/**
* @docs-name Authenticate (Create New Session)
*
* Creates a session. A valid email and password of an existing user must be passed in, and the new session
* (with the session id) will be returned.
*
* ~~~
* Get sessions through email password
* {
* "email": string,
* "password": string
* }
*
* or get one time session to reset password
*
* {
* "email": string,
* "authToken": string
* }
*
* @docs-param session string body required A session object (with email & password or email & authToken filled in)
*
* @throws \Slim\Exception\Stop
*/
function post()
{
$this->model->loadFromExternalSource($this->getApp()->getRequest()->getBody());
if (empty($this->model->email)) {
$this->getApp()->returnError(Errors::$SESSION_EMAIL_REQUIRED);
} else {
/**
* @var $user User
*/
$user = call_user_func($this->userModelClass . '::init', $this->getApp());
$user->findByField('email', $this->model->email);
if (!empty($this->model->password)) {
if ($user->passHash != Identity::passHash($this->model->password, $user->salt)) {
$this->getApp()->returnError(Errors::$PASSWORD_INVALID);
}
} elseif (!empty($this->model->authToken)) {
if ($this->model->authToken != Identity::passHash($user->passHash, $user->lastAccessed->getTimestamp())) {
$this->getApp()->returnError(Errors::$TOKEN_INVALID);
}
} else {
$this->getApp()->returnError(Errors::$SESSION_PASSWORD_TOKEN_REQUIRED);
}
$user->lastAccessed = new \DateTime('now');
$user->save();
$this->model->user = $user;
$this->model->insert();
echo $this->model->outputJSON();
}
}
