2016-08-21 02:21:39 +03:00
|
|
|
|
<?php
|
|
|
|
|
namespace api\modules\authserver\models;
|
|
|
|
|
|
|
|
|
|
use api\models\authentication\LoginForm;
|
2017-05-31 03:10:22 +03:00
|
|
|
|
use api\models\base\ApiForm;
|
2016-08-21 02:21:39 +03:00
|
|
|
|
use api\modules\authserver\exceptions\ForbiddenOperationException;
|
2016-08-29 02:17:45 +03:00
|
|
|
|
use api\modules\authserver\Module as Authserver;
|
2018-01-02 20:22:56 +03:00
|
|
|
|
use api\modules\authserver\validators\ClientTokenValidator;
|
2016-08-21 02:21:39 +03:00
|
|
|
|
use api\modules\authserver\validators\RequiredValidator;
|
2016-08-29 02:17:45 +03:00
|
|
|
|
use common\helpers\Error as E;
|
|
|
|
|
use common\models\Account;
|
2016-08-21 02:21:39 +03:00
|
|
|
|
use common\models\MinecraftAccessKey;
|
|
|
|
|
|
2017-05-31 03:10:22 +03:00
|
|
|
|
class AuthenticationForm extends ApiForm {
|
2016-08-21 02:21:39 +03:00
|
|
|
|
|
|
|
|
|
public $username;
|
2018-04-17 23:47:25 +03:00
|
|
|
|
|
2016-08-21 02:21:39 +03:00
|
|
|
|
public $password;
|
2018-04-17 23:47:25 +03:00
|
|
|
|
|
2016-08-21 02:21:39 +03:00
|
|
|
|
public $clientToken;
|
|
|
|
|
|
|
|
|
|
public function rules() {
|
|
|
|
|
return [
|
|
|
|
|
[['username', 'password', 'clientToken'], RequiredValidator::class],
|
2018-01-02 20:22:56 +03:00
|
|
|
|
[['clientToken'], ClientTokenValidator::class],
|
2016-08-21 02:21:39 +03:00
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @return AuthenticateData
|
|
|
|
|
* @throws \api\modules\authserver\exceptions\AuthserverException
|
|
|
|
|
*/
|
|
|
|
|
public function authenticate() {
|
|
|
|
|
$this->validate();
|
|
|
|
|
|
2016-08-29 02:17:45 +03:00
|
|
|
|
Authserver::info("Trying to authenticate user by login = '{$this->username}'.");
|
2016-08-21 02:21:39 +03:00
|
|
|
|
|
2016-08-29 02:17:45 +03:00
|
|
|
|
$loginForm = $this->createLoginForm();
|
2016-08-21 02:21:39 +03:00
|
|
|
|
$loginForm->login = $this->username;
|
|
|
|
|
$loginForm->password = $this->password;
|
|
|
|
|
if (!$loginForm->validate()) {
|
|
|
|
|
$errors = $loginForm->getFirstErrors();
|
2017-09-06 20:17:52 +03:00
|
|
|
|
if (isset($errors['totp'])) {
|
2017-02-23 20:15:03 +03:00
|
|
|
|
Authserver::error("User with login = '{$this->username}' protected by two factor auth.");
|
|
|
|
|
throw new ForbiddenOperationException('Account protected with two factor auth.');
|
2018-04-17 23:47:25 +03:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (isset($errors['login'])) {
|
2016-08-29 02:17:45 +03:00
|
|
|
|
if ($errors['login'] === E::ACCOUNT_BANNED) {
|
|
|
|
|
Authserver::error("User with login = '{$this->username}' is banned");
|
|
|
|
|
throw new ForbiddenOperationException('This account has been suspended.');
|
|
|
|
|
}
|
2018-04-17 23:47:25 +03:00
|
|
|
|
|
|
|
|
|
Authserver::error("Cannot find user by login = '{$this->username}'");
|
2016-08-21 02:21:39 +03:00
|
|
|
|
} elseif (isset($errors['password'])) {
|
2016-08-29 02:17:45 +03:00
|
|
|
|
Authserver::error("User with login = '{$this->username}' passed wrong password.");
|
2016-08-21 02:21:39 +03:00
|
|
|
|
}
|
|
|
|
|
|
2019-07-15 01:59:56 +03:00
|
|
|
|
// The previous authorization server implementation used the nickname field instead of username,
|
|
|
|
|
// so we keep such behavior
|
2016-08-21 02:21:39 +03:00
|
|
|
|
$attribute = $loginForm->getLoginAttribute();
|
|
|
|
|
if ($attribute === 'username') {
|
|
|
|
|
$attribute = 'nickname';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// TODO: эта логика дублируется с логикой в SignoutForm
|
|
|
|
|
|
|
|
|
|
throw new ForbiddenOperationException("Invalid credentials. Invalid {$attribute} or password.");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$account = $loginForm->getAccount();
|
2016-08-29 02:17:45 +03:00
|
|
|
|
$accessTokenModel = $this->createMinecraftAccessToken($account);
|
|
|
|
|
$dataModel = new AuthenticateData($accessTokenModel);
|
|
|
|
|
|
|
|
|
|
Authserver::info("User with id = {$account->id}, username = '{$account->username}' and email = '{$account->email}' successfully logged in.");
|
|
|
|
|
|
|
|
|
|
return $dataModel;
|
|
|
|
|
}
|
2016-08-21 02:21:39 +03:00
|
|
|
|
|
2018-04-17 23:47:25 +03:00
|
|
|
|
protected function createMinecraftAccessToken(Account $account): MinecraftAccessKey {
|
2016-08-21 02:21:39 +03:00
|
|
|
|
/** @var MinecraftAccessKey|null $accessTokenModel */
|
2016-08-29 02:17:45 +03:00
|
|
|
|
$accessTokenModel = MinecraftAccessKey::findOne([
|
|
|
|
|
'account_id' => $account->id,
|
2016-10-25 02:43:27 +03:00
|
|
|
|
'client_token' => $this->clientToken,
|
2016-08-29 02:17:45 +03:00
|
|
|
|
]);
|
|
|
|
|
|
2016-08-21 02:21:39 +03:00
|
|
|
|
if ($accessTokenModel === null) {
|
|
|
|
|
$accessTokenModel = new MinecraftAccessKey();
|
|
|
|
|
$accessTokenModel->client_token = $this->clientToken;
|
|
|
|
|
$accessTokenModel->account_id = $account->id;
|
|
|
|
|
$accessTokenModel->insert();
|
|
|
|
|
} else {
|
|
|
|
|
$accessTokenModel->refreshPrimaryKeyValue();
|
2016-10-15 17:35:03 +03:00
|
|
|
|
$accessTokenModel->update();
|
2016-08-21 02:21:39 +03:00
|
|
|
|
}
|
|
|
|
|
|
2016-08-29 02:17:45 +03:00
|
|
|
|
return $accessTokenModel;
|
|
|
|
|
}
|
2016-08-21 02:21:39 +03:00
|
|
|
|
|
2018-04-17 23:47:25 +03:00
|
|
|
|
protected function createLoginForm(): LoginForm {
|
2016-08-29 02:17:45 +03:00
|
|
|
|
return new LoginForm();
|
2016-08-21 02:21:39 +03:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|