|
<?php |
|
namespace LdcZfcUserApigility\Authentication\Adapter; |
|
|
|
use ZfcUser\Authentication\Adapter\Db as BaseAdapter; |
|
use Zend\Authentication\Result as AuthenticationResult; |
|
use Zend\Crypt\Password\Bcrypt; |
|
use ZfcUser\Authentication\Adapter\AdapterChainEvent as AuthEvent; |
|
|
|
class Db extends BaseAdapter |
|
{ |
|
|
|
/** |
|
* Called when user id logged out |
|
* @param AuthEvent $e event passed |
|
*/ |
|
public function logout(AuthEvent $e) |
|
{ |
|
$this->getStorage()->clear(); |
|
} |
|
|
|
public function authenticate(AuthEvent $e) |
|
{ |
|
if ($this->isSatisfied()) { |
|
$storage = $this->getStorage()->read(); |
|
$e->setIdentity($storage['identity']) |
|
->setCode(AuthenticationResult::SUCCESS) |
|
->setMessages(array('Authentication successful.')); |
|
return; |
|
} |
|
|
|
$identity = $e->getRequest()->getPost()->get('identity'); |
|
$credential = $e->getRequest()->getPost()->get('credential'); |
|
$credential = $this->preProcessCredential($credential); |
|
$userObject = null; |
|
|
|
// Cycle through the configured identity sources and test each |
|
$fields = $this->getOptions()->getAuthIdentityFields(); |
|
while (!is_object($userObject) && count($fields) > 0) { |
|
$mode = array_shift($fields); |
|
switch ($mode) { |
|
case 'username': |
|
$userObject = $this->getMapper()->findByUsername($identity); |
|
break; |
|
case 'email': |
|
$userObject = $this->getMapper()->findByEmail($identity); |
|
break; |
|
} |
|
} |
|
|
|
if (!$userObject) { |
|
$e->setCode(AuthenticationResult::FAILURE_IDENTITY_NOT_FOUND) |
|
->setMessages(array('A record with the supplied identity could not be found.')); |
|
$this->setSatisfied(false); |
|
return false; |
|
} |
|
|
|
if ($this->getOptions()->getEnableUserState()) { |
|
// Don't allow user to login if state is not in allowed list |
|
if (!in_array($userObject->getState(), $this->getOptions()->getAllowedLoginStates())) { |
|
$e->setCode(AuthenticationResult::FAILURE_UNCATEGORIZED) |
|
->setMessages(array('A record with the supplied identity is not active.')); |
|
$this->setSatisfied(false); |
|
return false; |
|
} |
|
} |
|
|
|
$bcrypt = new Bcrypt(); |
|
$bcrypt->setCost($this->getOptions()->getPasswordCost()); |
|
if (!$bcrypt->verify($credential, $userObject->getPassword())) { |
|
// Password does not match |
|
$e->setCode(AuthenticationResult::FAILURE_CREDENTIAL_INVALID) |
|
->setMessages(array('Supplied credential is invalid.')); |
|
$this->setSatisfied(false); |
|
return false; |
|
} |
|
|
|
// Success! |
|
$e->setIdentity($userObject->getId()); |
|
// Update user's password hash if the cost parameter has changed |
|
$this->updateUserPasswordHash($userObject, $credential, $bcrypt); |
|
$this->setSatisfied(true); |
|
$storage = $this->getStorage()->read(); |
|
$storage['identity'] = $e->getIdentity(); |
|
$this->getStorage()->write($storage); |
|
$e->setCode(AuthenticationResult::SUCCESS) |
|
->setMessages(array('Authentication successful.')); |
|
} |
|
|
|
/** |
|
* Returns the storage handler |
|
* |
|
* Non-persistent storage is used by default unless a different storage adapter has been set. |
|
* |
|
* @return Storage\StorageInterface |
|
*/ |
|
public function getStorage() |
|
{ |
|
if (null === $this->storage) { |
|
$this->setStorage(new \Zend\Authentication\Storage\NonPersistent()); |
|
} |
|
|
|
return $this->storage; |
|
} |
|
} |