1: <?php
  2: /**
  3:  * Magento
  4:  *
  5:  * NOTICE OF LICENSE
  6:  *
  7:  * This source file is subject to the Open Software License (OSL 3.0)
  8:  * that is bundled with this package in the file LICENSE.txt.
  9:  * It is also available through the world-wide-web at this URL:
 10:  * http://opensource.org/licenses/osl-3.0.php
 11:  * If you did not receive a copy of the license and are unable to
 12:  * obtain it through the world-wide-web, please send an email
 13:  * to license@magentocommerce.com so we can send you a copy immediately.
 14:  *
 15:  * DISCLAIMER
 16:  *
 17:  * Do not edit or add to this file if you wish to upgrade Magento to newer
 18:  * versions in the future. If you wish to customize Magento for your
 19:  * needs please refer to http://www.magentocommerce.com for more information.
 20:  *
 21:  * @category    Mage
 22:  * @package     Mage_Api
 23:  * @copyright   Copyright (c) 2012 Magento Inc. (http://www.magentocommerce.com)
 24:  * @license     http://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
 25:  */
 26: 
 27: /**
 28:  * Webservice api session
 29:  *
 30:  * @category   Mage
 31:  * @package    Mage_Api
 32:  * @author     Magento Core Team <core@magentocommerce.com>
 33:  */
 34: class Mage_Api_Model_Session extends Mage_Core_Model_Session_Abstract
 35: {
 36:     public $sessionIds = array();
 37:     protected $_currentSessId = null;
 38: 
 39:     public function start($sessionName=null)
 40:     {
 41: //        parent::start($sessionName=null);
 42:         $this->_currentSessId = md5(time() . uniqid('', true) . $sessionName);
 43:         $this->sessionIds[] = $this->getSessionId();
 44:         return $this;
 45:     }
 46: 
 47:     public function init($namespace, $sessionName=null)
 48:     {
 49:         if (is_null($this->_currentSessId)) {
 50:             $this->start();
 51:         }
 52:         return $this;
 53:     }
 54: 
 55:     public function getSessionId()
 56:     {
 57:         return $this->_currentSessId;
 58:     }
 59: 
 60:     public function setSessionId($sessId = null)
 61:     {
 62:         if (!is_null($sessId)) {
 63:             $this->_currentSessId = $sessId;
 64:         }
 65:         return $this;
 66:     }
 67: 
 68:     public function revalidateCookie()
 69:     {
 70:         // In api we don't use cookies
 71:     }
 72: 
 73:     public function clear() {
 74:         if ($sessId = $this->getSessionId()) {
 75:             try {
 76:                 Mage::getModel('api/user')->logoutBySessId($sessId);
 77:             } catch (Exception $e) {
 78:                 return false;
 79:             }
 80:         }
 81:         return true;
 82:     }
 83: 
 84:     public function login($username, $apiKey)
 85:     {
 86:         $user = Mage::getModel('api/user')
 87:             ->setSessid($this->getSessionId())
 88:             ->login($username, $apiKey);
 89: 
 90:         if ( $user->getId() && $user->getIsActive() != '1' ) {
 91:             Mage::throwException(Mage::helper('api')->__('Your account has been deactivated.'));
 92:         } elseif (!Mage::getModel('api/user')->hasAssigned2Role($user->getId())) {
 93:             Mage::throwException(Mage::helper('api')->__('Access denied.'));
 94:         } else {
 95:             if ($user->getId()) {
 96:                 $this->setUser($user);
 97:                 $this->setAcl(Mage::getResourceModel('api/acl')->loadAcl());
 98:             } else {
 99:                 Mage::throwException(Mage::helper('api')->__('Unable to login.'));
100:             }
101:         }
102: 
103:         return $user;
104:     }
105: 
106:     public function refreshAcl($user=null)
107:     {
108:         if (is_null($user)) {
109:             $user = $this->getUser();
110:         }
111:         if (!$user) {
112:             return $this;
113:         }
114:         if (!$this->getAcl() || $user->getReloadAclFlag()) {
115:             $this->setAcl(Mage::getResourceModel('api/acl')->loadAcl());
116:         }
117:         if ($user->getReloadAclFlag()) {
118:             $user->unsetData('api_key');
119:             $user->setReloadAclFlag('0')->save();
120:         }
121:         return $this;
122:     }
123: 
124:     /**
125:      * Check current user permission on resource and privilege
126:      *
127:      *
128:      * @param   string $resource
129:      * @param   string $privilege
130:      * @return  bool
131:      */
132:     public function isAllowed($resource, $privilege=null)
133:     {
134:         $user = $this->getUser();
135:         $acl = $this->getAcl();
136: 
137:         if ($user && $acl) {
138:             try {
139:                 if ($acl->isAllowed($user->getAclRole(), 'all', null)){
140:                     return true;
141:                 }
142:             } catch (Exception $e) {}
143: 
144:             try {
145:                 return $acl->isAllowed($user->getAclRole(), $resource, $privilege);
146:             } catch (Exception $e) {
147:                 return false;
148:             }
149:         }
150:         return false;
151:     }
152: 
153:     /**
154:      *  Check session expiration
155:      *
156:      *  @return  boolean
157:      */
158:     public function isSessionExpired ($user)
159:     {
160:         if (!$user->getId()) {
161:             return true;
162:         }
163:         $timeout = strtotime( now() ) - strtotime( $user->getLogdate() );
164:         return $timeout > Mage::getStoreConfig('api/config/session_timeout');
165:     }
166: 
167: 
168:     public function isLoggedIn($sessId = false)
169:     {
170:         $userExists = $this->getUser() && $this->getUser()->getId();
171: 
172:         if (!$userExists && $sessId !== false) {
173:             return $this->_renewBySessId($sessId);
174:         }
175: 
176:         if ($userExists) {
177:             Mage::register('isSecureArea', true, true);
178:         }
179:         return $userExists;
180:     }
181: 
182:     /**
183:      *  Renew user by session ID if session not expired
184:      *
185:      *  @param    string $sessId
186:      *  @return  boolean
187:      */
188:     protected function _renewBySessId ($sessId)
189:     {
190:         $user = Mage::getModel('api/user')->loadBySessId($sessId);
191:         if (!$user->getId() || !$user->getSessid()) {
192:             return false;
193:         }
194: 
195:         if ($user->getSessid() == $sessId && !$this->isSessionExpired($user)) {
196:             $this->setUser($user);
197:             $this->setAcl(Mage::getResourceModel('api/acl')->loadAcl());
198: 
199:             $user->getResource()->recordLogin($user)
200:                 ->recordSession($user);
201: 
202:             return true;
203:         }
204:         return false;
205:     }
206: 
207: } // Class Mage_Api_Model_Session End
208: