From 8a1a1425a70ecb0a44dbf1a87418c6c582d2bc7f Mon Sep 17 00:00:00 2001
From: Roland Schneider <rocho02@gmail.com>
Date: Wed, 16 Feb 2022 20:02:53 +0100
Subject: [PATCH] improve login controller

---
 mobileapi/controllers/LoginController.php | 53 +++++++++++------------
 1 file changed, 26 insertions(+), 27 deletions(-)

diff --git a/mobileapi/controllers/LoginController.php b/mobileapi/controllers/LoginController.php
index ee5f004..3050bad 100644
--- a/mobileapi/controllers/LoginController.php
+++ b/mobileapi/controllers/LoginController.php
@@ -11,6 +11,7 @@ namespace mobileapi\controllers;
 use mobileapi\models\LoginForm;
 use sizeg\jwt\Jwt;
 use Yii;
+use yii\web\BadRequestHttpException;
 use yii\web\UnauthorizedHttpException;
 
 /** @noinspection PhpUnused */
@@ -20,44 +21,42 @@ class LoginController extends RestController
 
     /**
      * hash for password test is:
-     * $2y$13$D2BauYE2nhCdVDNatT9BMeWGxOvi5t5V6W2OUjr6sj2FRpb317Cpq
      *
      */
     /** @noinspection PhpUnused */
     public function actionLogin()
     {
         $form = new LoginForm();
-        $post = \Yii::$app->request->post();
-
-        $post2 = $_POST;
         $form->load(\Yii::$app->request->post(), '');
 
-        if ($form->validate()) {
-
-            /** @var Jwt $jwt */
-            $jwt = Yii::$app->jwt;
-            $signer = $jwt->getSigner('HS256');
-            $key = $jwt->getKey();
-            $time = time();
-
-            // Adoption for lcobucci/jwt ^4.0 version
-            $token = $jwt->getBuilder()
-                ->issuedBy('mobileapi')// Configures the issuer (iss claim)
-                ->permittedFor('customer')// Configures the audience (aud claim)
-                ->identifiedBy('A989C57D19E2AF756BA9585AC4CFAF7974AE3D2BCA7CCA7307B39AB28CC7C2C8', true)// Configures the id (jti claim), replicating as a header item
-                ->issuedAt($time)// Configures the time that the token was issue (iat claim)
-                ->expiresAt($time + 3600)// Configures the expiration time of the token (exp claim)
-                ->withClaim('uid', $form->getCustomer()->getId())// Configures a new claim, called "uid"
-                ->getToken($signer, $key); // Retrieves the generated token
-
-            return $this->asJson([
-                'token' => (string)$token,
-            ]);
-        } else {
-            throw new UnauthorizedHttpException("Hibás e-mail cím vagy jelszó!");
+        if (!$form->validate()) {
+            throw new BadRequestHttpException("Hibás e-mail cím vagy jelszó!");
         }
+
+        /** @var Jwt $jwt */
+        $jwt = Yii::$app->jwt;
+        $signer = $jwt->getSigner('HS256');
+        $key = $jwt->getKey();
+        $time = time();
+
+        $validFor = 60 * 60 * 24 * 7 * 2; // 4 weeks
+        // Adoption for lcobucci/jwt ^4.0 version
+        $token = $jwt->getBuilder()
+            ->issuedBy('mobileapi')// Configures the issuer (iss claim)
+            ->permittedFor('customer')// Configures the audience (aud claim)
+            ->identifiedBy('A989C57D19E2AF756BA9585AC4CFAF7974AE3D2BCA7CCA7307B39AB28CC7C2C8', true)// Configures the id (jti claim), replicating as a header item
+            ->issuedAt($time)// Configures the time that the token was issue (iat claim)
+            ->expiresAt($time + $validFor)// Configures the expiration time of the token (exp claim)
+            ->withClaim('uid', $form->getCustomer()->getId())// Configures a new claim, called "uid"
+            ->getToken($signer, $key); // Retrieves the generated token
+
+        return $this->asJson([
+            'token' => (string)$token,
+        ]);
+
     }
 
+
     protected function getOptionalActions()
     {
         return ['login'];