begin users

config.example.json

@@ -10,5 +10,9 @@
       "host": "localhost", "port": "5432", "database": "luticate",
       "username": "luticate", "password": "password"
     }
-  ]
+  ],
+  "settings": {
+    "MCRYPT_KEY": "ffffffffffffffffffffffff",
+    "JWT_KEY": "ffffffffffffffffffffffffffffffffffffffff"
+  }
 }

src/Auth/Business/JwtHelper.php

@@ -8,16 +8,21 @@
 
 namespace Luticate\Auth\Business;
 
+use Luticate\Utils\Controller\LuticateApplication;
+
 class JwtHelper
 {
     const EXPIRATION_KEY =  "expiration_date";
+    const SETTING_MCRYPT_KEY = "MCRYPT_KEY";
+    const SETTING_JWT_KEY = "JWT_KEY";
 
     public static function decode($token)
     {
-        $jwt = mcrypt_decrypt(MCRYPT_TRIPLEDES, env("MCRYPT_KEY"), base64_decode($token), "ecb");
+        $app = LuticateApplication::getInstance();
         try
         {
-            $data = (array)\JWT::decode($jwt, env("JWT_KEY"), ['HS256']);
+            $jwt = mcrypt_decrypt(MCRYPT_TRIPLEDES, $app->getSetting(self::SETTING_MCRYPT_KEY), base64_decode($token), "cbc");
+            $data = (array)\JWT::decode($jwt, $app->getSetting(self::SETTING_JWT_KEY), ['HS256']);
         }
         catch (\Exception $e)
         {
@@ -25,18 +30,21 @@ class JwtHelper
         }
 
         $expiration_date = array_key_exists(self::EXPIRATION_KEY, $data) ? $data[self::EXPIRATION_KEY] : null;
-        if (!is_numeric($expiration_date) || $expiration_date < time())
+        if (!is_numeric($expiration_date) || $expiration_date < time()) {
             return null;
+        }
 
         return $data;
     }
 
     public static function encode($data, $session_time)
     {
+        $app = LuticateApplication::getInstance();
         $date = new \DateTime("now", new \DateTimeZone("Europe/Paris"));
         $date->modify("+${session_time} day");
         $data[self::EXPIRATION_KEY] = $date->getTimestamp();
 
-        return base64_encode(mcrypt_encrypt(MCRYPT_TRIPLEDES, env("MCRYPT_KEY"), \JWT::encode($data, env("JWT_KEY")), "ecb"));
+        return base64_encode(mcrypt_encrypt(MCRYPT_TRIPLEDES, $app->getSetting(self::SETTING_MCRYPT_KEY),
+            \JWT::encode($data, $app->getSetting(self::SETTING_JWT_KEY)), "cbc"));
     }
 }

src/Auth/Business/LuPermissionsBusiness.php

@@ -0,0 +1,35 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: robin
+ * Date: 7/2/16
+ * Time: 9:47 PM
+ */
+
+namespace Luticate\Auth\Business;
+
+use Luticate\Auth\DataAccess\LuPermissionsDataAccess;
+use Luticate\Utils\Business\LuBusiness;
+
+class LuPermissionsBusiness extends LuBusiness
+{
+    public static function getDataAccess()
+    {
+        return new LuPermissionsDataAccess();
+    }
+
+    public static function getUserEffectivePermissionById(int $userId, int $permissionId)
+    {
+        return static::getDataAccess()->getUserEffectivePermissionById($userId, $permissionId);
+    }
+
+    public static function getUserEffectivePermissionByName(int $userId, string $permissionName)
+    {
+        return static::getDataAccess()->getUserEffectivePermissionByName($userId, $permissionName);
+    }
+
+    public static function getUserEffectivePermissions(int $userId)
+    {
+        return static::getDataAccess()->getUserEffectivePermissions($userId);
+    }
+}

src/Auth/Business/LuUsersBusiness.php

@@ -0,0 +1,114 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: robin
+ * Date: 7/2/16
+ * Time: 10:15 PM
+ */
+
+namespace Luticate\Auth\Business;
+
+use Illuminate\Database\Query\Builder;
+use Luticate\Auth\DataAccess\LuUserDataAccess;
+use Luticate\Auth\Dbo\LuUsersDbo;
+use Luticate\Auth\Dbo\LuUsersLiteDbo;
+use Luticate\Auth\Dbo\LuUsersLoginDbo;
+use Luticate\Auth\Dbo\LuUsersLoginResultDbo;
+use Luticate\Utils\Business\LuBusiness;
+use Luticate\Utils\Dbo\LuQueryDbo;
+
+class LuUsersBusiness extends LuBusiness
+{
+    const KEY_USER_ID =  "user_id";
+    const KEY_SALT =  "salt";
+    const KEY_DATA =  "data";
+
+    /**
+     * @return LuUserDataAccess
+     */
+    protected static function getDataAccess()
+    {
+        return new LuUserDataAccess();
+    }
+
+    protected static function badPassword()
+    {
+        static::unauthorized("Bad username/password");
+    }
+
+    public static function hashPassword($password)
+    {
+        return password_hash($password, PASSWORD_BCRYPT);
+    }
+
+    public static function verifyPassword($password, $hash)
+    {
+        return password_verify($password, $hash);
+    }
+
+    public static function getSalt($length = 10)
+    {
+        $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
+        $charactersLength = strlen($characters);
+        $randomString = '';
+        for ($i = 0; $i < $length; $i++) {
+            $randomString .= $characters[rand(0, $charactersLength - 1)];
+        }
+        return $randomString;
+    }
+
+    /**
+     * @param $user LuUsersDbo
+     * @param $data mixed
+     * @return string
+     */
+    public static function getToken($user, $data = null)
+    {
+        $session_time = 30;//LuticateSettingsBusiness::getValue("LU_SESSION_DAYS");
+        return JwtHelper::encode(array(
+            self::KEY_USER_ID => $user->getId(),
+            self::KEY_SALT => $user->getSalt(),
+            self::KEY_DATA => $data
+        ), $session_time);
+    }
+
+    public static function login(LuUsersLoginDbo $login)
+    {
+        $user = static::getDataAccess()->getByUsernameOrEmail($login->getUsername());
+        if (is_null($user))
+            self::badPassword();
+        if (!self::verifyPassword($login->getPassword(), $user->getPassword()))
+            self::badPassword();
+
+        /**
+         * @var $result LuUsersLoginResultDbo
+         */
+        $result = $user->castAs(LuUsersLoginResultDbo::class);
+        $result->setToken(self::getToken($user));
+        return $result;
+    }
+
+    public static function logout(LuUsersDbo $user)
+    {
+        if ($user->getId() != 0) {
+            $user->setSalt(self::getSalt());
+            static::getDataAccess()->editSingleById($user);
+        }
+        return true;
+    }
+
+    /**
+     * @param LuQueryDbo $query
+     * @return LuUsersLiteDbo[]
+     */
+    public static function getAllLite(LuQueryDbo $query)
+    {
+        return static::getDataAccess()->getAll($query)->map(function($user)
+        {
+            /**
+             * @var $user LuUsersDbo
+             */
+            return $user->castAs(LuUsersLiteDbo::class);
+        });
+    }
+}

src/Auth/Controller/LuUsersController.php

@@ -0,0 +1,55 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: robin
+ * Date: 7/2/16
+ * Time: 9:45 PM
+ */
+
+namespace Luticate\Auth\Controller;
+
+use Luticate\Auth\Business\LuUsersBusiness;
+use Luticate\Auth\Dbo\LuUsersDbo;
+use Luticate\Auth\Dbo\LuUsersLiteDbo;
+use Luticate\Auth\Dbo\LuUsersLoginDbo;
+use Luticate\Auth\Dbo\LuUsersLoginResultDbo;
+use Luticate\Utils\Controller\LuController;
+use Luticate\Utils\Dbo\LuQueryDbo;
+
+class LuUsersController extends LuController
+{
+    public function getBusiness()
+    {
+        return new LuUsersBusiness();
+    }
+
+    /**
+     * Login the user
+     * @param $login LuUsersLoginDbo The user authentication data
+     * @return LuUsersLoginResultDbo
+     */
+    public function login(LuUsersLoginDbo $login)
+    {
+        return static::getBusiness()->login($login);
+    }
+
+    /**
+     * Logout the logged user
+     * @param $_user LuUsersDbo The logged user
+     * @return bool
+     */
+    public function logout(LuUsersDbo $_user)
+    {
+        return static::getBusiness()->logout($_user);
+    }
+
+    /**
+     * Get all users
+     * @param LuQueryDbo $query The filter query
+     * @return LuUsersLiteDbo[]
+     */
+    public function getAllLite(LuQueryDbo $query)
+    {
+        return static::getBusiness()->getAllLite($query);
+    }
+}

src/Auth/DataAccess/LuUserDataAccess.php

@@ -0,0 +1,51 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: robin
+ * Date: 7/7/16
+ * Time: 4:41 PM
+ */
+
+namespace Luticate\Auth\DataAccess;
+
+
+use Illuminate\Database\Query\Builder;
+use Luticate\Auth\Dbo\LuUsersDbo;
+use Luticate\Utils\DataAccess\LuDataAccess;
+use Luticate\Utils\Dbo\LuQueryDbo;
+
+class LuUserDataAccess extends LuDataAccess
+{
+    protected static $_connection = "luticatedb";
+    protected static $_table = "lu_users";
+    protected static $_dboClass = LuUsersDbo::class;
+
+    /**
+     * @param $username
+     * @return LuUsersDbo|null
+     */
+    public static function getByUsernameOrEmail($username)
+    {
+        return static::getSingle(function($q) use ($username)
+        {
+            /**
+             * @var $q Builder
+             */
+            $q->where("username", "=", $username)->orWhere("email", "=", $username);
+            return $q;
+        });
+    }
+
+    public static function getAll(LuQueryDbo $query)
+    {
+        return static::getMultiplePaginated(function ($q) use($query)
+        {
+            /**
+             * @var $q Builder
+             */
+            $q->whereRaw("sp_match_texts(:_query, username, email, firstname, lastname)");
+            return $q;
+        }, $query->getPage(), $query->getPerPage());
+    }
+
+}

src/Auth/Dbo/LuBuiltInPermissions.php

@@ -0,0 +1,15 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: robin
+ * Date: 7/2/16
+ * Time: 11:18 PM
+ */
+
+namespace Luticate\Auth\Dbo;
+
+
+class LuBuiltInPermissions
+{
+    const USER_LOGIN = "LU_USER_LOGIN";
+}

src/Auth/Dbo/LuUsersDbo.php

@@ -0,0 +1,209 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: robin
+ * Date: 7/7/16
+ * Time: 4:36 PM
+ */
+
+namespace Luticate\Auth\Dbo;
+
+use Luticate\Utils\Dbo\LuDbo;
+
+class LuUsersDbo extends LuDbo
+{
+    /**
+     * @var $_id int
+     */
+    protected $_id;
+
+    /**
+     * @var $_username string
+     */
+    protected $_username;
+
+    /**
+     * @var $_password string
+     * @nullable
+     */
+    protected $_password;
+
+    /**
+     * @var $_salt string
+     * @between 10 10
+     */
+    protected $_salt;
+
+    /**
+     * @var $_profileId int
+     * @nullable
+     */
+    protected $_profileId;
+
+    /**
+     * @var $_externalAuth int
+     * @nullable
+     */
+    protected $_externalAuth;
+
+    /**
+     * @var $_email string
+     */
+    protected $_email;
+
+    /**
+     * @var $_firstname string
+     * @nullable
+     */
+    protected $_firstname;
+
+    /**
+     * @var $_lastname string
+     * @nullable
+     */
+    protected $_lastname;
+
+    /**
+     * @return int
+     */
+    public function getId()
+    {
+        return $this->_id;
+    }
+
+    /**
+     * @param int $id
+     */
+    public function setId($id)
+    {
+        $this->_id = $id;
+    }
+
+    /**
+     * @return string
+     */
+    public function getUsername()
+    {
+        return $this->_username;
+    }
+
+    /**
+     * @param string $username
+     */
+    public function setUsername($username)
+    {
+        $this->_username = $username;
+    }
+
+    /**
+     * @return string
+     */
+    public function getPassword()
+    {
+        return $this->_password;
+    }
+
+    /**
+     * @param string $password
+     */
+    public function setPassword($password)
+    {
+        $this->_password = $password;
+    }
+
+    /**
+     * @return string
+     */
+    public function getSalt()
+    {
+        return $this->_salt;
+    }
+
+    /**
+     * @param string $salt
+     */
+    public function setSalt($salt)
+    {
+        $this->_salt = $salt;
+    }
+
+    /**
+     * @return int
+     */
+    public function getProfileId()
+    {
+        return $this->_profileId;
+    }
+
+    /**
+     * @param int $profileId
+     */
+    public function setProfileId($profileId)
+    {
+        $this->_profileId = $profileId;
+    }
+
+    /**
+     * @return int
+     */
+    public function getExternalAuth()
+    {
+        return $this->_externalAuth;
+    }
+
+    /**
+     * @param int $externalAuth
+     */
+    public function setExternalAuth($externalAuth)
+    {
+        $this->_externalAuth = $externalAuth;
+    }
+
+    /**
+     * @return string
+     */
+    public function getEmail()
+    {
+        return $this->_email;
+    }
+
+    /**
+     * @param string $email
+     */
+    public function setEmail($email)
+    {
+        $this->_email = $email;
+    }
+
+    /**
+     * @return string
+     */
+    public function getFirstname()
+    {
+        return $this->_firstname;
+    }
+
+    /**
+     * @param string $firstname
+     */
+    public function setFirstname($firstname)
+    {
+        $this->_firstname = $firstname;
+    }
+
+    /**
+     * @return string
+     */
+    public function getLastname()
+    {
+        return $this->_lastname;
+    }
+
+    /**
+     * @param string $lastname
+     */
+    public function setLastname($lastname)
+    {
+        $this->_lastname = $lastname;
+    }
+}

src/Auth/Dbo/LuUsersLiteDbo.php

@@ -0,0 +1,167 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: robin
+ * Date: 7/8/16
+ * Time: 1:52 PM
+ */
+
+namespace Luticate\Auth\Dbo;
+
+use Luticate\Utils\Dbo\LuDbo;
+
+class LuUsersLiteDbo extends LuDbo
+{
+    /**
+     * @var $_id int
+     */
+    protected $_id;
+
+    /**
+     * @var $_username string
+     */
+    protected $_username;
+
+    /**
+     * @var $_profileId int
+     * @nullable
+     */
+    protected $_profileId;
+
+    /**
+     * @var $_externalAuth int
+     * @nullable
+     */
+    protected $_externalAuth;
+
+    /**
+     * @var $_email string
+     */
+    protected $_email;
+
+    /**
+     * @var $_firstname string
+     * @nullable
+     */
+    protected $_firstname;
+
+    /**
+     * @var $_lastname string
+     * @nullable
+     */
+    protected $_lastname;
+
+    /**
+     * @return int
+     */
+    public function getId()
+    {
+        return $this->_id;
+    }
+
+    /**
+     * @param int $id
+     */
+    public function setId($id)
+    {
+        $this->_id = $id;
+    }
+
+    /**
+     * @return string
+     */
+    public function getUsername()
+    {
+        return $this->_username;
+    }
+
+    /**
+     * @param string $username
+     */
+    public function setUsername($username)
+    {
+        $this->_username = $username;
+    }
+
+    /**
+     * @return int
+     */
+    public function getProfileId()
+    {
+        return $this->_profileId;
+    }
+
+    /**
+     * @param int $profileId
+     */
+    public function setProfileId($profileId)
+    {
+        $this->_profileId = $profileId;
+    }
+
+    /**
+     * @return int
+     */
+    public function getExternalAuth()
+    {
+        return $this->_externalAuth;
+    }
+
+    /**
+     * @param int $externalAuth
+     */
+    public function setExternalAuth($externalAuth)
+    {
+        $this->_externalAuth = $externalAuth;
+    }
+
+    /**
+     * @return string
+     */
+    public function getEmail()
+    {
+        return $this->_email;
+    }
+
+    /**
+     * @param string $email
+     */
+    public function setEmail($email)
+    {
+        $this->_email = $email;
+    }
+
+    /**
+     * @return string
+     */
+    public function getFirstname()
+    {
+        return $this->_firstname;
+    }
+
+    /**
+     * @param string $firstname
+     */
+    public function setFirstname($firstname)
+    {
+        $this->_firstname = $firstname;
+    }
+
+    /**
+     * @return string
+     */
+    public function getLastname()
+    {
+        return $this->_lastname;
+    }
+
+    /**
+     * @param string $lastname
+     */
+    public function setLastname($lastname)
+    {
+        $this->_lastname = $lastname;
+    }
+    
+    
+}

src/Auth/Dbo/LuUsersLoginDbo.php

@@ -0,0 +1,57 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: robin
+ * Date: 7/7/16
+ * Time: 4:46 PM
+ */
+
+namespace Luticate\Auth\Dbo;
+
+
+use Luticate\Utils\Dbo\LuDbo;
+
+class LuUsersLoginDbo extends LuDbo
+{
+    /**
+     * @var $_username string
+     */
+    protected $_username;
+
+    /**
+     * @var $_password string
+     */
+    protected $_password;
+
+    /**
+     * @return string
+     */
+    public function getUsername()
+    {
+        return $this->_username;
+    }
+
+    /**
+     * @param string $username
+     */
+    public function setUsername($username)
+    {
+        $this->_username = $username;
+    }
+
+    /**
+     * @return string
+     */
+    public function getPassword()
+    {
+        return $this->_password;
+    }
+
+    /**
+     * @param string $password
+     */
+    public function setPassword($password)
+    {
+        $this->_password = $password;
+    }
+}

src/Auth/Dbo/LuUsersLoginResultDbo.php

@@ -0,0 +1,33 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: robin
+ * Date: 7/7/16
+ * Time: 4:53 PM
+ */
+
+namespace Luticate\Auth\Dbo;
+
+class LuUsersLoginResultDbo extends LuUsersLiteDbo
+{
+    /**
+     * @var $_token string
+     */
+    protected $_token;
+
+    /**
+     * @return string
+     */
+    public function getToken()
+    {
+        return $this->_token;
+    }
+
+    /**
+     * @param string $token
+     */
+    public function setToken($token)
+    {
+        $this->_token = $token;
+    }
+}

src/Auth/Middleware/LuAuthMiddleware.php

@@ -0,0 +1,78 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: robin
+ * Date: 7/2/16
+ * Time: 10:54 PM
+ */
+
+namespace Luticate\Auth\Middleware;
+
+use Luticate\Auth\Business\JwtHelper;
+use Luticate\Auth\Business\LuPermissionsBusiness;
+use Luticate\Auth\Business\LuUsersBusiness;
+use Luticate\Auth\Dbo\LuBuiltInPermissions;
+use Luticate\Auth\Dbo\LuUsersDbo;
+use Luticate\Utils\Business\LuBusiness;
+use Luticate\Utils\Business\LuLog;
+use Luticate\Utils\Middleware\LuAbstractMiddleware;
+
+class LuAuthMiddleware implements LuAbstractMiddleware
+{
+    const TOKEN_HEADER = "X-Luticate-Token";
+    
+    public function onBefore($_parameters, $_headers, $permissions = [])
+    {
+        $user = null;
+        $token = $_headers[self::TOKEN_HEADER] ?? null;
+        if ($token != null) {
+            $token = trim($token);
+            if ($token == "") {
+                $token = null;
+            }
+        }
+        if ($token != null) {
+            $data = JwtHelper::decode($token);
+            if ($data != null) {
+                /**
+                 * @var $user LuUsersDbo
+                 */
+                $user_id = intval($data[LuUsersBusiness::KEY_USER_ID]);
+                $salt = $data[LuUsersBusiness::KEY_SALT];
+                $user = LuUsersBusiness::getById($user_id);
+                if ($user->getSalt() !== $salt) {
+                    $user = null;
+                }
+            }
+        }
+
+        if (is_null($user)) {
+            if ($token != null) {
+                LuBusiness::unauthorized("Invalid token");
+            }
+            $user = LuUsersBusiness::getById(0);
+        }
+
+        $_parameters["_user"] = $user;
+
+        $perm = LuPermissionsBusiness::getUserEffectivePermissionByName($user->getId(), LuBuiltInPermissions::USER_LOGIN);
+        if (!$perm) {
+            LuBusiness::unauthorized("Account is disabled");
+        }
+        
+        foreach ($permissions as $permission) {
+            try {
+                $perm = LuPermissionsBusiness::getUserEffectivePermissionByName($user->getId(), $permission);
+                if (!$perm) {
+                    LuBusiness::unauthorized("Permission denied");
+                }
+            } catch (\Exception $e)
+            {
+                LuLog::log($e);
+                LuBusiness::unauthorized("Permission denied");
+            }
+        }
+
+        return $_parameters;
+    }
+}