xplo.re Medusa Core Framework 3.1
  • Namespace
  • Class
  • Tree
  • Deprecated
  • Event
  • Todo
  • Download

Namespaces

  • Core
    • Authentication
      • Auto
        • Driver
      • Driver
    • Cache
      • Driver
    • Charset
      • Driver
    • Configuration
    • Controller
    • Converter
      • Driver
    • Decoder
      • Driver
    • Encoder
      • Driver
    • Env
      • Authentication
      • Locale
      • Proxy
      • Server
        • HTTP
        • Redirect
        • X
    • Exception
    • Exchange
      • Driver
    • Field
    • Filter
      • Driver
    • Formatter
      • Driver
        • coreuimarkup
          • Token
    • Hash
    • Loader
    • Locale
    • Log
      • Driver
    • Module
      • Dependency
        • Requirement
          • Core
          • PHP
      • Linkage
        • Driver
    • PDF
    • Plugin
    • Query
      • Driver
    • Server
      • Driver
    • Session
      • Driver
    • Set
    • Storage
      • Driver
      • Field
        • Element
    • Stream
      • Driver
    • String
    • Translation
      • Driver
      • Language
        • Driver
    • URI
      • Driver
    • Version
    • View
      • Driver
        • coreui
          • Control
            • Button
            • Table
          • Element
        • htmlbuilder
          • Tags
        • yui
          • Modules
  • None
  • PHP

Classes

  • Authentication
  • Authentication_Token
  • Autoloader
  • Cache
  • Charset
  • ClassDescriptor
  • Closure
  • Controller
  • Converter
  • Date
  • Decoder
  • Delegate
  • Dispatcher
  • Encoder
  • Env
  • Env_Field
  • Env_File
  • Env_FileList
  • Env_Request
  • Env_SERVER
  • Exchange
  • Fault
  • Field
  • Filter
  • Filter_Value
  • Formatter
  • Hash
  • IP
  • Loader
  • Locale
  • Locale_Iterator
  • Locale_Node
  • Log
  • Module
  • Module_Iterator
  • Nothing
  • Object
  • OS
  • Plugin
  • Profiler
  • Query
  • Registry
  • Resource
  • Server
  • Session
  • Session_Token
  • Set
  • Storage
  • Storage_Result
  • Storage_Statement
  • Stream
  • String
  • Translation
  • URI
  • URI_Parameters
  • UUID
  • Value
  • Version
  • View

Interfaces

  • Accessor
  • Chainable
  • Comparable
  • Configurable
  • Equality
  • Identity
  • Inquiry
  • Masquerade
  • Mutator
  • SeekableStream
  • Storable
  • Variator

Exceptions

  • Exception

Constants

  • Copyright
  • ProductName
  • UseVersion
  • Version

Functions

  • ns_expand
  • ns_file_exists
  • ns_get_version
  • ns_resolve

Class Authentication

Generic authentication interface.

Core\Object implements Core\Chainable
Extended by Core\Set implements Core\Accessor
Extended by Core\Authentication

Direct known subclasses

Core\Authentication\Driver\ldap, Core\Authentication\Driver\sspi, Core\Authentication\Driver\storage

Abstract
Namespace: Core
Package: Core\Authentication
Since: 3.0
Requires: PHP 5.3
Version: 2.1
Located at Authentication.inc.php

Methods summary

protected
# __construct( Core\URI $uri )

Parameters

$uri
Authentication driver description from factory.

Throws

Core\Exception\InvalidArgument
Target object for auto-chaining does not implement Core\Chainable.
Core\Exception\MissingParameter
A mandatory parameter is missing.
Core\Exception\Parameter
Invalid value for enumeration parameter.

Since

3.0
abstract protected Core\Authentication_Token|false
# _validate( array $credentials )

Driver implementation of user credentials verification.

Driver implementation of user credentials verification.

Parameters

$credentials

Associative array of user credentials. Contains at least the following entries:

  • string user

    The username to verify.

  • string password

    The provided password or password hash to verify.

  • string domain

    The domain name to verify credentials for.

Returns

Core\Authentication_Token|false

Token instance for the specified user on success, otherwise false. Set the status and status message properties to provide additional information on why authentication failed.

If the back-end encounters a fatal error, it might throw an exception.

Remark

Drivers must set the status property and should set the status message property to provide extended status information.


Since

3.0

See

self::$status
self::$statusMessage
protected boolean
# _validatePassword( array $credentials, string $backendPassword )

Performs validation step for standardised authentication methods.

Performs validation step for standardised authentication methods.

This method simplifies the authentication process for back-ends with full control and access to the user password storage system. Passwords are automatically encoded using the configured encoder and compared in their encoded form.

Parameters

$credentials

Associative array of user credentials. Accesses the following fields:

  • callable callback

    Optional callback used to calculate a password hash from given credentials and back-end password. Primarily used by authentication automation helpers.

  • string password

    Password to validate.

$backendPassword
The password retrieved from the authentication back-end.

Returns

boolean
true, if user credentials match, otherwise false.

Remark

This method automatically updates the status code property.

Since

3.0
public static Core\Authentication
# autocreate( Core\URI $uri )

Authentication driver factory.

Authentication driver factory.

Parameters

$uri
Authentication driver description.

Returns

Core\Authentication
New authentication driver instance.

Throws

Core\Exception\InvalidDriver
The driver description scheme refers to an unknown driver.

Since

3.0
public boolean
# chain( Core\Chainable $object, array $flags = null )

Adds or replaces a successive authentication layer.

Adds or replaces a successive authentication layer.

Parameters

$object
Successive authentication instance to set.
$flags

The following optional chain flags are supported:

  • bool replace

    If set to true, the current successor is replaced by the new object. Otherwise the new object is appended to the successor chain.

Returns

boolean
true on success, otherwise an exception is thrown.

Throws

Core\Exception\InvalidArgument
Class of provided object is not supported.

Since

3.0

Overrides

Core\Object::chain
public Core\Authentication_Token|false
# perform( Core\URI $methodURI, string $realm = null, string $message = null )

Performs an automated authentication step (e.g. HTTP Basic and Digest).

Performs an automated authentication step (e.g. HTTP Basic and Digest).

All authentication data is retrieved from the corresponding authentication method, which most likely involes user interaction.

Parameters

$methodURI
Authentication automation driver description.
$realm

Optional name of authentication realm. Depending on the authentication method, the realm is displayed to the user and set to a driver-dependent default if not provided.

$message

Optional message presented to the user if an authentication step has been cancelled or was interrupted.

Returns

Core\Authentication_Token|false
Authentication token for the specified user on success, otherwise false.

Since

3.0

Uses

static::verify()
public Core\Authentication_Token|false
# verify( array $credentials )

Verifies user credentials against the full chain of authentication drivers.

Verifies user credentials against the full chain of authentication drivers.

Parameters

$credentials

Associative array of user credentials to verify. Expects the following fields:

  • string user

    The username to verify.

  • string password

    The provided password or password hash to verify.

  • string domain

    The domain name to verify credentials for.

Returns

Core\Authentication_Token|false

Authentication token for the specified user on success, otherwise false. In case of a fatal back-end error, an exception may be thrown.

Throws

Core\Exception\Loader
Failed to load the Core\Hash module.

Since

3.0

Uses

Core\Hash

Methods inherited from Core\Set

__get(), __isset()

Methods inherited from Core\Object

__autocreateFactory(), __call(), __processParameters(), __toString(), attachMethod(), getValueForKey(), getValueForKeyPath(), getValueForUndefinedKey(), hash(), issetValueForKey(), setValueForKey(), setValueForKeyPath(), setValueForUndefinedKey(), uuid()

Constants summary

string AllowEmptyPasswordParameter

Configuration parameter name to control whether empty password are allowed. Defaults to true.

Configuration parameter name to control whether empty password are allowed. Defaults to true.

If disabled, authentication attempts using empty passwords will fail prior to invocation of the actual driver back-end.

Since

3.0
# 'allow-empty-password'
string AllowEmptyUsernameParameter

Configuration parameter name to control whether empty user names are allowed. Defaults to false.

Configuration parameter name to control whether empty user names are allowed. Defaults to false.

If disabled, authentication attempts using empty user names will fail prior to invocation of the actual driver back-end.

Since

3.0
# 'allow-empty-username'
string FieldSelectorParameter

Configuration parameter name of PCRE describing additionally available data fields. Defaults to null.

Configuration parameter name of PCRE describing additionally available data fields. Defaults to null.

Since

3.0
# 'field-selector'
string PasswordEncryptionParameter

Configuration parameter name of encoder URI string for passwords. Defaults to passthrough:. A decoder, if required by the back-end, is derived from the selected encoder.

Configuration parameter name of encoder URI string for passwords. Defaults to passthrough:. A decoder, if required by the back-end, is derived from the selected encoder.

Remark

Only supported by drivers that verify passwords by themselves (ie. do not let an external back-end perform the actual verification).


Since

3.0

See

Encoder::resolveDecoder()
# 'password-encryption'
integer Success

Verification status code for valid user credentials.

Verification status code for valid user credentials.

Since

3.0
# 0x0
integer InvalidCredentials

Verification status code for invalid user credentials. Usually indicates that the password used is invalid.

Verification status code for invalid user credentials. Usually indicates that the password used is invalid.

Since

3.0
# 0x1
integer UnknownIdentifier

Verification status code for an unknown user identifier. E.g. the user does not exist in the given domain.

Verification status code for an unknown user identifier. E.g. the user does not exist in the given domain.

Since

3.0
# 0x2
integer TemporaryFailure

Verification status code for a temporary back-end failure. E.g. an authentication server timeout.

Verification status code for a temporary back-end failure. E.g. an authentication server timeout.

Since

3.1
# 0x3

Constants inherited from Core\Object

AnyParameterType, AutochainParameterType, AutocreateParameterType, BooleanParameterType, CharParameterType, EnumParameterType, IntegerParameterType, RealParameterType, StringParameterType, UserParameterType

Properties summary

protected array $_v_parameters

Authentication configuration parameters.

Authentication configuration parameters.

Since

3.0
#
protected integer $_v_status

Status code of last user credentials verification. Drivers must set the status code after each performed verification.

Status code of last user credentials verification. Drivers must set the status code after each performed verification.

Remark

The default value is undefined. A status code is only valid for the last performed credentials verification.


Since

3.0
# -1
protected string $_v_statusMessage

Optional credentials verification status message. Drivers should set this to a corresponding error message with further information on the cause on authentication failures to pass-through back-end error messages. May also contain further details on success.

The value is initially set to null during each verification.

Optional credentials verification status message. Drivers should set this to a corresponding error message with further information on the cause on authentication failures to pass-through back-end error messages. May also contain further details on success.

The value is initially set to null during each verification.

Remark

The default value is null. A status message is only valid for the last performed credentials verification.

The status message contains the driver class name, followed by a colon and space, and the actual message contents. E.g. drivers usually use the following code fragment to set a status message:

$this->_v_statusMessage = __CLASS__ . ': ' . \rtrim($backendMessage, '.');

This enables front-ends to parse error messages and extrapolate driver class names. The backend message must not end in a dot.


Since

3.1
#
protected Core\Authentication $_v_successor

Subsequent (chained) authentication layer instance, if any.

Subsequent (chained) authentication layer instance, if any.

Since

3.0
#

Magic properties

public read-only array $parameters

Authentication configuration parameters.

public read-only integer $status

Status code of last user credentials verification. Only defined after first completed credentials verification. For authentication chains, the status code of the last invoked instance in the chain is propagated to all predecessors. In case of an error, chain execution is stopped preliminarily and the status code will reflect the code of the first failed authentication instance.

public read-only string $statusMessage

Status message of last user credentials verification. Defaults to null. For authentication chains, the status message of the last invoked instance in the chain is propagated to all predecessors. In case of an error, chain execution is stopped preliminarily and the status message will reflect the reason of the first failed authentication instance.

public read-only Core\Authentication $successor

Subsequent (chained) authentication driver instance, if any. Defaults to null.

Magic properties inherited from Core\Object

$hash, $uuid

xplo.re Medusa Core Framework 3.1 API documentation generated by ApiGen