279 lines
8.6 KiB
PHP
Executable File
279 lines
8.6 KiB
PHP
Executable File
<?php
|
|
/**
|
|
* FuzeWorks Authentication Plugin.
|
|
*
|
|
* The FuzeWorks PHP FrameWork
|
|
*
|
|
* Copyright (C) 2013 - 2023 i15
|
|
*
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
* of this software and associated documentation files (the "Software"), to deal
|
|
* in the Software without restriction, including without limitation the rights
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
* copies of the Software, and to permit persons to whom the Software is
|
|
* furnished to do so, subject to the following conditions:
|
|
*
|
|
* The above copyright notice and this permission notice shall be included in all
|
|
* copies or substantial portions of the Software.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
* SOFTWARE.
|
|
*
|
|
* @author i15
|
|
* @copyright Copyright (C) 2013 - 2023, i15. (https://i15.nl)
|
|
* @license https://opensource.org/licenses/MIT MIT License
|
|
*
|
|
* @since Version 1.3.0
|
|
*
|
|
* @version Version 1.3.0
|
|
*/
|
|
|
|
namespace FuzeWorks\Authentication\Model;
|
|
use FuzeWorks\Authentication\AuthenticationPlugin;
|
|
use FuzeWorks\Authentication\Driver;
|
|
use FuzeWorks\Authentication\Drivers\MongoUsersModelDriver;
|
|
use FuzeWorks\Authentication\Drivers\PdoUsersModelDriver;
|
|
use FuzeWorks\Authentication\Events\AddUserEvent;
|
|
use FuzeWorks\Authentication\Exceptions\AuthenticationException;
|
|
use FuzeWorks\Authentication\Exceptions\InputException;
|
|
use FuzeWorks\Authentication\UsersModelDriverInterface;
|
|
use FuzeWorks\ConfigORM\ConfigORM;
|
|
use FuzeWorks\DatabaseEngine\iDatabaseEngine;
|
|
use FuzeWorks\Events;
|
|
use FuzeWorks\Exception\FactoryException;
|
|
use FuzeWorks\Exception\LayoutException;
|
|
use FuzeWorks\Factory;
|
|
use FuzeWorks\Layout;
|
|
use FuzeWorks\Mailer\PHPMailerWrapper;
|
|
use FuzeWorks\Model;
|
|
use PHPMailer\PHPMailer\Exception;
|
|
|
|
class Users extends Model
|
|
{
|
|
|
|
protected ?UsersModelDriverInterface $driver;
|
|
protected ConfigORM $authCFG;
|
|
protected AuthenticationPlugin $plugin;
|
|
|
|
public function __construct(iDatabaseEngine $engine, Driver $driver, AuthenticationPlugin $plugin)
|
|
{
|
|
parent::__construct();
|
|
|
|
// Determine driver
|
|
// @todo Implement PDO
|
|
if ($driver == Driver::PDO)
|
|
$this->driver = new PdoUsersModelDriver($engine);
|
|
elseif ($driver == Driver::MONGO)
|
|
$this->driver = new MongoUsersModelDriver($engine);
|
|
|
|
// Set plugin
|
|
$this->plugin = $plugin;
|
|
|
|
// Load config
|
|
$this->authCFG = $plugin->config;
|
|
}
|
|
|
|
/**
|
|
* @param string $email
|
|
* @return User|null
|
|
*/
|
|
public function getUserByEmail(string $email): ?User
|
|
{
|
|
$users = $this->driver->readUsers(["primaryEmail" => $email]);
|
|
if (empty($users))
|
|
return null;
|
|
|
|
return $users[0];
|
|
}
|
|
|
|
/**
|
|
* @param string $uid
|
|
* @return User|null
|
|
*/
|
|
public function getUserByUid(string $uid): ?User
|
|
{
|
|
$users = $this->driver->readUsers(["id" => $uid]);
|
|
if (empty($users))
|
|
return null;
|
|
|
|
return $users[0];
|
|
}
|
|
|
|
/**
|
|
* @param string[] $ids
|
|
* @return User[]
|
|
*/
|
|
public function getUsersByUids(array $ids): array
|
|
{
|
|
$out = [];
|
|
foreach ($ids as $id)
|
|
{
|
|
$user = $this->getUserByUid($id);
|
|
if (!is_null($user))
|
|
$out[] = $user;
|
|
}
|
|
|
|
return $out;
|
|
}
|
|
|
|
/**
|
|
* Returns all the users which have a specific permission node.
|
|
*
|
|
* @note Currently non-functional on PDO backends
|
|
* @todo Fix^
|
|
*
|
|
* @param string $permissionString
|
|
* @return User[]
|
|
*/
|
|
public function getUsersByPermissionString(string $permissionString): array
|
|
{
|
|
return $this->driver->readUsers(["permissions" => $permissionString]);
|
|
}
|
|
|
|
/**
|
|
* @param string $variableKey
|
|
* @param string $variableValue
|
|
* @return User[]
|
|
*/
|
|
public function getUsersByProperty(string $variableKey, string $variableValue): array
|
|
{
|
|
return $this->driver->readUsers(["properties.".$variableKey => $variableValue]);
|
|
}
|
|
|
|
/**
|
|
* @param string $variableKey
|
|
* @param string $variableValue
|
|
* @return User[]
|
|
*/
|
|
public function getUsersByVariable(string $variableKey, string $variableValue): array
|
|
{
|
|
return $this->driver->readUsers([$variableKey => $variableValue]);
|
|
}
|
|
|
|
/**
|
|
* Retrieve all users
|
|
*
|
|
* @return Users[]
|
|
*/
|
|
public function getUsers(int $index = 0, int $limit = 999): array
|
|
{
|
|
return $this->driver->readUsers([], ['index' => $index, 'limit' => $limit]);
|
|
}
|
|
|
|
/**
|
|
* @param string $email
|
|
* @param string|null $password
|
|
* @param bool $active
|
|
* @param array $properties
|
|
* @return bool
|
|
* @throws InputException
|
|
* @throws AuthenticationException
|
|
*/
|
|
public function addUser(string $email, ?string $password, bool $active = true, array $properties = []): bool
|
|
{
|
|
// First verify the variables
|
|
if (!is_null($password))
|
|
{
|
|
$this->validatePassword($password);
|
|
|
|
// Hash the password
|
|
$password = password_hash($password, $this->authCFG->get("password_algorithm"), $this->authCFG->get("password_options"));
|
|
}
|
|
|
|
// Generate uid
|
|
$uid = substr(base64_encode(sha1(mt_rand())), 0, 16);
|
|
|
|
// Verify if a user with this identifier already exists
|
|
$this->validateEmail($email);
|
|
if ($this->getUserByEmail($email) !== null)
|
|
throw new InputException("This user already exists.");
|
|
|
|
// Fire AddUserEvent
|
|
/** @var AddUserEvent $event */
|
|
$event = Events::fireEvent(new AddUserEvent($email, $password, $active, $properties));
|
|
if ($event->isCancelled())
|
|
{
|
|
$error = is_null($event->getError()) ? "Add user cancelled by system." : $event->getError();
|
|
throw new InputException($error);
|
|
}
|
|
|
|
// Prepare user verification code
|
|
$emailExpire = (int) date('U') + (int) $this->authCFG->get("verifyEmailWithin");
|
|
$emailToken = substr(base64_encode(sha1(mt_rand())), 0, 16);
|
|
|
|
// Prepare user object
|
|
$user = new User($uid, $event->email, $event->password, ["USER"], $event->active, $emailToken, $emailExpire, $event->getProperties());
|
|
|
|
// Send the data to the driver
|
|
return $this->driver->createUsers([$user]);
|
|
}
|
|
|
|
/**
|
|
* @param User $user
|
|
* @param string $newPassword
|
|
* @return bool
|
|
* @throws InputException
|
|
*/
|
|
public function changePassword(User $user, string $newPassword): bool
|
|
{
|
|
// Validate the password
|
|
$this->validatePassword($newPassword);
|
|
|
|
// Calculate password
|
|
$user->password = password_hash($newPassword, $this->authCFG->get("password_algorithm"), $this->authCFG->get("password_options"));
|
|
|
|
// And commit
|
|
return $this->updateUser($user);
|
|
}
|
|
|
|
public function updateUser(User $user): bool
|
|
{
|
|
return $this->driver->updateUsers([$user]);
|
|
}
|
|
|
|
public function deleteUser(User $user): bool
|
|
{
|
|
return $this->driver->deleteUsers([$user]);
|
|
}
|
|
|
|
/**
|
|
* Validate if the password is strong enough
|
|
*
|
|
* @param string $password
|
|
* @return bool
|
|
* @throws InputException
|
|
*/
|
|
protected function validatePassword(string $password): bool
|
|
{
|
|
// First check for length
|
|
$min_length = $this->authCFG->get('password_min_length');
|
|
if (strlen($password) < $min_length)
|
|
throw new InputException("Password is too short. Must contain at least $min_length characters.");
|
|
|
|
// @todo Implement more tests
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Validate if the provided string is a valid email.
|
|
*
|
|
* @param string $email
|
|
* @return bool
|
|
* @throws InputException
|
|
*/
|
|
protected function validateEmail(string $email): bool
|
|
{
|
|
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
|
|
throw new InputException("Provided email is not valid.");
|
|
|
|
return true;
|
|
}
|
|
|
|
|
|
} |