$tokens * @param int $type Type of token to verify, if null will verify any type * @param string $secret * * @return false|Document */ public static function tokenVerify(array $tokens, int $type = null, string $secret): false|Document { foreach ($tokens as $token) { if ( $token->isSet('secret') && $token->isSet('expire') && $token->isSet('type') && ($type === null || $token->getAttribute('type') === $type) && $token->getAttribute('secret') === self::hash($secret) && DateTime::formatTz($token->getAttribute('expire')) >= DateTime::formatTz(DateTime::now()) ) { return $token; } } return false; } /** * Verify session and check that its not expired. * * @param array $sessions * @param string $secret * * @return bool|string */ public static function sessionVerify(array $sessions, string $secret) { foreach ($sessions as $session) { if ( $session->isSet('secret') && $session->isSet('provider') && $session->getAttribute('secret') === self::hash($secret) && DateTime::formatTz(DateTime::format(new \DateTime($session->getAttribute('expire')))) >= DateTime::formatTz(DateTime::now()) ) { return $session->getId(); } } return false; } /** * Is Privileged User? * * @param array $roles * * @return bool */ public static function isPrivilegedUser(array $roles): bool { if ( in_array(USER_ROLE_OWNER, $roles) || in_array(USER_ROLE_DEVELOPER, $roles) || in_array(USER_ROLE_ADMIN, $roles) ) { return true; } return false; } /** * Is App User? * * @param array $roles * * @return bool */ public static function isAppUser(array $roles): bool { if (in_array(USER_ROLE_APPS, $roles)) { return true; } return false; } /** * Returns all roles for a user. * * @param Document $user * @return array */ public static function getRoles(Document $user): array { $roles = []; if (!self::isPrivilegedUser(Authorization::getRoles()) && !self::isAppUser(Authorization::getRoles())) { if ($user->getId()) { $roles[] = Role::user($user->getId())->toString(); $roles[] = Role::users()->toString(); $emailVerified = $user->getAttribute('emailVerification', false); $phoneVerified = $user->getAttribute('phoneVerification', false); if ($emailVerified || $phoneVerified) { $roles[] = Role::user($user->getId(), Roles::DIMENSION_VERIFIED)->toString(); $roles[] = Role::users(Roles::DIMENSION_VERIFIED)->toString(); } else { $roles[] = Role::user($user->getId(), Roles::DIMENSION_UNVERIFIED)->toString(); $roles[] = Role::users(Roles::DIMENSION_UNVERIFIED)->toString(); } } else { return [Role::guests()->toString()]; } } foreach ($user->getAttribute('memberships', []) as $node) { if (!isset($node['confirm']) || !$node['confirm']) { continue; } if (isset($node['$id']) && isset($node['teamId'])) { $roles[] = Role::team($node['teamId'])->toString(); $roles[] = Role::member($node['$id'])->toString(); if (isset($node['roles'])) { foreach ($node['roles'] as $nodeRole) { // Set all team roles $roles[] = Role::team($node['teamId'], $nodeRole)->toString(); } } } } foreach ($user->getAttribute('labels', []) as $label) { $roles[] = 'label:' . $label; } return $roles; } /** * Check if user is anonymous. * * @param Document $user * @return bool */ public static function isAnonymousUser(Document $user): bool { return is_null($user->getAttribute('email')) && is_null($user->getAttribute('phone')); } }