PHP Class Bolt\AccessControl\AccessChecker

Author: Gawain Lynch ([email protected])

Show file Open project: bolt/bolt Class Usage Examples

Protected Properties

Property	Type	Description
$cookieOptions	array
$dispatcher	Symfony\Component\EventDispatcher\EventDispatcherInterface
$flashLogger	Bolt\Logger\FlashLoggerInterface
$permissions	Bolt\AccessControl\Permissions
$randomGenerator	Bolt\Security\Random\Generator
$requestStack	Symfony\Component\HttpFoundation\RequestStack
$session	Symfony\Component\HttpFoundation\Session\SessionInterface
$systemLogger	Psr\Log\LoggerInterface
$validSession	boolean

Public Methods

Method	Description
__construct ( Bolt\Storage\EntityManagerInterface $em, Symfony\Component\HttpFoundation\RequestStack $requestStack, Symfony\Component\HttpFoundation\Session\SessionInterface $session, Symfony\Component\EventDispatcher\EventDispatcherInterface $dispatcher, Bolt\Logger\FlashLoggerInterface $flashLogger, Psr\Log\LoggerInterface $systemLogger, Bolt\AccessControl\Permissions $permissions, Generator $randomGenerator, array $cookieOptions )	Constructor.
getActiveSessions ( ) : array	Lookup active sessions.
isValidSession ( string $authCookie ) : boolean	We will not allow tampering with sessions, so we make sure the current session is still valid for the device on which it was created, and that the username, and IP address, are still the same.
revokeSession ( ) : boolean	Log out the currently logged in user.

Protected Methods

Method	Description
checkSessionDatabase ( string $authCookie ) : boolean	Check the user authentication cookie against what is stored in the database.
checkSessionKeys ( Token $sessionAuth ) : boolean	Check the session is still valid for the device on which it was created, and. i.e. the username, IP address, and (if configured) the browser agent values are all still the same.
checkSessionStored ( Token $sessionAuth ) : boolean	Check the stored session, if we're past expiry then return false regardless and force a check/update from the database authentication record.
getAuthToken ( string $username, string $salt ) : string \| boolean	Get a MD5 hash key to identify the session with. This is calculated from a name, a salt, and optionally the remote IP address, broswer's agent string and the user's HTTP hostname.
getClientHost ( ) : string	Return the user's host name.
getClientIp ( ) : string	Return the user's IP address.
getClientUserAgent ( ) : string	Return the user's browser User Agent.
getRepositoryAuthtoken ( ) : Bolt\Storage\Repository\AuthtokenRepository
getRepositoryUsers ( ) : UsersRepository

Method Details

__construct() public method

Constructor.

public __construct ( Bolt\Storage\EntityManagerInterface $em, Symfony\Component\HttpFoundation\RequestStack $requestStack, Symfony\Component\HttpFoundation\Session\SessionInterface $session, Symfony\Component\EventDispatcher\EventDispatcherInterface $dispatcher, Bolt\Logger\FlashLoggerInterface $flashLogger, Psr\Log\LoggerInterface $systemLogger, Bolt\AccessControl\Permissions $permissions, Generator $randomGenerator, array $cookieOptions )
$em	Bolt\Storage\EntityManagerInterface
$requestStack	Symfony\Component\HttpFoundation\RequestStack
$session	Symfony\Component\HttpFoundation\Session\SessionInterface
$dispatcher	Symfony\Component\EventDispatcher\EventDispatcherInterface
$flashLogger	Bolt\Logger\FlashLoggerInterface
$systemLogger	Psr\Log\LoggerInterface
$permissions	Bolt\AccessControl\Permissions
$randomGenerator	Bolt\Security\Random\Generator
$cookieOptions	array

checkSessionDatabase() protected method

Check the user authentication cookie against what is stored in the database.

protected checkSessionDatabase ( string $authCookie ) : boolean
$authCookie	string
return	boolean

checkSessionKeys() protected method

Check the session is still valid for the device on which it was created, and. i.e. the username, IP address, and (if configured) the browser agent values are all still the same.

protected checkSessionKeys ( Token $sessionAuth ) : boolean
$sessionAuth	Bolt\AccessControl\Token\Token
return	boolean

checkSessionStored() protected method

Check the stored session, if we're past expiry then return false regardless and force a check/update from the database authentication record.

protected checkSessionStored ( Token $sessionAuth ) : boolean
$sessionAuth	Bolt\AccessControl\Token\Token
return	boolean

getActiveSessions() public method

Lookup active sessions.

public getActiveSessions ( ) : array
return	array

getAuthToken() protected method

Get a MD5 hash key to identify the session with. This is calculated from a name, a salt, and optionally the remote IP address, broswer's agent string and the user's HTTP hostname.

protected getAuthToken ( string $username, string $salt ) : string \| boolean
$username	string
$salt	string
return	string \| boolean

getClientHost() protected method

Return the user's host name.

protected getClientHost ( ) : string
return	string

getClientIp() protected method

Return the user's IP address.

protected getClientIp ( ) : string
return	string

getClientUserAgent() protected method

Return the user's browser User Agent.

protected getClientUserAgent ( ) : string
return	string

getRepositoryAuthtoken() protected method

protected getRepositoryAuthtoken ( ) : Bolt\Storage\Repository\AuthtokenRepository
return	Bolt\Storage\Repository\AuthtokenRepository

getRepositoryUsers() protected method

protected getRepositoryUsers ( ) : UsersRepository
return	Bolt\Storage\Repository\UsersRepository

isValidSession() public method

1. If user has a valid session and it is fresh, check against cookie: - If NOT a match refuse - If a match accept 2. If user has a valid session and it is stale (>10 minutes), check the database records again: - If disabled refuse - If enabled - If NOT a match refuse - If a match accept - Update session data 3. If user has no session check authtoken table entry (closed broswer): - If passed validity date refuse - If within validity date, hash username and IP against salt and compare to database: - If NOT a match refuse - If a match accept

public isValidSession ( string $authCookie ) : boolean
$authCookie	string
return	boolean

revokeSession() public method

Log out the currently logged in user.

public revokeSession ( ) : boolean
return	boolean

Property Details

$cookieOptions protected property

protected array $cookieOptions
return	array

$dispatcher protected property

protected EventDispatcherInterface,Symfony\Component\EventDispatcher $dispatcher
return	Symfony\Component\EventDispatcher\EventDispatcherInterface

$flashLogger protected property

protected FlashLoggerInterface,Bolt\Logger $flashLogger
return	Bolt\Logger\FlashLoggerInterface

$permissions protected property

protected Permissions,Bolt\AccessControl $permissions
return	Bolt\AccessControl\Permissions

$randomGenerator protected property

protected Generator,Bolt\Security\Random $randomGenerator
return	Bolt\Security\Random\Generator

$requestStack protected property

protected RequestStack,Symfony\Component\HttpFoundation $requestStack
return	Symfony\Component\HttpFoundation\RequestStack

$session protected property

protected SessionInterface,Symfony\Component\HttpFoundation\Session $session
return	Symfony\Component\HttpFoundation\Session\SessionInterface

$systemLogger protected property

protected LoggerInterface,Psr\Log $systemLogger
return	Psr\Log\LoggerInterface

$validSession protected property

protected bool $validSession
return	boolean