From dee0382c1f33162657b9c5cb45438bb3c04a35b6 Mon Sep 17 00:00:00 2001
From: Qiang Xue <qiang.xue@gmail.com>
Date: Wed, 6 Aug 2014 10:07:14 -0400
Subject: [PATCH] Added `yii\base\InvalidValueException`. Refactored
 `yii\web\User`.

---
 framework/CHANGELOG.md                   |  1 +
 framework/base/InvalidValueException.php | 25 ++++++++++++
 framework/web/User.php                   | 48 +++++++++++++++---------
 3 files changed, 57 insertions(+), 17 deletions(-)
 create mode 100644 framework/base/InvalidValueException.php

diff --git a/framework/CHANGELOG.md b/framework/CHANGELOG.md
index 5238a0fecf..7df2c8a06c 100644
--- a/framework/CHANGELOG.md
+++ b/framework/CHANGELOG.md
@@ -228,6 +228,7 @@ Yii Framework 2 Change Log
 - Chg: `yii\web\Request::cookieValidationKey` must be explicitly specified for each application that wants to use cookie validation (qiangxue)
 - New #3911: Added `yii\behaviors\SluggableBehavior` that fills the specified model attribute with the transliterated and adjusted version to use in URLs (creocoder)
 - New #4193: Added `yii\filters\Cors` CORS filter to allow Cross Origin Resource Sharing (pgaultier)
+- New: Added `yii\base\InvalidValueException` (qiangxue)
 
 
 2.0.0-beta April 13, 2014
diff --git a/framework/base/InvalidValueException.php b/framework/base/InvalidValueException.php
new file mode 100644
index 0000000000..a3727ce44d
--- /dev/null
+++ b/framework/base/InvalidValueException.php
@@ -0,0 +1,25 @@
+<?php
+/**
+ * @link http://www.yiiframework.com/
+ * @copyright Copyright (c) 2008 Yii Software LLC
+ * @license http://www.yiiframework.com/license/
+ */
+
+namespace yii\base;
+
+/**
+ * InvalidValueException represents an exception caused by a function returning a value of unexpected type.
+ *
+ * @author Qiang Xue <qiang.xue@gmail.com>
+ * @since 2.0
+ */
+class InvalidValueException extends \UnexpectedValueException
+{
+    /**
+      * @return string the user-friendly name of this exception
+      */
+     public function getName()
+     {
+         return 'Invalid Return Value';
+     }
+}
diff --git a/framework/web/User.php b/framework/web/User.php
index 05f8364705..b4d1fae7ec 100644
--- a/framework/web/User.php
+++ b/framework/web/User.php
@@ -10,6 +10,7 @@ namespace yii\web;
 use Yii;
 use yii\base\Component;
 use yii\base\InvalidConfigException;
+use yii\base\InvalidValueException;
 
 /**
  * User is the class for the "user" application component that manages the user authentication status.
@@ -186,11 +187,16 @@ class User extends Component
      *
      * @param IdentityInterface|null $identity the identity object associated with the currently logged user.
      * If null, it means the current user will be a guest without any associated identity.
+     * @throws InvalidValueException if `$identity` object does not implement [[IdentityInterface]].
      */
     public function setIdentity($identity)
     {
-        $this->_identity = $identity;
-        $this->_access = [];
+        if ($identity instanceof IdentityInterface) {
+            $this->_identity = $identity;
+            $this->_access = [];
+        } else {
+            throw new InvalidValueException('The identity object must implement IdentityInterface.');
+        }
     }
 
     /**
@@ -219,7 +225,7 @@ class User extends Component
      * Note that if [[enableSession]] is false, this parameter will be ignored.
      * @return boolean whether the user is logged in
      */
-    public function login($identity, $duration = 0)
+    public function login(IdentityInterface $identity, $duration = 0)
     {
         if ($this->beforeLogin($identity, false, $duration)) {
             $this->switchIdentity($identity, $duration);
@@ -274,21 +280,29 @@ class User extends Component
         }
 
         $data = json_decode($value, true);
-        if (count($data) === 3 && isset($data[0], $data[1], $data[2])) {
-            list ($id, $authKey, $duration) = $data;
-            /* @var $class IdentityInterface */
-            $class = $this->identityClass;
-            $identity = $class::findIdentity($id);
-            if ($identity !== null && $identity->validateAuthKey($authKey)) {
-                if ($this->beforeLogin($identity, true, $duration)) {
-                    $this->switchIdentity($identity, $this->autoRenewCookie ? $duration : 0);
-                    $ip = Yii::$app->getRequest()->getUserIP();
-                    Yii::info("User '$id' logged in from $ip via cookie.", __METHOD__);
-                    $this->afterLogin($identity, true, $duration);
-                }
-            } elseif ($identity !== null) {
-                Yii::warning("Invalid auth key attempted for user '$id': $authKey", __METHOD__);
+        if (count($data) !== 3 || !isset($data[0], $data[1], $data[2])) {
+            return;
+        }
+
+        list ($id, $authKey, $duration) = $data;
+        /* @var $class IdentityInterface */
+        $class = $this->identityClass;
+        $identity = $class::findIdentity($id);
+        if ($identity === null) {
+            return;
+        } elseif (!$identity instanceof IdentityInterface) {
+            throw new InvalidValueException("$class::findIdentity() must return an object implementing IdentityInterface.");
+        }
+
+        if ($identity->validateAuthKey($authKey)) {
+            if ($this->beforeLogin($identity, true, $duration)) {
+                $this->switchIdentity($identity, $this->autoRenewCookie ? $duration : 0);
+                $ip = Yii::$app->getRequest()->getUserIP();
+                Yii::info("User '$id' logged in from $ip via cookie.", __METHOD__);
+                $this->afterLogin($identity, true, $duration);
             }
+        } else {
+            Yii::warning("Invalid auth key attempted for user '$id': $authKey", __METHOD__);
         }
     }