luticate
/
api-auth
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 6 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
27 Commits
2 Branches
Tree: abed0e138e
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'abed0e138e'
${ noResults }
api-auth/src/Auth/Business/LuticateUsersBusiness.php

LuticateUsersBusiness.php 3.4KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116 
  1. <?php

  2. 

  3. namespace Luticate\Auth\Business;

  4. 

  5. use Luticate\Auth\DBO\LuticatePermissions;

  6. use Luticate\Auth\DBO\LuticateUsersLoginDbo;

  7. use Luticate\Utils\LuBusiness;

  8. use Luticate\Auth\DataAccess\LuticateUsersDataAccess;

  9. use Luticate\Auth\DBO\LuticateUsersDbo;

  10. 

  11. class LuticateUsersBusiness extends LuBusiness {

  12. 

  13.     const KEY_USER_ID =  "user_id";

  14.     const KEY_SALT =  "salt";

  15. 

  16.     protected static function getDataAccess()

  17.     {

  18.         return new LuticateUsersDataAccess();

  19.     }

  20. 

  21.     protected static function badPassword()

  22.     {

  23.         abort(401, "Bad username/password");

  24.     }

  25. 

  26.     public static function hashPassword($password)

  27.     {

  28.         return password_hash($password, PASSWORD_BCRYPT);

  29.     }

  30. 

  31.     public static function verifyPassword($password, $hash)

  32.     {

  33.         return password_verify($password, $hash);

  34.     }

  35. 

  36.     /**

  37.      * @param $user LuticateUsersDbo

  38.      * @param int $length

  39.      * @return string

  40.      */

  41.     public static function getSalt($user, $length = 10)

  42.     {

  43.         if ($user->getId() == 0) {

  44.             return "";

  45.         }

  46.         $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';

  47.         $charactersLength = strlen($characters);

  48.         $randomString = '';

  49.         for ($i = 0; $i < $length; $i++) {

  50.             $randomString .= $characters[rand(0, $charactersLength - 1)];

  51.         }

  52.         return $randomString;

  53.     }

  54. 

  55.     /**

  56.      * @param $user LuticateUsersDbo

  57.      * @return string

  58.      */

  59.     public static function getToken($user)

  60.     {

  61.         return JwtHelper::encode(array(

  62.             self::KEY_USER_ID => $user->getId(),

  63.             self::KEY_SALT => $user->getSalt()

  64.             ));

  65.     }

  66. 

  67.     public static function login($username, $password)

  68.     {

  69.         $user = LuticateUsersDataAccess::getByUsernameOrEmail($username);

  70.         if (is_null($user))

  71.             self::badPassword();

  72.         if (!self::verifyPassword($password, $user->getPassword()))

  73.             self::badPassword();

  74. 

  75.         if (!LuticatePermissionsBusiness::getUserPermission($user->getId(), LuticatePermissions::USER_LOGIN))

  76.             self::unauthorized("User not allowed to login");

  77. 

  78.         $user = LuticateUsersLoginDbo::fromUserDbo($user);

  79.         $user->setToken(self::getToken($user));

  80.         return $user;

  81.     }

  82. 

  83.     /**

  84.      * @param $user LuticateUsersDbo

  85.      * @return bool

  86.      */

  87.     public static function logout($user)

  88.     {

  89.         $user->setSalt(self::getSalt($user));

  90.         LuticateUsersDataAccess::editById($user->getId(), $user);

  91.         return true;

  92.     }

  93. 

  94.     public static function add($username, $email, $password)

  95.     {

  96.         $hash = self::hashPassword($password);

  97.         if (filter_var($username, FILTER_VALIDATE_EMAIL))

  98.             self::badInput("Username can not be an email");

  99.         if (!filter_var($email, FILTER_VALIDATE_EMAIL))

  100.             self::badInput("Invalid email address");

  101.         $user = LuticateUsersDataAccess::getByUsernameOrEmail($username);

  102.         if (!is_null($user))

  103.             self::badInput("Username already exists");

  104.         $user = LuticateUsersDataAccess::getByUsernameOrEmail($email);

  105.         if (!is_null($user))

  106.             self::badInput("Email already used");

  107. 

  108.         $user = new LuticateUsersDbo();

  109.         $user->setEmail($email);

  110.         $user->setPassword($hash);

  111.         $user->setUsername($username);

  112.         $user->setSalt(self::getSalt());

  113. 

  114.         return LuticateUsersDataAccess::addId($user);

  115.     }

  116. }