More authentication refactoring to also provide "plugable" credentials handling (references #921, needed for #305)

middleware/ApiKeyAuthMiddleware.php

@@ -72,4 +72,9 @@ class ApiKeyAuthMiddleware extends AuthMiddleware
 			return null;
 		}
 	}
+
+	public static function ProcessLogin(array $postParams)
+	{
+		throw new \Exception('Not implemented');
+	}
 }

middleware/AuthMiddleware.php

@@ -76,6 +76,19 @@ abstract class AuthMiddleware extends BaseMiddleware
 		}
 	}
 
+	protected static function SetSessionCookie($sessionKey)
+	{
+		// Cookie never expires, session validity is up to SessionService
+		setcookie(SessionService::SESSION_COOKIE_NAME, $sessionKey, PHP_INT_SIZE == 4 ? PHP_INT_MAX : PHP_INT_MAX >> 32);
+	}
+
+	/**
+	 * @param array $postParams
+	 * @return bool True/False if the provided credentials were valid
+	 * @throws \Exception Throws an \Exception if an error happended during credentials processing or if this AuthMiddleware doesn't provide credentials processing (e. g. handles this externally)
+	 */
+	abstract public static function ProcessLogin(array $postParams);
+
 	/**
 	 * @param Request $request
 	 * @return mixed|null the user row or null if the request is not authenticated

middleware/DefaultAuthMiddleware.php

@@ -2,6 +2,8 @@
 
 namespace Grocy\Middleware;
 
+use Grocy\Services\DatabaseService;
+use Grocy\Services\SessionService;
 use Psr\Http\Message\ServerRequestInterface as Request;
 
 class DefaultAuthMiddleware extends AuthMiddleware
@@ -22,4 +24,39 @@ class DefaultAuthMiddleware extends AuthMiddleware
 		$user = $auth->authenticate($request);
 		return $user;
 	}
+
+	public static function ProcessLogin(array $postParams)
+	{
+		if (isset($postParams['username']) && isset($postParams['password']))
+		{
+			$db = DatabaseService::getInstance()->GetDbConnection();
+
+			$user = $db->users()->where('username', $postParams['username'])->fetch();
+			$inputPassword = $postParams['password'];
+			$stayLoggedInPermanently = $postParams['stay_logged_in'] == 'on';
+
+			if ($user !== null && password_verify($inputPassword, $user->password))
+			{
+				$sessionKey = SessionService::getInstance()->CreateSession($user->id, $stayLoggedInPermanently);
+				parent::SetSessionCookie($sessionKey);
+
+				if (password_needs_rehash($user->password, PASSWORD_DEFAULT))
+				{
+					$user->update([
+						'password' => password_hash($inputPassword, PASSWORD_DEFAULT)
+					]);
+				}
+
+				return true;
+			}
+			else
+			{
+				return false;
+			}
+		}
+		else
+		{
+			return false;
+		}
+	}
 }

middleware/ReverseProxyAuthMiddleware.php

@@ -36,4 +36,9 @@ class ReverseProxyAuthMiddleware extends AuthMiddleware
 
 		return $user;
 	}
+
+	public static function ProcessLogin(array $postParams)
+	{
+		throw new \Exception('Not implemented');
+	}
 }

middleware/SessionAuthMiddleware.php

@@ -8,12 +8,9 @@ use Psr\Http\Message\ServerRequestInterface as Request;
 
 class SessionAuthMiddleware extends AuthMiddleware
 {
-	protected $SessionCookieName;
-
 	public function __construct(\DI\Container $container, ResponseFactoryInterface $responseFactory)
 	{
 		parent::__construct($container, $responseFactory);
-		$this->SessionCookieName = $this->AppContainer->get('LoginControllerInstance')->GetSessionCookieName();
 	}
 
 	public function authenticate(Request $request)
@@ -25,13 +22,18 @@ class SessionAuthMiddleware extends AuthMiddleware
 
 		$sessionService = SessionService::getInstance();
 
-		if (!isset($_COOKIE[$this->SessionCookieName]) || !$sessionService->IsValidSession($_COOKIE[$this->SessionCookieName]))
+		if (!isset($_COOKIE[SessionService::SESSION_COOKIE_NAME]) || !$sessionService->IsValidSession($_COOKIE[SessionService::SESSION_COOKIE_NAME]))
 		{
 			return null;
 		}
 		else
 		{
-			return $sessionService->GetUserBySessionKey($_COOKIE[$this->SessionCookieName]);
+			return $sessionService->GetUserBySessionKey($_COOKIE[SessionService::SESSION_COOKIE_NAME]);
 		}
 	}
+
+	public static function ProcessLogin(array $postParams)
+	{
+		throw new \Exception('Not implemented');
+	}
 }