/** * @return bool */ public static function preProcess() { if (!parent::preProcess()) { return false; } static::$currentUser = Security::get()->currentUser(); return true; }
/** * @return array */ protected static function authenticate() { $principal = SecurityPrincipal::get(); if ($principal->authenticate(static::request()->username, static::request()->password)) { Session::set('security.current_user', static::request()->username); Session::set('security.authenticated', true); $uri = Session::get('security.called_before_login'); Session::set('security.called_before_login', null); return ['success' => true, 'controllerAction' => $uri]; } else { return ['success' => false, 'controllerAction' => 'Security::login', 'params' => ['failure']]; } }
public static function postEdit($redirect = true) { $signupForm = new forms\Signup(); $signupForm->validate(static::request()); # Otherwise controller would need to be extended (single actions cant be protected) if (!security\Security::get()->isAuthenticated()) { return security\controllers\Security::forbidden(); } elseif (!$signupForm->isValid()) { return static::render(['errors' => $signupForm->getErrors()]); } else { $mediator = RegistrationMediator::get(); $credentials = ['id' => security\Security::get()->currentUser()->id, 'password' => static::request()->password, 'passwordRetyped' => static::request()->passwordRetyped, 'fullname' => static::request()->fullname, 'email' => static::request()->email, 'phone' => static::request()->phone, 'mobile' => static::request()->mobile]; # This is mediator dependent and cant therefore be abstracted into a form $areCredentialsValid = $mediator->isValidPassword($credentials['password'], $credentials['passwordRetyped']); if ($areCredentialsValid) { # Now we can sha1 the password $credentials['password'] = sha1($credentials['password']); # Save it $mediator->edit($credentials); # and redirect or save, dependent on input var return $redirect ? static::redirect('Registration::success') : $mediator->getSignedUpUser(); } } }
/** * @param string $group * @return bool */ public function isInGroup($group) { return Security::get()->isUserInGroup($this->username, $group); }