Merge pull request #83 from phenixphp/feature/user-authentication

Integration of framework v0.8.*

Author: barbosa89

.dockerignore

@@ -42,7 +42,6 @@ coverage/
 *.pid.lock
 
 .phpunit.result.cache
-.pest
 .php_cs.cache
 
 dist/

.env.example

@@ -9,17 +9,30 @@ DB_CONNECTION=mysql
 DB_HOST=127.0.0.1
 DB_PORT=3306
 DB_DATABASE=phenix
-DB_USERNAME=phenix
-DB_PASSWORD=
+DB_USERNAME=root
+DB_PASSWORD=secret
 
-LOG_CHANNEL=stream
+LOG_CHANNEL=file
 
-QUEUE_DRIVER=parallel
+CACHE_STORE=redis
+RATE_LIMIT_STORE="${CACHE_STORE}"
+
+QUEUE_DRIVER=redis
 
 CORS_ORIGIN=
 
 REDIS_HOST=127.0.0.1
 REDIS_PORT=6379
+REDIS_USERNAME=
 REDIS_PASSWORD=null
 
-SESSION_DRIVER=local
+SESSION_DRIVER=redis
+
+MAIL_MAILER=smtp
+MAIL_HOST=127.0.0.1
+MAIL_PORT=587
+MAIL_ENCRYPTION=tls
+MAIL_USERNAME=null
+MAIL_PASSWORD=null
+MAIL_FROM_ADDRESS=hello@example.com
+MAIL_FROM_NAME="Example"

.github/copilot-instructions.md

@@ -25,11 +25,10 @@ XDEBUG_MODE=off php public/index.php  # Direct server start (faster, no debuggin
 
 ### Testing
 ```bash
-composer test                   # Pest tests (XDEBUG_MODE=off)
+composer test                   # PHPUnit tests (XDEBUG_MODE=off)
 composer test:coverage          # With coverage reports
-composer test:parallel          # Parallel execution
 ```
-- **Test Framework**: Pest PHP with custom HTTP client helpers
+- **Test Framework**: PHPUnit with custom HTTP client helpers
 - **Test Structure**: `tests/Feature/` and `tests/Unit/` with shared `TestCase`
 - **HTTP Testing**: Uses Amp HTTP client with helper functions: `get()`, `post()`, etc.
 
@@ -133,7 +132,6 @@ class MyController extends Controller
 - `config/app.php` - Service provider registration and app config
 - `vendor/phenixphp/framework/src/Queue/` - Queue implementation details
 - `vendor/phenixphp/framework/src/Tasks/QueuableTask.php` - Base task class
-- `tests/Pest.php` - HTTP testing helpers and setup
 - `bootstrap/app.php` - Application bootstrap via `AppBuilder`
 
 ## Common Pitfalls

.github/workflows/run-tests.yml

@@ -9,6 +9,30 @@ on:
 jobs:
   test:
     runs-on: ubuntu-latest
+    services:
+      mysql:
+        image: mysql:8.0
+        env:
+          MYSQL_DATABASE: phenix
+          MYSQL_USER: phenix
+          MYSQL_PASSWORD: secret
+          MYSQL_ROOT_PASSWORD: secret
+        ports:
+          - 3306:3306
+        options: >-
+          --health-cmd="mysqladmin ping -h 127.0.0.1 -uroot -psecret --silent"
+          --health-interval=10s
+          --health-timeout=5s
+          --health-retries=10
+      redis:
+        image: redis:7-alpine
+        ports:
+          - 6379:6379
+        options: >-
+          --health-cmd="redis-cli ping"
+          --health-interval=10s
+          --health-timeout=5s
+          --health-retries=10
 
     steps:
       - name: Checkout code
@@ -20,7 +44,7 @@ jobs:
         uses: shivammathur/setup-php@v2
         with:
           php-version: 8.2
-          extensions: json, mbstring, pcntl, intl, fileinfo
+          extensions: json, mbstring, pcntl, intl, fileinfo, sockets, mysqli, sqlite3
           coverage: xdebug
 
       - name: Setup problem matchers
@@ -38,21 +62,22 @@ jobs:
 
       - name: Analyze code statically with PHPStan
         run: |
-          cp .env.example .env
-          vendor/bin/phpstan --xdebug
+          cp .env.example .env.testing
+          XDEBUG_MODE=off vendor/bin/phpstan --xdebug
 
       - name: Execute tests
         run: |
-          cp .env.example .env
-          vendor/bin/pest --coverage
+          cp .env.example .env.testing
+          php phenix key:generate .env.testing --force
+          vendor/bin/phpunit
 
       - name: Prepare paths for SonarQube analysis
         run: |
           sed -i "s|$GITHUB_WORKSPACE|/github/workspace|g" build/logs/clover.xml
           sed -i "s|$GITHUB_WORKSPACE|/github/workspace|g" build/report.junit.xml
 
       - name: Run SonarQube analysis
-        uses: sonarsource/sonarcloud-github-action@master
+        uses: sonarsource/sonarqube-scan-action@master
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.gitignore

@@ -12,4 +12,5 @@ tests/coverage
 node_modules
 npm-debug.log
 package-lock.json
-package.json
+package.json
+*.sqlite*

app/Constants/OneTimePasswordScope.php

@@ -0,0 +1,21 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Constants;
+
+enum OneTimePasswordScope: string
+{
+    case LOGIN = 'login';
+
+    case RESET_PASSWORD = 'reset_password';
+
+    case VERIFY_EMAIL = 'verify_email';
+
+    case AUTHORIZE = 'authorize';
+
+    public static function toArray(): array
+    {
+        return array_column(self::cases(), 'value');
+    }
+}

app/Http/Controllers/Auth/ForgotPasswordController.php

@@ -0,0 +1,59 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Auth;
+
+use App\Constants\OneTimePasswordScope;
+use App\Models\User;
+use App\Models\UserOtp;
+use Egulias\EmailValidator\Validation\DNSCheckValidation;
+use Egulias\EmailValidator\Validation\NoRFCWarningsValidation;
+use Phenix\Http\Constants\HttpStatus;
+use Phenix\Http\Controller;
+use Phenix\Http\Request;
+use Phenix\Http\Response;
+use Phenix\Util\Date;
+use Phenix\Validation\Types\Email;
+use Phenix\Validation\Validator;
+
+class ForgotPasswordController extends Controller
+{
+    public function store(Request $request): Response
+    {
+        $validator = new Validator($request);
+        $validator->setRules([
+            'email' => Email::required()->validations(
+                new DNSCheckValidation(),
+                new NoRFCWarningsValidation()
+            )->max(100),
+        ]);
+
+        if ($validator->fails()) {
+            return response()->json([
+                'errors' => $validator->failing(),
+            ], HttpStatus::UNPROCESSABLE_ENTITY);
+        }
+
+        $user = User::query()
+            ->whereEqual('email', $request->body('email'))
+            ->whereNotNull('email_verified_at')
+            ->first();
+
+        if ($user !== null) {
+            $otpCount = UserOtp::query()
+                ->whereEqual('user_id', $user->id)
+                ->whereEqual('scope', OneTimePasswordScope::RESET_PASSWORD->value)
+                ->whereGreaterThanOrEqual('created_at', Date::now()->subHour()->toDateTimeString())
+                ->count();
+
+            if ($otpCount < 5) {
+                $user->sendOneTimePassword(OneTimePasswordScope::RESET_PASSWORD);
+            }
+        }
+
+        return response()->json([
+            'message' => trans('auth.password_reset.sent'),
+        ], HttpStatus::OK);
+    }
+}

app/Http/Controllers/Auth/LoginController.php

@@ -0,0 +1,132 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Http\Controllers\Auth;
+
+use App\Constants\OneTimePasswordScope;
+use App\Models\User;
+use App\Models\UserOtp;
+use Egulias\EmailValidator\Validation\DNSCheckValidation;
+use Egulias\EmailValidator\Validation\NoRFCWarningsValidation;
+use Phenix\Facades\Hash;
+use Phenix\Http\Constants\HttpStatus;
+use Phenix\Http\Controller;
+use Phenix\Http\Request;
+use Phenix\Http\Response;
+use Phenix\Util\Date;
+use Phenix\Validation\Types\Email;
+use Phenix\Validation\Types\Numeric;
+use Phenix\Validation\Types\Password;
+use Phenix\Validation\Validator;
+
+class LoginController extends Controller
+{
+    public function login(Request $request): Response
+    {
+        $validator = new Validator($request);
+        $validator->setRules([
+            'email' => Email::required()->validations(
+                new DNSCheckValidation(),
+                new NoRFCWarningsValidation()
+            )->max(100)
+                ->exists('users', 'email', function ($query): void {
+                    $query->whereNotNull('email_verified_at');
+                }),
+            'password' => Password::required(),
+        ]);
+
+        if ($validator->fails()) {
+            return response()->json([
+                'errors' => $validator->failing(),
+            ], HttpStatus::UNPROCESSABLE_ENTITY);
+        }
+
+        $user = User::query()->whereEqual('email', $request->body('email'))->first();
+        $response = response()->json([
+            'message' => trans('auth.otp.login.sent'),
+        ]);
+
+        if (! Hash::verify($user->password, (string) $request->body('password'))) {
+            $response = response()->json([
+                'message' => trans('auth.login.invalid_credentials'),
+            ], HttpStatus::UNAUTHORIZED);
+        } else {
+            $otpCount = UserOtp::query()
+                ->whereEqual('user_id', $user->id)
+                ->whereEqual('scope', OneTimePasswordScope::LOGIN->value)
+                ->whereGreaterThanOrEqual('created_at', Date::now()->subHour()->toDateTimeString())
+                ->count();
+
+            if ($otpCount >= 5) {
+                $response = response()->json([
+                    'message' => trans('auth.otp.limit_exceeded'),
+                ], HttpStatus::TOO_MANY_REQUESTS);
+            } else {
+                $user->sendOneTimePassword(OneTimePasswordScope::LOGIN);
+            }
+        }
+
+        return $response;
+    }
+
+    public function authorize(Request $request): Response
+    {
+        $validator = new Validator($request);
+        $validator->setRules([
+            'email' => Email::required()->validations(
+                new DNSCheckValidation(),
+                new NoRFCWarningsValidation()
+            )->max(100)
+                ->exists('users', 'email', function ($query): void {
+                    $query->whereNotNull('email_verified_at');
+                }),
+            'otp' => Numeric::required()->digits(6),
+        ]);
+
+        if ($validator->fails()) {
+            return response()->json([
+                'errors' => $validator->failing(),
+            ], HttpStatus::UNPROCESSABLE_ENTITY);
+        }
+
+        $user = User::query()->whereEqual('email', $request->body('email'))->first();
+
+        $otp = UserOtp::query()
+            ->whereEqual('user_id', $user->id)
+            ->whereEqual('scope', OneTimePasswordScope::LOGIN->value)
+            ->whereEqual('code', hash('sha256', (string) $request->body('otp')))
+            ->whereNull('used_at')
+            ->whereGreaterThanOrEqual('expires_at', Date::now()->toDateTimeString())
+            ->first();
+
+        if (! $otp) {
+            return response()->json([
+                'message' => trans('auth.otp.invalid'),
+            ], HttpStatus::NOT_FOUND);
+        }
+
+        $otp->usedAt = Date::now();
+        $otp->save();
+
+        $token = $user->createToken('auth_token');
+
+        return response()->json([
+            'access_token' => $token->toString(),
+            'expires_at' => $token->expiresAt()->toDateTimeString(),
+            'token_type' => 'Bearer',
+        ]);
+    }
+
+    public function logout(Request $request): Response
+    {
+        /** @var User|null $user */
+        $user = $request->user();
+
+        $user?->currentAccessToken()?->delete();
+
+        return response()->json([
+            'message' => trans('auth.logout.success'),
+        ], HttpStatus::OK);
+    }
+}