accounts/api/modules/authserver/models/SignoutForm.php
2019-12-13 22:27:13 +03:00

61 lines
1.7 KiB
PHP

<?php
declare(strict_types=1);
namespace api\modules\authserver\models;
use api\models\authentication\LoginForm;
use api\models\base\ApiForm;
use api\modules\authserver\exceptions\ForbiddenOperationException;
use api\modules\authserver\validators\RequiredValidator;
use common\helpers\Error as E;
class SignoutForm extends ApiForm {
/**
* @var string
*/
public $username;
/**
* @var string
*/
public $password;
public function rules(): array {
return [
[['username', 'password'], RequiredValidator::class],
];
}
/**
* @return bool
* @throws ForbiddenOperationException
* @throws \api\modules\authserver\exceptions\IllegalArgumentException
*/
public function signout(): bool {
$this->validate();
$loginForm = new LoginForm();
$loginForm->login = $this->username;
$loginForm->password = $this->password;
if (!$loginForm->validate()) {
$errors = $loginForm->getFirstErrors();
if (isset($errors['login']) && $errors['login'] === E::ACCOUNT_BANNED) {
// We believe that a blocked one can get out painlessly
return true;
}
// The previous authorization server implementation used the nickname field instead of username,
// so we keep such behavior
$attribute = strpos($this->username, '@') === false ? 'nickname' : 'email';
throw new ForbiddenOperationException("Invalid credentials. Invalid {$attribute} or password.");
}
// We're unable to invalidate access tokens because they aren't stored in our database
return true;
}
}