FuzeWorks/Authentication
FuzeWorks/Authentication
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity
1.3.0
Authentication/controller/controller.authentication.php

485 lines
18 KiB
PHP
Raw Permalink Normal View History

Initial commit
2023-02-06 15:44:28 +01:00
<?php
/**
* FuzeWorks Authentication Plugin.
*
* The FuzeWorks PHP FrameWork
*
* Copyright (C) 2013 - 2023 i15
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*
* @author i15
* @copyright Copyright (C) 2013 - 2023, i15. (https://i15.nl)
* @license https://opensource.org/licenses/MIT MIT License
*
* @since Version 1.3.0
*
* @version Version 1.3.0
*/
namespace Application\Controller;
use FuzeWorks\Authentication\Events\LoginEvent;
use FuzeWorks\Authentication\Events\RegisterEvent;
use FuzeWorks\Authentication\Exceptions\AuthenticationException;
use FuzeWorks\Authentication\Exceptions\InputException;
use FuzeWorks\Authentication\Exceptions\LoginErrorException;
use FuzeWorks\Authentication\Exceptions\LoginWarningException;
use FuzeWorks\Authentication\Exceptions\RegisterErrorException;
use FuzeWorks\Authentication\Exceptions\RegisterWarningException;
use FuzeWorks\Authentication\Model\Session;
use FuzeWorks\Authentication\Model\User;
use FuzeWorks\ConfigORM\ConfigORM;
use FuzeWorks\Controller;
use FuzeWorks\Authentication\AuthenticationPlugin;
use FuzeWorks\Events;
use FuzeWorks\Exception\FactoryException;
use FuzeWorks\Exception\LayoutException;
use FuzeWorks\Factory;
use FuzeWorks\Forms\Form;
use FuzeWorks\Layout;
use FuzeWorks\Logger;
use FuzeWorks\Mailer\PHPMailerWrapper;
use FuzeWorks\ObjectStorage\ObjectStorageComponent;
use PHPMailer\PHPMailer\Exception;
use Psr\SimpleCache\CacheInterface;
class AuthenticationController extends Controller
{
protected AuthenticationPlugin $plugin;
public Session $session;
public ConfigORM $authConfig;
public function __construct()
{
parent::__construct();
$this->plugin = $this->plugins->get('auth');
$this->session = $this->plugin->sessions->start();
$this->authConfig = $this->plugin->config;
}
/**
* Attempt a login using a designated identifier and password.
*
* Sessions are automatically extended as they approach their end. Sessions with remember = false will last an hour.
* Sessions with remember = true will last 3 months.
*
* Context data will be saved into the database for security purposes.
*
* Login may be prevented by the following causes:
* - Username and password mismatch, or password is not set.
* - The user is already currently logged in the current session.
* - The user doesn't exist.
* - User is set to inactive.
* - Email verification threshold has expired and the user must verify before being allowed to log in.
* - The event system cancels login for other reasons.
*
* @param string $identifier
* @param string $password
* @param bool $remember
* @param array $context
* @return Session
* @throws LoginErrorException
* @throws LoginWarningException
*/
public function login(string $identifier, string $password, bool $remember = false, array $context = []): Session
{
/** @var LoginEvent $event */
$event = Events::fireEvent(new LoginEvent($identifier, $password, $remember, $context));
if ($event->isCancelled())
throw new LoginErrorException("Login cancelled by system.");
// Fetch the user
$user = $this->plugin->users->getUserByEmail($event->identifier);
foreach ($event->getIdentifierFields() as $field)
{
if (empty($user))
$user = $this->plugin->users->getUsersByProperty($field, $event->identifier);
}
// If user not found, notify
if (empty($user))
throw new LoginWarningException("The provided username and/or password is invalid.");
// Verify that the current session is not the same as the supposed login session
if ($this->session->user->id === $user->id)
throw new LoginWarningException("User is already logged in.");
// Check if the password is correct
if (!password_verify($event->password, $user->password))
throw new LoginWarningException("The provided username and/or password is invalid.");
// Check if the password needs to be updated
if (password_needs_rehash($user->password,
$this->plugin->config->get("password_algorithm"),
$this->plugin->config->get("password_options")))
{
$this->plugin->users->changePassword($user, $event->password);
}
// Check if the user is still active
if (!$user->active)
throw new LoginErrorException("User is inactive. Login blocked.");
// Check if email has been verified on time
if (!is_null($user->emailVerifyToken) && date('U') > $user->emailVerifyExpiry)
{
$url = $this->plugin->getAuthenticationURL() . "/resend_verify_email?t=" . base64_encode($user->primaryEmail);
throw new LoginWarningException("User must verify email before logging in. Click <a href='$url'>here</a> to resend the verification email.");
}
// Create a session, log and return it
$this->session = $this->plugin->sessions->createSession($user, $event->context, $event->remember);
Logger::log("Logged in user '" . $user->primaryEmail . "'");
return $this->session;
}
/**
* Log a user out of the current session.
*
* Will set the session active to false and remove the session cookie.
*
* @return bool
*/
public function logout(): bool
{
if ($this->session->user->id == "0")
return false;
return $this->plugin->sessions->endSession($this->session);
}
/**
* Performs a registration of a new user using the provided data.
*
* The only absolutely required parameter is email. No user can exist without a valid email address.
*
* If password is null (for instance by creating the user from a panel instead of registration), the user shall be asked to set a password after verifying their email.
*
* Parameters should be an empty array, unless the developer wants to explicitly set internal values like emailExpiryTime.
*
* Properties can be any extra key => value data the developer wants to store about their users, such as usernames or social data.
*
* Use $bypassRestrictions in case registration is disabled by config, but a new user must be added anyway.
*
* Registration can be denied for the following reasons:
* - Registration is disabled by config and $bypassRestrictions is not set to true.
* - User already exists.
* - The event system cancels registration of another reason.
*
* @param string $email
* @param string|null $password
* @param array $parameters
* @param array $properties
* @param bool $bypassRestrictions
* @return bool
* @throws RegisterErrorException
* @throws RegisterWarningException
*/
public function register(string $email, ?string $password, array $parameters, array $properties, bool $bypassRestrictions = false): bool
{
// First check if registration is enabled
if (!$this->authConfig->get("register_enabled") && !$bypassRestrictions)
throw new RegisterErrorException("Registration is disabled.");
/** @var RegisterEvent $event */
$event = Events::fireEvent(new RegisterEvent($email, $password, $parameters, $properties));
if ($event->isCancelled())
{
$error = is_null($event->getError()) ? "Register cancelled by system." : $event->getError();
throw new RegisterErrorException($error);
}
// Create the user
try {
if (!$this->plugin->users->addUser($event->email, $event->password, true, $event->properties))
throw new RegisterErrorException("Could not create user. System error.");
// Fetch the user
$user = $this->plugin->users->getUserByEmail($event->email);
$this->sendVerifyEmail($user);
} catch (InputException|AuthenticationException $e) {
throw new RegisterErrorException($e->getMessage());
} catch (Exception $e) {
throw new RegisterErrorException("Could not add user. Failed to send mail to user: " . $e->getMessage());
} catch (FactoryException|LayoutException $e) {
throw new RegisterErrorException("Could not add user. System failure.");
}
return true;
}
/**
* Sends a new email verification message to the user, in case the existing message is lost or expired.
*
* @param string $email
* @return bool
* @throws LoginErrorException
* @throws RegisterErrorException
*/
public function resendVerifyEmail(string $email): bool
{
$user = $this->plugin->users->getUserByEmail($email);
if (is_null($user))
throw new LoginErrorException("User not found.");
try {
$this->sendVerifyEmail($user);
} catch (FactoryException|LayoutException $e) {
throw new LoginErrorException("Could not resend verify email. System failure.");
} catch (Exception $e) {
throw new RegisterErrorException("Could not resend verify email. Failed to send mail to user: " . $e->getMessage());
}
return true;
}
/**
* Sends a email verification message to the user.
*
* @param User $user
* @return void
*/
private function sendVerifyEmail(User $user): void
{
// Load template engine
/** @var Layout $layout */
$layout = Factory::getInstance("layouts");
$layout->assign("user", $user);
$layout->assign("verifyURL", $this->plugin->getAuthenticationURL() . "/verify");
$html = $layout->get("mail/register");
$alt = $layout->get("mail/register_alt");
// Prepare mailer
/** @var PHPMailerWrapper $mailer */
$mailer = $this->libraries->get("mailer");
$mailer->addAddress($user->primaryEmail);
$serverName = $this->config->getConfig("web")->get("serverName");
$mailer->Subject = "Welcome to $serverName !";
$mailer->isHTML();
$mailer->Body = $html;
$mailer->AltBody = $alt;
// And send mail
$mailer->send();
}
/**
* Verifies a user by their email token.
*
* @param string $token
* @return User|null
*/
public function verifyEmail(string $token): ?User
{
// Fetch user
$users = $this->plugin->users->getUsersByVariable("emailVerifyToken", $token);
if (count($users) === 1)
{
// Select user
/** @var User $user */
$user = $users[0];
$user->emailVerifyToken = null;
$user->emailVerifyExpiry = null;
// Update the user
$this->plugin->users->updateUser($user);
// And return true
return $user;
}
return null;
}
/**
* Sends a forgot password email to the user, based on the email address of the user.
*
* Will be denied if:
* - Password resets are disabled by config.
* - The user doesn't exist.
* - The user is marked as inactive.
*
* @param string $email
* @return bool
* @throws FactoryException
* @throws LoginErrorException
* @throws LoginWarningException
*/
public function forgotPassword(string $email): bool
{
// Check if forgot password is enabled
if (!$this->authConfig->get("forgot_password_enabled"))
throw new LoginErrorException("Forgot password is disabled.");
// Fetch the user
$user = $this->plugin->users->getUserByEmail($email);
// If user not found, notify
if (empty($user))
throw new LoginWarningException("The provided email is unknown.");
// Check if the user is still active
if (!$user->active)
throw new LoginErrorException("The provided email is unknown");
// Generate reset token
$token = bin2hex(random_bytes(32));
// Save the token and user ID to ObjectStorage
/** @var CacheInterface $cache */
$cache = Factory::getInstance("storage")->getCache();
$cache->set("forgot_password_" . $token, $user->id, 3600);
// And send mail
try {
// Data is verified. Now send the email.
/** @var Layout $layout */
$layout = Factory::getInstance("layouts");
$layout->assign("resetURL", $this->plugin->getAuthenticationURL() . "/reset_password");
$layout->assign("token", $token);
$html = $layout->get("mail/forgot_password");
$alt = $layout->get("mail/forgot_password_alt");
// Prepare mailer
/** @var PHPMailerWrapper $mailer */
$mailer = $this->libraries->get("mailer");
$mailer->addAddress($email);
$mailer->Subject = "Password reset";
$mailer->isHTML();
$mailer->Body = $html;
$mailer->AltBody = $alt;
$mailer->send();
} catch (Exception $e) {
throw new LoginErrorException("Could not send mail to user: " . $e->getMessage());
} catch (FactoryException|LayoutException $e) {
throw new LoginErrorException("Could not send mail to user. System failure.");
}
return true;
}
/**
* Method used by AdminView to generate a token to reset password with, after verifying email.
*
* @internal
* @param User $user
* @return string
*/
public function createResetToken(User $user): string
{
// Generate reset token
$token = bin2hex(random_bytes(32));
// Save the token and user ID to ObjectStorage
/** @var CacheInterface $cache */
$cache = Factory::getInstance("storage")->getCache();
$cache->set("forgot_password_" . $token, $user->id, 3600);
return $token;
}
/**
* Reset the password of the user with the selected token
*
* @param string $token
* @param string $password
* @return bool
* @throws LoginErrorException
*/
public function resetPassword(string $token, string $password): bool
{
// Check token in cache
/** @var CacheInterface $cache */
$cache = Factory::getInstance("storage")->getCache();
if (!$cache->has("forgot_password_" . $token))
throw new LoginErrorException("User was not found.");
// Fetch user
$user = $this->plugin->users->getUserByUid($cache->get("forgot_password_" . $token));
// Modify the user
try {
if ($this->plugin->users->changePassword($user, $password))
$cache->delete("forgot_password_" . $token);
return true;
} catch (InputException $e) {
throw new LoginErrorException($e->getMessage());
}
}
/**
* Returns an array of detailed user information.
*
* Returns ['user' => User, 'sessions' => Session[]] , or null if not found.
*
* @param string $userId
* @return array|null
*/
public function getDetailedUserInformation(string $userId): ?array
{
$user = $this->plugin->users->getUserByUid($userId);
if (is_null($user))
return null;
$sessions = $this->plugin->sessions->getSessions(['user' => $userId]);
return ['user' => $user, 'sessions' => $sessions];
}
/**
* Gives a list of users that match the filter.
*
* @param array $filter
* @param int $index
* @param int $limit
* @return array
*/
public function listUsers(array $filter = [], int $index = 0, int $limit = 25): array
{
return $this->plugin->users->getUsers($index, $limit);
}
/**
* Condition callable for register form, to check if password 1 and 2 are equivalent.
*
* @internal
* @param Form $form
* @return bool
*/
public static function registerFormCondition(Form $form): bool
{
// Verify password1 and password2 equivalency
$pass1 = $form->getField("password1");
$pass2 = $form->getField("password2");
if ($pass1->getValue() !== $pass2->getValue())
{
$pass1->invalidate();
$pass2->invalidate();
$pass1->addError("Passwords do not match");
$pass2->addError("Passwords do not match");
return false;
}
return true;
}
}
Reference in New Issue Copy Permalink