luticate
/
api-auth


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165
							<?php

namespace Luticate\Auth\Business;

use Illuminate\Support\Facades\DB;
use Luticate\Auth\DBO\LuticatePermissions;
use Luticate\Auth\DBO\LuticateUsersLoginDbo;
use Luticate\Utils\LuBusiness;
use Luticate\Auth\DataAccess\LuticateUsersDataAccess;
use Luticate\Auth\DBO\LuticateUsersDbo;

class LuticateUsersBusiness extends LuBusiness {

    const KEY_USER_ID =  "user_id";
    const KEY_SALT =  "salt";
    const KEY_DATA =  "data";

    protected static function getDataAccess()
    {
        return new LuticateUsersDataAccess();
    }

    protected static function badPassword()
    {
        abort(401, "Bad username/password");
    }

    public static function hashPassword($password)
    {
        return password_hash($password, PASSWORD_BCRYPT);
    }

    public static function verifyPassword($password, $hash)
    {
        return password_verify($password, $hash);
    }

    public static function getSalt($length = 10)
    {
        $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
        $charactersLength = strlen($characters);
        $randomString = '';
        for ($i = 0; $i < $length; $i++) {
            $randomString .= $characters[rand(0, $charactersLength - 1)];
        }
        return $randomString;
    }

    /**
     * @param $user LuticateUsersDbo
     * @param $data mixed
     * @return string
     */
    public static function getToken($user, $data = null)
    {
        return JwtHelper::encode(array(
            self::KEY_USER_ID => $user->getId(),
            self::KEY_SALT => $user->getSalt(),
            self::KEY_DATA => $data
            ));
    }

    /**
     * @param $user_id
     * @return LuticateUsersDbo|null
     */
    public static function checkUserId($user_id)
    {
        $user = LuticateUsersDataAccess::getById($user_id);
        if (is_null($user)) {
            self::notFound("User not found");
        }
        return $user;
    }

    public static function login($username, $password)
    {
        $user = LuticateUsersDataAccess::getByUsernameOrEmail($username);
        if (is_null($user))
            self::badPassword();
        if (!self::verifyPassword($password, $user->getPassword()))
            self::badPassword();

        $user = LuticateUsersLoginDbo::fromUserDbo($user);
        $user->setToken(self::getToken($user));
        return $user;
    }

    /**
     * @param $user LuticateUsersDbo
     * @return bool
     */
    public static function logout($user)
    {
        if ($user->getId() != 0) {
            $user->setSalt(self::getSalt());
            LuticateUsersDataAccess::editById($user->getId(), $user);
        }
        return true;
    }

    public static function add($username, $email, $password)
    {
        $hash = self::hashPassword($password);
        if (filter_var($username, FILTER_VALIDATE_EMAIL))
            self::badInput("Username can not be an email");
        if (!filter_var($email, FILTER_VALIDATE_EMAIL))
            self::badInput("Invalid email address");
        $user = LuticateUsersDataAccess::getByUsernameOrEmail($username);
        if (!is_null($user))
            self::badInput("Username already exists");
        $user = LuticateUsersDataAccess::getByUsernameOrEmail($email);
        if (!is_null($user))
            self::badInput("Email already used");

        $user = new LuticateUsersDbo();
        $user->setEmail($email);
        $user->setPassword($hash);
        $user->setUsername($username);
        $user->setSalt(self::getSalt());

        DB::beginTransaction();

        $user_id = LuticateUsersDataAccess::addId($user);

        if (!is_null(LuticateGroupsBusiness::getById(0))) {
            LuticateGroupsBusiness::addUserToGroup($user_id, 0);
        }
        DB::commit();

        return $user_id;
    }

    public static function edit($user_id, $email)
    {
        if ($user_id != 0) {
            $user = self::checkUserId($user_id);
            $user->setEmail($email);
            LuticateUsersDataAccess::editById($user_id, $user);
        }
        return true;
    }

    public static function editMe($email, $user)
    {
        return self::edit($user->getId(), $email);
    }

    public static function setPassword($user_id, $password)
    {
        if ($user_id != 0) {
            $user = self::checkUserId($user_id);
            $user->setPassword(self::hashPassword($password));
            $user->setSalt(self::getSalt());
            LuticateUsersDataAccess::editById($user_id, $user);
        }
        return true;
    }

    public static function setPasswordMe($password, $oldPassword, $user)
    {
        self::login($user->getUsername(), $oldPassword);
        return self::setPassword($user->getId(), $password);
    }
}