2014-08-30 18:11:32 +02:00
|
|
|
<?php
|
|
|
|
namespace Szurubooru\Services;
|
|
|
|
|
2014-09-04 19:21:18 +02:00
|
|
|
class AuthService
|
2014-08-30 18:11:32 +02:00
|
|
|
{
|
|
|
|
private $loggedInUser = null;
|
|
|
|
private $loginToken = null;
|
|
|
|
|
2014-09-02 09:09:07 +02:00
|
|
|
private $validator;
|
2014-09-04 19:57:06 +02:00
|
|
|
private $config;
|
2014-08-30 18:11:32 +02:00
|
|
|
private $passwordService;
|
2014-08-31 17:42:48 +02:00
|
|
|
private $timeService;
|
2014-08-30 18:11:32 +02:00
|
|
|
private $userDao;
|
|
|
|
private $tokenDao;
|
|
|
|
|
|
|
|
public function __construct(
|
2014-09-02 09:09:07 +02:00
|
|
|
\Szurubooru\Validator $validator,
|
2014-09-04 19:57:06 +02:00
|
|
|
\Szurubooru\Config $config,
|
2014-08-30 18:11:32 +02:00
|
|
|
\Szurubooru\Services\PasswordService $passwordService,
|
2014-08-31 17:42:48 +02:00
|
|
|
\Szurubooru\Services\TimeService $timeService,
|
2014-08-30 18:11:32 +02:00
|
|
|
\Szurubooru\Dao\TokenDao $tokenDao,
|
|
|
|
\Szurubooru\Dao\UserDao $userDao)
|
|
|
|
{
|
2014-08-31 17:42:48 +02:00
|
|
|
$this->loggedInUser = $this->getAnonymousUser();
|
2014-09-02 09:09:07 +02:00
|
|
|
|
|
|
|
$this->validator = $validator;
|
2014-09-04 19:57:06 +02:00
|
|
|
$this->config = $config;
|
2014-08-30 18:11:32 +02:00
|
|
|
$this->passwordService = $passwordService;
|
2014-08-31 17:42:48 +02:00
|
|
|
$this->timeService = $timeService;
|
|
|
|
$this->tokenDao = $tokenDao;
|
|
|
|
$this->userDao = $userDao;
|
2014-08-30 18:11:32 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
public function isLoggedIn()
|
|
|
|
{
|
|
|
|
return $this->loginToken !== null;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function getLoggedInUser()
|
|
|
|
{
|
|
|
|
return $this->loggedInUser;
|
|
|
|
}
|
|
|
|
|
|
|
|
public function getLoginToken()
|
|
|
|
{
|
2014-08-31 13:16:29 +02:00
|
|
|
return $this->loginToken;
|
2014-08-30 18:11:32 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
public function loginFromCredentials($userName, $password)
|
|
|
|
{
|
2014-09-02 09:09:07 +02:00
|
|
|
$this->validator->validateUserName($userName);
|
|
|
|
$this->validator->validatePassword($password);
|
|
|
|
|
2014-08-30 18:11:32 +02:00
|
|
|
$user = $this->userDao->getByName($userName);
|
|
|
|
if (!$user)
|
|
|
|
throw new \InvalidArgumentException('User not found.');
|
|
|
|
|
|
|
|
$passwordHash = $this->passwordService->getHash($password);
|
|
|
|
if ($user->passwordHash != $passwordHash)
|
|
|
|
throw new \InvalidArgumentException('Specified password is invalid.');
|
|
|
|
|
|
|
|
$this->loginToken = $this->createAndSaveLoginToken($user);
|
2014-08-31 17:42:48 +02:00
|
|
|
$this->loggedInUser = $user;
|
|
|
|
$this->updateLoginTime($user);
|
2014-08-30 18:11:32 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
public function loginFromToken($loginTokenName)
|
|
|
|
{
|
2014-09-02 09:09:07 +02:00
|
|
|
$this->validator->validateToken($loginTokenName);
|
|
|
|
|
2014-08-30 18:11:32 +02:00
|
|
|
$loginToken = $this->tokenDao->getByName($loginTokenName);
|
|
|
|
if (!$loginToken)
|
2014-08-30 23:17:54 +02:00
|
|
|
throw new \Exception('Invalid login token.');
|
2014-08-30 18:11:32 +02:00
|
|
|
|
|
|
|
$this->loginToken = $loginToken;
|
|
|
|
$this->loggedInUser = $this->userDao->getById($loginToken->additionalData);
|
2014-08-31 17:42:48 +02:00
|
|
|
$this->updateLoginTime($this->loggedInUser);
|
|
|
|
|
2014-08-30 18:11:32 +02:00
|
|
|
if (!$this->loggedInUser)
|
|
|
|
{
|
|
|
|
$this->logout();
|
|
|
|
throw new \RuntimeException('Token is correct, but user is not. Have you deleted your account?');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-08-31 17:42:48 +02:00
|
|
|
public function getAnonymousUser()
|
|
|
|
{
|
|
|
|
$user = new \Szurubooru\Entities\User();
|
|
|
|
$user->name = 'Anonymous user';
|
|
|
|
$user->accessRank = \Szurubooru\Entities\User::ACCESS_RANK_ANONYMOUS;
|
|
|
|
return $user;
|
|
|
|
}
|
|
|
|
|
2014-08-31 13:16:29 +02:00
|
|
|
public function loginAnonymous()
|
|
|
|
{
|
|
|
|
$this->loginToken = null;
|
2014-08-31 17:42:48 +02:00
|
|
|
$this->loggedInUser = $this->getAnonymousUser();
|
2014-08-31 13:16:29 +02:00
|
|
|
}
|
|
|
|
|
2014-08-30 18:11:32 +02:00
|
|
|
public function logout()
|
|
|
|
{
|
|
|
|
if (!$this->isLoggedIn())
|
|
|
|
throw new \Exception('Not logged in.');
|
|
|
|
|
|
|
|
$this->tokenDao->deleteByName($this->loginToken);
|
|
|
|
$this->loginToken = null;
|
|
|
|
}
|
|
|
|
|
2014-09-04 19:57:06 +02:00
|
|
|
public function getCurrentPrivileges()
|
|
|
|
{
|
|
|
|
switch ($this->getLoggedInUser()->accessRank)
|
|
|
|
{
|
|
|
|
case \Szurubooru\Entities\User::ACCESS_RANK_ANONYMOUS: $keyName = 'anonymous'; break;
|
|
|
|
case \Szurubooru\Entities\User::ACCESS_RANK_REGULAR_USER: $keyName = 'regularUser'; break;
|
|
|
|
case \Szurubooru\Entities\User::ACCESS_RANK_POWER_USER: $keyName = 'powerUser'; break;
|
|
|
|
case \Szurubooru\Entities\User::ACCESS_RANK_MODERATOR: $keyName = 'moderator'; break;
|
|
|
|
case \Szurubooru\Entities\User::ACCESS_RANK_ADMINISTRATOR: $keyName = 'administrator'; break;
|
|
|
|
default:
|
|
|
|
throw new \DomainException('Invalid access rank!');
|
|
|
|
}
|
|
|
|
return array_filter(preg_split('/[;,\s]+/', $this->config->security->privileges[$keyName]));
|
|
|
|
}
|
|
|
|
|
|
|
|
public function assertPrivilege($privilege)
|
|
|
|
{
|
|
|
|
if (!in_array($privilege, $this->getCurrentPrivileges()))
|
|
|
|
throw new \DomainException('Unprivileged operation');
|
|
|
|
}
|
|
|
|
|
2014-08-30 18:11:32 +02:00
|
|
|
private function createAndSaveLoginToken(\Szurubooru\Entities\User $user)
|
|
|
|
{
|
|
|
|
$loginToken = new \Szurubooru\Entities\Token();
|
|
|
|
$loginToken->name = hash('sha256', $user->name . '/' . microtime(true));
|
|
|
|
$loginToken->additionalData = $user->id;
|
|
|
|
$loginToken->purpose = \Szurubooru\Entities\Token::PURPOSE_LOGIN;
|
|
|
|
$this->tokenDao->save($loginToken);
|
|
|
|
return $loginToken;
|
|
|
|
}
|
2014-08-31 17:42:48 +02:00
|
|
|
|
|
|
|
private function updateLoginTime($user)
|
|
|
|
{
|
|
|
|
$user->lastLoginTime = $this->timeService->getCurrentTime();
|
|
|
|
$this->userDao->save($user);
|
|
|
|
}
|
2014-08-30 18:11:32 +02:00
|
|
|
}
|