szurubooru/src/Services/AuthService.php

<?php
namespace Szurubooru\Services;

class AuthService
{
	private $loggedInUser = null;
	private $loginToken = null;

	private $config;
	private $passwordService;
	private $timeService;
	private $userService;
	private $tokenService;

	public function __construct(
		\Szurubooru\Config $config,
		\Szurubooru\Services\PasswordService $passwordService,
		\Szurubooru\Services\TimeService $timeService,
		\Szurubooru\Services\TokenService $tokenService,
		\Szurubooru\Services\UserService $userService)
	{
		$this->config = $config;
		$this->passwordService = $passwordService;
		$this->timeService = $timeService;
		$this->tokenService = $tokenService;
		$this->userService = $userService;

		$this->loggedInUser = $this->getAnonymousUser();
	}

	public function isLoggedIn()
	{
		return $this->loginToken !== null;
	}

	public function getLoggedInUser()
	{
		return $this->loggedInUser;
	}

	public function getLoginToken()
	{
		return $this->loginToken;
	}

	public function loginFromCredentials($userNameOrEmail, $password)
	{
		$user = $this->userService->getByNameOrEmail($userNameOrEmail);
		$this->validateUser($user);

		$passwordHash = $this->passwordService->getHash($password);
		if ($user->passwordHash != $passwordHash)
			throw new \InvalidArgumentException('Specified password is invalid.');

		$this->loginToken = $this->createAndSaveLoginToken($user);
		$this->loggedInUser = $user;
		$this->userService->updateUserLastLoginTime($user);
	}

	public function loginFromToken($loginTokenName)
	{
		$loginToken = $this->tokenService->getByName($loginTokenName);
		if ($loginToken->purpose != \Szurubooru\Entities\Token::PURPOSE_LOGIN)
			throw new \Exception('This token is not a login token.');

		$user = $this->userService->getById($loginToken->additionalData);
		$this->validateUser($user);

		$this->loginToken = $loginToken;
		$this->loggedInUser = $user;
		$this->userService->updateUserLastLoginTime($this->loggedInUser);
	}

	public function getAnonymousUser()
	{
		$user = new \Szurubooru\Entities\User();
		$user->name = 'Anonymous user';
		$user->accessRank = \Szurubooru\Entities\User::ACCESS_RANK_ANONYMOUS;
		return $user;
	}

	public function loginAnonymous()
	{
		$this->loginToken = null;
		$this->loggedInUser = $this->getAnonymousUser();
	}

	public function logout()
	{
		if (!$this->isLoggedIn())
			throw new \Exception('Not logged in.');

		$this->tokenService->invalidateByName($this->loginToken);
		$this->loginToken = null;
	}

	private function createAndSaveLoginToken(\Szurubooru\Entities\User $user)
	{
		return $this->tokenService->createAndSaveToken($user->id, \Szurubooru\Entities\Token::PURPOSE_LOGIN);
	}

	private function validateUser($user)
	{
		if (!$user->email and $this->config->security->needEmailActivationToRegister)
			throw new \DomainException('User didn\'t confirm mail yet.');
	}
}
Added proof of concept for authorization system 2014-08-30 18:11:32 +02:00			`<?php`
			`namespace Szurubooru\Services;`

Added passive authorization 2014-09-04 19:21:18 +02:00			`class AuthService`
Added proof of concept for authorization system 2014-08-30 18:11:32 +02:00			`{`
			`private $loggedInUser = null;`
			`private $loginToken = null;`

Added e-mail confirmation and password reset 2014-09-08 13:06:32 +02:00			`private $config;`
Added proof of concept for authorization system 2014-08-30 18:11:32 +02:00			`private $passwordService;`
Worked on user registration 2014-08-31 17:42:48 +02:00			`private $timeService;`
Refactored AuthService and UserService 2014-09-08 08:20:31 +02:00			`private $userService;`
			`private $tokenService;`
Added proof of concept for authorization system 2014-08-30 18:11:32 +02:00
			`public function __construct(`
Added e-mail confirmation and password reset 2014-09-08 13:06:32 +02:00			`\Szurubooru\Config $config,`
Added proof of concept for authorization system 2014-08-30 18:11:32 +02:00			`\Szurubooru\Services\PasswordService $passwordService,`
Worked on user registration 2014-08-31 17:42:48 +02:00			`\Szurubooru\Services\TimeService $timeService,`
Refactored AuthService and UserService 2014-09-08 08:20:31 +02:00			`\Szurubooru\Services\TokenService $tokenService,`
			`\Szurubooru\Services\UserService $userService)`
Added proof of concept for authorization system 2014-08-30 18:11:32 +02:00			`{`
Added e-mail confirmation and password reset 2014-09-08 13:06:32 +02:00			`$this->config = $config;`
Added proof of concept for authorization system 2014-08-30 18:11:32 +02:00			`$this->passwordService = $passwordService;`
Worked on user registration 2014-08-31 17:42:48 +02:00			`$this->timeService = $timeService;`
Refactored AuthService and UserService 2014-09-08 08:20:31 +02:00			`$this->tokenService = $tokenService;`
			`$this->userService = $userService;`

			`$this->loggedInUser = $this->getAnonymousUser();`
Added proof of concept for authorization system 2014-08-30 18:11:32 +02:00			`}`

			`public function isLoggedIn()`
			`{`
			`return $this->loginToken !== null;`
			`}`

			`public function getLoggedInUser()`
			`{`
			`return $this->loggedInUser;`
			`}`

			`public function getLoginToken()`
			`{`
Added fallback anonymous user to authorization 2014-08-31 13:16:29 +02:00			`return $this->loginToken;`
Added proof of concept for authorization system 2014-08-30 18:11:32 +02:00			`}`

Added e-mail confirmation and password reset 2014-09-08 13:06:32 +02:00			`public function loginFromCredentials($userNameOrEmail, $password)`
Added proof of concept for authorization system 2014-08-30 18:11:32 +02:00			`{`
Added e-mail confirmation and password reset 2014-09-08 13:06:32 +02:00			`$user = $this->userService->getByNameOrEmail($userNameOrEmail);`
			`$this->validateUser($user);`
Added proof of concept for authorization system 2014-08-30 18:11:32 +02:00
			`$passwordHash = $this->passwordService->getHash($password);`
			`if ($user->passwordHash != $passwordHash)`
			`throw new \InvalidArgumentException('Specified password is invalid.');`

			`$this->loginToken = $this->createAndSaveLoginToken($user);`
Worked on user registration 2014-08-31 17:42:48 +02:00			`$this->loggedInUser = $user;`
Refactored AuthService and UserService 2014-09-08 08:20:31 +02:00			`$this->userService->updateUserLastLoginTime($user);`
Added proof of concept for authorization system 2014-08-30 18:11:32 +02:00			`}`

			`public function loginFromToken($loginTokenName)`
			`{`
Refactored AuthService and UserService 2014-09-08 08:20:31 +02:00			`$loginToken = $this->tokenService->getByName($loginTokenName);`
Added token purpose check to authentication 2014-09-07 18:07:24 +02:00			`if ($loginToken->purpose != \Szurubooru\Entities\Token::PURPOSE_LOGIN)`
			`throw new \Exception('This token is not a login token.');`

Refactored AuthService and UserService 2014-09-08 08:20:31 +02:00			`$user = $this->userService->getById($loginToken->additionalData);`
Added e-mail confirmation and password reset 2014-09-08 13:06:32 +02:00			`$this->validateUser($user);`
Refactored AuthService and UserService 2014-09-08 08:20:31 +02:00
Added proof of concept for authorization system 2014-08-30 18:11:32 +02:00			`$this->loginToken = $loginToken;`
Refactored AuthService and UserService 2014-09-08 08:20:31 +02:00			`$this->loggedInUser = $user;`
			`$this->userService->updateUserLastLoginTime($this->loggedInUser);`
Added proof of concept for authorization system 2014-08-30 18:11:32 +02:00			`}`

Worked on user registration 2014-08-31 17:42:48 +02:00			`public function getAnonymousUser()`
			`{`
			`$user = new \Szurubooru\Entities\User();`
			`$user->name = 'Anonymous user';`
			`$user->accessRank = \Szurubooru\Entities\User::ACCESS_RANK_ANONYMOUS;`
			`return $user;`
			`}`

Added fallback anonymous user to authorization 2014-08-31 13:16:29 +02:00			`public function loginAnonymous()`
			`{`
			`$this->loginToken = null;`
Worked on user registration 2014-08-31 17:42:48 +02:00			`$this->loggedInUser = $this->getAnonymousUser();`
Added fallback anonymous user to authorization 2014-08-31 13:16:29 +02:00			`}`

Added proof of concept for authorization system 2014-08-30 18:11:32 +02:00			`public function logout()`
			`{`
			`if (!$this->isLoggedIn())`
			`throw new \Exception('Not logged in.');`

Added e-mail confirmation and password reset 2014-09-08 13:06:32 +02:00			`$this->tokenService->invalidateByName($this->loginToken);`
Added proof of concept for authorization system 2014-08-30 18:11:32 +02:00			`$this->loginToken = null;`
			`}`

			`private function createAndSaveLoginToken(\Szurubooru\Entities\User $user)`
			`{`
Added e-mail confirmation and password reset 2014-09-08 13:06:32 +02:00			`return $this->tokenService->createAndSaveToken($user->id, \Szurubooru\Entities\Token::PURPOSE_LOGIN);`
			`}`

			`private function validateUser($user)`
			`{`
			`if (!$user->email and $this->config->security->needEmailActivationToRegister)`
			`throw new \DomainException('User didn\'t confirm mail yet.');`
Worked on user registration 2014-08-31 17:42:48 +02:00			`}`
Added proof of concept for authorization system 2014-08-30 18:11:32 +02:00			`}`