softberg /
quantum-php-core
| Total Complexity | 40 |
| Total Lines | 359 |
| Duplicated Lines | 0 % |
| Changes | 2 | ||
| Bugs | 0 | Features | 0 |
Complex classes like AuthTrait often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use AuthTrait, and based on these observations, apply Extract Interface, too.
| 1 | <?php |
||
| 38 | trait AuthTrait |
||
| 39 | { |
||
| 40 | /** |
||
| 41 | * @var Mailer |
||
| 42 | */ |
||
| 43 | protected $mailer; |
||
| 44 | |||
| 45 | /** |
||
| 46 | * @var Hasher |
||
| 47 | */ |
||
| 48 | protected $hasher; |
||
| 49 | |||
| 50 | /** |
||
| 51 | * @var JwtToken |
||
| 52 | */ |
||
| 53 | protected $jwt; |
||
| 54 | |||
| 55 | /** |
||
| 56 | * @var AuthServiceInterface |
||
| 57 | */ |
||
| 58 | protected $authService; |
||
| 59 | |||
| 60 | /** |
||
| 61 | * @var int |
||
| 62 | */ |
||
| 63 | protected $otpLength = 6; |
||
| 64 | |||
| 65 | /** |
||
| 66 | * @var array |
||
| 67 | */ |
||
| 68 | protected $keyFields = []; |
||
| 69 | |||
| 70 | /** |
||
| 71 | * @var array |
||
| 72 | */ |
||
| 73 | protected $visibleFields = []; |
||
| 74 | |||
| 75 | /** |
||
| 76 | * @inheritDoc |
||
| 77 | * @throws ConfigException |
||
| 78 | * @throws DiException |
||
| 79 | * @throws JwtException |
||
| 80 | * @throws ReflectionException |
||
| 81 | * @throws BaseException |
||
| 82 | */ |
||
| 83 | public function check(): bool |
||
| 84 | { |
||
| 85 | return !is_null($this->user()); |
||
|
Bug
introduced
by
|
|||
| 86 | } |
||
| 87 | |||
| 88 | /** |
||
| 89 | * Sign Up |
||
| 90 | * @param array $userData |
||
| 91 | * @param array|null $customData |
||
| 92 | * @return User |
||
| 93 | */ |
||
| 94 | public function signup(array $userData, ?array $customData = null): User |
||
| 95 | { |
||
| 96 | $activationToken = $this->generateToken(); |
||
| 97 | |||
| 98 | $userData[$this->keyFields[AuthKeys::PASSWORD]] = $this->hasher->hash($userData[$this->keyFields[AuthKeys::PASSWORD]]); |
||
| 99 | $userData[$this->keyFields[AuthKeys::ACTIVATION_TOKEN]] = $activationToken; |
||
| 100 | |||
| 101 | $user = $this->authService->add($userData); |
||
| 102 | |||
| 103 | $body = [ |
||
| 104 | 'user' => $user, |
||
| 105 | 'activationToken' => $activationToken, |
||
| 106 | ]; |
||
| 107 | |||
| 108 | if ($customData) { |
||
| 109 | $body = array_merge($body, $customData); |
||
| 110 | } |
||
| 111 | |||
| 112 | $this->mailer->setSubject(t('common.activate_account')); |
||
| 113 | $this->mailer->setTemplate(base_dir() . DS . 'shared' . DS . 'views' . DS . 'email' . DS . 'activate'); |
||
| 114 | |||
| 115 | $this->sendMail($user, $body); |
||
| 116 | |||
| 117 | return $user; |
||
| 118 | } |
||
| 119 | |||
| 120 | /** |
||
| 121 | * Activate |
||
| 122 | * @param string $token |
||
| 123 | */ |
||
| 124 | public function activate(string $token) |
||
| 125 | { |
||
| 126 | $this->authService->update( |
||
| 127 | $this->keyFields[AuthKeys::ACTIVATION_TOKEN], |
||
| 128 | $token, |
||
| 129 | [$this->keyFields[AuthKeys::ACTIVATION_TOKEN] => ''] |
||
| 130 | ); |
||
| 131 | } |
||
| 132 | |||
| 133 | /** |
||
| 134 | * Forget |
||
| 135 | * @param string $username |
||
| 136 | * @return string|null |
||
| 137 | */ |
||
| 138 | public function forget(string $username): ?string |
||
| 139 | { |
||
| 140 | $user = $this->authService->get($this->keyFields[AuthKeys::USERNAME], $username); |
||
| 141 | |||
| 142 | if (!$user) { |
||
| 143 | return null; |
||
| 144 | } |
||
| 145 | |||
| 146 | $resetToken = $this->generateToken(); |
||
| 147 | |||
| 148 | $this->authService->update( |
||
| 149 | $this->keyFields[AuthKeys::USERNAME], |
||
| 150 | $username, |
||
| 151 | [$this->keyFields[AuthKeys::RESET_TOKEN] => $resetToken] |
||
| 152 | ); |
||
| 153 | |||
| 154 | $body = [ |
||
| 155 | 'user' => $user, |
||
| 156 | 'resetToken' => $resetToken, |
||
| 157 | ]; |
||
| 158 | |||
| 159 | $this->mailer->setSubject(t('common.reset_password')); |
||
| 160 | $this->mailer->setTemplate(base_dir() . DS . 'shared' . DS . 'views' . DS . 'email' . DS . 'reset'); |
||
| 161 | |||
| 162 | $this->sendMail($user, $body); |
||
| 163 | |||
| 164 | return $resetToken; |
||
| 165 | } |
||
| 166 | |||
| 167 | /** |
||
| 168 | * Reset |
||
| 169 | * @param string $token |
||
| 170 | * @param string $password |
||
| 171 | */ |
||
| 172 | public function reset(string $token, string $password) |
||
| 173 | { |
||
| 174 | $user = $this->authService->get($this->keyFields[AuthKeys::RESET_TOKEN], $token); |
||
| 175 | |||
| 176 | if ($user) { |
||
| 177 | if (!$this->isActivated($user)) { |
||
| 178 | $this->activate($token); |
||
| 179 | } |
||
| 180 | |||
| 181 | $this->authService->update( |
||
| 182 | $this->keyFields[AuthKeys::RESET_TOKEN], |
||
| 183 | $token, |
||
| 184 | [ |
||
| 185 | $this->keyFields[AuthKeys::PASSWORD] => $this->hasher->hash($password), |
||
| 186 | $this->keyFields[AuthKeys::RESET_TOKEN] => '', |
||
| 187 | ] |
||
| 188 | ); |
||
| 189 | } |
||
| 190 | } |
||
| 191 | |||
| 192 | /** |
||
| 193 | * Resend OTP |
||
| 194 | * @param string $otpToken |
||
| 195 | * @return string |
||
| 196 | * @throws AuthException |
||
| 197 | * @throws Exception |
||
| 198 | */ |
||
| 199 | public function resendOtp(string $otpToken): string |
||
| 200 | { |
||
| 201 | $user = $this->authService->get($this->keyFields[AuthKeys::OTP_TOKEN], $otpToken); |
||
| 202 | |||
| 203 | if (!$user) { |
||
| 204 | throw AuthException::incorrectCredentials(); |
||
| 205 | } |
||
| 206 | |||
| 207 | return $this->twoStepVerification($user); |
||
| 208 | |||
| 209 | } |
||
| 210 | |||
| 211 | /** |
||
| 212 | * Gets the user by username and password |
||
| 213 | * @param string $username |
||
| 214 | * @param string $password |
||
| 215 | * @return User |
||
| 216 | * @throws AuthException |
||
| 217 | */ |
||
| 218 | protected function getUser(string $username, string $password): User |
||
| 219 | { |
||
| 220 | $user = $this->authService->get($this->keyFields[AuthKeys::USERNAME], $username); |
||
| 221 | |||
| 222 | if (!$user) { |
||
| 223 | throw AuthException::incorrectCredentials(); |
||
| 224 | } |
||
| 225 | |||
| 226 | if (!$this->hasher->check($password, $user->getFieldValue($this->keyFields[AuthKeys::PASSWORD]))) { |
||
| 227 | throw AuthException::incorrectCredentials(); |
||
| 228 | } |
||
| 229 | |||
| 230 | if (!$this->isActivated($user)) { |
||
| 231 | throw AuthException::inactiveAccount(); |
||
| 232 | } |
||
| 233 | |||
| 234 | return $user; |
||
| 235 | } |
||
| 236 | |||
| 237 | /** |
||
| 238 | * Two-Step Verification |
||
| 239 | * @param User $user |
||
| 240 | * @return string |
||
| 241 | * @throws Exception |
||
| 242 | */ |
||
| 243 | protected function twoStepVerification(User $user): string |
||
| 274 | } |
||
| 275 | |||
| 276 | /** |
||
| 277 | * Verify and update OTP |
||
| 278 | * @param int $otp |
||
| 279 | * @param string $otpToken |
||
| 280 | * @return User |
||
| 281 | * @throws AuthException |
||
| 282 | * @throws Exception |
||
| 283 | */ |
||
| 284 | protected function verifyAndUpdateOtp(int $otp, string $otpToken): User |
||
| 285 | { |
||
| 286 | $user = $this->authService->get($this->keyFields[AuthKeys::OTP_TOKEN], $otpToken); |
||
| 287 | |||
| 288 | if (!$user || $otp != $user->getFieldValue($this->keyFields[AuthKeys::OTP])) { |
||
| 289 | throw AuthException::incorrectVerificationCode(); |
||
| 290 | } |
||
| 291 | |||
| 292 | if (new DateTime() >= new DateTime($user->getFieldValue($this->keyFields[AuthKeys::OTP_EXPIRY]))) { |
||
| 293 | throw AuthException::verificationCodeExpired(); |
||
| 294 | } |
||
| 295 | |||
| 296 | $this->authService->update( |
||
| 297 | $this->keyFields[AuthKeys::USERNAME], |
||
| 298 | $user->getFieldValue($this->keyFields[AuthKeys::USERNAME]), |
||
| 299 | [ |
||
| 300 | $this->keyFields[AuthKeys::OTP] => null, |
||
| 301 | $this->keyFields[AuthKeys::OTP_EXPIRY] => null, |
||
| 302 | $this->keyFields[AuthKeys::OTP_TOKEN] => null, |
||
| 303 | ] |
||
| 304 | ); |
||
| 305 | |||
| 306 | return $user; |
||
| 307 | } |
||
| 308 | |||
| 309 | /** |
||
| 310 | * Filters and gets the visible fields |
||
| 311 | * @param User $user |
||
| 312 | * @return array |
||
| 313 | */ |
||
| 314 | protected function getVisibleFields(User $user): array |
||
| 315 | { |
||
| 316 | $userData = $user->getData(); |
||
| 317 | |||
| 318 | if (count($this->visibleFields) > 0) { |
||
| 319 | foreach (array_keys($userData) as $field) { |
||
| 320 | if (!in_array($field, $this->visibleFields)) { |
||
| 321 | unset($userData[$field]); |
||
| 322 | } |
||
| 323 | } |
||
| 324 | } |
||
| 325 | |||
| 326 | return $userData; |
||
| 327 | } |
||
| 328 | |||
| 329 | /** |
||
| 330 | * Is user account activated |
||
| 331 | * @param User $user |
||
| 332 | * @return bool |
||
| 333 | */ |
||
| 334 | protected function isActivated(User $user): bool |
||
| 335 | { |
||
| 336 | return in_array($user->getFieldValue($this->keyFields[AuthKeys::ACTIVATION_TOKEN]), [null, '', '0'], true); |
||
| 337 | } |
||
| 338 | |||
| 339 | /** |
||
| 340 | * Generate Token |
||
| 341 | * @param string|null $val |
||
| 342 | * @return string |
||
| 343 | */ |
||
| 344 | protected function generateToken(?string $val = null): string |
||
| 345 | { |
||
| 346 | return base64_encode($this->hasher->hash($val ?: config()->get('app.key'))); |
||
| 347 | } |
||
| 348 | |||
| 349 | /** |
||
| 350 | * Send email |
||
| 351 | * @param User $user |
||
| 352 | * @param array $body |
||
| 353 | */ |
||
| 354 | protected function sendMail(User $user, array $body) |
||
| 355 | { |
||
| 356 | $fullName = ($user->hasField('firstname') && $user->hasField('lastname')) ? $user->getFieldValue('firstname') . ' ' . $user->getFieldValue('lastname') : ''; |
||
| 357 | |||
| 358 | $appEmail = config()->get('app.email') ?: ''; |
||
| 359 | $appName = config()->get('app.name') ?: ''; |
||
| 360 | |||
| 361 | $this->mailer->setFrom($appEmail, $appName) |
||
| 362 | ->setAddress($user->getFieldValue($this->keyFields[AuthKeys::USERNAME]), $fullName) |
||
| 363 | ->setBody($body) |
||
| 364 | ->send(); |
||
| 365 | } |
||
| 366 | |||
| 367 | /** |
||
| 368 | * Verify user schema |
||
| 369 | * @param array $schema |
||
| 370 | * @throws AuthException |
||
| 371 | */ |
||
| 372 | protected function verifySchema(array $schema) |
||
| 373 | { |
||
| 374 | $constants = (new ReflectionClass(AuthKeys::class))->getConstants(); |
||
| 375 | |||
| 376 | foreach ($constants as $constant) { |
||
| 377 | if (!isset($schema[$constant]) || !isset($schema[$constant]['name'])) { |
||
| 378 | throw AuthException::incorrectUserSchema(); |
||
| 379 | } |
||
| 380 | |||
| 381 | $this->keyFields[$constant] = $schema[$constant]['name']; |
||
| 382 | } |
||
| 383 | |||
| 384 | foreach ($schema as $field) { |
||
| 385 | if (isset($field['visible']) && $field['visible']) { |
||
| 386 | $this->visibleFields[] = $field['name']; |
||
| 387 | } |
||
| 388 | } |
||
| 389 | } |
||
| 390 | |||
| 391 | /** |
||
| 392 | * @return bool |
||
| 393 | */ |
||
| 394 | protected function isTwoFactorEnabled(): bool |
||
| 397 | } |
||
| 398 | } |
||
| 399 |
Loading history...
