Added the support of multiple users

Author: ezimuel

src/UserInterface.php

@@ -18,7 +18,7 @@ public function getUsername(): string;
     /**
      * Get the user role
      *
-     * @return string
+     * @return array|null
      */
-    public function getUserRole(): string;
+    public function getUserRoles(): ?array;
 }

src/UserRepository/Htpasswd.php

@@ -56,10 +56,18 @@ public function authenticate(string $credential, string $password = null): ?User
         fclose($handle);
 
         return $found && password_verify($password, $hash) ?
-               $this->generateUser($credential, '') :
+               $this->generateUser($credential) :
                null;
     }
 
+    /**
+     * {@inheritDoc}
+     */
+    public function getRolesFromUser(string $username): ?array
+    {
+        return null;
+    }
+
     /**
      * Check bcrypt usage for security reason
      *

src/UserRepository/PdoDatabase.php

@@ -37,7 +37,8 @@ public function __construct(PDO $pdo, array $config)
     public function authenticate(string $credential, string $password = null): ?UserInterface
     {
         $sql = sprintf(
-            "SELECT * FROM %s WHERE %s = :username",
+            "SELECT %s FROM %s WHERE %s = :username",
+            $this->config['field']['password'],
             $this->config['table'],
             $this->config['field']['username']
         );
@@ -49,7 +50,32 @@ public function authenticate(string $credential, string $password = null): ?User
         $result = $stmt->fetchObject();
 
         return password_verify($password, $result->{$this->config['field']['password']}) ?
-               $this->generateUser($credential, $this->config['field']['role'] ?? '') :
+               $this->generateUser($credential, $this->getRolesFromUser($credential)) :
                null;
     }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function getRolesFromUser(string $username): ?array
+    {
+        if (! isset($this->config['sql_get_roles'])) {
+            return null;
+        }
+        if (false === strpos($this->config['sql_get_roles'], ':username')) {
+            throw new Exception\InvalidConfigException(
+                'The sql_get_roles must include a :username parameter'
+            );
+        }
+        $stmt = $this->pdo->prepare($this->config['sql_get_roles']);
+        $stmt->bindParam(':username', $username);
+        if (! $stmt->execute()) {
+            return null;
+        }
+        $roles = [];
+        foreach ($stmt->fetchAll(PDO::FETCH_NUM) as $role) {
+            $roles[] = $role[0];
+        }
+        return $roles;
+    }
 }

src/UserRepository/UserTrait.php

@@ -18,23 +18,23 @@ trait UserTrait
      * @param string $role
      * @return UserInterface
      */
-    protected function generateUser(string $username, string $role): UserInterface
+    protected function generateUser(string $username, ?array $roles = null): UserInterface
     {
-        return new class($username, $role) implements UserInterface {
-            public function __construct($username, $role)
+        return new class($username, $roles) implements UserInterface {
+            public function __construct(string $username, $roles)
             {
                 $this->username = $username;
-                $this->role = $role;
+                $this->roles = $roles;
             }
 
             public function getUsername(): string
             {
                 return $this->username;
             }
 
-            public function getUserRole(): string
+            public function getUserRoles(): ?array
             {
-                return $this->role;
+                return $this->roles;
             }
         };
     }

src/UserRepositoryInterface.php

@@ -18,4 +18,12 @@ interface UserRepositoryInterface
      * @return UserInterface|null
      */
     public function authenticate(string $credential, string $password = null): ?UserInterface;
+
+    /**
+     * Get the user roles if present
+     *
+     * @param string $username
+     * @return array|null
+     */
+    public function getRolesFromUser(string $username): ?array;
 }

test/TestAssets/pdo_role.sqlite

@@ -0,0 +1,7 @@
+CREATE TABLE user(
+    username TEXT,
+    password TEXT,
+    role TEXT
+);
+
+INSERT INTO user (username, password, role) VALUES ('test', '$2y$10$C822kPutHb8S/An9pBzJHeaN2/uqytA88O5VtTaY9m9EzWCJPDF7e', 'admin');

test/TestAssets/pdo_roles.sqlite

@@ -0,0 +1,24 @@
+CREATE TABLE user(
+    username TEXT,
+    password TEXT
+);
+
+CREATE TABLE role(
+    role TEXT
+);
+
+CREATE TABLE user_role(
+    username TEXT,
+    role TEXT
+);
+
+INSERT INTO user (username, password) VALUES
+('test', '$2y$10$C822kPutHb8S/An9pBzJHeaN2/uqytA88O5VtTaY9m9EzWCJPDF7e');
+
+INSERT INTO role (role) VALUES
+('user'),
+('admin');
+
+INSERT INTO user_role (username, role) VALUES
+('test', 'user'),
+('test', 'admin');

test/TestAssets/sqlite_with_role.sql

@@ -50,4 +50,40 @@ public function testAuthenticateInvalidUser()
         $user = $pdoDatabase->authenticate('test', 'foo');
         $this->assertNull($user);
     }
+
+    public function testAuthenticateWithRole()
+    {
+        $pdo = new PDO('sqlite:'. __DIR__ . '/../TestAssets/pdo_role.sqlite');
+        $pdoDatabase = new PdoDatabase($pdo, [
+            'table' => 'user',
+            'field' => [
+                'username' => 'username',
+                'password' => 'password'
+            ],
+            'sql_get_roles' => 'SELECT role FROM user WHERE username = :username'
+        ]);
+
+        $user = $pdoDatabase->authenticate('test', 'password');
+        $this->assertInstanceOf(UserInterface::class, $user);
+        $this->assertEquals('test', $user->getUsername());
+        $this->assertEquals(['admin'], $user->getUserRoles());
+    }
+
+    public function testAuthenticateWithRoles()
+    {
+        $pdo = new PDO('sqlite:'. __DIR__ . '/../TestAssets/pdo_roles.sqlite');
+        $pdoDatabase = new PdoDatabase($pdo, [
+            'table' => 'user',
+            'field' => [
+                'username' => 'username',
+                'password' => 'password'
+            ],
+            'sql_get_roles' => 'SELECT role FROM user_role WHERE username = :username'
+        ]);
+
+        $user = $pdoDatabase->authenticate('test', 'password');
+        $this->assertInstanceOf(UserInterface::class, $user);
+        $this->assertEquals('test', $user->getUsername());
+        $this->assertEquals(['user', 'admin'], $user->getUserRoles());
+    }
 }