instances added god may help

This commit is contained in:
2026-02-23 12:58:19 +01:00
parent 25370a1a55
commit 99db252f60
290 changed files with 9858 additions and 4914 deletions

View File

@@ -3,25 +3,35 @@
namespace MintyPHP\Service\Auth;
use MintyPHP\Auth;
use MintyPHP\Session;
use MintyPHP\Repository\User\UserReadRepository;
use MintyPHP\Repository\User\UserWriteRepository;
use MintyPHP\Router;
use MintyPHP\Service\User\UserAccountService;
use MintyPHP\Service\User\UserTenantContextService;
use MintyPHP\Session;
use MintyPHP\Support\Flash;
use MintyPHP\Service\User\UserService;
use MintyPHP\Service\User\UserSavedFilterService;
use MintyPHP\Service\Access\PermissionService;
use MintyPHP\Service\Auth\RememberMeService;
use MintyPHP\Service\Auth\EmailVerificationService;
use MintyPHP\Service\Auth\TenantSsoService;
use MintyPHP\Repository\User\UserRepository;
class AuthService
{
public static function login(string $email, string $password): array
public function __construct(
private readonly UserReadRepository $userReadRepository,
private readonly UserWriteRepository $userWriteRepository,
private readonly UserAccountService $userAccountService,
private readonly UserTenantContextService $userTenantContextService,
private readonly RememberMeService $rememberMeService,
private readonly EmailVerificationService $emailVerificationService,
private readonly AuthPermissionGateway $permissionGateway,
private readonly AuthTenantSsoGateway $tenantSsoGateway,
private readonly AuthSavedFilterGateway $savedFilterGateway
) {
}
public function login(string $email, string $password): array
{
$email = trim($email);
// Check if email is verified before attempting login
$existingUser = UserRepository::findByEmail($email);
$existingUser = $this->userReadRepository->findByEmail($email);
if ($existingUser && empty($existingUser['email_verified_at'])) {
return [
'ok' => false,
@@ -52,7 +62,7 @@ class AuthService
}
$userId = (int) ($_SESSION['user']['id'] ?? 0);
if ($userId > 0 && !self::isLocalPasswordLoginAllowedForUser($userId)) {
if ($userId > 0 && !$this->isLocalPasswordLoginAllowedForUser($userId)) {
Auth::logout();
return [
'ok' => false,
@@ -61,8 +71,8 @@ class AuthService
];
}
if ($userId > 0) {
PermissionService::getUserPermissions($userId, true);
self::loadTenantDataIntoSession($userId);
$this->permissionGateway->warmUserPermissions($userId, true);
$this->loadTenantDataIntoSession($userId);
if (!empty($_SESSION['no_active_tenant'])) {
Auth::logout();
return [
@@ -71,19 +81,19 @@ class AuthService
'flash_key' => 'login_no_active_tenant',
];
}
UserRepository::updateLastLogin($userId, 'local');
$this->userWriteRepository->updateLastLogin($userId, 'local');
}
return ['ok' => true];
}
private static function isLocalPasswordLoginAllowedForUser(int $userId): bool
private function isLocalPasswordLoginAllowedForUser(int $userId): bool
{
if ($userId <= 0) {
return false;
}
$availableTenants = UserService::getAvailableTenants($userId);
$availableTenants = $this->userTenantContextService->getAvailableTenants($userId);
if (!$availableTenants) {
return true;
}
@@ -93,7 +103,7 @@ class AuthService
if ($tenantId <= 0) {
continue;
}
if (TenantSsoService::isLocalPasswordLoginAllowed($tenantId)) {
if ($this->tenantSsoGateway->isLocalPasswordLoginAllowed($tenantId)) {
return true;
}
}
@@ -101,13 +111,13 @@ class AuthService
return false;
}
public static function canLoginToTenant(int $userId, int $tenantId): bool
public function canLoginToTenant(int $userId, int $tenantId): bool
{
if ($userId <= 0 || $tenantId <= 0) {
return false;
}
foreach (UserService::getAvailableTenants($userId) as $tenant) {
foreach ($this->userTenantContextService->getAvailableTenants($userId) as $tenant) {
if ((int) ($tenant['id'] ?? 0) === $tenantId) {
return true;
}
@@ -116,13 +126,13 @@ class AuthService
return false;
}
public static function loginUserById(int $userId, ?int $preferredTenantId = null, string $loginProvider = 'local'): array
public function loginUserById(int $userId, ?int $preferredTenantId = null, string $loginProvider = 'local'): array
{
if ($userId <= 0) {
return ['ok' => false, 'error' => 'user_not_found'];
}
$user = UserRepository::find($userId);
$user = $this->userReadRepository->find($userId);
if (!$user) {
return ['ok' => false, 'error' => 'user_not_found'];
}
@@ -134,31 +144,31 @@ class AuthService
$_SESSION['user'] = $user;
if ($preferredTenantId !== null && $preferredTenantId > 0) {
$setTenant = UserService::setCurrentTenant($userId, $preferredTenantId);
$setTenant = $this->userTenantContextService->setCurrentTenant($userId, $preferredTenantId);
if ($setTenant['ok'] ?? false) {
$_SESSION['user']['current_tenant_id'] = $preferredTenantId;
}
}
PermissionService::getUserPermissions($userId, true);
self::loadTenantDataIntoSession($userId);
$this->permissionGateway->warmUserPermissions($userId, true);
$this->loadTenantDataIntoSession($userId);
if (!empty($_SESSION['no_active_tenant'])) {
Auth::logout();
return ['ok' => false, 'error' => 'login_no_active_tenant'];
}
UserRepository::updateLastLogin($userId, $loginProvider);
$this->userWriteRepository->updateLastLogin($userId, $loginProvider);
return ['ok' => true, 'user' => $user];
}
public static function loginAndRedirect(
public function loginAndRedirect(
string $email,
string $password,
string $successTarget = 'admin',
string $failTarget = 'login',
bool $remember = false
): void {
$result = self::login($email, $password);
$result = $this->login($email, $password);
if (!($result['ok'] ?? false)) {
// Check if user needs to verify email
@@ -177,45 +187,45 @@ class AuthService
if ($remember) {
$userId = (int) ($_SESSION['user']['id'] ?? 0);
if ($userId > 0) {
RememberMeService::rememberUser($userId);
$this->rememberMeService->rememberUser($userId);
}
}
Router::redirect($successTarget);
}
public static function register(array $data): array
public function register(array $data): array
{
$email = trim((string) ($data['email'] ?? ''));
$result = UserService::register($data);
$result = $this->userAccountService->register($data);
if (!($result['ok'] ?? false)) {
return $result;
}
// Get the created user to send verification email
$createdUser = UserRepository::findByEmail($email);
$createdUser = $this->userReadRepository->findByEmail($email);
if ($createdUser && isset($createdUser['id'])) {
$userId = (int) $createdUser['id'];
EmailVerificationService::sendVerification($userId);
$this->emailVerificationService->sendVerification($userId);
}
// Don't login - user needs to verify email first
return ['ok' => true, 'email' => $email, 'needs_verification' => true];
}
public static function logout(): void
public function logout(): void
{
RememberMeService::forgetCurrentUser();
$this->rememberMeService->forgetCurrentUser();
Auth::logout();
}
public static function logoutAndRedirect(string $target = 'login'): void
public function logoutAndRedirect(string $target = 'login'): void
{
RememberMeService::forgetCurrentUser();
$this->rememberMeService->forgetCurrentUser();
Auth::logout();
Router::redirect($target);
}
public static function refreshSessionAuthState(int $userId): array
public function refreshSessionAuthState(int $userId): array
{
if ($userId <= 0) {
return [
@@ -225,7 +235,7 @@ class AuthService
];
}
$snapshot = UserRepository::findAuthzSnapshot($userId);
$snapshot = $this->userReadRepository->findAuthzSnapshot($userId);
if (!$snapshot) {
return [
'ok' => false,
@@ -247,7 +257,7 @@ class AuthService
$refreshed = false;
if ($sessionVersion !== $dbVersion) {
$user = UserRepository::find($userId);
$user = $this->userReadRepository->find($userId);
if (!$user || (int) ($user['active'] ?? 0) !== 1) {
return [
'ok' => false,
@@ -257,8 +267,8 @@ class AuthService
}
$_SESSION['user'] = $user;
PermissionService::getUserPermissions($userId, true);
self::loadTenantDataIntoSession($userId);
$this->permissionGateway->warmUserPermissions($userId, true);
$this->loadTenantDataIntoSession($userId);
$refreshed = true;
}
@@ -278,17 +288,17 @@ class AuthService
];
}
public static function loadTenantDataIntoSession(int $userId): void
public function loadTenantDataIntoSession(int $userId): void
{
if ($userId <= 0) {
return;
}
// Load available tenants first
$availableTenants = UserService::getAvailableTenants($userId);
$availableTenants = $this->userTenantContextService->getAvailableTenants($userId);
$_SESSION['available_tenants'] = $availableTenants;
$_SESSION['available_departments_by_tenant'] = UserService::getAvailableDepartmentsByTenant($userId);
$_SESSION['address_book_saved_filters'] = UserSavedFilterService::listForAddressBook($userId);
$_SESSION['available_departments_by_tenant'] = $this->userTenantContextService->getAvailableDepartmentsByTenant($userId);
$_SESSION['address_book_saved_filters'] = $this->savedFilterGateway->listAddressBookFilters($userId);
if (!$availableTenants) {
$_SESSION['no_active_tenant'] = true;
@@ -298,7 +308,7 @@ class AuthService
$_SESSION['no_active_tenant'] = false;
// Load current tenant (with fallback to first available)
$currentTenant = UserService::getCurrentTenant($userId);
$currentTenant = $this->userTenantContextService->getCurrentTenant($userId);
if (!$currentTenant) {
// Fallback: use first available tenant
$currentTenant = $availableTenants[0];