1: <?php
2: /**
3: * CakePHP(tm) : Rapid Development Framework (https://cakephp.org)
4: * Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
5: *
6: * Licensed under The MIT License
7: * For full copyright and license information, please see the LICENSE.txt
8: * Redistributions of files must retain the above copyright notice.
9: *
10: * @copyright Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org)
11: * @link https://cakephp.org CakePHP(tm) Project
12: * @since 3.1.0
13: * @license https://opensource.org/licenses/mit-license.php MIT License
14: */
15: namespace Cake\Auth\Storage;
16:
17: use Cake\Core\InstanceConfigTrait;
18: use Cake\Http\Response;
19: use Cake\Http\ServerRequest;
20:
21: /**
22: * Session based persistent storage for authenticated user record.
23: */
24: class SessionStorage implements StorageInterface
25: {
26: use InstanceConfigTrait;
27:
28: /**
29: * User record.
30: *
31: * Stores user record array if fetched from session or false if session
32: * does not have user record.
33: *
34: * @var \ArrayAccess|array|false
35: */
36: protected $_user;
37:
38: /**
39: * Session object.
40: *
41: * @var \Cake\Http\Session
42: */
43: protected $_session;
44:
45: /**
46: * Default configuration for this class.
47: *
48: * Keys:
49: *
50: * - `key` - Session key used to store user record.
51: * - `redirect` - Session key used to store redirect URL.
52: *
53: * @var array
54: */
55: protected $_defaultConfig = [
56: 'key' => 'Auth.User',
57: 'redirect' => 'Auth.redirect'
58: ];
59:
60: /**
61: * Constructor.
62: *
63: * @param \Cake\Http\ServerRequest $request Request instance.
64: * @param \Cake\Http\Response $response Response instance.
65: * @param array $config Configuration list.
66: */
67: public function __construct(ServerRequest $request, Response $response, array $config = [])
68: {
69: $this->_session = $request->getSession();
70: $this->setConfig($config);
71: }
72:
73: /**
74: * Read user record from session.
75: *
76: * @return array|null User record if available else null.
77: */
78: public function read()
79: {
80: if ($this->_user !== null) {
81: return $this->_user ?: null;
82: }
83:
84: $this->_user = $this->_session->read($this->_config['key']) ?: false;
85:
86: return $this->_user ?: null;
87: }
88:
89: /**
90: * Write user record to session.
91: *
92: * The session id is also renewed to help mitigate issues with session replays.
93: *
94: * @param array|\ArrayAccess $user User record.
95: * @return void
96: */
97: public function write($user)
98: {
99: $this->_user = $user;
100:
101: $this->_session->renew();
102: $this->_session->write($this->_config['key'], $user);
103: }
104:
105: /**
106: * Delete user record from session.
107: *
108: * The session id is also renewed to help mitigate issues with session replays.
109: *
110: * @return void
111: */
112: public function delete()
113: {
114: $this->_user = false;
115:
116: $this->_session->delete($this->_config['key']);
117: $this->_session->renew();
118: }
119:
120: /**
121: * {@inheritDoc}
122: */
123: public function redirectUrl($url = null)
124: {
125: if ($url === null) {
126: return $this->_session->read($this->_config['redirect']);
127: }
128:
129: if ($url === false) {
130: $this->_session->delete($this->_config['redirect']);
131:
132: return null;
133: }
134:
135: $this->_session->write($this->_config['redirect'], $url);
136: }
137: }
138: