- WIP on authentication portal

2023-11-03 19:44:46 -04:00 · 2023-11-03 19:44:46 -04:00 · 7769b1a1ca
parent 1559ceb248
commit 7769b1a1ca
15 changed files with 220 additions and 134 deletions
--- a/src/Authorize/AuthorizeMethodInterface.php
+++ b/src/Authorize/AuthorizeMethodInterface.php
@ -7,5 +7,7 @@ use Ulmus\User\Entity\UserInterface;
 interface AuthorizeMethodInterface
 {
-    public function connect(ServerRequestInterface $request) : UserInterface|false;
+    public function connect(ServerRequestInterface $request, UserInterface $user) : UserInterface|false;
    public function catchRequest(ServerRequestInterface $request) : bool;
 }
--- a/src/Authorize/BasicAuthentication.php
+++ b/src/Authorize/BasicAuthentication.php
@ -1,34 +0,0 @@
 <?php
 namespace Ulmus\User\Authorize;
 use Psr\Http\Message\ServerRequestInterface;
 use Ulmus\User\Entity\UserInterface;
 class BasicAuthentication implements AuthorizeMethodInterface
 {
    public function connect(ServerRequestInterface $request): UserInterface|false
    {
        if ( null === $auth = $request->getHeader('Authorization') ) {
            list($method, $userPass) = explode(' ', $auth, 2) + [ null, null ];
            if (! $method ) {
                throw new \InvalidArgumentException("An authentication method must be provided");
            }
            elseif (! $userPass ) {
                throw new \InvalidArgumentException("A base64-encoded 'user:password' value must be provided");
            }
            return false;
        }
        return false;
    }
    protected function basicMethod(string $header) : UserInterface|false
    {
    }
 }
--- a/src/Authorize/HeaderAuthentication.php
+++ b/src/Authorize/HeaderAuthentication.php
@ -0,0 +1,65 @@
 <?php
 namespace Ulmus\User\Authorize;
 use Psr\Http\Message\ServerRequestInterface;
 use Ulmus\User\Common\AuthorizeContentTypeEnum;
 use Ulmus\User\Entity\User;
 use Ulmus\User\Entity\UserInterface;
 use Ulmus\User\Lib\Authenticate;
 class HeaderAuthentication implements AuthorizeMethodInterface
 {
    public function connect(ServerRequestInterface $request, UserInterface $user): UserInterface|false
    {
        if ( null !== ( $auth = $request->getHeaderLine('Authorization') ) ) {
            list($method, $userPass) = explode(' ', $auth, 2) + [ null, null ];
            switch(strtolower(strtolower($method))) {
                case "basic":
                    return $this->basicMethod($userPass);
                default:
                    throw new \InvalidArgumentException("An authentication method must be provided");
            }
        }
        return false;
    }
    protected function basicMethod(string $userPassword) : UserInterface|false
    {
        if ( false === $decoded = base64_decode($userPassword) ) {
            throw new \RuntimeException("Base64 decoding of given username:password failed");
        }
        list($user, $password) = explode(':', $decoded) + [ null, null ];
        if ( empty($user) ) {
            throw new \RuntimeException("A username must be provided");
        }
        elseif ( empty($password) ) {
            throw new \RuntimeException("A password must be provided");
        }
        $authenticate = new Authenticate();
        return false;
    }
    public function catchRequest(ServerRequestInterface $request) : bool
    {
        foreach(array_merge($request->getHeader('Accept'), $request->getHeader('Content-Type')) as $accept) {
            foreach(explode(',', $accept) as $contentType) {
                if ( AuthorizeContentTypeEnum::tryFrom(strtolower($contentType)) ) {
                    return true;
                }
            }
        }
        return false;
    }
 }
--- a/src/Authorize/PostRequestAuthentication.php
+++ b/src/Authorize/PostRequestAuthentication.php
@ -0,0 +1,31 @@
 <?php
 namespace Ulmus\User\Authorize;
 use Psr\Http\Message\ServerRequestInterface;
 use Ulmus\User\Entity\UserInterface;
 use Ulmus\User\Lib\Authenticate;
 class PostRequestAuthentication implements AuthorizeMethodInterface
 {
    public function __construct(
        protected Authenticate $authenticate,
        protected string $fieldUser = "username",
        protected string $postFieldUser = "username",
        protected string $postFieldPassword = "password",
    ) {}
    public function connect(ServerRequestInterface $request, UserInterface $user): UserInterface|false
    {
        $post = $request->getParsedBody();
        return $this->authenticate->authenticate($user::repository(), [ $this->fieldUser => $post[$this->postFieldUser] ], $post[$this->postFieldPassword]);
    }
    public function catchRequest(ServerRequestInterface $request): bool
    {
        $post = $request->getParsedBody();
        return strtoupper( $request->getMethod() ) === "POST" && isset($post[$this->postFieldUser], $post[$this->postFieldPassword]);
    }
 }
--- a/src/Common/AuthorizeContentTypeEnum.php
+++ b/src/Common/AuthorizeContentTypeEnum.php
@ -0,0 +1,10 @@
 <?php
 namespace Ulmus\User\Common;
 enum AuthorizeContentTypeEnum: string
 {
    case ApplicationJson = "application/json";
    case ApplicationLDJson = "application/+json";
    case ApplicationVndApiJson = "application/vnd.api+json";
 }
--- a/src/Common/AuthorizeEnum.php
+++ b/src/Common/AuthorizeEnum.php
@ -1,16 +0,0 @@
 <?php
 namespace Ulmus\User\Common;
 enum AuthorizeEnum : string
 {
    case Basic = "basic";
    case Token = "token";
    #    case Bearer = "bearer";
 #    case Custom = "custom";
 #    case Digest = "digest";
 #    case Key = "key";
 #    case Ntlm = "ntlm";
 #    case Negotiate = "negotiate";
 }
--- a/src/Entity/User.php
+++ b/src/Entity/User.php
@ -2,11 +2,12 @@
 namespace Ulmus\User\Entity;
 use Ulmus\Entity\EntityInterface;
 use Ulmus\Entity\Field\Datetime;
 use Ulmus\Attribute\Property\Field;
-class User {
+abstract class User implements UserInterface {
    #[Field\Id(readonly: true)]
    public int $id;
@ -47,27 +48,27 @@ class User {
    #[Field]
    public string $password;
-    #[Field\UpdatedAt(name: "updated_at")]
+    #[Field\UpdatedAt(name: "updated_at", readonly: true)]
-    public readonly ? Datetime $updatedAt;
+    public ? Datetime $updatedAt;
-    #[Field\CreatedAt(name: "created_at")]
+    #[Field\CreatedAt(name: "created_at", readonly: true)]
-    public readonly Datetime $createdAt;
+    public Datetime $createdAt;
    public bool $logged = false;
    public function __toString() : string
    {
-        return "{$this->firstName} {$this->lastName}";
+        return $this->fullName();
    }
-    public function setPassword($password) : self
+    public function setPassword($password) : static
    {
        $this->password = $password;
        return $this->hashPassword();
    }
-    public function hashPassword(? string $password = null) : self
+    public function hashPassword(? string $password = null) : static
    {
        $this->password = password_hash($password ?: $this->password, PASSWORD_DEFAULT);
@ -79,8 +80,13 @@ class User {
        return password_verify($password, $this->password);
    }
-    public function fullname() : string
+    public function fullName() : string
    {
        return trim( ( $this->firstName ?? "" ) . " " . ( $this->lastName ?? "" ) );
    }
    public function loggedIn(): bool
    {
        return $this->logged;
    }
 }
--- a/src/Entity/UserInterface.php
+++ b/src/Entity/UserInterface.php
@ -2,7 +2,13 @@
 namespace Ulmus\User\Entity;
-interface UserInterface
+use Ulmus\Entity\EntityInterface;
 interface UserInterface extends EntityInterface
 {
    public function __toString() : string;
    public function loggedIn() : bool;
    public function verifyPassword(string $password) : bool;
    public function hashPassword(? string $password = null) : static;
    public function setPassword($password) : static;
 }
--- a/src/Lib/Authenticate.php
+++ b/src/Lib/Authenticate.php
@ -10,27 +10,18 @@ use Ulmus\User\Entity\User;
 use Ulmus\Exception;
 class Authenticate {
    protected ? Session $session;
    protected ? Cookie $cookie;
    protected bool $logged = false;
    protected Closure $authenticationEvent;
    public ? User $user = null;
    public string $connection_fields = 'email';
    public function __construct(
-        ? Session $session = null,
+        protected ? Session $session = null,
-        ? Cookie  $cookie = null,
+        protected ? Cookie  $cookie = null,
        ? Closure $authenticationEvent = null
    ) {
-        $this->session = $session;
+        $this->authenticationEvent = $authenticationEvent ?: fn(bool $authenticated, string $message, ? User $user, array $data = []) : ? bool => null;
        $this->cookie = $cookie;
        $this->authenticationEvent = $authenticationEvent ?: function(bool $authenticated, string $message, ? User $user, array $data = []) : ? bool {return null;} ;
    }
    public function rememberMe(\Ulmus\Repository $repository) : ? User
@ -41,7 +32,7 @@ class Authenticate {
            }
            $user->logged = true;
-            
+
            return $user;
        };
@ -110,9 +101,6 @@ class Authenticate {
        return $this->user;
    }
    /**
     * Force user disconnection and handle memory trashing
     */
    public function logout() : self
    {
        if ( $this->session ) {
@ -123,10 +111,10 @@ class Authenticate {
            $this->cookie->delete('user.id');
        }
-        if (isset($this->user)) {
+        if ( isset($this->user) ) {
            $this->user->logged = false;
        }
        return $this;
    }
-}
+}
--- a/src/Middleware/AuthenticateMiddleware.php
+++ b/src/Middleware/AuthenticateMiddleware.php
@ -1,29 +0,0 @@
 <?php
 namespace Ulmus\User\Middleware;
 use Psr\Http\{
    Message\ResponseInterface,
    Message\ServerRequestInterface,
    Server\MiddlewareInterface,
    Server\RequestHandlerInterface
 };
 use Ulmus\User\Authorize\AuthorizeMethodInterface;
 use Ulmus\User\Common\AuthorizeEnum;
 class AuthorizeMiddleware implements MiddlewareInterface
 {
    public function __construct(
        protected AuthorizeMethodInterface $method,
        protected ResponseInterface $loginFailed,
    ) { }
    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
    {
        if ( false ) {
            return $this->loginFailed;
        }
        return $handler->handle($request);
    }
 }
--- a/src/Middleware/AuthorizeMiddleware.php
+++ b/src/Middleware/AuthorizeMiddleware.php
@ -1,26 +0,0 @@
 <?php
 namespace Ulmus\User\Middleware;
 use Psr\Http\{
    Message\ResponseInterface,
    Message\ServerRequestInterface,
    Server\MiddlewareInterface,
    Server\RequestHandlerInterface
 };
 class AuthorizeMiddleware implements MiddlewareInterface
 {
    public function __construct(
        protected ResponseInterface $loginFailed
    ) { }
    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
    {
        if ( false ) {
            return $this->loginFailed;
        }
        return $handler->handle($request);
    }
 }
--- a/src/Middleware/HeaderAuthenticationMiddleware.php
+++ b/src/Middleware/HeaderAuthenticationMiddleware.php
@ -0,0 +1,36 @@
 <?php
 namespace Ulmus\User\Middleware;
 use Psr\Http\{
    Message\ResponseInterface,
    Message\ServerRequestInterface,
    Server\MiddlewareInterface,
    Server\RequestHandlerInterface
 };
 use Ulmus\User\Entity\UserInterface;
 use Ulmus\User\Authorize\HeaderAuthentication;
 class HeaderAuthenticationMiddleware implements MiddlewareInterface
 {
    protected HeaderAuthentication $authenticator;
    public function __construct(
        protected UserInterface $entity,
        protected \Closure $loginFailedResponse,
        HeaderAuthentication $authenticator = null,
    ) {
        $this->authenticator = $authenticator ?: new HeaderAuthentication();
    }
    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
    {
        if ( $this->authenticator->catchRequest($request) ) {
            if ( ! $this->authenticator->connect($request, $this->entity) ) {
                return call_user_func($this->loginFailedResponse, [ 'api.process' => "Auth failed" ]);
            }
        }
        return $handler->handle($request);
    }
 }
--- a/src/Middleware/PostRequestAuthenticationMiddleware.php
+++ b/src/Middleware/PostRequestAuthenticationMiddleware.php
@ -0,0 +1,37 @@
 <?php
 namespace Ulmus\User\Middleware;
 use Psr\Http\{
    Message\ResponseInterface,
    Message\ServerRequestInterface,
    Server\MiddlewareInterface,
    Server\RequestHandlerInterface
 };
 use Ulmus\User\Entity\UserInterface;
 use Ulmus\User\Authorize\PostRequestAuthentication;
 use Ulmus\User\Lib\Authenticate;
 class PostRequestAuthenticationMiddleware implements MiddlewareInterface
 {
    protected PostRequestAuthentication $authenticator;
    public function __construct(
        protected UserInterface     $entity,
        protected \Closure          $loginFailedResponse,
        PostRequestAuthentication   $authenticator = null,
    ) {
        $this->authenticator = $authenticator ?: new PostRequestAuthentication(new Authenticate());
    }
    public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface
    {
        if ( $this->authenticator->catchRequest($request) ) {
            if ( ! $this->authenticator->connect($request, $this->entity) ) {
                return call_user_func($this->loginFailedResponse, "Login failed");
            }
        }
        return $handler->handle($request);
    }
 }
--- a/src/Role/RoleAnonymousInterface.php
+++ b/src/Role/RoleAnonymousInterface.php
@ -0,0 +1,5 @@
 <?php
 namespace Ulmus\User\Role;
 interface RoleAnonymousInterface {}
--- a/src/Role/RoleIdentifiedInterface.php
+++ b/src/Role/RoleIdentifiedInterface.php
@ -0,0 +1,5 @@
 <?php
 namespace Ulmus\User\Role;
 interface RoleIdentifiedInterface {}