More authentication refactoring to also provide "plugable" credentials handling (references #921, needed for #305)

2025-08-14 01:37:22 +00:00 · 2020-10-19 18:38:12 +02:00
parent 9f88dd3af3
commit 94214b867a
9 changed files with 81 additions and 52 deletions
--- a/middleware/DefaultAuthMiddleware.php
+++ b/middleware/DefaultAuthMiddleware.php
@@ -2,6 +2,8 @@

 namespace Grocy\Middleware;

+use Grocy\Services\DatabaseService;
+use Grocy\Services\SessionService;
 use Psr\Http\Message\ServerRequestInterface as Request;

 class DefaultAuthMiddleware extends AuthMiddleware
@@ -22,4 +24,39 @@ class DefaultAuthMiddleware extends AuthMiddleware
 		$user = $auth->authenticate($request);
 		return $user;
 	}
+
+	public static function ProcessLogin(array $postParams)
+	{
+		if (isset($postParams['username']) && isset($postParams['password']))
+		{
+			$db = DatabaseService::getInstance()->GetDbConnection();
+
+			$user = $db->users()->where('username', $postParams['username'])->fetch();
+			$inputPassword = $postParams['password'];
+			$stayLoggedInPermanently = $postParams['stay_logged_in'] == 'on';
+
+			if ($user !== null && password_verify($inputPassword, $user->password))
+			{
+				$sessionKey = SessionService::getInstance()->CreateSession($user->id, $stayLoggedInPermanently);
+				parent::SetSessionCookie($sessionKey);
+
+				if (password_needs_rehash($user->password, PASSWORD_DEFAULT))
+				{
+					$user->update([
+						'password' => password_hash($inputPassword, PASSWORD_DEFAULT)
+					]);
+				}
+
+				return true;
+			}
+			else
+			{
+				return false;
+			}
+		}
+		else
+		{
+			return false;
+		}
+	}
 }