Add table to doc util script
- Remove db parameter from several places - Add constructors for document types
This commit is contained in:
@@ -4,13 +4,12 @@ namespace FeedReaderCentral;
|
||||
use BitBadger\Documents\DocumentException;
|
||||
use BitBadger\Documents\Field;
|
||||
use BitBadger\Documents\SQLite\Patch;
|
||||
use SQLite3;
|
||||
|
||||
/**
|
||||
* Security functions
|
||||
*/
|
||||
class Security {
|
||||
|
||||
class Security
|
||||
{
|
||||
/** @var int Run as a single user requiring no password */
|
||||
public const int SINGLE_USER = 0;
|
||||
|
||||
@@ -35,17 +34,16 @@ class Security {
|
||||
* @param User $user The user information retrieved from the database
|
||||
* @param string $password The password provided by the user
|
||||
* @param string|null $returnTo The URL to which the user should be redirected
|
||||
* @param SQLite3 $db The database connection to use to verify the user's credentials
|
||||
* @throws DocumentException if any is encountered
|
||||
*/
|
||||
private static function verifyPassword(User $user, string $password, ?string $returnTo, SQLite3 $db): void
|
||||
private static function verifyPassword(User $user, string $password, ?string $returnTo): void
|
||||
{
|
||||
if (password_verify($password, $user->password)) {
|
||||
if (password_needs_rehash($user->password, self::PW_ALGORITHM)) {
|
||||
Patch::byId(Table::USER, $user->id, ['password' => password_hash($password, self::PW_ALGORITHM)], $db);
|
||||
Patch::byId(Table::USER, $user->id, ['password' => password_hash($password, self::PW_ALGORITHM)]);
|
||||
}
|
||||
$_SESSION[Key::USER_ID] = $user['id'];
|
||||
$_SESSION[Key::USER_EMAIL] = $user['email'];
|
||||
$_SESSION[Key::USER_ID] = $user->id;
|
||||
$_SESSION[Key::USER_EMAIL] = $user->email;
|
||||
frc_redirect($returnTo ?? '/');
|
||||
}
|
||||
}
|
||||
@@ -56,10 +54,9 @@ class Security {
|
||||
* @param string $email The e-mail address for the user (cannot be the single-user mode user)
|
||||
* @param string $password The password provided by the user
|
||||
* @param string|null $returnTo The URL to which the user should be redirected
|
||||
* @param SQLite3 $db The database connection to use to verify the user's credentials
|
||||
* @throws DocumentException If any is encountered
|
||||
*/
|
||||
public static function logOnUser(string $email, string $password, ?string $returnTo, SQLite3 $db): void {
|
||||
public static function logOnUser(string $email, string $password, ?string $returnTo): void {
|
||||
if (SECURITY_MODEL == self::SINGLE_USER_WITH_PASSWORD) {
|
||||
$dbEmail = self::SINGLE_USER_EMAIL;
|
||||
} else {
|
||||
@@ -70,7 +67,7 @@ class Security {
|
||||
$dbEmail = $email;
|
||||
}
|
||||
$user = User::findByEmail($dbEmail);
|
||||
if ($user) self::verifyPassword($user, $password, $returnTo, $db);
|
||||
if ($user) self::verifyPassword($user, $password, $returnTo);
|
||||
add_error('Invalid credentials; log on unsuccessful');
|
||||
}
|
||||
|
||||
@@ -79,40 +76,37 @@ class Security {
|
||||
*
|
||||
* @param string $email The e-mail address of the user whose password should be updated
|
||||
* @param string $password The new password for this user
|
||||
* @param SQLite3 $db The database connection to use in updating the password
|
||||
* @throws DocumentException If any is encountered
|
||||
*/
|
||||
public static function updatePassword(string $email, string $password, SQLite3 $db): void {
|
||||
public static function updatePassword(string $email, string $password): void {
|
||||
Patch::byFields(Table::USER, [Field::EQ('email', $email)],
|
||||
['password' => password_hash($password, self::PW_ALGORITHM)], $db);
|
||||
['password' => password_hash($password, self::PW_ALGORITHM)]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Log on the single user
|
||||
*
|
||||
* @param SQLite3 $db The data connection to use to retrieve the user
|
||||
* @throws DocumentException If any is encountered
|
||||
*/
|
||||
private static function logOnSingleUser(SQLite3 $db): void {
|
||||
private static function logOnSingleUser(): void {
|
||||
$user = User::findByEmail(self::SINGLE_USER_EMAIL);
|
||||
if (!$user) {
|
||||
User::add(self::SINGLE_USER_EMAIL, self::SINGLE_USER_PASSWORD, $db);
|
||||
User::add(self::SINGLE_USER_EMAIL, self::SINGLE_USER_PASSWORD);
|
||||
$user = User::findByEmail(self::SINGLE_USER_EMAIL);
|
||||
}
|
||||
self::verifyPassword($user, self::SINGLE_USER_PASSWORD, $_GET['returnTo'], $db);
|
||||
self::verifyPassword($user, self::SINGLE_USER_PASSWORD, $_GET['returnTo']);
|
||||
}
|
||||
|
||||
/**
|
||||
* Verify that user is logged on
|
||||
*
|
||||
* @param SQLite3 $db The data connection to use if required
|
||||
* @param bool $redirectIfAnonymous Whether to redirect the request if there is no user logged on
|
||||
* @throws DocumentException If any is encountered
|
||||
*/
|
||||
public static function verifyUser(SQLite3 $db, bool $redirectIfAnonymous = true): void {
|
||||
public static function verifyUser(bool $redirectIfAnonymous = true): void {
|
||||
if (key_exists(Key::USER_ID, $_SESSION)) return;
|
||||
|
||||
if (SECURITY_MODEL == self::SINGLE_USER) self::logOnSingleUser($db);
|
||||
if (SECURITY_MODEL == self::SINGLE_USER) self::logOnSingleUser();
|
||||
|
||||
if (SECURITY_MODEL != self::SINGLE_USER_WITH_PASSWORD && SECURITY_MODEL != self::MULTI_USER) {
|
||||
die('Unrecognized security model (' . SECURITY_MODEL . ')');
|
||||
|
||||
Reference in New Issue
Block a user