-
Notifications
You must be signed in to change notification settings - Fork 104
Expand file tree
/
Copy pathPrimaryKeySessionAuthenticator.php
More file actions
110 lines (97 loc) · 3.53 KB
/
PrimaryKeySessionAuthenticator.php
File metadata and controls
110 lines (97 loc) · 3.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
<?php
declare(strict_types=1);
namespace Authentication\Authenticator;
use ArrayAccess;
use Authentication\Identifier\IdentifierInterface;
use Cake\Http\Exception\UnauthorizedException;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
/**
* Session Authenticator with only ID
*/
class PrimaryKeySessionAuthenticator extends SessionAuthenticator
{
/**
* @param \Authentication\Identifier\IdentifierInterface $identifier
* @param array<string, mixed> $config
*/
public function __construct(IdentifierInterface $identifier, array $config = [])
{
$config += [
'identifierKey' => 'key',
'idField' => 'id',
];
parent::__construct($identifier, $config);
}
/**
* Authenticate a user using session data.
*
* @param \Psr\Http\Message\ServerRequestInterface $request The request to authenticate with.
* @return \Authentication\Authenticator\ResultInterface
*/
public function authenticate(ServerRequestInterface $request): ResultInterface
{
$sessionKey = $this->getConfig('sessionKey');
/** @var \Cake\Http\Session $session */
$session = $request->getAttribute('session');
$userId = $session->read($sessionKey);
if (!$userId) {
return new Result(null, Result::FAILURE_IDENTITY_NOT_FOUND);
}
$user = $this->_identifier->identify([$this->getConfig('identifierKey') => $userId]);
if (!$user) {
return new Result(null, Result::FAILURE_IDENTITY_NOT_FOUND);
}
return new Result($user, Result::SUCCESS);
}
/**
* @inheritDoc
*/
public function persistIdentity(ServerRequestInterface $request, ResponseInterface $response, $identity): array
{
$sessionKey = $this->getConfig('sessionKey');
/** @var \Cake\Http\Session $session */
$session = $request->getAttribute('session');
if (!$session->check($sessionKey)) {
$session->renew();
$session->write($sessionKey, $identity[$this->getConfig('idField')]);
}
return [
'request' => $request,
'response' => $response,
];
}
/**
* Impersonates a user
*
* @param \Psr\Http\Message\ServerRequestInterface $request The request
* @param \Psr\Http\Message\ResponseInterface $response The response
* @param \ArrayAccess $impersonator User who impersonates
* @param \ArrayAccess $impersonated User impersonated
* @return array
*/
public function impersonate(
ServerRequestInterface $request,
ResponseInterface $response,
ArrayAccess $impersonator,
ArrayAccess $impersonated,
): array {
$sessionKey = $this->getConfig('sessionKey');
$impersonateSessionKey = $this->getConfig('impersonateSessionKey');
/** @var \Cake\Http\Session $session */
$session = $request->getAttribute('session');
if ($session->check($impersonateSessionKey)) {
throw new UnauthorizedException(
'You are impersonating a user already. ' .
'Stop the current impersonation before impersonating another user.',
);
}
$session->write($impersonateSessionKey, $impersonator[$this->getConfig('idField')]);
$session->write($sessionKey, $impersonated[$this->getConfig('idField')]);
$this->setConfig('identify', true);
return [
'request' => $request,
'response' => $response,
];
}
}