token salt validation

src/Auth/Business/JwtHelper.php

@@ -11,7 +11,6 @@ namespace Luticate\Auth\Business;
 class JwtHelper
 {
     const EXPIRATION_KEY =  "expiration_date";
-    const USER_KEY =        "user_id";
 
     public static function decode($token)
     {
@@ -26,13 +25,7 @@ class JwtHelper
         }
 
         $expiration_date = array_key_exists(self::EXPIRATION_KEY, $data) ? $data[self::EXPIRATION_KEY] : null;
-        if (!is_numeric($expiration_date))
-            return null;
-        $user_id = array_key_exists(self::USER_KEY, $data) ? $data[self::USER_KEY] : null;
-        if (!is_numeric($user_id))
-            return null;
-
-        if ($expiration_date < time())
+        if (!is_numeric($expiration_date) || $expiration_date < time())
             return null;
 
         return $data;

src/Auth/Business/LuticateBusiness.php

@@ -38,8 +38,12 @@ class LuticateBusiness
         if ($token != null && $token != "") {
             $data = JwtHelper::decode($token);
             if ($data != null) {
-                $user_id = $data[JwtHelper::USER_KEY];
-                self::$_currentUser = LuticateUsersBusiness::getById($user_id);
+                $user_id = $data[LuticateUsersBusiness::KEY_USER_ID];
+                $salt = $data[LuticateUsersBusiness::KEY_SALT];
+                $user = LuticateUsersBusiness::getById($user_id);
+                if ($user->getSalt() == $salt) {
+                    self::$_currentUser = $user;
+                }
             }
         }
 

src/Auth/Business/LuticateUsersBusiness.php

@@ -9,6 +9,9 @@ use Luticate\Auth\DBO\LuticateUsersDbo;
 
 class LuticateUsersBusiness extends LuBusiness {
 
+    const KEY_USER_ID =  "user_id";
+    const KEY_SALT =  "salt";
+
     protected static function getDataAccess()
     {
         return new LuticateUsersDataAccess();
@@ -40,9 +43,16 @@ class LuticateUsersBusiness extends LuBusiness {
         return $randomString;
     }
 
+    /**
+     * @param $user LuticateUsersDbo
+     * @return string
+     */
     public static function getToken($user)
     {
-        return JwtHelper::encode(array(JwtHelper::USER_KEY => $user->getId()));
+        return JwtHelper::encode(array(
+            self::KEY_USER_ID => $user->getId(),
+            self::KEY_SALT => $user->getSalt()
+            ));
     }
 
     public static function login($username, $password)
@@ -77,6 +87,6 @@ class LuticateUsersBusiness extends LuBusiness {
         $user->setUsername($username);
         $user->setSalt(self::getSalt());
 
-        return LuticateUsersDataAccess::add($user);
+        return LuticateUsersDataAccess::addId($user);
     }
 }

src/Auth/DataAccess/LuticateUsersDataAccess.php

@@ -23,13 +23,4 @@ class LuticateUsersDataAccess extends LuDataAccess {
             return null;
         return $user->toDbo();
     }
-
-    /**
-     * @param LuticateUsersDbo $user
-     * @return int
-     */
-    public static function add($user)
-    {
-        return self::addId($user);
-    }
 }