5 to 2.9.5

Browse source
This commit is contained in:
Brm Ko 2017-02-26 15:29:44 +01:00
parent 5a580df460
commit 235a541597
793 changed files with 60746 additions and 23753 deletions
Download patch file Download diff file Expand all files Collapse all files

72
lib/Cake/Controller/Component/Auth/AbstractPasswordHasher.php Normal file
View file

@ -0,0 +1,72 @@
<?php
/**
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @since CakePHP(tm) v 2.4.0
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
/**
* Abstract password hashing class
*
* @package Cake.Controller.Component.Auth
*/
abstract class AbstractPasswordHasher {
/**
* Configurations for this object. Settings passed from authenticator class to
* the constructor are merged with this property.
*
* @var array
*/
protected $_config = array();
/**
* Constructor
*
* @param array $config Array of config.
*/
public function __construct($config = array()) {
$this->config($config);
}
/**
* Get/Set the config
*
* @param array $config Sets config, if null returns existing config
* @return array Returns configs
*/
public function config($config = null) {
if (is_array($config)) {
$this->_config = array_merge($this->_config, $config);
}
return $this->_config;
}
/**
* Generates password hash.
*
* @param string|array $password Plain text password to hash or array of data
* required to generate password hash.
* @return string Password hash
*/
abstract public function hash($password);
/**
* Check hash. Generate hash from user provided password string or data array
* and check against existing hash.
*
* @param string|array $password Plain text password to hash or data array.
* @param string $hashedPassword Existing hashed password.
* @return bool True if hashes match else false.
*/
abstract public function check($password, $hashedPassword);
}

13
lib/Cake/Controller/Component/Auth/ActionsAuthorize.php
View file

@ -1,22 +1,21 @@
<?php
/**
* PHP 5
*
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
App::uses('BaseAuthorize', 'Controller/Component/Auth');
/**
* An authorization adapter for AuthComponent. Provides the ability to authorize using the AclComponent,
* An authorization adapter for AuthComponent. Provides the ability to authorize using the AclComponent,
* If AclComponent is not already loaded it will be loaded using the Controller's ComponentCollection.
*
* @package Cake.Controller.Component.Auth
@ -31,7 +30,7 @@ class ActionsAuthorize extends BaseAuthorize {
*
* @param array $user The user to authorize
* @param CakeRequest $request The request needing authorization.
* @return boolean
* @return bool
*/
public function authorize($user, CakeRequest $request) {
$Acl = $this->_Collection->load('Acl');

132
lib/Cake/Controller/Component/Auth/BaseAuthenticate.php
View file

@ -1,36 +1,41 @@
<?php
/**
* PHP 5
*
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
App::uses('Security', 'Utility');
App::uses('Hash', 'Utility');
App::uses('CakeEventListener', 'Event');
/**
* Base Authentication class with common methods and properties.
*
* @package Cake.Controller.Component.Auth
*/
abstract class BaseAuthenticate {
abstract class BaseAuthenticate implements CakeEventListener {
/**
* Settings for this object.
*
* - `fields` The fields to use to identify a user by.
* - `userModel` The model name of the User, defaults to User.
* - `userFields` Array of fields to retrieve from User model, null to retrieve all. Defaults to null.
* - `scope` Additional conditions to use when looking up and authenticating users,
* i.e. `array('User.is_active' => 1).`
* - `recursive` The value of the recursive key passed to find(). Defaults to 0.
* - `contain` Extra models to contain and store in session.
* - `passwordHasher` Password hasher class. Can be a string specifying class name
* or an array containing `className` key, any other keys will be passed as
* settings to the class. Defaults to 'Simple'.
*
* @var array
*/
@ -40,9 +45,11 @@ abstract class BaseAuthenticate {
'password' => 'password'
),
'userModel' => 'User',
'userFields' => null,
'scope' => array(),
'recursive' => 0,
'contain' => null,
'passwordHasher' => 'Simple'
);
/**
@ -52,6 +59,22 @@ abstract class BaseAuthenticate {
*/
protected $_Collection;
/**
* Password hasher instance.
*
* @var AbstractPasswordHasher
*/
protected $_passwordHasher;
/**
* Implemented events
*
* @return array of events => callbacks.
*/
public function implementedEvents() {
return array();
}
/**
* Constructor
*
@ -66,42 +89,102 @@ abstract class BaseAuthenticate {
/**
* Find a user record using the standard options.
*
* @param string $username The username/identifier.
* @param string $password The unhashed password.
* @return Mixed Either false on failure, or an array of user data.
* The $username parameter can be a (string)username or an array containing
* conditions for Model::find('first'). If the $password param is not provided
* the password field will be present in returned array.
*
* Input passwords will be hashed even when a user doesn't exist. This
* helps mitigate timing attacks that are attempting to find valid usernames.
*
* @param string|array $username The username/identifier, or an array of find conditions.
* @param string $password The password, only used if $username param is string.
* @return bool|array Either false on failure, or an array of user data.
*/
protected function _findUser($username, $password) {
protected function _findUser($username, $password = null) {
$userModel = $this->settings['userModel'];
list($plugin, $model) = pluginSplit($userModel);
list(, $model) = pluginSplit($userModel);
$fields = $this->settings['fields'];
$conditions = array(
$model . '.' . $fields['username'] => $username,
$model . '.' . $fields['password'] => $this->_password($password),
);
if (is_array($username)) {
$conditions = $username;
} else {
$conditions = array(
$model . '.' . $fields['username'] => $username
);
}
if (!empty($this->settings['scope'])) {
$conditions = array_merge($conditions, $this->settings['scope']);
}
$userFields = $this->settings['userFields'];
if ($password !== null && $userFields !== null) {
$userFields[] = $model . '.' . $fields['password'];
}
$result = ClassRegistry::init($userModel)->find('first', array(
'conditions' => $conditions,
'recursive' => $this->settings['recursive'],
'fields' => $userFields,
'contain' => $this->settings['contain'],
));
if (empty($result) || empty($result[$model])) {
if (empty($result[$model])) {
$this->passwordHasher()->hash($password);
return false;
}
$user = $result[$model];
unset($user[$fields['password']]);
if ($password !== null) {
if (!$this->passwordHasher()->check($password, $user[$fields['password']])) {
return false;
}
unset($user[$fields['password']]);
}
unset($result[$model]);
return array_merge($user, $result);
}
/**
* Return password hasher object
*
* @return AbstractPasswordHasher Password hasher instance
* @throws CakeException If password hasher class not found or
* it does not extend AbstractPasswordHasher
*/
public function passwordHasher() {
if ($this->_passwordHasher) {
return $this->_passwordHasher;
}
$config = array();
if (is_string($this->settings['passwordHasher'])) {
$class = $this->settings['passwordHasher'];
} else {
$class = $this->settings['passwordHasher']['className'];
$config = $this->settings['passwordHasher'];
unset($config['className']);
}
list($plugin, $class) = pluginSplit($class, true);
$className = $class . 'PasswordHasher';
App::uses($className, $plugin . 'Controller/Component/Auth');
if (!class_exists($className)) {
throw new CakeException(__d('cake_dev', 'Password hasher class "%s" was not found.', $class));
}
if (!is_subclass_of($className, 'AbstractPasswordHasher')) {
throw new CakeException(__d('cake_dev', 'Password hasher must extend AbstractPasswordHasher class.'));
}
$this->_passwordHasher = new $className($config);
return $this->_passwordHasher;
}
/**
* Hash the plain text password so that it matches the hashed/encrypted password
* in the datasource.
*
* @param string $password The plain text password.
* @return string The hashed form of the password.
* @deprecated 3.0.0 Since 2.4. Use a PasswordHasher class instead.
*/
protected function _password($password) {
return Security::hash($password, null, true);
@ -130,14 +213,25 @@ abstract class BaseAuthenticate {
}
/**
* Get a user based on information in the request. Primarily used by stateless authentication
* Get a user based on information in the request. Primarily used by stateless authentication
* systems like basic and digest auth.
*
* @param CakeRequest $request Request object.
* @return mixed Either false or an array of user information
*/
public function getUser($request) {
public function getUser(CakeRequest $request) {
return false;
}
/**
* Handle unauthenticated access attempt.
*
* @param CakeRequest $request A request object.
* @param CakeResponse $response A response object.
* @return mixed Either true to indicate the unauthenticated request has been
* dealt with and no more action is required by AuthComponent or void (default).
*/
public function unauthenticated(CakeRequest $request, CakeResponse $response) {
}
}

54
lib/Cake/Controller/Component/Auth/BaseAuthorize.php
View file

@ -1,17 +1,17 @@
<?php
/**
* PHP 5
*
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
App::uses('Hash', 'Utility');
/**
@ -40,10 +40,10 @@ abstract class BaseAuthorize {
/**
* Settings for authorize objects.
*
* - `actionPath` - The path to ACO nodes that contains the nodes for controllers. Used as a prefix
* - `actionPath` - The path to ACO nodes that contains the nodes for controllers. Used as a prefix
* when calling $this->action();
* - `actionMap` - Action -> crud mappings. Used by authorization objects that want to map actions to CRUD roles.
* - `userModel` - Model name that ARO records can be found under. Defaults to 'User'.
* - `userModel` - Model name that ARO records can be found under. Defaults to 'User'.
*
* @var array
*/
@ -64,7 +64,7 @@ abstract class BaseAuthorize {
* Constructor
*
* @param ComponentCollection $collection The controller for this request.
* @param string $settings An array of settings. This class does not use any settings.
* @param string $settings An array of settings. This class does not use any settings.
*/
public function __construct(ComponentCollection $collection, $settings = array()) {
$this->_Collection = $collection;
@ -77,8 +77,8 @@ abstract class BaseAuthorize {
* Checks user authorization.
*
* @param array $user Active user data
* @param CakeRequest $request
* @return boolean
* @param CakeRequest $request Request instance.
* @return bool
*/
abstract public function authorize($user, CakeRequest $request);
@ -101,14 +101,14 @@ abstract class BaseAuthorize {
}
/**
* Get the action path for a given request. Primarily used by authorize objects
* Get the action path for a given request. Primarily used by authorize objects
* that need to get information about the plugin, controller, and action being invoked.
*
* @param CakeRequest $request The request a path is needed for.
* @param string $path
* @param string $path Path format.
* @return string the action path for the given request.
*/
public function action($request, $path = '/:plugin/:controller/:action') {
public function action(CakeRequest $request, $path = '/:plugin/:controller/:action') {
$plugin = empty($request['plugin']) ? null : Inflector::camelize($request['plugin']) . '/';
$path = str_replace(
array(':controller', ':action', ':plugin/'),
@ -120,24 +120,31 @@ abstract class BaseAuthorize {
}
/**
* Maps crud actions to actual action names. Used to modify or get the current mapped actions.
* Maps crud actions to actual action names. Used to modify or get the current mapped actions.
*
* Create additional mappings for a standard CRUD operation:
*
* {{{
* ```
* $this->Auth->mapActions(array('create' => array('add', 'register'));
* }}}
* ```
*
* Or equivalently:
*
* ```
* $this->Auth->mapActions(array('register' => 'create', 'add' => 'create'));
* ```
*
* Create mappings for custom CRUD operations:
*
* {{{
* $this->Auth->mapActions(array('my_action' => 'admin'));
* }}}
* ```
* $this->Auth->mapActions(array('range' => 'search'));
* ```
*
* You can use the custom CRUD operations to create additional generic permissions
* that behave like CRUD operations. Doing this will require additional columns on the
* permissions lookup. When using with DbAcl, you'll have to add additional _admin type columns
* to the `aros_acos` table.
* that behave like CRUD operations. Doing this will require additional columns on the
* permissions lookup. For example if one wanted an additional search CRUD operation
* one would create and additional column '_search' in the aros_acos table. One could
* create a custom admin CRUD operation for administration functions similarly if needed.
*
* @param array $map Either an array of mappings, or undefined to get current values.
* @return mixed Either the current mappings or null when setting.
@ -147,9 +154,8 @@ abstract class BaseAuthorize {
if (empty($map)) {
return $this->settings['actionMap'];
}
$crud = array('create', 'read', 'update', 'delete');
foreach ($map as $action => $type) {
if (in_array($action, $crud) && is_array($type)) {
if (is_array($type)) {
foreach ($type as $typedAction) {
$this->settings['actionMap'][$typedAction] = $action;
}

93
lib/Cake/Controller/Component/Auth/BasicAuthenticate.php
View file

@ -1,16 +1,15 @@
<?php
/**
* PHP 5
*
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
App::uses('BaseAuthenticate', 'Controller/Component/Auth');
@ -18,55 +17,39 @@ App::uses('BaseAuthenticate', 'Controller/Component/Auth');
/**
* Basic Authentication adapter for AuthComponent.
*
* Provides Basic HTTP authentication support for AuthComponent. Basic Auth will authenticate users
* against the configured userModel and verify the username and passwords match. Clients using Basic Authentication
* must support cookies. Since AuthComponent identifies users based on Session contents, clients using Basic
* Auth must support cookies.
* Provides Basic HTTP authentication support for AuthComponent. Basic Auth will
* authenticate users against the configured userModel and verify the username
* and passwords match.
*
* ### Using Basic auth
*
* In your controller's components array, add auth + the required settings.
* {{{
* ```
* public $components = array(
* 'Auth' => array(
* 'authenticate' => array('Basic')
* )
* );
* }}}
* ```
*
* In your login function just call `$this->Auth->login()` without any checks for POST data. This
* will send the authentication headers, and trigger the login dialog in the browser/client.
* You should also set `AuthComponent::$sessionKey = false;` in your AppController's
* beforeFilter() to prevent CakePHP from sending a session cookie to the client.
*
* Since HTTP Basic Authentication is stateless you don't need a login() action
* in your controller. The user credentials will be checked on each request. If
* valid credentials are not provided, required authentication headers will be sent
* by this authentication provider which triggers the login dialog in the browser/client.
*
* You may also want to use `$this->Auth->unauthorizedRedirect = false;`.
* By default, unauthorized users are redirected to the referrer URL,
* `AuthComponent::$loginAction`, or '/'. If unauthorizedRedirect is set to
* false, a ForbiddenException exception is thrown instead of redirecting.
*
* @package Cake.Controller.Component.Auth
* @since 2.0
*/
class BasicAuthenticate extends BaseAuthenticate {
/**
* Settings for this object.
*
* - `fields` The fields to use to identify a user by.
* - `userModel` The model name of the User, defaults to User.
* - `scope` Additional conditions to use when looking up and authenticating users,
* i.e. `array('User.is_active' => 1).`
* - `recursive` The value of the recursive key passed to find(). Defaults to 0.
* - `contain` Extra models to contain and store in session.
* - `realm` The realm authentication is for. Defaults the server name.
*
* @var array
*/
public $settings = array(
'fields' => array(
'username' => 'username',
'password' => 'password'
),
'userModel' => 'User',
'scope' => array(),
'recursive' => 0,
'contain' => null,
'realm' => '',
);
/**
* Constructor, completes configuration for basic authentication.
*
@ -81,41 +64,47 @@ class BasicAuthenticate extends BaseAuthenticate {
}
/**
* Authenticate a user using basic HTTP auth. Will use the configured User model and attempt a
* login using basic HTTP auth.
* Authenticate a user using HTTP auth. Will use the configured User model and attempt a
* login using HTTP auth.
*
* @param CakeRequest $request The request to authenticate with.
* @param CakeResponse $response The response to add headers to.
* @return mixed Either false on failure, or an array of user data on success.
*/
public function authenticate(CakeRequest $request, CakeResponse $response) {
$result = $this->getUser($request);
if (empty($result)) {
$response->header($this->loginHeaders());
$response->statusCode(401);
$response->send();
return false;
}
return $result;
return $this->getUser($request);
}
/**
* Get a user based on information in the request. Used by cookie-less auth for stateless clients.
* Get a user based on information in the request. Used by cookie-less auth for stateless clients.
*
* @param CakeRequest $request Request object.
* @return mixed Either false or an array of user information
*/
public function getUser($request) {
public function getUser(CakeRequest $request) {
$username = env('PHP_AUTH_USER');
$pass = env('PHP_AUTH_PW');
if (empty($username) || empty($pass)) {
if (!is_string($username) || $username === '' || !is_string($pass) || $pass === '') {
return false;
}
return $this->_findUser($username, $pass);
}
/**
* Handles an unauthenticated access attempt by sending appropriate login headers
*
* @param CakeRequest $request A request object.
* @param CakeResponse $response A response object.
* @return void
* @throws UnauthorizedException
*/
public function unauthenticated(CakeRequest $request, CakeResponse $response) {
$Exception = new UnauthorizedException();
$Exception->responseHeader(array($this->loginHeaders()));
throw $Exception;
}
/**
* Generate the login headers
*

53
lib/Cake/Controller/Component/Auth/BlowfishAuthenticate.php Normal file
View file

@ -0,0 +1,53 @@
<?php
/**
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of the files must retain the above copyright notice.
*
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
App::uses('FormAuthenticate', 'Controller/Component/Auth');
/**
* An authentication adapter for AuthComponent. Provides the ability to authenticate using POST data using Blowfish
* hashing. Can be used by configuring AuthComponent to use it via the AuthComponent::$authenticate setting.
*
* ```
* $this->Auth->authenticate = array(
* 'Blowfish' => array(
* 'scope' => array('User.active' => 1)
* )
* )
* ```
*
* When configuring BlowfishAuthenticate you can pass in settings to which fields, model and additional conditions
* are used. See FormAuthenticate::$settings for more information.
*
* For initial password hashing/creation see Security::hash(). Other than how the password is initially hashed,
* BlowfishAuthenticate works exactly the same way as FormAuthenticate.
*
* @package Cake.Controller.Component.Auth
* @since CakePHP(tm) v 2.3
* @see AuthComponent::$authenticate
* @deprecated 3.0.0 Since 2.4. Just use FormAuthenticate with 'passwordHasher' setting set to 'Blowfish'
*/
class BlowfishAuthenticate extends FormAuthenticate {
/**
* Constructor. Sets default passwordHasher to Blowfish
*
* @param ComponentCollection $collection The Component collection used on this request.
* @param array $settings Array of settings to use.
*/
public function __construct(ComponentCollection $collection, $settings) {
$this->settings['passwordHasher'] = 'Blowfish';
parent::__construct($collection, $settings);
}
}

48
lib/Cake/Controller/Component/Auth/BlowfishPasswordHasher.php Normal file
View file

@ -0,0 +1,48 @@
<?php
/**
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @since CakePHP(tm) v 2.4.0
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
App::uses('AbstractPasswordHasher', 'Controller/Component/Auth');
App::uses('Security', 'Utility');
/**
* Blowfish password hashing class.
*
* @package Cake.Controller.Component.Auth
*/
class BlowfishPasswordHasher extends AbstractPasswordHasher {
/**
* Generates password hash.
*
* @param string $password Plain text password to hash.
* @return string Password hash
* @link http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#using-bcrypt-for-passwords
*/
public function hash($password) {
return Security::hash($password, 'blowfish', false);
}
/**
* Check hash. Generate hash for user provided password and check against existing hash.
*
* @param string $password Plain text password to hash.
* @param string $hashedPassword Existing hashed password.
* @return bool True if hashes match else false.
*/
public function check($password, $hashedPassword) {
return $hashedPassword === Security::hash($password, 'blowfish', $hashedPassword);
}
}

25
lib/Cake/Controller/Component/Auth/ControllerAuthorize.php
View file

@ -1,32 +1,31 @@
<?php
/**
* PHP 5
*
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
App::uses('BaseAuthorize', 'Controller/Component/Auth');
/**
* An authorization adapter for AuthComponent. Provides the ability to authorize using a controller callback.
* An authorization adapter for AuthComponent. Provides the ability to authorize using a controller callback.
* Your controller's isAuthorized() method should return a boolean to indicate whether or not the user is authorized.
*
* {{{
* ```
* public function isAuthorized($user) {
* if (!empty($this->request->params['admin'])) {
* return $user['role'] == 'admin';
* return $user['role'] === 'admin';
* }
* return !empty($user);
* }
* }}}
* ```
*
* the above is simple implementation that would only authorize users of the 'admin' role to access
* admin routing.
@ -38,7 +37,7 @@ App::uses('BaseAuthorize', 'Controller/Component/Auth');
class ControllerAuthorize extends BaseAuthorize {
/**
* Get/set the controller this authorize object will be working with. Also checks that isAuthorized is implemented.
* Get/set the controller this authorize object will be working with. Also checks that isAuthorized is implemented.
*
* @param Controller $controller null to get, a controller to set.
* @return mixed
@ -47,7 +46,7 @@ class ControllerAuthorize extends BaseAuthorize {
public function controller(Controller $controller = null) {
if ($controller) {
if (!method_exists($controller, 'isAuthorized')) {
throw new CakeException(__d('cake_dev', '$controller does not implement an isAuthorized() method.'));
throw new CakeException(__d('cake_dev', '$controller does not implement an %s method.', 'isAuthorized()'));
}
}
return parent::controller($controller);
@ -57,8 +56,8 @@ class ControllerAuthorize extends BaseAuthorize {
* Checks user authorization using a controller callback.
*
* @param array $user Active user data
* @param CakeRequest $request
* @return boolean
* @param CakeRequest $request Request instance.
* @return bool
*/
public function authorize($user, CakeRequest $request) {
return (bool)$this->_Controller->isAuthorized($user);

19
lib/Cake/Controller/Component/Auth/CrudAuthorize.php
View file

@ -1,28 +1,27 @@
<?php
/**
* PHP 5
*
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
App::uses('BaseAuthorize', 'Controller/Component/Auth');
App::uses('Router', 'Routing');
/**
* An authorization adapter for AuthComponent. Provides the ability to authorize using CRUD mappings.
* An authorization adapter for AuthComponent. Provides the ability to authorize using CRUD mappings.
* CRUD mappings allow you to translate controller actions into *C*reate *R*ead *U*pdate *D*elete actions.
* This is then checked in the AclComponent as specific permissions.
*
* For example, taking `/posts/index` as the current request. The default mapping for `index`, is a `read` permission
* check. The Acl check would then be for the `posts` controller with the `read` permission. This allows you
* For example, taking `/posts/index` as the current request. The default mapping for `index`, is a `read` permission
* check. The Acl check would then be for the `posts` controller with the `read` permission. This allows you
* to create permission systems that focus more on what is being done to resources, rather than the specific actions
* being visited.
*
@ -37,7 +36,7 @@ class CrudAuthorize extends BaseAuthorize {
* Sets up additional actionMap values that match the configured `Routing.prefixes`.
*
* @param ComponentCollection $collection The component collection from the controller.
* @param string $settings An array of settings. This class does not use any settings.
* @param string $settings An array of settings. This class does not use any settings.
*/
public function __construct(ComponentCollection $collection, $settings = array()) {
parent::__construct($collection, $settings);
@ -77,7 +76,7 @@ class CrudAuthorize extends BaseAuthorize {
*
* @param array $user The user to authorize
* @param CakeRequest $request The request needing authorization.
* @return boolean
* @return bool
*/
public function authorize($user, CakeRequest $request) {
if (!isset($this->settings['actionMap'][$request->params['action']])) {

107
lib/Cake/Controller/Component/Auth/DigestAuthenticate.php
View file

@ -1,72 +1,72 @@
<?php
/**
* PHP 5
*
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
App::uses('BaseAuthenticate', 'Controller/Component/Auth');
App::uses('BasicAuthenticate', 'Controller/Component/Auth');
/**
* Digest Authentication adapter for AuthComponent.
*
* Provides Digest HTTP authentication support for AuthComponent. Unlike most AuthComponent adapters,
* DigestAuthenticate requires a special password hash that conforms to RFC2617. You can create this
* password using `DigestAuthenticate::password()`. If you wish to use digest authentication alongside other
* Provides Digest HTTP authentication support for AuthComponent. Unlike most AuthComponent adapters,
* DigestAuthenticate requires a special password hash that conforms to RFC2617. You can create this
* password using `DigestAuthenticate::password()`. If you wish to use digest authentication alongside other
* authentication methods, its recommended that you store the digest authentication separately.
*
* Clients using Digest Authentication must support cookies. Since AuthComponent identifies users based
* Clients using Digest Authentication must support cookies. Since AuthComponent identifies users based
* on Session contents, clients without support for cookies will not function properly.
*
* ### Using Digest auth
*
* In your controller's components array, add auth + the required settings.
* {{{
* ```
* public $components = array(
* 'Auth' => array(
* 'authenticate' => array('Digest')
* )
* );
* }}}
* ```
*
* In your login function just call `$this->Auth->login()` without any checks for POST data. This
* In your login function just call `$this->Auth->login()` without any checks for POST data. This
* will send the authentication headers, and trigger the login dialog in the browser/client.
*
* ### Generating passwords compatible with Digest authentication.
*
* Due to the Digest authentication specification, digest auth requires a special password value. You
* Due to the Digest authentication specification, digest auth requires a special password value. You
* can generate this password using `DigestAuthenticate::password()`
*
* `$digestPass = DigestAuthenticate::password($username, env('SERVER_NAME'), $password);`
*
* Its recommended that you store this digest auth only password separate from password hashes used for other
* login methods. For example `User.digest_pass` could be used for a digest password, while `User.password` would
* login methods. For example `User.digest_pass` could be used for a digest password, while `User.password` would
* store the password hash for use with other methods like Basic or Form.
*
* @package Cake.Controller.Component.Auth
* @since 2.0
*/
class DigestAuthenticate extends BaseAuthenticate {
class DigestAuthenticate extends BasicAuthenticate {
/**
* Settings for this object.
*
* - `fields` The fields to use to identify a user by.
* - `userModel` The model name of the User, defaults to User.
* - `userFields` Array of fields to retrieve from User model, null to retrieve all. Defaults to null.
* - `scope` Additional conditions to use when looking up and authenticating users,
* i.e. `array('User.is_active' => 1).`
* - `recursive` The value of the recursive key passed to find(). Defaults to 0.
* - `contain` Extra models to contain and store in session.
* - `realm` The realm authentication is for, Defaults to the servername.
* - `nonce` A nonce used for authentication. Defaults to `uniqid()`.
* - `nonce` A nonce used for authentication. Defaults to `uniqid()`.
* - `qop` Defaults to auth, no other values are supported at this time.
* - `opaque` A string that must be returned unchanged by clients.
* Defaults to `md5($settings['realm'])`
@ -79,13 +79,15 @@ class DigestAuthenticate extends BaseAuthenticate {
'password' => 'password'
),
'userModel' => 'User',
'userFields' => null,
'scope' => array(),
'recursive' => 0,
'contain' => null,
'realm' => '',
'qop' => 'auth',
'nonce' => '',
'opaque' => ''
'opaque' => '',
'passwordHasher' => 'Simple',
);
/**
@ -96,9 +98,6 @@ class DigestAuthenticate extends BaseAuthenticate {
*/
public function __construct(ComponentCollection $collection, $settings) {
parent::__construct($collection, $settings);
if (empty($this->settings['realm'])) {
$this->settings['realm'] = env('SERVER_NAME');
}
if (empty($this->settings['nonce'])) {
$this->settings['nonce'] = uniqid('');
}
@ -108,37 +107,21 @@ class DigestAuthenticate extends BaseAuthenticate {
}
/**
* Authenticate a user using Digest HTTP auth. Will use the configured User model and attempt a
* login using Digest HTTP auth.
*
* @param CakeRequest $request The request to authenticate with.
* @param CakeResponse $response The response to add headers to.
* @return mixed Either false on failure, or an array of user data on success.
*/
public function authenticate(CakeRequest $request, CakeResponse $response) {
$user = $this->getUser($request);
if (empty($user)) {
$response->header($this->loginHeaders());
$response->statusCode(401);
$response->send();
return false;
}
return $user;
}
/**
* Get a user based on information in the request. Used by cookie-less auth for stateless clients.
* Get a user based on information in the request. Used by cookie-less auth for stateless clients.
*
* @param CakeRequest $request Request object.
* @return mixed Either false or an array of user information
*/
public function getUser($request) {
public function getUser(CakeRequest $request) {
$digest = $this->_getDigest();
if (empty($digest)) {
return false;
}
$user = $this->_findUser($digest['username'], null);
list(, $model) = pluginSplit($this->settings['userModel']);
$user = $this->_findUser(array(
$model . '.' . $this->settings['fields']['username'] => $digest['username']
));
if (empty($user)) {
return false;
}
@ -150,34 +133,6 @@ class DigestAuthenticate extends BaseAuthenticate {
return false;
}
/**
* Find a user record using the standard options.
*
* @param string $username The username/identifier.
* @param string $password Unused password, digest doesn't require passwords.
* @return Mixed Either false on failure, or an array of user data.
*/
protected function _findUser($username, $password) {
$userModel = $this->settings['userModel'];
list($plugin, $model) = pluginSplit($userModel);
$fields = $this->settings['fields'];
$conditions = array(
$model . '.' . $fields['username'] => $username,
);
if (!empty($this->settings['scope'])) {
$conditions = array_merge($conditions, $this->settings['scope']);
}
$result = ClassRegistry::init($userModel)->find('first', array(
'conditions' => $conditions,
'recursive' => $this->settings['recursive']
));
if (empty($result) || empty($result[$model])) {
return false;
}
return $result[$model];
}
/**
* Gets the digest headers from the request/environment.
*
@ -187,7 +142,7 @@ class DigestAuthenticate extends BaseAuthenticate {
$digest = env('PHP_AUTH_DIGEST');
if (empty($digest) && function_exists('apache_request_headers')) {
$headers = apache_request_headers();
if (!empty($headers['Authorization']) && substr($headers['Authorization'], 0, 7) == 'Digest ') {
if (!empty($headers['Authorization']) && substr($headers['Authorization'], 0, 7) === 'Digest ') {
$digest = substr($headers['Authorization'], 7);
}
}
@ -201,15 +156,15 @@ class DigestAuthenticate extends BaseAuthenticate {
* Parse the digest authentication headers and split them up.
*
* @param string $digest The raw digest authentication headers.
* @return array An array of digest authentication headers
* @return array|null An array of digest authentication headers
*/
public function parseAuthData($digest) {
if (substr($digest, 0, 7) == 'Digest ') {
if (substr($digest, 0, 7) === 'Digest ') {
$digest = substr($digest, 7);
}
$keys = $match = array();
$req = array('nonce' => 1, 'nc' => 1, 'cnonce' => 1, 'qop' => 1, 'username' => 1, 'uri' => 1, 'response' => 1);
preg_match_all('/(\w+)=([\'"]?)([a-zA-Z0-9@=.\/_-]+)\2/', $digest, $match, PREG_SET_ORDER);
preg_match_all('/(\w+)=([\'"]?)([a-zA-Z0-9\:\#\%\?\&@=\.\/_-]+)\2/', $digest, $match, PREG_SET_ORDER);
foreach ($match as $i) {
$keys[$i[1]] = $i[3];

60
lib/Cake/Controller/Component/Auth/FormAuthenticate.php
View file

@ -1,31 +1,30 @@
<?php
/**
* PHP 5
*
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright 2005-2012, Cake Software Foundation, Inc. (http://cakefoundation.org)
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @license MIT License (http://www.opensource.org/licenses/mit-license.php)
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
App::uses('BaseAuthenticate', 'Controller/Component/Auth');
/**
* An authentication adapter for AuthComponent. Provides the ability to authenticate using POST
* data. Can be used by configuring AuthComponent to use it via the AuthComponent::$authenticate setting.
* An authentication adapter for AuthComponent. Provides the ability to authenticate using POST
* data. Can be used by configuring AuthComponent to use it via the AuthComponent::$authenticate setting.
*
* {{{
* ```
* $this->Auth->authenticate = array(
* 'Form' => array(
* 'scope' => array('User.active' => 1)
* )
* )
* }}}
* ```
*
* When configuring FormAuthenticate you can pass in settings to which fields, model and additional conditions
* are used. See FormAuthenticate::$settings for more information.
@ -37,26 +36,41 @@ App::uses('BaseAuthenticate', 'Controller/Component/Auth');
class FormAuthenticate extends BaseAuthenticate {
/**
* Authenticates the identity contained in a request. Will use the `settings.userModel`, and `settings.fields`
* to find POST data that is used to find a matching record in the `settings.userModel`. Will return false if
* there is no post data, either username or password is missing, of if the scope conditions have not been met.
* Checks the fields to ensure they are supplied.
*
* @param CakeRequest $request The request that contains login information.
* @param CakeResponse $response Unused response object.
* @return mixed. False on login failure. An array of User data on success.
* @param string $model The model used for login verification.
* @param array $fields The fields to be checked.
* @return bool False if the fields have not been supplied. True if they exist.
*/
public function authenticate(CakeRequest $request, CakeResponse $response) {
$userModel = $this->settings['userModel'];
list($plugin, $model) = pluginSplit($userModel);
$fields = $this->settings['fields'];
protected function _checkFields(CakeRequest $request, $model, $fields) {
if (empty($request->data[$model])) {
return false;
}
if (
empty($request->data[$model][$fields['username']]) ||
empty($request->data[$model][$fields['password']])
) {
foreach (array($fields['username'], $fields['password']) as $field) {
$value = $request->data($model . '.' . $field);
if (empty($value) && $value !== '0' || !is_string($value)) {
return false;
}
}
return true;
}
/**
* Authenticates the identity contained in a request. Will use the `settings.userModel`, and `settings.fields`
* to find POST data that is used to find a matching record in the `settings.userModel`. Will return false if
* there is no post data, either username or password is missing, or if the scope conditions have not been met.
*
* @param CakeRequest $request The request that contains login information.
* @param CakeResponse $response Unused response object.
* @return mixed False on login failure. An array of User data on success.
*/
public function authenticate(CakeRequest $request, CakeResponse $response) {
$userModel = $this->settings['userModel'];
list(, $model) = pluginSplit($userModel);
$fields = $this->settings['fields'];
if (!$this->_checkFields($request, $model, $fields)) {
return false;
}
return $this->_findUser(

55
lib/Cake/Controller/Component/Auth/SimplePasswordHasher.php Normal file
View file

@ -0,0 +1,55 @@
<?php
/**
* CakePHP(tm) : Rapid Development Framework (http://cakephp.org)
* Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
*
* Licensed under The MIT License
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org)
* @link http://cakephp.org CakePHP(tm) Project
* @since CakePHP(tm) v 2.4.0
* @license http://www.opensource.org/licenses/mit-license.php MIT License
*/
App::uses('AbstractPasswordHasher', 'Controller/Component/Auth');
App::uses('Security', 'Utility');
/**
* Simple password hashing class.
*
* @package Cake.Controller.Component.Auth
*/
class SimplePasswordHasher extends AbstractPasswordHasher {
/**
* Config for this object.
*
* @var array
*/
protected $_config = array('hashType' => null);
/**
* Generates password hash.
*
* @param string $password Plain text password to hash.
* @return string Password hash
* @link http://book.cakephp.org/2.0/en/core-libraries/components/authentication.html#hashing-passwords
*/
public function hash($password) {
return Security::hash($password, $this->_config['hashType'], true);
}
/**
* Check hash. Generate hash for user provided password and check against existing hash.
*
* @param string $password Plain text password to hash.
* @param string $hashedPassword Existing hashed password.
* @return bool True if hashes match else false.
*/
public function check($password, $hashedPassword) {
return $hashedPassword === $this->hash($password);
}
}