2014-08-30 18:11:32 +02:00
|
|
|
<?php
|
|
|
|
|
namespace Szurubooru\Services;
|
|
|
|
|
|
|
|
|
|
final class AuthService
|
|
|
|
|
{
|
|
|
|
|
private $loggedInUser = null;
|
|
|
|
|
private $loginToken = null;
|
|
|
|
|
|
|
|
|
|
private $passwordService;
|
|
|
|
|
private $userDao;
|
|
|
|
|
private $tokenDao;
|
|
|
|
|
|
|
|
|
|
public function __construct(
|
|
|
|
|
\Szurubooru\Services\PasswordService $passwordService,
|
|
|
|
|
\Szurubooru\Dao\TokenDao $tokenDao,
|
|
|
|
|
\Szurubooru\Dao\UserDao $userDao)
|
|
|
|
|
{
|
|
|
|
|
$this->loggedInUser = new \Szurubooru\Entities\User();
|
|
|
|
|
$this->loggedInUser->name = 'Anonymous';
|
|
|
|
|
$this->userDao = $userDao;
|
|
|
|
|
$this->tokenDao = $tokenDao;
|
|
|
|
|
$this->passwordService = $passwordService;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function isLoggedIn()
|
|
|
|
|
{
|
|
|
|
|
return $this->loginToken !== null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getLoggedInUser()
|
|
|
|
|
{
|
|
|
|
|
return $this->loggedInUser;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function getLoginToken()
|
|
|
|
|
{
|
2014-08-31 13:16:29 +02:00
|
|
|
return $this->loginToken;
|
2014-08-30 18:11:32 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function loginFromCredentials($userName, $password)
|
|
|
|
|
{
|
|
|
|
|
$user = $this->userDao->getByName($userName);
|
|
|
|
|
if (!$user)
|
|
|
|
|
throw new \InvalidArgumentException('User not found.');
|
|
|
|
|
|
|
|
|
|
$passwordHash = $this->passwordService->getHash($password);
|
|
|
|
|
if ($user->passwordHash != $passwordHash)
|
|
|
|
|
throw new \InvalidArgumentException('Specified password is invalid.');
|
|
|
|
|
|
|
|
|
|
$this->loggedInUser = $user;
|
|
|
|
|
$this->loginToken = $this->createAndSaveLoginToken($user);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public function loginFromToken($loginTokenName)
|
|
|
|
|
{
|
|
|
|
|
$loginToken = $this->tokenDao->getByName($loginTokenName);
|
|
|
|
|
if (!$loginToken)
|
2014-08-30 23:17:54 +02:00
|
|
|
throw new \Exception('Invalid login token.');
|
2014-08-30 18:11:32 +02:00
|
|
|
|
|
|
|
|
$this->loginToken = $loginToken;
|
|
|
|
|
$this->loggedInUser = $this->userDao->getById($loginToken->additionalData);
|
|
|
|
|
if (!$this->loggedInUser)
|
|
|
|
|
{
|
|
|
|
|
$this->logout();
|
|
|
|
|
throw new \RuntimeException('Token is correct, but user is not. Have you deleted your account?');
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2014-08-31 13:16:29 +02:00
|
|
|
public function loginAnonymous()
|
|
|
|
|
{
|
|
|
|
|
$this->loginToken = null;
|
|
|
|
|
$this->loggedInUser = $this->userService->getAnonymousUser();
|
|
|
|
|
}
|
|
|
|
|
|
2014-08-30 18:11:32 +02:00
|
|
|
public function logout()
|
|
|
|
|
{
|
|
|
|
|
if (!$this->isLoggedIn())
|
|
|
|
|
throw new \Exception('Not logged in.');
|
|
|
|
|
|
|
|
|
|
$this->tokenDao->deleteByName($this->loginToken);
|
|
|
|
|
$this->loginToken = null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
private function createAndSaveLoginToken(\Szurubooru\Entities\User $user)
|
|
|
|
|
{
|
|
|
|
|
$loginToken = new \Szurubooru\Entities\Token();
|
|
|
|
|
$loginToken->name = hash('sha256', $user->name . '/' . microtime(true));
|
|
|
|
|
$loginToken->additionalData = $user->id;
|
|
|
|
|
$loginToken->purpose = \Szurubooru\Entities\Token::PURPOSE_LOGIN;
|
|
|
|
|
$this->tokenDao->save($loginToken);
|
|
|
|
|
return $loginToken;
|
|
|
|
|
}
|
|
|
|
|
}
|
