interface/modules/zend_modules/library/Zend/Authentication/Adapter/DbTable/CredentialTreatmentAdapter.php

   1 <?php
   2 /**
   3  * Zend Framework (http://framework.zend.com/)
   4  *
   5  * @link      http://github.com/zendframework/zf2 for the canonical source repository
   6  * @copyright Copyright (c) 2005-2013 Zend Technologies USA Inc. (http://www.zend.com)
   7  * @license   http://framework.zend.com/license/new-bsd New BSD License
   8  */
   9
  10 namespace Zend\Authentication\Adapter\DbTable;
  11
  12 use Zend\Authentication\Result as AuthenticationResult;
  13 use Zend\Db\Adapter\Adapter as DbAdapter;
  14 use Zend\Db\Sql;
  15 use Zend\Db\Sql\Expression as SqlExpr;
  16 use Zend\Db\Sql\Predicate\Operator as SqlOp;
  17
  18 class CredentialTreatmentAdapter extends AbstractAdapter
  19 {
  20     /**
  21      * $credentialTreatment - Treatment applied to the credential, such as MD5() or PASSWORD()
  22      *
  23      * @var string
  24      */
  25     protected $credentialTreatment = null;
  26
  27     /**
  28      * __construct() - Sets configuration options
  29      *
  30      * @param DbAdapter $zendDb
  31      * @param string    $tableName           Optional
  32      * @param string    $identityColumn      Optional
  33      * @param string    $credentialColumn    Optional
  34      * @param string    $credentialTreatment Optional
  35      */
  36     public function __construct(
  37         DbAdapter $zendDb,
  38         $tableName = null,
  39         $identityColumn = null,
  40         $credentialColumn = null,
  41         $credentialTreatment = null
  42     ) {
  43         parent::__construct($zendDb, $tableName, $identityColumn, $credentialColumn);
  44
  45         if (null !== $credentialTreatment) {
  46             $this->setCredentialTreatment($credentialTreatment);
  47         }
  48     }
  49
  50     /**
  51      * setCredentialTreatment() - allows the developer to pass a parametrized string that is
  52      * used to transform or treat the input credential data.
  53      *
  54      * In many cases, passwords and other sensitive data are encrypted, hashed, encoded,
  55      * obscured, or otherwise treated through some function or algorithm. By specifying a
  56      * parametrized treatment string with this method, a developer may apply arbitrary SQL
  57      * upon input credential data.
  58      *
  59      * Examples:
  60      *
  61      *  'PASSWORD(?)'
  62      *  'MD5(?)'
  63      *
  64      * @param  string $treatment
  65      * @return DbTable Provides a fluent interface
  66      */
  67     public function setCredentialTreatment($treatment)
  68     {
  69         $this->credentialTreatment = $treatment;
  70         return $this;
  71     }
  72
  73     /**
  74      * _authenticateCreateSelect() - This method creates a Zend\Db\Sql\Select object that
  75      * is completely configured to be queried against the database.
  76      *
  77      * @return Sql\Select
  78      */
  79     protected function authenticateCreateSelect()
  80     {
  81         // build credential expression
  82         if (empty($this->credentialTreatment) || (strpos($this->credentialTreatment, '?') === false)) {
  83             $this->credentialTreatment = '?';
  84         }
  85
  86         $credentialExpression = new SqlExpr(
  87             '(CASE WHEN ?' . ' = ' . $this->credentialTreatment . ' THEN 1 ELSE 0 END) AS ?',
  88             array($this->credentialColumn, $this->credential, 'zend_auth_credential_match'),
  89             array(SqlExpr::TYPE_IDENTIFIER, SqlExpr::TYPE_VALUE, SqlExpr::TYPE_IDENTIFIER)
  90         );
  91
  92         // get select
  93         $dbSelect = clone $this->getDbSelect();
  94         $dbSelect->from($this->tableName)
  95             ->columns(array('*', $credentialExpression))
  96             ->where(new SqlOp($this->identityColumn, '=', $this->identity));
  97
  98         return $dbSelect;
  99     }
 100
 101     /**
 102      * _authenticateValidateResult() - This method attempts to validate that
 103      * the record in the resultset is indeed a record that matched the
 104      * identity provided to this adapter.
 105      *
 106      * @param  array $resultIdentity
 107      * @return AuthenticationResult
 108      */
 109     protected function authenticateValidateResult($resultIdentity)
 110     {
 111         if ($resultIdentity['zend_auth_credential_match'] != '1') {
 112             $this->authenticateResultInfo['code']       = AuthenticationResult::FAILURE_CREDENTIAL_INVALID;
 113             $this->authenticateResultInfo['messages'][] = 'Supplied credential is invalid.';
 114             return $this->authenticateCreateAuthResult();
 115         }
 116
 117         unset($resultIdentity['zend_auth_credential_match']);
 118         $this->resultRow = $resultIdentity;
 119
 120         $this->authenticateResultInfo['code']       = AuthenticationResult::SUCCESS;
 121         $this->authenticateResultInfo['messages'][] = 'Authentication successful.';
 122         return $this->authenticateCreateAuthResult();
 123     }
 124 }