Code Coverage
 
Lines
Functions and Methods
Classes and Traits
Total
100.00% covered (success)
100.00%
54 / 54
100.00% covered (success)
100.00%
6 / 6
 CRAP
100.00% covered (success)
100.00%
1 / 1
UserAuth
100.00% covered (success)
100.00%
54 / 54
100.00% covered (success)
100.00%
6 / 6
 20
100.00% covered (success)
100.00%
1 / 1
 getVerifiedUseraccount
100.00% covered (success)
100.00%
4 / 4
100.00% covered (success)
100.00%
1 / 1
 1
 testPasswordMatching
100.00% covered (success)
100.00%
10 / 10
100.00% covered (success)
100.00%
1 / 1
 3
 getUseraccountByAuthMethod
100.00% covered (success)
100.00%
13 / 13
100.00% covered (success)
100.00%
1 / 1
 4
 testUseraccountExists
100.00% covered (success)
100.00%
8 / 8
100.00% covered (success)
100.00%
1 / 1
 2
 getBasicAuth
100.00% covered (success)
100.00%
14 / 14
100.00% covered (success)
100.00%
1 / 1
 6
 getXAuthKey
100.00% covered (success)
100.00%
5 / 5
100.00% covered (success)
100.00%
1 / 1
 4
1<?php
2
3namespace BO\Zmsapi\Helper;
4
5use BO\Slim\Render;
6use BO\Zmsdb\Useraccount;
7
8class UserAuth
9{
10     /**
11     * Get existing useraccount entity with verified password hash
12     *
13     * @return array $useraccount
14    */
15    public static function getVerifiedUseraccount($entity)
16    {
17        $useraccountQuery = new Useraccount();
18        $useraccount = $useraccountQuery->readEntity($entity->getId())->withVerifiedHash($entity->password);
19        $useraccount = $useraccountQuery->writeUpdatedEntity($useraccount->getId(), $useraccount);
20        return $useraccount;
21    }
22
23    public static function testPasswordMatching($useraccount, $password)
24    {
25        // Do you have old, turbo-legacy, non-crypt hashes?
26        $result = (strpos($useraccount->password, '$') !== 0) ?
27            ($useraccount->password === md5($password)) :
28            password_verify($password, $useraccount->password);
29        if (! $result) {
30            $exception = new \BO\Zmsapi\Exception\Useraccount\InvalidCredentials();
31            $exception->data['password']['messages'] = [
32                'Der Nutzername und das Passwort passen nicht zusammen'
33            ];
34            throw $exception;
35        }
36        return true;
37    }
38
39
40    /**
41     * Get useraccount entity by http basic auth or XAuthKey
42     *
43     * @return array $useraccount
44    */
45    public static function getUseraccountByAuthMethod($request)
46    {
47        $useraccount = null;
48        $basicAuth = static::getBasicAuth($request);
49        $xAuthKey = static::getXAuthKey($request);
50        $useraccountQuery = new Useraccount();
51
52        if ($basicAuth && static::testUseraccountExists($basicAuth['username'])) {
53            $useraccount = $useraccountQuery
54                ->readEntity($basicAuth['username'])
55                ->withVerifiedHash($basicAuth['password']);
56            static::testPasswordMatching($useraccount, $basicAuth['password']);
57            $useraccount = $useraccountQuery->writeUpdatedEntity($useraccount->getId(), $useraccount);
58        } elseif ($xAuthKey) {
59            $useraccount = $useraccountQuery->readEntityByAuthKey($xAuthKey);
60        }
61
62        return $useraccount;
63    }
64
65    /**
66     * Test if useraccount exists in db
67     *
68     * @return exception $exception
69    */
70    public static function testUseraccountExists($loginName, $password = false)
71    {
72        $query = new Useraccount();
73        if (! $query->readIsUserExisting($loginName, $password)) {
74            $exception = new \BO\Zmsapi\Exception\Useraccount\InvalidCredentials();
75            $exception->data['password']['messages'] = [
76                'Der Nutzername oder das Passwort wurden falsch eingegeben'
77            ];
78            throw $exception;
79        }
80        return true;
81    }
82
83    /**
84     * Get Basic Authorization header content.
85     *
86     * @return array $authorization
87     */
88    private static function getBasicAuth($request)
89    {
90        $header = $request->getHeaderLine('Authorization');
91        if (strpos($header, 'Basic') !== 0) {
92            return false;
93        }
94        $header = explode(':', base64_decode(substr($header, 6)), 2);
95        $authorization = [
96            'username' => $header[0],
97            'password' => isset($header[1]) ? $header[1] : null,
98        ];
99        $userInfo = explode(':', $request->getUri()->getUserInfo());
100        $userInfo = [
101            'username' => $userInfo[0],
102            'password' => isset($userInfo[1]) ? $userInfo[1] : null
103        ];
104        return (! $authorization || $authorization['password'] !== $userInfo['password']) ? false : $authorization;
105    }
106
107    /**
108     * Get XAuthKey from header
109     * Falls back to X-AuthKey cookie if header is not present
110     *
111     * @return array $useraccount
112    */
113    private static function getXAuthKey($request)
114    {
115        $xAuthKey = $request->getHeaderLine('X-AuthKey');
116        if (! $xAuthKey) {
117            $cookies = $request->getCookieParams();
118            $xAuthKey = (array_key_exists('X-AuthKey', $cookies)) ? $cookies['X-AuthKey'] : null;
119        }
120        return ($xAuthKey) ? $xAuthKey : false;
121    }
122}