Add single-user handling (#9)
- Disallow log on for single-user mode user - Improve CLI header display
This commit is contained in:
@@ -20,6 +20,9 @@ class Security {
|
||||
/** @var string The password for the single user with no password */
|
||||
private const string SINGLE_USER_PASSWORD = 'no-password-required';
|
||||
|
||||
/** @var string The password algorithm to use for our passwords */
|
||||
public const string PW_ALGORITHM = PASSWORD_DEFAULT;
|
||||
|
||||
/**
|
||||
* Find a user by their ID
|
||||
*
|
||||
@@ -27,7 +30,7 @@ class Security {
|
||||
* @param SQLite3 $db The data connection to use to retrieve the user
|
||||
* @return array|false The user information, or null if the user is not found
|
||||
*/
|
||||
private static function findUserByEmail(string $email, SQLite3 $db): array|false {
|
||||
public static function findUserByEmail(string $email, SQLite3 $db): array|false {
|
||||
$query = $db->prepare('SELECT * FROM frc_user WHERE email = :email');
|
||||
$query->bindValue(':email', $email);
|
||||
$result = $query->execute();
|
||||
@@ -44,7 +47,7 @@ class Security {
|
||||
public static function addUser(string $email, string $password, SQLite3 $db): void {
|
||||
$query = $db->prepare('INSERT INTO frc_user (email, password) VALUES (:email, :password)');
|
||||
$query->bindValue(':email', $email);
|
||||
$query->bindValue(':password', password_hash($password, PASSWORD_DEFAULT));
|
||||
$query->bindValue(':password', password_hash($password, self::PW_ALGORITHM));
|
||||
$query->execute();
|
||||
}
|
||||
|
||||
@@ -58,9 +61,9 @@ class Security {
|
||||
*/
|
||||
private static function verifyPassword(array $user, string $password, ?string $returnTo, SQLite3 $db): void {
|
||||
if (password_verify($password, $user['password'])) {
|
||||
if (password_needs_rehash($user['password'], PASSWORD_DEFAULT)) {
|
||||
if (password_needs_rehash($user['password'], self::PW_ALGORITHM)) {
|
||||
$rehash = $db->prepare('UPDATE frc_user SET password = :hash WHERE id = :id');
|
||||
$rehash->bindValue(':hash', password_hash($password, PASSWORD_DEFAULT));
|
||||
$rehash->bindValue(':hash', password_hash($password, self::PW_ALGORITHM));
|
||||
$rehash->bindValue(':id', $user['id']);
|
||||
$rehash->execute();
|
||||
}
|
||||
@@ -73,12 +76,16 @@ class Security {
|
||||
/**
|
||||
* Log on a user with e-mail address and password
|
||||
*
|
||||
* @param string $email The e-mail address for the user
|
||||
* @param string $email The e-mail address for the user (cannot be the single-user mode user)
|
||||
* @param string $password The password provided by the user
|
||||
* @param string|null $returnTo The URL to which the user should be redirected
|
||||
* @param SQLite3 $db The database connection to use to verify the user's credentials
|
||||
*/
|
||||
public static function logOnUser(string $email, string $password, ?string $returnTo, SQLite3 $db): void {
|
||||
if ($email == self::SINGLE_USER_EMAIL) {
|
||||
add_error('Invalid credentials; log on unsuccessful');
|
||||
return;
|
||||
}
|
||||
$user = self::findUserByEmail($email, $db);
|
||||
if ($user) self::verifyPassword($user, $password, $returnTo, $db);
|
||||
add_error('Invalid credentials; log on unsuccessful');
|
||||
@@ -93,7 +100,7 @@ class Security {
|
||||
*/
|
||||
public static function updatePassword(string $email, string $password, SQLite3 $db): void {
|
||||
$query = $db->prepare('UPDATE frc_user SET password = :password WHERE email = :email');
|
||||
$query->bindValue(':password', password_hash($password, PASSWORD_DEFAULT));
|
||||
$query->bindValue(':password', password_hash($password, self::PW_ALGORITHM));
|
||||
$query->bindValue(':email', $email);
|
||||
$query->execute();
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user