Authenticator
class Authenticator
The class used to authenticate requests
This is the API class that should be used in other apps.
Properties
| private | $input | ||
| static private | $instances | ||
| private | $account | ||
| private | $realaccount | ||
| private | $session | ||
| private | $client |
Methods
Returns the authenticated user account (or null)
Returns the authenticated user account (not null)
Returns the actual account used for the request, not the masqueraded one (or null)
Returns the actual account used for the request, not the masqueraded one (not null)
Returns true if the user is masquering as another user
Returns the session used for the request (or null)
Returns the session used for the request (not null)
Returns the client used for the request or null
Returns true if the account used for the request is an admin
Returns true if the real account used for the request is an admin
The primary authentication routine
Requires that the user is an administrator
Requires that the user posts a twofactor code, if the account uses twofactor
No description
Requires that the user provides their password
Same as RequireCrypto() but does nothing if the account does not have crypto
Same as StaticRequireCrypto() but does nothing if the account does not have crypto
Requires that the account's crypto is unlocked for the request (and exists)
Runs TryRequireCrypto() on all instantiated authenticators for $account and throws if not unlocked
Details
at line 64
Account|null
TryGetAccount()
Returns the authenticated user account (or null)
at line 67
Account
GetAccount()
Returns the authenticated user account (not null)
at line 77
Account|null
TryGetRealAccount()
Returns the actual account used for the request, not the masqueraded one (or null)
at line 80
Account
GetRealAccount()
Returns the actual account used for the request, not the masqueraded one (not null)
at line 88
bool
isSudoUser()
Returns true if the user is masquering as another user
at line 93
Session|null
TryGetSession()
Returns the session used for the request (or null)
at line 96
Session
GetSession()
Returns the session used for the request (not null)
at line 106
Client|null
TryGetClient()
Returns the client used for the request or null
at line 109
Client
GetClient()
Returns the client used for the request (not null)
at line 117
bool
isAdmin()
Returns true if the account used for the request is an admin
at line 120
bool
isRealAdmin()
Returns true if the real account used for the request is an admin
at line 125
private
__construct(Input $input)
No description
at line 143
static Authenticator|null
TryAuthenticate(ObjectDatabase $database, Input $input, IOInterface $interface)
The primary authentication routine
Loads the specified session, checks validity, updates dates. Note that only a session must be provided, not the client that owns it.
at line 207
Authenticator
RequireAdmin()
Requires that the user is an administrator
at line 217
Authenticator
TryRequireTwoFactor()
Requires that the user posts a twofactor code, if the account uses twofactor
at line 225
static void
StaticTryRequireTwoFactor(Input $input, Account $account, Session|null $session = null)
No description
at line 242
Authenticator
RequirePassword()
Requires that the user provides their password
at line 260
Authenticator
TryRequireCrypto()
Same as RequireCrypto() but does nothing if the account does not have crypto
at line 271
static void
StaticTryRequireCrypto(Input $input, Account $account, Session|null $session = null)
Same as StaticRequireCrypto() but does nothing if the account does not have crypto
at line 283
Authenticator
RequireCrypto()
Requires that the account's crypto is unlocked for the request (and exists)
Account crypto can be unlocked via a session, a recovery key, or a password
at line 291
static void
StaticRequireCrypto(Input $input, Account $account, Session|null $session = null)
No description
at line 325
static void
RequireCryptoFor(Account $account)
Runs TryRequireCrypto() on all instantiated authenticators for $account and throws if not unlocked