2016-01-02 19:13:18 +05:30
|
|
|
<?php
|
2019-07-26 19:34:57 +05:30
|
|
|
declare(strict_types=1);
|
|
|
|
|
2016-05-14 05:17:17 +05:30
|
|
|
namespace api\models\authentication;
|
2016-01-02 19:13:18 +05:30
|
|
|
|
2017-11-19 21:02:51 +05:30
|
|
|
use api\aop\annotations\CollectModelMetrics;
|
2016-03-20 05:03:49 +05:30
|
|
|
use api\models\base\ApiForm;
|
2018-04-18 02:17:25 +05:30
|
|
|
use api\traits\AccountFinder;
|
2017-01-23 16:52:20 +05:30
|
|
|
use api\validators\TotpValidator;
|
2016-06-17 02:02:23 +05:30
|
|
|
use common\helpers\Error as E;
|
2016-01-03 05:48:37 +05:30
|
|
|
use common\models\Account;
|
2019-07-26 19:34:57 +05:30
|
|
|
use common\models\AccountSession;
|
|
|
|
use Webmozart\Assert\Assert;
|
2016-01-02 19:13:18 +05:30
|
|
|
use Yii;
|
|
|
|
|
2016-03-20 05:03:49 +05:30
|
|
|
class LoginForm extends ApiForm {
|
2016-05-11 01:10:06 +05:30
|
|
|
use AccountFinder;
|
2016-01-15 14:51:27 +05:30
|
|
|
|
|
|
|
public $login;
|
2018-04-18 02:17:25 +05:30
|
|
|
|
2016-01-02 19:13:18 +05:30
|
|
|
public $password;
|
2018-04-18 02:17:25 +05:30
|
|
|
|
2017-09-06 22:47:52 +05:30
|
|
|
public $totp;
|
2018-04-18 02:17:25 +05:30
|
|
|
|
2016-05-30 05:14:17 +05:30
|
|
|
public $rememberMe = false;
|
2016-01-02 19:13:18 +05:30
|
|
|
|
2017-09-06 22:47:52 +05:30
|
|
|
public function rules(): array {
|
2016-01-02 19:13:18 +05:30
|
|
|
return [
|
2016-06-17 02:02:23 +05:30
|
|
|
['login', 'required', 'message' => E::LOGIN_REQUIRED],
|
2016-01-15 14:51:27 +05:30
|
|
|
['login', 'validateLogin'],
|
|
|
|
|
2019-08-01 14:47:12 +05:30
|
|
|
['password', 'required', 'when' => function(self $model): bool {
|
2016-01-15 14:51:27 +05:30
|
|
|
return !$model->hasErrors();
|
2016-06-17 02:02:23 +05:30
|
|
|
}, 'message' => E::PASSWORD_REQUIRED],
|
2016-01-02 19:13:18 +05:30
|
|
|
['password', 'validatePassword'],
|
2016-01-15 14:51:27 +05:30
|
|
|
|
2019-08-01 14:47:12 +05:30
|
|
|
['totp', 'required', 'when' => function(self $model): bool {
|
2017-01-23 16:52:20 +05:30
|
|
|
return !$model->hasErrors() && $model->getAccount()->is_otp_enabled;
|
2017-09-06 22:47:52 +05:30
|
|
|
}, 'message' => E::TOTP_REQUIRED],
|
|
|
|
['totp', 'validateTotp'],
|
2017-01-23 16:52:20 +05:30
|
|
|
|
2016-02-28 03:20:49 +05:30
|
|
|
['login', 'validateActivity'],
|
|
|
|
|
2016-01-15 14:51:27 +05:30
|
|
|
['rememberMe', 'boolean'],
|
2016-01-02 19:13:18 +05:30
|
|
|
];
|
|
|
|
}
|
|
|
|
|
2019-07-26 19:34:57 +05:30
|
|
|
public function validateLogin(string $attribute): void {
|
|
|
|
if (!$this->hasErrors() && $this->getAccount() === null) {
|
|
|
|
$this->addError($attribute, E::LOGIN_NOT_EXIST);
|
2016-01-15 14:51:27 +05:30
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-07-26 19:34:57 +05:30
|
|
|
public function validatePassword(string $attribute): void {
|
2016-01-15 14:51:27 +05:30
|
|
|
if (!$this->hasErrors()) {
|
|
|
|
$account = $this->getAccount();
|
2016-05-30 05:14:17 +05:30
|
|
|
if ($account === null || !$account->validatePassword($this->password)) {
|
2016-06-17 02:02:23 +05:30
|
|
|
$this->addError($attribute, E::PASSWORD_INCORRECT);
|
2016-01-02 19:13:18 +05:30
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-07-26 19:34:57 +05:30
|
|
|
public function validateTotp(string $attribute): void {
|
2017-01-23 16:52:20 +05:30
|
|
|
if ($this->hasErrors()) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2019-07-26 19:34:57 +05:30
|
|
|
/** @var Account $account */
|
2017-01-23 16:52:20 +05:30
|
|
|
$account = $this->getAccount();
|
|
|
|
if (!$account->is_otp_enabled) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
$validator = new TotpValidator(['account' => $account]);
|
2017-02-22 03:50:43 +05:30
|
|
|
$validator->window = 1;
|
2017-01-24 02:20:13 +05:30
|
|
|
$validator->validateAttribute($this, $attribute);
|
2017-01-23 16:52:20 +05:30
|
|
|
}
|
|
|
|
|
2019-07-26 19:34:57 +05:30
|
|
|
public function validateActivity(string $attribute): void {
|
2016-02-28 03:20:49 +05:30
|
|
|
if (!$this->hasErrors()) {
|
2019-07-26 19:34:57 +05:30
|
|
|
/** @var Account $account */
|
2016-02-28 03:20:49 +05:30
|
|
|
$account = $this->getAccount();
|
2016-08-22 02:39:14 +05:30
|
|
|
if ($account->status === Account::STATUS_BANNED) {
|
|
|
|
$this->addError($attribute, E::ACCOUNT_BANNED);
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($account->status === Account::STATUS_REGISTERED) {
|
2016-06-17 02:02:23 +05:30
|
|
|
$this->addError($attribute, E::ACCOUNT_NOT_ACTIVATED);
|
2016-02-28 03:20:49 +05:30
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-09-19 22:36:16 +05:30
|
|
|
public function getLogin(): string {
|
2016-05-11 01:10:06 +05:30
|
|
|
return $this->login;
|
|
|
|
}
|
|
|
|
|
2016-01-02 19:13:18 +05:30
|
|
|
/**
|
2017-11-19 21:02:51 +05:30
|
|
|
* @CollectModelMetrics(prefix="authentication.login")
|
2016-01-02 19:13:18 +05:30
|
|
|
*/
|
2019-08-01 14:47:12 +05:30
|
|
|
public function login(): ?AuthenticationResult {
|
2016-01-15 14:51:27 +05:30
|
|
|
if (!$this->validate()) {
|
2019-08-01 14:47:12 +05:30
|
|
|
return null;
|
2016-01-02 19:13:18 +05:30
|
|
|
}
|
2016-01-15 14:51:27 +05:30
|
|
|
|
2019-07-26 19:34:57 +05:30
|
|
|
$transaction = Yii::$app->db->beginTransaction();
|
|
|
|
|
|
|
|
/** @var Account $account */
|
2016-05-24 01:12:50 +05:30
|
|
|
$account = $this->getAccount();
|
2016-11-02 02:34:10 +05:30
|
|
|
if ($account->password_hash_strategy !== Account::PASS_HASH_STRATEGY_YII2) {
|
2016-05-24 01:12:50 +05:30
|
|
|
$account->setPassword($this->password);
|
2019-07-26 19:34:57 +05:30
|
|
|
Assert::true($account->save(), 'Unable to upgrade user\'s password');
|
2016-05-24 01:12:50 +05:30
|
|
|
}
|
|
|
|
|
2019-08-01 22:28:18 +05:30
|
|
|
$session = null;
|
2019-07-26 19:34:57 +05:30
|
|
|
if ($this->rememberMe) {
|
|
|
|
$session = new AccountSession();
|
|
|
|
$session->account_id = $account->id;
|
|
|
|
$session->setIp(Yii::$app->request->userIP);
|
|
|
|
$session->generateRefreshToken();
|
|
|
|
Assert::true($session->save(), 'Cannot save account session model');
|
|
|
|
}
|
|
|
|
|
2019-12-04 23:40:15 +05:30
|
|
|
$token = Yii::$app->tokensFactory->createForWebAccount($account, $session);
|
2019-07-26 19:34:57 +05:30
|
|
|
|
|
|
|
$transaction->commit();
|
|
|
|
|
2019-08-01 22:28:18 +05:30
|
|
|
return new AuthenticationResult($token, $session ? $session->refresh_token : null);
|
2016-01-02 19:13:18 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
}
|