Skip to content
Snippets Groups Projects
Normal view Permalink
AuthenticationController.php 2.82 KiB
Newer Older
  • Learn to ignore specific revisions
    • Damien's avatar
    FEAT #7659 Locked tentatives
    Damien committed
    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 
    <?php

/**
 * Copyright Maarch since 2008 under licence GPLv3.
 * See LICENCE.txt file at the root folder for more details.
 * This file is part of Maarch software.
 */

/**
 * @brief Authentication Controller
 *
 * @author dev@maarch.org
 */

namespace SrcCore\controllers;

use SrcCore\models\AuthenticationModel;
use SrcCore\models\PasswordModel;
    Damien's avatar
    [REFACTORING] Authentication  
    Damien committed
    19 
    use SrcCore\models\SecurityModel;
    Damien's avatar
    FEAT #7659 Locked tentatives
    Damien committed
    20 21 22 23 24 
    use SrcCore\models\ValidatorModel;
use User\models\UserModel;

class AuthenticationController
{
    Damien's avatar
    [REFACTORING] Authentication  
    Damien committed
    25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 
        public static function authentication()
    {
        $userId = null;
        if (!empty($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_PW'])) {
            if (AuthenticationModel::authentication(['userId' => $_SERVER['PHP_AUTH_USER'], 'password' => $_SERVER['PHP_AUTH_PW']])) {
                $userId = $_SERVER['PHP_AUTH_USER'];
            }
        } else {
            $cookie = SecurityModel::getCookieAuth();
            if (!empty($cookie) && SecurityModel::cookieAuthentication($cookie)) {
                SecurityModel::setCookieAuth(['userId' => $cookie['userId']]);
                $userId = $cookie['userId'];
            }
        }

        return $userId;
    }
    Damien's avatar
    FEAT #7659 Locked tentatives
    Damien committed
    43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 
        public static function handleFailedAuthentication(array $aArgs)
    {
        ValidatorModel::notEmpty($aArgs, ['userId']);
        ValidatorModel::stringType($aArgs, ['userId']);

        $passwordRules = PasswordModel::getEnabledRules();

        if (!empty($passwordRules['lockAttempts'])) {
            $user = UserModel::getByUserId(['select' => ['failed_authentication', 'locked_until'], 'userId' => $aArgs['userId']]);

            if (!empty($user)) {
                if (!empty($user['locked_until'])) {
                    $lockedDate = new \DateTime($user['locked_until']);
                    $currentDate = new \DateTime();
                    if ($currentDate > $lockedDate) {
                        AuthenticationModel::resetFailedAuthentication(['userId' => $aArgs['userId']]);
                        $user['failed_authentication'] = 0;
                    } else {
    Damien's avatar
    [REFACTORING] Fix after merge request  
    Damien committed
    61 
                            return _ACCOUNT_LOCKED_UNTIL . " {$lockedDate->format('d/m/Y H:i')}";
    Damien's avatar
    FEAT #7659 Locked tentatives
    Damien committed
    62 63 64 65 66 67 68 69 
                        }
                }

                AuthenticationModel::increaseFailedAuthentication(['userId' => $aArgs['userId'], 'tentatives' => $user['failed_authentication'] + 1]);

                if (!empty($user['failed_authentication']) && ($user['failed_authentication'] + 1) >= $passwordRules['lockAttempts'] && !empty($passwordRules['lockTime'])) {
                    $lockedUntil = time() + 60 * $passwordRules['lockTime'];
                    AuthenticationModel::lockUser(['userId' => $aArgs['userId'], 'lockedUntil' => $lockedUntil]);
    Damien's avatar
    [REFACTORING] Fix after merge request  
    Damien committed
    70 
                        return _ACCOUNT_LOCKED_FOR . " {$passwordRules['lockTime']} mn";
    Damien's avatar
    FEAT #7659 Locked tentatives
    Damien committed
    71 72 73 74 75 76 77 
                    }
            }
        }

        return _BAD_LOGIN_OR_PSW;
    }
}