Class WFAuthorizationManager


The WFAuthorizationManager helps the application manage user authentication, login, and access control.

By default, a web application has no login capabilities and thus all users are unprivileged.

WFAuthorizationManager works in conjuction with the bundled "login" module. The following is the public interface of the login module (via invocationPath redirects)

  • promptLogin/<continueURL:base64>
  • doLogout
  • notAuthorized
You can reliably link to the above listed invocationPaths from your application.

  • todo: Remember-me logins not yet implemented.
  • todo: captcha option
  • todo: Decouple the default WFAuthorizationInfo class from the manager; let applications define this so that if there's no one logged in at least they get back the correct instance type.
  • todo: Make VERSION accessible externally (maybe through Delegate interface?) so that applications can have phocoa invalidate/re-login automatically when session structures change.

Located in /framework/WFAuthorization.php (line 253)

Class Constant Summary
 ALLOW = 1
 DENY = 2
 SESSION_NAMESPACE = 'WFAuthorizationManager'
 VERSION = 1.0
Variable Summary
Method Summary
static object The sharedAuthorizationManager ()
WFAuthorizationManager __construct ()
void doLoginRedirect (string $continueURL)
void init ()
boolean login (string $username, string $password, [boolean $passIsToken = false])
mixed loginFailedMessage (string $username)
string loginMessage ()
void logout ()
string resetPassword (string $username)
void setDelegate (object An $d)
string usernameLabel ()
object WFAuthorizationDelegate $authorizationDelegate (line 275)
  • var: The delegate object for handling authorization-related things.
  • access: protected
object WFAuthorizationInfo $authorizationInfo (line 271)
  • var: The authorization info for the current session.
  • access: protected
static method sharedAuthorizationManager (line 323)

Get a reference to the shared WFAuthorizationManager object.

  • return: WFAuthorizationManager object.
  • access: public
static object The sharedAuthorizationManager ()
Constructor __construct (line 277)
WFAuthorizationManager __construct ()

Redefinition of:
authorizationInfo (line 337)

Get the current auth info.

  • return: The active WFAuthorizationInfo info.
object WFAuthorizationInfo authorizationInfo ()
defaultLoginContinueURL (line 446)

The URL to continue to if the user logs in but there is no "continue to url" set.

Will call the login delegate method to get info as well.

string defaultLoginContinueURL ()
defaultLogoutContinueURL (line 473)

The URL to continue to if the user logs out.

Will call the login delegate method.

If NULL, no redirect will be performed, and just a message saying "Logout successful" will be seen.

string defaultLogoutContinueURL ()
doLoginRedirect (line 409)

Cause the visitor to be re-directed to the login page.

OPTIONAL: "continueURL" support.

This will issue a 302 redirect and exit the current request execution.

void doLoginRedirect (string $continueURL)
  • string $continueURL: The URL of the page to go to after successful login. Note that this should be a PLAIN URL, but it WILL BE base64-encoded before being passed to the login module.
init (line 310)

Initialize the auth manager to the default state.

void init ()
login (line 373)

Attempt to authorize the user with the given name/password.

This will call the delegate's login function to authenticate and get the authorizationInfo.

boolean login (string $username, string $password, [boolean $passIsToken = false])
  • string $username: The username to use for the authentication.
  • string $password: The password to use for the authentication.
  • boolean $passIsToken: TRUE if the password is in "token" form; ie, not the clear-text password. Useful for remember-me logins or single-sign-on (SSO) setups.
loginFailedMessage (line 601)

The message to display to a use on unsuccessful login.

Will call the login delegate method.

  • return: string: The message to display on failed login. array of strings; Multiple messages to display (as list items). DEFAULT: string:"Login username or password is not valid."
  • see: WFAuthorizationDelegate::loginFailedMessage()
mixed loginFailedMessage (string $username)
  • string $username: The username that the attempted login was for.
loginInvocationPath (line 421)

Get the login modulePath to use.

  • return: The modulePath for the login module. The module at the given path must implement promptLogin/doLogout/notAuthorized
string loginInvocationPath ()
loginMessage (line 558)

The login help message that should be displayed above the login box.

Will call the login delegate method.

string loginMessage ()
logout (line 357)

Logout the current session.

void logout ()
resetPassword (line 655)

Reset the password for the given user.

Your delegate method should craft an email or such to that user with the new password info. If there is a problem (ie user doesn't exist) throw a WFException with an appropriate message to be displyed. If not, just send your email and that's it. The default implementation will show an appropriate confirmation message.

Alternatively, if you have more complicated reset password logic you want to implement, throw a WFRedirectRequestException.

Will call the login delegate method.

  • return: The message to show the user on successful password reset.
  • see: WFAuthorizationDelegate::resetPassword($username)
  • throws: object WFException If the password cannot be reset, throw a WFException with the message to be displayed as the string.
string resetPassword (string $username)
  • string $username: The username that the attempted login was for.
setDelegate (line 349)

Set the WFAuthorizationDelegate to use.

The WFWebApplication will usually do this for you.

void setDelegate (object An $d)
  • object An $d: object that implements WFAuthorizationDelegate.
shouldEnableForgottenPasswordReset (line 626)

Should a "forgot your password" link be shown?

Will call the login delegate method.

boolean shouldEnableForgottenPasswordReset ()
shouldEnableRememberMe (line 515)

Should the login interface have a "remember me" checkbox?

Will call the login delegate method.

boolean shouldEnableRememberMe ()
shouldRememberMeByDefault (line 537)

If "remember me" is enabled with shouldEnableRememberMe, should "remember me" be checked by default?

Will call the login delegate method.

boolean shouldRememberMeByDefault ()
shouldShowLogoutConfirmation (line 494)

Should there be an interstitial "You have logged out successfully, click here to continue", or should logout immediately redirect to defaultLogoutContinueURL()?

Will call login delegate.

boolean shouldShowLogoutConfirmation ()
usernameLabel (line 579)

The label to use for the "username" field.

Will call the login delegate method.

string usernameLabel ()

Inherited Methods

Inherited From WFObject

Class Constants
ALLOW = 1 (line 265)
DENY = 2 (line 266)
RECENT_LOGIN_SECS = 900 (line 263)
SESSION_KEY_AUTHORIZATION_INFO = 'authorizationInfo' (line 259)
SESSION_KEY_LOGGED_IN = 'isLoggedIn' (line 258)
SESSION_KEY_RECENT_LOGIN_TIME = 'recentLoginTime' (line 260)
SESSION_KEY_VERSION = 'version' (line 257)
SESSION_NAMESPACE = 'WFAuthorizationManager' (line 255)
VERSION = 1.0 (line 262)

Documentation generated on Thu, 14 May 2009 16:19:46 -0400 by phpDocumentor 1.4.2