mirror of
https://github.com/elyby/accounts.git
synced 2025-04-09 20:49:11 +05:30
200 lines
6.4 KiB
PHP
200 lines
6.4 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
|
|
namespace api\controllers;
|
|
|
|
use api\models\authentication\ForgotPasswordForm;
|
|
use api\models\authentication\LoginForm;
|
|
use api\models\authentication\RecoverPasswordForm;
|
|
use api\models\authentication\RefreshTokenForm;
|
|
use common\components\Authentication\Entities\Credentials;
|
|
use common\components\Authentication\Exceptions;
|
|
use common\components\Authentication\Exceptions\AuthenticationException;
|
|
use common\components\Authentication\LoginServiceInterface;
|
|
use common\helpers\Error as E;
|
|
use common\helpers\StringHelper;
|
|
use DateTimeImmutable;
|
|
use Yii;
|
|
use yii\base\Module;
|
|
use yii\filters\AccessControl;
|
|
use yii\helpers\ArrayHelper;
|
|
use yii\web\Request;
|
|
|
|
final class AuthenticationController extends Controller {
|
|
|
|
public function __construct(
|
|
string $id,
|
|
Module $module,
|
|
private readonly LoginServiceInterface $loginService,
|
|
array $config = [],
|
|
) {
|
|
parent::__construct($id, $module, $config);
|
|
}
|
|
|
|
public function behaviors(): array {
|
|
return ArrayHelper::merge(parent::behaviors(), [
|
|
'authenticator' => [
|
|
'only' => ['logout'],
|
|
],
|
|
'access' => [
|
|
'class' => AccessControl::class,
|
|
'except' => ['refresh-token'],
|
|
'rules' => [
|
|
[
|
|
'actions' => ['login', 'forgot-password', 'recover-password'],
|
|
'allow' => true,
|
|
'roles' => ['?'],
|
|
],
|
|
[
|
|
'actions' => ['logout'],
|
|
'allow' => true,
|
|
'roles' => ['@'],
|
|
],
|
|
],
|
|
],
|
|
]);
|
|
}
|
|
|
|
public function verbs(): array {
|
|
return [
|
|
'login' => ['POST'],
|
|
'logout' => ['POST'],
|
|
'forgot-password' => ['POST'],
|
|
'recover-password' => ['POST'],
|
|
'refresh-token' => ['POST'],
|
|
];
|
|
}
|
|
|
|
public function actionLogin(Request $request): array {
|
|
$form = new LoginForm();
|
|
$form->load($request->post());
|
|
if (!$form->validate()) {
|
|
return [
|
|
'success' => false,
|
|
'errors' => $form->getFirstErrors(),
|
|
];
|
|
}
|
|
|
|
try {
|
|
$loginResult = $this->loginService->loginByCredentials(new Credentials(
|
|
login: (string)$form->login,
|
|
password: (string)$form->password,
|
|
totp: (string)$form->totp,
|
|
rememberMe: (bool)$form->rememberMe,
|
|
));
|
|
} catch (AuthenticationException $e) {
|
|
$data = [
|
|
'success' => false,
|
|
'errors' => match ($e::class) {
|
|
Exceptions\UnknownLoginException::class => ['login' => E::LOGIN_NOT_EXIST],
|
|
Exceptions\InvalidPasswordException::class => ['password' => E::PASSWORD_INCORRECT],
|
|
Exceptions\TotpRequiredException::class => ['totp' => E::TOTP_REQUIRED],
|
|
Exceptions\InvalidTotpException::class => ['totp' => E::TOTP_INCORRECT],
|
|
Exceptions\AccountBannedException::class => ['login' => E::ACCOUNT_BANNED],
|
|
Exceptions\AccountNotActivatedException::class => ['login' => E::ACCOUNT_NOT_ACTIVATED],
|
|
default => $e->getMessage(),
|
|
},
|
|
];
|
|
|
|
if ($e instanceof Exceptions\AccountNotActivatedException) {
|
|
$data['data']['email'] = $e->account->email;
|
|
}
|
|
|
|
return $data;
|
|
}
|
|
|
|
$token = Yii::$app->tokensFactory->createForWebAccount($loginResult->account, $loginResult->session);
|
|
$data = [
|
|
'success' => true,
|
|
'access_token' => $token->toString(),
|
|
'expires_in' => $token->claims()->get('exp')->getTimestamp() - (new DateTimeImmutable())->getTimestamp(),
|
|
];
|
|
|
|
if ($loginResult->session) {
|
|
$data['refresh_token'] = $loginResult->session->refresh_token;
|
|
}
|
|
|
|
return $data;
|
|
}
|
|
|
|
public function actionLogout(): array {
|
|
$session = Yii::$app->user->getActiveSession();
|
|
if ($session) {
|
|
$this->loginService->logout($session);
|
|
}
|
|
|
|
return [
|
|
'success' => true,
|
|
];
|
|
}
|
|
|
|
public function actionForgotPassword(): array {
|
|
$model = new ForgotPasswordForm();
|
|
$model->load(Yii::$app->request->post());
|
|
if ($model->forgotPassword() === false) {
|
|
$data = [
|
|
'success' => false,
|
|
'errors' => $model->getFirstErrors(),
|
|
];
|
|
|
|
if (ArrayHelper::getValue($data['errors'], 'login') === E::RECENTLY_SENT_MESSAGE) {
|
|
/** @var \common\models\confirmations\ForgotPassword $emailActivation */
|
|
$emailActivation = $model->getEmailActivation();
|
|
$data['data'] = [
|
|
'canRepeatIn' => $emailActivation->canResendAt()->getTimestamp(),
|
|
];
|
|
}
|
|
|
|
return $data;
|
|
}
|
|
|
|
$emailActivation = $model->getEmailActivation();
|
|
$response = [
|
|
'success' => true,
|
|
'data' => [
|
|
'canRepeatIn' => $emailActivation->canResendAt()->getTimestamp(),
|
|
],
|
|
];
|
|
|
|
if (!str_contains((string)$model->login, '@')) {
|
|
$response['data']['emailMask'] = StringHelper::getEmailMask($model->getAccount()->email);
|
|
}
|
|
|
|
return $response;
|
|
}
|
|
|
|
public function actionRecoverPassword(): array {
|
|
$model = new RecoverPasswordForm();
|
|
$model->load(Yii::$app->request->post());
|
|
if (($result = $model->recoverPassword()) === null) {
|
|
return [
|
|
'success' => false,
|
|
'errors' => $model->getFirstErrors(),
|
|
];
|
|
}
|
|
|
|
return array_merge([
|
|
'success' => true,
|
|
], $result->formatAsOAuth2Response());
|
|
}
|
|
|
|
public function actionRefreshToken(): array {
|
|
$model = new RefreshTokenForm();
|
|
$model->load(Yii::$app->request->post());
|
|
if (($result = $model->renew()) === null) {
|
|
return [
|
|
'success' => false,
|
|
'errors' => $model->getFirstErrors(),
|
|
];
|
|
}
|
|
|
|
$response = $result->formatAsOAuth2Response();
|
|
unset($response['refresh_token']);
|
|
|
|
return array_merge([
|
|
'success' => true,
|
|
], $response);
|
|
}
|
|
|
|
}
|