daveadmin/dobetternorge-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Gate tools login with Caveau access

Browse Source
This commit is contained in:
davegilligan
2026-05-08 17:12:38 +02:00
parent 9b22947eb2
commit 62dbb8d900
7 changed files with 341 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files
api/session.php
+32 -8
View File
@@ -16,27 +16,51 @@ if ($password === '') {
dbnToolsError('Password is required.', 422, 'missing_password');
}
$configuredEmail = dbnToolsAuthEmail();
$hash = dbnToolsAuthPasswordHash();
try {
$db = dbnToolsDb();
$client = dbnToolsFetchClient($db);
if (!$client || empty($client['is_active'])) {
dbnToolsError('Do Better Norge Caveau workspace is not active.', 503, 'client_unavailable');
}
if ($configuredEmail === null || trim($configuredEmail) === '' || $hash === null || trim($hash) === '') {
dbnToolsError('Authentication credentials are not configured.', 503, 'auth_not_configured');
$user = dbnToolsFetchActiveClientUser($email, (int)$client['id'], $db);
} catch (DbnToolsHttpException $e) {
dbnToolsError($e->getMessage(), $e->status, $e->errorCode, $e->extra);
} catch (Throwable $e) {
error_log('DBN tools login error: ' . $e->getMessage());
dbnToolsError('Caveau authentication is not available.', 503, 'auth_unavailable');
}
$emailMatch = hash_equals(strtolower(trim($configuredEmail)), $email);
$passwordMatch = password_verify($password, $hash);
if (!$emailMatch || !$passwordMatch) {
if (!$user || !password_verify($password, (string)$user['password_hash'])) {
dbnToolsError('Email or password was not accepted.', 401, 'invalid_credentials');
}
$packageAccess = dbnToolsCanUsePackage((int)$client['id'], dbnToolsRequiredPackageSlug(), $db);
if (empty($packageAccess['ok'])) {
dbnToolsError(
(string)$packageAccess['message'],
(int)$packageAccess['status'],
(string)$packageAccess['code']
);
}
session_regenerate_id(true);
$_SESSION['dbn_tools_authenticated'] = true;
$_SESSION['dbn_tools_authenticated_at'] = time();
$_SESSION['dbn_tools_anon_id'] = $_SESSION['dbn_tools_anon_id'] ?? bin2hex(random_bytes(16));
$_SESSION['dbn_tools_client_id'] = (int)$client['id'];
$_SESSION['dbn_tools_client_slug'] = (string)$client['slug'];
$_SESSION['dbn_tools_user_id'] = (int)$user['id'];
$_SESSION['dbn_tools_user_email'] = (string)$user['email'];
$_SESSION['dbn_tools_user_role'] = (string)$user['role'];
$_SESSION['dbn_tools_package_slug'] = dbnToolsRequiredPackageSlug();
dbnToolsRespond([
'ok' => true,
'authenticated' => true,
'session' => dbnToolsAnonymousSessionId(),
'user' => [
'email' => (string)$user['email'],
'role' => (string)$user['role'],
],
]);