ulysia/szurubooru
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
szurubooru/src/Services/AuthService.php

125 lines
3.2 KiB
PHP
Raw Normal View History

Added proof of concept for authorization system
2014-08-30 18:11:32 +02:00
<?php
namespace Szurubooru\Services;
Added passive authorization
2014-09-04 19:21:18 +02:00
class AuthService
Added proof of concept for authorization system
2014-08-30 18:11:32 +02:00
{
private $loggedInUser = null;
private $loginToken = null;
Paid off technical debt regarding validation
2014-09-02 09:09:07 +02:00
private $validator;
Added proof of concept for authorization system
2014-08-30 18:11:32 +02:00
private $passwordService;
Worked on user registration
2014-08-31 17:42:48 +02:00
private $timeService;
Added proof of concept for authorization system
2014-08-30 18:11:32 +02:00
private $userDao;
private $tokenDao;
public function __construct(
Paid off technical debt regarding validation
2014-09-02 09:09:07 +02:00
\Szurubooru\Validator $validator,
Added proof of concept for authorization system
2014-08-30 18:11:32 +02:00
\Szurubooru\Services\PasswordService $passwordService,
Worked on user registration
2014-08-31 17:42:48 +02:00
\Szurubooru\Services\TimeService $timeService,
Added proof of concept for authorization system
2014-08-30 18:11:32 +02:00
\Szurubooru\Dao\TokenDao $tokenDao,
\Szurubooru\Dao\UserDao $userDao)
{
Worked on user registration
2014-08-31 17:42:48 +02:00
$this->loggedInUser = $this->getAnonymousUser();
Paid off technical debt regarding validation
2014-09-02 09:09:07 +02:00
$this->validator = $validator;
Added proof of concept for authorization system
2014-08-30 18:11:32 +02:00
$this->passwordService = $passwordService;
Worked on user registration
2014-08-31 17:42:48 +02:00
$this->timeService = $timeService;
$this->tokenDao = $tokenDao;
$this->userDao = $userDao;
Added proof of concept for authorization system
2014-08-30 18:11:32 +02:00
}
public function isLoggedIn()
{
return $this->loginToken !== null;
}
public function getLoggedInUser()
{
return $this->loggedInUser;
}
public function getLoginToken()
{
Added fallback anonymous user to authorization
2014-08-31 13:16:29 +02:00
return $this->loginToken;
Added proof of concept for authorization system
2014-08-30 18:11:32 +02:00
}
public function loginFromCredentials($userName, $password)
{
Paid off technical debt regarding validation
2014-09-02 09:09:07 +02:00
$this->validator->validateUserName($userName);
$this->validator->validatePassword($password);
Added proof of concept for authorization system
2014-08-30 18:11:32 +02:00
$user = $this->userDao->getByName($userName);
if (!$user)
throw new \InvalidArgumentException('User not found.');
$passwordHash = $this->passwordService->getHash($password);
if ($user->passwordHash != $passwordHash)
throw new \InvalidArgumentException('Specified password is invalid.');
$this->loginToken = $this->createAndSaveLoginToken($user);
Worked on user registration
2014-08-31 17:42:48 +02:00
$this->loggedInUser = $user;
$this->updateLoginTime($user);
Added proof of concept for authorization system
2014-08-30 18:11:32 +02:00
}
public function loginFromToken($loginTokenName)
{
Paid off technical debt regarding validation
2014-09-02 09:09:07 +02:00
$this->validator->validateToken($loginTokenName);
Added proof of concept for authorization system
2014-08-30 18:11:32 +02:00
$loginToken = $this->tokenDao->getByName($loginTokenName);
if (!$loginToken)
Implemented InputReader
2014-08-30 23:17:54 +02:00
throw new \Exception('Invalid login token.');
Added proof of concept for authorization system
2014-08-30 18:11:32 +02:00
$this->loginToken = $loginToken;
$this->loggedInUser = $this->userDao->getById($loginToken->additionalData);
Fixed logging in users that no longer exist
2014-09-05 09:37:53 +02:00
if (!$this->loggedInUser)
throw new \Exception('User was deleted.');
Worked on user registration
2014-08-31 17:42:48 +02:00
$this->updateLoginTime($this->loggedInUser);
Added proof of concept for authorization system
2014-08-30 18:11:32 +02:00
if (!$this->loggedInUser)
{
$this->logout();
throw new \RuntimeException('Token is correct, but user is not. Have you deleted your account?');
}
}
Worked on user registration
2014-08-31 17:42:48 +02:00
public function getAnonymousUser()
{
$user = new \Szurubooru\Entities\User();
$user->name = 'Anonymous user';
$user->accessRank = \Szurubooru\Entities\User::ACCESS_RANK_ANONYMOUS;
return $user;
}
Added fallback anonymous user to authorization
2014-08-31 13:16:29 +02:00
public function loginAnonymous()
{
$this->loginToken = null;
Worked on user registration
2014-08-31 17:42:48 +02:00
$this->loggedInUser = $this->getAnonymousUser();
Added fallback anonymous user to authorization
2014-08-31 13:16:29 +02:00
}
Added proof of concept for authorization system
2014-08-30 18:11:32 +02:00
public function logout()
{
if (!$this->isLoggedIn())
throw new \Exception('Not logged in.');
$this->tokenDao->deleteByName($this->loginToken);
$this->loginToken = null;
}
private function createAndSaveLoginToken(\Szurubooru\Entities\User $user)
{
$loginToken = new \Szurubooru\Entities\Token();
$loginToken->name = hash('sha256', $user->name . '/' . microtime(true));
$loginToken->additionalData = $user->id;
$loginToken->purpose = \Szurubooru\Entities\Token::PURPOSE_LOGIN;
Fixed logging in users that no longer exist
2014-09-05 09:37:53 +02:00
$this->tokenDao->deleteByAdditionalData($loginToken->additionalData);
Added proof of concept for authorization system
2014-08-30 18:11:32 +02:00
$this->tokenDao->save($loginToken);
return $loginToken;
}
Worked on user registration
2014-08-31 17:42:48 +02:00
private function updateLoginTime($user)
{
$user->lastLoginTime = $this->timeService->getCurrentTime();
$this->userDao->save($user);
}
Added proof of concept for authorization system
2014-08-30 18:11:32 +02:00
}
Reference in a new issue Copy permalink