|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
declare(strict_types=1); |
|
4
|
|
|
|
|
5
|
|
|
namespace Jasny\Auth\Authz; |
|
6
|
|
|
|
|
7
|
|
|
use Jasny\Auth\AuthException; |
|
8
|
|
|
use Jasny\Auth\AuthzInterface as Authz; |
|
9
|
|
|
use Jasny\Auth\ContextInterface as Context; |
|
10
|
|
|
use Jasny\Auth\User\PartiallyLoggedIn; |
|
11
|
|
|
use Jasny\Auth\UserInterface as User; |
|
12
|
|
|
use Jasny\Immutable; |
|
13
|
|
|
|
|
14
|
|
|
/** |
|
15
|
|
|
* Trait for keeping state (user and context) in authz service. |
|
16
|
|
|
*/ |
|
17
|
|
|
trait StateTrait |
|
18
|
|
|
{ |
|
19
|
|
|
use Immutable\With; |
|
20
|
|
|
|
|
21
|
|
|
/** |
|
22
|
|
|
* Current authenticated user |
|
23
|
|
|
*/ |
|
24
|
|
|
protected ?User $user = null; |
|
25
|
|
|
|
|
26
|
|
|
/** |
|
27
|
|
|
* The authorization context. This could be an organization, where a user has specific roles per organization |
|
28
|
|
|
* rather than roles globally. |
|
29
|
|
|
*/ |
|
30
|
|
|
protected ?Context $context = null; |
|
31
|
|
|
|
|
32
|
|
|
/** |
|
33
|
|
|
* Get a copy of the service for the given user. |
|
34
|
|
|
* |
|
35
|
|
|
* @param User|null $user |
|
36
|
|
|
* @return static&Authz |
|
37
|
|
|
*/ |
|
38
|
26 |
|
public function forUser(?User $user): Authz |
|
39
|
|
|
{ |
|
40
|
26 |
|
return $this->withProperty('user', $user); |
|
41
|
|
|
} |
|
42
|
|
|
|
|
43
|
|
|
/** |
|
44
|
|
|
* Get a copy of the service for the given context. |
|
45
|
|
|
* Returns $this if authz hasn't changed. |
|
46
|
|
|
* |
|
47
|
|
|
* @param Context|null $context |
|
48
|
|
|
* @return static&Authz |
|
49
|
|
|
*/ |
|
50
|
2 |
|
public function inContextOf(?Context $context): Authz |
|
51
|
|
|
{ |
|
52
|
2 |
|
return $this->withProperty('context', $context); |
|
53
|
|
|
} |
|
54
|
|
|
|
|
55
|
|
|
/** |
|
56
|
|
|
* Alias of `inContextOf(null)`. |
|
57
|
|
|
* |
|
58
|
|
|
* @return static&Authz |
|
59
|
|
|
*/ |
|
60
|
1 |
|
final public function outOfContext(): Authz |
|
61
|
|
|
{ |
|
62
|
1 |
|
return $this->inContextOf(null); |
|
63
|
|
|
} |
|
64
|
|
|
|
|
65
|
|
|
/** |
|
66
|
|
|
* Get current authenticated user. |
|
67
|
|
|
* |
|
68
|
|
|
* @throws AuthException if no user is logged in. |
|
69
|
|
|
*/ |
|
70
|
3 |
|
final public function user(): User |
|
71
|
|
|
{ |
|
72
|
3 |
|
if ($this->user === null) { |
|
73
|
1 |
|
throw new AuthException("The user is not logged in"); |
|
74
|
|
|
} |
|
75
|
|
|
|
|
76
|
2 |
|
return $this->user; |
|
77
|
|
|
} |
|
78
|
|
|
|
|
79
|
|
|
/** |
|
80
|
|
|
* Get the current context. |
|
81
|
|
|
*/ |
|
82
|
2 |
|
final public function context(): ?Context |
|
83
|
|
|
{ |
|
84
|
2 |
|
return $this->context; |
|
85
|
|
|
} |
|
86
|
|
|
|
|
87
|
|
|
/** |
|
88
|
|
|
* Check if the current user is logged in. |
|
89
|
|
|
*/ |
|
90
|
3 |
|
public function isLoggedIn(): bool |
|
91
|
|
|
{ |
|
92
|
3 |
|
return $this->user !== null && !$this->isPartiallyLoggedIn(); |
|
93
|
|
|
} |
|
94
|
|
|
|
|
95
|
|
|
/** |
|
96
|
|
|
* Check if the current user is partially logged in. |
|
97
|
|
|
* Typically this means MFA verification is required. |
|
98
|
|
|
*/ |
|
99
|
3 |
|
public function isPartiallyLoggedIn(): bool |
|
100
|
|
|
{ |
|
101
|
3 |
|
return $this->user instanceof PartiallyLoggedIn; |
|
102
|
|
|
} |
|
103
|
|
|
|
|
104
|
|
|
/** |
|
105
|
|
|
* Check if current user is not logged in or partially logged in. |
|
106
|
|
|
*/ |
|
107
|
3 |
|
public function isLoggedOut(): bool |
|
108
|
|
|
{ |
|
109
|
3 |
|
return $this->user === null; |
|
110
|
|
|
} |
|
111
|
|
|
} |
|
112
|
|
|
|
jasny /
auth
