From 8381b15d6ce3508c52d98b3f70057b8ee477866d Mon Sep 17 00:00:00 2001 From: David Grudl Date: Tue, 11 Jul 2017 11:41:33 +0200 Subject: [PATCH 01/21] coding style: fixed spaces & use statements order --- src/Bridges/SecurityDI/SecurityExtension.php | 1 - src/Bridges/SecurityTracy/UserPanel.php | 1 - src/Security/IAuthenticator.php | 1 - src/Security/IAuthorizator.php | 2 -- src/Security/IIdentity.php | 1 - src/Security/IResource.php | 1 - src/Security/IRole.php | 1 - src/Security/IUserStorage.php | 1 - src/Security/Identity.php | 1 - src/Security/Passwords.php | 1 - src/Security/Permission.php | 1 - src/Security/SimpleAuthenticator.php | 1 - src/Security/User.php | 1 - tests/Security.DI/SecurityExtension.authenticator.phpt | 2 +- tests/Security.DI/SecurityExtension.user.phpt | 2 +- tests/Security/MockUserStorage.php | 6 ++++++ tests/Security/Permission.PrivilegeAssert.phpt | 1 + tests/Security/Permission.RolePrivilegeAssert.phpt | 1 + tests/Security/User.authentication.phpt | 2 -- tests/Security/User.authorization.phpt | 6 +----- 20 files changed, 11 insertions(+), 23 deletions(-) diff --git a/src/Bridges/SecurityDI/SecurityExtension.php b/src/Bridges/SecurityDI/SecurityExtension.php index 0a86194b..b69ccc23 100644 --- a/src/Bridges/SecurityDI/SecurityExtension.php +++ b/src/Bridges/SecurityDI/SecurityExtension.php @@ -90,5 +90,4 @@ public function loadConfiguration() $builder->addAlias('nette.userStorage', $this->prefix('userStorage')); } } - } diff --git a/src/Bridges/SecurityTracy/UserPanel.php b/src/Bridges/SecurityTracy/UserPanel.php index 5bfd0a92..c25794e6 100644 --- a/src/Bridges/SecurityTracy/UserPanel.php +++ b/src/Bridges/SecurityTracy/UserPanel.php @@ -56,5 +56,4 @@ public function getPanel() require __DIR__ . '/templates/UserPanel.panel.phtml'; return ob_get_clean(); } - } diff --git a/src/Security/IAuthenticator.php b/src/Security/IAuthenticator.php index 1cac4e0f..be02981d 100644 --- a/src/Security/IAuthenticator.php +++ b/src/Security/IAuthenticator.php @@ -32,5 +32,4 @@ interface IAuthenticator * @throws AuthenticationException */ function authenticate(array $credentials); - } diff --git a/src/Security/IAuthorizator.php b/src/Security/IAuthorizator.php index f5211e6a..2a54f160 100644 --- a/src/Security/IAuthorizator.php +++ b/src/Security/IAuthorizator.php @@ -23,7 +23,6 @@ interface IAuthorizator /** Permission type: deny */ const DENY = FALSE; - /** * Performs a role-based authorization. * @param string|NULL @@ -32,5 +31,4 @@ interface IAuthorizator * @return bool */ function isAllowed($role, $resource, $privilege); - } diff --git a/src/Security/IIdentity.php b/src/Security/IIdentity.php index bc9be15a..2070b6cd 100644 --- a/src/Security/IIdentity.php +++ b/src/Security/IIdentity.php @@ -25,5 +25,4 @@ function getId(); * @return array */ function getRoles(); - } diff --git a/src/Security/IResource.php b/src/Security/IResource.php index e449ce94..5f95de38 100644 --- a/src/Security/IResource.php +++ b/src/Security/IResource.php @@ -19,5 +19,4 @@ interface IResource * @return string */ function getResourceId(); - } diff --git a/src/Security/IRole.php b/src/Security/IRole.php index 6d6bcfb7..e81b0a56 100644 --- a/src/Security/IRole.php +++ b/src/Security/IRole.php @@ -19,5 +19,4 @@ interface IRole * @return string */ function getRoleId(); - } diff --git a/src/Security/IUserStorage.php b/src/Security/IUserStorage.php index 36bae4a2..1280708a 100644 --- a/src/Security/IUserStorage.php +++ b/src/Security/IUserStorage.php @@ -62,5 +62,4 @@ function setExpiration($time, $flags = 0); * @return int|NULL */ function getLogoutReason(); - } diff --git a/src/Security/Identity.php b/src/Security/Identity.php index 6be5960b..3790840d 100644 --- a/src/Security/Identity.php +++ b/src/Security/Identity.php @@ -142,5 +142,4 @@ public function __isset($key) { return isset($this->data[$key]) || $this->parentIsSet($key); } - } diff --git a/src/Security/Passwords.php b/src/Security/Passwords.php index 26ad2fb3..292cb851 100644 --- a/src/Security/Passwords.php +++ b/src/Security/Passwords.php @@ -61,5 +61,4 @@ public static function needsRehash($hash, array $options = []) { return password_needs_rehash($hash, PASSWORD_BCRYPT, $options); } - } diff --git a/src/Security/Permission.php b/src/Security/Permission.php index 1f28b903..183e4825 100644 --- a/src/Security/Permission.php +++ b/src/Security/Permission.php @@ -798,5 +798,4 @@ private function &getRules($resource, $role, $create = FALSE) return $visitor['byRole'][$role]; } - } diff --git a/src/Security/SimpleAuthenticator.php b/src/Security/SimpleAuthenticator.php index ac3dfeed..faaad78a 100644 --- a/src/Security/SimpleAuthenticator.php +++ b/src/Security/SimpleAuthenticator.php @@ -55,5 +55,4 @@ public function authenticate(array $credentials) } throw new AuthenticationException("User '$username' not found.", self::IDENTITY_NOT_FOUND); } - } diff --git a/src/Security/User.php b/src/Security/User.php index 73fb7170..f6462404 100644 --- a/src/Security/User.php +++ b/src/Security/User.php @@ -261,5 +261,4 @@ public function getAuthorizator($throw = TRUE) } return $this->authorizator; } - } diff --git a/tests/Security.DI/SecurityExtension.authenticator.phpt b/tests/Security.DI/SecurityExtension.authenticator.phpt index e783f007..2cb1fdb2 100644 --- a/tests/Security.DI/SecurityExtension.authenticator.phpt +++ b/tests/Security.DI/SecurityExtension.authenticator.phpt @@ -4,10 +4,10 @@ * Test: SecurityExtension */ -use Nette\DI; use Nette\Bridges\HttpDI\HttpExtension; use Nette\Bridges\HttpDI\SessionExtension; use Nette\Bridges\SecurityDI\SecurityExtension; +use Nette\DI; use Tester\Assert; diff --git a/tests/Security.DI/SecurityExtension.user.phpt b/tests/Security.DI/SecurityExtension.user.phpt index 80c42e43..759e843b 100644 --- a/tests/Security.DI/SecurityExtension.user.phpt +++ b/tests/Security.DI/SecurityExtension.user.phpt @@ -4,10 +4,10 @@ * Test: SecurityExtension */ -use Nette\DI; use Nette\Bridges\HttpDI\HttpExtension; use Nette\Bridges\HttpDI\SessionExtension; use Nette\Bridges\SecurityDI\SecurityExtension; +use Nette\DI; use Tester\Assert; diff --git a/tests/Security/MockUserStorage.php b/tests/Security/MockUserStorage.php index 57dc6b97..358bcc7a 100644 --- a/tests/Security/MockUserStorage.php +++ b/tests/Security/MockUserStorage.php @@ -5,30 +5,36 @@ class MockUserStorage implements Nette\Security\IUserStorage private $auth = FALSE; private $identity; + function setAuthenticated($state) { $this->auth = $state; } + function isAuthenticated() { return $this->auth; } + function setIdentity(Nette\Security\IIdentity $identity = NULL) { $this->identity = $identity; } + function getIdentity() { return $this->identity; } + function setExpiration($time, $flags = 0) { } + function getLogoutReason() { } diff --git a/tests/Security/Permission.PrivilegeAssert.phpt b/tests/Security/Permission.PrivilegeAssert.phpt index 557db609..35f13a2f 100644 --- a/tests/Security/Permission.PrivilegeAssert.phpt +++ b/tests/Security/Permission.PrivilegeAssert.phpt @@ -16,6 +16,7 @@ function falseAssertion() return FALSE; } + function trueAssertion() { return TRUE; diff --git a/tests/Security/Permission.RolePrivilegeAssert.phpt b/tests/Security/Permission.RolePrivilegeAssert.phpt index 0b31e0f2..716f79a0 100644 --- a/tests/Security/Permission.RolePrivilegeAssert.phpt +++ b/tests/Security/Permission.RolePrivilegeAssert.phpt @@ -16,6 +16,7 @@ function falseAssertion() return FALSE; } + function trueAssertion() { return TRUE; diff --git a/tests/Security/User.authentication.phpt b/tests/Security/User.authentication.phpt index 2dadc1d9..d930ca1a 100644 --- a/tests/Security/User.authentication.phpt +++ b/tests/Security/User.authentication.phpt @@ -19,7 +19,6 @@ ob_start(); class Authenticator implements IAuthenticator { - function authenticate(array $credentials) { list($username, $password) = $credentials; @@ -33,7 +32,6 @@ class Authenticator implements IAuthenticator return new Identity('John Doe', 'admin'); } } - } diff --git a/tests/Security/User.authorization.phpt b/tests/Security/User.authorization.phpt index 03efdc05..0dbcb2ff 100644 --- a/tests/Security/User.authorization.phpt +++ b/tests/Security/User.authorization.phpt @@ -5,8 +5,8 @@ */ use Nette\Security\IAuthenticator; -use Nette\Security\Identity; use Nette\Security\IAuthorizator; +use Nette\Security\Identity; use Tester\Assert; @@ -21,7 +21,6 @@ ob_start(); class Authenticator implements IAuthenticator { - function authenticate(array $credentials) { list($username, $password) = $credentials; @@ -35,18 +34,15 @@ class Authenticator implements IAuthenticator return new Identity('John Doe', ['admin']); } } - } class Authorizator implements IAuthorizator { - function isAllowed($role = self::ALL, $resource = self::ALL, $privilege = self::ALL) { return $role === 'admin' && strpos($resource, 'jany') === FALSE; } - } From 9d89d5fc401cc3931df22ff0e82a1f1edc0b51fa Mon Sep 17 00:00:00 2001 From: David Grudl Date: Tue, 11 Jul 2017 11:41:53 +0200 Subject: [PATCH 02/21] coding style: TRUE/FALSE/NULL -> true/false/null --- readme.md | 28 ++-- src/Bridges/SecurityDI/SecurityExtension.php | 8 +- .../templates/UserPanel.panel.phtml | 2 +- src/Security/IAuthorizator.php | 12 +- src/Security/IUserStorage.php | 6 +- src/Security/Identity.php | 2 +- src/Security/Passwords.php | 2 +- src/Security/Permission.php | 140 +++++++++--------- src/Security/SimpleAuthenticator.php | 2 +- src/Security/User.php | 38 ++--- tests/Security/MockUserStorage.php | 4 +- tests/Security/Permission.CMSExample.phpt | 88 +++++------ tests/Security/Permission.DefaultAssert.phpt | 6 +- tests/Security/Permission.DefaultDeny.phpt | 4 +- tests/Security/Permission.DefaultRuleSet.phpt | 4 +- .../Permission.IsAllowedNonExistent.phpt | 2 +- tests/Security/Permission.PrivilegeAllow.phpt | 4 +- .../Security/Permission.PrivilegeAssert.phpt | 12 +- tests/Security/Permission.PrivilegeDeny.phpt | 4 +- tests/Security/Permission.Privileges.phpt | 20 +-- .../Permission.RemoveDefaultDenyAssert.phpt | 4 +- ...AfterItWasAllowedAccessToAllResources.phpt | 2 +- .../Security/Permission.ResourceInherits.phpt | 6 +- ...DefaultAllowRuleWithPrivilegeDenyRule.phpt | 4 +- ...ermission.RoleDefaultRuleSetPrivilege.phpt | 4 +- .../Permission.RolePrivilegeAllow.phpt | 4 +- .../Permission.RolePrivilegeAssert.phpt | 12 +- .../Permission.RolePrivilegeDeny.phpt | 4 +- tests/Security/Permission.RolePrivileges.phpt | 20 +-- .../Permission.RoleRegistryInherits.phpt | 6 +- tests/Security/Permission.RulesRemove.phpt | 12 +- .../Permission.RulesResourceRemove.phpt | 8 +- .../Permission.RulesResourceRemoveAll.phpt | 8 +- tests/Security/User.authentication.phpt | 6 +- tests/Security/User.authorization.phpt | 4 +- 35 files changed, 246 insertions(+), 246 deletions(-) diff --git a/readme.md b/readme.md index a7fb6944..c6f8006e 100644 --- a/readme.md +++ b/readme.md @@ -146,7 +146,7 @@ Identity Identity presents a set of user information, as returned by autheticator. It's an object implementing [api:Nette\Security\IIdentity] interface, with default implementation [api:Nette\Security\Identity]. Class has methods `getId()`, that returns users ID (for example primary key for the respective database row), and `getRoles()`, which returns an array of all roles user is in. User data can be access as if they were identity properties. -Identity is not erased when the user is logged out. So, if identity exists, it by itself does not grant that the user is also logged in. If we would like to explicitly delete the identity for some reason, we logout the user by calling `$user->logout(TRUE)`. +Identity is not erased when the user is logged out. So, if identity exists, it by itself does not grant that the user is also logged in. If we would like to explicitly delete the identity for some reason, we logout the user by calling `$user->logout(true)`. Service `user` of class [api:Nette\Security\User] keeps the identity in session and uses it to all authorizations. Identity can be access with `getIdentity` upon `$user`: @@ -211,7 +211,7 @@ class MyAuthorizator extends Nette\Object function isAllowed($role, $resource, $privilege) { - return ...; // returns either TRUE or FALSE + return ...; // returns either true or false } } @@ -266,7 +266,7 @@ Trivial, isn't it? This ensures all the properties of the parents will be inheri Do note the method `getRoleParents()`, which returns an array of all direct parent roles, and the method `roleIntheritsFrom()`, which checks whether a role extends another. Their usage: ```php -$acl->roleInheritsFrom('administrator', 'guest'); // TRUE +$acl->roleInheritsFrom('administrator', 'guest'); // true $acl->getRoleParents('administrator'); // array('registered') - only direct parents ``` @@ -301,27 +301,27 @@ Now when we have created the set of rules, we may simply ask the authorization q ```php // can guest view articles? -echo $acl->isAllowed('guest', 'article', 'view'); // TRUE +echo $acl->isAllowed('guest', 'article', 'view'); // true // can guest edit an article? -echo $acl->isAllowed('guest', 'article', 'edit'); // FALSE +echo $acl->isAllowed('guest', 'article', 'edit'); // false // may guest add comments? -echo $acl->isAllowed('guest', 'comments', 'add'); // FALSE +echo $acl->isAllowed('guest', 'comments', 'add'); // false ``` The same is true for the registered user, though he is allowed to add a comment: ```php -echo $acl->isAllowed('registered', 'article', 'view'); // TRUE -echo $acl->isAllowed('registered', 'comments', 'add'); // TRUE -echo $acl->isAllowed('registered', 'backend', 'view'); // FALSE +echo $acl->isAllowed('registered', 'article', 'view'); // true +echo $acl->isAllowed('registered', 'comments', 'add'); // true +echo $acl->isAllowed('registered', 'backend', 'view'); // false ``` Administrator is allowed to do everything: ```php -echo $acl->isAllowed('administrator', 'article', 'view'); // TRUE -echo $acl->isAllowed('administrator', 'commend', 'add'); // TRUE -echo $acl->isAllowed('administrator', 'poll', 'edit'); // TRUE +echo $acl->isAllowed('administrator', 'article', 'view'); // true +echo $acl->isAllowed('administrator', 'commend', 'add'); // true +echo $acl->isAllowed('administrator', 'poll', 'edit'); // true ``` Admin rules may possibly be defined without any restrictions (without inheriting from any other roles): @@ -347,11 +347,11 @@ $acl->deny('guest', 'backend'); // example A: role admin has lower weight than role guest $acl->addRole('john', array('admin', 'guest')); -$acl->isAllowed('john', 'backend'); // FALSE +$acl->isAllowed('john', 'backend'); // false // example B: role admin has greater weight than role guest $acl->addRole('mary', array('guest', 'admin')); -$acl->isAllowed('mary', 'backend'); // TRUE +$acl->isAllowed('mary', 'backend'); // true ``` diff --git a/src/Bridges/SecurityDI/SecurityExtension.php b/src/Bridges/SecurityDI/SecurityExtension.php index b69ccc23..d96f36a8 100644 --- a/src/Bridges/SecurityDI/SecurityExtension.php +++ b/src/Bridges/SecurityDI/SecurityExtension.php @@ -16,7 +16,7 @@ class SecurityExtension extends Nette\DI\CompilerExtension { public $defaults = [ - 'debugger' => TRUE, + 'debugger' => true, 'users' => [], // of [user => password] or [user => ['password' => password, 'roles' => [role]]] 'roles' => [], // of [role => parents] 'resources' => [], // of [resource => parents] @@ -26,7 +26,7 @@ class SecurityExtension extends Nette\DI\CompilerExtension private $debugMode; - public function __construct($debugMode = FALSE) + public function __construct($debugMode = false) { $this->debugMode = $debugMode; } @@ -54,9 +54,9 @@ public function loadConfiguration() $usersList = $usersRoles = []; foreach ($config['users'] as $username => $data) { $data = is_array($data) ? $data : ['password' => $data]; - $this->validateConfig(['password' => NULL, 'roles' => NULL], $data, $this->prefix("security.users.$username")); + $this->validateConfig(['password' => null, 'roles' => null], $data, $this->prefix("security.users.$username")); $usersList[$username] = $data['password']; - $usersRoles[$username] = isset($data['roles']) ? $data['roles'] : NULL; + $usersRoles[$username] = isset($data['roles']) ? $data['roles'] : null; } $builder->addDefinition($this->prefix('authenticator')) diff --git a/src/Bridges/SecurityTracy/templates/UserPanel.panel.phtml b/src/Bridges/SecurityTracy/templates/UserPanel.panel.phtml index fdc801d0..e410c959 100644 --- a/src/Bridges/SecurityTracy/templates/UserPanel.panel.phtml +++ b/src/Bridges/SecurityTracy/templates/UserPanel.panel.phtml @@ -8,5 +8,5 @@ use Tracy\Dumper;

isLoggedIn()): ?>Logged inUnlogged

- getIdentity()): echo Dumper::toHtml($user->getIdentity(), [Dumper::LIVE => TRUE]); else: ?>

no identity

+ getIdentity()): echo Dumper::toHtml($user->getIdentity(), [Dumper::LIVE => true]); else: ?>

no identity

diff --git a/src/Security/IAuthorizator.php b/src/Security/IAuthorizator.php index 2a54f160..dbaac864 100644 --- a/src/Security/IAuthorizator.php +++ b/src/Security/IAuthorizator.php @@ -15,19 +15,19 @@ interface IAuthorizator { /** Set type: all */ - const ALL = NULL; + const ALL = null; /** Permission type: allow */ - const ALLOW = TRUE; + const ALLOW = true; /** Permission type: deny */ - const DENY = FALSE; + const DENY = false; /** * Performs a role-based authorization. - * @param string|NULL - * @param string|NULL - * @param string|NULL + * @param string|null + * @param string|null + * @param string|null * @return bool */ function isAllowed($role, $resource, $privilege); diff --git a/src/Security/IUserStorage.php b/src/Security/IUserStorage.php index 1280708a..4b1c258e 100644 --- a/src/Security/IUserStorage.php +++ b/src/Security/IUserStorage.php @@ -41,11 +41,11 @@ function isAuthenticated(); * Sets the user identity. * @return static */ - function setIdentity(IIdentity $identity = NULL); + function setIdentity(IIdentity $identity = null); /** * Returns current user identity, if any. - * @return IIdentity|NULL + * @return IIdentity|null */ function getIdentity(); @@ -59,7 +59,7 @@ function setExpiration($time, $flags = 0); /** * Why was user logged out? - * @return int|NULL + * @return int|null */ function getLogoutReason(); } diff --git a/src/Security/Identity.php b/src/Security/Identity.php index 3790840d..3e45f15e 100644 --- a/src/Security/Identity.php +++ b/src/Security/Identity.php @@ -40,7 +40,7 @@ class Identity implements IIdentity * @param mixed * @param iterable */ - public function __construct($id, $roles = NULL, $data = NULL) + public function __construct($id, $roles = null, $data = null) { $this->setId($id); $this->setRoles((array) $roles); diff --git a/src/Security/Passwords.php b/src/Security/Passwords.php index 292cb851..6e280a8a 100644 --- a/src/Security/Passwords.php +++ b/src/Security/Passwords.php @@ -34,7 +34,7 @@ public static function hash($password, array $options = []) } $hash = password_hash($password, PASSWORD_BCRYPT, $options); - if ($hash === FALSE || strlen($hash) < 60) { + if ($hash === false || strlen($hash) < 60) { throw new Nette\InvalidStateException('Hash computed by password_hash is invalid.'); } return $hash; diff --git a/src/Security/Permission.php b/src/Security/Permission.php index 183e4825..0918cae2 100644 --- a/src/Security/Permission.php +++ b/src/Security/Permission.php @@ -33,7 +33,7 @@ class Permission implements IAuthorizator 'allRoles' => [ 'allPrivileges' => [ 'type' => self::DENY, - 'assert' => NULL, + 'assert' => null, ], 'byPrivilege' => [], ], @@ -58,24 +58,24 @@ class Permission implements IAuthorizator * @throws Nette\InvalidStateException * @return static */ - public function addRole($role, $parents = NULL) + public function addRole($role, $parents = null) { - $this->checkRole($role, FALSE); + $this->checkRole($role, false); if (isset($this->roles[$role])) { throw new Nette\InvalidStateException("Role '$role' already exists in the list."); } $roleParents = []; - if ($parents !== NULL) { + if ($parents !== null) { if (!is_array($parents)) { $parents = [$parents]; } foreach ($parents as $parent) { $this->checkRole($parent); - $roleParents[$parent] = TRUE; - $this->roles[$parent]['children'][$role] = TRUE; + $roleParents[$parent] = true; + $this->roles[$parent]['children'][$role] = true; } } @@ -89,13 +89,13 @@ public function addRole($role, $parents = NULL) /** - * Returns TRUE if the Role exists in the list. + * Returns true if the Role exists in the list. * @param string * @return bool */ public function hasRole($role) { - $this->checkRole($role, FALSE); + $this->checkRole($role, false); return isset($this->roles[$role]); } @@ -107,7 +107,7 @@ public function hasRole($role) * @throws Nette\InvalidStateException * @return void */ - private function checkRole($role, $throw = TRUE) + private function checkRole($role, $throw = true) { if (!is_string($role) || $role === '') { throw new Nette\InvalidArgumentException('Role must be a non-empty string.'); @@ -141,7 +141,7 @@ public function getRoleParents($role) /** - * Returns TRUE if $role inherits from $inherit. If $onlyParents is TRUE, + * Returns true if $role inherits from $inherit. If $onlyParents is true, * then $role must inherit directly from $inherit. * @param string * @param string @@ -149,7 +149,7 @@ public function getRoleParents($role) * @throws Nette\InvalidStateException * @return bool */ - public function roleInheritsFrom($role, $inherit, $onlyParents = FALSE) + public function roleInheritsFrom($role, $inherit, $onlyParents = false) { $this->checkRole($role); $this->checkRole($inherit); @@ -162,11 +162,11 @@ public function roleInheritsFrom($role, $inherit, $onlyParents = FALSE) foreach ($this->roles[$role]['parents'] as $parent => $foo) { if ($this->roleInheritsFrom($parent, $inherit)) { - return TRUE; + return true; } } - return FALSE; + return false; } @@ -246,17 +246,17 @@ public function removeAllRoles() * @throws Nette\InvalidStateException * @return static */ - public function addResource($resource, $parent = NULL) + public function addResource($resource, $parent = null) { - $this->checkResource($resource, FALSE); + $this->checkResource($resource, false); if (isset($this->resources[$resource])) { throw new Nette\InvalidStateException("Resource '$resource' already exists in the list."); } - if ($parent !== NULL) { + if ($parent !== null) { $this->checkResource($parent); - $this->resources[$parent]['children'][$resource] = TRUE; + $this->resources[$parent]['children'][$resource] = true; } $this->resources[$resource] = [ @@ -269,13 +269,13 @@ public function addResource($resource, $parent = NULL) /** - * Returns TRUE if the Resource exists in the list. + * Returns true if the Resource exists in the list. * @param string * @return bool */ public function hasResource($resource) { - $this->checkResource($resource, FALSE); + $this->checkResource($resource, false); return isset($this->resources[$resource]); } @@ -287,7 +287,7 @@ public function hasResource($resource) * @throws Nette\InvalidStateException * @return void */ - private function checkResource($resource, $throw = TRUE) + private function checkResource($resource, $throw = true) { if (!is_string($resource) || $resource === '') { throw new Nette\InvalidArgumentException('Resource must be a non-empty string.'); @@ -309,7 +309,7 @@ public function getResources() /** - * Returns TRUE if $resource inherits from $inherit. If $onlyParents is TRUE, + * Returns true if $resource inherits from $inherit. If $onlyParents is true, * then $resource must inherit directly from $inherit. * * @param string @@ -318,31 +318,31 @@ public function getResources() * @throws Nette\InvalidStateException * @return bool */ - public function resourceInheritsFrom($resource, $inherit, $onlyParent = FALSE) + public function resourceInheritsFrom($resource, $inherit, $onlyParent = false) { $this->checkResource($resource); $this->checkResource($inherit); - if ($this->resources[$resource]['parent'] === NULL) { - return FALSE; + if ($this->resources[$resource]['parent'] === null) { + return false; } $parent = $this->resources[$resource]['parent']; if ($inherit === $parent) { - return TRUE; + return true; } elseif ($onlyParent) { - return FALSE; + return false; } - while ($this->resources[$parent]['parent'] !== NULL) { + while ($this->resources[$parent]['parent'] !== null) { $parent = $this->resources[$parent]['parent']; if ($inherit === $parent) { - return TRUE; + return true; } } - return FALSE; + return false; } @@ -358,7 +358,7 @@ public function removeResource($resource) $this->checkResource($resource); $parent = $this->resources[$resource]['parent']; - if ($parent !== NULL) { + if ($parent !== null) { unset($this->resources[$parent]['children'][$resource]); } @@ -405,7 +405,7 @@ public function removeAllResources() /** * Allows one or more Roles access to [certain $privileges upon] the specified Resource(s). - * If $assertion is provided, then it must return TRUE in order for rule to apply. + * If $assertion is provided, then it must return true in order for rule to apply. * * @param string|string[]|Permission::ALL * @param string|string[]|Permission::ALL @@ -413,16 +413,16 @@ public function removeAllResources() * @param callable assertion * @return static */ - public function allow($roles = self::ALL, $resources = self::ALL, $privileges = self::ALL, $assertion = NULL) + public function allow($roles = self::ALL, $resources = self::ALL, $privileges = self::ALL, $assertion = null) { - $this->setRule(TRUE, self::ALLOW, $roles, $resources, $privileges, $assertion); + $this->setRule(true, self::ALLOW, $roles, $resources, $privileges, $assertion); return $this; } /** * Denies one or more Roles access to [certain $privileges upon] the specified Resource(s). - * If $assertion is provided, then it must return TRUE in order for rule to apply. + * If $assertion is provided, then it must return true in order for rule to apply. * * @param string|string[]|Permission::ALL * @param string|string[]|Permission::ALL @@ -430,9 +430,9 @@ public function allow($roles = self::ALL, $resources = self::ALL, $privileges = * @param callable assertion * @return static */ - public function deny($roles = self::ALL, $resources = self::ALL, $privileges = self::ALL, $assertion = NULL) + public function deny($roles = self::ALL, $resources = self::ALL, $privileges = self::ALL, $assertion = null) { - $this->setRule(TRUE, self::DENY, $roles, $resources, $privileges, $assertion); + $this->setRule(true, self::DENY, $roles, $resources, $privileges, $assertion); return $this; } @@ -447,7 +447,7 @@ public function deny($roles = self::ALL, $resources = self::ALL, $privileges = s */ public function removeAllow($roles = self::ALL, $resources = self::ALL, $privileges = self::ALL) { - $this->setRule(FALSE, self::ALLOW, $roles, $resources, $privileges); + $this->setRule(false, self::ALLOW, $roles, $resources, $privileges); return $this; } @@ -462,7 +462,7 @@ public function removeAllow($roles = self::ALL, $resources = self::ALL, $privile */ public function removeDeny($roles = self::ALL, $resources = self::ALL, $privileges = self::ALL) { - $this->setRule(FALSE, self::DENY, $roles, $resources, $privileges); + $this->setRule(false, self::DENY, $roles, $resources, $privileges); return $this; } @@ -478,9 +478,9 @@ public function removeDeny($roles = self::ALL, $resources = self::ALL, $privileg * @throws Nette\InvalidStateException * @return static */ - protected function setRule($toAdd, $type, $roles, $resources, $privileges, $assertion = NULL) + protected function setRule($toAdd, $type, $roles, $resources, $privileges, $assertion = null) { - // ensure that all specified Roles exist; normalize input to array of Roles or NULL + // ensure that all specified Roles exist; normalize input to array of Roles or null if ($roles === self::ALL) { $roles = [self::ALL]; @@ -494,7 +494,7 @@ protected function setRule($toAdd, $type, $roles, $resources, $privileges, $asse } } - // ensure that all specified Resources exist; normalize input to array of Resources or NULL + // ensure that all specified Resources exist; normalize input to array of Resources or null if ($resources === self::ALL) { $resources = [self::ALL]; @@ -519,7 +519,7 @@ protected function setRule($toAdd, $type, $roles, $resources, $privileges, $asse if ($toAdd) { // add to the rules foreach ($resources as $resource) { foreach ($roles as $role) { - $rules = &$this->getRules($resource, $role, TRUE); + $rules = &$this->getRules($resource, $role, true); if (count($privileges) === 0) { $rules['allPrivileges']['type'] = $type; $rules['allPrivileges']['assert'] = $assertion; @@ -539,7 +539,7 @@ protected function setRule($toAdd, $type, $roles, $resources, $privileges, $asse foreach ($resources as $resource) { foreach ($roles as $role) { $rules = &$this->getRules($resource, $role); - if ($rules === NULL) { + if ($rules === null) { continue; } if (count($privileges) === 0) { @@ -548,7 +548,7 @@ protected function setRule($toAdd, $type, $roles, $resources, $privileges, $asse $rules = [ 'allPrivileges' => [ 'type' => self::DENY, - 'assert' => NULL, + 'assert' => null, ], 'byPrivilege' => [], ]; @@ -578,7 +578,7 @@ protected function setRule($toAdd, $type, $roles, $resources, $privileges, $asse /** - * Returns TRUE if and only if the Role has access to [certain $privileges upon] the Resource. + * Returns true if and only if the Role has access to [certain $privileges upon] the Resource. * * This method checks Role inheritance using a depth-first traversal of the Role list. * The highest priority parent (i.e., the parent most recently added) is checked first, @@ -611,34 +611,34 @@ public function isAllowed($role = self::ALL, $resource = self::ALL, $privilege = do { // depth-first search on $role if it is not 'allRoles' pseudo-parent - if ($role !== NULL && NULL !== ($result = $this->searchRolePrivileges($privilege === self::ALL, $role, $resource, $privilege))) { + if ($role !== null && null !== ($result = $this->searchRolePrivileges($privilege === self::ALL, $role, $resource, $privilege))) { break; } if ($privilege === self::ALL) { if ($rules = $this->getRules($resource, self::ALL)) { // look for rule on 'allRoles' psuedo-parent foreach ($rules['byPrivilege'] as $privilege => $rule) { - if (self::DENY === ($result = $this->getRuleType($resource, NULL, $privilege))) { + if (self::DENY === ($result = $this->getRuleType($resource, null, $privilege))) { break 2; } } - if (NULL !== ($result = $this->getRuleType($resource, NULL, NULL))) { + if (null !== ($result = $this->getRuleType($resource, null, null))) { break; } } } else { - if (NULL !== ($result = $this->getRuleType($resource, NULL, $privilege))) { // look for rule on 'allRoles' pseudo-parent + if (null !== ($result = $this->getRuleType($resource, null, $privilege))) { // look for rule on 'allRoles' pseudo-parent break; - } elseif (NULL !== ($result = $this->getRuleType($resource, NULL, NULL))) { + } elseif (null !== ($result = $this->getRuleType($resource, null, null))) { break; } } $resource = $this->resources[$resource]['parent']; // try next Resource - } while (TRUE); + } while (true); - $this->queriedRole = $this->queriedResource = NULL; + $this->queriedRole = $this->queriedResource = null; return $result; } @@ -673,7 +673,7 @@ public function getQueriedResource() * @param string * @param string * @param string only for one - * @return mixed NULL if no applicable rule is found, otherwise returns ALLOW or DENY + * @return mixed null if no applicable rule is found, otherwise returns ALLOW or DENY */ private function searchRolePrivileges($all, $role, $resource, $privilege) { @@ -682,7 +682,7 @@ private function searchRolePrivileges($all, $role, $resource, $privilege) 'stack' => [$role], ]; - while (NULL !== ($role = array_pop($dfs['stack']))) { + while (null !== ($role = array_pop($dfs['stack']))) { if (isset($dfs['visited'][$role])) { continue; } @@ -693,25 +693,25 @@ private function searchRolePrivileges($all, $role, $resource, $privilege) return self::DENY; } } - if (NULL !== ($type = $this->getRuleType($resource, $role, NULL))) { + if (null !== ($type = $this->getRuleType($resource, $role, null))) { return $type; } } } else { - if (NULL !== ($type = $this->getRuleType($resource, $role, $privilege))) { + if (null !== ($type = $this->getRuleType($resource, $role, $privilege))) { return $type; - } elseif (NULL !== ($type = $this->getRuleType($resource, $role, NULL))) { + } elseif (null !== ($type = $this->getRuleType($resource, $role, null))) { return $type; } } - $dfs['visited'][$role] = TRUE; + $dfs['visited'][$role] = true; foreach ($this->roles[$role]['parents'] as $roleParent => $foo) { $dfs['stack'][] = $roleParent; } } - return NULL; + return null; } @@ -720,32 +720,32 @@ private function searchRolePrivileges($all, $role, $resource, $privilege) * @param string|Permission::ALL * @param string|Permission::ALL * @param string|Permission::ALL - * @return bool|NULL NULL if a rule does not exist or assertion fails, otherwise returns ALLOW or DENY + * @return bool|null null if a rule does not exist or assertion fails, otherwise returns ALLOW or DENY */ private function getRuleType($resource, $role, $privilege) { if (!$rules = $this->getRules($resource, $role)) { - return NULL; + return null; } if ($privilege === self::ALL) { if (isset($rules['allPrivileges'])) { $rule = $rules['allPrivileges']; } else { - return NULL; + return null; } } elseif (!isset($rules['byPrivilege'][$privilege])) { - return NULL; + return null; } else { $rule = $rules['byPrivilege'][$privilege]; } - if ($rule['assert'] === NULL || Nette\Utils\Callback::invoke($rule['assert'], $this, $role, $resource, $privilege)) { + if ($rule['assert'] === null || Nette\Utils\Callback::invoke($rule['assert'], $this, $role, $resource, $privilege)) { return $rule['type']; } elseif ($resource !== self::ALL || $role !== self::ALL || $privilege !== self::ALL) { - return NULL; + return null; } elseif (self::ALLOW === $rule['type']) { return self::DENY; @@ -757,16 +757,16 @@ private function getRuleType($resource, $role, $privilege) /** - * Returns the rules associated with a Resource and a Role, or NULL if no such rules exist. - * If the $create parameter is TRUE, then a rule set is first created and then returned to the caller. + * Returns the rules associated with a Resource and a Role, or null if no such rules exist. + * If the $create parameter is true, then a rule set is first created and then returned to the caller. * @param string|Permission::ALL * @param string|Permission::ALL * @param bool - * @return array|NULL + * @return array|null */ - private function &getRules($resource, $role, $create = FALSE) + private function &getRules($resource, $role, $create = false) { - $null = NULL; + $null = null; if ($resource === self::ALL) { $visitor = &$this->rules['allResources']; } else { diff --git a/src/Security/SimpleAuthenticator.php b/src/Security/SimpleAuthenticator.php index faaad78a..61ece5b2 100644 --- a/src/Security/SimpleAuthenticator.php +++ b/src/Security/SimpleAuthenticator.php @@ -47,7 +47,7 @@ public function authenticate(array $credentials) foreach ($this->userlist as $name => $pass) { if (strcasecmp($name, $username) === 0) { if ((string) $pass === (string) $password) { - return new Identity($name, isset($this->usersRoles[$name]) ? $this->usersRoles[$name] : NULL); + return new Identity($name, isset($this->usersRoles[$name]) ? $this->usersRoles[$name] : null); } else { throw new AuthenticationException('Invalid password.', self::INVALID_CREDENTIAL); } diff --git a/src/Security/User.php b/src/Security/User.php index f6462404..42173449 100644 --- a/src/Security/User.php +++ b/src/Security/User.php @@ -55,7 +55,7 @@ class User private $authorizator; - public function __construct(IUserStorage $storage, IAuthenticator $authenticator = NULL, IAuthorizator $authorizator = NULL) + public function __construct(IUserStorage $storage, IAuthenticator $authenticator = null, IAuthorizator $authorizator = null) { $this->storage = $storage; $this->authenticator = $authenticator; @@ -82,14 +82,14 @@ public function getStorage() * @return void * @throws AuthenticationException if authentication was not successful */ - public function login($id = NULL, $password = NULL) + public function login($id = null, $password = null) { - $this->logout(TRUE); + $this->logout(true); if (!$id instanceof IIdentity) { $id = $this->getAuthenticator()->authenticate(func_get_args()); } $this->storage->setIdentity($id); - $this->storage->setAuthenticated(TRUE); + $this->storage->setAuthenticated(true); $this->onLoggedIn($this); } @@ -99,14 +99,14 @@ public function login($id = NULL, $password = NULL) * @param bool clear the identity from persistent storage? * @return void */ - public function logout($clearIdentity = FALSE) + public function logout($clearIdentity = false) { if ($this->isLoggedIn()) { $this->onLoggedOut($this); - $this->storage->setAuthenticated(FALSE); + $this->storage->setAuthenticated(false); } if ($clearIdentity) { - $this->storage->setIdentity(NULL); + $this->storage->setIdentity(null); } } @@ -123,7 +123,7 @@ public function isLoggedIn() /** * Returns current user identity, if any. - * @return IIdentity|NULL + * @return IIdentity|null */ public function getIdentity() { @@ -138,7 +138,7 @@ public function getIdentity() public function getId() { $identity = $this->getIdentity(); - return $identity ? $identity->getId() : NULL; + return $identity ? $identity->getId() : null; } @@ -155,9 +155,9 @@ public function setAuthenticator(IAuthenticator $handler) /** * Returns authentication handler. - * @return IAuthenticator|NULL + * @return IAuthenticator|null */ - public function getAuthenticator($throw = TRUE) + public function getAuthenticator($throw = true) { if ($throw && !$this->authenticator) { throw new Nette\InvalidStateException('Authenticator has not been set.'); @@ -173,7 +173,7 @@ public function getAuthenticator($throw = TRUE) * @param bool clear the identity from persistent storage? (deprecated) * @return static */ - public function setExpiration($time, $flags = NULL, $clearIdentity = FALSE) + public function setExpiration($time, $flags = null, $clearIdentity = false) { $clearIdentity = $clearIdentity || $flags === IUserStorage::CLEAR_IDENTITY; $this->storage->setExpiration($time, $clearIdentity ? IUserStorage::CLEAR_IDENTITY : 0); @@ -183,7 +183,7 @@ public function setExpiration($time, $flags = NULL, $clearIdentity = FALSE) /** * Why was user logged out? - * @return int|NULL + * @return int|null */ public function getLogoutReason() { @@ -216,13 +216,13 @@ public function getRoles() */ public function isInRole($role) { - return in_array($role, $this->getRoles(), TRUE); + return in_array($role, $this->getRoles(), true); } /** * Has a user effective access to the Resource? - * If $resource is NULL, then the query applies to all resources. + * If $resource is null, then the query applies to all resources. * @param string resource * @param string privilege * @return bool @@ -231,11 +231,11 @@ public function isAllowed($resource = IAuthorizator::ALL, $privilege = IAuthoriz { foreach ($this->getRoles() as $role) { if ($this->getAuthorizator()->isAllowed($role, $resource, $privilege)) { - return TRUE; + return true; } } - return FALSE; + return false; } @@ -252,9 +252,9 @@ public function setAuthorizator(IAuthorizator $handler) /** * Returns current authorization handler. - * @return IAuthorizator|NULL + * @return IAuthorizator|null */ - public function getAuthorizator($throw = TRUE) + public function getAuthorizator($throw = true) { if ($throw && !$this->authorizator) { throw new Nette\InvalidStateException('Authorizator has not been set.'); diff --git a/tests/Security/MockUserStorage.php b/tests/Security/MockUserStorage.php index 358bcc7a..65b0a6b9 100644 --- a/tests/Security/MockUserStorage.php +++ b/tests/Security/MockUserStorage.php @@ -2,7 +2,7 @@ class MockUserStorage implements Nette\Security\IUserStorage { - private $auth = FALSE; + private $auth = false; private $identity; @@ -18,7 +18,7 @@ function isAuthenticated() } - function setIdentity(Nette\Security\IIdentity $identity = NULL) + function setIdentity(Nette\Security\IIdentity $identity = null) { $this->identity = $identity; } diff --git a/tests/Security/Permission.CMSExample.phpt b/tests/Security/Permission.CMSExample.phpt index 19ac5ada..488cdea5 100644 --- a/tests/Security/Permission.CMSExample.phpt +++ b/tests/Security/Permission.CMSExample.phpt @@ -18,57 +18,57 @@ $acl->addRole('editor', 'staff'); // editor inherits permissions from staff $acl->addRole('administrator'); // Guest may only view content -$acl->allow('guest', NULL, 'view'); +$acl->allow('guest', null, 'view'); // Staff inherits view privilege from guest, but also needs additional privileges -$acl->allow('staff', NULL, ['edit', 'submit', 'revise']); +$acl->allow('staff', null, ['edit', 'submit', 'revise']); // Editor inherits view, edit, submit, and revise privileges, but also needs additional privileges -$acl->allow('editor', NULL, ['publish', 'archive', 'delete']); +$acl->allow('editor', null, ['publish', 'archive', 'delete']); // Administrator inherits nothing but is allowed all privileges $acl->allow('administrator'); // Access control checks based on above permission sets -Assert::true($acl->isAllowed('guest', NULL, 'view')); -Assert::false($acl->isAllowed('guest', NULL, 'edit')); -Assert::false($acl->isAllowed('guest', NULL, 'submit')); -Assert::false($acl->isAllowed('guest', NULL, 'revise')); -Assert::false($acl->isAllowed('guest', NULL, 'publish')); -Assert::false($acl->isAllowed('guest', NULL, 'archive')); -Assert::false($acl->isAllowed('guest', NULL, 'delete')); -Assert::false($acl->isAllowed('guest', NULL, 'unknown')); +Assert::true($acl->isAllowed('guest', null, 'view')); +Assert::false($acl->isAllowed('guest', null, 'edit')); +Assert::false($acl->isAllowed('guest', null, 'submit')); +Assert::false($acl->isAllowed('guest', null, 'revise')); +Assert::false($acl->isAllowed('guest', null, 'publish')); +Assert::false($acl->isAllowed('guest', null, 'archive')); +Assert::false($acl->isAllowed('guest', null, 'delete')); +Assert::false($acl->isAllowed('guest', null, 'unknown')); Assert::false($acl->isAllowed('guest')); -Assert::true($acl->isAllowed('staff', NULL, 'view')); -Assert::true($acl->isAllowed('staff', NULL, 'edit')); -Assert::true($acl->isAllowed('staff', NULL, 'submit')); -Assert::true($acl->isAllowed('staff', NULL, 'revise')); -Assert::false($acl->isAllowed('staff', NULL, 'publish')); -Assert::false($acl->isAllowed('staff', NULL, 'archive')); -Assert::false($acl->isAllowed('staff', NULL, 'delete')); -Assert::false($acl->isAllowed('staff', NULL, 'unknown')); +Assert::true($acl->isAllowed('staff', null, 'view')); +Assert::true($acl->isAllowed('staff', null, 'edit')); +Assert::true($acl->isAllowed('staff', null, 'submit')); +Assert::true($acl->isAllowed('staff', null, 'revise')); +Assert::false($acl->isAllowed('staff', null, 'publish')); +Assert::false($acl->isAllowed('staff', null, 'archive')); +Assert::false($acl->isAllowed('staff', null, 'delete')); +Assert::false($acl->isAllowed('staff', null, 'unknown')); Assert::false($acl->isAllowed('staff')); -Assert::true($acl->isAllowed('editor', NULL, 'view')); -Assert::true($acl->isAllowed('editor', NULL, 'edit')); -Assert::true($acl->isAllowed('editor', NULL, 'submit')); -Assert::true($acl->isAllowed('editor', NULL, 'revise')); -Assert::true($acl->isAllowed('editor', NULL, 'publish')); -Assert::true($acl->isAllowed('editor', NULL, 'archive')); -Assert::true($acl->isAllowed('editor', NULL, 'delete')); -Assert::false($acl->isAllowed('editor', NULL, 'unknown')); +Assert::true($acl->isAllowed('editor', null, 'view')); +Assert::true($acl->isAllowed('editor', null, 'edit')); +Assert::true($acl->isAllowed('editor', null, 'submit')); +Assert::true($acl->isAllowed('editor', null, 'revise')); +Assert::true($acl->isAllowed('editor', null, 'publish')); +Assert::true($acl->isAllowed('editor', null, 'archive')); +Assert::true($acl->isAllowed('editor', null, 'delete')); +Assert::false($acl->isAllowed('editor', null, 'unknown')); Assert::false($acl->isAllowed('editor')); -Assert::true($acl->isAllowed('administrator', NULL, 'view')); -Assert::true($acl->isAllowed('administrator', NULL, 'edit')); -Assert::true($acl->isAllowed('administrator', NULL, 'submit')); -Assert::true($acl->isAllowed('administrator', NULL, 'revise')); -Assert::true($acl->isAllowed('administrator', NULL, 'publish')); -Assert::true($acl->isAllowed('administrator', NULL, 'archive')); -Assert::true($acl->isAllowed('administrator', NULL, 'delete')); -Assert::true($acl->isAllowed('administrator', NULL, 'unknown')); +Assert::true($acl->isAllowed('administrator', null, 'view')); +Assert::true($acl->isAllowed('administrator', null, 'edit')); +Assert::true($acl->isAllowed('administrator', null, 'submit')); +Assert::true($acl->isAllowed('administrator', null, 'revise')); +Assert::true($acl->isAllowed('administrator', null, 'publish')); +Assert::true($acl->isAllowed('administrator', null, 'archive')); +Assert::true($acl->isAllowed('administrator', null, 'delete')); +Assert::true($acl->isAllowed('administrator', null, 'unknown')); Assert::true($acl->isAllowed('administrator')); // Some checks on specific areas, which inherit access controls from the root ACL node @@ -105,18 +105,18 @@ $acl->deny('staff', 'latest', 'revise'); // Deny everyone access to archive news announcements $acl->addResource('announcement', 'news'); -$acl->deny(NULL, 'announcement', 'archive'); +$acl->deny(null, 'announcement', 'archive'); // Access control checks for the above refined permission sets -Assert::true($acl->isAllowed('marketing', NULL, 'view')); -Assert::true($acl->isAllowed('marketing', NULL, 'edit')); -Assert::true($acl->isAllowed('marketing', NULL, 'submit')); -Assert::true($acl->isAllowed('marketing', NULL, 'revise')); -Assert::false($acl->isAllowed('marketing', NULL, 'publish')); -Assert::false($acl->isAllowed('marketing', NULL, 'archive')); -Assert::false($acl->isAllowed('marketing', NULL, 'delete')); -Assert::false($acl->isAllowed('marketing', NULL, 'unknown')); +Assert::true($acl->isAllowed('marketing', null, 'view')); +Assert::true($acl->isAllowed('marketing', null, 'edit')); +Assert::true($acl->isAllowed('marketing', null, 'submit')); +Assert::true($acl->isAllowed('marketing', null, 'revise')); +Assert::false($acl->isAllowed('marketing', null, 'publish')); +Assert::false($acl->isAllowed('marketing', null, 'archive')); +Assert::false($acl->isAllowed('marketing', null, 'delete')); +Assert::false($acl->isAllowed('marketing', null, 'unknown')); Assert::false($acl->isAllowed('marketing')); Assert::true($acl->isAllowed('marketing', 'newsletter', 'publish')); diff --git a/tests/Security/Permission.DefaultAssert.phpt b/tests/Security/Permission.DefaultAssert.phpt index b0d3315e..0effec7e 100644 --- a/tests/Security/Permission.DefaultAssert.phpt +++ b/tests/Security/Permission.DefaultAssert.phpt @@ -13,10 +13,10 @@ require __DIR__ . '/../bootstrap.php'; function falseAssertion() { - return FALSE; + return false; } $acl = new Permission; -$acl->deny(NULL, NULL, NULL, 'falseAssertion'); -Assert::true($acl->isAllowed(NULL, NULL, 'somePrivilege')); +$acl->deny(null, null, null, 'falseAssertion'); +Assert::true($acl->isAllowed(null, null, 'somePrivilege')); diff --git a/tests/Security/Permission.DefaultDeny.phpt b/tests/Security/Permission.DefaultDeny.phpt index 2ac4a182..7ecd2191 100644 --- a/tests/Security/Permission.DefaultDeny.phpt +++ b/tests/Security/Permission.DefaultDeny.phpt @@ -13,8 +13,8 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; Assert::false($acl->isAllowed()); -Assert::false($acl->isAllowed(NULL, NULL, 'somePrivilege')); +Assert::false($acl->isAllowed(null, null, 'somePrivilege')); $acl->addRole('guest'); Assert::false($acl->isAllowed('guest')); -Assert::false($acl->isAllowed('guest', NULL, 'somePrivilege')); +Assert::false($acl->isAllowed('guest', null, 'somePrivilege')); diff --git a/tests/Security/Permission.DefaultRuleSet.phpt b/tests/Security/Permission.DefaultRuleSet.phpt index 063218b1..9656faca 100644 --- a/tests/Security/Permission.DefaultRuleSet.phpt +++ b/tests/Security/Permission.DefaultRuleSet.phpt @@ -14,8 +14,8 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->allow(); Assert::true($acl->isAllowed()); -Assert::true($acl->isAllowed(NULL, NULL, 'somePrivilege')); +Assert::true($acl->isAllowed(null, null, 'somePrivilege')); $acl->deny(); Assert::false($acl->isAllowed()); -Assert::false($acl->isAllowed(NULL, NULL, 'somePrivilege')); +Assert::false($acl->isAllowed(null, null, 'somePrivilege')); diff --git a/tests/Security/Permission.IsAllowedNonExistent.phpt b/tests/Security/Permission.IsAllowedNonExistent.phpt index 433aea73..ec0d15aa 100644 --- a/tests/Security/Permission.IsAllowedNonExistent.phpt +++ b/tests/Security/Permission.IsAllowedNonExistent.phpt @@ -18,5 +18,5 @@ Assert::exception(function () { Assert::exception(function () { $acl = new Permission; - $acl->isAllowed(NULL, 'nonexistent'); + $acl->isAllowed(null, 'nonexistent'); }, Nette\InvalidStateException::class, "Resource 'nonexistent' does not exist."); diff --git a/tests/Security/Permission.PrivilegeAllow.phpt b/tests/Security/Permission.PrivilegeAllow.phpt index a5dd2141..8d272cd0 100644 --- a/tests/Security/Permission.PrivilegeAllow.phpt +++ b/tests/Security/Permission.PrivilegeAllow.phpt @@ -12,5 +12,5 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; -$acl->allow(NULL, NULL, 'somePrivilege'); -Assert::true($acl->isAllowed(NULL, NULL, 'somePrivilege')); +$acl->allow(null, null, 'somePrivilege'); +Assert::true($acl->isAllowed(null, null, 'somePrivilege')); diff --git a/tests/Security/Permission.PrivilegeAssert.phpt b/tests/Security/Permission.PrivilegeAssert.phpt index 35f13a2f..06e25080 100644 --- a/tests/Security/Permission.PrivilegeAssert.phpt +++ b/tests/Security/Permission.PrivilegeAssert.phpt @@ -13,19 +13,19 @@ require __DIR__ . '/../bootstrap.php'; function falseAssertion() { - return FALSE; + return false; } function trueAssertion() { - return TRUE; + return true; } $acl = new Permission; -$acl->allow(NULL, NULL, 'somePrivilege', 'trueAssertion'); -Assert::true($acl->isAllowed(NULL, NULL, 'somePrivilege')); +$acl->allow(null, null, 'somePrivilege', 'trueAssertion'); +Assert::true($acl->isAllowed(null, null, 'somePrivilege')); -$acl->allow(NULL, NULL, 'somePrivilege', 'falseAssertion'); -Assert::false($acl->isAllowed(NULL, NULL, 'somePrivilege')); +$acl->allow(null, null, 'somePrivilege', 'falseAssertion'); +Assert::false($acl->isAllowed(null, null, 'somePrivilege')); diff --git a/tests/Security/Permission.PrivilegeDeny.phpt b/tests/Security/Permission.PrivilegeDeny.phpt index 01d59d92..8473a9a2 100644 --- a/tests/Security/Permission.PrivilegeDeny.phpt +++ b/tests/Security/Permission.PrivilegeDeny.phpt @@ -13,5 +13,5 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->allow(); -$acl->deny(NULL, NULL, 'somePrivilege'); -Assert::false($acl->isAllowed(NULL, NULL, 'somePrivilege')); +$acl->deny(null, null, 'somePrivilege'); +Assert::false($acl->isAllowed(null, null, 'somePrivilege')); diff --git a/tests/Security/Permission.Privileges.phpt b/tests/Security/Permission.Privileges.phpt index 0c95cbf4..fa6f346e 100644 --- a/tests/Security/Permission.Privileges.phpt +++ b/tests/Security/Permission.Privileges.phpt @@ -12,13 +12,13 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; -$acl->allow(NULL, NULL, ['p1', 'p2', 'p3']); -Assert::true($acl->isAllowed(NULL, NULL, 'p1')); -Assert::true($acl->isAllowed(NULL, NULL, 'p2')); -Assert::true($acl->isAllowed(NULL, NULL, 'p3')); -Assert::false($acl->isAllowed(NULL, NULL, 'p4')); -$acl->deny(NULL, NULL, 'p1'); -Assert::false($acl->isAllowed(NULL, NULL, 'p1')); -$acl->deny(NULL, NULL, ['p2', 'p3']); -Assert::false($acl->isAllowed(NULL, NULL, 'p2')); -Assert::false($acl->isAllowed(NULL, NULL, 'p3')); +$acl->allow(null, null, ['p1', 'p2', 'p3']); +Assert::true($acl->isAllowed(null, null, 'p1')); +Assert::true($acl->isAllowed(null, null, 'p2')); +Assert::true($acl->isAllowed(null, null, 'p3')); +Assert::false($acl->isAllowed(null, null, 'p4')); +$acl->deny(null, null, 'p1'); +Assert::false($acl->isAllowed(null, null, 'p1')); +$acl->deny(null, null, ['p2', 'p3']); +Assert::false($acl->isAllowed(null, null, 'p2')); +Assert::false($acl->isAllowed(null, null, 'p3')); diff --git a/tests/Security/Permission.RemoveDefaultDenyAssert.phpt b/tests/Security/Permission.RemoveDefaultDenyAssert.phpt index 4fd7fe45..81282dbd 100644 --- a/tests/Security/Permission.RemoveDefaultDenyAssert.phpt +++ b/tests/Security/Permission.RemoveDefaultDenyAssert.phpt @@ -13,12 +13,12 @@ require __DIR__ . '/../bootstrap.php'; function falseAssertion() { - return FALSE; + return false; } $acl = new Permission; -$acl->deny(NULL, NULL, NULL, 'falseAssertion'); +$acl->deny(null, null, null, 'falseAssertion'); Assert::true($acl->isAllowed()); $acl->removeDeny(); Assert::false($acl->isAllowed()); diff --git a/tests/Security/Permission.RemovingRoleAfterItWasAllowedAccessToAllResources.phpt b/tests/Security/Permission.RemovingRoleAfterItWasAllowedAccessToAllResources.phpt index e5b5c1d4..8fb378f7 100644 --- a/tests/Security/Permission.RemovingRoleAfterItWasAllowedAccessToAllResources.phpt +++ b/tests/Security/Permission.RemovingRoleAfterItWasAllowedAccessToAllResources.phpt @@ -18,7 +18,7 @@ $acl->addRole('test1'); $acl->addRole('test2'); $acl->addResource('Test'); -$acl->allow(NULL,'Test','xxx'); +$acl->allow(null,'Test','xxx'); // error test $acl->removeRole('test0'); diff --git a/tests/Security/Permission.ResourceInherits.phpt b/tests/Security/Permission.ResourceInherits.phpt index ff3c431d..64e11cc4 100644 --- a/tests/Security/Permission.ResourceInherits.phpt +++ b/tests/Security/Permission.ResourceInherits.phpt @@ -17,10 +17,10 @@ $acl->addResource('building', 'city'); $acl->addResource('room', 'building'); Assert::same(['city', 'building', 'room'], $acl->getResources()); -Assert::true($acl->resourceInheritsFrom('building', 'city', TRUE)); -Assert::true($acl->resourceInheritsFrom('room', 'building', TRUE)); +Assert::true($acl->resourceInheritsFrom('building', 'city', true)); +Assert::true($acl->resourceInheritsFrom('room', 'building', true)); Assert::true($acl->resourceInheritsFrom('room', 'city')); -Assert::false($acl->resourceInheritsFrom('room', 'city', TRUE)); +Assert::false($acl->resourceInheritsFrom('room', 'city', true)); Assert::false($acl->resourceInheritsFrom('city', 'building')); Assert::false($acl->resourceInheritsFrom('building', 'room')); Assert::false($acl->resourceInheritsFrom('city', 'room')); diff --git a/tests/Security/Permission.RoleDefaultAllowRuleWithPrivilegeDenyRule.phpt b/tests/Security/Permission.RoleDefaultAllowRuleWithPrivilegeDenyRule.phpt index 7658cdb4..10ec1d77 100644 --- a/tests/Security/Permission.RoleDefaultAllowRuleWithPrivilegeDenyRule.phpt +++ b/tests/Security/Permission.RoleDefaultAllowRuleWithPrivilegeDenyRule.phpt @@ -17,5 +17,5 @@ $acl->addRole('guest'); $acl->addRole('staff', 'guest'); $acl->deny(); $acl->allow('staff'); -$acl->deny('staff', NULL, ['privilege1', 'privilege2']); -Assert::false($acl->isAllowed('staff', NULL, 'privilege1')); +$acl->deny('staff', null, ['privilege1', 'privilege2']); +Assert::false($acl->isAllowed('staff', null, 'privilege1')); diff --git a/tests/Security/Permission.RoleDefaultRuleSetPrivilege.phpt b/tests/Security/Permission.RoleDefaultRuleSetPrivilege.phpt index 2e49c9e1..1739c163 100644 --- a/tests/Security/Permission.RoleDefaultRuleSetPrivilege.phpt +++ b/tests/Security/Permission.RoleDefaultRuleSetPrivilege.phpt @@ -14,6 +14,6 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->addRole('guest'); $acl->allow('guest'); -Assert::true($acl->isAllowed('guest', NULL, 'somePrivilege')); +Assert::true($acl->isAllowed('guest', null, 'somePrivilege')); $acl->deny('guest'); -Assert::false($acl->isAllowed('guest', NULL, 'somePrivilege')); +Assert::false($acl->isAllowed('guest', null, 'somePrivilege')); diff --git a/tests/Security/Permission.RolePrivilegeAllow.phpt b/tests/Security/Permission.RolePrivilegeAllow.phpt index 61bcc179..5ac30c35 100644 --- a/tests/Security/Permission.RolePrivilegeAllow.phpt +++ b/tests/Security/Permission.RolePrivilegeAllow.phpt @@ -13,5 +13,5 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->addRole('guest'); -$acl->allow('guest', NULL, 'somePrivilege'); -Assert::true($acl->isAllowed('guest', NULL, 'somePrivilege')); +$acl->allow('guest', null, 'somePrivilege'); +Assert::true($acl->isAllowed('guest', null, 'somePrivilege')); diff --git a/tests/Security/Permission.RolePrivilegeAssert.phpt b/tests/Security/Permission.RolePrivilegeAssert.phpt index 716f79a0..ce953c69 100644 --- a/tests/Security/Permission.RolePrivilegeAssert.phpt +++ b/tests/Security/Permission.RolePrivilegeAssert.phpt @@ -13,19 +13,19 @@ require __DIR__ . '/../bootstrap.php'; function falseAssertion() { - return FALSE; + return false; } function trueAssertion() { - return TRUE; + return true; } $acl = new Permission; $acl->addRole('guest'); -$acl->allow('guest', NULL, 'somePrivilege', 'trueAssertion'); -Assert::true($acl->isAllowed('guest', NULL, 'somePrivilege')); -$acl->allow('guest', NULL, 'somePrivilege', 'falseAssertion'); -Assert::false($acl->isAllowed('guest', NULL, 'somePrivilege')); +$acl->allow('guest', null, 'somePrivilege', 'trueAssertion'); +Assert::true($acl->isAllowed('guest', null, 'somePrivilege')); +$acl->allow('guest', null, 'somePrivilege', 'falseAssertion'); +Assert::false($acl->isAllowed('guest', null, 'somePrivilege')); diff --git a/tests/Security/Permission.RolePrivilegeDeny.phpt b/tests/Security/Permission.RolePrivilegeDeny.phpt index 03988147..97c85111 100644 --- a/tests/Security/Permission.RolePrivilegeDeny.phpt +++ b/tests/Security/Permission.RolePrivilegeDeny.phpt @@ -14,5 +14,5 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->addRole('guest'); $acl->allow('guest'); -$acl->deny('guest', NULL, 'somePrivilege'); -Assert::false($acl->isAllowed('guest', NULL, 'somePrivilege')); +$acl->deny('guest', null, 'somePrivilege'); +Assert::false($acl->isAllowed('guest', null, 'somePrivilege')); diff --git a/tests/Security/Permission.RolePrivileges.phpt b/tests/Security/Permission.RolePrivileges.phpt index 0dca08a1..508f2505 100644 --- a/tests/Security/Permission.RolePrivileges.phpt +++ b/tests/Security/Permission.RolePrivileges.phpt @@ -13,13 +13,13 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->addRole('guest'); -$acl->allow('guest', NULL, ['p1', 'p2', 'p3']); -Assert::true($acl->isAllowed('guest', NULL, 'p1')); -Assert::true($acl->isAllowed('guest', NULL, 'p2')); -Assert::true($acl->isAllowed('guest', NULL, 'p3')); -Assert::false($acl->isAllowed('guest', NULL, 'p4')); -$acl->deny('guest', NULL, 'p1'); -Assert::false($acl->isAllowed('guest', NULL, 'p1')); -$acl->deny('guest', NULL, ['p2', 'p3']); -Assert::false($acl->isAllowed('guest', NULL, 'p2')); -Assert::false($acl->isAllowed('guest', NULL, 'p3')); +$acl->allow('guest', null, ['p1', 'p2', 'p3']); +Assert::true($acl->isAllowed('guest', null, 'p1')); +Assert::true($acl->isAllowed('guest', null, 'p2')); +Assert::true($acl->isAllowed('guest', null, 'p3')); +Assert::false($acl->isAllowed('guest', null, 'p4')); +$acl->deny('guest', null, 'p1'); +Assert::false($acl->isAllowed('guest', null, 'p1')); +$acl->deny('guest', null, ['p2', 'p3']); +Assert::false($acl->isAllowed('guest', null, 'p2')); +Assert::false($acl->isAllowed('guest', null, 'p3')); diff --git a/tests/Security/Permission.RoleRegistryInherits.phpt b/tests/Security/Permission.RoleRegistryInherits.phpt index 1e2ae6c7..59a0ddf5 100644 --- a/tests/Security/Permission.RoleRegistryInherits.phpt +++ b/tests/Security/Permission.RoleRegistryInherits.phpt @@ -21,10 +21,10 @@ Assert::same(['guest'], $acl->getRoleParents('member')); Assert::same(['member'], $acl->getRoleParents('editor')); -Assert::true($acl->roleInheritsFrom('member', 'guest', TRUE)); -Assert::true($acl->roleInheritsFrom('editor', 'member', TRUE)); +Assert::true($acl->roleInheritsFrom('member', 'guest', true)); +Assert::true($acl->roleInheritsFrom('editor', 'member', true)); Assert::true($acl->roleInheritsFrom('editor', 'guest')); -Assert::false($acl->roleInheritsFrom('editor', 'guest', TRUE)); +Assert::false($acl->roleInheritsFrom('editor', 'guest', true)); Assert::false($acl->roleInheritsFrom('guest', 'member')); Assert::false($acl->roleInheritsFrom('member', 'editor')); Assert::false($acl->roleInheritsFrom('guest', 'editor')); diff --git a/tests/Security/Permission.RulesRemove.phpt b/tests/Security/Permission.RulesRemove.phpt index d5119200..6247f9c0 100644 --- a/tests/Security/Permission.RulesRemove.phpt +++ b/tests/Security/Permission.RulesRemove.phpt @@ -12,10 +12,10 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; -$acl->allow(NULL, NULL, ['privilege1', 'privilege2']); +$acl->allow(null, null, ['privilege1', 'privilege2']); Assert::false($acl->isAllowed()); -Assert::true($acl->isAllowed(NULL, NULL, 'privilege1')); -Assert::true($acl->isAllowed(NULL, NULL, 'privilege2')); -$acl->removeAllow(NULL, NULL, 'privilege1'); -Assert::false($acl->isAllowed(NULL, NULL, 'privilege1')); -Assert::true($acl->isAllowed(NULL, NULL, 'privilege2')); +Assert::true($acl->isAllowed(null, null, 'privilege1')); +Assert::true($acl->isAllowed(null, null, 'privilege2')); +$acl->removeAllow(null, null, 'privilege1'); +Assert::false($acl->isAllowed(null, null, 'privilege1')); +Assert::true($acl->isAllowed(null, null, 'privilege2')); diff --git a/tests/Security/Permission.RulesResourceRemove.phpt b/tests/Security/Permission.RulesResourceRemove.phpt index 1e9b7c28..1a528804 100644 --- a/tests/Security/Permission.RulesResourceRemove.phpt +++ b/tests/Security/Permission.RulesResourceRemove.phpt @@ -13,12 +13,12 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->addResource('area'); -$acl->allow(NULL, 'area'); -Assert::true($acl->isAllowed(NULL, 'area')); +$acl->allow(null, 'area'); +Assert::true($acl->isAllowed(null, 'area')); $acl->removeResource('area'); Assert::exception(function () use ($acl) { - $acl->isAllowed(NULL, 'area'); + $acl->isAllowed(null, 'area'); }, Nette\InvalidStateException::class, "Resource 'area' does not exist."); $acl->addResource('area'); -Assert::false($acl->isAllowed(NULL, 'area')); +Assert::false($acl->isAllowed(null, 'area')); diff --git a/tests/Security/Permission.RulesResourceRemoveAll.phpt b/tests/Security/Permission.RulesResourceRemoveAll.phpt index 7afc8741..c1abfd52 100644 --- a/tests/Security/Permission.RulesResourceRemoveAll.phpt +++ b/tests/Security/Permission.RulesResourceRemoveAll.phpt @@ -13,12 +13,12 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->addResource('area'); -$acl->allow(NULL, 'area'); -Assert::true($acl->isAllowed(NULL, 'area')); +$acl->allow(null, 'area'); +Assert::true($acl->isAllowed(null, 'area')); $acl->removeAllResources(); Assert::exception(function () use ($acl) { - $acl->isAllowed(NULL, 'area'); + $acl->isAllowed(null, 'area'); }, Nette\InvalidStateException::class, "Resource 'area' does not exist."); $acl->addResource('area'); -Assert::false($acl->isAllowed(NULL, 'area')); +Assert::false($acl->isAllowed(null, 'area')); diff --git a/tests/Security/User.authentication.phpt b/tests/Security/User.authentication.phpt index d930ca1a..5279a3f4 100644 --- a/tests/Security/User.authentication.phpt +++ b/tests/Security/User.authentication.phpt @@ -83,7 +83,7 @@ Assert::equal(new Identity('John Doe', 'admin'), $user->getIdentity()); Assert::same('John Doe', $user->getId()); // login as john#3 -$user->logout(TRUE); +$user->logout(true); Assert::same(1, $counter->logout); $user->login(new Identity('John Doe', 'admin')); Assert::same(2, $counter->login); @@ -93,7 +93,7 @@ Assert::equal(new Identity('John Doe', 'admin'), $user->getIdentity()); // log out // logging out... -$user->logout(FALSE); +$user->logout(false); Assert::same(2, $counter->logout); Assert::false($user->isLoggedIn()); @@ -101,7 +101,7 @@ Assert::equal(new Identity('John Doe', 'admin'), $user->getIdentity()); // logging out and clearing identity... -$user->logout(TRUE); +$user->logout(true); Assert::same(2, $counter->logout); // not logged in -> logout event not triggered Assert::false($user->isLoggedIn()); diff --git a/tests/Security/User.authorization.phpt b/tests/Security/User.authorization.phpt index 0dbcb2ff..161fe96b 100644 --- a/tests/Security/User.authorization.phpt +++ b/tests/Security/User.authorization.phpt @@ -41,7 +41,7 @@ class Authorizator implements IAuthorizator { function isAllowed($role = self::ALL, $resource = self::ALL, $privilege = self::ALL) { - return $role === 'admin' && strpos($resource, 'jany') === FALSE; + return $role === 'admin' && strpos($resource, 'jany') === false; } } @@ -84,6 +84,6 @@ Assert::false($user->isAllowed('sleep_with_jany')); // log out // logging out... -$user->logout(FALSE); +$user->logout(false); Assert::false($user->isAllowed('delete_file')); From 8a3051f9b16d4d7bfa18b6b0ff6f9f6f418f9801 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Tue, 11 Jul 2017 11:41:59 +0200 Subject: [PATCH 03/21] coding style: fixes in code --- src/Security/Permission.php | 25 ++++++++++--------- tests/Security/MockUserStorage.php | 12 ++++----- ...AfterItWasAllowedAccessToAllResources.phpt | 2 +- tests/Security/User.authentication.phpt | 2 +- tests/Security/User.authorization.phpt | 4 +-- 5 files changed, 23 insertions(+), 22 deletions(-) diff --git a/src/Security/Permission.php b/src/Security/Permission.php index 0918cae2..6f56294f 100644 --- a/src/Security/Permission.php +++ b/src/Security/Permission.php @@ -43,7 +43,8 @@ class Permission implements IAuthorizator ]; /** @var mixed */ - private $queriedRole, $queriedResource; + private $queriedRole; + private $queriedResource; /********************* roles ****************d*g**/ @@ -611,26 +612,26 @@ public function isAllowed($role = self::ALL, $resource = self::ALL, $privilege = do { // depth-first search on $role if it is not 'allRoles' pseudo-parent - if ($role !== null && null !== ($result = $this->searchRolePrivileges($privilege === self::ALL, $role, $resource, $privilege))) { + if ($role !== null && ($result = $this->searchRolePrivileges($privilege === self::ALL, $role, $resource, $privilege)) !== null) { break; } if ($privilege === self::ALL) { if ($rules = $this->getRules($resource, self::ALL)) { // look for rule on 'allRoles' psuedo-parent foreach ($rules['byPrivilege'] as $privilege => $rule) { - if (self::DENY === ($result = $this->getRuleType($resource, null, $privilege))) { + if (($result = $this->getRuleType($resource, null, $privilege)) === self::DENY) { break 2; } } - if (null !== ($result = $this->getRuleType($resource, null, null))) { + if (($result = $this->getRuleType($resource, null, null)) !== null) { break; } } } else { - if (null !== ($result = $this->getRuleType($resource, null, $privilege))) { // look for rule on 'allRoles' pseudo-parent + if (($result = $this->getRuleType($resource, null, $privilege)) !== null) { // look for rule on 'allRoles' pseudo-parent break; - } elseif (null !== ($result = $this->getRuleType($resource, null, null))) { + } elseif (($result = $this->getRuleType($resource, null, null)) !== null) { break; } } @@ -682,26 +683,26 @@ private function searchRolePrivileges($all, $role, $resource, $privilege) 'stack' => [$role], ]; - while (null !== ($role = array_pop($dfs['stack']))) { + while (($role = array_pop($dfs['stack'])) !== null) { if (isset($dfs['visited'][$role])) { continue; } if ($all) { if ($rules = $this->getRules($resource, $role)) { foreach ($rules['byPrivilege'] as $privilege2 => $rule) { - if (self::DENY === $this->getRuleType($resource, $role, $privilege2)) { + if ($this->getRuleType($resource, $role, $privilege2) === self::DENY) { return self::DENY; } } - if (null !== ($type = $this->getRuleType($resource, $role, null))) { + if (($type = $this->getRuleType($resource, $role, null)) !== null) { return $type; } } } else { - if (null !== ($type = $this->getRuleType($resource, $role, $privilege))) { + if (($type = $this->getRuleType($resource, $role, $privilege)) !== null) { return $type; - } elseif (null !== ($type = $this->getRuleType($resource, $role, null))) { + } elseif (($type = $this->getRuleType($resource, $role, null)) !== null) { return $type; } } @@ -747,7 +748,7 @@ private function getRuleType($resource, $role, $privilege) } elseif ($resource !== self::ALL || $role !== self::ALL || $privilege !== self::ALL) { return null; - } elseif (self::ALLOW === $rule['type']) { + } elseif ($rule['type'] === self::ALLOW) { return self::DENY; } else { diff --git a/tests/Security/MockUserStorage.php b/tests/Security/MockUserStorage.php index 65b0a6b9..04c781a5 100644 --- a/tests/Security/MockUserStorage.php +++ b/tests/Security/MockUserStorage.php @@ -6,36 +6,36 @@ class MockUserStorage implements Nette\Security\IUserStorage private $identity; - function setAuthenticated($state) + public function setAuthenticated($state) { $this->auth = $state; } - function isAuthenticated() + public function isAuthenticated() { return $this->auth; } - function setIdentity(Nette\Security\IIdentity $identity = null) + public function setIdentity(Nette\Security\IIdentity $identity = null) { $this->identity = $identity; } - function getIdentity() + public function getIdentity() { return $this->identity; } - function setExpiration($time, $flags = 0) + public function setExpiration($time, $flags = 0) { } - function getLogoutReason() + public function getLogoutReason() { } } diff --git a/tests/Security/Permission.RemovingRoleAfterItWasAllowedAccessToAllResources.phpt b/tests/Security/Permission.RemovingRoleAfterItWasAllowedAccessToAllResources.phpt index 8fb378f7..dc8984b7 100644 --- a/tests/Security/Permission.RemovingRoleAfterItWasAllowedAccessToAllResources.phpt +++ b/tests/Security/Permission.RemovingRoleAfterItWasAllowedAccessToAllResources.phpt @@ -18,7 +18,7 @@ $acl->addRole('test1'); $acl->addRole('test2'); $acl->addResource('Test'); -$acl->allow(null,'Test','xxx'); +$acl->allow(null, 'Test', 'xxx'); // error test $acl->removeRole('test0'); diff --git a/tests/Security/User.authentication.phpt b/tests/Security/User.authentication.phpt index 5279a3f4..ac0ce3a4 100644 --- a/tests/Security/User.authentication.phpt +++ b/tests/Security/User.authentication.phpt @@ -19,7 +19,7 @@ ob_start(); class Authenticator implements IAuthenticator { - function authenticate(array $credentials) + public function authenticate(array $credentials) { list($username, $password) = $credentials; if ($username !== 'john') { diff --git a/tests/Security/User.authorization.phpt b/tests/Security/User.authorization.phpt index 161fe96b..858b0ae7 100644 --- a/tests/Security/User.authorization.phpt +++ b/tests/Security/User.authorization.phpt @@ -21,7 +21,7 @@ ob_start(); class Authenticator implements IAuthenticator { - function authenticate(array $credentials) + public function authenticate(array $credentials) { list($username, $password) = $credentials; if ($username !== 'john') { @@ -39,7 +39,7 @@ class Authenticator implements IAuthenticator class Authorizator implements IAuthorizator { - function isAllowed($role = self::ALL, $resource = self::ALL, $privilege = self::ALL) + public function isAllowed($role = self::ALL, $resource = self::ALL, $privilege = self::ALL) { return $role === 'admin' && strpos($resource, 'jany') === false; } From cd166a7256983a72d88e65f505b6d3b523e878e5 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Thu, 13 Jul 2017 18:55:56 +0200 Subject: [PATCH 04/21] travis: tested using Nette Coding Standard --- .travis.yml | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/.travis.yml b/.travis.yml index a9801d11..b4a0bdc0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,6 +11,8 @@ matrix: env: dependencies="--prefer-lowest --prefer-stable" - php: 7.0 env: coverage=on + - php: 7.1 + env: codingStandard=on allow_failures: - php: 7.0 @@ -18,25 +20,34 @@ matrix: script: - vendor/bin/tester tests -s $coverageArgs - - php temp/code-checker/src/code-checker.php --short-arrays + - > + if [ "$codingStandard" ]; then + php temp/code-checker/src/code-checker.php --short-arrays + && php temp/coding-standard/ecs check src tests --config temp/coding-standard/coding-standard-php56.neon; + fi after_failure: # Print *.actual content - for i in $(find tests -name \*.actual); do echo "--- $i"; cat $i; echo; echo; done before_script: - # Install Nette Tester & Code Checker + # Install Nette Tester - travis_retry composer update --no-interaction --prefer-dist $dependencies - - travis_retry composer create-project nette/code-checker temp/code-checker ~2.5 --no-interaction - - if [ "$coverage" == "on" ]; then coverageArgs="-p phpdbg --coverage ./coverage.xml --coverage-src ./src"; fi + # Install Code Checkers + - > + if [ "$codingStandard" ]; then + travis_retry composer create-project nette/code-checker temp/code-checker ~2 --no-interaction; + travis_retry composer create-project nette/coding-standard temp/coding-standard --no-interaction; + fi + - if [ "$coverage" ]; then coverageArgs="-p phpdbg --coverage ./coverage.xml --coverage-src ./src"; fi after_script: # Report Code Coverage - > - if [ "$coverage" == "on" ]; then + if [ "$coverage" ]; then wget https://github.com/satooshi/php-coveralls/releases/download/v1.0.1/coveralls.phar - && php coveralls.phar --verbose --config tests/.coveralls.yml - || true; fi + && php coveralls.phar --verbose --config tests/.coveralls.yml; + fi sudo: false From 9f439945b6d325018207284bb290b257412a1349 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Sun, 16 Jul 2017 23:54:44 +0200 Subject: [PATCH 05/21] composer: updated description --- composer.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 20cc5c02..c6479bbe 100644 --- a/composer.json +++ b/composer.json @@ -1,6 +1,7 @@ { "name": "nette/security", - "description": "Nette Security: Access Control Component", + "description": "🔑 Nette Security: provides authentication, authorization and a role-based access control management via ACL (Access Control List)", + "keywords": ["nette", "authentication", "authorization", "ACL"], "homepage": "https://nette.org", "license": ["BSD-3-Clause", "GPL-2.0", "GPL-3.0"], "authors": [ From 3daf0d30962aa26b370f4b5bc13cd7a79288afbd Mon Sep 17 00:00:00 2001 From: David Grudl Date: Mon, 24 Jul 2017 02:53:22 +0200 Subject: [PATCH 06/21] travis: added PHP 7.2 --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index b4a0bdc0..4e49de6a 100644 --- a/.travis.yml +++ b/.travis.yml @@ -3,6 +3,7 @@ php: - 5.6 - 7.0 - 7.1 + - 7.2 env: matrix: From 406d326ffc8fce6525dea83aada26ec1f7885846 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Mon, 24 Jul 2017 15:27:55 +0200 Subject: [PATCH 07/21] travis: use stages --- .travis.yml | 77 ++++++++++++++++++++++++++++------------------------- 1 file changed, 41 insertions(+), 36 deletions(-) diff --git a/.travis.yml b/.travis.yml index 4e49de6a..3f65a184 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,53 +5,58 @@ php: - 7.1 - 7.2 -env: -matrix: - include: - - php: 5.6 - env: dependencies="--prefer-lowest --prefer-stable" - - php: 7.0 - env: coverage=on - - php: 7.1 - env: codingStandard=on +before_install: + # turn off XDebug + - phpenv config-rm xdebug.ini || return 0 - allow_failures: - - php: 7.0 - env: coverage=on +install: + - travis_retry composer install --no-progress --prefer-dist script: - - vendor/bin/tester tests -s $coverageArgs - - > - if [ "$codingStandard" ]; then - php temp/code-checker/src/code-checker.php --short-arrays - && php temp/coding-standard/ecs check src tests --config temp/coding-standard/coding-standard-php56.neon; - fi + - vendor/bin/tester tests -s after_failure: # Print *.actual content - for i in $(find tests -name \*.actual); do echo "--- $i"; cat $i; echo; echo; done -before_script: - # Install Nette Tester - - travis_retry composer update --no-interaction --prefer-dist $dependencies - # Install Code Checkers - - > - if [ "$codingStandard" ]; then - travis_retry composer create-project nette/code-checker temp/code-checker ~2 --no-interaction; - travis_retry composer create-project nette/coding-standard temp/coding-standard --no-interaction; - fi - - if [ "$coverage" ]; then coverageArgs="-p phpdbg --coverage ./coverage.xml --coverage-src ./src"; fi - -after_script: - # Report Code Coverage - - > - if [ "$coverage" ]; then - wget https://github.com/satooshi/php-coveralls/releases/download/v1.0.1/coveralls.phar - && php coveralls.phar --verbose --config tests/.coveralls.yml; - fi +jobs: + include: + - env: title="Lowest Dependencies" + install: + - travis_retry composer update --no-progress --prefer-dist --prefer-lowest --prefer-stable + + + - stage: Code Standard Checker + php: 7.1 + install: + # Install Nette Code Checker + - travis_retry composer create-project nette/code-checker temp/code-checker ~2 --no-progress + # Install Nette Coding Standard + - travis_retry composer create-project nette/coding-standard temp/coding-standard --no-progress + + script: + - php temp/code-checker/src/code-checker.php --short-arrays + - php temp/coding-standard/ecs check src tests --config temp/coding-standard/coding-standard-php56.neon + + + - stage: Code Coverage + php: 7.1 + script: + - vendor/bin/tester -p phpdbg tests -s --coverage ./coverage.xml --coverage-src ./src + after_script: + - wget https://github.com/satooshi/php-coveralls/releases/download/v1.0.1/coveralls.phar + - php coveralls.phar --verbose --config tests/.coveralls.yml + + + allow_failures: + - stage: Code Coverage + sudo: false cache: directories: - $HOME/.composer/cache + +notifications: + email: false From fd7d555f11e1b3c1cb875181fc4e16601aecb3f3 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Thu, 24 Aug 2017 23:05:37 +0200 Subject: [PATCH 08/21] SecurityExtension: used setFactory() instead of misused setClass() --- src/Bridges/SecurityDI/SecurityExtension.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Bridges/SecurityDI/SecurityExtension.php b/src/Bridges/SecurityDI/SecurityExtension.php index d96f36a8..5686626a 100644 --- a/src/Bridges/SecurityDI/SecurityExtension.php +++ b/src/Bridges/SecurityDI/SecurityExtension.php @@ -42,7 +42,7 @@ public function loadConfiguration() ->setFactory(Nette\Http\UserStorage::class); $user = $builder->addDefinition($this->prefix('user')) - ->setClass(Nette\Security\User::class); + ->setFactory(Nette\Security\User::class); if ($this->debugMode && $config['debugger']) { $user->addSetup('@Tracy\Bar::addPanel', [ From e9c6021c243307a38257ecf221d3c704eda685cc Mon Sep 17 00:00:00 2001 From: David Grudl Date: Tue, 26 Sep 2017 13:20:37 +0200 Subject: [PATCH 09/21] coding style --- src/Security/Permission.php | 1 + tests/Security/MockUserStorage.php | 1 + 2 files changed, 2 insertions(+) diff --git a/src/Security/Permission.php b/src/Security/Permission.php index 6f56294f..0d7e3837 100644 --- a/src/Security/Permission.php +++ b/src/Security/Permission.php @@ -44,6 +44,7 @@ class Permission implements IAuthorizator /** @var mixed */ private $queriedRole; + private $queriedResource; diff --git a/tests/Security/MockUserStorage.php b/tests/Security/MockUserStorage.php index 04c781a5..78bed2c5 100644 --- a/tests/Security/MockUserStorage.php +++ b/tests/Security/MockUserStorage.php @@ -3,6 +3,7 @@ class MockUserStorage implements Nette\Security\IUserStorage { private $auth = false; + private $identity; From d46a7f9dbe02b73aa0c9fa192f43260e3a1cb17d Mon Sep 17 00:00:00 2001 From: David Grudl Date: Tue, 20 Mar 2018 20:20:27 +0100 Subject: [PATCH 10/21] improved typehints --- src/Security/Permission.php | 46 ++++++++++++++++++------------------- src/Security/User.php | 16 ++++++------- 2 files changed, 31 insertions(+), 31 deletions(-) diff --git a/src/Security/Permission.php b/src/Security/Permission.php index 0d7e3837..152731f5 100644 --- a/src/Security/Permission.php +++ b/src/Security/Permission.php @@ -409,9 +409,9 @@ public function removeAllResources() * Allows one or more Roles access to [certain $privileges upon] the specified Resource(s). * If $assertion is provided, then it must return true in order for rule to apply. * - * @param string|string[]|Permission::ALL - * @param string|string[]|Permission::ALL - * @param string|string[]|Permission::ALL + * @param string|string[]|null + * @param string|string[]|null + * @param string|string[]|null * @param callable assertion * @return static */ @@ -426,9 +426,9 @@ public function allow($roles = self::ALL, $resources = self::ALL, $privileges = * Denies one or more Roles access to [certain $privileges upon] the specified Resource(s). * If $assertion is provided, then it must return true in order for rule to apply. * - * @param string|string[]|Permission::ALL - * @param string|string[]|Permission::ALL - * @param string|string[]|Permission::ALL + * @param string|string[]|null + * @param string|string[]|null + * @param string|string[]|null * @param callable assertion * @return static */ @@ -442,9 +442,9 @@ public function deny($roles = self::ALL, $resources = self::ALL, $privileges = s /** * Removes "allow" permissions from the list in the context of the given Roles, Resources, and privileges. * - * @param string|string[]|Permission::ALL - * @param string|string[]|Permission::ALL - * @param string|string[]|Permission::ALL + * @param string|string[]|null + * @param string|string[]|null + * @param string|string[]|null * @return static */ public function removeAllow($roles = self::ALL, $resources = self::ALL, $privileges = self::ALL) @@ -457,9 +457,9 @@ public function removeAllow($roles = self::ALL, $resources = self::ALL, $privile /** * Removes "deny" restrictions from the list in the context of the given Roles, Resources, and privileges. * - * @param string|string[]|Permission::ALL - * @param string|string[]|Permission::ALL - * @param string|string[]|Permission::ALL + * @param string|string[]|null + * @param string|string[]|null + * @param string|string[]|null * @return static */ public function removeDeny($roles = self::ALL, $resources = self::ALL, $privileges = self::ALL) @@ -473,9 +473,9 @@ public function removeDeny($roles = self::ALL, $resources = self::ALL, $privileg * Performs operations on Access Control List rules. * @param bool operation add? * @param bool type - * @param string|string[]|Permission::ALL - * @param string|string[]|Permission::ALL - * @param string|string[]|Permission::ALL + * @param string|string[]|null + * @param string|string[]|null + * @param string|string[]|null * @param callable assertion * @throws Nette\InvalidStateException * @return static @@ -587,9 +587,9 @@ protected function setRule($toAdd, $type, $roles, $resources, $privileges, $asse * and its respective parents are checked similarly before the lower-priority parents of * the Role are checked. * - * @param string|Permission::ALL|IRole - * @param string|Permission::ALL|IResource - * @param string|Permission::ALL + * @param string|null|IRole $role + * @param string|null|IResource $resource + * @param string|null $privilege * @throws Nette\InvalidStateException * @return bool */ @@ -719,9 +719,9 @@ private function searchRolePrivileges($all, $role, $resource, $privilege) /** * Returns the rule type associated with the specified Resource, Role, and privilege. - * @param string|Permission::ALL - * @param string|Permission::ALL - * @param string|Permission::ALL + * @param string|null $resource + * @param string|null $role + * @param string|null $privilege * @return bool|null null if a rule does not exist or assertion fails, otherwise returns ALLOW or DENY */ private function getRuleType($resource, $role, $privilege) @@ -761,8 +761,8 @@ private function getRuleType($resource, $role, $privilege) /** * Returns the rules associated with a Resource and a Role, or null if no such rules exist. * If the $create parameter is true, then a rule set is first created and then returned to the caller. - * @param string|Permission::ALL - * @param string|Permission::ALL + * @param string|null $resource + * @param string|null $role * @param bool * @return array|null */ diff --git a/src/Security/User.php b/src/Security/User.php index 42173449..cb0b80dd 100644 --- a/src/Security/User.php +++ b/src/Security/User.php @@ -48,10 +48,10 @@ class User /** @var IUserStorage Session storage for current user */ private $storage; - /** @var IAuthenticator */ + /** @var IAuthenticator|null */ private $authenticator; - /** @var IAuthorizator */ + /** @var IAuthorizator|null */ private $authorizator; @@ -77,18 +77,18 @@ public function getStorage() /** * Conducts the authentication process. Parameters are optional. - * @param mixed optional parameter (e.g. username or IIdentity) - * @param mixed optional parameter (e.g. password) + * @param string|IIdentity username or Identity + * @param string * @return void * @throws AuthenticationException if authentication was not successful */ - public function login($id = null, $password = null) + public function login($user, $password = null) { $this->logout(true); - if (!$id instanceof IIdentity) { - $id = $this->getAuthenticator()->authenticate(func_get_args()); + if (!$user instanceof IIdentity) { + $user = $this->getAuthenticator()->authenticate(func_get_args()); } - $this->storage->setIdentity($id); + $this->storage->setIdentity($user); $this->storage->setAuthenticated(true); $this->onLoggedIn($this); } From 9b60f156626394f859a42a04dfbdcbe59095a37c Mon Sep 17 00:00:00 2001 From: David Grudl Date: Fri, 8 Sep 2017 02:18:32 +0200 Subject: [PATCH 11/21] Permission: used native callback invocation --- src/Security/Permission.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Security/Permission.php b/src/Security/Permission.php index 152731f5..8c7d0550 100644 --- a/src/Security/Permission.php +++ b/src/Security/Permission.php @@ -743,7 +743,7 @@ private function getRuleType($resource, $role, $privilege) $rule = $rules['byPrivilege'][$privilege]; } - if ($rule['assert'] === null || Nette\Utils\Callback::invoke($rule['assert'], $this, $role, $resource, $privilege)) { + if ($rule['assert'] === null || call_user_func($rule['assert'], $this, $role, $resource, $privilege)) { return $rule['type']; } elseif ($resource !== self::ALL || $role !== self::ALL || $privilege !== self::ALL) { From a945e7d2e6b6cee0e0f50a969084bfc1e12b8e0f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Richard=20Kapi=C4=8Dka?= Date: Sun, 13 May 2018 18:22:28 +0200 Subject: [PATCH 12/21] Remove Nette\Object from Readme (#30) --- readme.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/readme.md b/readme.md index c6f8006e..5f40b28a 100644 --- a/readme.md +++ b/readme.md @@ -101,7 +101,7 @@ We will create a custom authenticator that will check validity of login credenti ```php use Nette\Security as NS; -class MyAuthenticator extends Nette\Object implements NS\IAuthenticator +class MyAuthenticator implements NS\IAuthenticator { public $database; @@ -205,8 +205,7 @@ Authorizator decides, whether the user has permission to take some action. It's An implementation skeleton looks like this: ```php -class MyAuthorizator extends Nette\Object - implements Nette\Security\IAuthorizator +class MyAuthorizator implements Nette\Security\IAuthorizator { function isAllowed($role, $resource, $privilege) From bc18d476fe9a21e3e67881d5bbcc10b6f2c9cd18 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Sun, 15 Jul 2018 17:52:29 +0200 Subject: [PATCH 13/21] Passwords: simplified checking for invalid hash --- src/Security/Passwords.php | 10 +++------- tests/Security/Passwords.hash().phpt | 11 ++++------- 2 files changed, 7 insertions(+), 14 deletions(-) diff --git a/src/Security/Passwords.php b/src/Security/Passwords.php index 6e280a8a..f46b6317 100644 --- a/src/Security/Passwords.php +++ b/src/Security/Passwords.php @@ -29,13 +29,9 @@ class Passwords */ public static function hash($password, array $options = []) { - if (isset($options['cost']) && ($options['cost'] < 4 || $options['cost'] > 31)) { - throw new Nette\InvalidArgumentException("Cost must be in range 4-31, $options[cost] given."); - } - - $hash = password_hash($password, PASSWORD_BCRYPT, $options); - if ($hash === false || strlen($hash) < 60) { - throw new Nette\InvalidStateException('Hash computed by password_hash is invalid.'); + $hash = @password_hash($password, PASSWORD_BCRYPT, $options); // @ is escalated to exception + if (!$hash) { + throw new Nette\InvalidStateException('Computed hash is invalid. ' . error_get_last()['message']); } return $hash; } diff --git a/tests/Security/Passwords.hash().phpt b/tests/Security/Passwords.hash().phpt index dd1080a0..71bffe78 100644 --- a/tests/Security/Passwords.hash().phpt +++ b/tests/Security/Passwords.hash().phpt @@ -12,15 +12,12 @@ require __DIR__ . '/../bootstrap.php'; Assert::truthy( - preg_match('#^\$2.\$\d\d\$.{53}\z#', - Passwords::hash('')) + preg_match('#^\$2.\$\d\d\$.{53}\z#', Passwords::hash('')) ); Assert::truthy( - preg_match('#^\$2y\$05\$.{53}\z#', - $h = Passwords::hash('dg', ['cost' => 5])) + preg_match('#^\$2y\$05\$.{53}\z#', Passwords::hash('dg', ['cost' => 5])) ); -echo $h; $hash = Passwords::hash('dg'); Assert::same($hash, crypt('dg', $hash)); @@ -28,8 +25,8 @@ Assert::same($hash, crypt('dg', $hash)); Assert::exception(function () { Passwords::hash('dg', ['cost' => 3]); -}, Nette\InvalidArgumentException::class, 'Cost must be in range 4-31, 3 given.'); +}, Nette\InvalidStateException::class, 'Computed hash is invalid. password_hash(): Invalid bcrypt cost parameter specified: 3'); Assert::exception(function () { Passwords::hash('dg', ['cost' => 32]); -}, Nette\InvalidArgumentException::class, 'Cost must be in range 4-31, 32 given.'); +}, Nette\InvalidStateException::class, 'Computed hash is invalid. password_hash(): Invalid bcrypt cost parameter specified: 32'); From c9039aaa5e9aeb07d0dff44b29ae711082ec533e Mon Sep 17 00:00:00 2001 From: David Grudl Date: Sun, 15 Jul 2018 17:52:29 +0200 Subject: [PATCH 14/21] Passwords: is not static class (forward compatibility with v3) --- src/Security/Passwords.php | 2 +- tests/Security/Passwords.non-static.phpt | 25 ++++++++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) create mode 100644 tests/Security/Passwords.non-static.phpt diff --git a/src/Security/Passwords.php b/src/Security/Passwords.php index f46b6317..f5467e37 100644 --- a/src/Security/Passwords.php +++ b/src/Security/Passwords.php @@ -15,7 +15,7 @@ */ class Passwords { - use Nette\StaticClass; + use Nette\SmartObject; /** @deprecated */ const BCRYPT_COST = 10; diff --git a/tests/Security/Passwords.non-static.phpt b/tests/Security/Passwords.non-static.phpt new file mode 100644 index 00000000..153e317a --- /dev/null +++ b/tests/Security/Passwords.non-static.phpt @@ -0,0 +1,25 @@ +hash('')) +); + +Assert::true((new Passwords)->needsRehash('$2y$05$123456789012345678901uTj3G.8OMqoqrOMca1z/iBLqLNaWe6DK')); +Assert::false((new Passwords)->needsRehash('$2y$05$123456789012345678901uTj3G.8OMqoqrOMca1z/iBLqLNaWe6DK', ['cost' => 5])); + +Assert::true((new Passwords)->verify('dg', '$2y$05$123456789012345678901uTj3G.8OMqoqrOMca1z/iBLqLNaWe6DK')); +Assert::true((new Passwords)->verify('dg', '$2x$05$123456789012345678901uTj3G.8OMqoqrOMca1z/iBLqLNaWe6DK')); +Assert::false((new Passwords)->verify('dgx', '$2y$05$123456789012345678901uTj3G.8OMqoqrOMca1z/iBLqLNaWe6DK')); From 473f7ec6ccb24aee014fa85aaeaea80f4a8728c2 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Mon, 16 Jul 2018 11:43:33 +0200 Subject: [PATCH 15/21] SecurityExtension: added service 'passwords' --- src/Bridges/SecurityDI/SecurityExtension.php | 3 +++ .../SecurityExtension.passwords.phpt | 25 +++++++++++++++++++ 2 files changed, 28 insertions(+) create mode 100644 tests/Security.DI/SecurityExtension.passwords.phpt diff --git a/src/Bridges/SecurityDI/SecurityExtension.php b/src/Bridges/SecurityDI/SecurityExtension.php index 5686626a..e4d38578 100644 --- a/src/Bridges/SecurityDI/SecurityExtension.php +++ b/src/Bridges/SecurityDI/SecurityExtension.php @@ -37,6 +37,9 @@ public function loadConfiguration() $config = $this->validateConfig($this->defaults); $builder = $this->getContainerBuilder(); + $builder->addDefinition($this->prefix('passwords')) + ->setFactory(Nette\Security\Passwords::class); + $builder->addDefinition($this->prefix('userStorage')) ->setClass(Nette\Security\IUserStorage::class) ->setFactory(Nette\Http\UserStorage::class); diff --git a/tests/Security.DI/SecurityExtension.passwords.phpt b/tests/Security.DI/SecurityExtension.passwords.phpt new file mode 100644 index 00000000..191ee2e5 --- /dev/null +++ b/tests/Security.DI/SecurityExtension.passwords.phpt @@ -0,0 +1,25 @@ +addExtension('foo', new HttpExtension); +$compiler->addExtension('bar', new SessionExtension); +$compiler->addExtension('security', new SecurityExtension); + +eval($compiler->compile()); +$container = new Container; + +Assert::type(Nette\Security\Passwords::class, $container->getService('security.passwords')); From 2cc497befedca5bf09c32d79224770601212e6c8 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Thu, 13 Sep 2018 01:40:32 +0200 Subject: [PATCH 16/21] travis: uses NCS 2 --- .travis.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index 3f65a184..a4fbea66 100644 --- a/.travis.yml +++ b/.travis.yml @@ -30,13 +30,13 @@ jobs: php: 7.1 install: # Install Nette Code Checker - - travis_retry composer create-project nette/code-checker temp/code-checker ~2 --no-progress + - travis_retry composer create-project nette/code-checker temp/code-checker ^3 --no-progress # Install Nette Coding Standard - - travis_retry composer create-project nette/coding-standard temp/coding-standard --no-progress + - travis_retry composer create-project nette/coding-standard temp/coding-standard ^2 --no-progress script: - - php temp/code-checker/src/code-checker.php --short-arrays - - php temp/coding-standard/ecs check src tests --config temp/coding-standard/coding-standard-php56.neon + - php temp/code-checker/code-checker + - php temp/coding-standard/ecs check src tests --config temp/coding-standard/coding-standard-php56.yml - stage: Code Coverage From 7b8ac90c9ec405bb3b4dab9214bf122d3620fc65 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Wed, 17 Oct 2018 17:50:02 +0200 Subject: [PATCH 17/21] travis: added PHP 7.3 --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index a4fbea66..f4a8f3b8 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,6 +4,7 @@ php: - 7.0 - 7.1 - 7.2 + - 7.3 before_install: # turn off XDebug From e1abd7f50d8c0adc71fb3a61640d0276d20bc662 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Tvrd=C3=ADk?= Date: Tue, 24 Sep 2019 12:57:27 +0200 Subject: [PATCH 18/21] travis: added PHP 7.4 --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index f4a8f3b8..90a00c2e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,6 +5,7 @@ php: - 7.1 - 7.2 - 7.3 + - 7.4 before_install: # turn off XDebug From 7cc34977034d638a56681c69495f0f67a5c22405 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Tue, 6 Oct 2020 19:06:38 +0200 Subject: [PATCH 19/21] tests: fixed compatibility with PHP 8.0 --- tests/Security/Passwords.hash().phpt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/Security/Passwords.hash().phpt b/tests/Security/Passwords.hash().phpt index 71bffe78..ac680bb8 100644 --- a/tests/Security/Passwords.hash().phpt +++ b/tests/Security/Passwords.hash().phpt @@ -25,8 +25,8 @@ Assert::same($hash, crypt('dg', $hash)); Assert::exception(function () { Passwords::hash('dg', ['cost' => 3]); -}, Nette\InvalidStateException::class, 'Computed hash is invalid. password_hash(): Invalid bcrypt cost parameter specified: 3'); +}, PHP_VERSION_ID < 80000 ? Nette\InvalidStateException::class : ValueError::class); Assert::exception(function () { Passwords::hash('dg', ['cost' => 32]); -}, Nette\InvalidStateException::class, 'Computed hash is invalid. password_hash(): Invalid bcrypt cost parameter specified: 32'); +}, PHP_VERSION_ID < 80000 ? Nette\InvalidStateException::class : ValueError::class); From 8d45a030b0ced018d1d49840d58d1dac16bcadd4 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Thu, 15 Oct 2020 17:25:05 +0200 Subject: [PATCH 20/21] tested on PHP 8.0 --- .travis.yml | 3 ++- readme.md | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 90a00c2e..8651573e 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,6 +6,7 @@ php: - 7.2 - 7.3 - 7.4 + - 8.0snapshot before_install: # turn off XDebug @@ -54,7 +55,7 @@ jobs: - stage: Code Coverage -sudo: false +dist: xenial cache: directories: diff --git a/readme.md b/readme.md index 5f40b28a..30526f49 100644 --- a/readme.md +++ b/readme.md @@ -13,6 +13,8 @@ Nette Security: Access Control - how to create custom authenticators and authorizators - Access Control List +It requires PHP version 5.6 and supports PHP up to 8.0. + Authentication ============== From 5b3de01872ba1909cc30948076d1bf4b85e431d4 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Mon, 25 Jan 2021 21:37:12 +0100 Subject: [PATCH 21/21] readme: removed badges --- readme.md | 6 ------ 1 file changed, 6 deletions(-) diff --git a/readme.md b/readme.md index 30526f49..8376228c 100644 --- a/readme.md +++ b/readme.md @@ -1,12 +1,6 @@ Nette Security: Access Control ============================== -[![Downloads this Month](https://img.shields.io/packagist/dm/nette/security.svg)](https://packagist.org/packages/nette/security) -[![Build Status](https://travis-ci.org/nette/security.svg?branch=master)](https://travis-ci.org/nette/security) -[![Coverage Status](https://coveralls.io/repos/github/nette/security/badge.svg?branch=master)](https://coveralls.io/github/nette/security?branch=master) -[![Latest Stable Version](https://poser.pugx.org/nette/security/v/stable)](https://github.com/nette/security/releases) -[![License](https://img.shields.io/badge/license-New%20BSD-blue.svg)](https://github.com/nette/security/blob/master/license.md) - - user login and logout - verifying user privileges - securing against vulnerabilities