Rewrite of the authentication and authorization system

1 files changed, 125 insertions, 0 deletions

diff --git a/app/Auth/DatabaseAuth.php b/app/Auth/DatabaseAuth.php
new file mode 100644
index 00000000..727afaf3
--- /dev/null
+++ b/app/Auth/DatabaseAuth.php
@@ -0,0 +1,125 @@
+<?php
+
+namespace Kanboard\Auth;
+
+use Kanboard\Core\Base;
+use Kanboard\Core\Security\PasswordAuthenticationProviderInterface;
+use Kanboard\Core\Security\SessionCheckProviderInterface;
+use Kanboard\Model\User;
+use Kanboard\User\DatabaseUserProvider;
+
+/**
+ * Database Authentication Provider
+ *
+ * @package  auth
+ * @author   Frederic Guillot
+ */
+class DatabaseAuth extends Base implements PasswordAuthenticationProviderInterface, SessionCheckProviderInterface
+{
+    /**
+     * User properties
+     *
+     * @access private
+     * @var array
+     */
+    private $userInfo = array();
+
+    /**
+     * Username
+     *
+     * @access private
+     * @var string
+     */
+    private $username = '';
+
+    /**
+     * Password
+     *
+     * @access private
+     * @var string
+     */
+    private $password = '';
+
+    /**
+     * Get authentication provider name
+     *
+     * @access public
+     * @return string
+     */
+    public function getName()
+    {
+        return 'Database';
+    }
+
+    /**
+     * Authenticate the user
+     *
+     * @access public
+     * @return boolean
+     */
+    public function authenticate()
+    {
+        $user = $this->db
+            ->table(User::TABLE)
+            ->columns('id', 'password')
+            ->eq('username', $this->username)
+            ->eq('disable_login_form', 0)
+            ->eq('is_ldap_user', 0)
+            ->findOne();
+
+        if (! empty($user) && password_verify($this->password, $user['password'])) {
+            $this->userInfo = $user;
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * Check if the user session is valid
+     *
+     * @access public
+     * @return boolean
+     */
+    public function isValidSession()
+    {
+        return $this->user->exists($this->userSession->getId());
+    }
+
+    /**
+     * Get user object
+     *
+     * @access public
+     * @return null|\Kanboard\User\DatabaseUserProvider
+     */
+    public function getUser()
+    {
+        if (empty($this->userInfo)) {
+            return null;
+        }
+
+        return new DatabaseUserProvider($this->userInfo);
+    }
+
+    /**
+     * Set username
+     *
+     * @access public
+     * @param  string $username
+     */
+    public function setUsername($username)
+    {
+        $this->username = $username;
+    }
+
+    /**
+     * Set password
+     *
+     * @access public
+     * @param  string $password
+     */
+    public function setPassword($password)
+    {
+        $this->password = $password;
+    }
+}