/** * Issue auth token. * * @param Request $request * * @return Response */ public function authenticate(Request $request) { $email = $request->input(self::AUTH_PARAM_EMAIL, null); $password = $request->input(self::AUTH_PARAM_PASSWORD, null); if ($email !== null && $password !== null && ($user = User::query()->where(User::FIELD_EMAIL, '=', strtolower($email))->first()) !== null) { /** @var HasherInterface $hasher */ $hasher = app(HasherInterface::class); if ($hasher->check($password, $user->{User::FIELD_PASSWORD_HASH}) === true) { /** @var TokenCodecInterface $codec */ $codec = app(TokenCodecInterface::class); $token = $codec->encode($user); $this->getLogger()->debug('Account login success.', [User::FIELD_EMAIL => $email, User::FIELD_ID => $user->getKey()]); return response($token); } } $this->getLogger()->debug('Account login failed.', [User::FIELD_EMAIL => $email]); return response(null, Response::HTTP_UNAUTHORIZED); }
/** * @return void */ public function testUpdateByNonOwnerUnauthorized() { $allUsers = User::query()->where(User::FIELD_ID_ROLE, '=', Role::ENUM_ROLE_USER_ID)->get(); $this->assertGreaterThan(2, count($allUsers)); $user1 = $allUsers[0]; $user2 = $allUsers[1]; /** @var Model $post */ $this->assertNotNull($post = $user1->{User::REL_POSTS}->first()); $this->beginDatabaseTransaction(); $idx = $post->getKey(); $body = $this->getUpdateRequestBody($idx); /** @var Response $response */ $response = $this->callPatch($user2, $idx, $body); $this->assertEquals(Response::HTTP_FORBIDDEN, $response->getStatusCode()); }