Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
110 lines (94 sloc) 3.75 KB
<?php
namespace LdcZfcUserOAuth2\Authentication\Adapter;
use ZfcUser\Authentication\Adapter\Db as BaseAdapter;
use Zend\Authentication\Result as AuthenticationResult;
use Zend\Crypt\Password\Bcrypt;
use ZfcUser\Authentication\Adapter\AdapterChainEvent as AuthEvent;
class Db extends BaseAdapter
{
/**
* Called when user id logged out
* @TODO this can be removed on release of ZfcUser 1.2.2
*
* @param AuthEvent $e event passed
*/
public function logout(AuthEvent $e)
{
$this->getStorage()->clear();
}
public function authenticate(AuthEvent $e)
{
if ($this->isSatisfied()) {
$storage = $this->getStorage()->read();
$e->setIdentity($storage['identity'])
->setCode(AuthenticationResult::SUCCESS)
->setMessages(array('Authentication successful.'));
return;
}
$identity = $e->getRequest()->getPost()->get('identity');
$credential = $e->getRequest()->getPost()->get('credential');
$credential = $this->preProcessCredential($credential);
$userObject = null;
// Cycle through the configured identity sources and test each
$fields = $this->getOptions()->getAuthIdentityFields();
while (!is_object($userObject) && count($fields) > 0) {
$mode = array_shift($fields);
switch ($mode) {
case 'username':
$userObject = $this->getMapper()->findByUsername($identity);
break;
case 'email':
$userObject = $this->getMapper()->findByEmail($identity);
break;
}
}
if (!$userObject) {
$e->setCode(AuthenticationResult::FAILURE_IDENTITY_NOT_FOUND)
->setMessages(array('A record with the supplied identity could not be found.'));
$this->setSatisfied(false);
return false;
}
if ($this->getOptions()->getEnableUserState()) {
// Don't allow user to login if state is not in allowed list
if (!in_array($userObject->getState(), $this->getOptions()->getAllowedLoginStates())) {
$e->setCode(AuthenticationResult::FAILURE_UNCATEGORIZED)
->setMessages(array('A record with the supplied identity is not active.'));
$this->setSatisfied(false);
return false;
}
}
$bcrypt = new Bcrypt();
$bcrypt->setCost($this->getOptions()->getPasswordCost());
if (!$bcrypt->verify($credential, $userObject->getPassword())) {
// Password does not match
$e->setCode(AuthenticationResult::FAILURE_CREDENTIAL_INVALID)
->setMessages(array('Supplied credential is invalid.'));
$this->setSatisfied(false);
return false;
}
// Success!
$e->setIdentity($userObject->getId());
// Update user's password hash if the cost parameter has changed
$this->updateUserPasswordHash($userObject, $credential, $bcrypt);
$this->setSatisfied(true);
$storage = $this->getStorage()->read();
$storage['identity'] = $e->getIdentity();
$this->getStorage()->write($storage);
$e->setCode(AuthenticationResult::SUCCESS)
->setMessages(array('Authentication successful.'));
}
/**
* Returns the storage handler
*
* Non-persistent storage is used by default unless a different storage adapter has been set.
*
* @return Storage\StorageInterface
*/
public function getStorage()
{
if (null === $this->storage) {
$this->setStorage(new \Zend\Authentication\Storage\NonPersistent());
}
return parent::getStorage();
}
}