Authenticate.php

<?php

namespace Source\UseCases\Users\Authenticate;

use Carbon\Carbon;
use Source\Entities\User;
use Source\Entities\HashedSearchable;
use Source\Gateways\Saml\SamlRepository;
use Source\Gateways\Users\UsersRepository;
use Source\Gateways\Tokens\TokensRepository;
use Source\Exceptions\AuthorizationException;
use Source\Exceptions\AuthenticationException;

class Authenticate implements AuthenticateUseCase
{
    /**
     * @var \Source\Gateways\Users\UsersRepository
     */
    protected UsersRepository $users;

    /**
     * @var \Source\Gateways\Tokens\TokensRepository
     */
    protected TokensRepository $tokens;

    /**
     * @var \Source\Gateways\Saml\SamlRepository
     */
    protected SamlRepository $saml;

    protected string $salt;

    /**
     * @param \Source\Gateways\Users\UsersRepository   $users
     * @param \Source\Gateways\Tokens\TokensRepository $tokens
     * @param \Source\Gateways\Saml\SamlRepository     $saml
     * @param string                                   $salt
     */
    public function __construct(UsersRepository $users, TokensRepository $tokens, SamlRepository $saml, string $salt)
    {
        $this->saml = $saml;
        $this->users = $users;
        $this->tokens = $tokens;
        $this->salt = $salt;
    }

    /**
     * @inheritDoc
     */
    public function attempt(Presenter $presenter, array $credentials): void
    {
        $email = $credentials['email'] ?? null;
        $password = $credentials['password'] ?? null;

        if (!$email || !$password) {
            throw new AuthenticationException();
        }

        $user = $this->users->findByEmail(strtolower($email));

        if (!$user ||
            !$user->getPassword() ||
            !$user->isActiveForDate(Carbon::now()) ||
            !$user->getPassword()->matches($password)) {
            /*
             * We must have found a user, they must be active, and their password must be correct
             */
            throw new AuthenticationException();
        }

        $token = $this->tokens->createLoginToken($user->getId(), $this->salt);

        $response = new ResponseModel($user, $token->getRaw(), $token->getToken());

        $presenter->present($response);
    }

    /**
     * @inheritDoc
     */
    public function handToSaml(array $options = []): string
    {
        return $this->saml->login($options);
    }

    /**
     * @inheritDoc
     */
    public function handleSamlLogin(Presenter $presenter): void
    {
        $samlUser = $this->saml->handleLogin();

        if (!$samlUser) {
            throw new UserCreationException();
        }

        // First check to see if the user exists in the database.
        $user = $this->users->findByEmail($samlUser->getEmail());

        // If the user does not exist, create them.
        if (!$user) {
            $user = $this->users->create(new User(
                0,
                $samlUser->getFirstName(),
                $samlUser->getLastName(),
                $samlUser->getDisplayName(),
                $samlUser->getEmail(),
                $samlUser->getEmplid()
            ));
        } else {
            $user = $this->users->update($user->getId(), new User(
                $user->getId(),
                $samlUser->getFirstName(),
                $samlUser->getLastName(),
                $samlUser->getDisplayName(),
                $samlUser->getEmail(),
                $samlUser->getEmplid(),
                $user->getPassword(),
                $user->getDoorcode(),
                $user->getExpiresAt(),
                $user->getCreatedAt(),
                $user->getUpdatedAt()
            ));
        }

        if (!$user) {
            throw new UserCreationException();
        }

        if (!$user->isActiveForDate(Carbon::now())) {
            throw new AuthorizationException();
        }

        $token = $this->tokens->createLoginToken($user->getId(), $this->salt);

        $response = new ResponseModel($user, $token->getRaw(), $token->getToken());

        $presenter->present($response);
    }

    /**
     * @inheritDoc
     */
    public function samlLogout(?string $token): string
    {
        if ($token) {
            $this->tokens->invalidateToken(HashedSearchable::hash($this->salt, $token));
        }

        return $this->saml->logout();
    }
}