|
1
|
|
|
<?php |
|
2
|
|
|
namespace Germania\PermanentAuth; |
|
3
|
|
|
|
|
4
|
|
|
use Psr\Log\LoggerInterface; |
|
5
|
|
|
use Psr\Log\NullLogger; |
|
6
|
|
|
|
|
7
|
|
|
/** |
|
8
|
|
|
* This Callable finds on the server-side the user ID for a given selector and token pair. |
|
9
|
|
|
*/ |
|
10
|
|
|
class PdoValidator |
|
11
|
|
|
{ |
|
12
|
|
|
/** |
|
13
|
|
|
* @var LoggerInterface |
|
14
|
|
|
*/ |
|
15
|
|
|
public $logger; |
|
16
|
|
|
|
|
17
|
|
|
|
|
18
|
|
|
/** |
|
19
|
|
|
* @var PDOStatement |
|
20
|
|
|
*/ |
|
21
|
|
|
public $stmt; |
|
22
|
|
|
|
|
23
|
|
|
/** |
|
24
|
|
|
* @var Callable |
|
25
|
|
|
*/ |
|
26
|
|
|
public $verifier; |
|
27
|
|
|
|
|
28
|
|
|
|
|
29
|
|
|
/** |
|
30
|
|
|
* @var string |
|
31
|
|
|
*/ |
|
32
|
|
|
public $table = "auth_logins"; |
|
33
|
|
|
|
|
34
|
|
|
|
|
35
|
|
|
/** |
|
36
|
|
|
* @param \PDO $pdo PDO instance |
|
37
|
|
|
* @param Callable $verifier Token authentication that accepts selector and token |
|
38
|
|
|
* @param LoggerInterface|null $logger Optional: PSR-3 Logger |
|
39
|
|
|
* @param string $table Optional: Custom table name, default: `auth_logins` |
|
40
|
|
|
*/ |
|
41
|
20 |
View Code Duplication |
public function __construct( \PDO $pdo, Callable $verifier, LoggerInterface $logger = null, $table = null) |
|
|
|
|
|
|
42
|
|
|
{ |
|
43
|
20 |
|
$this->verifier = $verifier; |
|
44
|
20 |
|
$this->logger = $logger; |
|
45
|
20 |
|
$this->table = $table ?: $this->table; |
|
46
|
|
|
|
|
47
|
|
|
$sql = "SELECT |
|
48
|
|
|
user_id, |
|
49
|
|
|
token_hash |
|
50
|
20 |
|
FROM {$this->table} |
|
51
|
|
|
WHERE selector = :selector |
|
52
|
|
|
AND valid_until >= NOW() |
|
53
|
4 |
|
LIMIT 1"; |
|
54
|
|
|
|
|
55
|
20 |
|
$this->stmt = $pdo->prepare( $sql ); |
|
|
|
|
|
|
56
|
20 |
|
} |
|
57
|
|
|
|
|
58
|
|
|
|
|
59
|
|
|
/** |
|
60
|
|
|
* Finds the user ID for a matching selector and token pair. |
|
61
|
|
|
* |
|
62
|
|
|
* @param string $selector Login selector |
|
63
|
|
|
* @param string $token Login token |
|
64
|
|
|
* @return mixed User ID or FALSE |
|
65
|
|
|
*/ |
|
66
|
15 |
|
public function __invoke( $selector, $token ) |
|
67
|
|
|
{ |
|
68
|
15 |
|
$this->stmt->execute([ |
|
69
|
12 |
|
'selector' => $selector |
|
70
|
3 |
|
]); |
|
71
|
|
|
|
|
72
|
15 |
|
if (!$row = $this->stmt->fetch( \PDO::FETCH_OBJ )): |
|
73
|
5 |
|
$this->logger->info("No matching row found"); |
|
74
|
5 |
|
return false; |
|
75
|
|
|
else: |
|
76
|
10 |
|
$this->logger->debug("Found row", [ |
|
77
|
10 |
|
'user_id' => $row->user_id |
|
78
|
2 |
|
]); |
|
79
|
|
|
endif; |
|
80
|
|
|
|
|
81
|
10 |
|
$verifier = $this->verifier; |
|
82
|
|
|
|
|
83
|
10 |
|
$result = $verifier($token, $row->token_hash); |
|
84
|
10 |
|
$this->logger->info("Token match: " . ($result ? "YES" : "NO")); |
|
85
|
|
|
|
|
86
|
10 |
|
return $result ? $row->user_id : false; |
|
87
|
|
|
} |
|
88
|
|
|
} |
|
89
|
|
|
|
GermaniaKG /
PermanentAuth
Loading history...
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.