Merge pull request #10 from RhubarbPHP/feature/ProtectedUrls

Protected urls

Author: NiallSmyth

CHANGELOG.md

@@ -1,6 +1,11 @@
 # Change Log
 
-### 1.0.x
+### 1.1.x
+
+### 1.1.0
+
+* Changed:      Model initialisation to allow easily overriding the model class
+* Added:        Support for multiple URLs protected by different LoginProviders
 
 ### 1.0.2
 
@@ -19,4 +24,4 @@
 
 ### 1.0.0
 
-* Changed:        Changes for 1.0.0 of Leaf
+* Changed:      Changes for 1.0.0 of Leaf

src/AuthenticationModule.php

@@ -18,78 +18,87 @@
 
 namespace Rhubarb\Scaffolds\Authentication;
 
-use Rhubarb\Crown\LoginProviders\LoginProvider;
 use Rhubarb\Crown\LoginProviders\UrlHandlers\ValidateLoginUrlHandler;
 use Rhubarb\Crown\Module;
-use Rhubarb\Crown\UrlHandlers\ClassMappedUrlHandler;
 use Rhubarb\Leaf\UrlHandlers\LeafCollectionUrlHandler;
+use Rhubarb\Scaffolds\Authentication\Settings\ProtectedUrl;
+use Rhubarb\Scaffolds\Authentication\UrlHandlers\CallableUrlHandler;
 use Rhubarb\Stem\Schema\SolutionSchema;
 use Rhubarb\Stem\StemModule;
 
 class AuthenticationModule extends Module
 {
-    protected $urlToProtect;
-    protected $loginUrl;
-
     /**
      * Creates an instance of the Authentication module.
      *
      * @param null $loginProviderClassName
      * @param string $urlToProtect Optional. The URL stub to protect by requiring a login. Defaults to
      *                                  the entire URL tree.
      * @param string $loginUrl The URL to redirect the user to for logging in
-     * @param string $identityColumnName The name of the column in the user table storing the login identity.
+     * @internal param string $identityColumnName The name of the column in the user table storing the login identity.
      */
-    public function __construct($loginProviderClassName = null, $urlToProtect = "/", $loginUrl = "/login/")
+    public function __construct($loginProviderClassName = null, $urlToProtect = '/', $loginUrl = '/login/')
     {
         parent::__construct();
 
-        $this->urlToProtect = $urlToProtect;
-        $this->loginUrl = $loginUrl;
-
-        if ($loginProviderClassName != null) {
-            LoginProvider::setProviderClassName($loginProviderClassName);
+        if ($loginProviderClassName !== null) {
+            $this->registerProtectedUrl(new ProtectedUrl(
+                $urlToProtect,
+                $loginProviderClassName,
+                $loginUrl
+            ));
         }
     }
 
+    public function registerProtectedUrl(ProtectedUrl $urlToProtect)
+    {
+        $this->protectedUrls[] = $urlToProtect;
+    }
+
+    /** @var ProtectedUrl[] */
+    private $protectedUrls = [];
+
     public function initialise()
     {
-        SolutionSchema::registerSchema("Authentication", __NAMESPACE__ . '\DatabaseSchema');
+        SolutionSchema::registerSchema('Authentication', DatabaseSchema::class);
     }
 
     protected function registerUrlHandlers()
     {
-        $reset = new LeafCollectionUrlHandler(
-            __NAMESPACE__ . '\Leaves\ResetPassword',
-            __NAMESPACE__ . '\Leaves\ConfirmResetPassword');
-
-        $login = new ClassMappedUrlHandler(__NAMESPACE__ . '\Leaves\Login', [
-            "reset/" => $reset
-        ]);
-
-        $login->setName("login");
-
-        $validateLoginUrlHandler = new ValidateLoginUrlHandler(LoginProvider::getProvider(), $this->loginUrl);
-
-        $this->addUrlHandlers(
-            [
-                $this->loginUrl => $login,
-                $this->urlToProtect => $validateLoginUrlHandler
+        foreach ($this->protectedUrls as $url) {
+
+            $provider = $url->loginProviderClassName;
+
+            $this->addUrlHandlers([
+                $url->loginUrl => $login = new CallableUrlHandler(function () use ($url) {
+                    $className = $url->loginLeafClassName;
+                    return new $className($url->loginProviderClassName);
+                }, [
+                    $url->resetChildUrl => $reset = new LeafCollectionUrlHandler(
+                        $url->resetPasswordLeafClassName,
+                        $url->confirmResetPasswordLeafClassName
+                    ),
+                    $url->logoutChildUrl => $logout = new CallableUrlHandler(function () use ($url) {
+                        $className = $url->logoutLeafClassName;
+                        return new $className($url->loginProviderClassName);
+                    }),
+                ]),
+                $url->urlToProtect => $protected =
+                    new ValidateLoginUrlHandler($provider::singleton(), $url->loginUrl),
             ]);
 
-        $logout = new ClassMappedUrlHandler(__NAMESPACE__ . '\Leaves\Logout');
+            // Make sure that the login url handlers are given greater precedence than those of the application.
+            $login->setPriority(10);
+            $login->setName('login');
 
-        $logout->setName("logout");
+            $logout->setPriority(10);
+            $logout->setName('logout');
 
-        $this->addUrlHandlers(
-            [
-                "/logout/" => $logout
-            ]);
+            $reset->setPriority(10);
+            $reset->setName('reset');
 
-        // Make sure that the login url handlers are given greater precedence than those of the application.
-        $login->setPriority(10);
-        //$reset->setPriority(10);
-        $validateLoginUrlHandler->setPriority(10);
+            $protected->setPriority(10);
+        }
     }
 
     /**

src/DatabaseSchema.php

@@ -26,6 +26,6 @@ public function __construct($version = 0.1)
     {
         parent::__construct($version);
 
-        $this->addModel("User", "Rhubarb\Scaffolds\Authentication\User");
+        $this->addModel('User', User::class);
     }
-}
+}

src/Leaves/Login.php

@@ -22,24 +22,23 @@
 use Rhubarb\Crown\LoginProviders\Exceptions\LoginDisabledException;
 use Rhubarb\Crown\LoginProviders\Exceptions\LoginFailedException;
 use Rhubarb\Crown\LoginProviders\LoginProvider;
+use Rhubarb\Crown\Request\Request;
 use Rhubarb\Crown\Request\WebRequest;
 use Rhubarb\Crown\Response\RedirectResponse;
 use Rhubarb\Leaf\Leaves\Leaf;
-use Rhubarb\Leaf\Leaves\LeafModel;
 use Rhubarb\Scaffolds\Authentication\Settings\AuthenticationSettings;
 
 class Login extends Leaf
 {
-    private $loginProviderClassName = "";
+    protected $loginProviderClassName = "";
 
     /**
      * @var LoginModel
      */
     protected $model;
 
     /**
-     * @param null $loginProviderClassName If not supplied, the default login provider will be used.
-     * @param string $identityColumnName
+     * @param string $loginProviderClassName If not supplied, the default login provider will be used.
      */
     public function __construct($loginProviderClassName = null)
     {
@@ -60,7 +59,7 @@ private function getLoginProvider()
     {
         $provider = $this->loginProviderClassName;
 
-        if ($provider == ""){
+        if ($provider == "") {
             return LoginProvider::getProvider();
         }
 
@@ -85,24 +84,6 @@ protected function getDefaultSuccessUrl()
         return "/";
     }
 
-    /**
-     * Called just before the view is rendered.
-     *
-     * Guaranteed to only be called once during a normal page execution.
-     */
-    protected function beforeRenderView()
-    {
-        $login = $this->getLoginProvider();
-
-        if (isset($_GET["logout"])) {
-            $login->logOut();
-        }
-
-        if ( $login->isLoggedIn() ){
-            $this->onSuccess();
-        }
-    }
-
     protected function parseRequest(WebRequest $request)
     {
         $login = $this->getLoginProvider();
@@ -132,39 +113,52 @@ protected function getViewClass()
     /**
      * Should return a class that derives from LeafModel
      *
-     * @return LeafModel
+     * @return LoginModel
      */
     protected function createModel()
     {
-        $model = new LoginModel();
+        return new LoginModel();
+    }
 
-        if (isset($_GET["rd"])) {
-            $model->redirectUrl = $_GET["rd"];
+    protected function onModelCreated()
+    {
+        /** @var WebRequest $request */
+        $request = Request::current();
+        $redirectUrl = $request->get('rd');
+        if ($redirectUrl) {
+            $redirectUrl = urldecode($redirectUrl);
+            $this->model->redirectUrl = $redirectUrl;
         }
 
-        $model->attemptLoginEvent->attachHandler(
-            function () {
-                $login = $this->getLoginProvider();
-
-                try {
-                    if ($login->login($this->model->username, $this->model->password)) {
+        $this->model->attemptLoginEvent->attachHandler(function () {
+            $login = $this->getLoginProvider();
 
-                        if ($this->model->rememberMe) {
-                            $login = $this->getLoginProvider();
-                            $login->rememberLogin();
-                        }
+            try {
+                if ($login->login($this->model->username, $this->model->password)) {
 
-                        $this->onSuccess();
+                    if ($this->model->rememberMe) {
+                        $login = $this->getLoginProvider();
+                        $login->rememberLogin();
                     }
-                } catch (LoginDisabledException $er) {
-                    $this->model->disabled = true;
-                    $this->model->failed = true;
-                } catch (LoginFailedException $er) {
-                    $this->model->failed = true;
+
+                    $this->onSuccess();
                 }
+            } catch (LoginDisabledException $er) {
+                $this->model->disabled = true;
+                $this->model->failed = true;
+            } catch (LoginFailedException $er) {
+                $this->model->failed = true;
             }
-        );
+        });
+    }
 
-        return $model;
+    /**
+     * Allows setting the URL for the forgotten password link on the login form
+     *
+     * @param $url
+     */
+    public function setPasswordResetUrl($url)
+    {
+        $this->model->passwordResetUrl = $url;
     }
 }

src/Leaves/LoginModel.php

@@ -47,18 +47,19 @@ class LoginModel extends LeafModel
      */
     public $attemptLoginEvent;
 
+    public $passwordResetUrl = '/login/reset/';
+
     public function __construct()
     {
         parent::__construct();
 
         $this->attemptLoginEvent = new Event();
     }
 
-
     protected function getExposableModelProperties()
     {
         $list = parent::getExposableModelProperties();
-        $list[] = "RedirectUrl";
+        $list[] = 'redirectUrl';
 
         return $list;
     }

src/Leaves/LoginView.php

@@ -50,7 +50,7 @@ public function createSubLeaves()
     public function printViewContent()
     {
         if ($this->model->failed) {
-            print "<div class='c-alert c-alert--error'>Sorry, this username and password combination could not be found, please check and try again.</div>";
+            print '<div class="c-alert c-alert--error">Sorry, this username and password combination could not be found, please check and try again.</div>';
         }
 
         ?>
@@ -66,10 +66,10 @@ public function printViewContent()
 
             <div class="c-form__actions">
             <div class="c-form__actions-remember">
-                <label class="c-form__label c-form__label--checkbox"><?= $this->leaves["rememberMe"] . " Remember Me"; ?></label>
+                <label class="c-form__label c-form__label--checkbox"><?= $this->leaves["rememberMe"]; ?> Remember Me</label>
             </div>
             <div class="c-form__actions-forgot">
-                <a href="/login/reset/">I've forgotten my password.</a>
+                <a href="<?= $this->model->passwordResetUrl; ?>">I've forgotten my password.</a>
             </div>
             </div>
 

src/Leaves/Logout.php

@@ -18,7 +18,6 @@
 
 namespace Rhubarb\Scaffolds\Authentication\Leaves;
 
-use Rhubarb\Crown\LoginProviders\LoginProvider;
 use Rhubarb\Crown\Request\WebRequest;
 use Rhubarb\Leaf\Leaves\Leaf;
 use Rhubarb\Leaf\Leaves\LeafModel;
@@ -28,8 +27,8 @@ class Logout extends Leaf
     private $loginProviderClassName = "";
 
     /**
-    * @var LogoutModel
-    */
+     * @var LogoutModel
+     */
     protected $model;
 
     /**
@@ -59,7 +58,7 @@ protected function getViewClass()
      */
     protected function createModel()
     {
-        $model = new LogoutModel();
+        $model = new LeafModel();
 
         return $model;
     }
@@ -69,7 +68,7 @@ protected function parseRequest(WebRequest $request)
         $login = $this->getLoginProvider();
         $login->logOut();
 
-        return parent::parseRequest($request); // TODO: Change the autogenerated stub
+        return parent::parseRequest($request);
     }
 
     /**
@@ -81,10 +80,6 @@ private function getLoginProvider()
     {
         $provider = $this->loginProviderClassName;
 
-        if ($provider == "") {
-            return LoginProvider::getProvider();
-        }
-
         return $provider::singleton();
     }
 }