merged skunkworks into develop.

2012-01-16 13:59:24 -06:00
parent 610d8827c4
commit b5442c67fc
117 changed files with 7268 additions and 3999 deletions
--- a/laravel/auth.php
+++ b/laravel/auth.php
@@ -7,7 +7,7 @@ class Auth {
 	 *
 	 * @var object
 	 */
-	protected static $user;
+	public static $user;

 	/**
 	 * The key used when storing the user ID in the session.
@@ -48,12 +48,6 @@ class Auth {
 	/**
 	 * Get the current user of the application.
 	 *
-	 * This method will call the "user" closure in the auth configuration file.
-	 * If the user is not authenticated, null will be returned by the methd.
-	 *
-	 * If no user exists in the session, the method will check for a "remember me"
-	 * cookie and attempt to login the user based on the value of that cookie.
-	 *
 	 * <code>
 	 *		// Get the current user of the application
 	 *		$user = Auth::user();
@@ -62,20 +56,26 @@ class Auth {
 	 *		$email = Auth::user()->email;
 	 * </code>
 	 *
-	 * @return object
+	 * @return object|null
 	 */
 	public static function user()
 	{
 		if ( ! is_null(static::$user)) return static::$user;

-		$id = IoC::core('session')->get(Auth::user_key);
+		$id = Session::get(Auth::user_key);

-		static::$user = call_user_func(Config::get('auth.user'), $id);
+		// To retrieve the user, we'll first attempt to use the "user" Closure
+		// defined in the auth configuration file, passing in the ID. The user
+		// Closure gives the developer a ton of freedom surrounding how the
+		// user is actually retrieved.
+		$config = Config::get('auth');

-		// If the user was not found in the database, but a "remember me" cookie
-		// exists, we will attempt to recall the user based on the cookie value.
-		// Since all cookies contain a fingerprint hash verifying that the have
-		// not been modified on the client, we should be able to trust it.
+		static::$user = call_user_func($config['user'], $id);
+
+		// If the user wasn't found in the database but a "remember me" cookie
+		// exists, we'll attempt to recall the user based on the cookie value.
+		// Since all cookies contain a fingerprint hash verifying that they
+		// haven't changed, we can trust it.
 		$recaller = Cookie::get(Auth::remember_key);

 		if (is_null(static::$user) and ! is_null($recaller))
@@ -94,13 +94,17 @@ class Auth {
 	 */
 	protected static function recall($recaller)
 	{
-		// When the "remember me" cookie is stored, it is encrypted and contains the
-		// user's ID and a long, random string. The ID and string are separated by
-		// a pipe character. Since we exploded the decrypted string, we can just
-		// pass the first item in the array to the user Closure.
+		// When the remember me cookie is stored, it is encrypted and contains
+		// the user's ID and a long, random string. The segments are separated
+		// by a pipe character so we'll explode on that.
 		$recaller = explode('|', Crypter::decrypt($recaller));

-		if ( ! is_null($user = call_user_func(Config::get('auth.user'), $recaller[0])))
+		// We'll pass the ID that was stored in the cookie into the same user
+		// Closure that is used by the "user" method. If the method returns
+		// a user, we will log them into the application.
+		$user = call_user_func(Config::get('auth.user'), $recaller[0]);
+
+		if ( ! is_null($user))
 		{
 			static::login($user);

@@ -111,12 +115,13 @@ class Auth {
 	/**
 	 * Attempt to log a user into the application.
 	 *
-	 * If the credentials are valid, the user will be logged into the application
-	 * and their user ID will be stored in the session via the "login" method.
+	 * <code>
+	 *		// Attempt to log a user into the application
+	 *		$success = Auth::attempt('username', 'password');
 	 *
-	 * The user may also be "remembered", which will keep the user logged into the
-	 * application for one year or until they logout. The user is remembered via
-	 * an encrypted cookie.
+	 *		// Attempt to login a user and set the "remember me" cookie
+	 *		Auth::attempt('username', 'password', true);
+	 * </code>
 	 *
 	 * @param  string  $username
 	 * @param  string  $password
@@ -127,32 +132,35 @@ class Auth {
 	{
 		$config = Config::get('auth');

-		$user = call_user_func($config['attempt'], $username, $password, $config);
+		// When attempting to login the user, we will call the "attempt" closure
+		// from the configuration file. This gives the developer the freedom to
+		// authenticate based on the needs of their application.
+		//
+		// All of the password hashing and checking and left totally up to the
+		// developer, as this gives them the freedom to use any hashing scheme
+		// or authentication provider they wish.
+		$user = call_user_func($config['attempt'], $username, $password);

-		if ( ! is_null($user))
-		{
-			static::login($user, $remember);
+		// If the user credentials were authenticated by the closure, we will
+		// log the user into the application, which will store their user ID
+		// in the session for subsequent requests.
+		if (is_null($user)) return false;

-			return true;
-		}
+		static::login($user, $remember);

-		return false;
+		return true;
 	}

 	/**
 	 * Log a user into the application.
 	 *
-	 * An object representing the user or an integer user ID may be given to the method.
-	 * If an object is given, the object must have an "id" property containing the user
-	 * ID as it is stored in the database.
-	 *
 	 * <code>
-	 *		// Login a user by passing a user object
-	 *		Auth::login($user);
-	 *
 	 *		// Login the user with an ID of 15
 	 *		Auth::login(15);
 	 *
+	 *		// Login a user by passing a user object
+	 *		Auth::login($user);
+	 *
 	 *		// Login a user and set a "remember me" cookie
 	 *		Auth::login($user, true);
 	 * </code>
@@ -167,11 +175,11 @@ class Auth {

 		if ($remember) static::remember($id);

-		IoC::core('session')->put(Auth::user_key, $id);
+		Session::put(Auth::user_key, $id);
 	}

 	/**
-	 * Set a cookie so that users are "remembered" and don't need to login.
+	 * Set a cookie so that the user is "remembered".
 	 *
 	 * @param  string  $id
 	 * @return void
@@ -183,7 +191,7 @@ class Auth {
 		// This method assumes the "remember me" cookie should have the same
 		// configuration as the session cookie. Since this cookie, like the
 		// session cookie, should be kept very secure, it's probably safe
-		// to assume the settings are the same.
+		// to assume the settings are the same for this cookie.
 		$config = Config::get('session');

 		extract($config, EXTR_SKIP);
@@ -194,14 +202,13 @@ class Auth {
 	/**
 	 * Log the current user out of the application.
 	 *
-	 * The "logout" closure in the authenciation configuration file will be
-	 * called. All authentication cookies will be deleted and the user ID
-	 * will be removed from the session.
-	 *
 	 * @return void
 	 */
 	public static function logout()
 	{
+		// We will call the "logout" closure first, which gives the developer
+		// the chance to do any clean-up or before the user is logged out of
+		// the application. No action is taken by default.
 		call_user_func(Config::get('auth.logout'), static::user());

 		static::$user = null;
@@ -213,11 +220,9 @@ class Auth {
 		// When forgetting the cookie, we need to also pass in the path and
 		// domain that would have been used when the cookie was originally
 		// set by the framework, otherwise it will not be deleted.
-		Cookie::forget(Auth::user_key, $path, $domain, $secure);
-
 		Cookie::forget(Auth::remember_key, $path, $domain, $secure);

-		IoC::core('session')->forget(Auth::user_key);
+		Session::forget(Auth::user_key);
 	}

 }