121 lines
3.5 KiB
PHP
121 lines
3.5 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace KTXM\AuthenticationProviderPassword\Stores;
|
|
|
|
use KTXC\Db\DataStore;
|
|
|
|
/**
|
|
* Credential Store for Default Identity Provider
|
|
* Manages local authentication credentials
|
|
*
|
|
* Collection: provider_identity_default
|
|
* Schema: {
|
|
* tid: string, // Tenant identifier
|
|
* identifier: string, // User identity (email/username)
|
|
* secret: string, // Encrypted password
|
|
* created_at: int, // Creation timestamp
|
|
* updated_at: int // Last update timestamp
|
|
* }
|
|
*/
|
|
class CredentialStore
|
|
{
|
|
protected const COLLECTION_NAME = 'provider_identity_default';
|
|
|
|
public function __construct(private DataStore $store)
|
|
{ }
|
|
|
|
/**
|
|
* Fetch credential record by identifier (email/username)
|
|
*
|
|
* @param string $tenant Tenant identifier
|
|
* @param string $identifier User identity
|
|
* @return array|null Credential record or null if not found
|
|
*/
|
|
public function fetchByIdentifier(string $tenant, string $identifier): ?array
|
|
{
|
|
$entry = $this->store->selectCollection(self::COLLECTION_NAME)->findOne([
|
|
'tid' => $tenant,
|
|
'identifier' => $identifier
|
|
]);
|
|
|
|
if (!$entry) {
|
|
return null;
|
|
}
|
|
|
|
return (array)$entry;
|
|
}
|
|
|
|
/**
|
|
* Create a new credential record
|
|
*
|
|
* @param string $tenant Tenant identifier
|
|
* @param string $identifier User identity
|
|
* @param string $encryptedSecret Encrypted password
|
|
* @return bool Whether creation was successful
|
|
*/
|
|
public function create(string $tenant, string $identifier, string $encryptedSecret): bool
|
|
{
|
|
$result = $this->store->selectCollection(self::COLLECTION_NAME)->insertOne([
|
|
'tid' => $tenant,
|
|
'identifier' => $identifier,
|
|
'secret' => $encryptedSecret,
|
|
'created_at' => time(),
|
|
'updated_at' => time(),
|
|
]);
|
|
|
|
return $result->isAcknowledged();
|
|
}
|
|
|
|
/**
|
|
* Update credential secret
|
|
*
|
|
* @param string $tenant Tenant identifier
|
|
* @param string $identifier User identity
|
|
* @param string $encryptedSecret New encrypted password
|
|
* @return bool Whether update was successful
|
|
*/
|
|
public function updateSecret(string $tenant, string $identifier, string $encryptedSecret): bool
|
|
{
|
|
$result = $this->store->selectCollection(self::COLLECTION_NAME)->updateOne(
|
|
['tid' => $tenant, 'identifier' => $identifier],
|
|
['$set' => [
|
|
'secret' => $encryptedSecret,
|
|
'updated_at' => time(),
|
|
]]
|
|
);
|
|
|
|
return $result->isAcknowledged();
|
|
}
|
|
|
|
/**
|
|
* Delete credential record
|
|
*
|
|
* @param string $tenant Tenant identifier
|
|
* @param string $identifier User identity
|
|
* @return bool Whether deletion was successful
|
|
*/
|
|
public function delete(string $tenant, string $identifier): bool
|
|
{
|
|
$result = $this->store->selectCollection(self::COLLECTION_NAME)->deleteOne([
|
|
'tid' => $tenant,
|
|
'identifier' => $identifier
|
|
]);
|
|
|
|
return $result->isAcknowledged();
|
|
}
|
|
|
|
/**
|
|
* Check if credential exists for identifier
|
|
*
|
|
* @param string $tenant Tenant identifier
|
|
* @param string $identifier User identity
|
|
* @return bool Whether credential exists
|
|
*/
|
|
public function exists(string $tenant, string $identifier): bool
|
|
{
|
|
return $this->fetchByIdentifier($tenant, $identifier) !== null;
|
|
}
|
|
}
|