mirror of
https://github.com/elyby/accounts.git
synced 2025-05-31 14:11:46 +05:30
Extract login logics into a separate component. Not quite clean result but enough for upcoming tasks
This commit is contained in:
ErickSkrauch
@@ -6,6 +6,7 @@ namespace api\models\authentication;
|
||||
use DateTimeImmutable;
|
||||
use Lcobucci\JWT\UnencryptedToken;
|
||||
|
||||
// TODO: remove this class
|
||||
final readonly class AuthenticationResult {
|
||||
|
||||
public function __construct(
|
||||
|
||||
@@ -4,14 +4,9 @@ declare(strict_types=1);
|
||||
namespace api\models\authentication;
|
||||
|
||||
use api\models\base\ApiForm;
|
||||
use api\validators\TotpValidator;
|
||||
use common\helpers\Error as E;
|
||||
use common\models\Account;
|
||||
use common\models\AccountSession;
|
||||
use Webmozart\Assert\Assert;
|
||||
use Yii;
|
||||
|
||||
class LoginForm extends ApiForm {
|
||||
final class LoginForm extends ApiForm {
|
||||
|
||||
public mixed $login = null;
|
||||
|
||||
@@ -24,97 +19,10 @@ class LoginForm extends ApiForm {
|
||||
public function rules(): array {
|
||||
return [
|
||||
['login', 'required', 'message' => E::LOGIN_REQUIRED],
|
||||
['login', 'validateLogin'],
|
||||
|
||||
['password', 'required', 'when' => fn(self $model): bool => !$model->hasErrors(), 'message' => E::PASSWORD_REQUIRED],
|
||||
['password', 'validatePassword'],
|
||||
|
||||
['totp', 'required', 'when' => fn(self $model): bool => !$model->hasErrors() && $model->getAccount()->is_otp_enabled, 'message' => E::TOTP_REQUIRED],
|
||||
['totp', 'validateTotp'],
|
||||
|
||||
['login', 'validateActivity'],
|
||||
|
||||
['password', 'required', 'isEmpty' => fn($value) => $value === null, 'message' => E::PASSWORD_REQUIRED],
|
||||
['totp', 'string'],
|
||||
['rememberMe', 'boolean'],
|
||||
];
|
||||
}
|
||||
|
||||
public function validateLogin(string $attribute): void {
|
||||
if (!$this->hasErrors() && $this->getAccount() === null) {
|
||||
$this->addError($attribute, E::LOGIN_NOT_EXIST);
|
||||
}
|
||||
}
|
||||
|
||||
public function validatePassword(string $attribute): void {
|
||||
if (!$this->hasErrors()) {
|
||||
$account = $this->getAccount();
|
||||
if ($account === null || !$account->validatePassword($this->password)) {
|
||||
$this->addError($attribute, E::PASSWORD_INCORRECT);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public function validateTotp(string $attribute): void {
|
||||
if ($this->hasErrors()) {
|
||||
return;
|
||||
}
|
||||
|
||||
/** @var Account $account */
|
||||
$account = $this->getAccount();
|
||||
if (!$account->is_otp_enabled) {
|
||||
return;
|
||||
}
|
||||
|
||||
$validator = new TotpValidator(['account' => $account]);
|
||||
$validator->validateAttribute($this, $attribute);
|
||||
}
|
||||
|
||||
public function validateActivity(string $attribute): void {
|
||||
if (!$this->hasErrors()) {
|
||||
/** @var Account $account */
|
||||
$account = $this->getAccount();
|
||||
if ($account->status === Account::STATUS_BANNED) {
|
||||
$this->addError($attribute, E::ACCOUNT_BANNED);
|
||||
}
|
||||
|
||||
if ($account->status === Account::STATUS_REGISTERED) {
|
||||
$this->addError($attribute, E::ACCOUNT_NOT_ACTIVATED);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/** @noinspection PhpIncompatibleReturnTypeInspection */
|
||||
public function getAccount(): ?Account {
|
||||
return Account::find()->andWhereLogin($this->login)->one();
|
||||
}
|
||||
|
||||
public function login(): ?AuthenticationResult {
|
||||
if (!$this->validate()) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$transaction = Yii::$app->db->beginTransaction();
|
||||
|
||||
/** @var Account $account */
|
||||
$account = $this->getAccount();
|
||||
if ($account->password_hash_strategy !== Account::PASS_HASH_STRATEGY_YII2) {
|
||||
$account->setPassword($this->password);
|
||||
Assert::true($account->save(), 'Unable to upgrade user\'s password');
|
||||
}
|
||||
|
||||
$session = null;
|
||||
if ($this->rememberMe) {
|
||||
$session = new AccountSession();
|
||||
$session->account_id = $account->id;
|
||||
$session->setIp(Yii::$app->request->userIP);
|
||||
$session->generateRefreshToken();
|
||||
Assert::true($session->save(), 'Cannot save account session model');
|
||||
}
|
||||
|
||||
$token = Yii::$app->tokensFactory->createForWebAccount($account, $session);
|
||||
|
||||
$transaction->commit();
|
||||
|
||||
return new AuthenticationResult($token, $session?->refresh_token);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -1,23 +0,0 @@
|
||||
<?php
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace api\models\authentication;
|
||||
|
||||
use api\models\base\ApiForm;
|
||||
use Yii;
|
||||
|
||||
class LogoutForm extends ApiForm {
|
||||
|
||||
public function logout(): bool {
|
||||
$component = Yii::$app->user;
|
||||
$session = $component->getActiveSession();
|
||||
if ($session === null) {
|
||||
return true;
|
||||
}
|
||||
|
||||
$session->delete();
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -5,7 +5,7 @@ namespace api\models\base;
|
||||
|
||||
use yii\base\Model;
|
||||
|
||||
class ApiForm extends Model {
|
||||
abstract class ApiForm extends Model {
|
||||
|
||||
public function formName(): string {
|
||||
return '';
|
||||
|
||||
Reference in New Issue
Block a user