Blame | Letzte Änderung | Log anzeigen | RSS feed
<?phpnamespace Illuminate\Auth;use Illuminate\Auth\Events\Attempting;use Illuminate\Auth\Events\Authenticated;use Illuminate\Auth\Events\CurrentDeviceLogout;use Illuminate\Auth\Events\Failed;use Illuminate\Auth\Events\Login;use Illuminate\Auth\Events\Logout;use Illuminate\Auth\Events\OtherDeviceLogout;use Illuminate\Auth\Events\Validated;use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;use Illuminate\Contracts\Auth\StatefulGuard;use Illuminate\Contracts\Auth\SupportsBasicAuth;use Illuminate\Contracts\Auth\UserProvider;use Illuminate\Contracts\Cookie\QueueingFactory as CookieJar;use Illuminate\Contracts\Events\Dispatcher;use Illuminate\Contracts\Session\Session;use Illuminate\Support\Arr;use Illuminate\Support\Facades\Hash;use Illuminate\Support\Str;use Illuminate\Support\Timebox;use Illuminate\Support\Traits\Macroable;use InvalidArgumentException;use RuntimeException;use Symfony\Component\HttpFoundation\Request;use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;class SessionGuard implements StatefulGuard, SupportsBasicAuth{use GuardHelpers, Macroable;/*** The name of the guard. Typically "web".** Corresponds to guard name in authentication configuration.** @var string*/protected $name;/*** The user we last attempted to retrieve.** @var \Illuminate\Contracts\Auth\Authenticatable*/protected $lastAttempted;/*** Indicates if the user was authenticated via a recaller cookie.** @var bool*/protected $viaRemember = false;/*** The number of minutes that the "remember me" cookie should be valid for.** @var int*/protected $rememberDuration = 576000;/*** The session used by the guard.** @var \Illuminate\Contracts\Session\Session*/protected $session;/*** The Illuminate cookie creator service.** @var \Illuminate\Contracts\Cookie\QueueingFactory*/protected $cookie;/*** The request instance.** @var \Symfony\Component\HttpFoundation\Request*/protected $request;/*** The event dispatcher instance.** @var \Illuminate\Contracts\Events\Dispatcher*/protected $events;/*** The timebox instance.** @var \Illuminate\Support\Timebox*/protected $timebox;/*** Indicates if the logout method has been called.** @var bool*/protected $loggedOut = false;/*** Indicates if a token user retrieval has been attempted.** @var bool*/protected $recallAttempted = false;/*** Create a new authentication guard.** @param string $name* @param \Illuminate\Contracts\Auth\UserProvider $provider* @param \Illuminate\Contracts\Session\Session $session* @param \Symfony\Component\HttpFoundation\Request|null $request* @param \Illuminate\Support\Timebox|null $timebox* @return void*/public function __construct($name,UserProvider $provider,Session $session,Request $request = null,Timebox $timebox = null){$this->name = $name;$this->session = $session;$this->request = $request;$this->provider = $provider;$this->timebox = $timebox ?: new Timebox;}/*** Get the currently authenticated user.** @return \Illuminate\Contracts\Auth\Authenticatable|null*/public function user(){if ($this->loggedOut) {return;}// If we've already retrieved the user for the current request we can just// return it back immediately. We do not want to fetch the user data on// every call to this method because that would be tremendously slow.if (! is_null($this->user)) {return $this->user;}$id = $this->session->get($this->getName());// First we will try to load the user using the identifier in the session if// one exists. Otherwise we will check for a "remember me" cookie in this// request, and if one exists, attempt to retrieve the user using that.if (! is_null($id) && $this->user = $this->provider->retrieveById($id)) {$this->fireAuthenticatedEvent($this->user);}// If the user is null, but we decrypt a "recaller" cookie we can attempt to// pull the user data on that cookie which serves as a remember cookie on// the application. Once we have a user we can return it to the caller.if (is_null($this->user) && ! is_null($recaller = $this->recaller())) {$this->user = $this->userFromRecaller($recaller);if ($this->user) {$this->updateSession($this->user->getAuthIdentifier());$this->fireLoginEvent($this->user, true);}}return $this->user;}/*** Pull a user from the repository by its "remember me" cookie token.** @param \Illuminate\Auth\Recaller $recaller* @return mixed*/protected function userFromRecaller($recaller){if (! $recaller->valid() || $this->recallAttempted) {return;}// If the user is null, but we decrypt a "recaller" cookie we can attempt to// pull the user data on that cookie which serves as a remember cookie on// the application. Once we have a user we can return it to the caller.$this->recallAttempted = true;$this->viaRemember = ! is_null($user = $this->provider->retrieveByToken($recaller->id(), $recaller->token()));return $user;}/*** Get the decrypted recaller cookie for the request.** @return \Illuminate\Auth\Recaller|null*/protected function recaller(){if (is_null($this->request)) {return;}if ($recaller = $this->request->cookies->get($this->getRecallerName())) {return new Recaller($recaller);}}/*** Get the ID for the currently authenticated user.** @return int|string|null*/public function id(){if ($this->loggedOut) {return;}return $this->user()? $this->user()->getAuthIdentifier(): $this->session->get($this->getName());}/*** Log a user into the application without sessions or cookies.** @param array $credentials* @return bool*/public function once(array $credentials = []){$this->fireAttemptEvent($credentials);if ($this->validate($credentials)) {$this->setUser($this->lastAttempted);return true;}return false;}/*** Log the given user ID into the application without sessions or cookies.** @param mixed $id* @return \Illuminate\Contracts\Auth\Authenticatable|false*/public function onceUsingId($id){if (! is_null($user = $this->provider->retrieveById($id))) {$this->setUser($user);return $user;}return false;}/*** Validate a user's credentials.** @param array $credentials* @return bool*/public function validate(array $credentials = []){$this->lastAttempted = $user = $this->provider->retrieveByCredentials($credentials);return $this->hasValidCredentials($user, $credentials);}/*** Attempt to authenticate using HTTP Basic Auth.** @param string $field* @param array $extraConditions* @return \Symfony\Component\HttpFoundation\Response|null** @throws \Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException*/public function basic($field = 'email', $extraConditions = []){if ($this->check()) {return;}// If a username is set on the HTTP basic request, we will return out without// interrupting the request lifecycle. Otherwise, we'll need to generate a// request indicating that the given credentials were invalid for login.if ($this->attemptBasic($this->getRequest(), $field, $extraConditions)) {return;}return $this->failedBasicResponse();}/*** Perform a stateless HTTP Basic login attempt.** @param string $field* @param array $extraConditions* @return \Symfony\Component\HttpFoundation\Response|null** @throws \Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException*/public function onceBasic($field = 'email', $extraConditions = []){$credentials = $this->basicCredentials($this->getRequest(), $field);if (! $this->once(array_merge($credentials, $extraConditions))) {return $this->failedBasicResponse();}}/*** Attempt to authenticate using basic authentication.** @param \Symfony\Component\HttpFoundation\Request $request* @param string $field* @param array $extraConditions* @return bool*/protected function attemptBasic(Request $request, $field, $extraConditions = []){if (! $request->getUser()) {return false;}return $this->attempt(array_merge($this->basicCredentials($request, $field), $extraConditions));}/*** Get the credential array for an HTTP Basic request.** @param \Symfony\Component\HttpFoundation\Request $request* @param string $field* @return array*/protected function basicCredentials(Request $request, $field){return [$field => $request->getUser(), 'password' => $request->getPassword()];}/*** Get the response for basic authentication.** @return void** @throws \Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException*/protected function failedBasicResponse(){throw new UnauthorizedHttpException('Basic', 'Invalid credentials.');}/*** Attempt to authenticate a user using the given credentials.** @param array $credentials* @param bool $remember* @return bool*/public function attempt(array $credentials = [], $remember = false){$this->fireAttemptEvent($credentials, $remember);$this->lastAttempted = $user = $this->provider->retrieveByCredentials($credentials);// If an implementation of UserInterface was returned, we'll ask the provider// to validate the user against the given credentials, and if they are in// fact valid we'll log the users into the application and return true.if ($this->hasValidCredentials($user, $credentials)) {$this->login($user, $remember);return true;}// If the authentication attempt fails we will fire an event so that the user// may be notified of any suspicious attempts to access their account from// an unrecognized user. A developer may listen to this event as needed.$this->fireFailedEvent($user, $credentials);return false;}/*** Attempt to authenticate a user with credentials and additional callbacks.** @param array $credentials* @param array|callable|null $callbacks* @param bool $remember* @return bool*/public function attemptWhen(array $credentials = [], $callbacks = null, $remember = false){$this->fireAttemptEvent($credentials, $remember);$this->lastAttempted = $user = $this->provider->retrieveByCredentials($credentials);// This method does the exact same thing as attempt, but also executes callbacks after// the user is retrieved and validated. If one of the callbacks returns falsy we do// not login the user. Instead, we will fail the specific authentication attempt.if ($this->hasValidCredentials($user, $credentials) && $this->shouldLogin($callbacks, $user)) {$this->login($user, $remember);return true;}$this->fireFailedEvent($user, $credentials);return false;}/*** Determine if the user matches the credentials.** @param mixed $user* @param array $credentials* @return bool*/protected function hasValidCredentials($user, $credentials){return $this->timebox->call(function ($timebox) use ($user, $credentials) {$validated = ! is_null($user) && $this->provider->validateCredentials($user, $credentials);if ($validated) {$timebox->returnEarly();$this->fireValidatedEvent($user);}return $validated;}, 200 * 1000);}/*** Determine if the user should login by executing the given callbacks.** @param array|callable|null $callbacks* @param \Illuminate\Contracts\Auth\Authenticatable $user* @return bool*/protected function shouldLogin($callbacks, AuthenticatableContract $user){foreach (Arr::wrap($callbacks) as $callback) {if (! $callback($user, $this)) {return false;}}return true;}/*** Log the given user ID into the application.** @param mixed $id* @param bool $remember* @return \Illuminate\Contracts\Auth\Authenticatable|false*/public function loginUsingId($id, $remember = false){if (! is_null($user = $this->provider->retrieveById($id))) {$this->login($user, $remember);return $user;}return false;}/*** Log a user into the application.** @param \Illuminate\Contracts\Auth\Authenticatable $user* @param bool $remember* @return void*/public function login(AuthenticatableContract $user, $remember = false){$this->updateSession($user->getAuthIdentifier());// If the user should be permanently "remembered" by the application we will// queue a permanent cookie that contains the encrypted copy of the user// identifier. We will then decrypt this later to retrieve the users.if ($remember) {$this->ensureRememberTokenIsSet($user);$this->queueRecallerCookie($user);}// If we have an event dispatcher instance set we will fire an event so that// any listeners will hook into the authentication events and run actions// based on the login and logout events fired from the guard instances.$this->fireLoginEvent($user, $remember);$this->setUser($user);}/*** Update the session with the given ID.** @param string $id* @return void*/protected function updateSession($id){$this->session->put($this->getName(), $id);$this->session->migrate(true);}/*** Create a new "remember me" token for the user if one doesn't already exist.** @param \Illuminate\Contracts\Auth\Authenticatable $user* @return void*/protected function ensureRememberTokenIsSet(AuthenticatableContract $user){if (empty($user->getRememberToken())) {$this->cycleRememberToken($user);}}/*** Queue the recaller cookie into the cookie jar.** @param \Illuminate\Contracts\Auth\Authenticatable $user* @return void*/protected function queueRecallerCookie(AuthenticatableContract $user){$this->getCookieJar()->queue($this->createRecaller($user->getAuthIdentifier().'|'.$user->getRememberToken().'|'.$user->getAuthPassword()));}/*** Create a "remember me" cookie for a given ID.** @param string $value* @return \Symfony\Component\HttpFoundation\Cookie*/protected function createRecaller($value){return $this->getCookieJar()->make($this->getRecallerName(), $value, $this->getRememberDuration());}/*** Log the user out of the application.** @return void*/public function logout(){$user = $this->user();$this->clearUserDataFromStorage();if (! is_null($this->user) && ! empty($user->getRememberToken())) {$this->cycleRememberToken($user);}// If we have an event dispatcher instance, we can fire off the logout event// so any further processing can be done. This allows the developer to be// listening for anytime a user signs out of this application manually.if (isset($this->events)) {$this->events->dispatch(new Logout($this->name, $user));}// Once we have fired the logout event we will clear the users out of memory// so they are no longer available as the user is no longer considered as// being signed into this application and should not be available here.$this->user = null;$this->loggedOut = true;}/*** Log the user out of the application on their current device only.** This method does not cycle the "remember" token.** @return void*/public function logoutCurrentDevice(){$user = $this->user();$this->clearUserDataFromStorage();// If we have an event dispatcher instance, we can fire off the logout event// so any further processing can be done. This allows the developer to be// listening for anytime a user signs out of this application manually.if (isset($this->events)) {$this->events->dispatch(new CurrentDeviceLogout($this->name, $user));}// Once we have fired the logout event we will clear the users out of memory// so they are no longer available as the user is no longer considered as// being signed into this application and should not be available here.$this->user = null;$this->loggedOut = true;}/*** Remove the user data from the session and cookies.** @return void*/protected function clearUserDataFromStorage(){$this->session->remove($this->getName());$this->getCookieJar()->unqueue($this->getRecallerName());if (! is_null($this->recaller())) {$this->getCookieJar()->queue($this->getCookieJar()->forget($this->getRecallerName()));}}/*** Refresh the "remember me" token for the user.** @param \Illuminate\Contracts\Auth\Authenticatable $user* @return void*/protected function cycleRememberToken(AuthenticatableContract $user){$user->setRememberToken($token = Str::random(60));$this->provider->updateRememberToken($user, $token);}/*** Invalidate other sessions for the current user.** The application must be using the AuthenticateSession middleware.** @param string $password* @param string $attribute* @return \Illuminate\Contracts\Auth\Authenticatable|null** @throws \Illuminate\Auth\AuthenticationException*/public function logoutOtherDevices($password, $attribute = 'password'){if (! $this->user()) {return;}$result = $this->rehashUserPassword($password, $attribute);if ($this->recaller() ||$this->getCookieJar()->hasQueued($this->getRecallerName())) {$this->queueRecallerCookie($this->user());}$this->fireOtherDeviceLogoutEvent($this->user());return $result;}/*** Rehash the current user's password.** @param string $password* @param string $attribute* @return \Illuminate\Contracts\Auth\Authenticatable|null** @throws \InvalidArgumentException*/protected function rehashUserPassword($password, $attribute){if (! Hash::check($password, $this->user()->{$attribute})) {throw new InvalidArgumentException('The given password does not match the current password.');}return tap($this->user()->forceFill([$attribute => Hash::make($password),]))->save();}/*** Register an authentication attempt event listener.** @param mixed $callback* @return void*/public function attempting($callback){$this->events?->listen(Events\Attempting::class, $callback);}/*** Fire the attempt event with the arguments.** @param array $credentials* @param bool $remember* @return void*/protected function fireAttemptEvent(array $credentials, $remember = false){$this->events?->dispatch(new Attempting($this->name, $credentials, $remember));}/*** Fires the validated event if the dispatcher is set.** @param \Illuminate\Contracts\Auth\Authenticatable $user* @return void*/protected function fireValidatedEvent($user){$this->events?->dispatch(new Validated($this->name, $user));}/*** Fire the login event if the dispatcher is set.** @param \Illuminate\Contracts\Auth\Authenticatable $user* @param bool $remember* @return void*/protected function fireLoginEvent($user, $remember = false){$this->events?->dispatch(new Login($this->name, $user, $remember));}/*** Fire the authenticated event if the dispatcher is set.** @param \Illuminate\Contracts\Auth\Authenticatable $user* @return void*/protected function fireAuthenticatedEvent($user){$this->events?->dispatch(new Authenticated($this->name, $user));}/*** Fire the other device logout event if the dispatcher is set.** @param \Illuminate\Contracts\Auth\Authenticatable $user* @return void*/protected function fireOtherDeviceLogoutEvent($user){$this->events?->dispatch(new OtherDeviceLogout($this->name, $user));}/*** Fire the failed authentication attempt event with the given arguments.** @param \Illuminate\Contracts\Auth\Authenticatable|null $user* @param array $credentials* @return void*/protected function fireFailedEvent($user, array $credentials){$this->events?->dispatch(new Failed($this->name, $user, $credentials));}/*** Get the last user we attempted to authenticate.** @return \Illuminate\Contracts\Auth\Authenticatable*/public function getLastAttempted(){return $this->lastAttempted;}/*** Get a unique identifier for the auth session value.** @return string*/public function getName(){return 'login_'.$this->name.'_'.sha1(static::class);}/*** Get the name of the cookie used to store the "recaller".** @return string*/public function getRecallerName(){return 'remember_'.$this->name.'_'.sha1(static::class);}/*** Determine if the user was authenticated via "remember me" cookie.** @return bool*/public function viaRemember(){return $this->viaRemember;}/*** Get the number of minutes the remember me cookie should be valid for.** @return int*/protected function getRememberDuration(){return $this->rememberDuration;}/*** Set the number of minutes the remember me cookie should be valid for.** @param int $minutes* @return $this*/public function setRememberDuration($minutes){$this->rememberDuration = $minutes;return $this;}/*** Get the cookie creator instance used by the guard.** @return \Illuminate\Contracts\Cookie\QueueingFactory** @throws \RuntimeException*/public function getCookieJar(){if (! isset($this->cookie)) {throw new RuntimeException('Cookie jar has not been set.');}return $this->cookie;}/*** Set the cookie creator instance used by the guard.** @param \Illuminate\Contracts\Cookie\QueueingFactory $cookie* @return void*/public function setCookieJar(CookieJar $cookie){$this->cookie = $cookie;}/*** Get the event dispatcher instance.** @return \Illuminate\Contracts\Events\Dispatcher*/public function getDispatcher(){return $this->events;}/*** Set the event dispatcher instance.** @param \Illuminate\Contracts\Events\Dispatcher $events* @return void*/public function setDispatcher(Dispatcher $events){$this->events = $events;}/*** Get the session store used by the guard.** @return \Illuminate\Contracts\Session\Session*/public function getSession(){return $this->session;}/*** Return the currently cached user.** @return \Illuminate\Contracts\Auth\Authenticatable|null*/public function getUser(){return $this->user;}/*** Set the current user.** @param \Illuminate\Contracts\Auth\Authenticatable $user* @return $this*/public function setUser(AuthenticatableContract $user){$this->user = $user;$this->loggedOut = false;$this->fireAuthenticatedEvent($user);return $this;}/*** Get the current request instance.** @return \Symfony\Component\HttpFoundation\Request*/public function getRequest(){return $this->request ?: Request::createFromGlobals();}/*** Set the current request instance.** @param \Symfony\Component\HttpFoundation\Request $request* @return $this*/public function setRequest(Request $request){$this->request = $request;return $this;}/*** Get the timebox instance used by the guard.** @return \Illuminate\Support\Timebox*/public function getTimebox(){return $this->timebox;}}