Merge from new_router branch into master

.gitignore

@@ -0,0 +1 @@
+.DS_Store

Annotation/RequiresLevel.php

@@ -14,11 +14,11 @@ public function validate($class) {
 	}
 
 	public function build(){
+		$this->inherit = true;
 		if(isset($this->parameters['inherit'])){
 			$this->inherit = $this->parameters['inherit'] == 'true';
 			unset($this->parameters['inherit']);
 		}
-
 		$this->methods = $this->parameters;	
 	}
 

Annotation/RespondsWith.php

@@ -22,20 +22,14 @@ public function validate($class) {
 
 
 	public function build(){
+		$this->inherit = false;
 		if(isset($this->parameters['inherit'])){
 			$this->inherit = $this->parameters['inherit'] == 'true';
 			unset($this->parameters['inherit']);
 		}
 
 		$this->methods = $this->parameters;	
 	}
-
-	public function addMethods($methods){
-		foreach($methods as $method){
-			if(array_search($method, $this->methods) === false)
-				$this->methods[] = $method;
-		}
-	}
 }
 
 

Auth.php

@@ -17,11 +17,11 @@ class Wave_Auth {
 
 	public static $_is_loaded = false;
 
-	public static function registerHandler($class){
+	public static function registerHandler($class, $autoload = true){
 		if(!class_implements($class))
 			throw new Wave_Exception('Auth Handler class ('.$class.') must implement Wave_IAuthable');
 
-		$class::loadPersistentAuth();
+		if($autoload) $class::loadPersistentAuth();
 
 		self::$_handler = $class;
 
@@ -39,13 +39,15 @@ public static function checkIdentity($primary, $secondary){
 			$_is_valid = true;
 			// check the secondary credentials
 			foreach($secondary as $key => $value){
-				if(!isset($auth_object->$key) || $auth_object->$key != $value){
-					self::$_auth_problems['secondary'][$key] = array(
-						'value' => $auth_object->$key, 
-						'reason' => self::FAILURE_BAD_CREDENTIAL, 
-						'match' => $value);
-					$_is_valid = false;
-				}
+				if((is_callable($value) && $value($auth_object->$key))
+				  || (isset($auth_object->$key) && $auth_object->$key == $value))
+					continue;
+
+				self::$_auth_problems['secondary'][$key] = array(
+					'value' => $auth_object->$key, 
+					'reason' => self::FAILURE_BAD_CREDENTIAL, 
+					'match' => $value);
+				$_is_valid = false;
 			}
 
 			if($_is_valid){
@@ -68,7 +70,7 @@ public static function registerIdentity($identity){
 		return Wave_Registry::store('__wave_identity', $identity);
 	}
 
-		public static function deregisterIdentity($identity){
+	public static function deregisterIdentity(){
 		return Wave_Registry::destroy('__wave_identity');
 	}
 
@@ -86,15 +88,16 @@ public static function persistIdentity($identity, $type = null, $expires = null)
 				$identity,
 				strtotime($expires),
 				$config->cookie->path,
-				$config->cookie->domain
+				$config->cookie->domain,
+				isset($config->cookie->secure) ? $config->cookie->secure : false,
+				isset($config->cookie->httponly) ? $config->cookie->httponly : true
 			);
 		}
 
 
 	}
 
-	public static function ceaseIdentity($type = null){
-
+	public static function ceaseIdentity($type = null){		
 		$config = Wave_Config::get('deploy')->auth;
 		if($type === null)
 			$type = $config->persist_type;

Autoload.php

@@ -22,7 +22,7 @@ public static function register(){
 	static public function autoload($class){
 		$search_paths = array();
 	 	$skip_app = false;
-	
+
 	 	if (substr($class, 0, 5) === 'Wave_') {
 			$filename = substr($class, 5);
 			$search_paths[] = WAVE_CORE_PATH . strtr($filename, '_', DS).'.php';
@@ -33,23 +33,29 @@ static public function autoload($class){
            $path = Wave_Config::get('wave')->path->third_party . 'twig' . DS . 'lib' . DS;
            $path .= str_replace('_', '/', $class).'.php';
            $search_paths[] = $path;
+        } else if (0 === strpos($class, 'Event_')) {
+           $path = Wave_Config::get('wave')->path->events;
+           $path .= substr(str_replace('_', DS, $class), 6).'.php';
+           $search_paths[] = $path;
         } else {
 			$search_paths[] = Wave_Config::get('wave')->path->models . strtr($class, '_', DS) . '.php';
 			$search_paths[] = Wave_Config::get('wave')->path->libraries . strtr($class, '_', DS) . '.php';
 		}
 
 		foreach ($search_paths as $search_path){
 			if(file_exists($search_path) && include_once($search_path)){
-				//debug()->addUsedFile($search_path, __FUNCTION__);
+				Wave_Debug::getInstance()->addUsedFile($search_path, __FUNCTION__);
 				return;
 			}
 		}
 
 		//if still not found, try with alias for model
-		if(Wave_DB::get() !== null){
-			$alias_class = Wave_DB::get()->getNamespace().Wave_DB::NS_SEPARATOR.$class;
+		if(Wave_DB::getDefaultNamespace() !== null){
+			$alias_class = Wave_DB::getDefaultNamespace().Wave_DB::NS_SEPARATOR.$class;
+
 			$filename = Wave_Config::get('wave')->path->models . strtr($alias_class, '_', DS) . '.php';
 			if(file_exists($filename) && include_once($filename)){
+				Wave_Debug::getInstance()->addUsedFile($filename, __FUNCTION__);
 				class_alias($alias_class, $class);			
 			}
 		}

Controller.php

@@ -4,13 +4,14 @@
 class Wave_Controller { 
 
 
-	protected static $_response_method;
+	protected $_response_method;
 
 	protected $_data;
 	protected $_action;
 
 	protected $_is_post = false;
 	protected $_is_get = false;
+	protected $_check_csrf = false;
 	//protected $_response_method;
 
 	public static final function invoke($action, $data, $router = null){
@@ -21,7 +22,7 @@ public static final function invoke($action, $data, $router = null){
 			$invoke[1] = Wave_Config::get('wave')->controller->default_method;
 
 		if(class_exists($invoke[0], true)){
-						
+
 			$controller = new $invoke[0]();		
 
 			if($router instanceof Wave_Router){
@@ -33,27 +34,28 @@ public static final function invoke($action, $data, $router = null){
 				else if($router->request_method == Wave_Method::POST){
 					$data = array_merge($_POST, $data);
 					$controller->_is_post = true;
+					$controller->_check_csrf = Wave_Config::get('deploy')->auth->csrf->enabled;
 				}
 				else if($router->request_method == Wave_Method::CLI){
 					$data = array_merge($_SERVER['argv'], $data);
 				}
 
 				$controller->_request_uri = $router->request_uri;
 
-				self::$_response_method = $router->response_method;			
+				$controller->_response_method = $router->response_method;			
+
 			}
-					
+
 			$controller->_data = $data;
 			$controller->_action = $action;
 			unset($data, $router);
 
-			if(self::$_response_method == null)
-				self::$_response_method = Wave_Config::get('wave')->controller->default_response;
+			if($controller->_response_method == null)
+				$controller->_response_method = Wave_Config::get('wave')->controller->default_response;
 
 			if(method_exists($controller, $invoke[1])){
 				$controller->init();
-				$controller->{$invoke[1]}();
-				return true;
+				return $controller->{$invoke[1]}();
 			}
 			else 
 				throw new Wave_Exception('Could not invoke action '.$action.'. Method '.$invoke[0].'::'.$invoke[1].'() does not exist');
@@ -80,7 +82,9 @@ protected function inputValid($schema, $data = null) {
         $schema_name = strtr($schema, '_', DS);
         $schema_file = sprintf(Wave_Config::get('wave')->schemas->file_format, $schema_name);
         $schema_path = Wave_Config::get('wave')->path->schemas . $schema_file;
-
+
+		if(!$this->confirmCSRFToken($data)) return false;
+
         $v = new Wave_Validator($data, $schema_path);
         $r = $v->validate();
         $this->_sanitized = $v->getSanitizedData();
@@ -89,13 +93,27 @@ protected function inputValid($schema, $data = null) {
 		unset($v);
 		return $r == Wave_Validator::RESULT_VALID;
     }
+
+    public function confirmCSRFToken($data = null){
+    	if($data == null)
+    		$data = $this->_data;
+
+    	if($this->_check_csrf && isset($this->_identity) && $this->_identity instanceof Wave_IAuthable){
+			$field_name = Wave_Config::get('deploy')->auth->csrf->form_name;
+			if(!isset($this->_data[$field_name]) || !$this->_identity->confirmCSRFKey($this->_data[$field_name])){
+				$this->_input_errors = array($field_name => array('reason' => Wave_Validator::ERROR_INVALID));
+				return false;
+			}
+		}
+		return true;
+    }
 
-	public static function _setResponseMethod($method){
-		self::$_response_method = $method;
+	public function _setResponseMethod($method){
+		$this->_response_method = $method;
 	}
 
-	public static function _getResponseMethod(){
-		return self::$_response_method;
+	public function _getResponseMethod(){
+		return $this->_response_method;
 	}
 
 
@@ -122,16 +140,9 @@ protected function _buildPayload($status, $message = '', $payload = null){
 	}
 
 	protected function _buildDataSet(){
-		$response = array(
-			'assets' => Wave_Config::get('deploy')->assets,
-			'_request_uri' => isset($this->_request_uri) ? $this->_request_uri : $_SERVER['REQUEST_URI'],
-			'_identity' => $this->_identity,
-			'input' => isset($this->_sanitized) ? $this->_sanitized : $this->_data,
-			'errors' => isset($this->_input_errors) ? $this->_input_errors : array()
-		);
-
+		$this->_setTemplatingGlobals();
 		$properties = $this->_getResponseProperties();
-		return array_merge($properties, $response);
+		return array_merge($properties);
 	}
 
 	protected function _getResponseProperties(){
@@ -143,7 +154,13 @@ protected function _getResponseProperties(){
         }
         return $arr;
 	}
-
+
+	protected function _setTemplatingGlobals(){
+		Wave_View::registerGlobal('input', isset($this->_sanitized) ? $this->_sanitized : $this->_data);
+		Wave_View::registerGlobal('errors', isset($this->_input_errors) ? $this->_input_errors : array());
+		Wave_View::registerGlobal('_identity', $this->_identity);
+		Wave_View::registerGlobal('_request_uri', isset($this->_request_uri) ? $this->_request_uri : $_SERVER['REQUEST_URI']);
+	}
 
 	final protected function respond(){
 		return $this->_invoke('respond');
@@ -154,19 +171,19 @@ final protected function request(){
 	}
 
 	final private function _invoke($type){
-		$response_method = $type.strtoupper(self::$_response_method);
-		if(method_exists($this, $response_method))
+		$response_method = $type.strtoupper($this->_response_method);
+		if(method_exists($this, $response_method) && $response_method !== $type)
 			return $this->{$response_method}();
 		else
 			throw new Wave_Exception(
 				'The action "'.$this->_action.'" tried to respond with "'.
-				self::$_response_method.'" but the method does not exist'
+				$this->_response_method.'" but the method does not exist'
 			);
 	}
 
 	protected function respondHTML(){
 		if(!isset($this->_template))
-			throw new Wave_Exception('Template not set for '.self::$_response_method.' in action '.$this->_action);
+			throw new Wave_Exception('Template not set for '.$this->_response_method.' in action '.$this->_action);
 
 		header('Content-type: text/html; charset=utf-8');
 		echo Wave_View::getInstance()->render($this->_template, $this->_buildDataSet());
@@ -223,6 +240,16 @@ protected function requestXML(){
 		if(!isset($this->_message)) $this->_message = Wave_Response::getMessageForCode($this->_status);
 		return $this->respondXML();
 	}
+
+	protected function respondInternal(){
+    	if(isset($this->_input_errors)){
+	    	$this->validation = $this->_input_errors;
+    	}
+    	return $this->_getResponseProperties();
+	}
+	protected function requestInternal(){
+    	return $this->respondInternal();
+	}
 
 }
 

Core.php

@@ -3,11 +3,12 @@
 
 class Wave_Core {
 
-	const MODE_DEVELOPMENT = 1;
-	const MODE_PRODUCTION = 2;
-
-	static $_MODE = self::MODE_PRODUCTION; 
+	const MODE_TEST			= 'test';
+	const MODE_DEVELOPMENT 	= 'development';
+	const MODE_PRODUCTION 	= 'production';
 
+	static $_MODE = self::MODE_PRODUCTION;
+
 	public static function bootstrap($mode = null){
 
 		if($mode == null)