AuthService
in package
Standalone authentication service for Heratio.
Replicates QubitUser::checkCredentials() with dual-layer password verification: SHA1(salt + password) -> password_verify(sha1Hash, argon2iHash).
AtoM stores passwords as: salt: random hex string password_hash: password_hash(sha1(salt . plaintext), PASSWORD_DEFAULT)
The inner SHA1 layer is legacy; the outer Argon2i/Bcrypt layer was added in AtoM 2.x. Both layers must be checked for backward compatibility.
Includes brute force protection via LoginSecurityService — accounts are locked after 5 failed attempts within 15 minutes.
Table of Contents
Methods
- authenticate() : object|null
- Authenticate a user by email or username.
- getGroupIds() : array<string|int, int>
- Get group IDs for a user.
- getGroupNames() : array<string|int, string>
- Get group names for a user (EN culture).
Methods
authenticate()
Authenticate a user by email or username.
public
static authenticate(string $emailOrUsername, string $password[, string|null $ipAddress = null ]) : object|null
Tries email first, then username (matching QubitUser::checkCredentials order). Enforces account lockout after excessive failed attempts.
Parameters
- $emailOrUsername : string
- $password : string
- $ipAddress : string|null = null
Return values
object|null —User object on success, null on failure
getGroupIds()
Get group IDs for a user.
public
static getGroupIds(int $userId) : array<string|int, int>
Parameters
- $userId : int
Return values
array<string|int, int> —Array of group IDs
getGroupNames()
Get group names for a user (EN culture).
public
static getGroupNames(int $userId) : array<string|int, string>
Parameters
- $userId : int
Return values
array<string|int, string> —Array of group names