resource provider and service improvements
This commit is contained in:
root
@@ -6,7 +6,9 @@ namespace KTXC\Service;
|
||||
|
||||
use KTXC\Http\Request\Request;
|
||||
use KTXC\Models\Identity\User;
|
||||
use KTXC\Resource\ProviderManager;
|
||||
use KTXC\SessionTenant;
|
||||
use KTXF\Security\Authentication\AuthenticationProviderInterface;
|
||||
|
||||
/**
|
||||
* Security Service
|
||||
@@ -21,9 +23,10 @@ class SecurityService
|
||||
private string $securityCode;
|
||||
|
||||
public function __construct(
|
||||
private readonly SessionTenant $sessionTenant,
|
||||
private readonly TokenService $tokenService,
|
||||
private readonly UserAccountsService $userService,
|
||||
private readonly SessionTenant $sessionTenant
|
||||
private readonly ProviderManager $providerManager,
|
||||
) {
|
||||
$this->securityCode = $this->sessionTenant->configuration()->security()->code();
|
||||
}
|
||||
@@ -55,7 +58,7 @@ class SecurityService
|
||||
if ($decoded !== false) {
|
||||
[$identity, $secret] = array_pad(explode(':', $decoded, 2), 2, null);
|
||||
if ($identity !== null && $secret !== null) {
|
||||
return $this->authenticateBasicHeader($identity, $secret);
|
||||
return $this->authenticateBasic($identity, $secret);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -98,98 +101,38 @@ class SecurityService
|
||||
* Authenticate HTTP Basic header (for API access)
|
||||
* Note: This is for request authentication, not login
|
||||
*/
|
||||
private function authenticateBasicHeader(string $identity, string $credentials): ?User
|
||||
private function authenticateBasic(string $identity, string $credentials): ?User
|
||||
{
|
||||
// For Basic auth headers, we need to validate against the provider
|
||||
// This is a simplified flow for API access
|
||||
$provider = $this->providerRegistry->resolve('default');
|
||||
if ($provider === null) {
|
||||
$providers = $this->providerManager->providers(AuthenticationProviderInterface::TYPE_AUTHENTICATION);
|
||||
if ($providers === []) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$result = $provider->authenticate($identity, $credentials);
|
||||
if (!$result->isSuccess()) {
|
||||
return null;
|
||||
foreach ($providers as $provider) {
|
||||
if ($provider instanceof AuthenticationProviderInterface === false) {
|
||||
continue;
|
||||
}
|
||||
if ($provider->method() !== AuthenticationProviderInterface::METHOD_CREDENTIAL) {
|
||||
continue;
|
||||
}
|
||||
$context = new \KTXF\Security\Authentication\ProviderContext(
|
||||
tenantId: $this->sessionTenant->identifier(),
|
||||
userIdentity: $identity,
|
||||
);
|
||||
$result = $provider->verify($context, $credentials);
|
||||
|
||||
if ($result->isSuccess()) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
return $this->getUserByIdentity($identity);
|
||||
}
|
||||
|
||||
// =========================================================================
|
||||
// Token Operations (delegated to AuthenticationManager for new flows)
|
||||
// These are kept for backwards compatibility during transition
|
||||
// =========================================================================
|
||||
|
||||
/**
|
||||
* @deprecated Use AuthenticationManager::createTokens() instead
|
||||
*/
|
||||
public function createAccessToken(array $payload): string
|
||||
{
|
||||
return $this->tokenService->createToken($payload, $this->securityCode, 900);
|
||||
}
|
||||
|
||||
/**
|
||||
* @deprecated Use AuthenticationManager::createTokens() instead
|
||||
*/
|
||||
public function createRefreshToken(array $payload): string
|
||||
{
|
||||
$refreshPayload = [
|
||||
'tenant' => $payload['tenant'] ?? null,
|
||||
'identifier' => $payload['identifier'],
|
||||
'identity' => $payload['identity'],
|
||||
'type' => 'refresh'
|
||||
];
|
||||
|
||||
return $this->tokenService->createToken($refreshPayload, $this->securityCode, 604800);
|
||||
}
|
||||
|
||||
/**
|
||||
* @deprecated Use AuthenticationManager::refreshAccessToken() instead
|
||||
*/
|
||||
public function validateRefreshToken(string $refreshToken): ?User
|
||||
{
|
||||
$payload = $this->tokenService->validateToken($refreshToken, $this->securityCode);
|
||||
|
||||
if (!$payload) {
|
||||
return null;
|
||||
if (isset($result) && $result->isSuccess()) {
|
||||
return $this->userService->fetchByIdentity($identity);
|
||||
}
|
||||
|
||||
if (!isset($payload['type']) || $payload['type'] !== 'refresh') {
|
||||
return null;
|
||||
}
|
||||
|
||||
$identifier = $payload['identifier'] ?? null;
|
||||
if (!$identifier || $this->providerRegistry->validateUser($identifier) === false) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$user = new User();
|
||||
$user->populate([
|
||||
'identifier' => $payload['identifier'],
|
||||
'identity' => $payload['identity'],
|
||||
'tenant' => $payload['tenant'] ?? null,
|
||||
], 'jwt');
|
||||
|
||||
return $user;
|
||||
}
|
||||
|
||||
/**
|
||||
* @deprecated Use AuthenticationManager::logout() instead
|
||||
*/
|
||||
public function logout(?string $jti = null, ?int $exp = null): void
|
||||
{
|
||||
if ($jti !== null) {
|
||||
$expiresAt = $exp ?? (time() + 86400);
|
||||
$this->tokenService->blacklist($jti, $expiresAt);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @deprecated Use AuthenticationManager::logoutAll() instead
|
||||
*/
|
||||
public function logoutAllDevices(string $identity): void
|
||||
{
|
||||
$this->tokenService->blacklistUserTokensBefore($identity, time());
|
||||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user