Merge branch '3.2/develop' into 3.2/master

kohana · Aug 24, 2012 · 6cb63e4 · 6cb63e4
2 parents bb5f9ef + 4af8c37
commit 6cb63e4
Show file tree

Hide file tree

Showing 10 changed files with 185 additions and 92 deletions.
diff --git a/auth-schema-mysql.sql b/auth-schema-mysql.sql
@@ -38,7 +38,8 @@ CREATE TABLE IF NOT EXISTS `user_tokens` (
   `expires` int(10) UNSIGNED NOT NULL,
   PRIMARY KEY  (`id`),
   UNIQUE KEY `uniq_token` (`token`),
-  KEY `fk_user_id` (`user_id`)
+  KEY `fk_user_id` (`user_id`),
+  KEY `expires` (`expires`)
 ) ENGINE=InnoDB  DEFAULT CHARSET=utf8;
 
 ALTER TABLE `roles_users`

diff --git a/classes/kohana/auth/orm.php b/classes/kohana/auth/orm.php
@@ -4,7 +4,7 @@
  *
  * @package    Kohana/Auth
  * @author     Kohana Team
- * @copyright  (c) 2007-2011 Kohana Team
+ * @copyright  (c) 2007-2012 Kohana Team
  * @license    http://kohanaframework.org/license
  */
 class Kohana_Auth_ORM extends Auth {
@@ -60,9 +60,9 @@ public function logged_in($role = NULL)
 	/**
 	 * Logs a user in.
 	 *
-	 * @param   string   username
-	 * @param   string   password
-	 * @param   boolean  enable autologin
+	 * @param   string   $username
+	 * @param   string   $password
+	 * @param   boolean  $remember  enable autologin
 	 * @return  boolean
 	 */
 	protected function _login($user, $password, $remember)
@@ -89,7 +89,7 @@ protected function _login($user, $password, $remember)
 			{
 				// Token data
 				$data = array(
-					'user_id'    => $user->id,
+					'user_id'    => $user->pk(),
 					'expires'    => time() + $this->_config['lifetime'],
 					'user_agent' => sha1(Request::$user_agent),
 				);
@@ -116,8 +116,8 @@ protected function _login($user, $password, $remember)
 	/**
 	 * Forces a user to be logged in, without specifying a password.
 	 *
-	 * @param   mixed    username string, or user ORM object
-	 * @param   boolean  mark the session as forced
+	 * @param   mixed    $user                    username string, or user ORM object
+	 * @param   boolean  $mark_session_as_forced  mark the session as forced
 	 * @return  boolean
 	 */
 	public function force_login($user, $mark_session_as_forced = FALSE)
@@ -180,18 +180,20 @@ public function auto_login()
 
 	/**
 	 * Gets the currently logged in user from the session (with auto_login check).
-	 * Returns FALSE if no user is currently logged in.
+	 * Returns $default if no user is currently logged in.
 	 *
+	 * @param   mixed    $default to return in case user isn't logged in
 	 * @return  mixed
 	 */
 	public function get_user($default = NULL)
 	{
 		$user = parent::get_user($default);
 
-		if ( ! $user)
+		if ($user === $default)
 		{
 			// check for "remembered" login
-			$user = $this->auto_login();
+			if (($user = $this->auto_login()) === FALSE)
+				return $default;
 		}
 
 		return $user;
@@ -200,8 +202,8 @@ public function get_user($default = NULL)
 	/**
 	 * Log a user out and remove any autologin cookies.
 	 *
-	 * @param   boolean  completely destroy the session
-	 * @param	boolean  remove all tokens for user
+	 * @param   boolean  $destroy     completely destroy the session
+	 * @param	boolean  $logout_all  remove all tokens for user
 	 * @return  boolean
 	 */
 	public function logout($destroy = FALSE, $logout_all = FALSE)
@@ -219,7 +221,13 @@ public function logout($destroy = FALSE, $logout_all = FALSE)
 
 			if ($token->loaded() AND $logout_all)
 			{
-				ORM::factory('user_token')->where('user_id', '=', $token->user_id)->delete_all();
+				// Delete all user tokens. This isn't the most elegant solution but does the job
+				$tokens = ORM::factory('user_token')->where('user_id','=',$token->user_id)->find_all();
+
+				foreach ($tokens as $_token)
+				{
+					$_token->delete();
+				}
 			}
 			elseif ($token->loaded())
 			{
@@ -233,7 +241,7 @@ public function logout($destroy = FALSE, $logout_all = FALSE)
 	/**
 	 * Get the stored password for a username.
 	 *
-	 * @param   mixed   username string, or user ORM object
+	 * @param   mixed   $user  username string, or user ORM object
 	 * @return  string
 	 */
 	public function password($user)
@@ -254,7 +262,7 @@ public function password($user)
 	 * Complete the login for a user by incrementing the logins and setting
 	 * session data: user_id, username, roles.
 	 *
-	 * @param   object  user ORM object
+	 * @param   object  $user  user ORM object
 	 * @return  void
 	 */
 	protected function complete_login($user)