ElyBy-Mirror/accounts
1
0
Fork 0
mirror of https://github.com/elyby/accounts.git synced 2025-05-31 14:11:46 +05:30
Code Issues Packages Projects Releases Wiki Activity

Extract login logics into a separate component. Not quite clean result but enough for upcoming tasks

Browse Source
This commit is contained in:
ErickSkrauch
2025-01-17 21:37:35 +01:00
parent 1c2969a4be
commit be4697e6eb
39 changed files with 443 additions and 729 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
api/modules/authserver/models/SignoutForm.php
View File

@@ -3,23 +3,14 @@ declare(strict_types=1);
namespace api\modules\authserver\models;
use api\models\authentication\LoginForm;
use api\models\base\ApiForm;
use api\modules\authserver\exceptions\ForbiddenOperationException;
use api\modules\authserver\validators\RequiredValidator;
use common\helpers\Error as E;
class SignoutForm extends ApiForm {
final class SignoutForm extends ApiForm {
/**
* @var string
*/
public $username;
public mixed $username = null;
/**
* @var string
*/
public $password;
public mixed $password = null;
public function rules(): array {
return [
@@ -27,32 +18,11 @@ class SignoutForm extends ApiForm {
];
}
/**
* @return bool
* @throws ForbiddenOperationException
* @throws \api\modules\authserver\exceptions\IllegalArgumentException
*/
public function signout(): bool {
$this->validate();
$loginForm = new LoginForm();
$loginForm->login = $this->username;
$loginForm->password = $this->password;
if (!$loginForm->validate()) {
$errors = $loginForm->getFirstErrors();
if (isset($errors['login']) && $errors['login'] === E::ACCOUNT_BANNED) {
// We believe that a blocked one can get out painlessly
return true;
}
// The previous authorization server implementation used the nickname field instead of username,
// so we keep such behavior
$attribute = !str_contains($this->username, '@') ? 'nickname' : 'email';
throw new ForbiddenOperationException("Invalid credentials. Invalid {$attribute} or password.");
}
// We're unable to invalidate access tokens because they aren't stored in our database
// We don't give an error about invalid credentials to eliminate a point through which attackers can brut force passwords.
return true;
}