|
1
|
|
|
<?php |
|
2
|
|
|
declare(strict_types=1); |
|
3
|
|
|
/** |
|
4
|
|
|
* Caridea |
|
5
|
|
|
* |
|
6
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License"); you may not |
|
7
|
|
|
* use this file except in compliance with the License. You may obtain a copy of |
|
8
|
|
|
* the License at |
|
9
|
|
|
* |
|
10
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0 |
|
11
|
|
|
* |
|
12
|
|
|
* Unless required by applicable law or agreed to in writing, software |
|
13
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
|
14
|
|
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
|
15
|
|
|
* License for the specific language governing permissions and limitations under |
|
16
|
|
|
* the License. |
|
17
|
|
|
* |
|
18
|
|
|
* @copyright 2015-2018 LibreWorks contributors |
|
19
|
|
|
* @license Apache-2.0 |
|
20
|
|
|
*/ |
|
21
|
|
|
namespace Caridea\Auth\Adapter; |
|
22
|
|
|
|
|
23
|
|
|
use \Psr\Http\Message\ServerRequestInterface; |
|
24
|
|
|
|
|
25
|
|
|
/** |
|
26
|
|
|
* MongoDB (new driver) authentication adapter. |
|
27
|
|
|
* |
|
28
|
|
|
* @copyright 2015-2018 LibreWorks contributors |
|
29
|
|
|
* @license Apache-2.0 |
|
30
|
|
|
*/ |
|
31
|
|
|
class MongoDb extends AbstractAdapter |
|
32
|
|
|
{ |
|
33
|
|
|
/** |
|
34
|
|
|
* @var \MongoDB\Driver\Manager |
|
35
|
|
|
*/ |
|
36
|
|
|
protected $manager; |
|
37
|
|
|
/** |
|
38
|
|
|
* @var string |
|
39
|
|
|
*/ |
|
40
|
|
|
protected $collection; |
|
41
|
|
|
/** |
|
42
|
|
|
* @var \MongoDB\Driver\ReadPreference |
|
43
|
|
|
*/ |
|
44
|
|
|
protected $rp; |
|
45
|
|
|
/** |
|
46
|
|
|
* @var string The document field containing the username |
|
47
|
|
|
*/ |
|
48
|
|
|
protected $fieldUser; |
|
49
|
|
|
/** |
|
50
|
|
|
* @var string The document field containing the password |
|
51
|
|
|
*/ |
|
52
|
|
|
protected $fieldPass; |
|
53
|
|
|
/** |
|
54
|
|
|
* @var array Associative array to use to limit user accounts |
|
55
|
|
|
*/ |
|
56
|
|
|
protected $query = []; |
|
57
|
|
|
|
|
58
|
|
|
/** |
|
59
|
|
|
* Creates a new MongoDB authentication adapter. |
|
60
|
|
|
* |
|
61
|
|
|
* @param \MongoDB\Driver\Manager $manager The manager |
|
62
|
|
|
* @param string $collection The collection name (e.g. "mydb.emails") |
|
63
|
|
|
* @param string $fieldUser The document field containing the username |
|
64
|
|
|
* @param string $fieldPass The document field containing the hashed password |
|
65
|
|
|
* @param array $query Optional associative array to use to limit user accounts |
|
66
|
|
|
* @param \MongoDB\Driver\ReadPreference $rp Optional read preference |
|
67
|
|
|
*/ |
|
68
|
5 |
|
public function __construct(\MongoDB\Driver\Manager $manager, string $collection, string $fieldUser, string $fieldPass, array $query = [], \MongoDB\Driver\ReadPreference $rp = null) |
|
69
|
|
|
{ |
|
70
|
5 |
|
$this->manager = $manager; |
|
71
|
5 |
|
$this->collection = $this->checkBlank($collection, "collection"); |
|
72
|
5 |
|
$this->fieldUser = $this->checkBlank($fieldUser, "username"); |
|
73
|
5 |
|
$this->fieldPass = $this->checkBlank($fieldPass, "password"); |
|
74
|
5 |
|
$this->query = $query; |
|
75
|
5 |
|
$this->rp = $rp; |
|
76
|
5 |
|
} |
|
77
|
|
|
|
|
78
|
|
|
/** |
|
79
|
|
|
* Authenticates the current principal using the provided credentials. |
|
80
|
|
|
* |
|
81
|
|
|
* This method expects two request body values to be available. These are |
|
82
|
|
|
* `username` and `password`, as provided by the authenticating user. |
|
83
|
|
|
* |
|
84
|
|
|
* The principal details will include `ip` (remote IP address), `ua` (remote |
|
85
|
|
|
* User Agent), and `ip` (MongoDB document `_id` field for user record). |
|
86
|
|
|
* |
|
87
|
|
|
* @param ServerRequestInterface $request The Server Request message containing credentials |
|
88
|
|
|
* @return \Caridea\Auth\Principal An authenticated principal |
|
89
|
|
|
* @throws \Caridea\Auth\Exception\MissingCredentials If the username or password is empty |
|
90
|
|
|
* @throws \Caridea\Auth\Exception\UsernameNotFound if the provided username wasn't found |
|
91
|
|
|
* @throws \Caridea\Auth\Exception\UsernameAmbiguous if the provided username matches multiple accounts |
|
92
|
|
|
* @throws \Caridea\Auth\Exception\InvalidPassword if the provided password is invalid |
|
93
|
|
|
* @throws \Caridea\Auth\Exception\ConnectionFailed if a MongoDB error is encountered |
|
94
|
|
|
*/ |
|
95
|
5 |
|
public function login(ServerRequestInterface $request): \Caridea\Auth\Principal |
|
96
|
|
|
{ |
|
97
|
5 |
|
$post = (array) $request->getParsedBody(); |
|
98
|
5 |
|
$username = $this->ensure($post, 'username'); |
|
99
|
|
|
try { |
|
100
|
5 |
|
$results = $this->getResults($username, $request); |
|
101
|
4 |
|
$doc = $this->fetchResult($results, $username); |
|
102
|
2 |
|
$this->verify($this->ensure($post, 'password'), $doc->{$this->fieldPass}); |
|
103
|
1 |
|
return \Caridea\Auth\Principal::get( |
|
104
|
1 |
|
$username, |
|
105
|
1 |
|
$this->details($request, ['id' => (string) $doc->_id]) |
|
106
|
|
|
); |
|
107
|
4 |
|
} catch (\MongoDB\Driver\Exception\Exception $e) { |
|
|
|
|
|
|
108
|
1 |
|
throw new \Caridea\Auth\Exception\ConnectionFailed($e); |
|
109
|
|
|
} |
|
110
|
|
|
} |
|
111
|
|
|
|
|
112
|
|
|
/** |
|
113
|
|
|
* Queries the MongoDB collection. |
|
114
|
|
|
* |
|
115
|
|
|
* @param string $username The username to use for parameter binding |
|
116
|
|
|
* @param ServerRequestInterface $request The Server Request message (to use for additional parameter binding) |
|
117
|
|
|
* @return \MongoDB\Driver\Cursor The results cursor |
|
118
|
|
|
*/ |
|
119
|
5 |
|
protected function getResults(string $username, ServerRequestInterface $request): \MongoDB\Driver\Cursor |
|
|
|
|
|
|
120
|
|
|
{ |
|
121
|
5 |
|
$q = new \MongoDB\Driver\Query( |
|
122
|
5 |
|
array_merge($this->query, [($this->fieldUser) => $username]), |
|
123
|
5 |
|
['projection' => [($this->fieldUser) => true, ($this->fieldPass) => true]] |
|
124
|
|
|
); |
|
125
|
5 |
|
return $this->manager->executeQuery($this->collection, $q, $this->rp); |
|
126
|
|
|
} |
|
127
|
|
|
|
|
128
|
|
|
/** |
|
129
|
|
|
* Fetches a single result from the Mongo Cursor. |
|
130
|
|
|
* |
|
131
|
|
|
* @param \MongoCursor $results The results |
|
132
|
|
|
* @param string $username The attempted username (for Exception purposes) |
|
133
|
|
|
* @return \stdClass A single MongoDB document |
|
134
|
|
|
* @throws \Caridea\Auth\Exception\UsernameAmbiguous If there is more than 1 result |
|
135
|
|
|
* @throws \Caridea\Auth\Exception\UsernameNotFound If there are 0 results |
|
136
|
|
|
*/ |
|
137
|
4 |
|
protected function fetchResult(\MongoDB\Driver\Cursor $results, string $username): \stdClass |
|
138
|
|
|
{ |
|
139
|
4 |
|
$values = $results->toArray(); |
|
140
|
4 |
|
if (count($values) > 1) { |
|
141
|
1 |
|
throw new \Caridea\Auth\Exception\UsernameAmbiguous($username); |
|
142
|
3 |
|
} elseif (count($values) == 0) { |
|
143
|
1 |
|
throw new \Caridea\Auth\Exception\UsernameNotFound($username); |
|
144
|
|
|
} |
|
145
|
2 |
|
return current($values); |
|
146
|
|
|
} |
|
147
|
|
|
} |
|
148
|
|
|
|
libreworks /
caridea-auth
Loading history...
Scrutinizer analyzes your
composer.json/composer.lockfile if available to determine the classes, and functions that are defined by your dependencies.It seems like the listed class was neither found in your dependencies, nor was it found in the analyzed files in your repository. If you are using some other form of dependency management, you might want to disable this analysis.