/** * Allows to get application session credentials from server session, * and return true if the session is valid, false otherwhise * * @return boolean true if the session is valid, false otherwhise */ private static function getFromCache() { $valid = false; // Application session cach enabled by configuration if (isset($_SESSION[GlobalConstants::SESSION_CACHE_KEY])) { $currentTime = time(); $renewalTime = $_SESSION[GlobalConstants::SESSION_CACHE_KEY]['creationTime'] + 15 * 60; // If session not expired if ($_SESSION[GlobalConstants::SESSION_CACHE_KEY]['expiredTime'] > $currentTime) { // Load datas self::$authorized = $_SESSION[GlobalConstants::SESSION_CACHE_KEY]['authorized']; self::$creationTime = $_SESSION[GlobalConstants::SESSION_CACHE_KEY]['creationTime']; self::$user = User::fromAttributes($_SESSION[GlobalConstants::SESSION_CACHE_KEY]['attributes']); self::$attributes = $_SESSION[GlobalConstants::SESSION_CACHE_KEY]['attributes']; self::$isLocal = $_SESSION[GlobalConstants::SESSION_CACHE_KEY]['isLocal']; self::$isSP = $_SESSION[GlobalConstants::SESSION_CACHE_KEY]['isSP']; // Updating the expired timealert('error'); // Renew if ($renewalTime < $currentTime) { self::$sessionKey = Utilities::generateSessionKey(56); self::$creationTime = $currentTime; self::storeCache(); } else { self::$sessionKey = $_SESSION[GlobalConstants::SESSION_CACHE_KEY]['sessionKey']; } $valid = true; } else { // Session expired unset($_SESSION[GlobalConstants::SESSION_CACHE_KEY]); } } return $valid; }
/** * Return current user if it exists. * * @return User instance or false */ public static function user() { if (is_null(self::$user)) { // Not already cached self::$user = false; // Authentication logic $event = new Event('auth_check'); $auth = $event->trigger(function () { // No authentification is required by application if (!Config::get('auth_sp_type')) { return array(); } // Check for local authentificaiton (script) if (AuthLocal::isAuthenticated()) { return array('local', AuthLocal::attributes()); } // Check for remote application/user if ((Config::get('auth_remote_application_enabled') || Config::get('auth_remote_user_enabled')) && AuthRemote::isAuthenticated() && (AuthRemote::application() && Config::get('auth_remote_application_enabled') || !AuthRemote::application() && Config::get('auth_remote_user_enabled'))) { return array('remote', AuthRemote::attributes(), AuthRemote::application() && AuthRemote::isAdmin()); } // Check for SP autentification if (AuthSP::isAuthenticated()) { return array('sp', AuthSP::attributes()); } return array(); }); self::$type = array_shift($auth); self::$attributes = array_shift($auth); if (count($auth)) { self::$isAdmin = array_shift($auth); } if (self::$attributes && array_key_exists('uid', self::$attributes)) { $user_filter = Config::get('auth_user_filter'); if ($user_filter) { self::$allowed = false; if (is_string($user_filter)) { if (preg_match('`^([^:]+):(.+)$`', $user_filter, $p)) { self::$allowed = array_key_exists($p[1], self::$attributes) && preg_match('`' . $p[2] . '`', self::$attributes[$p[1]]); } } else { self::$allowed = !(bool) $user_filter; } if (!self::$allowed) { self::$type = null; return; } } // Set user if got uid attribute self::$user = User::fromAttributes(self::$attributes); // Save user additionnal attributes if enabled if (self::isSP() && Config::get('auth_sp_save_user_additional_attributes') && array_key_exists('additional', self::$attributes) && self::$user->additional_attributes != self::$attributes['additional']) { self::$user->additional_attributes = self::$attributes['additional']; self::$user->save(); } } } return self::$user; }