auth.php 4.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201
  1. <?php namespace Laravel\Security;
  2. use Laravel\IoC;
  3. use Laravel\Str;
  4. use Laravel\Config;
  5. use Laravel\Cookie;
  6. use Laravel\Session;
  7. class Auth {
  8. /**
  9. * The current user of the application.
  10. *
  11. * @var object
  12. */
  13. protected static $user;
  14. /**
  15. * The key used when storing the user ID in the session.
  16. *
  17. * @var string
  18. */
  19. const user_key = 'laravel_user_id';
  20. /**
  21. * The key used when setting the "remember me" cookie.
  22. *
  23. * @var string
  24. */
  25. const remember_key = 'laravel_remember';
  26. /**
  27. * Determine if the user of the application is not logged in.
  28. *
  29. * This method is the inverse of the "check" method.
  30. *
  31. * @return bool
  32. */
  33. public static function guest()
  34. {
  35. return ! static::check();
  36. }
  37. /**
  38. * Determine if the user of the application is logged in.
  39. *
  40. * @return bool
  41. */
  42. public static function check()
  43. {
  44. return ! is_null(static::user());
  45. }
  46. /**
  47. * Get the current user of the application.
  48. *
  49. * This method will call the "user" closure in the auth configuration file.
  50. * If the user is not authenticated, null will be returned by the methd.
  51. *
  52. * If no user exists in the session, the method will check for a "remember me"
  53. * cookie and attempt to login the user based on the value of that cookie.
  54. *
  55. * <code>
  56. * // Get the current user of the application
  57. * $user = Auth::user();
  58. *
  59. * // Access a property on the current user of the application
  60. * $email = Auth::user()->email;
  61. * </code>
  62. *
  63. * @return object
  64. */
  65. public static function user()
  66. {
  67. if ( ! is_null(static::$user)) return static::$user;
  68. $id = IoC::core('session')->get(Auth::user_key);
  69. static::$user = call_user_func(Config::get('auth.user'), $id);
  70. if (is_null(static::$user) and ! is_null($cookie = Cookie::get(Auth::remember_key)))
  71. {
  72. static::$user = static::recall($cookie);
  73. }
  74. return static::$user;
  75. }
  76. /**
  77. * Attempt to login a user based on a long-lived "remember me" cookie.
  78. *
  79. * We should be able to trust the cookie is valid, since all cookies
  80. * set by Laravel include a fingerprint hash to ensure the cookie
  81. * value is not changed on the client.
  82. *
  83. * @param string $cookie
  84. * @return mixed
  85. */
  86. protected static function recall($cookie)
  87. {
  88. $cookie = explode('|', Crypter::decrypt($cookie));
  89. if ( ! is_null($user = call_user_func(Config::get('auth.user'), $cookie[0])))
  90. {
  91. static::login($user);
  92. return $user;
  93. }
  94. }
  95. /**
  96. * Attempt to log a user into the application.
  97. *
  98. * If the credentials are valid, the user will be logged into the application
  99. * and their user ID will be stored in the session via the "login" method.
  100. *
  101. * The user may also be "remembered", which will keep the user logged into the
  102. * application for one year or until they logout. The user is remembered via
  103. * an encrypted cookie.
  104. *
  105. * @param string $username
  106. * @param string $password
  107. * @param bool $remember
  108. * @return bool
  109. */
  110. public static function attempt($username, $password = null, $remember = false)
  111. {
  112. $config = Config::get('auth');
  113. $user = call_user_func($config['attempt'], $username, $password, $config);
  114. if ( ! is_null($user))
  115. {
  116. static::login($user, $remember);
  117. return true;
  118. }
  119. return false;
  120. }
  121. /**
  122. * Log a user into the application.
  123. *
  124. * @param object $user
  125. * @param bool $remember
  126. * @return void
  127. */
  128. public static function login($user, $remember = false)
  129. {
  130. static::$user = $user;
  131. if ($remember) static::remember($user->id);
  132. IoC::core('session')->put(Auth::user_key, $user->id);
  133. }
  134. /**
  135. * Set a cookie so that users are "remembered" and don't need to login.
  136. *
  137. * @param string $id
  138. * @return void
  139. */
  140. protected static function remember($id)
  141. {
  142. $cookie = Crypter::encrypt($id.'|'.Str::random(40));
  143. // This method assumes the "remember me" cookie should have the same
  144. // configuration as the session cookie. Since this cookie, like the
  145. // session cookie, should be kept very secure, it's probably safe
  146. // to assume the settings are the same.
  147. $config = Config::get('session');
  148. extract($config, EXTR_SKIP);
  149. Cookie::forever(Auth::remember_key, $cookie, $path, $domain, $secure);
  150. }
  151. /**
  152. * Log the current user out of the application.
  153. *
  154. * The "logout" closure in the authenciation configuration file will be
  155. * called. All authentication cookies will be deleted and the user ID
  156. * will be removed from the session.
  157. *
  158. * @return void
  159. */
  160. public static function logout()
  161. {
  162. call_user_func(Config::get('auth.logout'), static::user());
  163. static::$user = null;
  164. Cookie::forget(Auth::user_key);
  165. Cookie::forget(Auth::remember_key);
  166. IoC::core('session')->forget(Auth::user_key);
  167. }
  168. }