The class checks if we are inside the firewall, and what is the state of the current user, is he authenticated or not. Once we have the user, the security class check with the authorization layer (UAC) what roles are required to access the current part of the site, and check is current user has the necessary role to enter this area.
Inheritance: use trait Webiny\Component\StdLib\SingletonTrait, use trait Webiny\Component\StdLib\StdLibTrait, use trait Webiny\Component\StdLib\FactoryLoaderTrait, use trait Webiny\Component\EventManager\EventManagerTrait, use trait Webiny\Component\StdLib\ComponentTrait
Security Class Documentation
コード例 #1
0
ファイル: SecurityTrait.php プロジェクト: Webiny/Framework 
 /**
  * Returns the current security instance or firewall if firewall key is given
  *
  * @param null|string $firewall Firewall key
  *
  * @throws SecurityException
  * @return Security|Firewall
  */
 protected static function security($firewall = null)
 {
     if ($firewall) {
         return Security::getInstance()->firewall($firewall);
     }
     return Security::getInstance();
 }
コード例 #2
0
ファイル: Login.php プロジェクト: Pavel910/Login 
 /**
  * Returns User object for the provided auth token and device token.
  * If user is not found, or session is invalid, an exception is thrown.
  *
  * @param $authToken
  * @param $deviceToken
  *
  * @return bool|\Webiny\Component\Security\User\UserAbstract
  * @throws LoginException
  * @throws \Webiny\Component\Security\Authentication\FirewallException
  * @throws \Webiny\Component\Security\SecurityException
  */
 public function getUser($authToken, $deviceToken = '')
 {
     // 1. get user from firewall
     $this->security($this->fwName)->getToken()->setTokenString($authToken);
     $user = $this->security($this->fwName)->getUser();
     if (!$user->isAuthenticated()) {
         throw new LoginException('User is not authenticated', 6);
     }
     // 2. extract username
     $this->username = $user->getUsername();
     // do the checks
     if ($this->isAccountBlocked($this->username)) {
         $this->security->firewall($this->fwName)->processLogout();
         throw new LoginException('User account is blocked.', 2);
     }
     if (!$this->isAccountActive($this->username)) {
         $this->security->firewall($this->fwName)->processLogout();
         throw new LoginException('User hasn\'t confirmed his account.', 4);
     }
     if ($this->config->get('Login.2FactorAuth', true)) {
         // validate the device
         if (!$this->isDeviceSessionValid($deviceToken)) {
             $this->security->firewall($this->fwName)->processLogout();
             //todo: invalidate session in login meta
             throw new LoginException('The device session is no longer valid.', 8);
         }
     }
     // is session still valid
     if (!$this->isSessionValid($authToken)) {
         $this->security->firewall($this->fwName)->processLogout();
         throw new LoginException('The current auth session is no longer valid.', 7);
     }
     // return User
     return $user;
 }
コード例 #3
0
ファイル: UserTest.php プロジェクト: Webiny/Framework 
 public function firewallProvider()
 {
     Security::setConfig(__DIR__ . '/../../../ExampleConfig.yaml');
     $config = Config::getInstance()->yaml(__DIR__ . '/../../../ExampleConfig.yaml');
     $firewallConfig = $config->Security->Firewalls->Admin;
     $userProviderMock = new UserProviderMock();
     $encoder = new Encoder($config->Security->Encoders->MockEncoder->Driver, []);
     $firewall = new Firewall('Admin', $firewallConfig, [$userProviderMock], $encoder);
     return [[$firewall]];
 }
コード例 #4
0
 public function testSecurity()
 {
     // before we can use security we need to set the config
     \Webiny\Component\Security\Security::setConfig(__DIR__ . '/ExampleConfig.yaml');
     // Test instance of Security
     $this->assertInstanceOf('\\Webiny\\Component\\Security\\Security', $this->security());
     // Test instance of Firewall
     $this->assertInstanceOf('\\Webiny\\Component\\Security\\Authentication\\Firewall', $this->security()->firewall('Admin'));
     // Test shorter access to Firewall
     $this->assertInstanceOf('\\Webiny\\Component\\Security\\Authentication\\Firewall', $this->security('Admin'));
 }
コード例 #5
0
ファイル: SecurityTest.php プロジェクト: Webiny/Framework 
 public function dataProvider()
 {
     Security::setConfig(__DIR__ . '/ExampleConfig.yaml');
     $security = Security::getInstance();
     return [[$security]];
 }
コード例 #6
0
ファイル: bootstrap.php プロジェクト: Pavel910/Login 
<?php

require_once '../vendor/autoload.php';
\Webiny\Component\Security\Security::setConfig('./securityConfig.yaml');
\Webiny\Component\Mongo\Mongo::setConfig('./mongoConfig.yaml');
\Webiny\Component\Entity\Entity::setConfig('./entityConfig.yaml');
$security = \Webiny\Component\Security\Security::getInstance();
$loginConfig = \Webiny\Component\Config\Config::getInstance()->yaml('./loginConfig.yaml');
$login = new \Webiny\Login\Login($security, $loginConfig);
コード例 #7
0
ファイル: Firewall.php プロジェクト: Webiny/Framework 
 /**
  * Initializes the Token.
  */
 private function initToken()
 {
     $tokenName = $this->getConfig()->get('Token', false);
     $rememberMe = $this->getConfig()->get('RememberMe', false);
     if (!$tokenName) {
         // fallback to the default token
         $securityKey = $this->getConfig()->get('TokenKey', false);
         if (!$securityKey) {
             throw new FirewallException('Missing TokenKey for "' . $this->getRealmName() . '" firewall.');
         }
     } else {
         $securityKey = Security::getConfig()->get('Tokens.' . $tokenName . '.SecurityKey', false);
         if (!$securityKey) {
             throw new FirewallException('Missing security key for "' . $tokenName . '" token.');
         }
     }
     $tokenCryptDriver = Security::getConfig()->get('Tokens.' . $tokenName . '.Driver', $this->defaultCryptDriver);
     $tokenCryptParams = Security::getConfig()->get('Tokens.' . $tokenName . '.Params', [], true);
     try {
         $tokenCrypt = $this->factory($tokenCryptDriver, $this->cryptDriverInterface, $tokenCryptParams);
     } catch (\Exception $e) {
         throw new FirewallException($e->getMessage());
     }
     $storageClass = Security::getConfig()->get('Tokens.' . $tokenName . '.StorageDriver');
     $this->token = new Token($this->getTokenName(), $rememberMe, $securityKey, $tokenCrypt, $storageClass);
 }
コード例 #8
0
ファイル: Firewall.php プロジェクト: Nkelliny/Framework 
 /**
  * Initializes the Token.
  */
 private function initToken()
 {
     $tokenName = $this->getConfig()->get('Token', false);
     $rememberMe = $this->getConfig()->get('RememberMe', false);
     if (!$tokenName) {
         // fallback to the default token
         $securityKey = $this->getConfig()->get('TokenKey', false);
         if (!$securityKey) {
             throw new FirewallException('Missing TokenKey for "' . $this->getRealmName() . '" firewall.');
         }
     } else {
         $securityKey = Security::getConfig()->get('Tokens.' . $tokenName . '.SecurityKey', false);
         if (!$securityKey) {
             throw new FirewallException('Missing security key for "' . $tokenName . '" token.');
         }
     }
     $tokenCryptDriver = Security::getConfig()->get('Tokens.' . $tokenName . '.Driver', '\\Webiny\\Component\\Security\\Token\\CryptDrivers\\Crypt\\Crypt');
     if (!$tokenCryptDriver) {
         throw new FirewallException('Driver parameter for token "' . $tokenName . '" is not defined.');
     }
     $tokenCryptParams = Security::getConfig()->get('Tokens.' . $tokenName . '.Params', [], true);
     try {
         $tokenCrypt = $this->factory($tokenCryptDriver, 'Webiny\\Component\\Security\\Token\\CryptDrivers\\CryptDriverInterface', $tokenCryptParams);
     } catch (\Exception $e) {
         throw new FirewallException($e->getMessage());
     }
     $this->token = new Token($this->getTokenName(), $rememberMe, $securityKey, $tokenCrypt);
 }