chg: dev: refactor to separate concerns.

Author: vaab

auth-with-session-id.php

@@ -9,7 +9,7 @@
 header('Access-Control-Allow-Headers: origin, content-type, accept');
 
 $oe = new OEAuth($config["oe"]["url"], $config["oe"]["dbname"]);
-$oe->setSessionInformation($_REQUEST["oe_session_id"], $_REQUEST["oe_cookie"]); 
+$oe->authTokenStore->set($oe->authWebTransmitter->read_tokens_from_request()); 
 
 if ($oe->is_auth()) {
   echo "AUTH";

auth.php

@@ -0,0 +1,137 @@
+<?php
+
+
+/**
+ * Stores tokens
+ */
+
+abstract class AuthTokenStore {
+
+  abstract public function exists();
+  abstract public function set($tokens);
+  abstract public function get();
+
+};
+
+
+/**
+ * Authentication Provider
+ */
+abstract class AuthProvider {
+
+  /**
+   * Login with session tokens to resume an existing session
+   *
+   */
+  abstract public function login_with_tokens($tokens);
+
+  /**
+   * Returns tokens from the current opened session.
+   *
+   * Note that this method will be called only after login
+   *
+   */
+  abstract public function get_tokens();
+
+  /**
+   * Returns True/False whether credentials are valid and session created.
+   *
+   * Note that some sort of a session must be created as we will ask for
+   * tokens of this session with ``get_tokens()``.
+   *
+   */
+  abstract public function login($credentials);
+
+
+  /**
+   * Closes the current session and returns boolean upon success.
+   *
+   */
+  abstract public function logout();
+
+};
+
+/**
+ * Propagate tokens
+ */
+abstract class AuthWebTransmitter {
+
+  abstract public function read_tokens_from_request();
+  abstract public function js_propagation_code($tokens);
+
+};
+
+
+/**
+ * Manages an oe connection and it's relation with php session,
+ * provides also facilities to send authentication to other domains.
+ */
+abstract class Auth {
+
+  private $auth_cache = NULL;
+  private $auth_cache_dirty = True;
+  private $enable_propagation = False;
+
+  /**
+   * returns True if login is accepted
+   */
+
+  public function is_auth() {
+    if ($this->auth_cache !== NULL &&
+        $this->auth_cache_dirty === False)
+      return $this->auth_cache;
+
+    $this->auth_cache = $this->authTokenStore->exists() &&
+      $this->authProvider->login_with_tokens($this->authTokenStore->get());
+    $this->auth_cache_dirty = False;
+    return $this->auth_cache;
+  }
+
+
+  /** authenticating by credential
+   *
+   * This function must validate authentication of given credentials
+   */
+  public function authenticate($credentials) {
+
+    $login_success = $this->authProvider->login($credentials);
+    if ($login_success) {
+      $tokens = $this->authProvider->get_tokens();
+      $this->authTokenStore->set($tokens);
+      $this->auth_cache = True;
+      $this->auth_cache_dirty = False;
+      $this->enable_propagation = True;
+    };
+    return $login_success;
+  }
+
+  /** deauthenticating
+   *
+   * This function must unlog current session
+   */
+  public function deauthenticate() {
+
+    $this->authProvider->logout();
+
+    $this->authTokenStore->set(null); // deleting tokens
+    $this->auth_cache = False;
+    $this->auth_cache_dirty = False;
+
+    $this->enable_propagation = True;
+    return True; // logout succeeded
+  }
+
+  /** returns javascript code to define the ``get_session_ids()``
+   * function and urls variable
+   *
+   */
+  public function js_code_for_propagate() {
+    if (!$this->enable_propagation) return "";
+
+    $tokens = $this->authTokenStore->get(); // returns NULL if no tokens
+    return $this->authWebTransmitter->js_propagation_code($tokens);
+  }
+
+}
+
+?>

index.php

@@ -50,7 +50,7 @@
 
     </style>
 
-    <?php echo $oe->js_code; ?>
+    <?php echo $oe->js_code_for_propagate(); ?>
 
   </head>
   <body>

oeauth.php

@@ -1,99 +1,109 @@
 <?php
 
 require_once "php-oe-json/openerp.php";
+require_once "auth.php";
+
 
 /**
- * Manages an oe connection and it's relation with php session,
- * provides also facilities to send authentication to other domains.
+ * OpenERP Authentication Provider
  */
-class OEAuth {
-
-  public $js_code = "";
+class OEAuthProvider extends AuthProvider {
 
   function __construct($url, $db) {
     $this->oe = new OpenERP($url, $db);
-    $this->_auth_cache = NULL;
-    $this->_auth_cache_dirty = True;
-
-    session_start();
   }
 
-  public function is_auth() {
-    if ($this->_auth_cache !== NULL &&
-        $this->_auth_cache_dirty === False)
-      return $this->_auth_cache;
-
-    $auth = False;
-    if (isset($_SESSION["oe_session_id"])) {
-      if ($this->oe->loginWithSessionId($_SESSION["oe_session_id"],$_SESSION["oe_cookie"]))
-        $auth = True;
-    }
-
-    $this->_auth_cache = $auth;
-    $this->_auth_cache_dirty = False;
-    return $this->_auth_cache;
+  /**
+   * Login with session tokens to resume an existing session
+   *
+   */
+  public function login_with_tokens($tokens) {
+    return $this->oe->loginWithSessionId($tokens["oe_session_id"],$tokens["oe_cookie"]);
   }
 
-  public function setSessionInformation($oe_session_id, $oe_cookie) {
-    $_SESSION["oe_session_id"] = $oe_session_id;
-    $_SESSION["oe_cookie"] = $oe_cookie;
+  /**
+   * Returns tokens from the current opened session.
+   *
+   * Note that this method will be called only after login
+   *
+   */
+  public function get_tokens() {
+    return array("oe_session_id" => $this->oe->session_id,
+                 "oe_cookie" => $this->oe->cookie);
   }
 
-  /** authenticating by credential
+  /**
+   * Returns True/False whether credentials are valid and session created.
+   *
+   * Note that some sort of a session must be created as we will ask for
+   * tokens of this session with ``get_tokens()``.
    *
-   * This function must validate authentication of given credentials
    */
-  public function authenticate($credentials) {
-
+  public function login($credentials) {
     if (!(isset($credentials["login"]) && isset($credentials["password"])))
       return False;
 
-    $this->oe->login($credentials["login"], $credentials["password"]);
-
-    if ($this->oe->authenticated) {
-      $this->setSessionInformation($this->oe->session_id, $this->oe->cookie);
-      $this->_auth_cache = True;
-      $this->_auth_cache_dirty = False;
-    };
-    $this->js_code = $this->js_code_for_propagate();
-    return $this->oe->authenticated;
+    return $this->oe->login($credentials["login"], $credentials["password"]);
   }
 
-  /** deauthenticating
+  /**
+   * Closes the current session and returns boolean upon success.
    *
-   * This function must unlog current session
    */
-  public function deauthenticate() {
+  public function logout() {
+    return $this->oe->logout(); // doesn't seem to work how it should
+  }
 
-    $this->oe->logout(); // doesn't seem to work how it should
+}
 
-    unset($_SESSION["oe_session_id"]);
-    unset($_SESSION["oe_cookie"]);
-    $this->_auth_cache = False;
-    $this->_auth_cache_dirty = False;
+/**
+ * Uses $_SESSION variable to store authentication tokens
+ */
+class SessionAuthTokenStore extends AuthTokenStore {
 
-    $this->js_code = $this->js_code_for_propagate();
-    return True; // logout succeeded
+  private $key = "auth_tokens";
+
+  function __construct() {
+    session_start();
   }
 
-  /** returns javascript code to define the ``get_session_ids()``
-   * function and urls variable
-   *
-   */
-  public function js_code_for_propagate() {
+  public function exists() {
+    return isset($_SESSION[$this->key]);
+  }
 
-    global $config;
+  public function set($tokens) {
+    $_SESSION[$this->key] = $tokens;
+  }
+
+  public function get() {
+    return isset($_SESSION[$this->key])?$_SESSION[$this->key]:null;
+  }
+
+}
+
+/**
+ * Silent JS ajax call to propagate tokens.
+ */
+class JsAuthWebTransmitter extends AuthWebTransmitter {
+
+  function __construct($urls) {
+    $this->urls = $urls;
+  }
+
+  public function read_tokens_from_request() {
+    return array("oe_session_id" => $_REQUEST["oe_session_id"],
+                 "oe_cookie" => $_REQUEST["oe_cookie"]);
+  }
 
-    $oe_session_id = isset($_SESSION["oe_session_id"])?$_SESSION["oe_session_id"]:"";
-    $oe_cookie = isset($_SESSION["oe_cookie"])?$_SESSION["oe_cookie"]:"";
+  public function js_propagation_code($tokens) {
 
     $url_js_code = array();
-    foreach($config["urls"] as $url) {
+    foreach($this->urls as $url) {
       $url_js_code[] = "'$url'";
     };
     $url_js_code = implode(", ", $url_js_code);
 
-    return "<script type='text/javascript'>\n
+    return "<script type='text/javascript'>
 
     urls = [$url_js_code];
 
@@ -131,8 +141,7 @@ function propagate_authentication_status(origin) {
 
     function get_session_ids() {
       var res = $.Deferred();
-      res.resolve({oe_session_id: '" . $oe_session_id . "',
-                   oe_cookie: '" . $oe_cookie . "'});
+      res.resolve(" . json_encode($tokens, true) . ");
       return res;
     }
 
@@ -144,11 +153,30 @@ function get_session_ids() {
 
   }
 
+};
+
+
+
+
+/**
+ * Manages an oe connection and it's relation with php session,
+ * provides also facilities to send authentication to other domains.
+ */
+class OEAuth extends Auth {
+
+  function __construct($url, $db) {
+    global $config;
+    $this->authProvider = new OEAuthProvider($url, $db);
+    $this->authTokenStore = new SessionAuthTokenStore();
+    $this->authWebTransmitter = new JsAuthWebTransmitter($config["urls"]);
+  }
+
+
   /**
-   * call delegation Delegation to $this->oe
+   * call delegation Delegation to $this->authProvider->oe
    */
   function __call($method, $params) {
-    return $this->oe->__call($method, $params);
+    return $this->authProvider->oe->__call($method, $params);
   }
 }