accounts/api/models/authentication/LoginForm.php

131 lines
3.8 KiB
PHP
Raw Normal View History

<?php
2019-07-26 19:34:57 +05:30
declare(strict_types=1);
namespace api\models\authentication;
use api\aop\annotations\CollectModelMetrics;
use api\models\base\ApiForm;
2018-04-18 02:17:25 +05:30
use api\traits\AccountFinder;
use api\validators\TotpValidator;
use common\helpers\Error as E;
use common\models\Account;
2019-07-26 19:34:57 +05:30
use common\models\AccountSession;
use Webmozart\Assert\Assert;
use Yii;
class LoginForm extends ApiForm {
use AccountFinder;
public $login;
2018-04-18 02:17:25 +05:30
public $password;
2018-04-18 02:17:25 +05:30
public $totp;
2018-04-18 02:17:25 +05:30
public $rememberMe = false;
public function rules(): array {
return [
['login', 'required', 'message' => E::LOGIN_REQUIRED],
['login', 'validateLogin'],
['password', 'required', 'when' => function(self $model): bool {
return !$model->hasErrors();
}, 'message' => E::PASSWORD_REQUIRED],
['password', 'validatePassword'],
['totp', 'required', 'when' => function(self $model): bool {
return !$model->hasErrors() && $model->getAccount()->is_otp_enabled;
}, 'message' => E::TOTP_REQUIRED],
['totp', 'validateTotp'],
['login', 'validateActivity'],
['rememberMe', 'boolean'],
];
}
2019-07-26 19:34:57 +05:30
public function validateLogin(string $attribute): void {
if (!$this->hasErrors() && $this->getAccount() === null) {
$this->addError($attribute, E::LOGIN_NOT_EXIST);
}
}
2019-07-26 19:34:57 +05:30
public function validatePassword(string $attribute): void {
if (!$this->hasErrors()) {
$account = $this->getAccount();
if ($account === null || !$account->validatePassword($this->password)) {
$this->addError($attribute, E::PASSWORD_INCORRECT);
}
}
}
2019-07-26 19:34:57 +05:30
public function validateTotp(string $attribute): void {
if ($this->hasErrors()) {
return;
}
2019-07-26 19:34:57 +05:30
/** @var Account $account */
$account = $this->getAccount();
if (!$account->is_otp_enabled) {
return;
}
$validator = new TotpValidator(['account' => $account]);
$validator->window = 1;
$validator->validateAttribute($this, $attribute);
}
2019-07-26 19:34:57 +05:30
public function validateActivity(string $attribute): void {
if (!$this->hasErrors()) {
2019-07-26 19:34:57 +05:30
/** @var Account $account */
$account = $this->getAccount();
if ($account->status === Account::STATUS_BANNED) {
$this->addError($attribute, E::ACCOUNT_BANNED);
}
if ($account->status === Account::STATUS_REGISTERED) {
$this->addError($attribute, E::ACCOUNT_NOT_ACTIVATED);
}
}
}
public function getLogin(): string {
return $this->login;
}
/**
* @CollectModelMetrics(prefix="authentication.login")
*/
public function login(): ?AuthenticationResult {
if (!$this->validate()) {
return null;
}
2019-07-26 19:34:57 +05:30
$transaction = Yii::$app->db->beginTransaction();
/** @var Account $account */
$account = $this->getAccount();
if ($account->password_hash_strategy !== Account::PASS_HASH_STRATEGY_YII2) {
$account->setPassword($this->password);
2019-07-26 19:34:57 +05:30
Assert::true($account->save(), 'Unable to upgrade user\'s password');
}
2019-08-01 22:28:18 +05:30
$session = null;
2019-07-26 19:34:57 +05:30
if ($this->rememberMe) {
$session = new AccountSession();
$session->account_id = $account->id;
$session->setIp(Yii::$app->request->userIP);
$session->generateRefreshToken();
Assert::true($session->save(), 'Cannot save account session model');
}
$token = Yii::$app->tokensFactory->createForWebAccount($account, $session);
2019-07-26 19:34:57 +05:30
$transaction->commit();
2019-08-01 22:28:18 +05:30
return new AuthenticationResult($token, $session ? $session->refresh_token : null);
}
}