Commit graph

19 commits

Author SHA1 Message Date
Marcin Kurczewski
c33817e4ab Optimized API operations
Every operation updated user last login time, which was inefficient.
Changed it to update only after logins from credentials or cookies.
2014-10-18 18:48:27 +02:00
Marcin Kurczewski
20b3dfc76d Added additional type safety 2014-10-18 18:48:22 +02:00
Marcin Kurczewski
3e1aaebf89 Fixed account activation for first user
Until now, AuthService used to check for empty e-mail in order to tell
whether an account is activated. This was wrong for following scenario:

1. User doesn't enter any e-mail.
2. Because he is about to become the first user to register, he will
   become an administrator.
3. Administrators don't need to confirm their e-mail address. Activation
   e-mail is not sent, code for e-mail activation is run instead.
4. The user succeeds to create an e-mail-less administrator account.
5. The user fails to login due to unconfirmed e-mail.
6. The code that activates an e-mail just moves unconfirmed e-mail to
   primary e-mail. That was the bug, there's no e-mail to confirm.

Things got (hopefully) simpler now, since I added separate column for
indicating whether account is activated.
2014-10-18 18:48:22 +02:00
Marcin Kurczewski
0548890d97 Introduced entity property getters/setters 2014-10-18 18:48:21 +02:00
Marcin Kurczewski
c117367974 Added IValidatable; moved validation to FormData
I still struggle to find out how to deal with arguments like
$userNameOrEmail. Should I trim() them in controllers, or in service?
If I do it in service, shouldn't all of such validation belong in there?
2014-10-18 18:48:19 +02:00
Marcin Kurczewski
45e18a9ba3 Improved PHP style 2014-10-18 18:48:19 +02:00
Marcin Kurczewski
85a026c37b Added e-mail confirmation and password reset 2014-10-18 18:48:19 +02:00
Marcin Kurczewski
121c2f80dc Refactored AuthService and UserService 2014-10-18 18:48:19 +02:00
Marcin Kurczewski
9a7082c269 Added token purpose check to authentication 2014-10-18 18:48:19 +02:00
Marcin Kurczewski
8e8e983f28 Refactored privilege system 2014-10-18 18:48:18 +02:00
Marcin Kurczewski
eadd649ad0 Refactored frontend authentication system 2014-10-18 18:48:18 +02:00
Marcin Kurczewski
7a8badd2ed Fixed logging in users that no longer exist 2014-10-18 18:48:18 +02:00
Marcin Kurczewski
de31770c87 Added basic privilege system 2014-10-18 18:48:18 +02:00
Marcin Kurczewski
2ecb79a2fa Added passive authorization 2014-10-18 18:48:18 +02:00
Marcin Kurczewski
e13db65f68 Paid off technical debt regarding validation 2014-10-18 18:48:17 +02:00
Marcin Kurczewski
03b65c196c Worked on user registration 2014-10-18 18:48:16 +02:00
Marcin Kurczewski
1f6017aae7 Added fallback anonymous user to authorization 2014-10-18 18:48:16 +02:00
Marcin Kurczewski
45e32c4e50 Implemented InputReader 2014-10-18 18:48:16 +02:00
Marcin Kurczewski
db949dd361 Added proof of concept for authorization system 2014-10-18 18:48:15 +02:00