From 6082a87690f16fa87eddb61059631c7034fc3641 Mon Sep 17 00:00:00 2001
From: Michael Miscampbell <mmiscampbell@gcdtech.com>
Date: Mon, 6 Nov 2017 16:48:41 +0000
Subject: [PATCH 1/2] Adding logic to support checking if a user login has
 expired and can then ensure a relevant exception is thrown to cater for this
 scenario.

---
 src/Interfaces/CheckExpiredModelInterface.php | 29 +++++++++++++++++++
 src/LoginProviders/ModelLoginProvider.php     |  7 +++++
 .../Fixtures/TestExpiredLoginProvider.php     | 13 +++++++++
 tests/unit/Fixtures/TestExpiredUser.php       | 13 +++++++++
 .../LoginProviders/ModelLoginProviderTest.php | 20 +++++++++++++
 5 files changed, 82 insertions(+)
 create mode 100644 src/Interfaces/CheckExpiredModelInterface.php
 create mode 100644 tests/unit/Fixtures/TestExpiredLoginProvider.php
 create mode 100644 tests/unit/Fixtures/TestExpiredUser.php

diff --git a/src/Interfaces/CheckExpiredModelInterface.php b/src/Interfaces/CheckExpiredModelInterface.php
new file mode 100644
index 0000000..def512d
--- /dev/null
+++ b/src/Interfaces/CheckExpiredModelInterface.php
@@ -0,0 +1,29 @@
+<?php
+
+/*
+ *	Copyright 2015 RhubarbPHP
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+namespace Rhubarb\Stem\Interfaces;
+
+/**
+ * The following interface is used to allow enable validation of whether the model
+ * has expired.
+ * For example: It can be used to validate whether a users password has now expired
+ */
+interface CheckExpiredModelInterface
+{
+    public function hasModelExpired();
+}
diff --git a/src/LoginProviders/ModelLoginProvider.php b/src/LoginProviders/ModelLoginProvider.php
index 23f5e89..81d15cb 100644
--- a/src/LoginProviders/ModelLoginProvider.php
+++ b/src/LoginProviders/ModelLoginProvider.php
@@ -22,12 +22,14 @@
 use Rhubarb\Crown\Exceptions\ImplementationException;
 use Rhubarb\Crown\Logging\Log;
 use Rhubarb\Crown\LoginProviders\Exceptions\LoginDisabledException;
+use Rhubarb\Crown\LoginProviders\Exceptions\LoginExpiredException;
 use Rhubarb\Crown\LoginProviders\Exceptions\LoginFailedException;
 use Rhubarb\Crown\LoginProviders\Exceptions\NotLoggedInException;
 use Rhubarb\Crown\LoginProviders\LoginProvider;
 use Rhubarb\Stem\Collections\RepositoryCollection;
 use Rhubarb\Stem\Exceptions\RecordNotFoundException;
 use Rhubarb\Stem\Filters\Equals;
+use Rhubarb\Stem\Interfaces\CheckExpiredModelInterface;
 use Rhubarb\Stem\Models\Model;
 use Rhubarb\Stem\Schema\SolutionSchema;
 
@@ -91,6 +93,11 @@ public function login($username, $password)
                 Log::debug("Login failed for {$username} - the username wasn't unique", "LOGIN");
                 throw new LoginFailedException();
             }
+
+            if ($user instanceof CheckExpiredModelInterface && $user->hasModelExpired()) {
+                Log::debug("Login failed for {$username} - the login has now expired", "LOGIN");
+                throw new LoginExpiredException();
+            }
         }
 
         if (!isset($activeUser)) {
diff --git a/tests/unit/Fixtures/TestExpiredLoginProvider.php b/tests/unit/Fixtures/TestExpiredLoginProvider.php
new file mode 100644
index 0000000..1f68e33
--- /dev/null
+++ b/tests/unit/Fixtures/TestExpiredLoginProvider.php
@@ -0,0 +1,13 @@
+<?php
+
+namespace Rhubarb\Stem\Tests\unit\Fixtures;
+
+use Rhubarb\Stem\LoginProviders\ModelLoginProvider;
+
+class TestExpiredLoginProvider extends ModelLoginProvider
+{
+    public function __construct()
+    {
+        parent::__construct(TestExpiredUser::class, "Username", "Password", "Active");
+    }
+}
diff --git a/tests/unit/Fixtures/TestExpiredUser.php b/tests/unit/Fixtures/TestExpiredUser.php
new file mode 100644
index 0000000..5746374
--- /dev/null
+++ b/tests/unit/Fixtures/TestExpiredUser.php
@@ -0,0 +1,13 @@
+<?php
+
+namespace Rhubarb\Stem\Tests\unit\Fixtures;
+
+use Rhubarb\Stem\Interfaces\CheckExpiredModelInterface;
+
+class TestExpiredUser extends User implements CheckExpiredModelInterface
+{
+    public function hasModelExpired()
+    {
+        return true;
+    }
+}
diff --git a/tests/unit/LoginProviders/ModelLoginProviderTest.php b/tests/unit/LoginProviders/ModelLoginProviderTest.php
index 3a17107..1193460 100644
--- a/tests/unit/LoginProviders/ModelLoginProviderTest.php
+++ b/tests/unit/LoginProviders/ModelLoginProviderTest.php
@@ -5,9 +5,12 @@
 use Rhubarb\Crown\Encryption\HashProvider;
 use Rhubarb\Crown\Encryption\Sha512HashProvider;
 use Rhubarb\Crown\LoginProviders\Exceptions\LoginDisabledException;
+use Rhubarb\Crown\LoginProviders\Exceptions\LoginExpiredException;
 use Rhubarb\Crown\LoginProviders\Exceptions\LoginFailedException;
 use Rhubarb\Crown\LoginProviders\Exceptions\NotLoggedInException;
 use Rhubarb\Crown\Tests\Fixtures\TestCases\RhubarbTestCase;
+use Rhubarb\Stem\Tests\unit\Fixtures\TestExpiredLoginProvider;
+use Rhubarb\Stem\Tests\unit\Fixtures\TestExpiredUser;
 use Rhubarb\Stem\Tests\unit\Fixtures\TestLoginProvider;
 use Rhubarb\Stem\Tests\unit\Fixtures\User;
 
@@ -117,4 +120,21 @@ public function testForceLogin()
         $this->assertTrue($testLoginProvider->isLoggedIn());
         $this->assertEquals($user->UniqueIdentifier, $testLoginProvider->getModel()->UniqueIdentifier);
     }
+
+    public function testExpiredLogin()
+    {
+        $user = new TestExpiredUser();
+        $user->Username = "expiredlogin";
+        $user->Password = "password";
+        $user->save();
+
+        try {
+            $testLoginProvider = new TestExpiredLoginProvider();
+            $testLoginProvider->login($user->Username, $user->Password);
+
+            $this->fail("Expected User login to be expired");
+        } catch (LoginExpiredException $exception) {
+            $this->assertEquals("Sorry, your login has now expired. Please contact the system administrator to address this issue.", $exception->getPublicMessage());
+        }
+    }
 }

From 9ab76c93f0ba19359a6965f5dc36fc28ce74ba11 Mon Sep 17 00:00:00 2001
From: Michael Miscampbell <mmiscampbell@gcdtech.com>
Date: Wed, 8 Nov 2017 20:13:41 +0000
Subject: [PATCH 2/2] Updated interface to check if a model isExpired or has
 been disabled.

---
 ...rface.php => ValidateLoginModelInterface.php} |  6 ++++--
 src/LoginProviders/ModelLoginProvider.php        | 16 ++++++++++++----
 tests/unit/Fixtures/TestExpiredUser.php          | 11 ++++++++---
 3 files changed, 24 insertions(+), 9 deletions(-)
 rename src/Interfaces/{CheckExpiredModelInterface.php => ValidateLoginModelInterface.php} (87%)

diff --git a/src/Interfaces/CheckExpiredModelInterface.php b/src/Interfaces/ValidateLoginModelInterface.php
similarity index 87%
rename from src/Interfaces/CheckExpiredModelInterface.php
rename to src/Interfaces/ValidateLoginModelInterface.php
index def512d..75dc41c 100644
--- a/src/Interfaces/CheckExpiredModelInterface.php
+++ b/src/Interfaces/ValidateLoginModelInterface.php
@@ -23,7 +23,9 @@
  * has expired.
  * For example: It can be used to validate whether a users password has now expired
  */
-interface CheckExpiredModelInterface
+interface ValidateLoginModelInterface
 {
-    public function hasModelExpired();
+    public function isModelExpired();
+
+    public function isModelDisabled();
 }
diff --git a/src/LoginProviders/ModelLoginProvider.php b/src/LoginProviders/ModelLoginProvider.php
index 81d15cb..4d08ae8 100644
--- a/src/LoginProviders/ModelLoginProvider.php
+++ b/src/LoginProviders/ModelLoginProvider.php
@@ -22,6 +22,7 @@
 use Rhubarb\Crown\Exceptions\ImplementationException;
 use Rhubarb\Crown\Logging\Log;
 use Rhubarb\Crown\LoginProviders\Exceptions\LoginDisabledException;
+use Rhubarb\Crown\LoginProviders\Exceptions\LoginDisabledFailedAttemptsException;
 use Rhubarb\Crown\LoginProviders\Exceptions\LoginExpiredException;
 use Rhubarb\Crown\LoginProviders\Exceptions\LoginFailedException;
 use Rhubarb\Crown\LoginProviders\Exceptions\NotLoggedInException;
@@ -29,7 +30,7 @@
 use Rhubarb\Stem\Collections\RepositoryCollection;
 use Rhubarb\Stem\Exceptions\RecordNotFoundException;
 use Rhubarb\Stem\Filters\Equals;
-use Rhubarb\Stem\Interfaces\CheckExpiredModelInterface;
+use Rhubarb\Stem\Interfaces\ValidateLoginModelInterface;
 use Rhubarb\Stem\Models\Model;
 use Rhubarb\Stem\Schema\SolutionSchema;
 
@@ -94,9 +95,16 @@ public function login($username, $password)
                 throw new LoginFailedException();
             }
 
-            if ($user instanceof CheckExpiredModelInterface && $user->hasModelExpired()) {
-                Log::debug("Login failed for {$username} - the login has now expired", "LOGIN");
-                throw new LoginExpiredException();
+            if ($user instanceof ValidateLoginModelInterface) {
+                if ($user->isModelExpired()) {
+                    Log::debug("Login failed for {$username} - the login has now expired", "LOGIN");
+                    throw new LoginExpiredException();
+                }
+
+                if ($user->isModelDisabled()) {
+                    Log::debug("Login failed for {$username} - the login has been disabled due to numerous failed login attempts", "LOGIN");
+                    throw new LoginDisabledFailedAttemptsException();
+                }
             }
         }
 
diff --git a/tests/unit/Fixtures/TestExpiredUser.php b/tests/unit/Fixtures/TestExpiredUser.php
index 5746374..be08a4e 100644
--- a/tests/unit/Fixtures/TestExpiredUser.php
+++ b/tests/unit/Fixtures/TestExpiredUser.php
@@ -2,12 +2,17 @@
 
 namespace Rhubarb\Stem\Tests\unit\Fixtures;
 
-use Rhubarb\Stem\Interfaces\CheckExpiredModelInterface;
+use Rhubarb\Stem\Interfaces\ValidateLoginModelInterface;
 
-class TestExpiredUser extends User implements CheckExpiredModelInterface
+class TestExpiredUser extends User implements ValidateLoginModelInterface
 {
-    public function hasModelExpired()
+    public function isModelExpired()
     {
         return true;
     }
+
+    public function isModelDisabled()
+    {
+        return false;
+    }
 }