|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
/** |
|
4
|
|
|
* CakePHP(tm) : Rapid Development Framework (https://cakephp.org) |
|
5
|
|
|
* Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) |
|
6
|
|
|
* |
|
7
|
|
|
* Licensed under The MIT License |
|
8
|
|
|
* For full copyright and license information, please see the LICENSE.txt |
|
9
|
|
|
* Redistributions of files must retain the above copyright notice. |
|
10
|
|
|
* |
|
11
|
|
|
* @copyright Copyright (c) Cake Software Foundation, Inc. (https://cakefoundation.org) |
|
12
|
|
|
* @link https://cakephp.org CakePHP(tm) Project |
|
13
|
|
|
* @since 1.0.0 |
|
14
|
|
|
* @license https://opensource.org/licenses/mit-license.php MIT License |
|
15
|
|
|
*/ |
|
16
|
|
|
|
|
17
|
|
|
declare(strict_types=1); |
|
18
|
|
|
|
|
19
|
|
|
namespace Phauthentic\Authentication\Authenticator; |
|
20
|
|
|
|
|
21
|
|
|
use Phauthentic\Authentication\Identifier\IdentifierInterface; |
|
22
|
|
|
use Phauthentic\Authentication\UrlChecker\UrlCheckerInterface; |
|
23
|
|
|
use Psr\Http\Message\ServerRequestInterface; |
|
24
|
|
|
|
|
25
|
|
|
/** |
|
26
|
|
|
* Form Authenticator |
|
27
|
|
|
* |
|
28
|
|
|
* Authenticates an identity based on the POST data of the request. |
|
29
|
|
|
*/ |
|
30
|
|
|
class FormAuthenticator extends AbstractAuthenticator |
|
31
|
|
|
{ |
|
32
|
|
|
use CredentialFieldsTrait; |
|
33
|
|
|
use UrlAwareTrait; |
|
34
|
|
|
|
|
35
|
|
|
/** |
|
36
|
80 |
|
* {@inheritDoc} |
|
37
|
|
|
*/ |
|
38
|
|
|
public function __construct( |
|
39
|
|
|
IdentifierInterface $identifier, |
|
40
|
80 |
|
UrlCheckerInterface $urlChecker |
|
41
|
80 |
|
) { |
|
42
|
80 |
|
parent::__construct($identifier); |
|
43
|
|
|
$this->urlChecker = $urlChecker; |
|
44
|
|
|
} |
|
45
|
|
|
|
|
46
|
|
|
/** |
|
47
|
|
|
* Checks the fields to ensure they are supplied. |
|
48
|
|
|
* |
|
49
|
|
|
* @param \Psr\Http\Message\ServerRequestInterface $request The request that contains login information. |
|
50
|
56 |
|
* @return array<string, string>|null Username and password retrieved from a request body. |
|
51
|
|
|
*/ |
|
52
|
56 |
|
protected function getData(ServerRequestInterface $request): ?array |
|
53
|
|
|
{ |
|
54
|
56 |
|
$body = (array)$request->getParsedBody(); |
|
55
|
56 |
|
|
|
56
|
56 |
|
$data = []; |
|
57
|
8 |
|
foreach ($this->credentialFields as $key => $field) { |
|
58
|
|
|
if (!isset($body[$field])) { |
|
59
|
|
|
return null; |
|
60
|
48 |
|
} |
|
61
|
48 |
|
|
|
62
|
4 |
|
$value = $body[$field]; |
|
63
|
|
|
if (!is_string($value) || $value === '') { |
|
64
|
|
|
return null; |
|
65
|
44 |
|
} |
|
66
|
|
|
|
|
67
|
|
|
$data[$key] = $value; |
|
68
|
44 |
|
} |
|
69
|
|
|
|
|
70
|
|
|
return $data; |
|
71
|
|
|
} |
|
72
|
|
|
|
|
73
|
|
|
/** |
|
74
|
|
|
* Prepares the error object for a login URL error |
|
75
|
|
|
* |
|
76
|
|
|
* @param \Psr\Http\Message\ServerRequestInterface $request The request that contains login information. |
|
77
|
12 |
|
* @return \Phauthentic\Authentication\Authenticator\ResultInterface |
|
78
|
|
|
*/ |
|
79
|
|
|
protected function buildLoginUrlErrorResult($request): ResultInterface |
|
80
|
12 |
|
{ |
|
81
|
12 |
|
$errors = [ |
|
82
|
12 |
|
sprintf( |
|
83
|
12 |
|
'Login URL `%s` did not match `%s`.', |
|
84
|
|
|
(string)$request->getUri(), |
|
85
|
|
|
implode('` or `', $this->loginUrls) |
|
86
|
|
|
) |
|
87
|
12 |
|
]; |
|
88
|
|
|
|
|
89
|
|
|
return new Result(null, Result::FAILURE_OTHER, $errors); |
|
90
|
|
|
} |
|
91
|
|
|
|
|
92
|
|
|
/** |
|
93
|
|
|
* Authenticates the identity contained in a request. Will use the `config.userModel`, and `config.fields` |
|
94
|
|
|
* to find POST data that is used to find a matching record in the `config.userModel`. Will return false if |
|
95
|
|
|
* there is no post data, either username or password is missing, or if the scope conditions have not been met. |
|
96
|
|
|
* |
|
97
|
|
|
* @param \Psr\Http\Message\ServerRequestInterface $request The request that contains login information. |
|
98
|
68 |
|
* @return \Phauthentic\Authentication\Authenticator\ResultInterface |
|
99
|
|
|
*/ |
|
100
|
68 |
|
public function authenticate(ServerRequestInterface $request): ResultInterface |
|
101
|
12 |
|
{ |
|
102
|
|
|
if (!$this->checkUrl($request)) { |
|
103
|
|
|
return $this->buildLoginUrlErrorResult($request); |
|
104
|
56 |
|
} |
|
105
|
56 |
|
|
|
106
|
12 |
|
$data = $this->getData($request); |
|
107
|
12 |
|
if ($data === null) { |
|
108
|
|
|
return new Result(null, Result::FAILURE_CREDENTIALS_MISSING, [ |
|
109
|
|
|
'Login credentials not found' |
|
110
|
|
|
]); |
|
111
|
44 |
|
} |
|
112
|
|
|
|
|
113
|
44 |
|
$user = $this->identifier->identify($data); |
|
114
|
4 |
|
|
|
115
|
|
|
if (empty($user)) { |
|
116
|
|
|
return new Result(null, Result::FAILURE_IDENTITY_NOT_FOUND, $this->identifier->getErrors()); |
|
117
|
40 |
|
} |
|
118
|
|
|
|
|
119
|
|
|
return new Result($user, Result::SUCCESS); |
|
120
|
|
|
} |
|
121
|
|
|
} |
|
122
|
|
|
|
Phauthentic /
authentication
