public function login(array $credential)
{
if (empty($credential['login']) || empty($credential['password'])) {
throw new Exception(__($this->options['hints']['invalid_user_credential']));
}
if (!($user = $this->findUser($credential))) {
throw new Exception(__($this->options['hints']['invalid_user_credential']));
}
if (!$this->hasher->checkHash($credential['password'], $user->getData($this->options['user_fields']['password_field']))) {
throw new Exception(__($this->options['hints']['invalid_password']));
}
if (!empty($credential['remember']) && method_exists($user, 'setRememberToken')) {
$rememberToken = Text::token() . $user->getId();
$user->setRememberToken($rememberToken);
Cookies::set($cookieName = $this->options['remember_login']['cookie_key'], $rememberToken, time() + $this->options['remember_login']['ttl'], null, null, null, true);
Cookies::get($cookieName)->useEncryption(false);
}
$this->setUserAsLoggedIn($user);
return $user;
}
public function login()
{
$email = $this->request->getPost('email');
$passwd = $this->request->getPost('passwd');
$rem_me = $this->request->getPost('rem_me');
$user = User::findFirst([['email' => $email]]);
if ($user) {
$security = new Security();
if ($security->checkHash($passwd, $user->passwd)) {
if (2 == $user->status) {
return '账号未激活,请前往激活';
}
$token = $user->gen_token();
$expire = $rem_me ? time() + 3600 * 24 * 30 : 0;
setcookie('token', $token, $expire, '/', DOMAIN, false, true);
return $user->attrs();
} else {
return '账号或密码错误';
}
}
return '账号或密码错误';
}
public function getUserEntityByUserCredentials($username, $password, $grantType, ClientEntityInterface $clientEntity)
{
$builder = (new Builder())->columns(['User.id', 'User.username', 'User.password'])->addFrom(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\User::class, 'User')->where('User.username = :username:'******'username'))->limit(1);
if ($this->getConfig()->limit_users_to_clients === true) {
$builder->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\UserClient::class, 'UserClient.user_id = User.id', 'UserClient')->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\Client::class, 'Client.id = UserClient.client_id', 'Client')->andWhere('Client.id = :client_id:', ['client_id' => $clientEntity->getIdentifier()]);
}
if ($this->getConfig()->limit_users_to_grants === true) {
$builder->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\UserGrant::class, 'UserGrant.user_id = User.id', 'UserGrant')->innerJoin(\Ivyhjk\OAuth2\Server\Adapter\Phalcon\Model\Grant::class, 'Grant.id = UserGrant.grant_id', 'Grant')->andWhere('Grant.id = :grantType:', compact('grantType'));
}
$query = $builder->getQuery();
$result = $query->getSingleResult();
if (!$result) {
throw OAuthServerException::invalidCredentials();
}
$security = new Security();
if ($security->checkHash($password, $result->password) !== true) {
throw OAuthServerException::invalidCredentials();
}
$user = new UserEntity();
$user->setIdentifier($result->id);
return $user;
}
public function checkHash($password, $passwordHash, $maxPassLength = 0)
{
return parent::checkHash($password, $passwordHash, $maxPassLength);
}
/**
* Verify that password entered will match the hashed password
*
* @param string $rawPassword the user's raw password
* @param string $dbHash the hashed password that was saved
* @return bool
*/
public static function verifyPassword($rawPassword, $dbHash)
{
//todo test this with many randomly generated passwords for vulnerabilities.
$security = new Security();
return $security->checkHash($rawPassword, $dbHash);
}
