diff --git a/.travis.yml b/.travis.yml index a9801d11..8651573e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,43 +3,63 @@ php: - 5.6 - 7.0 - 7.1 + - 7.2 + - 7.3 + - 7.4 + - 8.0snapshot -env: -matrix: - include: - - php: 5.6 - env: dependencies="--prefer-lowest --prefer-stable" - - php: 7.0 - env: coverage=on +before_install: + # turn off XDebug + - phpenv config-rm xdebug.ini || return 0 - allow_failures: - - php: 7.0 - env: coverage=on +install: + - travis_retry composer install --no-progress --prefer-dist script: - - vendor/bin/tester tests -s $coverageArgs - - php temp/code-checker/src/code-checker.php --short-arrays + - vendor/bin/tester tests -s after_failure: # Print *.actual content - for i in $(find tests -name \*.actual); do echo "--- $i"; cat $i; echo; echo; done -before_script: - # Install Nette Tester & Code Checker - - travis_retry composer update --no-interaction --prefer-dist $dependencies - - travis_retry composer create-project nette/code-checker temp/code-checker ~2.5 --no-interaction - - if [ "$coverage" == "on" ]; then coverageArgs="-p phpdbg --coverage ./coverage.xml --coverage-src ./src"; fi +jobs: + include: + - env: title="Lowest Dependencies" + install: + - travis_retry composer update --no-progress --prefer-dist --prefer-lowest --prefer-stable + + + - stage: Code Standard Checker + php: 7.1 + install: + # Install Nette Code Checker + - travis_retry composer create-project nette/code-checker temp/code-checker ^3 --no-progress + # Install Nette Coding Standard + - travis_retry composer create-project nette/coding-standard temp/coding-standard ^2 --no-progress + + script: + - php temp/code-checker/code-checker + - php temp/coding-standard/ecs check src tests --config temp/coding-standard/coding-standard-php56.yml -after_script: - # Report Code Coverage - - > - if [ "$coverage" == "on" ]; then - wget https://github.com/satooshi/php-coveralls/releases/download/v1.0.1/coveralls.phar - && php coveralls.phar --verbose --config tests/.coveralls.yml - || true; fi -sudo: false + - stage: Code Coverage + php: 7.1 + script: + - vendor/bin/tester -p phpdbg tests -s --coverage ./coverage.xml --coverage-src ./src + after_script: + - wget https://github.com/satooshi/php-coveralls/releases/download/v1.0.1/coveralls.phar + - php coveralls.phar --verbose --config tests/.coveralls.yml + + + allow_failures: + - stage: Code Coverage + + +dist: xenial cache: directories: - $HOME/.composer/cache + +notifications: + email: false diff --git a/composer.json b/composer.json index 20cc5c02..c6479bbe 100644 --- a/composer.json +++ b/composer.json @@ -1,6 +1,7 @@ { "name": "nette/security", - "description": "Nette Security: Access Control Component", + "description": "🔑 Nette Security: provides authentication, authorization and a role-based access control management via ACL (Access Control List)", + "keywords": ["nette", "authentication", "authorization", "ACL"], "homepage": "https://nette.org", "license": ["BSD-3-Clause", "GPL-2.0", "GPL-3.0"], "authors": [ diff --git a/readme.md b/readme.md index a7fb6944..8376228c 100644 --- a/readme.md +++ b/readme.md @@ -1,18 +1,14 @@ Nette Security: Access Control ============================== -[![Downloads this Month](https://img.shields.io/packagist/dm/nette/security.svg)](https://packagist.org/packages/nette/security) -[![Build Status](https://travis-ci.org/nette/security.svg?branch=master)](https://travis-ci.org/nette/security) -[![Coverage Status](https://coveralls.io/repos/github/nette/security/badge.svg?branch=master)](https://coveralls.io/github/nette/security?branch=master) -[![Latest Stable Version](https://poser.pugx.org/nette/security/v/stable)](https://github.com/nette/security/releases) -[![License](https://img.shields.io/badge/license-New%20BSD-blue.svg)](https://github.com/nette/security/blob/master/license.md) - - user login and logout - verifying user privileges - securing against vulnerabilities - how to create custom authenticators and authorizators - Access Control List +It requires PHP version 5.6 and supports PHP up to 8.0. + Authentication ============== @@ -101,7 +97,7 @@ We will create a custom authenticator that will check validity of login credenti ```php use Nette\Security as NS; -class MyAuthenticator extends Nette\Object implements NS\IAuthenticator +class MyAuthenticator implements NS\IAuthenticator { public $database; @@ -146,7 +142,7 @@ Identity Identity presents a set of user information, as returned by autheticator. It's an object implementing [api:Nette\Security\IIdentity] interface, with default implementation [api:Nette\Security\Identity]. Class has methods `getId()`, that returns users ID (for example primary key for the respective database row), and `getRoles()`, which returns an array of all roles user is in. User data can be access as if they were identity properties. -Identity is not erased when the user is logged out. So, if identity exists, it by itself does not grant that the user is also logged in. If we would like to explicitly delete the identity for some reason, we logout the user by calling `$user->logout(TRUE)`. +Identity is not erased when the user is logged out. So, if identity exists, it by itself does not grant that the user is also logged in. If we would like to explicitly delete the identity for some reason, we logout the user by calling `$user->logout(true)`. Service `user` of class [api:Nette\Security\User] keeps the identity in session and uses it to all authorizations. Identity can be access with `getIdentity` upon `$user`: @@ -205,13 +201,12 @@ Authorizator decides, whether the user has permission to take some action. It's An implementation skeleton looks like this: ```php -class MyAuthorizator extends Nette\Object - implements Nette\Security\IAuthorizator +class MyAuthorizator implements Nette\Security\IAuthorizator { function isAllowed($role, $resource, $privilege) { - return ...; // returns either TRUE or FALSE + return ...; // returns either true or false } } @@ -266,7 +261,7 @@ Trivial, isn't it? This ensures all the properties of the parents will be inheri Do note the method `getRoleParents()`, which returns an array of all direct parent roles, and the method `roleIntheritsFrom()`, which checks whether a role extends another. Their usage: ```php -$acl->roleInheritsFrom('administrator', 'guest'); // TRUE +$acl->roleInheritsFrom('administrator', 'guest'); // true $acl->getRoleParents('administrator'); // array('registered') - only direct parents ``` @@ -301,27 +296,27 @@ Now when we have created the set of rules, we may simply ask the authorization q ```php // can guest view articles? -echo $acl->isAllowed('guest', 'article', 'view'); // TRUE +echo $acl->isAllowed('guest', 'article', 'view'); // true // can guest edit an article? -echo $acl->isAllowed('guest', 'article', 'edit'); // FALSE +echo $acl->isAllowed('guest', 'article', 'edit'); // false // may guest add comments? -echo $acl->isAllowed('guest', 'comments', 'add'); // FALSE +echo $acl->isAllowed('guest', 'comments', 'add'); // false ``` The same is true for the registered user, though he is allowed to add a comment: ```php -echo $acl->isAllowed('registered', 'article', 'view'); // TRUE -echo $acl->isAllowed('registered', 'comments', 'add'); // TRUE -echo $acl->isAllowed('registered', 'backend', 'view'); // FALSE +echo $acl->isAllowed('registered', 'article', 'view'); // true +echo $acl->isAllowed('registered', 'comments', 'add'); // true +echo $acl->isAllowed('registered', 'backend', 'view'); // false ``` Administrator is allowed to do everything: ```php -echo $acl->isAllowed('administrator', 'article', 'view'); // TRUE -echo $acl->isAllowed('administrator', 'commend', 'add'); // TRUE -echo $acl->isAllowed('administrator', 'poll', 'edit'); // TRUE +echo $acl->isAllowed('administrator', 'article', 'view'); // true +echo $acl->isAllowed('administrator', 'commend', 'add'); // true +echo $acl->isAllowed('administrator', 'poll', 'edit'); // true ``` Admin rules may possibly be defined without any restrictions (without inheriting from any other roles): @@ -347,11 +342,11 @@ $acl->deny('guest', 'backend'); // example A: role admin has lower weight than role guest $acl->addRole('john', array('admin', 'guest')); -$acl->isAllowed('john', 'backend'); // FALSE +$acl->isAllowed('john', 'backend'); // false // example B: role admin has greater weight than role guest $acl->addRole('mary', array('guest', 'admin')); -$acl->isAllowed('mary', 'backend'); // TRUE +$acl->isAllowed('mary', 'backend'); // true ``` diff --git a/src/Bridges/SecurityDI/SecurityExtension.php b/src/Bridges/SecurityDI/SecurityExtension.php index 0a86194b..e4d38578 100644 --- a/src/Bridges/SecurityDI/SecurityExtension.php +++ b/src/Bridges/SecurityDI/SecurityExtension.php @@ -16,7 +16,7 @@ class SecurityExtension extends Nette\DI\CompilerExtension { public $defaults = [ - 'debugger' => TRUE, + 'debugger' => true, 'users' => [], // of [user => password] or [user => ['password' => password, 'roles' => [role]]] 'roles' => [], // of [role => parents] 'resources' => [], // of [resource => parents] @@ -26,7 +26,7 @@ class SecurityExtension extends Nette\DI\CompilerExtension private $debugMode; - public function __construct($debugMode = FALSE) + public function __construct($debugMode = false) { $this->debugMode = $debugMode; } @@ -37,12 +37,15 @@ public function loadConfiguration() $config = $this->validateConfig($this->defaults); $builder = $this->getContainerBuilder(); + $builder->addDefinition($this->prefix('passwords')) + ->setFactory(Nette\Security\Passwords::class); + $builder->addDefinition($this->prefix('userStorage')) ->setClass(Nette\Security\IUserStorage::class) ->setFactory(Nette\Http\UserStorage::class); $user = $builder->addDefinition($this->prefix('user')) - ->setClass(Nette\Security\User::class); + ->setFactory(Nette\Security\User::class); if ($this->debugMode && $config['debugger']) { $user->addSetup('@Tracy\Bar::addPanel', [ @@ -54,9 +57,9 @@ public function loadConfiguration() $usersList = $usersRoles = []; foreach ($config['users'] as $username => $data) { $data = is_array($data) ? $data : ['password' => $data]; - $this->validateConfig(['password' => NULL, 'roles' => NULL], $data, $this->prefix("security.users.$username")); + $this->validateConfig(['password' => null, 'roles' => null], $data, $this->prefix("security.users.$username")); $usersList[$username] = $data['password']; - $usersRoles[$username] = isset($data['roles']) ? $data['roles'] : NULL; + $usersRoles[$username] = isset($data['roles']) ? $data['roles'] : null; } $builder->addDefinition($this->prefix('authenticator')) @@ -90,5 +93,4 @@ public function loadConfiguration() $builder->addAlias('nette.userStorage', $this->prefix('userStorage')); } } - } diff --git a/src/Bridges/SecurityTracy/UserPanel.php b/src/Bridges/SecurityTracy/UserPanel.php index 5bfd0a92..c25794e6 100644 --- a/src/Bridges/SecurityTracy/UserPanel.php +++ b/src/Bridges/SecurityTracy/UserPanel.php @@ -56,5 +56,4 @@ public function getPanel() require __DIR__ . '/templates/UserPanel.panel.phtml'; return ob_get_clean(); } - } diff --git a/src/Bridges/SecurityTracy/templates/UserPanel.panel.phtml b/src/Bridges/SecurityTracy/templates/UserPanel.panel.phtml index fdc801d0..e410c959 100644 --- a/src/Bridges/SecurityTracy/templates/UserPanel.panel.phtml +++ b/src/Bridges/SecurityTracy/templates/UserPanel.panel.phtml @@ -8,5 +8,5 @@ use Tracy\Dumper;

isLoggedIn()): ?>Logged inUnlogged

- getIdentity()): echo Dumper::toHtml($user->getIdentity(), [Dumper::LIVE => TRUE]); else: ?>

no identity

+ getIdentity()): echo Dumper::toHtml($user->getIdentity(), [Dumper::LIVE => true]); else: ?>

no identity

diff --git a/src/Security/IAuthenticator.php b/src/Security/IAuthenticator.php index 1cac4e0f..be02981d 100644 --- a/src/Security/IAuthenticator.php +++ b/src/Security/IAuthenticator.php @@ -32,5 +32,4 @@ interface IAuthenticator * @throws AuthenticationException */ function authenticate(array $credentials); - } diff --git a/src/Security/IAuthorizator.php b/src/Security/IAuthorizator.php index f5211e6a..dbaac864 100644 --- a/src/Security/IAuthorizator.php +++ b/src/Security/IAuthorizator.php @@ -15,22 +15,20 @@ interface IAuthorizator { /** Set type: all */ - const ALL = NULL; + const ALL = null; /** Permission type: allow */ - const ALLOW = TRUE; + const ALLOW = true; /** Permission type: deny */ - const DENY = FALSE; - + const DENY = false; /** * Performs a role-based authorization. - * @param string|NULL - * @param string|NULL - * @param string|NULL + * @param string|null + * @param string|null + * @param string|null * @return bool */ function isAllowed($role, $resource, $privilege); - } diff --git a/src/Security/IIdentity.php b/src/Security/IIdentity.php index bc9be15a..2070b6cd 100644 --- a/src/Security/IIdentity.php +++ b/src/Security/IIdentity.php @@ -25,5 +25,4 @@ function getId(); * @return array */ function getRoles(); - } diff --git a/src/Security/IResource.php b/src/Security/IResource.php index e449ce94..5f95de38 100644 --- a/src/Security/IResource.php +++ b/src/Security/IResource.php @@ -19,5 +19,4 @@ interface IResource * @return string */ function getResourceId(); - } diff --git a/src/Security/IRole.php b/src/Security/IRole.php index 6d6bcfb7..e81b0a56 100644 --- a/src/Security/IRole.php +++ b/src/Security/IRole.php @@ -19,5 +19,4 @@ interface IRole * @return string */ function getRoleId(); - } diff --git a/src/Security/IUserStorage.php b/src/Security/IUserStorage.php index 36bae4a2..4b1c258e 100644 --- a/src/Security/IUserStorage.php +++ b/src/Security/IUserStorage.php @@ -41,11 +41,11 @@ function isAuthenticated(); * Sets the user identity. * @return static */ - function setIdentity(IIdentity $identity = NULL); + function setIdentity(IIdentity $identity = null); /** * Returns current user identity, if any. - * @return IIdentity|NULL + * @return IIdentity|null */ function getIdentity(); @@ -59,8 +59,7 @@ function setExpiration($time, $flags = 0); /** * Why was user logged out? - * @return int|NULL + * @return int|null */ function getLogoutReason(); - } diff --git a/src/Security/Identity.php b/src/Security/Identity.php index 6be5960b..3e45f15e 100644 --- a/src/Security/Identity.php +++ b/src/Security/Identity.php @@ -40,7 +40,7 @@ class Identity implements IIdentity * @param mixed * @param iterable */ - public function __construct($id, $roles = NULL, $data = NULL) + public function __construct($id, $roles = null, $data = null) { $this->setId($id); $this->setRoles((array) $roles); @@ -142,5 +142,4 @@ public function __isset($key) { return isset($this->data[$key]) || $this->parentIsSet($key); } - } diff --git a/src/Security/Passwords.php b/src/Security/Passwords.php index 26ad2fb3..f5467e37 100644 --- a/src/Security/Passwords.php +++ b/src/Security/Passwords.php @@ -15,7 +15,7 @@ */ class Passwords { - use Nette\StaticClass; + use Nette\SmartObject; /** @deprecated */ const BCRYPT_COST = 10; @@ -29,13 +29,9 @@ class Passwords */ public static function hash($password, array $options = []) { - if (isset($options['cost']) && ($options['cost'] < 4 || $options['cost'] > 31)) { - throw new Nette\InvalidArgumentException("Cost must be in range 4-31, $options[cost] given."); - } - - $hash = password_hash($password, PASSWORD_BCRYPT, $options); - if ($hash === FALSE || strlen($hash) < 60) { - throw new Nette\InvalidStateException('Hash computed by password_hash is invalid.'); + $hash = @password_hash($password, PASSWORD_BCRYPT, $options); // @ is escalated to exception + if (!$hash) { + throw new Nette\InvalidStateException('Computed hash is invalid. ' . error_get_last()['message']); } return $hash; } @@ -61,5 +57,4 @@ public static function needsRehash($hash, array $options = []) { return password_needs_rehash($hash, PASSWORD_BCRYPT, $options); } - } diff --git a/src/Security/Permission.php b/src/Security/Permission.php index 1f28b903..8c7d0550 100644 --- a/src/Security/Permission.php +++ b/src/Security/Permission.php @@ -33,7 +33,7 @@ class Permission implements IAuthorizator 'allRoles' => [ 'allPrivileges' => [ 'type' => self::DENY, - 'assert' => NULL, + 'assert' => null, ], 'byPrivilege' => [], ], @@ -43,7 +43,9 @@ class Permission implements IAuthorizator ]; /** @var mixed */ - private $queriedRole, $queriedResource; + private $queriedRole; + + private $queriedResource; /********************* roles ****************d*g**/ @@ -58,24 +60,24 @@ class Permission implements IAuthorizator * @throws Nette\InvalidStateException * @return static */ - public function addRole($role, $parents = NULL) + public function addRole($role, $parents = null) { - $this->checkRole($role, FALSE); + $this->checkRole($role, false); if (isset($this->roles[$role])) { throw new Nette\InvalidStateException("Role '$role' already exists in the list."); } $roleParents = []; - if ($parents !== NULL) { + if ($parents !== null) { if (!is_array($parents)) { $parents = [$parents]; } foreach ($parents as $parent) { $this->checkRole($parent); - $roleParents[$parent] = TRUE; - $this->roles[$parent]['children'][$role] = TRUE; + $roleParents[$parent] = true; + $this->roles[$parent]['children'][$role] = true; } } @@ -89,13 +91,13 @@ public function addRole($role, $parents = NULL) /** - * Returns TRUE if the Role exists in the list. + * Returns true if the Role exists in the list. * @param string * @return bool */ public function hasRole($role) { - $this->checkRole($role, FALSE); + $this->checkRole($role, false); return isset($this->roles[$role]); } @@ -107,7 +109,7 @@ public function hasRole($role) * @throws Nette\InvalidStateException * @return void */ - private function checkRole($role, $throw = TRUE) + private function checkRole($role, $throw = true) { if (!is_string($role) || $role === '') { throw new Nette\InvalidArgumentException('Role must be a non-empty string.'); @@ -141,7 +143,7 @@ public function getRoleParents($role) /** - * Returns TRUE if $role inherits from $inherit. If $onlyParents is TRUE, + * Returns true if $role inherits from $inherit. If $onlyParents is true, * then $role must inherit directly from $inherit. * @param string * @param string @@ -149,7 +151,7 @@ public function getRoleParents($role) * @throws Nette\InvalidStateException * @return bool */ - public function roleInheritsFrom($role, $inherit, $onlyParents = FALSE) + public function roleInheritsFrom($role, $inherit, $onlyParents = false) { $this->checkRole($role); $this->checkRole($inherit); @@ -162,11 +164,11 @@ public function roleInheritsFrom($role, $inherit, $onlyParents = FALSE) foreach ($this->roles[$role]['parents'] as $parent => $foo) { if ($this->roleInheritsFrom($parent, $inherit)) { - return TRUE; + return true; } } - return FALSE; + return false; } @@ -246,17 +248,17 @@ public function removeAllRoles() * @throws Nette\InvalidStateException * @return static */ - public function addResource($resource, $parent = NULL) + public function addResource($resource, $parent = null) { - $this->checkResource($resource, FALSE); + $this->checkResource($resource, false); if (isset($this->resources[$resource])) { throw new Nette\InvalidStateException("Resource '$resource' already exists in the list."); } - if ($parent !== NULL) { + if ($parent !== null) { $this->checkResource($parent); - $this->resources[$parent]['children'][$resource] = TRUE; + $this->resources[$parent]['children'][$resource] = true; } $this->resources[$resource] = [ @@ -269,13 +271,13 @@ public function addResource($resource, $parent = NULL) /** - * Returns TRUE if the Resource exists in the list. + * Returns true if the Resource exists in the list. * @param string * @return bool */ public function hasResource($resource) { - $this->checkResource($resource, FALSE); + $this->checkResource($resource, false); return isset($this->resources[$resource]); } @@ -287,7 +289,7 @@ public function hasResource($resource) * @throws Nette\InvalidStateException * @return void */ - private function checkResource($resource, $throw = TRUE) + private function checkResource($resource, $throw = true) { if (!is_string($resource) || $resource === '') { throw new Nette\InvalidArgumentException('Resource must be a non-empty string.'); @@ -309,7 +311,7 @@ public function getResources() /** - * Returns TRUE if $resource inherits from $inherit. If $onlyParents is TRUE, + * Returns true if $resource inherits from $inherit. If $onlyParents is true, * then $resource must inherit directly from $inherit. * * @param string @@ -318,31 +320,31 @@ public function getResources() * @throws Nette\InvalidStateException * @return bool */ - public function resourceInheritsFrom($resource, $inherit, $onlyParent = FALSE) + public function resourceInheritsFrom($resource, $inherit, $onlyParent = false) { $this->checkResource($resource); $this->checkResource($inherit); - if ($this->resources[$resource]['parent'] === NULL) { - return FALSE; + if ($this->resources[$resource]['parent'] === null) { + return false; } $parent = $this->resources[$resource]['parent']; if ($inherit === $parent) { - return TRUE; + return true; } elseif ($onlyParent) { - return FALSE; + return false; } - while ($this->resources[$parent]['parent'] !== NULL) { + while ($this->resources[$parent]['parent'] !== null) { $parent = $this->resources[$parent]['parent']; if ($inherit === $parent) { - return TRUE; + return true; } } - return FALSE; + return false; } @@ -358,7 +360,7 @@ public function removeResource($resource) $this->checkResource($resource); $parent = $this->resources[$resource]['parent']; - if ($parent !== NULL) { + if ($parent !== null) { unset($this->resources[$parent]['children'][$resource]); } @@ -405,34 +407,34 @@ public function removeAllResources() /** * Allows one or more Roles access to [certain $privileges upon] the specified Resource(s). - * If $assertion is provided, then it must return TRUE in order for rule to apply. + * If $assertion is provided, then it must return true in order for rule to apply. * - * @param string|string[]|Permission::ALL - * @param string|string[]|Permission::ALL - * @param string|string[]|Permission::ALL + * @param string|string[]|null + * @param string|string[]|null + * @param string|string[]|null * @param callable assertion * @return static */ - public function allow($roles = self::ALL, $resources = self::ALL, $privileges = self::ALL, $assertion = NULL) + public function allow($roles = self::ALL, $resources = self::ALL, $privileges = self::ALL, $assertion = null) { - $this->setRule(TRUE, self::ALLOW, $roles, $resources, $privileges, $assertion); + $this->setRule(true, self::ALLOW, $roles, $resources, $privileges, $assertion); return $this; } /** * Denies one or more Roles access to [certain $privileges upon] the specified Resource(s). - * If $assertion is provided, then it must return TRUE in order for rule to apply. + * If $assertion is provided, then it must return true in order for rule to apply. * - * @param string|string[]|Permission::ALL - * @param string|string[]|Permission::ALL - * @param string|string[]|Permission::ALL + * @param string|string[]|null + * @param string|string[]|null + * @param string|string[]|null * @param callable assertion * @return static */ - public function deny($roles = self::ALL, $resources = self::ALL, $privileges = self::ALL, $assertion = NULL) + public function deny($roles = self::ALL, $resources = self::ALL, $privileges = self::ALL, $assertion = null) { - $this->setRule(TRUE, self::DENY, $roles, $resources, $privileges, $assertion); + $this->setRule(true, self::DENY, $roles, $resources, $privileges, $assertion); return $this; } @@ -440,14 +442,14 @@ public function deny($roles = self::ALL, $resources = self::ALL, $privileges = s /** * Removes "allow" permissions from the list in the context of the given Roles, Resources, and privileges. * - * @param string|string[]|Permission::ALL - * @param string|string[]|Permission::ALL - * @param string|string[]|Permission::ALL + * @param string|string[]|null + * @param string|string[]|null + * @param string|string[]|null * @return static */ public function removeAllow($roles = self::ALL, $resources = self::ALL, $privileges = self::ALL) { - $this->setRule(FALSE, self::ALLOW, $roles, $resources, $privileges); + $this->setRule(false, self::ALLOW, $roles, $resources, $privileges); return $this; } @@ -455,14 +457,14 @@ public function removeAllow($roles = self::ALL, $resources = self::ALL, $privile /** * Removes "deny" restrictions from the list in the context of the given Roles, Resources, and privileges. * - * @param string|string[]|Permission::ALL - * @param string|string[]|Permission::ALL - * @param string|string[]|Permission::ALL + * @param string|string[]|null + * @param string|string[]|null + * @param string|string[]|null * @return static */ public function removeDeny($roles = self::ALL, $resources = self::ALL, $privileges = self::ALL) { - $this->setRule(FALSE, self::DENY, $roles, $resources, $privileges); + $this->setRule(false, self::DENY, $roles, $resources, $privileges); return $this; } @@ -471,16 +473,16 @@ public function removeDeny($roles = self::ALL, $resources = self::ALL, $privileg * Performs operations on Access Control List rules. * @param bool operation add? * @param bool type - * @param string|string[]|Permission::ALL - * @param string|string[]|Permission::ALL - * @param string|string[]|Permission::ALL + * @param string|string[]|null + * @param string|string[]|null + * @param string|string[]|null * @param callable assertion * @throws Nette\InvalidStateException * @return static */ - protected function setRule($toAdd, $type, $roles, $resources, $privileges, $assertion = NULL) + protected function setRule($toAdd, $type, $roles, $resources, $privileges, $assertion = null) { - // ensure that all specified Roles exist; normalize input to array of Roles or NULL + // ensure that all specified Roles exist; normalize input to array of Roles or null if ($roles === self::ALL) { $roles = [self::ALL]; @@ -494,7 +496,7 @@ protected function setRule($toAdd, $type, $roles, $resources, $privileges, $asse } } - // ensure that all specified Resources exist; normalize input to array of Resources or NULL + // ensure that all specified Resources exist; normalize input to array of Resources or null if ($resources === self::ALL) { $resources = [self::ALL]; @@ -519,7 +521,7 @@ protected function setRule($toAdd, $type, $roles, $resources, $privileges, $asse if ($toAdd) { // add to the rules foreach ($resources as $resource) { foreach ($roles as $role) { - $rules = &$this->getRules($resource, $role, TRUE); + $rules = &$this->getRules($resource, $role, true); if (count($privileges) === 0) { $rules['allPrivileges']['type'] = $type; $rules['allPrivileges']['assert'] = $assertion; @@ -539,7 +541,7 @@ protected function setRule($toAdd, $type, $roles, $resources, $privileges, $asse foreach ($resources as $resource) { foreach ($roles as $role) { $rules = &$this->getRules($resource, $role); - if ($rules === NULL) { + if ($rules === null) { continue; } if (count($privileges) === 0) { @@ -548,7 +550,7 @@ protected function setRule($toAdd, $type, $roles, $resources, $privileges, $asse $rules = [ 'allPrivileges' => [ 'type' => self::DENY, - 'assert' => NULL, + 'assert' => null, ], 'byPrivilege' => [], ]; @@ -578,16 +580,16 @@ protected function setRule($toAdd, $type, $roles, $resources, $privileges, $asse /** - * Returns TRUE if and only if the Role has access to [certain $privileges upon] the Resource. + * Returns true if and only if the Role has access to [certain $privileges upon] the Resource. * * This method checks Role inheritance using a depth-first traversal of the Role list. * The highest priority parent (i.e., the parent most recently added) is checked first, * and its respective parents are checked similarly before the lower-priority parents of * the Role are checked. * - * @param string|Permission::ALL|IRole - * @param string|Permission::ALL|IResource - * @param string|Permission::ALL + * @param string|null|IRole $role + * @param string|null|IResource $resource + * @param string|null $privilege * @throws Nette\InvalidStateException * @return bool */ @@ -611,34 +613,34 @@ public function isAllowed($role = self::ALL, $resource = self::ALL, $privilege = do { // depth-first search on $role if it is not 'allRoles' pseudo-parent - if ($role !== NULL && NULL !== ($result = $this->searchRolePrivileges($privilege === self::ALL, $role, $resource, $privilege))) { + if ($role !== null && ($result = $this->searchRolePrivileges($privilege === self::ALL, $role, $resource, $privilege)) !== null) { break; } if ($privilege === self::ALL) { if ($rules = $this->getRules($resource, self::ALL)) { // look for rule on 'allRoles' psuedo-parent foreach ($rules['byPrivilege'] as $privilege => $rule) { - if (self::DENY === ($result = $this->getRuleType($resource, NULL, $privilege))) { + if (($result = $this->getRuleType($resource, null, $privilege)) === self::DENY) { break 2; } } - if (NULL !== ($result = $this->getRuleType($resource, NULL, NULL))) { + if (($result = $this->getRuleType($resource, null, null)) !== null) { break; } } } else { - if (NULL !== ($result = $this->getRuleType($resource, NULL, $privilege))) { // look for rule on 'allRoles' pseudo-parent + if (($result = $this->getRuleType($resource, null, $privilege)) !== null) { // look for rule on 'allRoles' pseudo-parent break; - } elseif (NULL !== ($result = $this->getRuleType($resource, NULL, NULL))) { + } elseif (($result = $this->getRuleType($resource, null, null)) !== null) { break; } } $resource = $this->resources[$resource]['parent']; // try next Resource - } while (TRUE); + } while (true); - $this->queriedRole = $this->queriedResource = NULL; + $this->queriedRole = $this->queriedResource = null; return $result; } @@ -673,7 +675,7 @@ public function getQueriedResource() * @param string * @param string * @param string only for one - * @return mixed NULL if no applicable rule is found, otherwise returns ALLOW or DENY + * @return mixed null if no applicable rule is found, otherwise returns ALLOW or DENY */ private function searchRolePrivileges($all, $role, $resource, $privilege) { @@ -682,72 +684,72 @@ private function searchRolePrivileges($all, $role, $resource, $privilege) 'stack' => [$role], ]; - while (NULL !== ($role = array_pop($dfs['stack']))) { + while (($role = array_pop($dfs['stack'])) !== null) { if (isset($dfs['visited'][$role])) { continue; } if ($all) { if ($rules = $this->getRules($resource, $role)) { foreach ($rules['byPrivilege'] as $privilege2 => $rule) { - if (self::DENY === $this->getRuleType($resource, $role, $privilege2)) { + if ($this->getRuleType($resource, $role, $privilege2) === self::DENY) { return self::DENY; } } - if (NULL !== ($type = $this->getRuleType($resource, $role, NULL))) { + if (($type = $this->getRuleType($resource, $role, null)) !== null) { return $type; } } } else { - if (NULL !== ($type = $this->getRuleType($resource, $role, $privilege))) { + if (($type = $this->getRuleType($resource, $role, $privilege)) !== null) { return $type; - } elseif (NULL !== ($type = $this->getRuleType($resource, $role, NULL))) { + } elseif (($type = $this->getRuleType($resource, $role, null)) !== null) { return $type; } } - $dfs['visited'][$role] = TRUE; + $dfs['visited'][$role] = true; foreach ($this->roles[$role]['parents'] as $roleParent => $foo) { $dfs['stack'][] = $roleParent; } } - return NULL; + return null; } /** * Returns the rule type associated with the specified Resource, Role, and privilege. - * @param string|Permission::ALL - * @param string|Permission::ALL - * @param string|Permission::ALL - * @return bool|NULL NULL if a rule does not exist or assertion fails, otherwise returns ALLOW or DENY + * @param string|null $resource + * @param string|null $role + * @param string|null $privilege + * @return bool|null null if a rule does not exist or assertion fails, otherwise returns ALLOW or DENY */ private function getRuleType($resource, $role, $privilege) { if (!$rules = $this->getRules($resource, $role)) { - return NULL; + return null; } if ($privilege === self::ALL) { if (isset($rules['allPrivileges'])) { $rule = $rules['allPrivileges']; } else { - return NULL; + return null; } } elseif (!isset($rules['byPrivilege'][$privilege])) { - return NULL; + return null; } else { $rule = $rules['byPrivilege'][$privilege]; } - if ($rule['assert'] === NULL || Nette\Utils\Callback::invoke($rule['assert'], $this, $role, $resource, $privilege)) { + if ($rule['assert'] === null || call_user_func($rule['assert'], $this, $role, $resource, $privilege)) { return $rule['type']; } elseif ($resource !== self::ALL || $role !== self::ALL || $privilege !== self::ALL) { - return NULL; + return null; - } elseif (self::ALLOW === $rule['type']) { + } elseif ($rule['type'] === self::ALLOW) { return self::DENY; } else { @@ -757,16 +759,16 @@ private function getRuleType($resource, $role, $privilege) /** - * Returns the rules associated with a Resource and a Role, or NULL if no such rules exist. - * If the $create parameter is TRUE, then a rule set is first created and then returned to the caller. - * @param string|Permission::ALL - * @param string|Permission::ALL + * Returns the rules associated with a Resource and a Role, or null if no such rules exist. + * If the $create parameter is true, then a rule set is first created and then returned to the caller. + * @param string|null $resource + * @param string|null $role * @param bool - * @return array|NULL + * @return array|null */ - private function &getRules($resource, $role, $create = FALSE) + private function &getRules($resource, $role, $create = false) { - $null = NULL; + $null = null; if ($resource === self::ALL) { $visitor = &$this->rules['allResources']; } else { @@ -798,5 +800,4 @@ private function &getRules($resource, $role, $create = FALSE) return $visitor['byRole'][$role]; } - } diff --git a/src/Security/SimpleAuthenticator.php b/src/Security/SimpleAuthenticator.php index ac3dfeed..61ece5b2 100644 --- a/src/Security/SimpleAuthenticator.php +++ b/src/Security/SimpleAuthenticator.php @@ -47,7 +47,7 @@ public function authenticate(array $credentials) foreach ($this->userlist as $name => $pass) { if (strcasecmp($name, $username) === 0) { if ((string) $pass === (string) $password) { - return new Identity($name, isset($this->usersRoles[$name]) ? $this->usersRoles[$name] : NULL); + return new Identity($name, isset($this->usersRoles[$name]) ? $this->usersRoles[$name] : null); } else { throw new AuthenticationException('Invalid password.', self::INVALID_CREDENTIAL); } @@ -55,5 +55,4 @@ public function authenticate(array $credentials) } throw new AuthenticationException("User '$username' not found.", self::IDENTITY_NOT_FOUND); } - } diff --git a/src/Security/User.php b/src/Security/User.php index 73fb7170..cb0b80dd 100644 --- a/src/Security/User.php +++ b/src/Security/User.php @@ -48,14 +48,14 @@ class User /** @var IUserStorage Session storage for current user */ private $storage; - /** @var IAuthenticator */ + /** @var IAuthenticator|null */ private $authenticator; - /** @var IAuthorizator */ + /** @var IAuthorizator|null */ private $authorizator; - public function __construct(IUserStorage $storage, IAuthenticator $authenticator = NULL, IAuthorizator $authorizator = NULL) + public function __construct(IUserStorage $storage, IAuthenticator $authenticator = null, IAuthorizator $authorizator = null) { $this->storage = $storage; $this->authenticator = $authenticator; @@ -77,19 +77,19 @@ public function getStorage() /** * Conducts the authentication process. Parameters are optional. - * @param mixed optional parameter (e.g. username or IIdentity) - * @param mixed optional parameter (e.g. password) + * @param string|IIdentity username or Identity + * @param string * @return void * @throws AuthenticationException if authentication was not successful */ - public function login($id = NULL, $password = NULL) + public function login($user, $password = null) { - $this->logout(TRUE); - if (!$id instanceof IIdentity) { - $id = $this->getAuthenticator()->authenticate(func_get_args()); + $this->logout(true); + if (!$user instanceof IIdentity) { + $user = $this->getAuthenticator()->authenticate(func_get_args()); } - $this->storage->setIdentity($id); - $this->storage->setAuthenticated(TRUE); + $this->storage->setIdentity($user); + $this->storage->setAuthenticated(true); $this->onLoggedIn($this); } @@ -99,14 +99,14 @@ public function login($id = NULL, $password = NULL) * @param bool clear the identity from persistent storage? * @return void */ - public function logout($clearIdentity = FALSE) + public function logout($clearIdentity = false) { if ($this->isLoggedIn()) { $this->onLoggedOut($this); - $this->storage->setAuthenticated(FALSE); + $this->storage->setAuthenticated(false); } if ($clearIdentity) { - $this->storage->setIdentity(NULL); + $this->storage->setIdentity(null); } } @@ -123,7 +123,7 @@ public function isLoggedIn() /** * Returns current user identity, if any. - * @return IIdentity|NULL + * @return IIdentity|null */ public function getIdentity() { @@ -138,7 +138,7 @@ public function getIdentity() public function getId() { $identity = $this->getIdentity(); - return $identity ? $identity->getId() : NULL; + return $identity ? $identity->getId() : null; } @@ -155,9 +155,9 @@ public function setAuthenticator(IAuthenticator $handler) /** * Returns authentication handler. - * @return IAuthenticator|NULL + * @return IAuthenticator|null */ - public function getAuthenticator($throw = TRUE) + public function getAuthenticator($throw = true) { if ($throw && !$this->authenticator) { throw new Nette\InvalidStateException('Authenticator has not been set.'); @@ -173,7 +173,7 @@ public function getAuthenticator($throw = TRUE) * @param bool clear the identity from persistent storage? (deprecated) * @return static */ - public function setExpiration($time, $flags = NULL, $clearIdentity = FALSE) + public function setExpiration($time, $flags = null, $clearIdentity = false) { $clearIdentity = $clearIdentity || $flags === IUserStorage::CLEAR_IDENTITY; $this->storage->setExpiration($time, $clearIdentity ? IUserStorage::CLEAR_IDENTITY : 0); @@ -183,7 +183,7 @@ public function setExpiration($time, $flags = NULL, $clearIdentity = FALSE) /** * Why was user logged out? - * @return int|NULL + * @return int|null */ public function getLogoutReason() { @@ -216,13 +216,13 @@ public function getRoles() */ public function isInRole($role) { - return in_array($role, $this->getRoles(), TRUE); + return in_array($role, $this->getRoles(), true); } /** * Has a user effective access to the Resource? - * If $resource is NULL, then the query applies to all resources. + * If $resource is null, then the query applies to all resources. * @param string resource * @param string privilege * @return bool @@ -231,11 +231,11 @@ public function isAllowed($resource = IAuthorizator::ALL, $privilege = IAuthoriz { foreach ($this->getRoles() as $role) { if ($this->getAuthorizator()->isAllowed($role, $resource, $privilege)) { - return TRUE; + return true; } } - return FALSE; + return false; } @@ -252,14 +252,13 @@ public function setAuthorizator(IAuthorizator $handler) /** * Returns current authorization handler. - * @return IAuthorizator|NULL + * @return IAuthorizator|null */ - public function getAuthorizator($throw = TRUE) + public function getAuthorizator($throw = true) { if ($throw && !$this->authorizator) { throw new Nette\InvalidStateException('Authorizator has not been set.'); } return $this->authorizator; } - } diff --git a/tests/Security.DI/SecurityExtension.authenticator.phpt b/tests/Security.DI/SecurityExtension.authenticator.phpt index e783f007..2cb1fdb2 100644 --- a/tests/Security.DI/SecurityExtension.authenticator.phpt +++ b/tests/Security.DI/SecurityExtension.authenticator.phpt @@ -4,10 +4,10 @@ * Test: SecurityExtension */ -use Nette\DI; use Nette\Bridges\HttpDI\HttpExtension; use Nette\Bridges\HttpDI\SessionExtension; use Nette\Bridges\SecurityDI\SecurityExtension; +use Nette\DI; use Tester\Assert; diff --git a/tests/Security.DI/SecurityExtension.passwords.phpt b/tests/Security.DI/SecurityExtension.passwords.phpt new file mode 100644 index 00000000..191ee2e5 --- /dev/null +++ b/tests/Security.DI/SecurityExtension.passwords.phpt @@ -0,0 +1,25 @@ +addExtension('foo', new HttpExtension); +$compiler->addExtension('bar', new SessionExtension); +$compiler->addExtension('security', new SecurityExtension); + +eval($compiler->compile()); +$container = new Container; + +Assert::type(Nette\Security\Passwords::class, $container->getService('security.passwords')); diff --git a/tests/Security.DI/SecurityExtension.user.phpt b/tests/Security.DI/SecurityExtension.user.phpt index 80c42e43..759e843b 100644 --- a/tests/Security.DI/SecurityExtension.user.phpt +++ b/tests/Security.DI/SecurityExtension.user.phpt @@ -4,10 +4,10 @@ * Test: SecurityExtension */ -use Nette\DI; use Nette\Bridges\HttpDI\HttpExtension; use Nette\Bridges\HttpDI\SessionExtension; use Nette\Bridges\SecurityDI\SecurityExtension; +use Nette\DI; use Tester\Assert; diff --git a/tests/Security/MockUserStorage.php b/tests/Security/MockUserStorage.php index 57dc6b97..78bed2c5 100644 --- a/tests/Security/MockUserStorage.php +++ b/tests/Security/MockUserStorage.php @@ -2,34 +2,41 @@ class MockUserStorage implements Nette\Security\IUserStorage { - private $auth = FALSE; + private $auth = false; + private $identity; - function setAuthenticated($state) + + public function setAuthenticated($state) { $this->auth = $state; } - function isAuthenticated() + + public function isAuthenticated() { return $this->auth; } - function setIdentity(Nette\Security\IIdentity $identity = NULL) + + public function setIdentity(Nette\Security\IIdentity $identity = null) { $this->identity = $identity; } - function getIdentity() + + public function getIdentity() { return $this->identity; } - function setExpiration($time, $flags = 0) + + public function setExpiration($time, $flags = 0) { } - function getLogoutReason() + + public function getLogoutReason() { } } diff --git a/tests/Security/Passwords.hash().phpt b/tests/Security/Passwords.hash().phpt index dd1080a0..ac680bb8 100644 --- a/tests/Security/Passwords.hash().phpt +++ b/tests/Security/Passwords.hash().phpt @@ -12,15 +12,12 @@ require __DIR__ . '/../bootstrap.php'; Assert::truthy( - preg_match('#^\$2.\$\d\d\$.{53}\z#', - Passwords::hash('')) + preg_match('#^\$2.\$\d\d\$.{53}\z#', Passwords::hash('')) ); Assert::truthy( - preg_match('#^\$2y\$05\$.{53}\z#', - $h = Passwords::hash('dg', ['cost' => 5])) + preg_match('#^\$2y\$05\$.{53}\z#', Passwords::hash('dg', ['cost' => 5])) ); -echo $h; $hash = Passwords::hash('dg'); Assert::same($hash, crypt('dg', $hash)); @@ -28,8 +25,8 @@ Assert::same($hash, crypt('dg', $hash)); Assert::exception(function () { Passwords::hash('dg', ['cost' => 3]); -}, Nette\InvalidArgumentException::class, 'Cost must be in range 4-31, 3 given.'); +}, PHP_VERSION_ID < 80000 ? Nette\InvalidStateException::class : ValueError::class); Assert::exception(function () { Passwords::hash('dg', ['cost' => 32]); -}, Nette\InvalidArgumentException::class, 'Cost must be in range 4-31, 32 given.'); +}, PHP_VERSION_ID < 80000 ? Nette\InvalidStateException::class : ValueError::class); diff --git a/tests/Security/Passwords.non-static.phpt b/tests/Security/Passwords.non-static.phpt new file mode 100644 index 00000000..153e317a --- /dev/null +++ b/tests/Security/Passwords.non-static.phpt @@ -0,0 +1,25 @@ +hash('')) +); + +Assert::true((new Passwords)->needsRehash('$2y$05$123456789012345678901uTj3G.8OMqoqrOMca1z/iBLqLNaWe6DK')); +Assert::false((new Passwords)->needsRehash('$2y$05$123456789012345678901uTj3G.8OMqoqrOMca1z/iBLqLNaWe6DK', ['cost' => 5])); + +Assert::true((new Passwords)->verify('dg', '$2y$05$123456789012345678901uTj3G.8OMqoqrOMca1z/iBLqLNaWe6DK')); +Assert::true((new Passwords)->verify('dg', '$2x$05$123456789012345678901uTj3G.8OMqoqrOMca1z/iBLqLNaWe6DK')); +Assert::false((new Passwords)->verify('dgx', '$2y$05$123456789012345678901uTj3G.8OMqoqrOMca1z/iBLqLNaWe6DK')); diff --git a/tests/Security/Permission.CMSExample.phpt b/tests/Security/Permission.CMSExample.phpt index 19ac5ada..488cdea5 100644 --- a/tests/Security/Permission.CMSExample.phpt +++ b/tests/Security/Permission.CMSExample.phpt @@ -18,57 +18,57 @@ $acl->addRole('editor', 'staff'); // editor inherits permissions from staff $acl->addRole('administrator'); // Guest may only view content -$acl->allow('guest', NULL, 'view'); +$acl->allow('guest', null, 'view'); // Staff inherits view privilege from guest, but also needs additional privileges -$acl->allow('staff', NULL, ['edit', 'submit', 'revise']); +$acl->allow('staff', null, ['edit', 'submit', 'revise']); // Editor inherits view, edit, submit, and revise privileges, but also needs additional privileges -$acl->allow('editor', NULL, ['publish', 'archive', 'delete']); +$acl->allow('editor', null, ['publish', 'archive', 'delete']); // Administrator inherits nothing but is allowed all privileges $acl->allow('administrator'); // Access control checks based on above permission sets -Assert::true($acl->isAllowed('guest', NULL, 'view')); -Assert::false($acl->isAllowed('guest', NULL, 'edit')); -Assert::false($acl->isAllowed('guest', NULL, 'submit')); -Assert::false($acl->isAllowed('guest', NULL, 'revise')); -Assert::false($acl->isAllowed('guest', NULL, 'publish')); -Assert::false($acl->isAllowed('guest', NULL, 'archive')); -Assert::false($acl->isAllowed('guest', NULL, 'delete')); -Assert::false($acl->isAllowed('guest', NULL, 'unknown')); +Assert::true($acl->isAllowed('guest', null, 'view')); +Assert::false($acl->isAllowed('guest', null, 'edit')); +Assert::false($acl->isAllowed('guest', null, 'submit')); +Assert::false($acl->isAllowed('guest', null, 'revise')); +Assert::false($acl->isAllowed('guest', null, 'publish')); +Assert::false($acl->isAllowed('guest', null, 'archive')); +Assert::false($acl->isAllowed('guest', null, 'delete')); +Assert::false($acl->isAllowed('guest', null, 'unknown')); Assert::false($acl->isAllowed('guest')); -Assert::true($acl->isAllowed('staff', NULL, 'view')); -Assert::true($acl->isAllowed('staff', NULL, 'edit')); -Assert::true($acl->isAllowed('staff', NULL, 'submit')); -Assert::true($acl->isAllowed('staff', NULL, 'revise')); -Assert::false($acl->isAllowed('staff', NULL, 'publish')); -Assert::false($acl->isAllowed('staff', NULL, 'archive')); -Assert::false($acl->isAllowed('staff', NULL, 'delete')); -Assert::false($acl->isAllowed('staff', NULL, 'unknown')); +Assert::true($acl->isAllowed('staff', null, 'view')); +Assert::true($acl->isAllowed('staff', null, 'edit')); +Assert::true($acl->isAllowed('staff', null, 'submit')); +Assert::true($acl->isAllowed('staff', null, 'revise')); +Assert::false($acl->isAllowed('staff', null, 'publish')); +Assert::false($acl->isAllowed('staff', null, 'archive')); +Assert::false($acl->isAllowed('staff', null, 'delete')); +Assert::false($acl->isAllowed('staff', null, 'unknown')); Assert::false($acl->isAllowed('staff')); -Assert::true($acl->isAllowed('editor', NULL, 'view')); -Assert::true($acl->isAllowed('editor', NULL, 'edit')); -Assert::true($acl->isAllowed('editor', NULL, 'submit')); -Assert::true($acl->isAllowed('editor', NULL, 'revise')); -Assert::true($acl->isAllowed('editor', NULL, 'publish')); -Assert::true($acl->isAllowed('editor', NULL, 'archive')); -Assert::true($acl->isAllowed('editor', NULL, 'delete')); -Assert::false($acl->isAllowed('editor', NULL, 'unknown')); +Assert::true($acl->isAllowed('editor', null, 'view')); +Assert::true($acl->isAllowed('editor', null, 'edit')); +Assert::true($acl->isAllowed('editor', null, 'submit')); +Assert::true($acl->isAllowed('editor', null, 'revise')); +Assert::true($acl->isAllowed('editor', null, 'publish')); +Assert::true($acl->isAllowed('editor', null, 'archive')); +Assert::true($acl->isAllowed('editor', null, 'delete')); +Assert::false($acl->isAllowed('editor', null, 'unknown')); Assert::false($acl->isAllowed('editor')); -Assert::true($acl->isAllowed('administrator', NULL, 'view')); -Assert::true($acl->isAllowed('administrator', NULL, 'edit')); -Assert::true($acl->isAllowed('administrator', NULL, 'submit')); -Assert::true($acl->isAllowed('administrator', NULL, 'revise')); -Assert::true($acl->isAllowed('administrator', NULL, 'publish')); -Assert::true($acl->isAllowed('administrator', NULL, 'archive')); -Assert::true($acl->isAllowed('administrator', NULL, 'delete')); -Assert::true($acl->isAllowed('administrator', NULL, 'unknown')); +Assert::true($acl->isAllowed('administrator', null, 'view')); +Assert::true($acl->isAllowed('administrator', null, 'edit')); +Assert::true($acl->isAllowed('administrator', null, 'submit')); +Assert::true($acl->isAllowed('administrator', null, 'revise')); +Assert::true($acl->isAllowed('administrator', null, 'publish')); +Assert::true($acl->isAllowed('administrator', null, 'archive')); +Assert::true($acl->isAllowed('administrator', null, 'delete')); +Assert::true($acl->isAllowed('administrator', null, 'unknown')); Assert::true($acl->isAllowed('administrator')); // Some checks on specific areas, which inherit access controls from the root ACL node @@ -105,18 +105,18 @@ $acl->deny('staff', 'latest', 'revise'); // Deny everyone access to archive news announcements $acl->addResource('announcement', 'news'); -$acl->deny(NULL, 'announcement', 'archive'); +$acl->deny(null, 'announcement', 'archive'); // Access control checks for the above refined permission sets -Assert::true($acl->isAllowed('marketing', NULL, 'view')); -Assert::true($acl->isAllowed('marketing', NULL, 'edit')); -Assert::true($acl->isAllowed('marketing', NULL, 'submit')); -Assert::true($acl->isAllowed('marketing', NULL, 'revise')); -Assert::false($acl->isAllowed('marketing', NULL, 'publish')); -Assert::false($acl->isAllowed('marketing', NULL, 'archive')); -Assert::false($acl->isAllowed('marketing', NULL, 'delete')); -Assert::false($acl->isAllowed('marketing', NULL, 'unknown')); +Assert::true($acl->isAllowed('marketing', null, 'view')); +Assert::true($acl->isAllowed('marketing', null, 'edit')); +Assert::true($acl->isAllowed('marketing', null, 'submit')); +Assert::true($acl->isAllowed('marketing', null, 'revise')); +Assert::false($acl->isAllowed('marketing', null, 'publish')); +Assert::false($acl->isAllowed('marketing', null, 'archive')); +Assert::false($acl->isAllowed('marketing', null, 'delete')); +Assert::false($acl->isAllowed('marketing', null, 'unknown')); Assert::false($acl->isAllowed('marketing')); Assert::true($acl->isAllowed('marketing', 'newsletter', 'publish')); diff --git a/tests/Security/Permission.DefaultAssert.phpt b/tests/Security/Permission.DefaultAssert.phpt index b0d3315e..0effec7e 100644 --- a/tests/Security/Permission.DefaultAssert.phpt +++ b/tests/Security/Permission.DefaultAssert.phpt @@ -13,10 +13,10 @@ require __DIR__ . '/../bootstrap.php'; function falseAssertion() { - return FALSE; + return false; } $acl = new Permission; -$acl->deny(NULL, NULL, NULL, 'falseAssertion'); -Assert::true($acl->isAllowed(NULL, NULL, 'somePrivilege')); +$acl->deny(null, null, null, 'falseAssertion'); +Assert::true($acl->isAllowed(null, null, 'somePrivilege')); diff --git a/tests/Security/Permission.DefaultDeny.phpt b/tests/Security/Permission.DefaultDeny.phpt index 2ac4a182..7ecd2191 100644 --- a/tests/Security/Permission.DefaultDeny.phpt +++ b/tests/Security/Permission.DefaultDeny.phpt @@ -13,8 +13,8 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; Assert::false($acl->isAllowed()); -Assert::false($acl->isAllowed(NULL, NULL, 'somePrivilege')); +Assert::false($acl->isAllowed(null, null, 'somePrivilege')); $acl->addRole('guest'); Assert::false($acl->isAllowed('guest')); -Assert::false($acl->isAllowed('guest', NULL, 'somePrivilege')); +Assert::false($acl->isAllowed('guest', null, 'somePrivilege')); diff --git a/tests/Security/Permission.DefaultRuleSet.phpt b/tests/Security/Permission.DefaultRuleSet.phpt index 063218b1..9656faca 100644 --- a/tests/Security/Permission.DefaultRuleSet.phpt +++ b/tests/Security/Permission.DefaultRuleSet.phpt @@ -14,8 +14,8 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->allow(); Assert::true($acl->isAllowed()); -Assert::true($acl->isAllowed(NULL, NULL, 'somePrivilege')); +Assert::true($acl->isAllowed(null, null, 'somePrivilege')); $acl->deny(); Assert::false($acl->isAllowed()); -Assert::false($acl->isAllowed(NULL, NULL, 'somePrivilege')); +Assert::false($acl->isAllowed(null, null, 'somePrivilege')); diff --git a/tests/Security/Permission.IsAllowedNonExistent.phpt b/tests/Security/Permission.IsAllowedNonExistent.phpt index 433aea73..ec0d15aa 100644 --- a/tests/Security/Permission.IsAllowedNonExistent.phpt +++ b/tests/Security/Permission.IsAllowedNonExistent.phpt @@ -18,5 +18,5 @@ Assert::exception(function () { Assert::exception(function () { $acl = new Permission; - $acl->isAllowed(NULL, 'nonexistent'); + $acl->isAllowed(null, 'nonexistent'); }, Nette\InvalidStateException::class, "Resource 'nonexistent' does not exist."); diff --git a/tests/Security/Permission.PrivilegeAllow.phpt b/tests/Security/Permission.PrivilegeAllow.phpt index a5dd2141..8d272cd0 100644 --- a/tests/Security/Permission.PrivilegeAllow.phpt +++ b/tests/Security/Permission.PrivilegeAllow.phpt @@ -12,5 +12,5 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; -$acl->allow(NULL, NULL, 'somePrivilege'); -Assert::true($acl->isAllowed(NULL, NULL, 'somePrivilege')); +$acl->allow(null, null, 'somePrivilege'); +Assert::true($acl->isAllowed(null, null, 'somePrivilege')); diff --git a/tests/Security/Permission.PrivilegeAssert.phpt b/tests/Security/Permission.PrivilegeAssert.phpt index 557db609..06e25080 100644 --- a/tests/Security/Permission.PrivilegeAssert.phpt +++ b/tests/Security/Permission.PrivilegeAssert.phpt @@ -13,18 +13,19 @@ require __DIR__ . '/../bootstrap.php'; function falseAssertion() { - return FALSE; + return false; } + function trueAssertion() { - return TRUE; + return true; } $acl = new Permission; -$acl->allow(NULL, NULL, 'somePrivilege', 'trueAssertion'); -Assert::true($acl->isAllowed(NULL, NULL, 'somePrivilege')); +$acl->allow(null, null, 'somePrivilege', 'trueAssertion'); +Assert::true($acl->isAllowed(null, null, 'somePrivilege')); -$acl->allow(NULL, NULL, 'somePrivilege', 'falseAssertion'); -Assert::false($acl->isAllowed(NULL, NULL, 'somePrivilege')); +$acl->allow(null, null, 'somePrivilege', 'falseAssertion'); +Assert::false($acl->isAllowed(null, null, 'somePrivilege')); diff --git a/tests/Security/Permission.PrivilegeDeny.phpt b/tests/Security/Permission.PrivilegeDeny.phpt index 01d59d92..8473a9a2 100644 --- a/tests/Security/Permission.PrivilegeDeny.phpt +++ b/tests/Security/Permission.PrivilegeDeny.phpt @@ -13,5 +13,5 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->allow(); -$acl->deny(NULL, NULL, 'somePrivilege'); -Assert::false($acl->isAllowed(NULL, NULL, 'somePrivilege')); +$acl->deny(null, null, 'somePrivilege'); +Assert::false($acl->isAllowed(null, null, 'somePrivilege')); diff --git a/tests/Security/Permission.Privileges.phpt b/tests/Security/Permission.Privileges.phpt index 0c95cbf4..fa6f346e 100644 --- a/tests/Security/Permission.Privileges.phpt +++ b/tests/Security/Permission.Privileges.phpt @@ -12,13 +12,13 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; -$acl->allow(NULL, NULL, ['p1', 'p2', 'p3']); -Assert::true($acl->isAllowed(NULL, NULL, 'p1')); -Assert::true($acl->isAllowed(NULL, NULL, 'p2')); -Assert::true($acl->isAllowed(NULL, NULL, 'p3')); -Assert::false($acl->isAllowed(NULL, NULL, 'p4')); -$acl->deny(NULL, NULL, 'p1'); -Assert::false($acl->isAllowed(NULL, NULL, 'p1')); -$acl->deny(NULL, NULL, ['p2', 'p3']); -Assert::false($acl->isAllowed(NULL, NULL, 'p2')); -Assert::false($acl->isAllowed(NULL, NULL, 'p3')); +$acl->allow(null, null, ['p1', 'p2', 'p3']); +Assert::true($acl->isAllowed(null, null, 'p1')); +Assert::true($acl->isAllowed(null, null, 'p2')); +Assert::true($acl->isAllowed(null, null, 'p3')); +Assert::false($acl->isAllowed(null, null, 'p4')); +$acl->deny(null, null, 'p1'); +Assert::false($acl->isAllowed(null, null, 'p1')); +$acl->deny(null, null, ['p2', 'p3']); +Assert::false($acl->isAllowed(null, null, 'p2')); +Assert::false($acl->isAllowed(null, null, 'p3')); diff --git a/tests/Security/Permission.RemoveDefaultDenyAssert.phpt b/tests/Security/Permission.RemoveDefaultDenyAssert.phpt index 4fd7fe45..81282dbd 100644 --- a/tests/Security/Permission.RemoveDefaultDenyAssert.phpt +++ b/tests/Security/Permission.RemoveDefaultDenyAssert.phpt @@ -13,12 +13,12 @@ require __DIR__ . '/../bootstrap.php'; function falseAssertion() { - return FALSE; + return false; } $acl = new Permission; -$acl->deny(NULL, NULL, NULL, 'falseAssertion'); +$acl->deny(null, null, null, 'falseAssertion'); Assert::true($acl->isAllowed()); $acl->removeDeny(); Assert::false($acl->isAllowed()); diff --git a/tests/Security/Permission.RemovingRoleAfterItWasAllowedAccessToAllResources.phpt b/tests/Security/Permission.RemovingRoleAfterItWasAllowedAccessToAllResources.phpt index e5b5c1d4..dc8984b7 100644 --- a/tests/Security/Permission.RemovingRoleAfterItWasAllowedAccessToAllResources.phpt +++ b/tests/Security/Permission.RemovingRoleAfterItWasAllowedAccessToAllResources.phpt @@ -18,7 +18,7 @@ $acl->addRole('test1'); $acl->addRole('test2'); $acl->addResource('Test'); -$acl->allow(NULL,'Test','xxx'); +$acl->allow(null, 'Test', 'xxx'); // error test $acl->removeRole('test0'); diff --git a/tests/Security/Permission.ResourceInherits.phpt b/tests/Security/Permission.ResourceInherits.phpt index ff3c431d..64e11cc4 100644 --- a/tests/Security/Permission.ResourceInherits.phpt +++ b/tests/Security/Permission.ResourceInherits.phpt @@ -17,10 +17,10 @@ $acl->addResource('building', 'city'); $acl->addResource('room', 'building'); Assert::same(['city', 'building', 'room'], $acl->getResources()); -Assert::true($acl->resourceInheritsFrom('building', 'city', TRUE)); -Assert::true($acl->resourceInheritsFrom('room', 'building', TRUE)); +Assert::true($acl->resourceInheritsFrom('building', 'city', true)); +Assert::true($acl->resourceInheritsFrom('room', 'building', true)); Assert::true($acl->resourceInheritsFrom('room', 'city')); -Assert::false($acl->resourceInheritsFrom('room', 'city', TRUE)); +Assert::false($acl->resourceInheritsFrom('room', 'city', true)); Assert::false($acl->resourceInheritsFrom('city', 'building')); Assert::false($acl->resourceInheritsFrom('building', 'room')); Assert::false($acl->resourceInheritsFrom('city', 'room')); diff --git a/tests/Security/Permission.RoleDefaultAllowRuleWithPrivilegeDenyRule.phpt b/tests/Security/Permission.RoleDefaultAllowRuleWithPrivilegeDenyRule.phpt index 7658cdb4..10ec1d77 100644 --- a/tests/Security/Permission.RoleDefaultAllowRuleWithPrivilegeDenyRule.phpt +++ b/tests/Security/Permission.RoleDefaultAllowRuleWithPrivilegeDenyRule.phpt @@ -17,5 +17,5 @@ $acl->addRole('guest'); $acl->addRole('staff', 'guest'); $acl->deny(); $acl->allow('staff'); -$acl->deny('staff', NULL, ['privilege1', 'privilege2']); -Assert::false($acl->isAllowed('staff', NULL, 'privilege1')); +$acl->deny('staff', null, ['privilege1', 'privilege2']); +Assert::false($acl->isAllowed('staff', null, 'privilege1')); diff --git a/tests/Security/Permission.RoleDefaultRuleSetPrivilege.phpt b/tests/Security/Permission.RoleDefaultRuleSetPrivilege.phpt index 2e49c9e1..1739c163 100644 --- a/tests/Security/Permission.RoleDefaultRuleSetPrivilege.phpt +++ b/tests/Security/Permission.RoleDefaultRuleSetPrivilege.phpt @@ -14,6 +14,6 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->addRole('guest'); $acl->allow('guest'); -Assert::true($acl->isAllowed('guest', NULL, 'somePrivilege')); +Assert::true($acl->isAllowed('guest', null, 'somePrivilege')); $acl->deny('guest'); -Assert::false($acl->isAllowed('guest', NULL, 'somePrivilege')); +Assert::false($acl->isAllowed('guest', null, 'somePrivilege')); diff --git a/tests/Security/Permission.RolePrivilegeAllow.phpt b/tests/Security/Permission.RolePrivilegeAllow.phpt index 61bcc179..5ac30c35 100644 --- a/tests/Security/Permission.RolePrivilegeAllow.phpt +++ b/tests/Security/Permission.RolePrivilegeAllow.phpt @@ -13,5 +13,5 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->addRole('guest'); -$acl->allow('guest', NULL, 'somePrivilege'); -Assert::true($acl->isAllowed('guest', NULL, 'somePrivilege')); +$acl->allow('guest', null, 'somePrivilege'); +Assert::true($acl->isAllowed('guest', null, 'somePrivilege')); diff --git a/tests/Security/Permission.RolePrivilegeAssert.phpt b/tests/Security/Permission.RolePrivilegeAssert.phpt index 0b31e0f2..ce953c69 100644 --- a/tests/Security/Permission.RolePrivilegeAssert.phpt +++ b/tests/Security/Permission.RolePrivilegeAssert.phpt @@ -13,18 +13,19 @@ require __DIR__ . '/../bootstrap.php'; function falseAssertion() { - return FALSE; + return false; } + function trueAssertion() { - return TRUE; + return true; } $acl = new Permission; $acl->addRole('guest'); -$acl->allow('guest', NULL, 'somePrivilege', 'trueAssertion'); -Assert::true($acl->isAllowed('guest', NULL, 'somePrivilege')); -$acl->allow('guest', NULL, 'somePrivilege', 'falseAssertion'); -Assert::false($acl->isAllowed('guest', NULL, 'somePrivilege')); +$acl->allow('guest', null, 'somePrivilege', 'trueAssertion'); +Assert::true($acl->isAllowed('guest', null, 'somePrivilege')); +$acl->allow('guest', null, 'somePrivilege', 'falseAssertion'); +Assert::false($acl->isAllowed('guest', null, 'somePrivilege')); diff --git a/tests/Security/Permission.RolePrivilegeDeny.phpt b/tests/Security/Permission.RolePrivilegeDeny.phpt index 03988147..97c85111 100644 --- a/tests/Security/Permission.RolePrivilegeDeny.phpt +++ b/tests/Security/Permission.RolePrivilegeDeny.phpt @@ -14,5 +14,5 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->addRole('guest'); $acl->allow('guest'); -$acl->deny('guest', NULL, 'somePrivilege'); -Assert::false($acl->isAllowed('guest', NULL, 'somePrivilege')); +$acl->deny('guest', null, 'somePrivilege'); +Assert::false($acl->isAllowed('guest', null, 'somePrivilege')); diff --git a/tests/Security/Permission.RolePrivileges.phpt b/tests/Security/Permission.RolePrivileges.phpt index 0dca08a1..508f2505 100644 --- a/tests/Security/Permission.RolePrivileges.phpt +++ b/tests/Security/Permission.RolePrivileges.phpt @@ -13,13 +13,13 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->addRole('guest'); -$acl->allow('guest', NULL, ['p1', 'p2', 'p3']); -Assert::true($acl->isAllowed('guest', NULL, 'p1')); -Assert::true($acl->isAllowed('guest', NULL, 'p2')); -Assert::true($acl->isAllowed('guest', NULL, 'p3')); -Assert::false($acl->isAllowed('guest', NULL, 'p4')); -$acl->deny('guest', NULL, 'p1'); -Assert::false($acl->isAllowed('guest', NULL, 'p1')); -$acl->deny('guest', NULL, ['p2', 'p3']); -Assert::false($acl->isAllowed('guest', NULL, 'p2')); -Assert::false($acl->isAllowed('guest', NULL, 'p3')); +$acl->allow('guest', null, ['p1', 'p2', 'p3']); +Assert::true($acl->isAllowed('guest', null, 'p1')); +Assert::true($acl->isAllowed('guest', null, 'p2')); +Assert::true($acl->isAllowed('guest', null, 'p3')); +Assert::false($acl->isAllowed('guest', null, 'p4')); +$acl->deny('guest', null, 'p1'); +Assert::false($acl->isAllowed('guest', null, 'p1')); +$acl->deny('guest', null, ['p2', 'p3']); +Assert::false($acl->isAllowed('guest', null, 'p2')); +Assert::false($acl->isAllowed('guest', null, 'p3')); diff --git a/tests/Security/Permission.RoleRegistryInherits.phpt b/tests/Security/Permission.RoleRegistryInherits.phpt index 1e2ae6c7..59a0ddf5 100644 --- a/tests/Security/Permission.RoleRegistryInherits.phpt +++ b/tests/Security/Permission.RoleRegistryInherits.phpt @@ -21,10 +21,10 @@ Assert::same(['guest'], $acl->getRoleParents('member')); Assert::same(['member'], $acl->getRoleParents('editor')); -Assert::true($acl->roleInheritsFrom('member', 'guest', TRUE)); -Assert::true($acl->roleInheritsFrom('editor', 'member', TRUE)); +Assert::true($acl->roleInheritsFrom('member', 'guest', true)); +Assert::true($acl->roleInheritsFrom('editor', 'member', true)); Assert::true($acl->roleInheritsFrom('editor', 'guest')); -Assert::false($acl->roleInheritsFrom('editor', 'guest', TRUE)); +Assert::false($acl->roleInheritsFrom('editor', 'guest', true)); Assert::false($acl->roleInheritsFrom('guest', 'member')); Assert::false($acl->roleInheritsFrom('member', 'editor')); Assert::false($acl->roleInheritsFrom('guest', 'editor')); diff --git a/tests/Security/Permission.RulesRemove.phpt b/tests/Security/Permission.RulesRemove.phpt index d5119200..6247f9c0 100644 --- a/tests/Security/Permission.RulesRemove.phpt +++ b/tests/Security/Permission.RulesRemove.phpt @@ -12,10 +12,10 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; -$acl->allow(NULL, NULL, ['privilege1', 'privilege2']); +$acl->allow(null, null, ['privilege1', 'privilege2']); Assert::false($acl->isAllowed()); -Assert::true($acl->isAllowed(NULL, NULL, 'privilege1')); -Assert::true($acl->isAllowed(NULL, NULL, 'privilege2')); -$acl->removeAllow(NULL, NULL, 'privilege1'); -Assert::false($acl->isAllowed(NULL, NULL, 'privilege1')); -Assert::true($acl->isAllowed(NULL, NULL, 'privilege2')); +Assert::true($acl->isAllowed(null, null, 'privilege1')); +Assert::true($acl->isAllowed(null, null, 'privilege2')); +$acl->removeAllow(null, null, 'privilege1'); +Assert::false($acl->isAllowed(null, null, 'privilege1')); +Assert::true($acl->isAllowed(null, null, 'privilege2')); diff --git a/tests/Security/Permission.RulesResourceRemove.phpt b/tests/Security/Permission.RulesResourceRemove.phpt index 1e9b7c28..1a528804 100644 --- a/tests/Security/Permission.RulesResourceRemove.phpt +++ b/tests/Security/Permission.RulesResourceRemove.phpt @@ -13,12 +13,12 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->addResource('area'); -$acl->allow(NULL, 'area'); -Assert::true($acl->isAllowed(NULL, 'area')); +$acl->allow(null, 'area'); +Assert::true($acl->isAllowed(null, 'area')); $acl->removeResource('area'); Assert::exception(function () use ($acl) { - $acl->isAllowed(NULL, 'area'); + $acl->isAllowed(null, 'area'); }, Nette\InvalidStateException::class, "Resource 'area' does not exist."); $acl->addResource('area'); -Assert::false($acl->isAllowed(NULL, 'area')); +Assert::false($acl->isAllowed(null, 'area')); diff --git a/tests/Security/Permission.RulesResourceRemoveAll.phpt b/tests/Security/Permission.RulesResourceRemoveAll.phpt index 7afc8741..c1abfd52 100644 --- a/tests/Security/Permission.RulesResourceRemoveAll.phpt +++ b/tests/Security/Permission.RulesResourceRemoveAll.phpt @@ -13,12 +13,12 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->addResource('area'); -$acl->allow(NULL, 'area'); -Assert::true($acl->isAllowed(NULL, 'area')); +$acl->allow(null, 'area'); +Assert::true($acl->isAllowed(null, 'area')); $acl->removeAllResources(); Assert::exception(function () use ($acl) { - $acl->isAllowed(NULL, 'area'); + $acl->isAllowed(null, 'area'); }, Nette\InvalidStateException::class, "Resource 'area' does not exist."); $acl->addResource('area'); -Assert::false($acl->isAllowed(NULL, 'area')); +Assert::false($acl->isAllowed(null, 'area')); diff --git a/tests/Security/User.authentication.phpt b/tests/Security/User.authentication.phpt index 2dadc1d9..ac0ce3a4 100644 --- a/tests/Security/User.authentication.phpt +++ b/tests/Security/User.authentication.phpt @@ -19,8 +19,7 @@ ob_start(); class Authenticator implements IAuthenticator { - - function authenticate(array $credentials) + public function authenticate(array $credentials) { list($username, $password) = $credentials; if ($username !== 'john') { @@ -33,7 +32,6 @@ class Authenticator implements IAuthenticator return new Identity('John Doe', 'admin'); } } - } @@ -85,7 +83,7 @@ Assert::equal(new Identity('John Doe', 'admin'), $user->getIdentity()); Assert::same('John Doe', $user->getId()); // login as john#3 -$user->logout(TRUE); +$user->logout(true); Assert::same(1, $counter->logout); $user->login(new Identity('John Doe', 'admin')); Assert::same(2, $counter->login); @@ -95,7 +93,7 @@ Assert::equal(new Identity('John Doe', 'admin'), $user->getIdentity()); // log out // logging out... -$user->logout(FALSE); +$user->logout(false); Assert::same(2, $counter->logout); Assert::false($user->isLoggedIn()); @@ -103,7 +101,7 @@ Assert::equal(new Identity('John Doe', 'admin'), $user->getIdentity()); // logging out and clearing identity... -$user->logout(TRUE); +$user->logout(true); Assert::same(2, $counter->logout); // not logged in -> logout event not triggered Assert::false($user->isLoggedIn()); diff --git a/tests/Security/User.authorization.phpt b/tests/Security/User.authorization.phpt index 03efdc05..858b0ae7 100644 --- a/tests/Security/User.authorization.phpt +++ b/tests/Security/User.authorization.phpt @@ -5,8 +5,8 @@ */ use Nette\Security\IAuthenticator; -use Nette\Security\Identity; use Nette\Security\IAuthorizator; +use Nette\Security\Identity; use Tester\Assert; @@ -21,8 +21,7 @@ ob_start(); class Authenticator implements IAuthenticator { - - function authenticate(array $credentials) + public function authenticate(array $credentials) { list($username, $password) = $credentials; if ($username !== 'john') { @@ -35,18 +34,15 @@ class Authenticator implements IAuthenticator return new Identity('John Doe', ['admin']); } } - } class Authorizator implements IAuthorizator { - - function isAllowed($role = self::ALL, $resource = self::ALL, $privilege = self::ALL) + public function isAllowed($role = self::ALL, $resource = self::ALL, $privilege = self::ALL) { - return $role === 'admin' && strpos($resource, 'jany') === FALSE; + return $role === 'admin' && strpos($resource, 'jany') === false; } - } @@ -88,6 +84,6 @@ Assert::false($user->isAllowed('sleep_with_jany')); // log out // logging out... -$user->logout(FALSE); +$user->logout(false); Assert::false($user->isAllowed('delete_file'));