public function it_errors_on_invalid_passCode(Token $token)
{
$uuid = Uuid::uuid4();
$passCode = bin2hex(random_bytes(20));
$this->tokenRepository->getByUuid($uuid)->willReturn($token);
$token->getPassCode()->willReturn('nope');
$this->shouldThrow(LoginFailedException::invalidCredentials())->duringGetToken($uuid, $passCode);
}
private function verifyPassword(User $user, string $password)
{
if (!password_verify($password, $user->getPassword())) {
throw LoginFailedException::invalidCredentials();
}
if (password_needs_rehash($user->getPassword(), $this->algorithm, $this->passwordOptions)) {
$user->setPassword(password_hash($password, $this->algorithm, $this->passwordOptions));
$this->userRepository->update($user);
}
}
public function getToken(UuidInterface $uuid, string $passCode) : Token
{
try {
$token = $this->tokenRepository->getByUuid($uuid);
} catch (NoUniqueResultException $exception) {
throw LoginFailedException::invalidToken($exception);
}
if (!hash_equals($token->getPassCode(), $passCode)) {
throw LoginFailedException::invalidCredentials();
}
if ($token->getExpires() < new \DateTimeImmutable()) {
throw LoginFailedException::invalidToken();
}
return $token;
}
public function it_errors_on_invalid_password(User $user)
{
$email = '*****@*****.**';
$password = '******';
$this->userRepository->getByEmailAddress(EmailAddress::get($email))->willReturn($user);
$user->getPassword()->willReturn(password_hash('no.you.shut.up.r2', PASSWORD_BCRYPT, ['cost' => 10]));
$this->shouldThrow(LoginFailedException::invalidCredentials())->duringLogin($email, $password);
}
