/**
* Allows to get application session credentials from server session,
* and return true if the session is valid, false otherwhise
*
* @return boolean true if the session is valid, false otherwhise
*/
private static function getFromCache()
{
$valid = false;
// Application session cach enabled by configuration
if (isset($_SESSION[GlobalConstants::SESSION_CACHE_KEY])) {
$currentTime = time();
$renewalTime = $_SESSION[GlobalConstants::SESSION_CACHE_KEY]['creationTime'] + 15 * 60;
// If session not expired
if ($_SESSION[GlobalConstants::SESSION_CACHE_KEY]['expiredTime'] > $currentTime) {
// Load datas
self::$authorized = $_SESSION[GlobalConstants::SESSION_CACHE_KEY]['authorized'];
self::$creationTime = $_SESSION[GlobalConstants::SESSION_CACHE_KEY]['creationTime'];
self::$user = User::fromAttributes($_SESSION[GlobalConstants::SESSION_CACHE_KEY]['attributes']);
self::$attributes = $_SESSION[GlobalConstants::SESSION_CACHE_KEY]['attributes'];
self::$isLocal = $_SESSION[GlobalConstants::SESSION_CACHE_KEY]['isLocal'];
self::$isSP = $_SESSION[GlobalConstants::SESSION_CACHE_KEY]['isSP'];
// Updating the expired timealert('error');
// Renew
if ($renewalTime < $currentTime) {
self::$sessionKey = Utilities::generateSessionKey(56);
self::$creationTime = $currentTime;
self::storeCache();
} else {
self::$sessionKey = $_SESSION[GlobalConstants::SESSION_CACHE_KEY]['sessionKey'];
}
$valid = true;
} else {
// Session expired
unset($_SESSION[GlobalConstants::SESSION_CACHE_KEY]);
}
}
return $valid;
}
/**
* Return current user if it exists.
*
* @return User instance or false
*/
public static function user()
{
if (is_null(self::$user)) {
// Not already cached
self::$user = false;
// Authentication logic
$event = new Event('auth_check');
$auth = $event->trigger(function () {
// No authentification is required by application
if (!Config::get('auth_sp_type')) {
return array();
}
// Check for local authentificaiton (script)
if (AuthLocal::isAuthenticated()) {
return array('local', AuthLocal::attributes());
}
// Check for remote application/user
if ((Config::get('auth_remote_application_enabled') || Config::get('auth_remote_user_enabled')) && AuthRemote::isAuthenticated() && (AuthRemote::application() && Config::get('auth_remote_application_enabled') || !AuthRemote::application() && Config::get('auth_remote_user_enabled'))) {
return array('remote', AuthRemote::attributes(), AuthRemote::application() && AuthRemote::isAdmin());
}
// Check for SP autentification
if (AuthSP::isAuthenticated()) {
return array('sp', AuthSP::attributes());
}
return array();
});
self::$type = array_shift($auth);
self::$attributes = array_shift($auth);
if (count($auth)) {
self::$isAdmin = array_shift($auth);
}
if (self::$attributes && array_key_exists('uid', self::$attributes)) {
$user_filter = Config::get('auth_user_filter');
if ($user_filter) {
self::$allowed = false;
if (is_string($user_filter)) {
if (preg_match('`^([^:]+):(.+)$`', $user_filter, $p)) {
self::$allowed = array_key_exists($p[1], self::$attributes) && preg_match('`' . $p[2] . '`', self::$attributes[$p[1]]);
}
} else {
self::$allowed = !(bool) $user_filter;
}
if (!self::$allowed) {
self::$type = null;
return;
}
}
// Set user if got uid attribute
self::$user = User::fromAttributes(self::$attributes);
// Save user additionnal attributes if enabled
if (self::isSP() && Config::get('auth_sp_save_user_additional_attributes') && array_key_exists('additional', self::$attributes) && self::$user->additional_attributes != self::$attributes['additional']) {
self::$user->additional_attributes = self::$attributes['additional'];
self::$user->save();
}
}
}
return self::$user;
}
