mirror of
https://github.com/elyby/accounts.git
synced 2025-05-31 14:11:46 +05:30
api
aop
components
config
controllers
filters
models
modules
accounts
authserver
controllers
exceptions
models
AuthenticateData.php
AuthenticationForm.php
InvalidateForm.php
RefreshTokenForm.php
SignoutForm.php
ValidateForm.php
validators
Module.php
internal
mojang
oauth
session
rbac
request
runtime
tests
validators
codeception.dist.yml
index.php
common
console
data
docker
patches
.dockerignore
.env.dist
.gitattributes
.gitignore
.gitlab-ci.yml
.php_cs.dist
Dockerfile
LICENSE
README.md
autocompletion.php
codeception.dist.yml
composer.json
composer.lock
docker-compose.dist.yml
yii
61 lines
1.7 KiB
PHP
61 lines
1.7 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
|
|
namespace api\modules\authserver\models;
|
|
|
|
use api\models\authentication\LoginForm;
|
|
use api\models\base\ApiForm;
|
|
use api\modules\authserver\exceptions\ForbiddenOperationException;
|
|
use api\modules\authserver\validators\RequiredValidator;
|
|
use common\helpers\Error as E;
|
|
|
|
class SignoutForm extends ApiForm {
|
|
|
|
/**
|
|
* @var string
|
|
*/
|
|
public $username;
|
|
|
|
/**
|
|
* @var string
|
|
*/
|
|
public $password;
|
|
|
|
public function rules(): array {
|
|
return [
|
|
[['username', 'password'], RequiredValidator::class],
|
|
];
|
|
}
|
|
|
|
/**
|
|
* @return bool
|
|
* @throws ForbiddenOperationException
|
|
* @throws \api\modules\authserver\exceptions\IllegalArgumentException
|
|
*/
|
|
public function signout(): bool {
|
|
$this->validate();
|
|
|
|
$loginForm = new LoginForm();
|
|
$loginForm->login = $this->username;
|
|
$loginForm->password = $this->password;
|
|
if (!$loginForm->validate()) {
|
|
$errors = $loginForm->getFirstErrors();
|
|
if (isset($errors['login']) && $errors['login'] === E::ACCOUNT_BANNED) {
|
|
// We believe that a blocked one can get out painlessly
|
|
return true;
|
|
}
|
|
|
|
// The previous authorization server implementation used the nickname field instead of username,
|
|
// so we keep such behavior
|
|
$attribute = strpos($this->username, '@') === false ? 'nickname' : 'email';
|
|
|
|
throw new ForbiddenOperationException("Invalid credentials. Invalid {$attribute} or password.");
|
|
}
|
|
|
|
// We're unable to invalidate access tokens because they aren't stored in our database
|
|
|
|
return true;
|
|
}
|
|
|
|
}
|