From c10664961229dcf12a95bd5e4b0f6e6d39495188 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Wed, 11 Jan 2012 08:12:19 +0100 Subject: [PATCH 01/36] User: bool parameters replaced with bit masks --- src/Security/User.php | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/src/Security/User.php b/src/Security/User.php index e96209de..961c8439 100644 --- a/src/Security/User.php +++ b/src/Security/User.php @@ -29,7 +29,8 @@ class User extends Nette\Object /** @deprecated */ const MANUAL = IUserStorage::MANUAL, INACTIVITY = IUserStorage::INACTIVITY, - BROWSER_CLOSED = IUserStorage::BROWSER_CLOSED; + BROWSER_CLOSED = IUserStorage::BROWSER_CLOSED, + CLEAR_IDENTITY = IUserStorage::CLEAR_IDENTITY; /** @var string default role for unauthenticated user */ public $guestRole = 'guest'; @@ -82,7 +83,7 @@ public function getStorage() */ public function login($id = NULL, $password = NULL) { - $this->logout(TRUE); + $this->logout(IUserStorage::CLEAR_IDENTITY); if (!$id instanceof IIdentity) { $id = $this->getAuthenticator()->authenticate(func_get_args()); } @@ -94,16 +95,16 @@ public function login($id = NULL, $password = NULL) /** * Logs out the user from the current session. - * @param bool clear the identity from persistent storage? + * @param int clear the identity from persistent storage? * @return void */ - public function logout($clearIdentity = FALSE) + public function logout($flags = NULL) { if ($this->isLoggedIn()) { $this->onLoggedOut($this); $this->storage->setAuthenticated(FALSE); } - if ($clearIdentity) { + if ($flags === TRUE || ($flags & IUserStorage::CLEAR_IDENTITY)) { $this->storage->setIdentity(NULL); } } @@ -167,13 +168,13 @@ public function getAuthenticator($need = TRUE) /** * Enables log out after inactivity. * @param string|int|DateTime number of seconds or timestamp - * @param bool log out when the browser is closed? - * @param bool clear the identity from persistent storage? + * @param int log out when the browser is closed? | clear the identity from persistent storage? * @return self */ - public function setExpiration($time, $whenBrowserIsClosed = TRUE, $clearIdentity = FALSE) + public function setExpiration($time, $flags = IUserStorage::BROWSER_CLOSED, $clearIdentity = FALSE) { - $flags = ($whenBrowserIsClosed ? IUserStorage::BROWSER_CLOSED : 0) | ($clearIdentity ? IUserStorage::CLEAR_IDENTITY : 0); + $flags = ($flags === TRUE ? IUserStorage::BROWSER_CLOSED : $flags) // back compatibility + | ($clearIdentity ? IUserStorage::CLEAR_IDENTITY : 0); $this->storage->setExpiration($time, $flags); return $this; } From 7c8500b9b92783685ef10e57ff3c49c076255e18 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Mon, 9 Feb 2015 15:44:21 +0100 Subject: [PATCH 02/36] UserPanel: used vector icon --- src/Bridges/SecurityTracy/templates/UserPanel.tab.phtml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/Bridges/SecurityTracy/templates/UserPanel.tab.phtml b/src/Bridges/SecurityTracy/templates/UserPanel.tab.phtml index 38a461a1..cbf9afc3 100644 --- a/src/Bridges/SecurityTracy/templates/UserPanel.tab.phtml +++ b/src/Bridges/SecurityTracy/templates/UserPanel.tab.phtml @@ -5,8 +5,6 @@ namespace Nette\Bridges\SecurityTracy; use Nette; ?> -isLoggedIn()): ?> -  - -  - + + + From a4ce91375ccc9bbb3f27a384f9f747273011e443 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Tue, 24 Feb 2015 21:37:24 +0100 Subject: [PATCH 03/36] opened 2.4-dev --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 993cb4d3..8d0b4c94 100644 --- a/composer.json +++ b/composer.json @@ -31,7 +31,7 @@ "minimum-stability": "dev", "extra": { "branch-alias": { - "dev-master": "2.3-dev" + "dev-master": "2.4-dev" } } } From 5a1abfe2f4af470f4d7ff738caac41df0627c808 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Mon, 16 Mar 2015 14:30:51 +0100 Subject: [PATCH 04/36] typo --- src/Security/IUserStorage.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Security/IUserStorage.php b/src/Security/IUserStorage.php index f1ed7cbc..62c9dec0 100644 --- a/src/Security/IUserStorage.php +++ b/src/Security/IUserStorage.php @@ -46,7 +46,7 @@ function setIdentity(IIdentity $identity = NULL); /** * Returns current user identity, if any. - * @return Nette\Security\IIdentity|NULL + * @return IIdentity|NULL */ function getIdentity(); From d42efcfa73dae0509f4b32e77ecbde298e141a72 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Kar=C3=A1sek?= Date: Sat, 28 Feb 2015 20:33:31 +0100 Subject: [PATCH 05/36] readme.md: md5() replaced with Nette\Security\Passwords::verify() --- readme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/readme.md b/readme.md index 29a17251..42db1523 100644 --- a/readme.md +++ b/readme.md @@ -120,7 +120,7 @@ class MyAuthenticator extends Nette\Object implements NS\IAuthenticator throw new NS\AuthenticationException('User not found.'); } - if ($row->password !== md5($password)) { + if (!NS\Passwords::verify($password, $row->password)) { throw new NS\AuthenticationException('Invalid password.'); } @@ -129,7 +129,7 @@ class MyAuthenticator extends Nette\Object implements NS\IAuthenticator } ``` -Class `MyAuthenticator` communicates with the database using [Nette\Database |database] layer and works with table `users`, where it grabs `username` and md5 hash of `password` in the appropriate columns. If the password check is successful, it returns new identity with user ID and role, which we will mention [later | #roles]; +Class `MyAuthenticator` communicates with the database using [Nette\Database |database] layer and works with table `users`, where it grabs `username` and hash of `password` in the appropriate columns. If the password check is successful, it returns new identity with user ID and role, which we will mention [later | #roles]; This authenticator would be configured in the `config.neon` file like this: From 2f5fe96f4dd8aef8397d0b61dd94ca40847c596f Mon Sep 17 00:00:00 2001 From: David Grudl Date: Fri, 27 Mar 2015 18:26:06 +0100 Subject: [PATCH 06/36] travis: added PHP 7.0 --- .travis.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.travis.yml b/.travis.yml index d67b6911..42f64863 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,10 +4,12 @@ php: - 5.4 - 5.5 - 5.6 + - 7.0 - hhvm matrix: allow_failures: + - php: 7.0 - php: hhvm script: From fad5403e828e38683cb1ab65c234b6b99a04d554 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Wed, 1 Apr 2015 19:22:24 +0200 Subject: [PATCH 07/36] composer: removed --dev --- .travis.yml | 2 +- tests/bootstrap.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 42f64863..e686d783 100644 --- a/.travis.yml +++ b/.travis.yml @@ -22,5 +22,5 @@ after_failure: before_script: # Install Nette Tester & Code Checker - - composer install --no-interaction --dev --prefer-source + - composer install --no-interaction --prefer-source - composer create-project nette/code-checker code-checker ~2.3 --no-interaction --prefer-source diff --git a/tests/bootstrap.php b/tests/bootstrap.php index 85f7726f..e333db3d 100644 --- a/tests/bootstrap.php +++ b/tests/bootstrap.php @@ -4,7 +4,7 @@ // invoked through the command: ../vendor/bin/tester . if (@!include __DIR__ . '/../vendor/autoload.php') { - echo 'Install Nette Tester using `composer update --dev`'; + echo 'Install Nette Tester using `composer install`'; exit(1); } From e5651647bae9a1e87c71c561b040f0697da5b478 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Wed, 20 May 2015 16:59:27 +0200 Subject: [PATCH 08/36] requires PHP 5.4.4 --- .travis.yml | 1 - composer.json | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index e686d783..1945e577 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,6 +1,5 @@ language: php php: - - 5.3.3 - 5.4 - 5.5 - 5.6 diff --git a/composer.json b/composer.json index 8d0b4c94..8590dfc5 100644 --- a/composer.json +++ b/composer.json @@ -14,7 +14,7 @@ } ], "require": { - "php": ">=5.3.1", + "php": ">=5.4.4", "nette/utils": "~2.2" }, "require-dev": { From e4b93276a1e96adb774e62494dcddfd803b3549e Mon Sep 17 00:00:00 2001 From: David Grudl Date: Wed, 20 May 2015 16:59:27 +0200 Subject: [PATCH 09/36] used PHP 5.4 syntax --- .travis.yml | 4 +- src/Bridges/SecurityDI/SecurityExtension.php | 26 +++--- .../templates/UserPanel.panel.phtml | 2 +- .../templates/UserPanel.tab.phtml | 4 +- src/Security/Permission.php | 86 +++++++++---------- src/Security/SimpleAuthenticator.php | 2 +- src/Security/User.php | 4 +- .../SecurityExtension.authenticator.phpt | 18 ++-- tests/Security.DI/SecurityExtension.user.phpt | 2 +- tests/Security/Identity.phpt | 8 +- tests/Security/Passwords.hash().phpt | 8 +- tests/Security/Passwords.needsRehash().phpt | 2 +- tests/Security/Permission.CMSExample.phpt | 10 +-- tests/Security/Permission.Privileges.phpt | 4 +- .../Security/Permission.ResourceInherits.phpt | 2 +- ...DefaultAllowRuleWithPrivilegeDenyRule.phpt | 2 +- ...eDefaultAllowRuleWithResourceDenyRule.phpt | 2 +- tests/Security/Permission.RolePrivileges.phpt | 4 +- .../Permission.RoleRegistryInherits.phpt | 10 +-- ...rmission.RoleRegistryInheritsMultiple.phpt | 8 +- tests/Security/Permission.RulesRemove.phpt | 2 +- tests/Security/SimpleAuthenticator.Roles.phpt | 22 ++--- tests/Security/SimpleAuthenticator.phpt | 12 +-- tests/Security/User.authentication.phpt | 6 +- tests/Security/User.authorization.phpt | 8 +- 25 files changed, 129 insertions(+), 129 deletions(-) diff --git a/.travis.yml b/.travis.yml index 1945e577..2cc77a11 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,7 +13,7 @@ matrix: script: - vendor/bin/tester tests -s -p php - - php code-checker/src/code-checker.php + - php temp/code-checker/src/code-checker.php --short-arrays after_failure: # Print *.actual content @@ -22,4 +22,4 @@ after_failure: before_script: # Install Nette Tester & Code Checker - composer install --no-interaction --prefer-source - - composer create-project nette/code-checker code-checker ~2.3 --no-interaction --prefer-source + - composer create-project nette/code-checker temp/code-checker ~2.5 --no-interaction --prefer-source diff --git a/src/Bridges/SecurityDI/SecurityExtension.php b/src/Bridges/SecurityDI/SecurityExtension.php index 82c6713d..e70d4a36 100644 --- a/src/Bridges/SecurityDI/SecurityExtension.php +++ b/src/Bridges/SecurityDI/SecurityExtension.php @@ -17,12 +17,12 @@ */ class SecurityExtension extends Nette\DI\CompilerExtension { - public $defaults = array( + public $defaults = [ 'debugger' => TRUE, - 'users' => array(), // of [user => password] or [user => ['password' => password, 'roles' => [role]]] - 'roles' => array(), // of [role => parents] - 'resources' => array(), // of [resource => parents] - ); + 'users' => [], // of [user => password] or [user => ['password' => password, 'roles' => [role]]] + 'roles' => [], // of [role => parents] + 'resources' => [], // of [resource => parents] + ]; /** @var bool */ private $debugMode; @@ -47,23 +47,23 @@ public function loadConfiguration() ->setClass('Nette\Security\User'); if ($this->debugMode && $config['debugger']) { - $user->addSetup('@Tracy\Bar::addPanel', array( + $user->addSetup('@Tracy\Bar::addPanel', [ new Nette\DI\Statement('Nette\Bridges\SecurityTracy\UserPanel') - )); + ]); } if ($config['users']) { - $usersList = $usersRoles = array(); + $usersList = $usersRoles = []; foreach ($config['users'] as $username => $data) { - $data = is_array($data) ? $data : array('password' => $data); - $this->validateConfig(array('password' => NULL, 'roles' => NULL), $data, $this->prefix("security.users.$username")); + $data = is_array($data) ? $data : ['password' => $data]; + $this->validateConfig(['password' => NULL, 'roles' => NULL], $data, $this->prefix("security.users.$username")); $usersList[$username] = $data['password']; $usersRoles[$username] = isset($data['roles']) ? $data['roles'] : NULL; } $container->addDefinition($this->prefix('authenticator')) ->setClass('Nette\Security\IAuthenticator') - ->setFactory('Nette\Security\SimpleAuthenticator', array($usersList, $usersRoles)); + ->setFactory('Nette\Security\SimpleAuthenticator', [$usersList, $usersRoles]); if ($this->name === 'security') { $container->addAlias('nette.authenticator', $this->prefix('authenticator')); @@ -76,10 +76,10 @@ public function loadConfiguration() ->setFactory('Nette\Security\Permission'); foreach ($config['roles'] as $role => $parents) { - $authorizator->addSetup('addRole', array($role, $parents)); + $authorizator->addSetup('addRole', [$role, $parents]); } foreach ($config['resources'] as $resource => $parents) { - $authorizator->addSetup('addResource', array($resource, $parents)); + $authorizator->addSetup('addResource', [$resource, $parents]); } if ($this->name === 'security') { diff --git a/src/Bridges/SecurityTracy/templates/UserPanel.panel.phtml b/src/Bridges/SecurityTracy/templates/UserPanel.panel.phtml index 1e8244ac..c18dfeaa 100644 --- a/src/Bridges/SecurityTracy/templates/UserPanel.panel.phtml +++ b/src/Bridges/SecurityTracy/templates/UserPanel.panel.phtml @@ -9,5 +9,5 @@ use Nette,

isLoggedIn()): ?>Logged inUnlogged

- getIdentity()): echo Dumper::toHtml($user->getIdentity(), array(Dumper::LIVE => TRUE)); else: ?>

no identity

+ getIdentity()): echo Dumper::toHtml($user->getIdentity(), [Dumper::LIVE => TRUE]); else: ?>

no identity

diff --git a/src/Bridges/SecurityTracy/templates/UserPanel.tab.phtml b/src/Bridges/SecurityTracy/templates/UserPanel.tab.phtml index cbf9afc3..ec658b48 100644 --- a/src/Bridges/SecurityTracy/templates/UserPanel.tab.phtml +++ b/src/Bridges/SecurityTracy/templates/UserPanel.tab.phtml @@ -5,6 +5,6 @@ namespace Nette\Bridges\SecurityTracy; use Nette; ?> - - + + diff --git a/src/Security/Permission.php b/src/Security/Permission.php index ca1ace7d..c2c63213 100644 --- a/src/Security/Permission.php +++ b/src/Security/Permission.php @@ -26,25 +26,25 @@ class Permission extends Nette\Object implements IAuthorizator { /** @var array Role storage */ - private $roles = array(); + private $roles = []; /** @var array Resource storage */ - private $resources = array(); + private $resources = []; /** @var array Access Control List rules; whitelist (deny everything to all) by default */ - private $rules = array( - 'allResources' => array( - 'allRoles' => array( - 'allPrivileges' => array( + private $rules = [ + 'allResources' => [ + 'allRoles' => [ + 'allPrivileges' => [ 'type' => self::DENY, 'assert' => NULL, - ), - 'byPrivilege' => array(), - ), - 'byRole' => array(), - ), - 'byResource' => array(), - ); + ], + 'byPrivilege' => [], + ], + 'byRole' => [], + ], + 'byResource' => [], + ]; /** @var mixed */ private $queriedRole, $queriedResource; @@ -69,11 +69,11 @@ public function addRole($role, $parents = NULL) throw new Nette\InvalidStateException("Role '$role' already exists in the list."); } - $roleParents = array(); + $roleParents = []; if ($parents !== NULL) { if (!is_array($parents)) { - $parents = array($parents); + $parents = [$parents]; } foreach ($parents as $parent) { @@ -83,10 +83,10 @@ public function addRole($role, $parents = NULL) } } - $this->roles[$role] = array( + $this->roles[$role] = [ 'parents' => $roleParents, - 'children' => array(), - ); + 'children' => [], + ]; return $this; } @@ -222,7 +222,7 @@ public function removeRole($role) */ public function removeAllRoles() { - $this->roles = array(); + $this->roles = []; foreach ($this->rules['allResources']['byRole'] as $roleCurrent => $rules) { unset($this->rules['allResources']['byRole'][$roleCurrent]); @@ -263,10 +263,10 @@ public function addResource($resource, $parent = NULL) $this->resources[$parent]['children'][$resource] = TRUE; } - $this->resources[$resource] = array( + $this->resources[$resource] = [ 'parent' => $parent, - 'children' => array() - ); + 'children' => [] + ]; return $this; } @@ -366,7 +366,7 @@ public function removeResource($resource) unset($this->resources[$parent]['children'][$resource]); } - $removed = array($resource); + $removed = [$resource]; foreach ($this->resources[$resource]['children'] as $child => $foo) { $this->removeResource($child); $removed[] = $child; @@ -399,7 +399,7 @@ public function removeAllResources() } } - $this->resources = array(); + $this->resources = []; return $this; } @@ -486,11 +486,11 @@ protected function setRule($toAdd, $type, $roles, $resources, $privileges, $asse { // ensure that all specified Roles exist; normalize input to array of Roles or NULL if ($roles === self::ALL) { - $roles = array(self::ALL); + $roles = [self::ALL]; } else { if (!is_array($roles)) { - $roles = array($roles); + $roles = [$roles]; } foreach ($roles as $role) { @@ -500,11 +500,11 @@ protected function setRule($toAdd, $type, $roles, $resources, $privileges, $asse // ensure that all specified Resources exist; normalize input to array of Resources or NULL if ($resources === self::ALL) { - $resources = array(self::ALL); + $resources = [self::ALL]; } else { if (!is_array($resources)) { - $resources = array($resources); + $resources = [$resources]; } foreach ($resources as $resource) { @@ -514,10 +514,10 @@ protected function setRule($toAdd, $type, $roles, $resources, $privileges, $asse // normalize privileges to array if ($privileges === self::ALL) { - $privileges = array(); + $privileges = []; } elseif (!is_array($privileges)) { - $privileges = array($privileges); + $privileges = [$privileges]; } if ($toAdd) { // add to the rules @@ -528,7 +528,7 @@ protected function setRule($toAdd, $type, $roles, $resources, $privileges, $asse $rules['allPrivileges']['type'] = $type; $rules['allPrivileges']['assert'] = $assertion; if (!isset($rules['byPrivilege'])) { - $rules['byPrivilege'] = array(); + $rules['byPrivilege'] = []; } } else { foreach ($privileges as $privilege) { @@ -549,13 +549,13 @@ protected function setRule($toAdd, $type, $roles, $resources, $privileges, $asse if (count($privileges) === 0) { if ($resource === self::ALL && $role === self::ALL) { if ($type === $rules['allPrivileges']['type']) { - $rules = array( - 'allPrivileges' => array( + $rules = [ + 'allPrivileges' => [ 'type' => self::DENY, 'assert' => NULL - ), - 'byPrivilege' => array() - ); + ], + 'byPrivilege' => [] + ]; } continue; } @@ -681,10 +681,10 @@ public function getQueriedResource() */ private function searchRolePrivileges($all, $role, $resource, $privilege) { - $dfs = array( - 'visited' => array(), - 'stack' => array($role), - ); + $dfs = [ + 'visited' => [], + 'stack' => [$role], + ]; while (NULL !== ($role = array_pop($dfs['stack']))) { if (isset($dfs['visited'][$role])) { @@ -778,7 +778,7 @@ private function & getRules($resource, $role, $create = FALSE) if (!$create) { return $null; } - $this->rules['byResource'][$resource] = array(); + $this->rules['byResource'][$resource] = []; } $visitor = & $this->rules['byResource'][$resource]; } @@ -788,7 +788,7 @@ private function & getRules($resource, $role, $create = FALSE) if (!$create) { return $null; } - $visitor['allRoles']['byPrivilege'] = array(); + $visitor['allRoles']['byPrivilege'] = []; } return $visitor['allRoles']; } @@ -797,7 +797,7 @@ private function & getRules($resource, $role, $create = FALSE) if (!$create) { return $null; } - $visitor['byRole'][$role]['byPrivilege'] = array(); + $visitor['byRole'][$role]['byPrivilege'] = []; } return $visitor['byRole'][$role]; diff --git a/src/Security/SimpleAuthenticator.php b/src/Security/SimpleAuthenticator.php index 44492fd6..f3871eca 100644 --- a/src/Security/SimpleAuthenticator.php +++ b/src/Security/SimpleAuthenticator.php @@ -28,7 +28,7 @@ class SimpleAuthenticator extends Nette\Object implements IAuthenticator * @param array list of pairs username => password * @param array list of pairs username => role[] */ - public function __construct(array $userlist, array $usersRoles = array()) + public function __construct(array $userlist, array $usersRoles = []) { $this->userlist = $userlist; $this->usersRoles = $usersRoles; diff --git a/src/Security/User.php b/src/Security/User.php index 961c8439..941ea7b1 100644 --- a/src/Security/User.php +++ b/src/Security/User.php @@ -200,11 +200,11 @@ public function getLogoutReason() public function getRoles() { if (!$this->isLoggedIn()) { - return array($this->guestRole); + return [$this->guestRole]; } $identity = $this->getIdentity(); - return $identity && $identity->getRoles() ? $identity->getRoles() : array($this->authenticatedRole); + return $identity && $identity->getRoles() ? $identity->getRoles() : [$this->authenticatedRole]; } diff --git a/tests/Security.DI/SecurityExtension.authenticator.phpt b/tests/Security.DI/SecurityExtension.authenticator.phpt index 46938f13..5b506eef 100644 --- a/tests/Security.DI/SecurityExtension.authenticator.phpt +++ b/tests/Security.DI/SecurityExtension.authenticator.phpt @@ -36,21 +36,21 @@ $authenticator = $container->getService('security.authenticator'); Assert::type('Nette\Security\SimpleAuthenticator', $authenticator); Assert::same($authenticator, $container->getService('nette.authenticator')); -$userList = array( +$userList = [ 'john' => 'john123', 'admin' => 'admin123', 'user' => 'user123', 'moderator' => 'moderator123', -); -$expectedRoles = array( - 'john' => array(), - 'admin' => array('admin', 'user'), - 'user' => array(), - 'moderator' => array('moderator'), -); +]; +$expectedRoles = [ + 'john' => [], + 'admin' => ['admin', 'user'], + 'user' => [], + 'moderator' => ['moderator'], +]; foreach ($userList as $username => $password) { - $identity = $authenticator->authenticate(array($username, $password)); + $identity = $authenticator->authenticate([$username, $password]); Assert::equal($username, $identity->getId()); Assert::equal($expectedRoles[$username], $identity->getRoles()); } diff --git a/tests/Security.DI/SecurityExtension.user.phpt b/tests/Security.DI/SecurityExtension.user.phpt index 4690919e..81ea057d 100644 --- a/tests/Security.DI/SecurityExtension.user.phpt +++ b/tests/Security.DI/SecurityExtension.user.phpt @@ -19,7 +19,7 @@ $compiler->addExtension('foo', new HttpExtension); $compiler->addExtension('bar', new SessionExtension); $compiler->addExtension('security', new SecurityExtension); -eval($compiler->compile(array(), 'Container1')); +eval($compiler->compile([], 'Container1')); $container = new Container1; Assert::type('Nette\Http\UserStorage', $container->getService('security.userStorage')); diff --git a/tests/Security/Identity.phpt b/tests/Security/Identity.phpt index 62ab3671..af06419f 100644 --- a/tests/Security/Identity.phpt +++ b/tests/Security/Identity.phpt @@ -12,13 +12,13 @@ require __DIR__ . '/../bootstrap.php'; test(function() { - $id = new Identity(12, 'admin', array('name' => 'John')); + $id = new Identity(12, 'admin', ['name' => 'John']); Assert::same(12, $id->getId()); Assert::same(12, $id->id); - Assert::same(array('admin'), $id->getRoles()); - Assert::same(array('admin'), $id->roles); - Assert::same(array('name' => 'John'), $id->getData()); + Assert::same(['admin'], $id->getRoles()); + Assert::same(['admin'], $id->roles); + Assert::same(['name' => 'John'], $id->getData()); Assert::same('John', $id->name); }); diff --git a/tests/Security/Passwords.hash().phpt b/tests/Security/Passwords.hash().phpt index af1e511c..a953e6ee 100644 --- a/tests/Security/Passwords.hash().phpt +++ b/tests/Security/Passwords.hash().phpt @@ -19,7 +19,7 @@ Assert::truthy( Assert::truthy( preg_match('#^\$2y\$05\$123456789012345678901.{32}\z#', - $h = Passwords::hash('dg', array('cost' => 5, 'salt' => '1234567890123456789012'))) + $h = Passwords::hash('dg', ['cost' => 5, 'salt' => '1234567890123456789012'])) ); echo $h; @@ -28,13 +28,13 @@ Assert::same( $hash, crypt('dg', $hash) ); Assert::exception(function() { - Passwords::hash('dg', array('cost' => 3)); + Passwords::hash('dg', ['cost' => 3]); }, 'Nette\InvalidArgumentException', 'Cost must be in range 4-31, 3 given.'); Assert::exception(function() { - Passwords::hash('dg', array('cost' => 32)); + Passwords::hash('dg', ['cost' => 32]); }, 'Nette\InvalidArgumentException', 'Cost must be in range 4-31, 32 given.'); Assert::exception(function() { - Passwords::hash('dg', array('salt' => 'abc')); + Passwords::hash('dg', ['salt' => 'abc']); }, 'Nette\InvalidArgumentException', 'Salt must be 22 characters long, 3 given.'); diff --git a/tests/Security/Passwords.needsRehash().phpt b/tests/Security/Passwords.needsRehash().phpt index d86a4ce5..ebe26de7 100644 --- a/tests/Security/Passwords.needsRehash().phpt +++ b/tests/Security/Passwords.needsRehash().phpt @@ -13,4 +13,4 @@ require __DIR__ . '/../bootstrap.php'; Assert::true(Passwords::needsRehash('$2y$05$123456789012345678901uTj3G.8OMqoqrOMca1z/iBLqLNaWe6DK')); -Assert::false(Passwords::needsRehash('$2y$05$123456789012345678901uTj3G.8OMqoqrOMca1z/iBLqLNaWe6DK', array('cost' => 5))); +Assert::false(Passwords::needsRehash('$2y$05$123456789012345678901uTj3G.8OMqoqrOMca1z/iBLqLNaWe6DK', ['cost' => 5])); diff --git a/tests/Security/Permission.CMSExample.phpt b/tests/Security/Permission.CMSExample.phpt index b99598f4..97193d9f 100644 --- a/tests/Security/Permission.CMSExample.phpt +++ b/tests/Security/Permission.CMSExample.phpt @@ -21,10 +21,10 @@ $acl->addRole('administrator'); $acl->allow('guest', NULL, 'view'); // Staff inherits view privilege from guest, but also needs additional privileges -$acl->allow('staff', NULL, array('edit', 'submit', 'revise')); +$acl->allow('staff', NULL, ['edit', 'submit', 'revise']); // Editor inherits view, edit, submit, and revise privileges, but also needs additional privileges -$acl->allow('editor', NULL, array('publish', 'archive', 'delete')); +$acl->allow('editor', NULL, ['publish', 'archive', 'delete']); // Administrator inherits nothing but is allowed all privileges $acl->allow('administrator'); @@ -93,12 +93,12 @@ $acl->addRole('marketing', 'staff'); // Refine the privilege sets for more specific needs // Allow marketing to publish and archive newsletters -$acl->allow('marketing', 'newsletter', array('publish', 'archive')); +$acl->allow('marketing', 'newsletter', ['publish', 'archive']); // Allow marketing to publish and archive latest news $acl->addResource('news'); $acl->addResource('latest', 'news'); -$acl->allow('marketing', 'latest', array('publish', 'archive')); +$acl->allow('marketing', 'latest', ['publish', 'archive']); // Deny staff (and marketing, by inheritance) rights to revise latest news $acl->deny('staff', 'latest', 'revise'); @@ -142,7 +142,7 @@ Assert::false( $acl->isAllowed('editor', 'announcement', 'archive') ); // Remove some previous permission specifications // Marketing can no longer publish and archive newsletters -$acl->removeAllow('marketing', 'newsletter', array('publish', 'archive')); +$acl->removeAllow('marketing', 'newsletter', ['publish', 'archive']); // Marketing can no longer archive the latest news $acl->removeAllow('marketing', 'latest', 'archive'); diff --git a/tests/Security/Permission.Privileges.phpt b/tests/Security/Permission.Privileges.phpt index 172990f7..9291f876 100644 --- a/tests/Security/Permission.Privileges.phpt +++ b/tests/Security/Permission.Privileges.phpt @@ -12,13 +12,13 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; -$acl->allow(NULL, NULL, array('p1', 'p2', 'p3')); +$acl->allow(NULL, NULL, ['p1', 'p2', 'p3']); Assert::true( $acl->isAllowed(NULL, NULL, 'p1') ); Assert::true( $acl->isAllowed(NULL, NULL, 'p2') ); Assert::true( $acl->isAllowed(NULL, NULL, 'p3') ); Assert::false( $acl->isAllowed(NULL, NULL, 'p4') ); $acl->deny(NULL, NULL, 'p1'); Assert::false( $acl->isAllowed(NULL, NULL, 'p1') ); -$acl->deny(NULL, NULL, array('p2', 'p3')); +$acl->deny(NULL, NULL, ['p2', 'p3']); Assert::false( $acl->isAllowed(NULL, NULL, 'p2') ); Assert::false( $acl->isAllowed(NULL, NULL, 'p3') ); diff --git a/tests/Security/Permission.ResourceInherits.phpt b/tests/Security/Permission.ResourceInherits.phpt index 46f12a8c..c13abb05 100644 --- a/tests/Security/Permission.ResourceInherits.phpt +++ b/tests/Security/Permission.ResourceInherits.phpt @@ -16,7 +16,7 @@ $acl->addResource('city'); $acl->addResource('building', 'city'); $acl->addResource('room', 'building'); -Assert::same( array('city', 'building', 'room'), $acl->getResources() ); +Assert::same( ['city', 'building', 'room'], $acl->getResources() ); Assert::true( $acl->resourceInheritsFrom('building', 'city', TRUE) ); Assert::true( $acl->resourceInheritsFrom('room', 'building', TRUE) ); Assert::true( $acl->resourceInheritsFrom('room', 'city') ); diff --git a/tests/Security/Permission.RoleDefaultAllowRuleWithPrivilegeDenyRule.phpt b/tests/Security/Permission.RoleDefaultAllowRuleWithPrivilegeDenyRule.phpt index c655c63d..56a60006 100644 --- a/tests/Security/Permission.RoleDefaultAllowRuleWithPrivilegeDenyRule.phpt +++ b/tests/Security/Permission.RoleDefaultAllowRuleWithPrivilegeDenyRule.phpt @@ -17,5 +17,5 @@ $acl->addRole('guest'); $acl->addRole('staff', 'guest'); $acl->deny(); $acl->allow('staff'); -$acl->deny('staff', NULL, array('privilege1', 'privilege2')); +$acl->deny('staff', NULL, ['privilege1', 'privilege2']); Assert::false( $acl->isAllowed('staff', NULL, 'privilege1') ); diff --git a/tests/Security/Permission.RoleDefaultAllowRuleWithResourceDenyRule.phpt b/tests/Security/Permission.RoleDefaultAllowRuleWithResourceDenyRule.phpt index ccfa447f..4a8a446e 100644 --- a/tests/Security/Permission.RoleDefaultAllowRuleWithResourceDenyRule.phpt +++ b/tests/Security/Permission.RoleDefaultAllowRuleWithResourceDenyRule.phpt @@ -19,5 +19,5 @@ $acl->addResource('area1'); $acl->addResource('area2'); $acl->deny(); $acl->allow('staff'); -$acl->deny('staff', array('area1', 'area2')); +$acl->deny('staff', ['area1', 'area2']); Assert::false( $acl->isAllowed('staff', 'area1') ); diff --git a/tests/Security/Permission.RolePrivileges.phpt b/tests/Security/Permission.RolePrivileges.phpt index 04538715..af45af8b 100644 --- a/tests/Security/Permission.RolePrivileges.phpt +++ b/tests/Security/Permission.RolePrivileges.phpt @@ -13,13 +13,13 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->addRole('guest'); -$acl->allow('guest', NULL, array('p1', 'p2', 'p3')); +$acl->allow('guest', NULL, ['p1', 'p2', 'p3']); Assert::true( $acl->isAllowed('guest', NULL, 'p1') ); Assert::true( $acl->isAllowed('guest', NULL, 'p2') ); Assert::true( $acl->isAllowed('guest', NULL, 'p3') ); Assert::false( $acl->isAllowed('guest', NULL, 'p4') ); $acl->deny('guest', NULL, 'p1'); Assert::false( $acl->isAllowed('guest', NULL, 'p1') ); -$acl->deny('guest', NULL, array('p2', 'p3')); +$acl->deny('guest', NULL, ['p2', 'p3']); Assert::false( $acl->isAllowed('guest', NULL, 'p2') ); Assert::false( $acl->isAllowed('guest', NULL, 'p3') ); diff --git a/tests/Security/Permission.RoleRegistryInherits.phpt b/tests/Security/Permission.RoleRegistryInherits.phpt index bd2866d3..01fbf927 100644 --- a/tests/Security/Permission.RoleRegistryInherits.phpt +++ b/tests/Security/Permission.RoleRegistryInherits.phpt @@ -15,10 +15,10 @@ $acl = new Permission; $acl->addRole('guest'); $acl->addRole('member', 'guest'); $acl->addRole('editor', 'member'); -Assert::same( array('guest', 'member', 'editor'), $acl->getRoles() ); -Assert::same( array(), $acl->getRoleParents('guest') ); -Assert::same( array('guest'), $acl->getRoleParents('member') ); -Assert::same( array('member'), $acl->getRoleParents('editor') ); +Assert::same( ['guest', 'member', 'editor'], $acl->getRoles() ); +Assert::same( [], $acl->getRoleParents('guest') ); +Assert::same( ['guest'], $acl->getRoleParents('member') ); +Assert::same( ['member'], $acl->getRoleParents('editor') ); Assert::true( $acl->roleInheritsFrom('member', 'guest', TRUE) ); @@ -30,5 +30,5 @@ Assert::false( $acl->roleInheritsFrom('member', 'editor') ); Assert::false( $acl->roleInheritsFrom('guest', 'editor') ); $acl->removeRole('member'); -Assert::same( array(), $acl->getRoleParents('editor') ); +Assert::same( [], $acl->getRoleParents('editor') ); Assert::false( $acl->roleInheritsFrom('editor', 'guest') ); diff --git a/tests/Security/Permission.RoleRegistryInheritsMultiple.phpt b/tests/Security/Permission.RoleRegistryInheritsMultiple.phpt index 2d64ffc1..7bd182ca 100644 --- a/tests/Security/Permission.RoleRegistryInheritsMultiple.phpt +++ b/tests/Security/Permission.RoleRegistryInheritsMultiple.phpt @@ -14,17 +14,17 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->addRole('parent1'); $acl->addRole('parent2'); -$acl->addRole('child', array('parent1', 'parent2')); +$acl->addRole('child', ['parent1', 'parent2']); -Assert::same( array( +Assert::same( [ 'parent1', 'parent2', -), $acl->getRoleParents('child') ); +], $acl->getRoleParents('child') ); Assert::true( $acl->roleInheritsFrom('child', 'parent1') ); Assert::true( $acl->roleInheritsFrom('child', 'parent2') ); $acl->removeRole('parent1'); -Assert::same( array('parent2'), $acl->getRoleParents('child') ); +Assert::same( ['parent2'], $acl->getRoleParents('child') ); Assert::true( $acl->roleInheritsFrom('child', 'parent2') ); diff --git a/tests/Security/Permission.RulesRemove.phpt b/tests/Security/Permission.RulesRemove.phpt index 91910a01..2d0e0f65 100644 --- a/tests/Security/Permission.RulesRemove.phpt +++ b/tests/Security/Permission.RulesRemove.phpt @@ -12,7 +12,7 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; -$acl->allow(NULL, NULL, array('privilege1', 'privilege2')); +$acl->allow(NULL, NULL, ['privilege1', 'privilege2']); Assert::false( $acl->isAllowed() ); Assert::true( $acl->isAllowed(NULL, NULL, 'privilege1') ); Assert::true( $acl->isAllowed(NULL, NULL, 'privilege2') ); diff --git a/tests/Security/SimpleAuthenticator.Roles.phpt b/tests/Security/SimpleAuthenticator.Roles.phpt index 4ce3174a..db07facc 100644 --- a/tests/Security/SimpleAuthenticator.Roles.phpt +++ b/tests/Security/SimpleAuthenticator.Roles.phpt @@ -11,25 +11,25 @@ use Nette\Security\SimpleAuthenticator, require __DIR__ . '/../bootstrap.php'; -$users = array( +$users = [ 'john' => 'john123', 'admin' => 'admin123', 'user' => 'user123', -); -$usersRoles = array( - 'admin' => array('admin', 'user'), +]; +$usersRoles = [ + 'admin' => ['admin', 'user'], 'user' => 'user', -); -$expectedRoles = array( - 'admin' => array('admin', 'user'), - 'user' => array('user'), - 'john' => array(), -); +]; +$expectedRoles = [ + 'admin' => ['admin', 'user'], + 'user' => ['user'], + 'john' => [], +]; $authenticator = new SimpleAuthenticator($users, $usersRoles); foreach ($users as $username => $password) { - $identity = $authenticator->authenticate(array($username, $password)); + $identity = $authenticator->authenticate([$username, $password]); Assert::equal($username, $identity->getId()); Assert::equal($expectedRoles[$username], $identity->getRoles()); } diff --git a/tests/Security/SimpleAuthenticator.phpt b/tests/Security/SimpleAuthenticator.phpt index 94c7e86a..f00bdda3 100644 --- a/tests/Security/SimpleAuthenticator.phpt +++ b/tests/Security/SimpleAuthenticator.phpt @@ -11,25 +11,25 @@ use Nette\Security\SimpleAuthenticator, require __DIR__ . '/../bootstrap.php'; -$users = array( +$users = [ 'john' => 'password123!', 'admin' => 'admin', -); +]; $authenticator = new SimpleAuthenticator($users); -$identity = $authenticator->authenticate(array('john', 'password123!')); +$identity = $authenticator->authenticate(['john', 'password123!']); Assert::type( 'Nette\Security\IIdentity', $identity ); Assert::equal('john', $identity->getId()); -$identity = $authenticator->authenticate(array('admin', 'admin')); +$identity = $authenticator->authenticate(['admin', 'admin']); Assert::type( 'Nette\Security\IIdentity', $identity ); Assert::equal('admin', $identity->getId()); Assert::exception(function() use ($authenticator) { - $authenticator->authenticate(array('admin', 'wrong password')); + $authenticator->authenticate(['admin', 'wrong password']); }, 'Nette\Security\AuthenticationException', 'Invalid password.'); Assert::exception(function() use ($authenticator) { - $authenticator->authenticate(array('nobody', 'password')); + $authenticator->authenticate(['nobody', 'password']); }, 'Nette\Security\AuthenticationException', "User 'nobody' not found."); diff --git a/tests/Security/User.authentication.phpt b/tests/Security/User.authentication.phpt index d945a0d9..3cf21c33 100644 --- a/tests/Security/User.authentication.phpt +++ b/tests/Security/User.authentication.phpt @@ -13,7 +13,7 @@ require __DIR__ . '/../bootstrap.php'; require __DIR__ . '/MockUserStorage.php'; // Setup environment -$_COOKIE = array(); +$_COOKIE = []; ob_start(); @@ -43,10 +43,10 @@ class Authenticator implements IAuthenticator $user = new Nette\Security\User(new MockUserStorage); -$counter = (object) array( +$counter = (object) [ 'login' => 0, 'logout' => 0, -); +]; $user->onLoggedIn[] = function () use ($counter) { $counter->login++; diff --git a/tests/Security/User.authorization.phpt b/tests/Security/User.authorization.phpt index ecc91371..6630ac82 100644 --- a/tests/Security/User.authorization.phpt +++ b/tests/Security/User.authorization.phpt @@ -15,7 +15,7 @@ require __DIR__ . '/MockUserStorage.php'; // Setup environment -$_COOKIE = array(); +$_COOKIE = []; ob_start(); @@ -36,7 +36,7 @@ class Authenticator implements IAuthenticator throw new Nette\Security\AuthenticationException('Password not match', self::INVALID_CREDENTIAL); } else { - return new Identity('John Doe', array('admin')); + return new Identity('John Doe', ['admin']); } } @@ -65,7 +65,7 @@ $user = new Nette\Security\User(new MockUserStorage); Assert::false( $user->isLoggedIn() ); -Assert::same( array('guest'), $user->getRoles() ); +Assert::same( ['guest'], $user->getRoles() ); Assert::false( $user->isInRole('admin') ); Assert::true( $user->isInRole('guest') ); @@ -78,7 +78,7 @@ $user->setAuthenticator($handler); $user->login('john', 'xxx'); Assert::true( $user->isLoggedIn() ); -Assert::same( array('admin'), $user->getRoles() ); +Assert::same( ['admin'], $user->getRoles() ); Assert::true( $user->isInRole('admin') ); Assert::false( $user->isInRole('guest') ); From c3ce01e09cbd58e29249c3500de859613b505337 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Wed, 20 May 2015 18:15:06 +0200 Subject: [PATCH 10/36] removed support for PHP 5.3 --- src/Security/IUserStorage.php | 8 ++++---- src/Security/Passwords.php | 6 ++---- tests/Security/Passwords.hash().phpt | 1 - tests/Security/Passwords.needsRehash().phpt | 1 - tests/Security/Passwords.verify().phpt | 1 - 5 files changed, 6 insertions(+), 11 deletions(-) diff --git a/src/Security/IUserStorage.php b/src/Security/IUserStorage.php index 62c9dec0..8bc03ebd 100644 --- a/src/Security/IUserStorage.php +++ b/src/Security/IUserStorage.php @@ -18,12 +18,12 @@ interface IUserStorage { /** Log-out reason {@link IUserStorage::getLogoutReason()} */ - const MANUAL = 1, - INACTIVITY = 2, - BROWSER_CLOSED = 4; + const MANUAL = 0b0001, + INACTIVITY = 0b0010, + BROWSER_CLOSED = 0b0100; /** Log-out behavior */ - const CLEAR_IDENTITY = 8; + const CLEAR_IDENTITY = 0b1000; /** * Sets the authenticated status of this user. diff --git a/src/Security/Passwords.php b/src/Security/Passwords.php index cbb771e9..3918338e 100644 --- a/src/Security/Passwords.php +++ b/src/Security/Passwords.php @@ -11,7 +11,7 @@ /** - * Passwords tools. Requires PHP >= 5.3.7. + * Passwords tools. * * @author David Grudl */ @@ -31,9 +31,7 @@ public static function hash($password, array $options = NULL) $cost = isset($options['cost']) ? (int) $options['cost'] : self::BCRYPT_COST; $salt = isset($options['salt']) ? (string) $options['salt'] : Nette\Utils\Random::generate(22, '0-9A-Za-z./'); - if (PHP_VERSION_ID < 50307) { - throw new Nette\NotSupportedException(__METHOD__ . ' requires PHP >= 5.3.7.'); - } elseif (($len = strlen($salt)) < 22) { + if (($len = strlen($salt)) < 22) { throw new Nette\InvalidArgumentException("Salt must be 22 characters long, $len given."); } elseif ($cost < 4 || $cost > 31) { throw new Nette\InvalidArgumentException("Cost must be in range 4-31, $cost given."); diff --git a/tests/Security/Passwords.hash().phpt b/tests/Security/Passwords.hash().phpt index a953e6ee..06613118 100644 --- a/tests/Security/Passwords.hash().phpt +++ b/tests/Security/Passwords.hash().phpt @@ -2,7 +2,6 @@ /** * Test: Nette\Security\Passwords::hash() - * @phpversion 5.3.7 */ use Nette\Security\Passwords, diff --git a/tests/Security/Passwords.needsRehash().phpt b/tests/Security/Passwords.needsRehash().phpt index ebe26de7..8fdc1e79 100644 --- a/tests/Security/Passwords.needsRehash().phpt +++ b/tests/Security/Passwords.needsRehash().phpt @@ -2,7 +2,6 @@ /** * Test: Nette\Security\Passwords::needsRehash() - * @phpversion 5.3.7 */ use Nette\Security\Passwords, diff --git a/tests/Security/Passwords.verify().phpt b/tests/Security/Passwords.verify().phpt index e2ad0ddf..8994f10b 100644 --- a/tests/Security/Passwords.verify().phpt +++ b/tests/Security/Passwords.verify().phpt @@ -2,7 +2,6 @@ /** * Test: Nette\Security\Passwords::verify() - * @phpversion 5.3.7 */ use Nette\Security\Passwords, From b7c73bae8a8d32bb9bd5547e1ed7163d905d734a Mon Sep 17 00:00:00 2001 From: David Grudl Date: Thu, 18 Jun 2015 16:45:57 +0200 Subject: [PATCH 11/36] improved coding style --- src/Bridges/SecurityDI/SecurityExtension.php | 2 +- src/Bridges/SecurityTracy/UserPanel.php | 4 +- src/Security/Permission.php | 12 +- src/Security/User.php | 4 +- .../SecurityExtension.authenticator.phpt | 10 +- tests/Security.DI/SecurityExtension.user.phpt | 10 +- tests/Security/Identity.phpt | 8 +- tests/Security/MockUserStorage.php | 7 +- tests/Security/Passwords.hash().phpt | 12 +- tests/Security/Passwords.needsRehash().phpt | 4 +- tests/Security/Passwords.verify().phpt | 4 +- tests/Security/Permission.CMSExample.phpt | 174 +++++++++--------- tests/Security/Permission.DefaultAssert.phpt | 6 +- tests/Security/Permission.DefaultDeny.phpt | 12 +- tests/Security/Permission.DefaultRuleSet.phpt | 12 +- .../Permission.IsAllowedNonExistent.phpt | 8 +- tests/Security/Permission.PrivilegeAllow.phpt | 6 +- .../Security/Permission.PrivilegeAssert.phpt | 8 +- tests/Security/Permission.PrivilegeDeny.phpt | 6 +- tests/Security/Permission.Privileges.phpt | 18 +- .../Permission.RemoveDefaultAllow.phpt | 8 +- ...mission.RemoveDefaultAllowNonExistent.phpt | 6 +- .../Permission.RemoveDefaultDeny.phpt | 8 +- .../Permission.RemoveDefaultDenyAssert.phpt | 8 +- ...rmission.RemoveDefaultDenyNonExistent.phpt | 6 +- ...AfterItWasAllowedAccessToAllResources.phpt | 6 +- .../Permission.ResourceAddAndGetOne.phpt | 10 +- ...ission.ResourceAddInheritsNonExistent.phpt | 6 +- .../Permission.ResourceDuplicate.phpt | 6 +- .../Security/Permission.ResourceInherits.phpt | 22 +-- ...ermission.ResourceInheritsNonExistent.phpt | 8 +- .../Permission.ResourceRemoveAll.phpt | 6 +- ...rmission.ResourceRemoveOneNonExistent.phpt | 6 +- ...DefaultAllowRuleWithPrivilegeDenyRule.phpt | 6 +- ...eDefaultAllowRuleWithResourceDenyRule.phpt | 8 +- .../Permission.RoleDefaultRuleSet.phpt | 8 +- ...ermission.RoleDefaultRuleSetPrivilege.phpt | 8 +- .../Permission.RolePrivilegeAllow.phpt | 6 +- .../Permission.RolePrivilegeAssert.phpt | 8 +- .../Permission.RolePrivilegeDeny.phpt | 6 +- tests/Security/Permission.RolePrivileges.phpt | 18 +- .../Permission.RoleRegistryAddAndGetOne.phpt | 10 +- ...on.RoleRegistryAddInheritsNonExistent.phpt | 6 +- .../Permission.RoleRegistryDuplicate.phpt | 6 +- .../Permission.RoleRegistryInherits.phpt | 30 +-- ...rmission.RoleRegistryInheritsMultiple.phpt | 16 +- ...ssion.RoleRegistryInheritsNonExistent.phpt | 8 +- .../Permission.RoleRegistryRemoveAll.phpt | 6 +- ...sion.RoleRegistryRemoveOneNonExistent.phpt | 6 +- tests/Security/Permission.RuleRoleRemove.phpt | 10 +- .../Permission.RuleRoleRemoveAll.phpt | 10 +- tests/Security/Permission.RulesRemove.phpt | 14 +- .../Permission.RulesResourceRemove.phpt | 10 +- .../Permission.RulesResourceRemoveAll.phpt | 10 +- tests/Security/SimpleAuthenticator.Roles.phpt | 14 +- tests/Security/SimpleAuthenticator.phpt | 12 +- tests/Security/User.authentication.phpt | 52 +++--- tests/Security/User.authorization.phpt | 32 ++-- 58 files changed, 377 insertions(+), 376 deletions(-) diff --git a/src/Bridges/SecurityDI/SecurityExtension.php b/src/Bridges/SecurityDI/SecurityExtension.php index e70d4a36..ade238b8 100644 --- a/src/Bridges/SecurityDI/SecurityExtension.php +++ b/src/Bridges/SecurityDI/SecurityExtension.php @@ -48,7 +48,7 @@ public function loadConfiguration() if ($this->debugMode && $config['debugger']) { $user->addSetup('@Tracy\Bar::addPanel', [ - new Nette\DI\Statement('Nette\Bridges\SecurityTracy\UserPanel') + new Nette\DI\Statement('Nette\Bridges\SecurityTracy\UserPanel'), ]); } diff --git a/src/Bridges/SecurityTracy/UserPanel.php b/src/Bridges/SecurityTracy/UserPanel.php index e25f40a5..63fe63c8 100644 --- a/src/Bridges/SecurityTracy/UserPanel.php +++ b/src/Bridges/SecurityTracy/UserPanel.php @@ -7,8 +7,8 @@ namespace Nette\Bridges\SecurityTracy; -use Nette, - Tracy; +use Nette; +use Tracy; /** diff --git a/src/Security/Permission.php b/src/Security/Permission.php index c2c63213..d94d90eb 100644 --- a/src/Security/Permission.php +++ b/src/Security/Permission.php @@ -84,7 +84,7 @@ public function addRole($role, $parents = NULL) } $this->roles[$role] = [ - 'parents' => $roleParents, + 'parents' => $roleParents, 'children' => [], ]; @@ -264,8 +264,8 @@ public function addResource($resource, $parent = NULL) } $this->resources[$resource] = [ - 'parent' => $parent, - 'children' => [] + 'parent' => $parent, + 'children' => [], ]; return $this; @@ -552,10 +552,10 @@ protected function setRule($toAdd, $type, $roles, $resources, $privileges, $asse $rules = [ 'allPrivileges' => [ 'type' => self::DENY, - 'assert' => NULL + 'assert' => NULL, ], - 'byPrivilege' => [] - ]; + 'byPrivilege' => [], + ]; } continue; } diff --git a/src/Security/User.php b/src/Security/User.php index 941ea7b1..687c3ac5 100644 --- a/src/Security/User.php +++ b/src/Security/User.php @@ -38,10 +38,10 @@ class User extends Nette\Object /** @var string default role for authenticated user without own identity */ public $authenticatedRole = 'authenticated'; - /** @var callable[] function(User $sender); Occurs when the user is successfully logged in */ + /** @var callable[] function (User $sender); Occurs when the user is successfully logged in */ public $onLoggedIn; - /** @var callable[] function(User $sender); Occurs when the user is logged out */ + /** @var callable[] function (User $sender); Occurs when the user is logged out */ public $onLoggedOut; /** @var IUserStorage Session storage for current user */ diff --git a/tests/Security.DI/SecurityExtension.authenticator.phpt b/tests/Security.DI/SecurityExtension.authenticator.phpt index 5b506eef..8a26fb1b 100644 --- a/tests/Security.DI/SecurityExtension.authenticator.phpt +++ b/tests/Security.DI/SecurityExtension.authenticator.phpt @@ -4,11 +4,11 @@ * Test: SecurityExtension */ -use Nette\DI, - Nette\Bridges\HttpDI\HttpExtension, - Nette\Bridges\HttpDI\SessionExtension, - Nette\Bridges\SecurityDI\SecurityExtension, - Tester\Assert; +use Nette\DI; +use Nette\Bridges\HttpDI\HttpExtension; +use Nette\Bridges\HttpDI\SessionExtension; +use Nette\Bridges\SecurityDI\SecurityExtension; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; diff --git a/tests/Security.DI/SecurityExtension.user.phpt b/tests/Security.DI/SecurityExtension.user.phpt index 81ea057d..b24df3f7 100644 --- a/tests/Security.DI/SecurityExtension.user.phpt +++ b/tests/Security.DI/SecurityExtension.user.phpt @@ -4,11 +4,11 @@ * Test: SecurityExtension */ -use Nette\DI, - Nette\Bridges\HttpDI\HttpExtension, - Nette\Bridges\HttpDI\SessionExtension, - Nette\Bridges\SecurityDI\SecurityExtension, - Tester\Assert; +use Nette\DI; +use Nette\Bridges\HttpDI\HttpExtension; +use Nette\Bridges\HttpDI\SessionExtension; +use Nette\Bridges\SecurityDI\SecurityExtension; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; diff --git a/tests/Security/Identity.phpt b/tests/Security/Identity.phpt index af06419f..c93cca82 100644 --- a/tests/Security/Identity.phpt +++ b/tests/Security/Identity.phpt @@ -4,14 +4,14 @@ * Test: Nette\Security\Identity. */ -use Nette\Security\Identity, - Tester\Assert; +use Nette\Security\Identity; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; -test(function() { +test(function () { $id = new Identity(12, 'admin', ['name' => 'John']); Assert::same(12, $id->getId()); @@ -23,7 +23,7 @@ test(function() { }); -test(function() { +test(function () { $id = new Identity('12'); Assert::same(12, $id->getId()); diff --git a/tests/Security/MockUserStorage.php b/tests/Security/MockUserStorage.php index 4a9824c7..57dc6b97 100644 --- a/tests/Security/MockUserStorage.php +++ b/tests/Security/MockUserStorage.php @@ -26,9 +26,10 @@ function getIdentity() } function setExpiration($time, $flags = 0) - {} + { + } function getLogoutReason() - {} - + { + } } diff --git a/tests/Security/Passwords.hash().phpt b/tests/Security/Passwords.hash().phpt index 06613118..39aa92cd 100644 --- a/tests/Security/Passwords.hash().phpt +++ b/tests/Security/Passwords.hash().phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\Passwords::hash() */ -use Nette\Security\Passwords, - Tester\Assert; +use Nette\Security\Passwords; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -23,17 +23,17 @@ Assert::truthy( echo $h; $hash = Passwords::hash('dg'); -Assert::same( $hash, crypt('dg', $hash) ); +Assert::same($hash, crypt('dg', $hash)); -Assert::exception(function() { +Assert::exception(function () { Passwords::hash('dg', ['cost' => 3]); }, 'Nette\InvalidArgumentException', 'Cost must be in range 4-31, 3 given.'); -Assert::exception(function() { +Assert::exception(function () { Passwords::hash('dg', ['cost' => 32]); }, 'Nette\InvalidArgumentException', 'Cost must be in range 4-31, 32 given.'); -Assert::exception(function() { +Assert::exception(function () { Passwords::hash('dg', ['salt' => 'abc']); }, 'Nette\InvalidArgumentException', 'Salt must be 22 characters long, 3 given.'); diff --git a/tests/Security/Passwords.needsRehash().phpt b/tests/Security/Passwords.needsRehash().phpt index 8fdc1e79..4f3b9bc6 100644 --- a/tests/Security/Passwords.needsRehash().phpt +++ b/tests/Security/Passwords.needsRehash().phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\Passwords::needsRehash() */ -use Nette\Security\Passwords, - Tester\Assert; +use Nette\Security\Passwords; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; diff --git a/tests/Security/Passwords.verify().phpt b/tests/Security/Passwords.verify().phpt index 8994f10b..6ac54692 100644 --- a/tests/Security/Passwords.verify().phpt +++ b/tests/Security/Passwords.verify().phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\Passwords::verify() */ -use Nette\Security\Passwords, - Tester\Assert; +use Nette\Security\Passwords; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; diff --git a/tests/Security/Permission.CMSExample.phpt b/tests/Security/Permission.CMSExample.phpt index 97193d9f..19ac5ada 100644 --- a/tests/Security/Permission.CMSExample.phpt +++ b/tests/Security/Permission.CMSExample.phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\Permission Ensures that an example for a content management system is operable. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -31,45 +31,45 @@ $acl->allow('administrator'); // Access control checks based on above permission sets -Assert::true( $acl->isAllowed('guest', NULL, 'view') ); -Assert::false( $acl->isAllowed('guest', NULL, 'edit') ); -Assert::false( $acl->isAllowed('guest', NULL, 'submit') ); -Assert::false( $acl->isAllowed('guest', NULL, 'revise') ); -Assert::false( $acl->isAllowed('guest', NULL, 'publish') ); -Assert::false( $acl->isAllowed('guest', NULL, 'archive') ); -Assert::false( $acl->isAllowed('guest', NULL, 'delete') ); -Assert::false( $acl->isAllowed('guest', NULL, 'unknown') ); -Assert::false( $acl->isAllowed('guest') ); - -Assert::true( $acl->isAllowed('staff', NULL, 'view') ); -Assert::true( $acl->isAllowed('staff', NULL, 'edit') ); -Assert::true( $acl->isAllowed('staff', NULL, 'submit') ); -Assert::true( $acl->isAllowed('staff', NULL, 'revise') ); -Assert::false( $acl->isAllowed('staff', NULL, 'publish') ); -Assert::false( $acl->isAllowed('staff', NULL, 'archive') ); -Assert::false( $acl->isAllowed('staff', NULL, 'delete') ); -Assert::false( $acl->isAllowed('staff', NULL, 'unknown') ); -Assert::false( $acl->isAllowed('staff') ); - -Assert::true( $acl->isAllowed('editor', NULL, 'view') ); -Assert::true( $acl->isAllowed('editor', NULL, 'edit') ); -Assert::true( $acl->isAllowed('editor', NULL, 'submit') ); -Assert::true( $acl->isAllowed('editor', NULL, 'revise') ); -Assert::true( $acl->isAllowed('editor', NULL, 'publish') ); -Assert::true( $acl->isAllowed('editor', NULL, 'archive') ); -Assert::true( $acl->isAllowed('editor', NULL, 'delete') ); -Assert::false( $acl->isAllowed('editor', NULL, 'unknown') ); -Assert::false( $acl->isAllowed('editor') ); - -Assert::true( $acl->isAllowed('administrator', NULL, 'view') ); -Assert::true( $acl->isAllowed('administrator', NULL, 'edit') ); -Assert::true( $acl->isAllowed('administrator', NULL, 'submit') ); -Assert::true( $acl->isAllowed('administrator', NULL, 'revise') ); -Assert::true( $acl->isAllowed('administrator', NULL, 'publish') ); -Assert::true( $acl->isAllowed('administrator', NULL, 'archive') ); -Assert::true( $acl->isAllowed('administrator', NULL, 'delete') ); -Assert::true( $acl->isAllowed('administrator', NULL, 'unknown') ); -Assert::true( $acl->isAllowed('administrator') ); +Assert::true($acl->isAllowed('guest', NULL, 'view')); +Assert::false($acl->isAllowed('guest', NULL, 'edit')); +Assert::false($acl->isAllowed('guest', NULL, 'submit')); +Assert::false($acl->isAllowed('guest', NULL, 'revise')); +Assert::false($acl->isAllowed('guest', NULL, 'publish')); +Assert::false($acl->isAllowed('guest', NULL, 'archive')); +Assert::false($acl->isAllowed('guest', NULL, 'delete')); +Assert::false($acl->isAllowed('guest', NULL, 'unknown')); +Assert::false($acl->isAllowed('guest')); + +Assert::true($acl->isAllowed('staff', NULL, 'view')); +Assert::true($acl->isAllowed('staff', NULL, 'edit')); +Assert::true($acl->isAllowed('staff', NULL, 'submit')); +Assert::true($acl->isAllowed('staff', NULL, 'revise')); +Assert::false($acl->isAllowed('staff', NULL, 'publish')); +Assert::false($acl->isAllowed('staff', NULL, 'archive')); +Assert::false($acl->isAllowed('staff', NULL, 'delete')); +Assert::false($acl->isAllowed('staff', NULL, 'unknown')); +Assert::false($acl->isAllowed('staff')); + +Assert::true($acl->isAllowed('editor', NULL, 'view')); +Assert::true($acl->isAllowed('editor', NULL, 'edit')); +Assert::true($acl->isAllowed('editor', NULL, 'submit')); +Assert::true($acl->isAllowed('editor', NULL, 'revise')); +Assert::true($acl->isAllowed('editor', NULL, 'publish')); +Assert::true($acl->isAllowed('editor', NULL, 'archive')); +Assert::true($acl->isAllowed('editor', NULL, 'delete')); +Assert::false($acl->isAllowed('editor', NULL, 'unknown')); +Assert::false($acl->isAllowed('editor')); + +Assert::true($acl->isAllowed('administrator', NULL, 'view')); +Assert::true($acl->isAllowed('administrator', NULL, 'edit')); +Assert::true($acl->isAllowed('administrator', NULL, 'submit')); +Assert::true($acl->isAllowed('administrator', NULL, 'revise')); +Assert::true($acl->isAllowed('administrator', NULL, 'publish')); +Assert::true($acl->isAllowed('administrator', NULL, 'archive')); +Assert::true($acl->isAllowed('administrator', NULL, 'delete')); +Assert::true($acl->isAllowed('administrator', NULL, 'unknown')); +Assert::true($acl->isAllowed('administrator')); // Some checks on specific areas, which inherit access controls from the root ACL node $acl->addResource('newsletter'); @@ -78,14 +78,14 @@ $acl->addResource('gallery'); $acl->addResource('profiles', 'gallery'); $acl->addResource('config'); $acl->addResource('hosts', 'config'); -Assert::true( $acl->isAllowed('guest', 'pending', 'view') ); -Assert::true( $acl->isAllowed('staff', 'profiles', 'revise') ); -Assert::true( $acl->isAllowed('staff', 'pending', 'view') ); -Assert::true( $acl->isAllowed('staff', 'pending', 'edit') ); -Assert::false( $acl->isAllowed('staff', 'pending', 'publish') ); -Assert::false( $acl->isAllowed('staff', 'pending') ); -Assert::false( $acl->isAllowed('editor', 'hosts', 'unknown') ); -Assert::true( $acl->isAllowed('administrator', 'pending') ); +Assert::true($acl->isAllowed('guest', 'pending', 'view')); +Assert::true($acl->isAllowed('staff', 'profiles', 'revise')); +Assert::true($acl->isAllowed('staff', 'pending', 'view')); +Assert::true($acl->isAllowed('staff', 'pending', 'edit')); +Assert::false($acl->isAllowed('staff', 'pending', 'publish')); +Assert::false($acl->isAllowed('staff', 'pending')); +Assert::false($acl->isAllowed('editor', 'hosts', 'unknown')); +Assert::true($acl->isAllowed('administrator', 'pending')); // Add a new group, marketing, which bases its permissions on staff $acl->addRole('marketing', 'staff'); @@ -109,35 +109,35 @@ $acl->deny(NULL, 'announcement', 'archive'); // Access control checks for the above refined permission sets -Assert::true( $acl->isAllowed('marketing', NULL, 'view') ); -Assert::true( $acl->isAllowed('marketing', NULL, 'edit') ); -Assert::true( $acl->isAllowed('marketing', NULL, 'submit') ); -Assert::true( $acl->isAllowed('marketing', NULL, 'revise') ); -Assert::false( $acl->isAllowed('marketing', NULL, 'publish') ); -Assert::false( $acl->isAllowed('marketing', NULL, 'archive') ); -Assert::false( $acl->isAllowed('marketing', NULL, 'delete') ); -Assert::false( $acl->isAllowed('marketing', NULL, 'unknown') ); -Assert::false( $acl->isAllowed('marketing') ); - -Assert::true( $acl->isAllowed('marketing', 'newsletter', 'publish') ); -Assert::false( $acl->isAllowed('staff', 'pending', 'publish') ); -Assert::true( $acl->isAllowed('marketing', 'pending', 'publish') ); -Assert::true( $acl->isAllowed('marketing', 'newsletter', 'archive') ); -Assert::false( $acl->isAllowed('marketing', 'newsletter', 'delete') ); -Assert::false( $acl->isAllowed('marketing', 'newsletter') ); - -Assert::true( $acl->isAllowed('marketing', 'latest', 'publish') ); -Assert::true( $acl->isAllowed('marketing', 'latest', 'archive') ); -Assert::false( $acl->isAllowed('marketing', 'latest', 'delete') ); -Assert::false( $acl->isAllowed('marketing', 'latest', 'revise') ); -Assert::false( $acl->isAllowed('marketing', 'latest') ); - -Assert::false( $acl->isAllowed('marketing', 'announcement', 'archive') ); -Assert::false( $acl->isAllowed('staff', 'announcement', 'archive') ); -Assert::false( $acl->isAllowed('administrator', 'announcement', 'archive') ); - -Assert::false( $acl->isAllowed('staff', 'latest', 'publish') ); -Assert::false( $acl->isAllowed('editor', 'announcement', 'archive') ); +Assert::true($acl->isAllowed('marketing', NULL, 'view')); +Assert::true($acl->isAllowed('marketing', NULL, 'edit')); +Assert::true($acl->isAllowed('marketing', NULL, 'submit')); +Assert::true($acl->isAllowed('marketing', NULL, 'revise')); +Assert::false($acl->isAllowed('marketing', NULL, 'publish')); +Assert::false($acl->isAllowed('marketing', NULL, 'archive')); +Assert::false($acl->isAllowed('marketing', NULL, 'delete')); +Assert::false($acl->isAllowed('marketing', NULL, 'unknown')); +Assert::false($acl->isAllowed('marketing')); + +Assert::true($acl->isAllowed('marketing', 'newsletter', 'publish')); +Assert::false($acl->isAllowed('staff', 'pending', 'publish')); +Assert::true($acl->isAllowed('marketing', 'pending', 'publish')); +Assert::true($acl->isAllowed('marketing', 'newsletter', 'archive')); +Assert::false($acl->isAllowed('marketing', 'newsletter', 'delete')); +Assert::false($acl->isAllowed('marketing', 'newsletter')); + +Assert::true($acl->isAllowed('marketing', 'latest', 'publish')); +Assert::true($acl->isAllowed('marketing', 'latest', 'archive')); +Assert::false($acl->isAllowed('marketing', 'latest', 'delete')); +Assert::false($acl->isAllowed('marketing', 'latest', 'revise')); +Assert::false($acl->isAllowed('marketing', 'latest')); + +Assert::false($acl->isAllowed('marketing', 'announcement', 'archive')); +Assert::false($acl->isAllowed('staff', 'announcement', 'archive')); +Assert::false($acl->isAllowed('administrator', 'announcement', 'archive')); + +Assert::false($acl->isAllowed('staff', 'latest', 'publish')); +Assert::false($acl->isAllowed('editor', 'announcement', 'archive')); // Remove some previous permission specifications @@ -152,19 +152,19 @@ $acl->removeDeny('staff', 'latest', 'revise'); // Access control checks for the above refinements -Assert::false( $acl->isAllowed('marketing', 'newsletter', 'publish') ); -Assert::false( $acl->isAllowed('marketing', 'newsletter', 'archive') ); +Assert::false($acl->isAllowed('marketing', 'newsletter', 'publish')); +Assert::false($acl->isAllowed('marketing', 'newsletter', 'archive')); -Assert::false( $acl->isAllowed('marketing', 'latest', 'archive') ); +Assert::false($acl->isAllowed('marketing', 'latest', 'archive')); -Assert::true( $acl->isAllowed('staff', 'latest', 'revise') ); -Assert::true( $acl->isAllowed('marketing', 'latest', 'revise') ); +Assert::true($acl->isAllowed('staff', 'latest', 'revise')); +Assert::true($acl->isAllowed('marketing', 'latest', 'revise')); // Grant marketing all permissions on the latest news $acl->allow('marketing', 'latest'); // Access control checks for the above refinement -Assert::true( $acl->isAllowed('marketing', 'latest', 'archive') ); -Assert::true( $acl->isAllowed('marketing', 'latest', 'publish') ); -Assert::true( $acl->isAllowed('marketing', 'latest', 'edit') ); -Assert::true( $acl->isAllowed('marketing', 'latest') ); +Assert::true($acl->isAllowed('marketing', 'latest', 'archive')); +Assert::true($acl->isAllowed('marketing', 'latest', 'publish')); +Assert::true($acl->isAllowed('marketing', 'latest', 'edit')); +Assert::true($acl->isAllowed('marketing', 'latest')); diff --git a/tests/Security/Permission.DefaultAssert.phpt b/tests/Security/Permission.DefaultAssert.phpt index 97646b69..b0d3315e 100644 --- a/tests/Security/Permission.DefaultAssert.phpt +++ b/tests/Security/Permission.DefaultAssert.phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\Permission Ensures that the default rule obeys its assertion. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -19,4 +19,4 @@ function falseAssertion() $acl = new Permission; $acl->deny(NULL, NULL, NULL, 'falseAssertion'); -Assert::true( $acl->isAllowed(NULL, NULL, 'somePrivilege') ); +Assert::true($acl->isAllowed(NULL, NULL, 'somePrivilege')); diff --git a/tests/Security/Permission.DefaultDeny.phpt b/tests/Security/Permission.DefaultDeny.phpt index 31003737..2ac4a182 100644 --- a/tests/Security/Permission.DefaultDeny.phpt +++ b/tests/Security/Permission.DefaultDeny.phpt @@ -4,17 +4,17 @@ * Test: Nette\Security\Permission Ensures that by default denies access to everything by all. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; $acl = new Permission; -Assert::false( $acl->isAllowed() ); -Assert::false( $acl->isAllowed(NULL, NULL, 'somePrivilege') ); +Assert::false($acl->isAllowed()); +Assert::false($acl->isAllowed(NULL, NULL, 'somePrivilege')); $acl->addRole('guest'); -Assert::false( $acl->isAllowed('guest') ); -Assert::false( $acl->isAllowed('guest', NULL, 'somePrivilege') ); +Assert::false($acl->isAllowed('guest')); +Assert::false($acl->isAllowed('guest', NULL, 'somePrivilege')); diff --git a/tests/Security/Permission.DefaultRuleSet.phpt b/tests/Security/Permission.DefaultRuleSet.phpt index 6a2e612b..063218b1 100644 --- a/tests/Security/Permission.DefaultRuleSet.phpt +++ b/tests/Security/Permission.DefaultRuleSet.phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\Permission Ensures that ACL-wide rules (all Roles, Resources, and privileges) work properly. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -13,9 +13,9 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->allow(); -Assert::true( $acl->isAllowed() ); -Assert::true( $acl->isAllowed(NULL, NULL, 'somePrivilege') ); +Assert::true($acl->isAllowed()); +Assert::true($acl->isAllowed(NULL, NULL, 'somePrivilege')); $acl->deny(); -Assert::false( $acl->isAllowed() ); -Assert::false( $acl->isAllowed(NULL, NULL, 'somePrivilege') ); +Assert::false($acl->isAllowed()); +Assert::false($acl->isAllowed(NULL, NULL, 'somePrivilege')); diff --git a/tests/Security/Permission.IsAllowedNonExistent.phpt b/tests/Security/Permission.IsAllowedNonExistent.phpt index fd2b129f..e7f3b9f7 100644 --- a/tests/Security/Permission.IsAllowedNonExistent.phpt +++ b/tests/Security/Permission.IsAllowedNonExistent.phpt @@ -4,19 +4,19 @@ * Test: Nette\Security\Permission Ensures that an exception is thrown when a non-existent Role and Resource parameters are specified to isAllowed(). */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; -Assert::exception(function() { +Assert::exception(function () { $acl = new Permission; $acl->isAllowed('nonexistent'); }, 'Nette\InvalidStateException', "Role 'nonexistent' does not exist."); -Assert::exception(function() { +Assert::exception(function () { $acl = new Permission; $acl->isAllowed(NULL, 'nonexistent'); }, 'Nette\InvalidStateException', "Resource 'nonexistent' does not exist."); diff --git a/tests/Security/Permission.PrivilegeAllow.phpt b/tests/Security/Permission.PrivilegeAllow.phpt index f93bd1ca..a5dd2141 100644 --- a/tests/Security/Permission.PrivilegeAllow.phpt +++ b/tests/Security/Permission.PrivilegeAllow.phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\Permission Ensures that a privilege allowed for all Roles upon all Resources works properly. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -13,4 +13,4 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->allow(NULL, NULL, 'somePrivilege'); -Assert::true( $acl->isAllowed(NULL, NULL, 'somePrivilege') ); +Assert::true($acl->isAllowed(NULL, NULL, 'somePrivilege')); diff --git a/tests/Security/Permission.PrivilegeAssert.phpt b/tests/Security/Permission.PrivilegeAssert.phpt index 5a157bd6..557db609 100644 --- a/tests/Security/Permission.PrivilegeAssert.phpt +++ b/tests/Security/Permission.PrivilegeAssert.phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\Permission Ensures that assertions on privileges work properly. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -24,7 +24,7 @@ function trueAssertion() $acl = new Permission; $acl->allow(NULL, NULL, 'somePrivilege', 'trueAssertion'); -Assert::true( $acl->isAllowed(NULL, NULL, 'somePrivilege') ); +Assert::true($acl->isAllowed(NULL, NULL, 'somePrivilege')); $acl->allow(NULL, NULL, 'somePrivilege', 'falseAssertion'); -Assert::false( $acl->isAllowed(NULL, NULL, 'somePrivilege') ); +Assert::false($acl->isAllowed(NULL, NULL, 'somePrivilege')); diff --git a/tests/Security/Permission.PrivilegeDeny.phpt b/tests/Security/Permission.PrivilegeDeny.phpt index 9d82d8cc..01d59d92 100644 --- a/tests/Security/Permission.PrivilegeDeny.phpt +++ b/tests/Security/Permission.PrivilegeDeny.phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\Permission Ensures that a privilege denied for all Roles upon all Resources works properly. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -14,4 +14,4 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->allow(); $acl->deny(NULL, NULL, 'somePrivilege'); -Assert::false( $acl->isAllowed(NULL, NULL, 'somePrivilege') ); +Assert::false($acl->isAllowed(NULL, NULL, 'somePrivilege')); diff --git a/tests/Security/Permission.Privileges.phpt b/tests/Security/Permission.Privileges.phpt index 9291f876..0c95cbf4 100644 --- a/tests/Security/Permission.Privileges.phpt +++ b/tests/Security/Permission.Privileges.phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\Permission Ensures that multiple privileges work properly. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -13,12 +13,12 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->allow(NULL, NULL, ['p1', 'p2', 'p3']); -Assert::true( $acl->isAllowed(NULL, NULL, 'p1') ); -Assert::true( $acl->isAllowed(NULL, NULL, 'p2') ); -Assert::true( $acl->isAllowed(NULL, NULL, 'p3') ); -Assert::false( $acl->isAllowed(NULL, NULL, 'p4') ); +Assert::true($acl->isAllowed(NULL, NULL, 'p1')); +Assert::true($acl->isAllowed(NULL, NULL, 'p2')); +Assert::true($acl->isAllowed(NULL, NULL, 'p3')); +Assert::false($acl->isAllowed(NULL, NULL, 'p4')); $acl->deny(NULL, NULL, 'p1'); -Assert::false( $acl->isAllowed(NULL, NULL, 'p1') ); +Assert::false($acl->isAllowed(NULL, NULL, 'p1')); $acl->deny(NULL, NULL, ['p2', 'p3']); -Assert::false( $acl->isAllowed(NULL, NULL, 'p2') ); -Assert::false( $acl->isAllowed(NULL, NULL, 'p3') ); +Assert::false($acl->isAllowed(NULL, NULL, 'p2')); +Assert::false($acl->isAllowed(NULL, NULL, 'p3')); diff --git a/tests/Security/Permission.RemoveDefaultAllow.phpt b/tests/Security/Permission.RemoveDefaultAllow.phpt index 5745c4dc..975f04ab 100644 --- a/tests/Security/Permission.RemoveDefaultAllow.phpt +++ b/tests/Security/Permission.RemoveDefaultAllow.phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\Permission Ensures that removing the default allow rule results in default deny rule being assigned. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -13,6 +13,6 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->allow(); -Assert::true( $acl->isAllowed() ); +Assert::true($acl->isAllowed()); $acl->removeAllow(); -Assert::false( $acl->isAllowed() ); +Assert::false($acl->isAllowed()); diff --git a/tests/Security/Permission.RemoveDefaultAllowNonExistent.phpt b/tests/Security/Permission.RemoveDefaultAllowNonExistent.phpt index 21d0617d..72f58318 100644 --- a/tests/Security/Permission.RemoveDefaultAllowNonExistent.phpt +++ b/tests/Security/Permission.RemoveDefaultAllowNonExistent.phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\Permission Ensures that removing non-existent default allow rule does nothing. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -13,4 +13,4 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->removeAllow(); -Assert::false( $acl->isAllowed() ); +Assert::false($acl->isAllowed()); diff --git a/tests/Security/Permission.RemoveDefaultDeny.phpt b/tests/Security/Permission.RemoveDefaultDeny.phpt index 4a031214..291150b0 100644 --- a/tests/Security/Permission.RemoveDefaultDeny.phpt +++ b/tests/Security/Permission.RemoveDefaultDeny.phpt @@ -4,14 +4,14 @@ * Test: Nette\Security\Permission Ensures that removing the default deny rule results in default deny rule. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; $acl = new Permission; -Assert::false( $acl->isAllowed() ); +Assert::false($acl->isAllowed()); $acl->removeDeny(); -Assert::false( $acl->isAllowed() ); +Assert::false($acl->isAllowed()); diff --git a/tests/Security/Permission.RemoveDefaultDenyAssert.phpt b/tests/Security/Permission.RemoveDefaultDenyAssert.phpt index b8ecd180..4fd7fe45 100644 --- a/tests/Security/Permission.RemoveDefaultDenyAssert.phpt +++ b/tests/Security/Permission.RemoveDefaultDenyAssert.phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\Permission Ensures that removing the default deny rule results in assertion method being removed. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -19,6 +19,6 @@ function falseAssertion() $acl = new Permission; $acl->deny(NULL, NULL, NULL, 'falseAssertion'); -Assert::true( $acl->isAllowed() ); +Assert::true($acl->isAllowed()); $acl->removeDeny(); -Assert::false( $acl->isAllowed() ); +Assert::false($acl->isAllowed()); diff --git a/tests/Security/Permission.RemoveDefaultDenyNonExistent.phpt b/tests/Security/Permission.RemoveDefaultDenyNonExistent.phpt index 713d464a..76e88fcd 100644 --- a/tests/Security/Permission.RemoveDefaultDenyNonExistent.phpt +++ b/tests/Security/Permission.RemoveDefaultDenyNonExistent.phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\Permission Ensures that removing non-existent default deny rule does nothing. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -14,4 +14,4 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->allow(); $acl->removeDeny(); -Assert::true( $acl->isAllowed() ); +Assert::true($acl->isAllowed()); diff --git a/tests/Security/Permission.RemovingRoleAfterItWasAllowedAccessToAllResources.phpt b/tests/Security/Permission.RemovingRoleAfterItWasAllowedAccessToAllResources.phpt index d3ce326a..e5b5c1d4 100644 --- a/tests/Security/Permission.RemovingRoleAfterItWasAllowedAccessToAllResources.phpt +++ b/tests/Security/Permission.RemovingRoleAfterItWasAllowedAccessToAllResources.phpt @@ -5,8 +5,8 @@ * raise undefined index error. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -24,4 +24,4 @@ $acl->allow(NULL,'Test','xxx'); $acl->removeRole('test0'); // Check after fix -Assert::false( $acl->hasRole('test0') ); +Assert::false($acl->hasRole('test0')); diff --git a/tests/Security/Permission.ResourceAddAndGetOne.phpt b/tests/Security/Permission.ResourceAddAndGetOne.phpt index c34b6d93..92106ca6 100644 --- a/tests/Security/Permission.ResourceAddAndGetOne.phpt +++ b/tests/Security/Permission.ResourceAddAndGetOne.phpt @@ -4,18 +4,18 @@ * Test: Nette\Security\Permission Ensures that basic addition and retrieval of a single Resource works. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; $acl = new Permission; -Assert::false( $acl->hasResource('area') ); +Assert::false($acl->hasResource('area')); $acl->addResource('area'); -Assert::true( $acl->hasResource('area') ); +Assert::true($acl->hasResource('area')); $acl->removeResource('area'); -Assert::false( $acl->hasResource('area') ); +Assert::false($acl->hasResource('area')); diff --git a/tests/Security/Permission.ResourceAddInheritsNonExistent.phpt b/tests/Security/Permission.ResourceAddInheritsNonExistent.phpt index 1d599129..fc6836de 100644 --- a/tests/Security/Permission.ResourceAddInheritsNonExistent.phpt +++ b/tests/Security/Permission.ResourceAddInheritsNonExistent.phpt @@ -4,14 +4,14 @@ * Test: Nette\Security\Permission Ensures that an exception is thrown when a non-existent Resource is specified as a parent upon Resource addition. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; $acl = new Permission; -Assert::exception(function() use ($acl) { +Assert::exception(function () use ($acl) { $acl->addResource('area', 'nonexistent'); }, 'Nette\InvalidStateException', "Resource 'nonexistent' does not exist."); diff --git a/tests/Security/Permission.ResourceDuplicate.phpt b/tests/Security/Permission.ResourceDuplicate.phpt index ea92f2e1..7e071875 100644 --- a/tests/Security/Permission.ResourceDuplicate.phpt +++ b/tests/Security/Permission.ResourceDuplicate.phpt @@ -4,14 +4,14 @@ * Test: Nette\Security\Permission Ensures that the same Resource cannot be added more than once. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; -Assert::exception(function() { +Assert::exception(function () { $acl = new Permission; $acl->addResource('area'); $acl->addResource('area'); diff --git a/tests/Security/Permission.ResourceInherits.phpt b/tests/Security/Permission.ResourceInherits.phpt index c13abb05..ff3c431d 100644 --- a/tests/Security/Permission.ResourceInherits.phpt +++ b/tests/Security/Permission.ResourceInherits.phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\Permission Tests basic Resource inheritance. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -16,14 +16,14 @@ $acl->addResource('city'); $acl->addResource('building', 'city'); $acl->addResource('room', 'building'); -Assert::same( ['city', 'building', 'room'], $acl->getResources() ); -Assert::true( $acl->resourceInheritsFrom('building', 'city', TRUE) ); -Assert::true( $acl->resourceInheritsFrom('room', 'building', TRUE) ); -Assert::true( $acl->resourceInheritsFrom('room', 'city') ); -Assert::false( $acl->resourceInheritsFrom('room', 'city', TRUE) ); -Assert::false( $acl->resourceInheritsFrom('city', 'building') ); -Assert::false( $acl->resourceInheritsFrom('building', 'room') ); -Assert::false( $acl->resourceInheritsFrom('city', 'room') ); +Assert::same(['city', 'building', 'room'], $acl->getResources()); +Assert::true($acl->resourceInheritsFrom('building', 'city', TRUE)); +Assert::true($acl->resourceInheritsFrom('room', 'building', TRUE)); +Assert::true($acl->resourceInheritsFrom('room', 'city')); +Assert::false($acl->resourceInheritsFrom('room', 'city', TRUE)); +Assert::false($acl->resourceInheritsFrom('city', 'building')); +Assert::false($acl->resourceInheritsFrom('building', 'room')); +Assert::false($acl->resourceInheritsFrom('city', 'room')); $acl->removeResource('building'); -Assert::false( $acl->hasResource('room') ); +Assert::false($acl->hasResource('room')); diff --git a/tests/Security/Permission.ResourceInheritsNonExistent.phpt b/tests/Security/Permission.ResourceInheritsNonExistent.phpt index 1ae3545b..8e8569c6 100644 --- a/tests/Security/Permission.ResourceInheritsNonExistent.phpt +++ b/tests/Security/Permission.ResourceInheritsNonExistent.phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\Permission Ensures that an exception is thrown when a non-existent Resource is specified to each parameter of inherits(). */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -13,10 +13,10 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->addResource('area'); -Assert::exception(function() use ($acl) { +Assert::exception(function () use ($acl) { $acl->resourceInheritsFrom('nonexistent', 'area'); }, 'Nette\InvalidStateException', "Resource 'nonexistent' does not exist."); -Assert::exception(function() use ($acl) { +Assert::exception(function () use ($acl) { $acl->resourceInheritsFrom('area', 'nonexistent'); }, 'Nette\InvalidStateException', "Resource 'nonexistent' does not exist."); diff --git a/tests/Security/Permission.ResourceRemoveAll.phpt b/tests/Security/Permission.ResourceRemoveAll.phpt index 16401b61..15578931 100644 --- a/tests/Security/Permission.ResourceRemoveAll.phpt +++ b/tests/Security/Permission.ResourceRemoveAll.phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\Permission Ensures that removal of all Resources works. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -14,4 +14,4 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->addResource('area'); $acl->removeAllResources(); -Assert::false( $acl->hasResource('area') ); +Assert::false($acl->hasResource('area')); diff --git a/tests/Security/Permission.ResourceRemoveOneNonExistent.phpt b/tests/Security/Permission.ResourceRemoveOneNonExistent.phpt index 2819116a..ae996b31 100644 --- a/tests/Security/Permission.ResourceRemoveOneNonExistent.phpt +++ b/tests/Security/Permission.ResourceRemoveOneNonExistent.phpt @@ -4,14 +4,14 @@ * Test: Nette\Security\Permission Ensures that an exception is thrown when a non-existent Resource is specified for removal. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; $acl = new Permission; -Assert::exception(function() use ($acl) { +Assert::exception(function () use ($acl) { $acl->removeResource('nonexistent'); }, 'Nette\InvalidStateException', "Resource 'nonexistent' does not exist."); diff --git a/tests/Security/Permission.RoleDefaultAllowRuleWithPrivilegeDenyRule.phpt b/tests/Security/Permission.RoleDefaultAllowRuleWithPrivilegeDenyRule.phpt index 56a60006..7658cdb4 100644 --- a/tests/Security/Permission.RoleDefaultAllowRuleWithPrivilegeDenyRule.phpt +++ b/tests/Security/Permission.RoleDefaultAllowRuleWithPrivilegeDenyRule.phpt @@ -5,8 +5,8 @@ * rule on the entire ACL. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -18,4 +18,4 @@ $acl->addRole('staff', 'guest'); $acl->deny(); $acl->allow('staff'); $acl->deny('staff', NULL, ['privilege1', 'privilege2']); -Assert::false( $acl->isAllowed('staff', NULL, 'privilege1') ); +Assert::false($acl->isAllowed('staff', NULL, 'privilege1')); diff --git a/tests/Security/Permission.RoleDefaultAllowRuleWithResourceDenyRule.phpt b/tests/Security/Permission.RoleDefaultAllowRuleWithResourceDenyRule.phpt index 4a8a446e..f28e715b 100644 --- a/tests/Security/Permission.RoleDefaultAllowRuleWithResourceDenyRule.phpt +++ b/tests/Security/Permission.RoleDefaultAllowRuleWithResourceDenyRule.phpt @@ -2,11 +2,11 @@ /** * Test: Nette\Security\Permission Ensures that for a particular Role, a deny rule on a specific Resource is honored before an allow rule -* on the entire ACL. + * on the entire ACL. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -20,4 +20,4 @@ $acl->addResource('area2'); $acl->deny(); $acl->allow('staff'); $acl->deny('staff', ['area1', 'area2']); -Assert::false( $acl->isAllowed('staff', 'area1') ); +Assert::false($acl->isAllowed('staff', 'area1')); diff --git a/tests/Security/Permission.RoleDefaultRuleSet.phpt b/tests/Security/Permission.RoleDefaultRuleSet.phpt index bc84c751..05fe4234 100644 --- a/tests/Security/Permission.RoleDefaultRuleSet.phpt +++ b/tests/Security/Permission.RoleDefaultRuleSet.phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\Permission Ensures that ACL-wide rules (all Resources and privileges) work properly for a particular Role. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -14,6 +14,6 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->addRole('guest'); $acl->allow('guest'); -Assert::true( $acl->isAllowed('guest') ); +Assert::true($acl->isAllowed('guest')); $acl->deny('guest'); -Assert::false( $acl->isAllowed('guest') ); +Assert::false($acl->isAllowed('guest')); diff --git a/tests/Security/Permission.RoleDefaultRuleSetPrivilege.phpt b/tests/Security/Permission.RoleDefaultRuleSetPrivilege.phpt index fc1c39e5..2e49c9e1 100644 --- a/tests/Security/Permission.RoleDefaultRuleSetPrivilege.phpt +++ b/tests/Security/Permission.RoleDefaultRuleSetPrivilege.phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\Permission Ensures that ACL-wide rules apply to privileges for a particular Role. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -14,6 +14,6 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->addRole('guest'); $acl->allow('guest'); -Assert::true( $acl->isAllowed('guest', NULL, 'somePrivilege') ); +Assert::true($acl->isAllowed('guest', NULL, 'somePrivilege')); $acl->deny('guest'); -Assert::false( $acl->isAllowed('guest', NULL, 'somePrivilege') ); +Assert::false($acl->isAllowed('guest', NULL, 'somePrivilege')); diff --git a/tests/Security/Permission.RolePrivilegeAllow.phpt b/tests/Security/Permission.RolePrivilegeAllow.phpt index a1602693..61bcc179 100644 --- a/tests/Security/Permission.RolePrivilegeAllow.phpt +++ b/tests/Security/Permission.RolePrivilegeAllow.phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\Permission Ensures that a privilege allowed for a particular Role upon all Resources works properly. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -14,4 +14,4 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->addRole('guest'); $acl->allow('guest', NULL, 'somePrivilege'); -Assert::true( $acl->isAllowed('guest', NULL, 'somePrivilege') ); +Assert::true($acl->isAllowed('guest', NULL, 'somePrivilege')); diff --git a/tests/Security/Permission.RolePrivilegeAssert.phpt b/tests/Security/Permission.RolePrivilegeAssert.phpt index 0751f135..0b31e0f2 100644 --- a/tests/Security/Permission.RolePrivilegeAssert.phpt +++ b/tests/Security/Permission.RolePrivilegeAssert.phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\Permission Ensures that assertions on privileges work properly for a particular Role. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -25,6 +25,6 @@ function trueAssertion() $acl = new Permission; $acl->addRole('guest'); $acl->allow('guest', NULL, 'somePrivilege', 'trueAssertion'); -Assert::true( $acl->isAllowed('guest', NULL, 'somePrivilege') ); +Assert::true($acl->isAllowed('guest', NULL, 'somePrivilege')); $acl->allow('guest', NULL, 'somePrivilege', 'falseAssertion'); -Assert::false( $acl->isAllowed('guest', NULL, 'somePrivilege') ); +Assert::false($acl->isAllowed('guest', NULL, 'somePrivilege')); diff --git a/tests/Security/Permission.RolePrivilegeDeny.phpt b/tests/Security/Permission.RolePrivilegeDeny.phpt index 06a91395..03988147 100644 --- a/tests/Security/Permission.RolePrivilegeDeny.phpt +++ b/tests/Security/Permission.RolePrivilegeDeny.phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\Permission Ensures that a privilege denied for a particular Role upon all Resources works properly. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -15,4 +15,4 @@ $acl = new Permission; $acl->addRole('guest'); $acl->allow('guest'); $acl->deny('guest', NULL, 'somePrivilege'); -Assert::false( $acl->isAllowed('guest', NULL, 'somePrivilege') ); +Assert::false($acl->isAllowed('guest', NULL, 'somePrivilege')); diff --git a/tests/Security/Permission.RolePrivileges.phpt b/tests/Security/Permission.RolePrivileges.phpt index af45af8b..0dca08a1 100644 --- a/tests/Security/Permission.RolePrivileges.phpt +++ b/tests/Security/Permission.RolePrivileges.phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\Permission Ensures that multiple privileges work properly for a particular Role. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -14,12 +14,12 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->addRole('guest'); $acl->allow('guest', NULL, ['p1', 'p2', 'p3']); -Assert::true( $acl->isAllowed('guest', NULL, 'p1') ); -Assert::true( $acl->isAllowed('guest', NULL, 'p2') ); -Assert::true( $acl->isAllowed('guest', NULL, 'p3') ); -Assert::false( $acl->isAllowed('guest', NULL, 'p4') ); +Assert::true($acl->isAllowed('guest', NULL, 'p1')); +Assert::true($acl->isAllowed('guest', NULL, 'p2')); +Assert::true($acl->isAllowed('guest', NULL, 'p3')); +Assert::false($acl->isAllowed('guest', NULL, 'p4')); $acl->deny('guest', NULL, 'p1'); -Assert::false( $acl->isAllowed('guest', NULL, 'p1') ); +Assert::false($acl->isAllowed('guest', NULL, 'p1')); $acl->deny('guest', NULL, ['p2', 'p3']); -Assert::false( $acl->isAllowed('guest', NULL, 'p2') ); -Assert::false( $acl->isAllowed('guest', NULL, 'p3') ); +Assert::false($acl->isAllowed('guest', NULL, 'p2')); +Assert::false($acl->isAllowed('guest', NULL, 'p3')); diff --git a/tests/Security/Permission.RoleRegistryAddAndGetOne.phpt b/tests/Security/Permission.RoleRegistryAddAndGetOne.phpt index c7617fc5..82f5f03a 100644 --- a/tests/Security/Permission.RoleRegistryAddAndGetOne.phpt +++ b/tests/Security/Permission.RoleRegistryAddAndGetOne.phpt @@ -4,18 +4,18 @@ * Test: Nette\Security\Permission Ensures that basic addition and retrieval of a single Role works. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; $acl = new Permission; -Assert::false( $acl->hasRole('guest') ); +Assert::false($acl->hasRole('guest')); $acl->addRole('guest'); -Assert::true( $acl->hasRole('guest') ); +Assert::true($acl->hasRole('guest')); $acl->removeRole('guest'); -Assert::false( $acl->hasRole('guest') ); +Assert::false($acl->hasRole('guest')); diff --git a/tests/Security/Permission.RoleRegistryAddInheritsNonExistent.phpt b/tests/Security/Permission.RoleRegistryAddInheritsNonExistent.phpt index 928a54e0..974ca66b 100644 --- a/tests/Security/Permission.RoleRegistryAddInheritsNonExistent.phpt +++ b/tests/Security/Permission.RoleRegistryAddInheritsNonExistent.phpt @@ -4,14 +4,14 @@ * Test: Nette\Security\Permission Ensures that an exception is thrown when a non-existent Role is specified as a parent upon Role addition. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; $acl = new Permission; -Assert::exception(function() use ($acl) { +Assert::exception(function () use ($acl) { $acl->addRole('guest', 'nonexistent'); }, 'Nette\InvalidStateException', "Role 'nonexistent' does not exist."); diff --git a/tests/Security/Permission.RoleRegistryDuplicate.phpt b/tests/Security/Permission.RoleRegistryDuplicate.phpt index 97adde8c..621f66f0 100644 --- a/tests/Security/Permission.RoleRegistryDuplicate.phpt +++ b/tests/Security/Permission.RoleRegistryDuplicate.phpt @@ -4,15 +4,15 @@ * Test: Nette\Security\Permission Ensures that the same Role cannot be registered more than once to the registry. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; $acl = new Permission; -Assert::exception(function() use ($acl) { +Assert::exception(function () use ($acl) { $acl->addRole('guest'); $acl->addRole('guest'); }, 'Nette\InvalidStateException', "Role 'guest' already exists in the list."); diff --git a/tests/Security/Permission.RoleRegistryInherits.phpt b/tests/Security/Permission.RoleRegistryInherits.phpt index 01fbf927..1e2ae6c7 100644 --- a/tests/Security/Permission.RoleRegistryInherits.phpt +++ b/tests/Security/Permission.RoleRegistryInherits.phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\Permission Tests basic Role inheritance. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -15,20 +15,20 @@ $acl = new Permission; $acl->addRole('guest'); $acl->addRole('member', 'guest'); $acl->addRole('editor', 'member'); -Assert::same( ['guest', 'member', 'editor'], $acl->getRoles() ); -Assert::same( [], $acl->getRoleParents('guest') ); -Assert::same( ['guest'], $acl->getRoleParents('member') ); -Assert::same( ['member'], $acl->getRoleParents('editor') ); +Assert::same(['guest', 'member', 'editor'], $acl->getRoles()); +Assert::same([], $acl->getRoleParents('guest')); +Assert::same(['guest'], $acl->getRoleParents('member')); +Assert::same(['member'], $acl->getRoleParents('editor')); -Assert::true( $acl->roleInheritsFrom('member', 'guest', TRUE) ); -Assert::true( $acl->roleInheritsFrom('editor', 'member', TRUE) ); -Assert::true( $acl->roleInheritsFrom('editor', 'guest') ); -Assert::false( $acl->roleInheritsFrom('editor', 'guest', TRUE) ); -Assert::false( $acl->roleInheritsFrom('guest', 'member') ); -Assert::false( $acl->roleInheritsFrom('member', 'editor') ); -Assert::false( $acl->roleInheritsFrom('guest', 'editor') ); +Assert::true($acl->roleInheritsFrom('member', 'guest', TRUE)); +Assert::true($acl->roleInheritsFrom('editor', 'member', TRUE)); +Assert::true($acl->roleInheritsFrom('editor', 'guest')); +Assert::false($acl->roleInheritsFrom('editor', 'guest', TRUE)); +Assert::false($acl->roleInheritsFrom('guest', 'member')); +Assert::false($acl->roleInheritsFrom('member', 'editor')); +Assert::false($acl->roleInheritsFrom('guest', 'editor')); $acl->removeRole('member'); -Assert::same( [], $acl->getRoleParents('editor') ); -Assert::false( $acl->roleInheritsFrom('editor', 'guest') ); +Assert::same([], $acl->getRoleParents('editor')); +Assert::false($acl->roleInheritsFrom('editor', 'guest')); diff --git a/tests/Security/Permission.RoleRegistryInheritsMultiple.phpt b/tests/Security/Permission.RoleRegistryInheritsMultiple.phpt index 7bd182ca..c4e8a407 100644 --- a/tests/Security/Permission.RoleRegistryInheritsMultiple.phpt +++ b/tests/Security/Permission.RoleRegistryInheritsMultiple.phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\Permission Tests basic Role multiple inheritance. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -16,15 +16,15 @@ $acl->addRole('parent1'); $acl->addRole('parent2'); $acl->addRole('child', ['parent1', 'parent2']); -Assert::same( [ +Assert::same([ 'parent1', 'parent2', -], $acl->getRoleParents('child') ); +], $acl->getRoleParents('child')); -Assert::true( $acl->roleInheritsFrom('child', 'parent1') ); -Assert::true( $acl->roleInheritsFrom('child', 'parent2') ); +Assert::true($acl->roleInheritsFrom('child', 'parent1')); +Assert::true($acl->roleInheritsFrom('child', 'parent2')); $acl->removeRole('parent1'); -Assert::same( ['parent2'], $acl->getRoleParents('child') ); -Assert::true( $acl->roleInheritsFrom('child', 'parent2') ); +Assert::same(['parent2'], $acl->getRoleParents('child')); +Assert::true($acl->roleInheritsFrom('child', 'parent2')); diff --git a/tests/Security/Permission.RoleRegistryInheritsNonExistent.phpt b/tests/Security/Permission.RoleRegistryInheritsNonExistent.phpt index 462f980c..765196cb 100644 --- a/tests/Security/Permission.RoleRegistryInheritsNonExistent.phpt +++ b/tests/Security/Permission.RoleRegistryInheritsNonExistent.phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\Permission Ensures that an exception is thrown when a non-existent Role is specified to each parameter of inherits(). */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -13,10 +13,10 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->addRole('guest'); -Assert::exception(function() use ($acl) { +Assert::exception(function () use ($acl) { $acl->roleInheritsFrom('nonexistent', 'guest'); }, 'Nette\InvalidStateException', "Role 'nonexistent' does not exist."); -Assert::exception(function() use ($acl) { +Assert::exception(function () use ($acl) { $acl->roleInheritsFrom('guest', 'nonexistent'); }, 'Nette\InvalidStateException', "Role 'nonexistent' does not exist."); diff --git a/tests/Security/Permission.RoleRegistryRemoveAll.phpt b/tests/Security/Permission.RoleRegistryRemoveAll.phpt index 9fbc25af..d7334f94 100644 --- a/tests/Security/Permission.RoleRegistryRemoveAll.phpt +++ b/tests/Security/Permission.RoleRegistryRemoveAll.phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\Permission Ensures that removal of all Roles works. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -14,4 +14,4 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->addRole('guest'); $acl->removeAllRoles(); -Assert::false( $acl->hasRole('guest') ); +Assert::false($acl->hasRole('guest')); diff --git a/tests/Security/Permission.RoleRegistryRemoveOneNonExistent.phpt b/tests/Security/Permission.RoleRegistryRemoveOneNonExistent.phpt index a232ba27..0ecc4207 100644 --- a/tests/Security/Permission.RoleRegistryRemoveOneNonExistent.phpt +++ b/tests/Security/Permission.RoleRegistryRemoveOneNonExistent.phpt @@ -4,14 +4,14 @@ * Test: Nette\Security\Permission Ensures that an exception is thrown when a non-existent Role is specified for removal. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; $acl = new Permission; -Assert::exception(function() use ($acl) { +Assert::exception(function () use ($acl) { $acl->removeRole('nonexistent'); }, 'Nette\InvalidStateException', "Role 'nonexistent' does not exist."); diff --git a/tests/Security/Permission.RuleRoleRemove.phpt b/tests/Security/Permission.RuleRoleRemove.phpt index 26ecb1cd..466a1312 100644 --- a/tests/Security/Permission.RuleRoleRemove.phpt +++ b/tests/Security/Permission.RuleRoleRemove.phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\Permission Ensures that removal of a Role results in its rules being removed. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -14,11 +14,11 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->addRole('guest'); $acl->allow('guest'); -Assert::true( $acl->isAllowed('guest') ); +Assert::true($acl->isAllowed('guest')); $acl->removeRole('guest'); -Assert::exception(function() use ($acl) { +Assert::exception(function () use ($acl) { $acl->isAllowed('guest'); }, 'Nette\InvalidStateException', "Role 'guest' does not exist."); $acl->addRole('guest'); -Assert::false( $acl->isAllowed('guest') ); +Assert::false($acl->isAllowed('guest')); diff --git a/tests/Security/Permission.RuleRoleRemoveAll.phpt b/tests/Security/Permission.RuleRoleRemoveAll.phpt index 00719d58..9b428477 100644 --- a/tests/Security/Permission.RuleRoleRemoveAll.phpt +++ b/tests/Security/Permission.RuleRoleRemoveAll.phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\Permission Ensures that removal of all Roles results in Role-specific rules being removed. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -14,11 +14,11 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->addRole('guest'); $acl->allow('guest'); -Assert::true( $acl->isAllowed('guest') ); +Assert::true($acl->isAllowed('guest')); $acl->removeAllRoles(); -Assert::exception(function() use ($acl) { +Assert::exception(function () use ($acl) { $acl->isAllowed('guest'); }, 'Nette\InvalidStateException', "Role 'guest' does not exist."); $acl->addRole('guest'); -Assert::false( $acl->isAllowed('guest') ); +Assert::false($acl->isAllowed('guest')); diff --git a/tests/Security/Permission.RulesRemove.phpt b/tests/Security/Permission.RulesRemove.phpt index 2d0e0f65..d5119200 100644 --- a/tests/Security/Permission.RulesRemove.phpt +++ b/tests/Security/Permission.RulesRemove.phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\Permission Ensure that basic rule removal works. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -13,9 +13,9 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->allow(NULL, NULL, ['privilege1', 'privilege2']); -Assert::false( $acl->isAllowed() ); -Assert::true( $acl->isAllowed(NULL, NULL, 'privilege1') ); -Assert::true( $acl->isAllowed(NULL, NULL, 'privilege2') ); +Assert::false($acl->isAllowed()); +Assert::true($acl->isAllowed(NULL, NULL, 'privilege1')); +Assert::true($acl->isAllowed(NULL, NULL, 'privilege2')); $acl->removeAllow(NULL, NULL, 'privilege1'); -Assert::false( $acl->isAllowed(NULL, NULL, 'privilege1') ); -Assert::true( $acl->isAllowed(NULL, NULL, 'privilege2') ); +Assert::false($acl->isAllowed(NULL, NULL, 'privilege1')); +Assert::true($acl->isAllowed(NULL, NULL, 'privilege2')); diff --git a/tests/Security/Permission.RulesResourceRemove.phpt b/tests/Security/Permission.RulesResourceRemove.phpt index 078ded22..560cd9db 100644 --- a/tests/Security/Permission.RulesResourceRemove.phpt +++ b/tests/Security/Permission.RulesResourceRemove.phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\Permission Ensures that removal of a Resource results in its rules being removed. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -14,11 +14,11 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->addResource('area'); $acl->allow(NULL, 'area'); -Assert::true( $acl->isAllowed(NULL, 'area') ); +Assert::true($acl->isAllowed(NULL, 'area')); $acl->removeResource('area'); -Assert::exception(function() use ($acl) { +Assert::exception(function () use ($acl) { $acl->isAllowed(NULL, 'area'); }, 'Nette\InvalidStateException', "Resource 'area' does not exist."); $acl->addResource('area'); -Assert::false( $acl->isAllowed(NULL, 'area') ); +Assert::false($acl->isAllowed(NULL, 'area')); diff --git a/tests/Security/Permission.RulesResourceRemoveAll.phpt b/tests/Security/Permission.RulesResourceRemoveAll.phpt index c11b4c6b..a1b7bc6b 100644 --- a/tests/Security/Permission.RulesResourceRemoveAll.phpt +++ b/tests/Security/Permission.RulesResourceRemoveAll.phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\Permission Ensures that removal of all Resources results in Resource-specific rules being removed. */ -use Nette\Security\Permission, - Tester\Assert; +use Nette\Security\Permission; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -14,11 +14,11 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; $acl->addResource('area'); $acl->allow(NULL, 'area'); -Assert::true( $acl->isAllowed(NULL, 'area') ); +Assert::true($acl->isAllowed(NULL, 'area')); $acl->removeAllResources(); -Assert::exception(function() use ($acl) { +Assert::exception(function () use ($acl) { $acl->isAllowed(NULL, 'area'); }, 'Nette\InvalidStateException', "Resource 'area' does not exist."); $acl->addResource('area'); -Assert::false( $acl->isAllowed(NULL, 'area') ); +Assert::false($acl->isAllowed(NULL, 'area')); diff --git a/tests/Security/SimpleAuthenticator.Roles.phpt b/tests/Security/SimpleAuthenticator.Roles.phpt index db07facc..19108993 100644 --- a/tests/Security/SimpleAuthenticator.Roles.phpt +++ b/tests/Security/SimpleAuthenticator.Roles.phpt @@ -4,26 +4,26 @@ * Test: Nette\Security\SimpleAuthenticator and roles */ -use Nette\Security\SimpleAuthenticator, - Tester\Assert; +use Nette\Security\SimpleAuthenticator; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; $users = [ - 'john' => 'john123', + 'john' => 'john123', 'admin' => 'admin123', - 'user' => 'user123', + 'user' => 'user123', ]; $usersRoles = [ 'admin' => ['admin', 'user'], - 'user' => 'user', + 'user' => 'user', ]; $expectedRoles = [ 'admin' => ['admin', 'user'], - 'user' => ['user'], - 'john' => [], + 'user' => ['user'], + 'john' => [], ]; $authenticator = new SimpleAuthenticator($users, $usersRoles); diff --git a/tests/Security/SimpleAuthenticator.phpt b/tests/Security/SimpleAuthenticator.phpt index f00bdda3..993c6bb3 100644 --- a/tests/Security/SimpleAuthenticator.phpt +++ b/tests/Security/SimpleAuthenticator.phpt @@ -4,8 +4,8 @@ * Test: Nette\Security\SimpleAuthenticator */ -use Nette\Security\SimpleAuthenticator, - Tester\Assert; +use Nette\Security\SimpleAuthenticator; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -19,17 +19,17 @@ $users = [ $authenticator = new SimpleAuthenticator($users); $identity = $authenticator->authenticate(['john', 'password123!']); -Assert::type( 'Nette\Security\IIdentity', $identity ); +Assert::type('Nette\Security\IIdentity', $identity); Assert::equal('john', $identity->getId()); $identity = $authenticator->authenticate(['admin', 'admin']); -Assert::type( 'Nette\Security\IIdentity', $identity ); +Assert::type('Nette\Security\IIdentity', $identity); Assert::equal('admin', $identity->getId()); -Assert::exception(function() use ($authenticator) { +Assert::exception(function () use ($authenticator) { $authenticator->authenticate(['admin', 'wrong password']); }, 'Nette\Security\AuthenticationException', 'Invalid password.'); -Assert::exception(function() use ($authenticator) { +Assert::exception(function () use ($authenticator) { $authenticator->authenticate(['nobody', 'password']); }, 'Nette\Security\AuthenticationException', "User 'nobody' not found."); diff --git a/tests/Security/User.authentication.phpt b/tests/Security/User.authentication.phpt index 3cf21c33..ca534907 100644 --- a/tests/Security/User.authentication.phpt +++ b/tests/Security/User.authentication.phpt @@ -4,9 +4,9 @@ * Test: Nette\Security\User authentication. */ -use Nette\Security\IAuthenticator, - Nette\Security\Identity, - Tester\Assert; +use Nette\Security\IAuthenticator; +use Nette\Security\Identity; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -57,13 +57,13 @@ $user->onLoggedOut[] = function () use ($counter) { }; -Assert::false( $user->isLoggedIn() ); -Assert::null( $user->getIdentity() ); -Assert::null( $user->getId() ); +Assert::false($user->isLoggedIn()); +Assert::null($user->getIdentity()); +Assert::null($user->getId()); // authenticate -Assert::exception(function() use ($user) { +Assert::exception(function () use ($user) { // login without handler $user->login('jane', ''); }, 'Nette\InvalidStateException', 'Authenticator has not been set.'); @@ -71,51 +71,51 @@ Assert::exception(function() use ($user) { $handler = new Authenticator; $user->setAuthenticator($handler); -Assert::exception(function() use ($user) { +Assert::exception(function () use ($user) { // login as jane $user->login('jane', ''); }, 'Nette\Security\AuthenticationException', 'Unknown user'); -Assert::exception(function() use ($user) { +Assert::exception(function () use ($user) { // login as john $user->login('john', ''); }, 'Nette\Security\AuthenticationException', 'Password not match'); // login as john#2 $user->login('john', 'xxx'); -Assert::same( 1, $counter->login ); -Assert::true( $user->isLoggedIn() ); -Assert::equal( new Identity('John Doe', 'admin'), $user->getIdentity() ); -Assert::same( 'John Doe', $user->getId() ); +Assert::same(1, $counter->login); +Assert::true($user->isLoggedIn()); +Assert::equal(new Identity('John Doe', 'admin'), $user->getIdentity()); +Assert::same('John Doe', $user->getId()); // login as john#3 $user->logout(TRUE); -Assert::same( 1, $counter->logout ); -$user->login( new Identity('John Doe', 'admin') ); -Assert::same( 2, $counter->login ); -Assert::true( $user->isLoggedIn() ); -Assert::equal( new Identity('John Doe', 'admin'), $user->getIdentity() ); +Assert::same(1, $counter->logout); +$user->login(new Identity('John Doe', 'admin')); +Assert::same(2, $counter->login); +Assert::true($user->isLoggedIn()); +Assert::equal(new Identity('John Doe', 'admin'), $user->getIdentity()); // log out // logging out... $user->logout(FALSE); -Assert::same( 2, $counter->logout ); +Assert::same(2, $counter->logout); -Assert::false( $user->isLoggedIn() ); -Assert::equal( new Identity('John Doe', 'admin'), $user->getIdentity() ); +Assert::false($user->isLoggedIn()); +Assert::equal(new Identity('John Doe', 'admin'), $user->getIdentity()); // logging out and clearing identity... $user->logout(TRUE); -Assert::same( 2, $counter->logout ); // not logged in -> logout event not triggered +Assert::same(2, $counter->logout); // not logged in -> logout event not triggered -Assert::false( $user->isLoggedIn() ); -Assert::null( $user->getIdentity() ); +Assert::false($user->isLoggedIn()); +Assert::null($user->getIdentity()); // namespace // login as john#2? $user->login('john', 'xxx'); -Assert::same( 3, $counter->login ); -Assert::true( $user->isLoggedIn() ); +Assert::same(3, $counter->login); +Assert::true($user->isLoggedIn()); diff --git a/tests/Security/User.authorization.phpt b/tests/Security/User.authorization.phpt index 6630ac82..806f7945 100644 --- a/tests/Security/User.authorization.phpt +++ b/tests/Security/User.authorization.phpt @@ -4,10 +4,10 @@ * Test: Nette\Security\User authorization. */ -use Nette\Security\IAuthenticator, - Nette\Security\Identity, - Nette\Security\IAuthorizator, - Tester\Assert; +use Nette\Security\IAuthenticator; +use Nette\Security\Identity; +use Nette\Security\IAuthorizator; +use Tester\Assert; require __DIR__ . '/../bootstrap.php'; @@ -62,12 +62,12 @@ class Authorizator implements IAuthorizator $user = new Nette\Security\User(new MockUserStorage); // guest -Assert::false( $user->isLoggedIn() ); +Assert::false($user->isLoggedIn()); -Assert::same( ['guest'], $user->getRoles() ); -Assert::false( $user->isInRole('admin') ); -Assert::true( $user->isInRole('guest') ); +Assert::same(['guest'], $user->getRoles()); +Assert::false($user->isInRole('admin')); +Assert::true($user->isInRole('guest')); // authenticated @@ -77,26 +77,26 @@ $user->setAuthenticator($handler); // login as john $user->login('john', 'xxx'); -Assert::true( $user->isLoggedIn() ); -Assert::same( ['admin'], $user->getRoles() ); -Assert::true( $user->isInRole('admin') ); -Assert::false( $user->isInRole('guest') ); +Assert::true($user->isLoggedIn()); +Assert::same(['admin'], $user->getRoles()); +Assert::true($user->isInRole('admin')); +Assert::false($user->isInRole('guest')); // authorization -Assert::exception(function() use ($user) { +Assert::exception(function () use ($user) { $user->isAllowed('delete_file'); }, 'Nette\InvalidStateException', 'Authorizator has not been set.'); $handler = new Authorizator; $user->setAuthorizator($handler); -Assert::true( $user->isAllowed('delete_file') ); -Assert::false( $user->isAllowed('sleep_with_jany') ); +Assert::true($user->isAllowed('delete_file')); +Assert::false($user->isAllowed('sleep_with_jany')); // log out // logging out... $user->logout(FALSE); -Assert::false( $user->isAllowed('delete_file') ); +Assert::false($user->isAllowed('delete_file')); From 9bab420b89c341c5787e29664cf153e28d88a9b4 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Sat, 20 Jun 2015 16:14:44 +0200 Subject: [PATCH 12/36] readme.md: added badges --- readme.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/readme.md b/readme.md index 42db1523..48e53c5f 100644 --- a/readme.md +++ b/readme.md @@ -3,6 +3,8 @@ Nette Security: Access Control [![Downloads this Month](https://img.shields.io/packagist/dm/nette/security.svg)](https://packagist.org/packages/nette/security) [![Build Status](https://travis-ci.org/nette/security.svg?branch=master)](https://travis-ci.org/nette/security) +[![Latest Stable Version](https://poser.pugx.org/nette/security/v/stable)](https://github.com/nette/security/releases) +[![License](https://img.shields.io/badge/license-New%20BSD-blue.svg)](https://github.com/nette/security/blob/master/license.md) - user login and logout - verifying user privileges From 0c6f8d2f0f1b13c492b4668dc270400709440cbf Mon Sep 17 00:00:00 2001 From: David Grudl Date: Sun, 21 Jun 2015 17:25:56 +0200 Subject: [PATCH 13/36] travis: testing with lowest dependencies --- .travis.yml | 6 +++++- composer.json | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 2cc77a11..87920592 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,6 +11,10 @@ matrix: - php: 7.0 - php: hhvm + include: + - php: 5.6 + env: dependencies="--prefer-lowest --prefer-stable" + script: - vendor/bin/tester tests -s -p php - php temp/code-checker/src/code-checker.php --short-arrays @@ -21,5 +25,5 @@ after_failure: before_script: # Install Nette Tester & Code Checker - - composer install --no-interaction --prefer-source + - composer update --no-interaction --prefer-source $dependencies - composer create-project nette/code-checker temp/code-checker ~2.5 --no-interaction --prefer-source diff --git a/composer.json b/composer.json index 8590dfc5..a7e7b7de 100644 --- a/composer.json +++ b/composer.json @@ -20,7 +20,7 @@ "require-dev": { "nette/di": "~2.3", "nette/http": "~2.3", - "nette/tester": "~1.0" + "nette/tester": "~1.4" }, "conflict": { "nette/nette": "<2.2" From 5bf8b495950c9a788a42ddbde20b6be9371e064f Mon Sep 17 00:00:00 2001 From: David Grudl Date: Mon, 29 Jun 2015 14:47:20 +0200 Subject: [PATCH 14/36] removed @author --- src/Bridges/SecurityDI/SecurityExtension.php | 2 -- src/Bridges/SecurityTracy/UserPanel.php | 2 -- src/Security/AuthenticationException.php | 2 -- src/Security/IAuthenticator.php | 2 -- src/Security/IAuthorizator.php | 2 -- src/Security/IIdentity.php | 2 -- src/Security/IResource.php | 2 -- src/Security/IRole.php | 2 -- src/Security/IUserStorage.php | 2 -- src/Security/Identity.php | 2 -- src/Security/Passwords.php | 2 -- src/Security/Permission.php | 1 - src/Security/SimpleAuthenticator.php | 2 -- src/Security/User.php | 2 -- 14 files changed, 27 deletions(-) diff --git a/src/Bridges/SecurityDI/SecurityExtension.php b/src/Bridges/SecurityDI/SecurityExtension.php index ade238b8..074ba4f6 100644 --- a/src/Bridges/SecurityDI/SecurityExtension.php +++ b/src/Bridges/SecurityDI/SecurityExtension.php @@ -12,8 +12,6 @@ /** * Security extension for Nette DI. - * - * @author David Grudl */ class SecurityExtension extends Nette\DI\CompilerExtension { diff --git a/src/Bridges/SecurityTracy/UserPanel.php b/src/Bridges/SecurityTracy/UserPanel.php index 63fe63c8..931156d3 100644 --- a/src/Bridges/SecurityTracy/UserPanel.php +++ b/src/Bridges/SecurityTracy/UserPanel.php @@ -13,8 +13,6 @@ /** * User panel for Debugger Bar. - * - * @author David Grudl */ class UserPanel extends Nette\Object implements Tracy\IBarPanel { diff --git a/src/Security/AuthenticationException.php b/src/Security/AuthenticationException.php index 7dee689c..b6333145 100644 --- a/src/Security/AuthenticationException.php +++ b/src/Security/AuthenticationException.php @@ -12,8 +12,6 @@ /** * Authentication exception. - * - * @author David Grudl */ class AuthenticationException extends \Exception { diff --git a/src/Security/IAuthenticator.php b/src/Security/IAuthenticator.php index 2727605c..4ce9c60d 100644 --- a/src/Security/IAuthenticator.php +++ b/src/Security/IAuthenticator.php @@ -12,8 +12,6 @@ /** * Performs authentication. - * - * @author David Grudl */ interface IAuthenticator { diff --git a/src/Security/IAuthorizator.php b/src/Security/IAuthorizator.php index c3517678..e87981bc 100644 --- a/src/Security/IAuthorizator.php +++ b/src/Security/IAuthorizator.php @@ -13,8 +13,6 @@ /** * Authorizator checks if a given role has authorization * to access a given resource. - * - * @author David Grudl */ interface IAuthorizator { diff --git a/src/Security/IIdentity.php b/src/Security/IIdentity.php index 1385643d..a44f4b94 100644 --- a/src/Security/IIdentity.php +++ b/src/Security/IIdentity.php @@ -12,8 +12,6 @@ /** * Represents the user of application. - * - * @author David Grudl */ interface IIdentity { diff --git a/src/Security/IResource.php b/src/Security/IResource.php index 7be0bac9..4a546ec7 100644 --- a/src/Security/IResource.php +++ b/src/Security/IResource.php @@ -12,8 +12,6 @@ /** * Represents resource, an object to which access is controlled. - * - * @author David Grudl */ interface IResource { diff --git a/src/Security/IRole.php b/src/Security/IRole.php index 91257d29..eab29bfa 100644 --- a/src/Security/IRole.php +++ b/src/Security/IRole.php @@ -12,8 +12,6 @@ /** * Represents role, an object that may request access to an IResource. - * - * @author David Grudl */ interface IRole { diff --git a/src/Security/IUserStorage.php b/src/Security/IUserStorage.php index 8bc03ebd..e27271c0 100644 --- a/src/Security/IUserStorage.php +++ b/src/Security/IUserStorage.php @@ -12,8 +12,6 @@ /** * Interface for persistent storage for user object data. - * - * @author David Grudl, Jan Tichý */ interface IUserStorage { diff --git a/src/Security/Identity.php b/src/Security/Identity.php index 4beaba03..0a358af5 100644 --- a/src/Security/Identity.php +++ b/src/Security/Identity.php @@ -13,8 +13,6 @@ /** * Default implementation of IIdentity. * - * @author David Grudl - * * @property mixed $id * @property array $roles * @property-read array $data diff --git a/src/Security/Passwords.php b/src/Security/Passwords.php index 3918338e..bea55e4b 100644 --- a/src/Security/Passwords.php +++ b/src/Security/Passwords.php @@ -12,8 +12,6 @@ /** * Passwords tools. - * - * @author David Grudl */ class Passwords { diff --git a/src/Security/Permission.php b/src/Security/Permission.php index d94d90eb..52ee5a49 100644 --- a/src/Security/Permission.php +++ b/src/Security/Permission.php @@ -16,7 +16,6 @@ * This solution is mostly based on Zend_Acl (c) Zend Technologies USA Inc. (http://www.zend.com), new BSD license * * @copyright Copyright (c) 2005, 2007 Zend Technologies USA Inc. - * @author David Grudl * * @property-read array $roles * @property-read array $resources diff --git a/src/Security/SimpleAuthenticator.php b/src/Security/SimpleAuthenticator.php index f3871eca..db0e7f71 100644 --- a/src/Security/SimpleAuthenticator.php +++ b/src/Security/SimpleAuthenticator.php @@ -12,8 +12,6 @@ /** * Trivial implementation of IAuthenticator. - * - * @author David Grudl */ class SimpleAuthenticator extends Nette\Object implements IAuthenticator { diff --git a/src/Security/User.php b/src/Security/User.php index 687c3ac5..18ea800b 100644 --- a/src/Security/User.php +++ b/src/Security/User.php @@ -13,8 +13,6 @@ /** * User authentication and authorization. * - * @author David Grudl - * * @property-read bool $loggedIn * @property-read IIdentity $identity * @property-read mixed $id From 087c05534f45f9a7a3778b083d1033207eeb2bc6 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Mon, 29 Jun 2015 16:00:35 +0200 Subject: [PATCH 15/36] typo: removed unused use --- src/Security/AuthenticationException.php | 2 -- src/Security/IAuthenticator.php | 2 -- src/Security/IAuthorizator.php | 2 -- src/Security/IIdentity.php | 2 -- src/Security/IResource.php | 2 -- src/Security/IRole.php | 2 -- src/Security/IUserStorage.php | 2 -- 7 files changed, 14 deletions(-) diff --git a/src/Security/AuthenticationException.php b/src/Security/AuthenticationException.php index b6333145..3cb18db1 100644 --- a/src/Security/AuthenticationException.php +++ b/src/Security/AuthenticationException.php @@ -7,8 +7,6 @@ namespace Nette\Security; -use Nette; - /** * Authentication exception. diff --git a/src/Security/IAuthenticator.php b/src/Security/IAuthenticator.php index 4ce9c60d..810d0d8a 100644 --- a/src/Security/IAuthenticator.php +++ b/src/Security/IAuthenticator.php @@ -7,8 +7,6 @@ namespace Nette\Security; -use Nette; - /** * Performs authentication. diff --git a/src/Security/IAuthorizator.php b/src/Security/IAuthorizator.php index e87981bc..5f37050f 100644 --- a/src/Security/IAuthorizator.php +++ b/src/Security/IAuthorizator.php @@ -7,8 +7,6 @@ namespace Nette\Security; -use Nette; - /** * Authorizator checks if a given role has authorization diff --git a/src/Security/IIdentity.php b/src/Security/IIdentity.php index a44f4b94..cc316509 100644 --- a/src/Security/IIdentity.php +++ b/src/Security/IIdentity.php @@ -7,8 +7,6 @@ namespace Nette\Security; -use Nette; - /** * Represents the user of application. diff --git a/src/Security/IResource.php b/src/Security/IResource.php index 4a546ec7..d2d87ae5 100644 --- a/src/Security/IResource.php +++ b/src/Security/IResource.php @@ -7,8 +7,6 @@ namespace Nette\Security; -use Nette; - /** * Represents resource, an object to which access is controlled. diff --git a/src/Security/IRole.php b/src/Security/IRole.php index eab29bfa..aed8e0b8 100644 --- a/src/Security/IRole.php +++ b/src/Security/IRole.php @@ -7,8 +7,6 @@ namespace Nette\Security; -use Nette; - /** * Represents role, an object that may request access to an IResource. diff --git a/src/Security/IUserStorage.php b/src/Security/IUserStorage.php index e27271c0..e009c37b 100644 --- a/src/Security/IUserStorage.php +++ b/src/Security/IUserStorage.php @@ -7,8 +7,6 @@ namespace Nette\Security; -use Nette; - /** * Interface for persistent storage for user object data. From e1b0f97234bc271b0bab518eb18cfeacc0c36d77 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Sat, 11 Jul 2015 22:59:23 +0200 Subject: [PATCH 16/36] travis: migrating to container-based infrastructure --- .travis.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 87920592..83564d57 100644 --- a/.travis.yml +++ b/.travis.yml @@ -25,5 +25,11 @@ after_failure: before_script: # Install Nette Tester & Code Checker - - composer update --no-interaction --prefer-source $dependencies - - composer create-project nette/code-checker temp/code-checker ~2.5 --no-interaction --prefer-source + - travis_retry composer update --no-interaction --prefer-dist $dependencies + - travis_retry composer create-project nette/code-checker temp/code-checker ~2.5 --no-interaction + +sudo: false + +cache: + directories: + - $HOME/.composer/cache From 2609fe4956c31d177b7ccf29ccbb0f5319c89372 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Sat, 15 Aug 2015 11:21:14 +0200 Subject: [PATCH 17/36] Passwords::hash() removed option 'salt' (BC break) --- src/Security/Passwords.php | 11 ++++------- tests/Security/Passwords.hash().phpt | 8 ++------ 2 files changed, 6 insertions(+), 13 deletions(-) diff --git a/src/Security/Passwords.php b/src/Security/Passwords.php index bea55e4b..38cf8339 100644 --- a/src/Security/Passwords.php +++ b/src/Security/Passwords.php @@ -21,20 +21,17 @@ class Passwords /** * Computes salted password hash. * @param string - * @param array with cost (4-31), salt (22 chars) + * @param array with cost (4-31) * @return string 60 chars long */ public static function hash($password, array $options = NULL) { $cost = isset($options['cost']) ? (int) $options['cost'] : self::BCRYPT_COST; - $salt = isset($options['salt']) ? (string) $options['salt'] : Nette\Utils\Random::generate(22, '0-9A-Za-z./'); - - if (($len = strlen($salt)) < 22) { - throw new Nette\InvalidArgumentException("Salt must be 22 characters long, $len given."); - } elseif ($cost < 4 || $cost > 31) { + if ($cost < 4 || $cost > 31) { throw new Nette\InvalidArgumentException("Cost must be in range 4-31, $cost given."); } + $salt = Nette\Utils\Random::generate(22, '0-9A-Za-z./'); $hash = crypt($password, '$2y$' . ($cost < 10 ? 0 : '') . $cost . '$' . $salt); if (strlen($hash) < 60) { throw new Nette\InvalidStateException('Hash returned by crypt is invalid.'); @@ -51,7 +48,7 @@ public static function verify($password, $hash) { return preg_match('#^\$2y\$(?P\d\d)\$(?P.{22})#', $hash, $m) && $m['cost'] >= 4 && $m['cost'] <= 31 - && self::hash($password, $m) === $hash; + && crypt($password, $hash) === $hash; } diff --git a/tests/Security/Passwords.hash().phpt b/tests/Security/Passwords.hash().phpt index 39aa92cd..474560a6 100644 --- a/tests/Security/Passwords.hash().phpt +++ b/tests/Security/Passwords.hash().phpt @@ -17,8 +17,8 @@ Assert::truthy( ); Assert::truthy( - preg_match('#^\$2y\$05\$123456789012345678901.{32}\z#', - $h = Passwords::hash('dg', ['cost' => 5, 'salt' => '1234567890123456789012'])) + preg_match('#^\$2y\$05\$.{53}\z#', + $h = Passwords::hash('dg', ['cost' => 5])) ); echo $h; @@ -33,7 +33,3 @@ Assert::exception(function () { Assert::exception(function () { Passwords::hash('dg', ['cost' => 32]); }, 'Nette\InvalidArgumentException', 'Cost must be in range 4-31, 32 given.'); - -Assert::exception(function () { - Passwords::hash('dg', ['salt' => 'abc']); -}, 'Nette\InvalidArgumentException', 'Salt must be 22 characters long, 3 given.'); From 0db1d3cfedb3f869d6b0c85a4c3e0779fb242670 Mon Sep 17 00:00:00 2001 From: Jan Tvrdik Date: Sun, 23 Aug 2015 21:14:00 +0200 Subject: [PATCH 18/36] fixed using undefined classes in typehints --- src/Security/IUserStorage.php | 2 +- src/Security/User.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Security/IUserStorage.php b/src/Security/IUserStorage.php index e009c37b..61fb4945 100644 --- a/src/Security/IUserStorage.php +++ b/src/Security/IUserStorage.php @@ -48,7 +48,7 @@ function getIdentity(); /** * Enables log out from the persistent storage after inactivity. - * @param string|int|DateTime number of seconds or timestamp + * @param string|int|\DateTime number of seconds or timestamp * @param int Log out when the browser is closed | Clear the identity from persistent storage? * @return void */ diff --git a/src/Security/User.php b/src/Security/User.php index 18ea800b..84dd5efb 100644 --- a/src/Security/User.php +++ b/src/Security/User.php @@ -165,7 +165,7 @@ public function getAuthenticator($need = TRUE) /** * Enables log out after inactivity. - * @param string|int|DateTime number of seconds or timestamp + * @param string|int|\DateTime number of seconds or timestamp * @param int log out when the browser is closed? | clear the identity from persistent storage? * @return self */ From 68853f9f827630bf8d7536b9e327c2c253190bce Mon Sep 17 00:00:00 2001 From: Jan Tvrdik Date: Sun, 23 Aug 2015 23:57:55 +0200 Subject: [PATCH 19/36] requires PHP 5.6.0 --- .travis.yml | 2 -- composer.json | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/.travis.yml b/.travis.yml index 83564d57..4d2d58e4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,7 +1,5 @@ language: php php: - - 5.4 - - 5.5 - 5.6 - 7.0 - hhvm diff --git a/composer.json b/composer.json index a7e7b7de..f5e10187 100644 --- a/composer.json +++ b/composer.json @@ -14,7 +14,7 @@ } ], "require": { - "php": ">=5.4.4", + "php": ">=5.6.0", "nette/utils": "~2.2" }, "require-dev": { From f7e0ebeeee2a53bfaa16dfe437c21e46b09556af Mon Sep 17 00:00:00 2001 From: Jan Tvrdik Date: Sun, 23 Aug 2015 23:59:18 +0200 Subject: [PATCH 20/36] use ClassName::class syntax --- src/Bridges/SecurityDI/SecurityExtension.php | 16 ++++++++-------- .../SecurityExtension.authenticator.phpt | 2 +- tests/Security.DI/SecurityExtension.user.phpt | 4 ++-- tests/Security/Passwords.hash().phpt | 4 ++-- .../Permission.IsAllowedNonExistent.phpt | 4 ++-- ...ermission.ResourceAddInheritsNonExistent.phpt | 2 +- tests/Security/Permission.ResourceDuplicate.phpt | 2 +- .../Permission.ResourceInheritsNonExistent.phpt | 4 ++-- .../Permission.ResourceRemoveOneNonExistent.phpt | 2 +- ...ssion.RoleRegistryAddInheritsNonExistent.phpt | 2 +- .../Permission.RoleRegistryDuplicate.phpt | 2 +- ...rmission.RoleRegistryInheritsNonExistent.phpt | 4 ++-- ...mission.RoleRegistryRemoveOneNonExistent.phpt | 2 +- tests/Security/Permission.RuleRoleRemove.phpt | 2 +- tests/Security/Permission.RuleRoleRemoveAll.phpt | 2 +- .../Security/Permission.RulesResourceRemove.phpt | 2 +- .../Permission.RulesResourceRemoveAll.phpt | 2 +- tests/Security/SimpleAuthenticator.phpt | 8 ++++---- tests/Security/User.authentication.phpt | 6 +++--- tests/Security/User.authorization.phpt | 2 +- 20 files changed, 37 insertions(+), 37 deletions(-) diff --git a/src/Bridges/SecurityDI/SecurityExtension.php b/src/Bridges/SecurityDI/SecurityExtension.php index 074ba4f6..908a3649 100644 --- a/src/Bridges/SecurityDI/SecurityExtension.php +++ b/src/Bridges/SecurityDI/SecurityExtension.php @@ -38,15 +38,15 @@ public function loadConfiguration() $container = $this->getContainerBuilder(); $container->addDefinition($this->prefix('userStorage')) - ->setClass('Nette\Security\IUserStorage') - ->setFactory('Nette\Http\UserStorage'); + ->setClass(Nette\Security\IUserStorage::class) + ->setFactory(Nette\Http\UserStorage::class); $user = $container->addDefinition($this->prefix('user')) - ->setClass('Nette\Security\User'); + ->setClass(Nette\Security\User::class); if ($this->debugMode && $config['debugger']) { $user->addSetup('@Tracy\Bar::addPanel', [ - new Nette\DI\Statement('Nette\Bridges\SecurityTracy\UserPanel'), + new Nette\DI\Statement(Nette\Bridges\SecurityTracy\UserPanel::class), ]); } @@ -60,8 +60,8 @@ public function loadConfiguration() } $container->addDefinition($this->prefix('authenticator')) - ->setClass('Nette\Security\IAuthenticator') - ->setFactory('Nette\Security\SimpleAuthenticator', [$usersList, $usersRoles]); + ->setClass(Nette\Security\IAuthenticator::class) + ->setFactory(Nette\Security\SimpleAuthenticator::class, [$usersList, $usersRoles]); if ($this->name === 'security') { $container->addAlias('nette.authenticator', $this->prefix('authenticator')); @@ -70,8 +70,8 @@ public function loadConfiguration() if ($config['roles'] || $config['resources']) { $authorizator = $container->addDefinition($this->prefix('authorizator')) - ->setClass('Nette\Security\IAuthorizator') - ->setFactory('Nette\Security\Permission'); + ->setClass(Nette\Security\IAuthorizator::class) + ->setFactory(Nette\Security\Permission::class); foreach ($config['roles'] as $role => $parents) { $authorizator->addSetup('addRole', [$role, $parents]); diff --git a/tests/Security.DI/SecurityExtension.authenticator.phpt b/tests/Security.DI/SecurityExtension.authenticator.phpt index 8a26fb1b..c69fad9c 100644 --- a/tests/Security.DI/SecurityExtension.authenticator.phpt +++ b/tests/Security.DI/SecurityExtension.authenticator.phpt @@ -33,7 +33,7 @@ eval($compiler->compile($config, 'Container1')); $container = new Container1; $authenticator = $container->getService('security.authenticator'); -Assert::type('Nette\Security\SimpleAuthenticator', $authenticator); +Assert::type(Nette\Security\SimpleAuthenticator::class, $authenticator); Assert::same($authenticator, $container->getService('nette.authenticator')); $userList = [ diff --git a/tests/Security.DI/SecurityExtension.user.phpt b/tests/Security.DI/SecurityExtension.user.phpt index b24df3f7..472c3bba 100644 --- a/tests/Security.DI/SecurityExtension.user.phpt +++ b/tests/Security.DI/SecurityExtension.user.phpt @@ -22,8 +22,8 @@ $compiler->addExtension('security', new SecurityExtension); eval($compiler->compile([], 'Container1')); $container = new Container1; -Assert::type('Nette\Http\UserStorage', $container->getService('security.userStorage')); -Assert::type('Nette\Security\User', $container->getService('security.user')); +Assert::type(Nette\Http\UserStorage::class, $container->getService('security.userStorage')); +Assert::type(Nette\Security\User::class, $container->getService('security.user')); // aliases Assert::same($container->getService('security.userStorage'), $container->getService('nette.userStorage')); diff --git a/tests/Security/Passwords.hash().phpt b/tests/Security/Passwords.hash().phpt index 474560a6..dd1080a0 100644 --- a/tests/Security/Passwords.hash().phpt +++ b/tests/Security/Passwords.hash().phpt @@ -28,8 +28,8 @@ Assert::same($hash, crypt('dg', $hash)); Assert::exception(function () { Passwords::hash('dg', ['cost' => 3]); -}, 'Nette\InvalidArgumentException', 'Cost must be in range 4-31, 3 given.'); +}, Nette\InvalidArgumentException::class, 'Cost must be in range 4-31, 3 given.'); Assert::exception(function () { Passwords::hash('dg', ['cost' => 32]); -}, 'Nette\InvalidArgumentException', 'Cost must be in range 4-31, 32 given.'); +}, Nette\InvalidArgumentException::class, 'Cost must be in range 4-31, 32 given.'); diff --git a/tests/Security/Permission.IsAllowedNonExistent.phpt b/tests/Security/Permission.IsAllowedNonExistent.phpt index e7f3b9f7..433aea73 100644 --- a/tests/Security/Permission.IsAllowedNonExistent.phpt +++ b/tests/Security/Permission.IsAllowedNonExistent.phpt @@ -14,9 +14,9 @@ require __DIR__ . '/../bootstrap.php'; Assert::exception(function () { $acl = new Permission; $acl->isAllowed('nonexistent'); -}, 'Nette\InvalidStateException', "Role 'nonexistent' does not exist."); +}, Nette\InvalidStateException::class, "Role 'nonexistent' does not exist."); Assert::exception(function () { $acl = new Permission; $acl->isAllowed(NULL, 'nonexistent'); -}, 'Nette\InvalidStateException', "Resource 'nonexistent' does not exist."); +}, Nette\InvalidStateException::class, "Resource 'nonexistent' does not exist."); diff --git a/tests/Security/Permission.ResourceAddInheritsNonExistent.phpt b/tests/Security/Permission.ResourceAddInheritsNonExistent.phpt index fc6836de..07db81eb 100644 --- a/tests/Security/Permission.ResourceAddInheritsNonExistent.phpt +++ b/tests/Security/Permission.ResourceAddInheritsNonExistent.phpt @@ -14,4 +14,4 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; Assert::exception(function () use ($acl) { $acl->addResource('area', 'nonexistent'); -}, 'Nette\InvalidStateException', "Resource 'nonexistent' does not exist."); +}, Nette\InvalidStateException::class, "Resource 'nonexistent' does not exist."); diff --git a/tests/Security/Permission.ResourceDuplicate.phpt b/tests/Security/Permission.ResourceDuplicate.phpt index 7e071875..72359557 100644 --- a/tests/Security/Permission.ResourceDuplicate.phpt +++ b/tests/Security/Permission.ResourceDuplicate.phpt @@ -15,4 +15,4 @@ Assert::exception(function () { $acl = new Permission; $acl->addResource('area'); $acl->addResource('area'); -}, 'Nette\InvalidStateException', "Resource 'area' already exists in the list."); +}, Nette\InvalidStateException::class, "Resource 'area' already exists in the list."); diff --git a/tests/Security/Permission.ResourceInheritsNonExistent.phpt b/tests/Security/Permission.ResourceInheritsNonExistent.phpt index 8e8569c6..b37cc5a1 100644 --- a/tests/Security/Permission.ResourceInheritsNonExistent.phpt +++ b/tests/Security/Permission.ResourceInheritsNonExistent.phpt @@ -15,8 +15,8 @@ $acl = new Permission; $acl->addResource('area'); Assert::exception(function () use ($acl) { $acl->resourceInheritsFrom('nonexistent', 'area'); -}, 'Nette\InvalidStateException', "Resource 'nonexistent' does not exist."); +}, Nette\InvalidStateException::class, "Resource 'nonexistent' does not exist."); Assert::exception(function () use ($acl) { $acl->resourceInheritsFrom('area', 'nonexistent'); -}, 'Nette\InvalidStateException', "Resource 'nonexistent' does not exist."); +}, Nette\InvalidStateException::class, "Resource 'nonexistent' does not exist."); diff --git a/tests/Security/Permission.ResourceRemoveOneNonExistent.phpt b/tests/Security/Permission.ResourceRemoveOneNonExistent.phpt index ae996b31..2bdeb8aa 100644 --- a/tests/Security/Permission.ResourceRemoveOneNonExistent.phpt +++ b/tests/Security/Permission.ResourceRemoveOneNonExistent.phpt @@ -14,4 +14,4 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; Assert::exception(function () use ($acl) { $acl->removeResource('nonexistent'); -}, 'Nette\InvalidStateException', "Resource 'nonexistent' does not exist."); +}, Nette\InvalidStateException::class, "Resource 'nonexistent' does not exist."); diff --git a/tests/Security/Permission.RoleRegistryAddInheritsNonExistent.phpt b/tests/Security/Permission.RoleRegistryAddInheritsNonExistent.phpt index 974ca66b..b49637ce 100644 --- a/tests/Security/Permission.RoleRegistryAddInheritsNonExistent.phpt +++ b/tests/Security/Permission.RoleRegistryAddInheritsNonExistent.phpt @@ -14,4 +14,4 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; Assert::exception(function () use ($acl) { $acl->addRole('guest', 'nonexistent'); -}, 'Nette\InvalidStateException', "Role 'nonexistent' does not exist."); +}, Nette\InvalidStateException::class, "Role 'nonexistent' does not exist."); diff --git a/tests/Security/Permission.RoleRegistryDuplicate.phpt b/tests/Security/Permission.RoleRegistryDuplicate.phpt index 621f66f0..f569239c 100644 --- a/tests/Security/Permission.RoleRegistryDuplicate.phpt +++ b/tests/Security/Permission.RoleRegistryDuplicate.phpt @@ -15,4 +15,4 @@ $acl = new Permission; Assert::exception(function () use ($acl) { $acl->addRole('guest'); $acl->addRole('guest'); -}, 'Nette\InvalidStateException', "Role 'guest' already exists in the list."); +}, Nette\InvalidStateException::class, "Role 'guest' already exists in the list."); diff --git a/tests/Security/Permission.RoleRegistryInheritsNonExistent.phpt b/tests/Security/Permission.RoleRegistryInheritsNonExistent.phpt index 765196cb..3365ce1f 100644 --- a/tests/Security/Permission.RoleRegistryInheritsNonExistent.phpt +++ b/tests/Security/Permission.RoleRegistryInheritsNonExistent.phpt @@ -15,8 +15,8 @@ $acl = new Permission; $acl->addRole('guest'); Assert::exception(function () use ($acl) { $acl->roleInheritsFrom('nonexistent', 'guest'); -}, 'Nette\InvalidStateException', "Role 'nonexistent' does not exist."); +}, Nette\InvalidStateException::class, "Role 'nonexistent' does not exist."); Assert::exception(function () use ($acl) { $acl->roleInheritsFrom('guest', 'nonexistent'); -}, 'Nette\InvalidStateException', "Role 'nonexistent' does not exist."); +}, Nette\InvalidStateException::class, "Role 'nonexistent' does not exist."); diff --git a/tests/Security/Permission.RoleRegistryRemoveOneNonExistent.phpt b/tests/Security/Permission.RoleRegistryRemoveOneNonExistent.phpt index 0ecc4207..db037840 100644 --- a/tests/Security/Permission.RoleRegistryRemoveOneNonExistent.phpt +++ b/tests/Security/Permission.RoleRegistryRemoveOneNonExistent.phpt @@ -14,4 +14,4 @@ require __DIR__ . '/../bootstrap.php'; $acl = new Permission; Assert::exception(function () use ($acl) { $acl->removeRole('nonexistent'); -}, 'Nette\InvalidStateException', "Role 'nonexistent' does not exist."); +}, Nette\InvalidStateException::class, "Role 'nonexistent' does not exist."); diff --git a/tests/Security/Permission.RuleRoleRemove.phpt b/tests/Security/Permission.RuleRoleRemove.phpt index 466a1312..c170ed2a 100644 --- a/tests/Security/Permission.RuleRoleRemove.phpt +++ b/tests/Security/Permission.RuleRoleRemove.phpt @@ -18,7 +18,7 @@ Assert::true($acl->isAllowed('guest')); $acl->removeRole('guest'); Assert::exception(function () use ($acl) { $acl->isAllowed('guest'); -}, 'Nette\InvalidStateException', "Role 'guest' does not exist."); +}, Nette\InvalidStateException::class, "Role 'guest' does not exist."); $acl->addRole('guest'); Assert::false($acl->isAllowed('guest')); diff --git a/tests/Security/Permission.RuleRoleRemoveAll.phpt b/tests/Security/Permission.RuleRoleRemoveAll.phpt index 9b428477..b30a8bf9 100644 --- a/tests/Security/Permission.RuleRoleRemoveAll.phpt +++ b/tests/Security/Permission.RuleRoleRemoveAll.phpt @@ -18,7 +18,7 @@ Assert::true($acl->isAllowed('guest')); $acl->removeAllRoles(); Assert::exception(function () use ($acl) { $acl->isAllowed('guest'); -}, 'Nette\InvalidStateException', "Role 'guest' does not exist."); +}, Nette\InvalidStateException::class, "Role 'guest' does not exist."); $acl->addRole('guest'); Assert::false($acl->isAllowed('guest')); diff --git a/tests/Security/Permission.RulesResourceRemove.phpt b/tests/Security/Permission.RulesResourceRemove.phpt index 560cd9db..1e9b7c28 100644 --- a/tests/Security/Permission.RulesResourceRemove.phpt +++ b/tests/Security/Permission.RulesResourceRemove.phpt @@ -18,7 +18,7 @@ Assert::true($acl->isAllowed(NULL, 'area')); $acl->removeResource('area'); Assert::exception(function () use ($acl) { $acl->isAllowed(NULL, 'area'); -}, 'Nette\InvalidStateException', "Resource 'area' does not exist."); +}, Nette\InvalidStateException::class, "Resource 'area' does not exist."); $acl->addResource('area'); Assert::false($acl->isAllowed(NULL, 'area')); diff --git a/tests/Security/Permission.RulesResourceRemoveAll.phpt b/tests/Security/Permission.RulesResourceRemoveAll.phpt index a1b7bc6b..7afc8741 100644 --- a/tests/Security/Permission.RulesResourceRemoveAll.phpt +++ b/tests/Security/Permission.RulesResourceRemoveAll.phpt @@ -18,7 +18,7 @@ Assert::true($acl->isAllowed(NULL, 'area')); $acl->removeAllResources(); Assert::exception(function () use ($acl) { $acl->isAllowed(NULL, 'area'); -}, 'Nette\InvalidStateException', "Resource 'area' does not exist."); +}, Nette\InvalidStateException::class, "Resource 'area' does not exist."); $acl->addResource('area'); Assert::false($acl->isAllowed(NULL, 'area')); diff --git a/tests/Security/SimpleAuthenticator.phpt b/tests/Security/SimpleAuthenticator.phpt index 993c6bb3..1dd22669 100644 --- a/tests/Security/SimpleAuthenticator.phpt +++ b/tests/Security/SimpleAuthenticator.phpt @@ -19,17 +19,17 @@ $users = [ $authenticator = new SimpleAuthenticator($users); $identity = $authenticator->authenticate(['john', 'password123!']); -Assert::type('Nette\Security\IIdentity', $identity); +Assert::type(Nette\Security\IIdentity::class, $identity); Assert::equal('john', $identity->getId()); $identity = $authenticator->authenticate(['admin', 'admin']); -Assert::type('Nette\Security\IIdentity', $identity); +Assert::type(Nette\Security\IIdentity::class, $identity); Assert::equal('admin', $identity->getId()); Assert::exception(function () use ($authenticator) { $authenticator->authenticate(['admin', 'wrong password']); -}, 'Nette\Security\AuthenticationException', 'Invalid password.'); +}, Nette\Security\AuthenticationException::class, 'Invalid password.'); Assert::exception(function () use ($authenticator) { $authenticator->authenticate(['nobody', 'password']); -}, 'Nette\Security\AuthenticationException', "User 'nobody' not found."); +}, Nette\Security\AuthenticationException::class, "User 'nobody' not found."); diff --git a/tests/Security/User.authentication.phpt b/tests/Security/User.authentication.phpt index ca534907..5f10132a 100644 --- a/tests/Security/User.authentication.phpt +++ b/tests/Security/User.authentication.phpt @@ -66,7 +66,7 @@ Assert::null($user->getId()); Assert::exception(function () use ($user) { // login without handler $user->login('jane', ''); -}, 'Nette\InvalidStateException', 'Authenticator has not been set.'); +}, Nette\InvalidStateException::class, 'Authenticator has not been set.'); $handler = new Authenticator; $user->setAuthenticator($handler); @@ -74,12 +74,12 @@ $user->setAuthenticator($handler); Assert::exception(function () use ($user) { // login as jane $user->login('jane', ''); -}, 'Nette\Security\AuthenticationException', 'Unknown user'); +}, Nette\Security\AuthenticationException::class, 'Unknown user'); Assert::exception(function () use ($user) { // login as john $user->login('john', ''); -}, 'Nette\Security\AuthenticationException', 'Password not match'); +}, Nette\Security\AuthenticationException::class, 'Password not match'); // login as john#2 $user->login('john', 'xxx'); diff --git a/tests/Security/User.authorization.phpt b/tests/Security/User.authorization.phpt index 806f7945..3a6920bb 100644 --- a/tests/Security/User.authorization.phpt +++ b/tests/Security/User.authorization.phpt @@ -86,7 +86,7 @@ Assert::false($user->isInRole('guest')); // authorization Assert::exception(function () use ($user) { $user->isAllowed('delete_file'); -}, 'Nette\InvalidStateException', 'Authorizator has not been set.'); +}, Nette\InvalidStateException::class, 'Authorizator has not been set.'); $handler = new Authorizator; $user->setAuthorizator($handler); From f3b0471a317a27f34041116cdb8e300b9127e920 Mon Sep 17 00:00:00 2001 From: Jan Tvrdik Date: Mon, 24 Aug 2015 22:36:49 +0200 Subject: [PATCH 21/36] use DateTimeInterface --- src/Security/IUserStorage.php | 2 +- src/Security/User.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Security/IUserStorage.php b/src/Security/IUserStorage.php index 61fb4945..a23c1caa 100644 --- a/src/Security/IUserStorage.php +++ b/src/Security/IUserStorage.php @@ -48,7 +48,7 @@ function getIdentity(); /** * Enables log out from the persistent storage after inactivity. - * @param string|int|\DateTime number of seconds or timestamp + * @param string|int|\DateTimeInterface number of seconds or timestamp * @param int Log out when the browser is closed | Clear the identity from persistent storage? * @return void */ diff --git a/src/Security/User.php b/src/Security/User.php index 84dd5efb..1a71f107 100644 --- a/src/Security/User.php +++ b/src/Security/User.php @@ -165,7 +165,7 @@ public function getAuthenticator($need = TRUE) /** * Enables log out after inactivity. - * @param string|int|\DateTime number of seconds or timestamp + * @param string|int|\DateTimeInterface number of seconds or timestamp * @param int log out when the browser is closed? | clear the identity from persistent storage? * @return self */ From b1da1624ab13a3ce8486c4352f4a40a15933a4d2 Mon Sep 17 00:00:00 2001 From: Jan Tvrdik Date: Wed, 26 Aug 2015 08:20:51 +0200 Subject: [PATCH 22/36] Passwords: simplified with password_* API --- src/Security/Passwords.php | 25 ++++++++++--------------- tests/Security/Passwords.verify().phpt | 2 +- 2 files changed, 11 insertions(+), 16 deletions(-) diff --git a/src/Security/Passwords.php b/src/Security/Passwords.php index 38cf8339..0acc91c5 100644 --- a/src/Security/Passwords.php +++ b/src/Security/Passwords.php @@ -15,6 +15,7 @@ */ class Passwords { + /** @deprecated */ const BCRYPT_COST = 10; @@ -24,17 +25,15 @@ class Passwords * @param array with cost (4-31) * @return string 60 chars long */ - public static function hash($password, array $options = NULL) + public static function hash($password, array $options = []) { - $cost = isset($options['cost']) ? (int) $options['cost'] : self::BCRYPT_COST; - if ($cost < 4 || $cost > 31) { - throw new Nette\InvalidArgumentException("Cost must be in range 4-31, $cost given."); + if (isset($options['cost']) && ($options['cost'] < 4 || $options['cost'] > 31)) { + throw new Nette\InvalidArgumentException("Cost must be in range 4-31, $options[cost] given."); } - $salt = Nette\Utils\Random::generate(22, '0-9A-Za-z./'); - $hash = crypt($password, '$2y$' . ($cost < 10 ? 0 : '') . $cost . '$' . $salt); - if (strlen($hash) < 60) { - throw new Nette\InvalidStateException('Hash returned by crypt is invalid.'); + $hash = password_hash($password, PASSWORD_BCRYPT, $options); + if ($hash === FALSE || strlen($hash) < 60) { + throw new Nette\InvalidStateException('Hash computed by password_hash is invalid.'); } return $hash; } @@ -46,9 +45,7 @@ public static function hash($password, array $options = NULL) */ public static function verify($password, $hash) { - return preg_match('#^\$2y\$(?P\d\d)\$(?P.{22})#', $hash, $m) - && $m['cost'] >= 4 && $m['cost'] <= 31 - && crypt($password, $hash) === $hash; + return password_verify($password, $hash); } @@ -58,11 +55,9 @@ public static function verify($password, $hash) * @param array with cost (4-31) * @return bool */ - public static function needsRehash($hash, array $options = NULL) + public static function needsRehash($hash, array $options = []) { - $cost = isset($options['cost']) ? (int) $options['cost'] : self::BCRYPT_COST; - return !preg_match('#^\$2y\$(?P\d\d)\$(?P.{22})#', $hash, $m) - || $m['cost'] < $cost; + return password_needs_rehash($hash, PASSWORD_BCRYPT, $options); } } diff --git a/tests/Security/Passwords.verify().phpt b/tests/Security/Passwords.verify().phpt index 6ac54692..b1d25dd7 100644 --- a/tests/Security/Passwords.verify().phpt +++ b/tests/Security/Passwords.verify().phpt @@ -12,5 +12,5 @@ require __DIR__ . '/../bootstrap.php'; Assert::true(Passwords::verify('dg', '$2y$05$123456789012345678901uTj3G.8OMqoqrOMca1z/iBLqLNaWe6DK')); -Assert::false(Passwords::verify('dg', '$2x$05$123456789012345678901uTj3G.8OMqoqrOMca1z/iBLqLNaWe6DK')); +Assert::true(Passwords::verify('dg', '$2x$05$123456789012345678901uTj3G.8OMqoqrOMca1z/iBLqLNaWe6DK')); Assert::false(Passwords::verify('dgx', '$2y$05$123456789012345678901uTj3G.8OMqoqrOMca1z/iBLqLNaWe6DK')); From 9583bc3cf618577de630a9616ef136cc02b4eda6 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Wed, 23 Sep 2015 18:28:49 +0200 Subject: [PATCH 23/36] removed rarely used @property phpDoc --- src/Security/Identity.php | 1 - src/Security/Permission.php | 5 ----- src/Security/User.php | 1 - 3 files changed, 7 deletions(-) diff --git a/src/Security/Identity.php b/src/Security/Identity.php index 0a358af5..85f744ee 100644 --- a/src/Security/Identity.php +++ b/src/Security/Identity.php @@ -15,7 +15,6 @@ * * @property mixed $id * @property array $roles - * @property-read array $data */ class Identity extends Nette\Object implements IIdentity { diff --git a/src/Security/Permission.php b/src/Security/Permission.php index 52ee5a49..8e98524e 100644 --- a/src/Security/Permission.php +++ b/src/Security/Permission.php @@ -16,11 +16,6 @@ * This solution is mostly based on Zend_Acl (c) Zend Technologies USA Inc. (http://www.zend.com), new BSD license * * @copyright Copyright (c) 2005, 2007 Zend Technologies USA Inc. - * - * @property-read array $roles - * @property-read array $resources - * @property-read mixed $queriedRole - * @property-read mixed $queriedResource */ class Permission extends Nette\Object implements IAuthorizator { diff --git a/src/Security/User.php b/src/Security/User.php index 1a71f107..73b60c6b 100644 --- a/src/Security/User.php +++ b/src/Security/User.php @@ -18,7 +18,6 @@ * @property-read mixed $id * @property-read array $roles * @property-read int $logoutReason - * @property-read IUserStorage $storage * @property IAuthenticator $authenticator * @property IAuthorizator $authorizator */ From d65e02643109b3a101a7568cc2f4f81eed2f050c Mon Sep 17 00:00:00 2001 From: David Grudl Date: Mon, 5 Oct 2015 14:35:47 +0200 Subject: [PATCH 24/36] used https --- composer.json | 6 +++--- contributing.md | 4 ++-- license.md | 2 +- src/Bridges/SecurityDI/SecurityExtension.php | 4 ++-- src/Bridges/SecurityTracy/UserPanel.php | 4 ++-- src/Security/AuthenticationException.php | 4 ++-- src/Security/IAuthenticator.php | 4 ++-- src/Security/IAuthorizator.php | 4 ++-- src/Security/IIdentity.php | 4 ++-- src/Security/IResource.php | 4 ++-- src/Security/IRole.php | 4 ++-- src/Security/IUserStorage.php | 4 ++-- src/Security/Identity.php | 4 ++-- src/Security/Passwords.php | 4 ++-- src/Security/Permission.php | 4 ++-- src/Security/SimpleAuthenticator.php | 4 ++-- src/Security/User.php | 4 ++-- 17 files changed, 34 insertions(+), 34 deletions(-) diff --git a/composer.json b/composer.json index f5e10187..9e0b71c6 100644 --- a/composer.json +++ b/composer.json @@ -1,16 +1,16 @@ { "name": "nette/security", "description": "Nette Security: Access Control Component", - "homepage": "http://nette.org", + "homepage": "https://nette.org", "license": ["BSD-3-Clause", "GPL-2.0", "GPL-3.0"], "authors": [ { "name": "David Grudl", - "homepage": "http://davidgrudl.com" + "homepage": "https://davidgrudl.com" }, { "name": "Nette Community", - "homepage": "http://nette.org/contributors" + "homepage": "https://nette.org/contributors" } ], "require": { diff --git a/contributing.md b/contributing.md index a1cbbd53..860882bf 100644 --- a/contributing.md +++ b/contributing.md @@ -5,7 +5,7 @@ The issue tracker is the preferred channel for bug reports, features requests and submitting pull requests, but please respect the following restrictions: * Please **do not** use the issue tracker for personal support requests (use - [Nette forum](http://forum.nette.org) or [Stack Overflow](http://stackoverflow.com)). + [Nette forum](https://forum.nette.org) or [Stack Overflow](http://stackoverflow.com)). * Please **do not** derail or troll issues. Keep the discussion on topic and respect the opinions of others. @@ -21,7 +21,7 @@ fits with the scope and aims of the project. It's up to *you* to make a strong case to convince the project's developers of the merits of this feature. Nette welcomes **pull requests**. If you'd like to contribute, please take a moment -to [read the guidelines](http://nette.org/en/contributing) in order to make +to [read the guidelines](https://nette.org/en/contributing) in order to make the contribution process easy and effective for everyone involved. Thanks! diff --git a/license.md b/license.md index af571d59..cf741bd0 100644 --- a/license.md +++ b/license.md @@ -21,7 +21,7 @@ If your stuff is good, it will not take long to establish a reputation for yours New BSD License --------------- -Copyright (c) 2004, 2014 David Grudl (http://davidgrudl.com) +Copyright (c) 2004, 2014 David Grudl (https://davidgrudl.com) All rights reserved. Redistribution and use in source and binary forms, with or without modification, diff --git a/src/Bridges/SecurityDI/SecurityExtension.php b/src/Bridges/SecurityDI/SecurityExtension.php index 908a3649..e202f45d 100644 --- a/src/Bridges/SecurityDI/SecurityExtension.php +++ b/src/Bridges/SecurityDI/SecurityExtension.php @@ -1,8 +1,8 @@ Date: Mon, 5 Oct 2015 14:36:12 +0200 Subject: [PATCH 25/36] travis: removed PHP 7 from allowed failures --- .travis.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 4d2d58e4..e447d651 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,7 +6,6 @@ php: matrix: allow_failures: - - php: 7.0 - php: hhvm include: From a738fcb0e46b82bffd6bff94fa148fbd1e001016 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Sat, 6 Feb 2016 23:05:37 +0100 Subject: [PATCH 26/36] typo --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index e447d651..700267bc 100644 --- a/.travis.yml +++ b/.travis.yml @@ -24,7 +24,7 @@ before_script: # Install Nette Tester & Code Checker - travis_retry composer update --no-interaction --prefer-dist $dependencies - travis_retry composer create-project nette/code-checker temp/code-checker ~2.5 --no-interaction - + sudo: false cache: From ccbcb6cea7411218c90a739255d68de3a97c2931 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Tue, 23 Feb 2016 14:12:39 +0100 Subject: [PATCH 27/36] UserPanel: ob_start() is protected against flush when error occurs --- src/Bridges/SecurityTracy/UserPanel.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Bridges/SecurityTracy/UserPanel.php b/src/Bridges/SecurityTracy/UserPanel.php index ea0e76c1..46ca603a 100644 --- a/src/Bridges/SecurityTracy/UserPanel.php +++ b/src/Bridges/SecurityTracy/UserPanel.php @@ -36,7 +36,7 @@ public function getTab() return; } - ob_start(); + ob_start(function () {}); $user = $this->user; require __DIR__ . '/templates/UserPanel.tab.phtml'; return ob_get_clean(); @@ -49,7 +49,7 @@ public function getTab() */ public function getPanel() { - ob_start(); + ob_start(function () {}); $user = $this->user; require __DIR__ . '/templates/UserPanel.panel.phtml'; return ob_get_clean(); From e86e8e4564c235ac27a7ac5c0e913e3a9b662949 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Tue, 15 Mar 2016 19:56:27 +0000 Subject: [PATCH 28/36] composer: added Tracy --- composer.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 9e0b71c6..4a3a8947 100644 --- a/composer.json +++ b/composer.json @@ -20,7 +20,8 @@ "require-dev": { "nette/di": "~2.3", "nette/http": "~2.3", - "nette/tester": "~1.4" + "nette/tester": "~1.4", + "tracy/tracy": "^2.3" }, "conflict": { "nette/nette": "<2.2" From c150cb9ccff04d6068b3288bfc2ebfd4d21da287 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Wed, 6 Apr 2016 00:18:58 +0200 Subject: [PATCH 29/36] uses Nette\SmartObject & StaticClass --- composer.json | 2 +- src/Bridges/SecurityTracy/UserPanel.php | 4 +++- src/Security/Identity.php | 30 ++++++++++--------------- src/Security/Passwords.php | 2 ++ src/Security/Permission.php | 4 +++- src/Security/SimpleAuthenticator.php | 4 +++- src/Security/User.php | 4 +++- 7 files changed, 27 insertions(+), 23 deletions(-) diff --git a/composer.json b/composer.json index 4a3a8947..17f156f2 100644 --- a/composer.json +++ b/composer.json @@ -15,7 +15,7 @@ ], "require": { "php": ">=5.6.0", - "nette/utils": "~2.2" + "nette/utils": "~2.4" }, "require-dev": { "nette/di": "~2.3", diff --git a/src/Bridges/SecurityTracy/UserPanel.php b/src/Bridges/SecurityTracy/UserPanel.php index 46ca603a..5bfd0a92 100644 --- a/src/Bridges/SecurityTracy/UserPanel.php +++ b/src/Bridges/SecurityTracy/UserPanel.php @@ -14,8 +14,10 @@ /** * User panel for Debugger Bar. */ -class UserPanel extends Nette\Object implements Tracy\IBarPanel +class UserPanel implements Tracy\IBarPanel { + use Nette\SmartObject; + /** @var Nette\Security\User */ private $user; diff --git a/src/Security/Identity.php b/src/Security/Identity.php index de975659..04ccf287 100644 --- a/src/Security/Identity.php +++ b/src/Security/Identity.php @@ -16,8 +16,14 @@ * @property mixed $id * @property array $roles */ -class Identity extends Nette\Object implements IIdentity +class Identity implements IIdentity { + use Nette\SmartObject { + __get as private parentGet; + __set as private parentSet; + __isset as private parentIsSet; + } + /** @var mixed */ private $id; @@ -103,8 +109,8 @@ public function getData() */ public function __set($key, $value) { - if (parent::__isset($key)) { - parent::__set($key, $value); + if ($this->parentIsSet($key)) { + $this->parentSet($key, $value); } else { $this->data[$key] = $value; @@ -119,8 +125,8 @@ public function __set($key, $value) */ public function &__get($key) { - if (parent::__isset($key)) { - return parent::__get($key); + if ($this->parentIsSet($key)) { + return $this->parentGet($key); } else { return $this->data[$key]; @@ -135,19 +141,7 @@ public function &__get($key) */ public function __isset($key) { - return isset($this->data[$key]) || parent::__isset($key); - } - - - /** - * Removes property. - * @param string property name - * @return void - * @throws Nette\MemberAccessException - */ - public function __unset($name) - { - Nette\Utils\ObjectMixin::remove($this, $name); + return isset($this->data[$key]) || $this->parentIsSet($key); } } diff --git a/src/Security/Passwords.php b/src/Security/Passwords.php index 43f5779d..26ad2fb3 100644 --- a/src/Security/Passwords.php +++ b/src/Security/Passwords.php @@ -15,6 +15,8 @@ */ class Passwords { + use Nette\StaticClass; + /** @deprecated */ const BCRYPT_COST = 10; diff --git a/src/Security/Permission.php b/src/Security/Permission.php index 92929e17..6e243ccb 100644 --- a/src/Security/Permission.php +++ b/src/Security/Permission.php @@ -17,8 +17,10 @@ * * @copyright Copyright (c) 2005, 2007 Zend Technologies USA Inc. */ -class Permission extends Nette\Object implements IAuthorizator +class Permission implements IAuthorizator { + use Nette\SmartObject; + /** @var array Role storage */ private $roles = []; diff --git a/src/Security/SimpleAuthenticator.php b/src/Security/SimpleAuthenticator.php index 94949337..ac3dfeed 100644 --- a/src/Security/SimpleAuthenticator.php +++ b/src/Security/SimpleAuthenticator.php @@ -13,8 +13,10 @@ /** * Trivial implementation of IAuthenticator. */ -class SimpleAuthenticator extends Nette\Object implements IAuthenticator +class SimpleAuthenticator implements IAuthenticator { + use Nette\SmartObject; + /** @var array */ private $userlist; diff --git a/src/Security/User.php b/src/Security/User.php index 4ac799ec..c61545dd 100644 --- a/src/Security/User.php +++ b/src/Security/User.php @@ -21,8 +21,10 @@ * @property IAuthenticator $authenticator * @property IAuthorizator $authorizator */ -class User extends Nette\Object +class User { + use Nette\SmartObject; + /** @deprecated */ const MANUAL = IUserStorage::MANUAL, INACTIVITY = IUserStorage::INACTIVITY, From 79f650dcc9517219d661fcaae3a9cf53251bdbcc Mon Sep 17 00:00:00 2001 From: David Grudl Date: Wed, 20 Apr 2016 17:34:47 +0200 Subject: [PATCH 30/36] tests/travis: reports code coverage to Coveralls --- .travis.yml | 11 ++++++++++- readme.md | 1 + tests/.coveralls.yml | 4 ++++ 3 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 tests/.coveralls.yml diff --git a/.travis.yml b/.travis.yml index 700267bc..7d58d6dd 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,7 +13,7 @@ matrix: env: dependencies="--prefer-lowest --prefer-stable" script: - - vendor/bin/tester tests -s -p php + - vendor/bin/tester tests -s -p php $coverage - php temp/code-checker/src/code-checker.php --short-arrays after_failure: @@ -24,6 +24,15 @@ before_script: # Install Nette Tester & Code Checker - travis_retry composer update --no-interaction --prefer-dist $dependencies - travis_retry composer create-project nette/code-checker temp/code-checker ~2.5 --no-interaction + - if [ $TRAVIS_PHP_VERSION == "7.0" ]; then coverage="-p phpdbg --coverage ./coverage.xml --coverage-src ./src"; fi + +after_script: + # Report Code Coverage + - > + if [ "$coverage" != "" ]; then + wget https://github.com/satooshi/php-coveralls/releases/download/v1.0.1/coveralls.phar + && php coveralls.phar --verbose --config tests/.coveralls.yml + || true; fi sudo: false diff --git a/readme.md b/readme.md index 48e53c5f..17e2c204 100644 --- a/readme.md +++ b/readme.md @@ -3,6 +3,7 @@ Nette Security: Access Control [![Downloads this Month](https://img.shields.io/packagist/dm/nette/security.svg)](https://packagist.org/packages/nette/security) [![Build Status](https://travis-ci.org/nette/security.svg?branch=master)](https://travis-ci.org/nette/security) +[![Coverage Status](https://coveralls.io/repos/github/nette/security/badge.svg?branch=master)](https://coveralls.io/github/nette/security?branch=master) [![Latest Stable Version](https://poser.pugx.org/nette/security/v/stable)](https://github.com/nette/security/releases) [![License](https://img.shields.io/badge/license-New%20BSD-blue.svg)](https://github.com/nette/security/blob/master/license.md) diff --git a/tests/.coveralls.yml b/tests/.coveralls.yml new file mode 100644 index 00000000..82764a3f --- /dev/null +++ b/tests/.coveralls.yml @@ -0,0 +1,4 @@ +# for php-coveralls +service_name: travis-ci +coverage_clover: coverage.xml +json_path: coverage.json From b8894b54e10d0d4a1fc40e956d80e00f61d13a8f Mon Sep 17 00:00:00 2001 From: David Grudl Date: Tue, 3 May 2016 16:55:41 +0200 Subject: [PATCH 31/36] Revert "User: bool parameters replaced with bit masks" This reverts commit c10664961229dcf12a95bd5e4b0f6e6d39495188. --- src/Security/User.php | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/src/Security/User.php b/src/Security/User.php index c61545dd..5872a0bb 100644 --- a/src/Security/User.php +++ b/src/Security/User.php @@ -28,8 +28,7 @@ class User /** @deprecated */ const MANUAL = IUserStorage::MANUAL, INACTIVITY = IUserStorage::INACTIVITY, - BROWSER_CLOSED = IUserStorage::BROWSER_CLOSED, - CLEAR_IDENTITY = IUserStorage::CLEAR_IDENTITY; + BROWSER_CLOSED = IUserStorage::BROWSER_CLOSED; /** @var string default role for unauthenticated user */ public $guestRole = 'guest'; @@ -82,7 +81,7 @@ public function getStorage() */ public function login($id = NULL, $password = NULL) { - $this->logout(IUserStorage::CLEAR_IDENTITY); + $this->logout(TRUE); if (!$id instanceof IIdentity) { $id = $this->getAuthenticator()->authenticate(func_get_args()); } @@ -94,16 +93,16 @@ public function login($id = NULL, $password = NULL) /** * Logs out the user from the current session. - * @param int clear the identity from persistent storage? + * @param bool clear the identity from persistent storage? * @return void */ - public function logout($flags = NULL) + public function logout($clearIdentity = FALSE) { if ($this->isLoggedIn()) { $this->onLoggedOut($this); $this->storage->setAuthenticated(FALSE); } - if ($flags === TRUE || ($flags & IUserStorage::CLEAR_IDENTITY)) { + if ($clearIdentity) { $this->storage->setIdentity(NULL); } } @@ -167,13 +166,13 @@ public function getAuthenticator($need = TRUE) /** * Enables log out after inactivity. * @param string|int|\DateTimeInterface number of seconds or timestamp - * @param int log out when the browser is closed? | clear the identity from persistent storage? + * @param bool log out when the browser is closed? + * @param bool clear the identity from persistent storage? * @return self */ - public function setExpiration($time, $flags = IUserStorage::BROWSER_CLOSED, $clearIdentity = FALSE) + public function setExpiration($time, $whenBrowserIsClosed = TRUE, $clearIdentity = FALSE) { - $flags = ($flags === TRUE ? IUserStorage::BROWSER_CLOSED : $flags) // back compatibility - | ($clearIdentity ? IUserStorage::CLEAR_IDENTITY : 0); + $flags = ($whenBrowserIsClosed ? IUserStorage::BROWSER_CLOSED : 0) | ($clearIdentity ? IUserStorage::CLEAR_IDENTITY : 0); $this->storage->setExpiration($time, $flags); return $this; } From 5e44eb8fd693d5475f242ec53ffcbb23a5bf2e98 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Sat, 7 May 2016 13:11:19 +0200 Subject: [PATCH 32/36] renamed some local vars --- src/Bridges/SecurityDI/SecurityExtension.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/Bridges/SecurityDI/SecurityExtension.php b/src/Bridges/SecurityDI/SecurityExtension.php index e202f45d..0a86194b 100644 --- a/src/Bridges/SecurityDI/SecurityExtension.php +++ b/src/Bridges/SecurityDI/SecurityExtension.php @@ -35,13 +35,13 @@ public function __construct($debugMode = FALSE) public function loadConfiguration() { $config = $this->validateConfig($this->defaults); - $container = $this->getContainerBuilder(); + $builder = $this->getContainerBuilder(); - $container->addDefinition($this->prefix('userStorage')) + $builder->addDefinition($this->prefix('userStorage')) ->setClass(Nette\Security\IUserStorage::class) ->setFactory(Nette\Http\UserStorage::class); - $user = $container->addDefinition($this->prefix('user')) + $user = $builder->addDefinition($this->prefix('user')) ->setClass(Nette\Security\User::class); if ($this->debugMode && $config['debugger']) { @@ -59,17 +59,17 @@ public function loadConfiguration() $usersRoles[$username] = isset($data['roles']) ? $data['roles'] : NULL; } - $container->addDefinition($this->prefix('authenticator')) + $builder->addDefinition($this->prefix('authenticator')) ->setClass(Nette\Security\IAuthenticator::class) ->setFactory(Nette\Security\SimpleAuthenticator::class, [$usersList, $usersRoles]); if ($this->name === 'security') { - $container->addAlias('nette.authenticator', $this->prefix('authenticator')); + $builder->addAlias('nette.authenticator', $this->prefix('authenticator')); } } if ($config['roles'] || $config['resources']) { - $authorizator = $container->addDefinition($this->prefix('authorizator')) + $authorizator = $builder->addDefinition($this->prefix('authorizator')) ->setClass(Nette\Security\IAuthorizator::class) ->setFactory(Nette\Security\Permission::class); @@ -81,13 +81,13 @@ public function loadConfiguration() } if ($this->name === 'security') { - $container->addAlias('nette.authorizator', $this->prefix('authorizator')); + $builder->addAlias('nette.authorizator', $this->prefix('authorizator')); } } if ($this->name === 'security') { - $container->addAlias('user', $this->prefix('user')); - $container->addAlias('nette.userStorage', $this->prefix('userStorage')); + $builder->addAlias('user', $this->prefix('user')); + $builder->addAlias('nette.userStorage', $this->prefix('userStorage')); } } From f0b9151344d32882628e8774c51c69a3632ad135 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Thu, 12 May 2016 21:48:58 +0200 Subject: [PATCH 33/36] tests: compatible with master DI --- tests/Security.DI/SecurityExtension.authenticator.phpt | 4 ++-- tests/Security.DI/SecurityExtension.user.phpt | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/Security.DI/SecurityExtension.authenticator.phpt b/tests/Security.DI/SecurityExtension.authenticator.phpt index c69fad9c..e783f007 100644 --- a/tests/Security.DI/SecurityExtension.authenticator.phpt +++ b/tests/Security.DI/SecurityExtension.authenticator.phpt @@ -29,8 +29,8 @@ security: moderator: {password: moderator123, roles: moderator} ', 'neon')); -eval($compiler->compile($config, 'Container1')); -$container = new Container1; +eval($compiler->addConfig($config)->compile()); +$container = new Container; $authenticator = $container->getService('security.authenticator'); Assert::type(Nette\Security\SimpleAuthenticator::class, $authenticator); diff --git a/tests/Security.DI/SecurityExtension.user.phpt b/tests/Security.DI/SecurityExtension.user.phpt index 472c3bba..80c42e43 100644 --- a/tests/Security.DI/SecurityExtension.user.phpt +++ b/tests/Security.DI/SecurityExtension.user.phpt @@ -19,8 +19,8 @@ $compiler->addExtension('foo', new HttpExtension); $compiler->addExtension('bar', new SessionExtension); $compiler->addExtension('security', new SecurityExtension); -eval($compiler->compile([], 'Container1')); -$container = new Container1; +eval($compiler->compile()); +$container = new Container; Assert::type(Nette\Http\UserStorage::class, $container->getService('security.userStorage')); Assert::type(Nette\Security\User::class, $container->getService('security.user')); From 6d8508b7d2cec24f1b3c718941c6edcaf41b00d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Zl=C3=A1mal?= Date: Tue, 17 May 2016 14:11:41 +0200 Subject: [PATCH 34/36] Identity: add property annotation (#18) --- src/Security/Identity.php | 1 + tests/Security/Identity.phpt | 1 + 2 files changed, 2 insertions(+) diff --git a/src/Security/Identity.php b/src/Security/Identity.php index 04ccf287..2a896c74 100644 --- a/src/Security/Identity.php +++ b/src/Security/Identity.php @@ -15,6 +15,7 @@ * * @property mixed $id * @property array $roles + * @property array $data */ class Identity implements IIdentity { diff --git a/tests/Security/Identity.phpt b/tests/Security/Identity.phpt index c93cca82..1936f9f7 100644 --- a/tests/Security/Identity.phpt +++ b/tests/Security/Identity.phpt @@ -19,6 +19,7 @@ test(function () { Assert::same(['admin'], $id->getRoles()); Assert::same(['admin'], $id->roles); Assert::same(['name' => 'John'], $id->getData()); + Assert::same(['name' => 'John'], $id->data); Assert::same('John', $id->name); }); From 3fd0ee289b71e187480a58fc4842be44395bf4c8 Mon Sep 17 00:00:00 2001 From: David Grudl Date: Tue, 17 May 2016 17:37:18 +0200 Subject: [PATCH 35/36] travis: removed HHVM --- .travis.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.travis.yml b/.travis.yml index 7d58d6dd..72ae79cb 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,12 +2,8 @@ language: php php: - 5.6 - 7.0 - - hhvm matrix: - allow_failures: - - php: hhvm - include: - php: 5.6 env: dependencies="--prefer-lowest --prefer-stable" From 5aeaa40d478d60216cfba8ae94187f2b3cfbdfcb Mon Sep 17 00:00:00 2001 From: David Grudl Date: Tue, 17 May 2016 17:49:45 +0200 Subject: [PATCH 36/36] composer: used Tester 2 --- .travis.yml | 2 +- composer.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 72ae79cb..e5bdfacd 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,7 +9,7 @@ matrix: env: dependencies="--prefer-lowest --prefer-stable" script: - - vendor/bin/tester tests -s -p php $coverage + - vendor/bin/tester tests -s $coverage - php temp/code-checker/src/code-checker.php --short-arrays after_failure: diff --git a/composer.json b/composer.json index 17f156f2..cf2a1b65 100644 --- a/composer.json +++ b/composer.json @@ -20,7 +20,7 @@ "require-dev": { "nette/di": "~2.3", "nette/http": "~2.3", - "nette/tester": "~1.4", + "nette/tester": "~2.0", "tracy/tracy": "^2.3" }, "conflict": {