luticate
/
api-auth


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103
							<?php

namespace Luticate\Auth\Business;

use Luticate\Auth\DBO\LuticateUsersLoginDbo;
use Luticate\Utils\LuBusiness;
use Luticate\Auth\DataAccess\LuticateUsersDataAccess;
use Luticate\Auth\DBO\LuticateUsersDbo;

class LuticateUsersBusiness extends LuBusiness {

    const KEY_USER_ID =  "user_id";
    const KEY_SALT =  "salt";

    protected static function getDataAccess()
    {
        return new LuticateUsersDataAccess();
    }

    protected static function badPassword()
    {
        abort(401, "Bad username/password");
    }

    public static function hashPassword($password)
    {
        return password_hash($password, PASSWORD_BCRYPT);
    }

    public static function verifyPassword($password, $hash)
    {
        return password_verify($password, $hash);
    }

    public static function getSalt($length = 10)
    {
        $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
        $charactersLength = strlen($characters);
        $randomString = '';
        for ($i = 0; $i < $length; $i++) {
            $randomString .= $characters[rand(0, $charactersLength - 1)];
        }
        return $randomString;
    }

    /**
     * @param $user LuticateUsersDbo
     * @return string
     */
    public static function getToken($user)
    {
        return JwtHelper::encode(array(
            self::KEY_USER_ID => $user->getId(),
            self::KEY_SALT => $user->getSalt()
            ));
    }

    public static function login($username, $password)
    {
        $user = LuticateUsersDataAccess::getByUsernameOrEmail($username);
        if (is_null($user))
            self::badPassword();
        if (!self::verifyPassword($password, $user->getPassword()))
            self::badPassword();
        $user = LuticateUsersLoginDbo::fromUserDbo($user);
        $user->setToken(self::getToken($user));
        return $user;
    }

    /**
     * @param $user LuticateUsersDbo
     * @return bool
     */
    public static function logout($user)
    {
        $user->setSalt(self::getSalt());
        LuticateUsersDataAccess::editById($user->getId(), $user);
        return true;
    }

    public static function add($username, $email, $password)
    {
        $hash = self::hashPassword($password);
        if (filter_var($username, FILTER_VALIDATE_EMAIL))
            self::badInput("Username can not be an email");
        if (!filter_var($email, FILTER_VALIDATE_EMAIL))
            self::badInput("Invalid email address");
        $user = LuticateUsersDataAccess::getByUsernameOrEmail($username);
        if (!is_null($user))
            self::badInput("Username already exists");
        $user = LuticateUsersDataAccess::getByUsernameOrEmail($email);
        if (!is_null($user))
            self::badInput("Email already used");

        $user = new LuticateUsersDbo();
        $user->setEmail($email);
        $user->setPassword($hash);
        $user->setUsername($username);
        $user->setSalt(self::getSalt());

        return LuticateUsersDataAccess::addId($user);
    }
}