improve login controller

2022-02-16 20:02:53 +01:00 · 2022-02-16 20:02:53 +01:00 · 8a1a1425a7
commit 8a1a1425a7
parent aec6913000
1 changed files with 26 additions and 27 deletions
--- a/mobileapi/controllers/LoginController.php
+++ b/mobileapi/controllers/LoginController.php
@ -11,6 +11,7 @@ namespace mobileapi\controllers;
 use mobileapi\models\LoginForm;
 use sizeg\jwt\Jwt;
 use Yii;
+use yii\web\BadRequestHttpException;
 use yii\web\UnauthorizedHttpException;

 /** @noinspection PhpUnused */
@ -20,44 +21,42 @@ class LoginController extends RestController

    /**
     * hash for password test is:
-     * $2y$13$D2BauYE2nhCdVDNatT9BMeWGxOvi5t5V6W2OUjr6sj2FRpb317Cpq
     *
     */
    /** @noinspection PhpUnused */
    public function actionLogin()
    {
        $form = new LoginForm();
-        $post = \Yii::$app->request->post();
-
-        $post2 = $_POST;
        $form->load(\Yii::$app->request->post(), '');

-        if ($form->validate()) {
-
-            /** @var Jwt $jwt */
-            $jwt = Yii::$app->jwt;
-            $signer = $jwt->getSigner('HS256');
-            $key = $jwt->getKey();
-            $time = time();
-
-            // Adoption for lcobucci/jwt ^4.0 version
-            $token = $jwt->getBuilder()
-                ->issuedBy('mobileapi')// Configures the issuer (iss claim)
-                ->permittedFor('customer')// Configures the audience (aud claim)
-                ->identifiedBy('A989C57D19E2AF756BA9585AC4CFAF7974AE3D2BCA7CCA7307B39AB28CC7C2C8', true)// Configures the id (jti claim), replicating as a header item
-                ->issuedAt($time)// Configures the time that the token was issue (iat claim)
-                ->expiresAt($time + 3600)// Configures the expiration time of the token (exp claim)
-                ->withClaim('uid', $form->getCustomer()->getId())// Configures a new claim, called "uid"
-                ->getToken($signer, $key); // Retrieves the generated token
-
-            return $this->asJson([
-                'token' => (string)$token,
-            ]);
-        } else {
-            throw new UnauthorizedHttpException("Hibás e-mail cím vagy jelszó!");
+        if (!$form->validate()) {
+            throw new BadRequestHttpException("Hibás e-mail cím vagy jelszó!");
        }
+
+        /** @var Jwt $jwt */
+        $jwt = Yii::$app->jwt;
+        $signer = $jwt->getSigner('HS256');
+        $key = $jwt->getKey();
+        $time = time();
+
+        $validFor = 60 * 60 * 24 * 7 * 2; // 4 weeks
+        // Adoption for lcobucci/jwt ^4.0 version
+        $token = $jwt->getBuilder()
+            ->issuedBy('mobileapi')// Configures the issuer (iss claim)
+            ->permittedFor('customer')// Configures the audience (aud claim)
+            ->identifiedBy('A989C57D19E2AF756BA9585AC4CFAF7974AE3D2BCA7CCA7307B39AB28CC7C2C8', true)// Configures the id (jti claim), replicating as a header item
+            ->issuedAt($time)// Configures the time that the token was issue (iat claim)
+            ->expiresAt($time + $validFor)// Configures the expiration time of the token (exp claim)
+            ->withClaim('uid', $form->getCustomer()->getId())// Configures a new claim, called "uid"
+            ->getToken($signer, $key); // Retrieves the generated token
+
+        return $this->asJson([
+            'token' => (string)$token,
+        ]);
+
    }

+
    protected function getOptionalActions()
    {
        return ['login'];