instances added god may help
This commit is contained in:
@@ -1,14 +1,11 @@
|
||||
<?php
|
||||
|
||||
use MintyPHP\Service\Auth\AuthService;
|
||||
use MintyPHP\Service\Auth\RememberMeService;
|
||||
use MintyPHP\Service\Auth\TenantSsoService;
|
||||
use MintyPHP\Service\Security\RateLimiterService;
|
||||
use MintyPHP\Service\Tenant\TenantAvatarService;
|
||||
use MintyPHP\Service\User\UserService;
|
||||
use MintyPHP\Repository\User\UserRepository;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Router;
|
||||
use MintyPHP\Service\Auth\AuthServicesFactory;
|
||||
use MintyPHP\Service\Security\SecurityServicesFactory;
|
||||
use MintyPHP\Service\Tenant\TenantServicesFactory;
|
||||
use MintyPHP\Service\User\UserServicesFactory;
|
||||
use MintyPHP\Session;
|
||||
use MintyPHP\Support\Flash;
|
||||
|
||||
if (!empty($_SESSION['user']['id'])) {
|
||||
@@ -36,6 +33,7 @@ $setRateLimitWarning = static function (int $retryAfterSeconds) use ($setLoginWa
|
||||
header('Retry-After: ' . $retryAfterSeconds);
|
||||
$setLoginWarning(t('Too many login attempts. Please wait and try again.'));
|
||||
};
|
||||
$rateLimiterService = (new SecurityServicesFactory())->createRateLimiterService();
|
||||
|
||||
$loginResolveScope = 'login.resolve.ip';
|
||||
$loginResolveLimit = 25;
|
||||
@@ -46,14 +44,22 @@ $loginPasswordScope = 'login.password.email_ip';
|
||||
$loginPasswordLimit = 5;
|
||||
$loginPasswordWindow = 900;
|
||||
$loginPasswordBlock = 900;
|
||||
$authServicesFactory = new AuthServicesFactory();
|
||||
$authService = $authServicesFactory->createAuthService();
|
||||
$rememberMeService = $authServicesFactory->createRememberMeService();
|
||||
$tenantSsoService = $authServicesFactory->createTenantSsoService();
|
||||
$tenantAvatarService = (new TenantServicesFactory())->createTenantAvatarService();
|
||||
$userServicesFactory = new UserServicesFactory();
|
||||
$userReadRepository = $userServicesFactory->createUserReadRepository();
|
||||
$userTenantContextService = $userServicesFactory->createUserTenantContextService();
|
||||
|
||||
$resolveLoginCandidates = static function (string $inputEmail): array {
|
||||
$resolveLoginCandidates = static function (string $inputEmail) use ($userReadRepository, $userTenantContextService, $tenantSsoService, $tenantAvatarService): array {
|
||||
$emailValue = strtolower(trim($inputEmail));
|
||||
if ($emailValue === '' || !filter_var($emailValue, FILTER_VALIDATE_EMAIL)) {
|
||||
return ['ok' => false];
|
||||
}
|
||||
|
||||
$user = UserRepository::findByEmail($emailValue);
|
||||
$user = $userReadRepository->findByEmail($emailValue);
|
||||
if (!$user || (int) ($user['active'] ?? 0) !== 1) {
|
||||
return ['ok' => false];
|
||||
}
|
||||
@@ -63,7 +69,7 @@ $resolveLoginCandidates = static function (string $inputEmail): array {
|
||||
return ['ok' => false];
|
||||
}
|
||||
|
||||
$tenants = UserService::getAssignedActiveTenants($userId);
|
||||
$tenants = $userTenantContextService->getAssignedActiveTenants($userId);
|
||||
if (!$tenants) {
|
||||
return ['ok' => false];
|
||||
}
|
||||
@@ -75,13 +81,13 @@ $resolveLoginCandidates = static function (string $inputEmail): array {
|
||||
if ($tenantId <= 0) {
|
||||
continue;
|
||||
}
|
||||
$tenantSlug = TenantSsoService::tenantLoginSlug($tenant);
|
||||
$tenantSlug = $tenantSsoService->tenantLoginSlug($tenant);
|
||||
if ($tenantSlug === '') {
|
||||
continue;
|
||||
}
|
||||
$methods = TenantSsoService::resolveTenantLoginMethods($tenantId);
|
||||
$methods = $tenantSsoService->resolveTenantLoginMethods($tenantId);
|
||||
$tenantUuid = (string) ($tenant['uuid'] ?? '');
|
||||
$hasAvatar = $tenantUuid !== '' && TenantAvatarService::hasAvatar($tenantUuid);
|
||||
$hasAvatar = $tenantUuid !== '' && $tenantAvatarService->hasAvatar($tenantUuid);
|
||||
$candidate = [
|
||||
'id' => $tenantId,
|
||||
'uuid' => $tenantUuid,
|
||||
@@ -151,7 +157,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
$stage = 'resolve_email';
|
||||
} else {
|
||||
if ($postedStage === 'resolve_email') {
|
||||
$resolveLimitResult = RateLimiterService::isBlocked($loginResolveScope, $clientIp);
|
||||
$resolveLimitResult = $rateLimiterService->isBlocked($loginResolveScope, $clientIp);
|
||||
if (!($resolveLimitResult['allowed'] ?? true)) {
|
||||
$setRateLimitWarning((int) ($resolveLimitResult['retry_after'] ?? 60));
|
||||
return;
|
||||
@@ -159,11 +165,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
}
|
||||
|
||||
$resolved = $resolveLoginCandidates($email);
|
||||
if (!($resolved['ok'] ?? false)) {
|
||||
if (!$resolved['ok']) {
|
||||
$stage = 'resolve_email';
|
||||
$setLoginWarning(t('We could not continue with these login details'));
|
||||
if ($postedStage === 'resolve_email') {
|
||||
$resolveFailureResult = RateLimiterService::registerFailure(
|
||||
$resolveFailureResult = $rateLimiterService->registerFailure(
|
||||
$loginResolveScope,
|
||||
$clientIp,
|
||||
$loginResolveLimit,
|
||||
@@ -175,9 +181,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
}
|
||||
}
|
||||
} else {
|
||||
$email = (string) ($resolved['email'] ?? '');
|
||||
$tenantCandidates = is_array($resolved['candidates'] ?? null) ? $resolved['candidates'] : [];
|
||||
$tenantCandidateById = is_array($resolved['candidate_by_id'] ?? null) ? $resolved['candidate_by_id'] : [];
|
||||
$email = (string) $resolved['email'];
|
||||
$tenantCandidates = $resolved['candidates'];
|
||||
$tenantCandidateById = $resolved['candidate_by_id'];
|
||||
$postedTenantId = (int) ($_POST['tenant_id'] ?? 0);
|
||||
|
||||
if (in_array($postedStage, ['choose_tenant', 'login_password'], true)
|
||||
@@ -204,10 +210,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
$stage = 'resolve_email';
|
||||
$setLoginWarning(t('We could not continue with these login details'));
|
||||
} else {
|
||||
$selectedTenantMethods = is_array($selectedTenant['methods'] ?? null)
|
||||
? $selectedTenant['methods']
|
||||
: $selectedTenantMethods;
|
||||
$selectedTenantSlug = trim((string) ($selectedTenant['slug'] ?? ''));
|
||||
$selectedTenantMethods = $selectedTenant['methods'];
|
||||
$selectedTenantSlug = trim((string) $selectedTenant['slug']);
|
||||
$isMicrosoftOnlyTenant = empty($selectedTenantMethods['local'])
|
||||
&& !empty($selectedTenantMethods['microsoft'])
|
||||
&& $selectedTenantSlug !== '';
|
||||
@@ -236,7 +240,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
} elseif ($postedStage === 'login_password') {
|
||||
$stage = 'methods';
|
||||
$passwordAttemptKey = strtolower(trim($email)) . '|' . $clientIp;
|
||||
$passwordLimitResult = RateLimiterService::isBlocked($loginPasswordScope, $passwordAttemptKey);
|
||||
$passwordLimitResult = $rateLimiterService->isBlocked($loginPasswordScope, $passwordAttemptKey);
|
||||
if (!($passwordLimitResult['allowed'] ?? true)) {
|
||||
$setRateLimitWarning((int) ($passwordLimitResult['retry_after'] ?? 60));
|
||||
return;
|
||||
@@ -247,7 +251,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
} else {
|
||||
$password = (string) ($_POST['password'] ?? '');
|
||||
$remember = !empty($_POST['remember']);
|
||||
$result = AuthService::login($email, $password);
|
||||
$result = $authService->login($email, $password);
|
||||
if (!($result['ok'] ?? false)) {
|
||||
if (!empty($result['needs_verification'])) {
|
||||
$_SESSION['email_verification_email'] = $result['email'] ?? $email;
|
||||
@@ -256,7 +260,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
return;
|
||||
}
|
||||
$setLoginWarning(t((string) ($result['message'] ?? 'Email/password not valid')));
|
||||
$passwordFailureResult = RateLimiterService::registerFailure(
|
||||
$passwordFailureResult = $rateLimiterService->registerFailure(
|
||||
$loginPasswordScope,
|
||||
$passwordAttemptKey,
|
||||
$loginPasswordLimit,
|
||||
@@ -268,10 +272,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
}
|
||||
} else {
|
||||
$userId = (int) ($_SESSION['user']['id'] ?? 0);
|
||||
if ($userId <= 0 || !AuthService::canLoginToTenant($userId, $selectedTenantId)) {
|
||||
AuthService::logout();
|
||||
if ($userId <= 0 || !$authService->canLoginToTenant($userId, $selectedTenantId)) {
|
||||
$authService->logout();
|
||||
$setLoginWarning(t('No access to this tenant'));
|
||||
$passwordFailureResult = RateLimiterService::registerFailure(
|
||||
$passwordFailureResult = $rateLimiterService->registerFailure(
|
||||
$loginPasswordScope,
|
||||
$passwordAttemptKey,
|
||||
$loginPasswordLimit,
|
||||
@@ -282,11 +286,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
$setRateLimitWarning((int) ($passwordFailureResult['retry_after'] ?? $loginPasswordBlock));
|
||||
}
|
||||
} else {
|
||||
$setTenant = UserService::setCurrentTenant($userId, $selectedTenantId);
|
||||
$setTenant = $userTenantContextService->setCurrentTenant($userId, $selectedTenantId);
|
||||
if (!($setTenant['ok'] ?? false)) {
|
||||
AuthService::logout();
|
||||
$authService->logout();
|
||||
$setLoginWarning(t('No access to this tenant'));
|
||||
$passwordFailureResult = RateLimiterService::registerFailure(
|
||||
$passwordFailureResult = $rateLimiterService->registerFailure(
|
||||
$loginPasswordScope,
|
||||
$passwordAttemptKey,
|
||||
$loginPasswordLimit,
|
||||
@@ -297,10 +301,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
$setRateLimitWarning((int) ($passwordFailureResult['retry_after'] ?? $loginPasswordBlock));
|
||||
}
|
||||
} else {
|
||||
RateLimiterService::reset($loginPasswordScope, $passwordAttemptKey);
|
||||
AuthService::loadTenantDataIntoSession($userId);
|
||||
$rateLimiterService->reset($loginPasswordScope, $passwordAttemptKey);
|
||||
$authService->loadTenantDataIntoSession($userId);
|
||||
if ($remember) {
|
||||
RememberMeService::rememberUser($userId);
|
||||
$rememberMeService->rememberUser($userId);
|
||||
}
|
||||
Router::redirect('admin');
|
||||
return;
|
||||
|
||||
Reference in New Issue
Block a user