From ab070c544241a93a5b19dc6421b9518e035a9f83 Mon Sep 17 00:00:00 2001
From: Alejandro Ibarra <alejandro.ibarra@cakedc.com>
Date: Fri, 24 Jan 2025 12:23:24 +0100
Subject: [PATCH] Add OneTimetokenAuthenticator

---
 .../OneTimeTokenAuthenticator.php             | 56 +++++++++++++++++++
 1 file changed, 56 insertions(+)
 create mode 100644 src/Authenticator/OneTimeTokenAuthenticator.php

diff --git a/src/Authenticator/OneTimeTokenAuthenticator.php b/src/Authenticator/OneTimeTokenAuthenticator.php
new file mode 100644
index 0000000..744a872
--- /dev/null
+++ b/src/Authenticator/OneTimeTokenAuthenticator.php
@@ -0,0 +1,56 @@
+<?php
+declare(strict_types=1);
+
+namespace CakeDC\Auth\Authenticator;
+
+use Authentication\Authenticator\AuthenticatorInterface;
+use Authentication\Authenticator\Result;
+use Authentication\Authenticator\ResultInterface;
+use Cake\Core\Configure;
+use Cake\Core\InstanceConfigTrait;
+use Cake\ORM\TableRegistry;
+use Psr\Http\Message\ServerRequestInterface;
+
+class OneTimeTokenAuthenticator implements AuthenticatorInterface
+{
+    use InstanceConfigTrait;
+
+    /**
+     * Settings for base authenticator
+     *
+     * @var array
+     */
+    protected $_defaultConfig = [
+    ];
+
+    /**
+     * @inheritDoc
+     */
+    public function authenticate(ServerRequestInterface $request): ResultInterface
+    {
+        /** @var \Cake\Http\ServerRequest $request */
+        $token = $request->getQuery('token') ?: $request->getData('token');
+        if (is_array($token)) {
+            $token = join($token);
+        }
+
+        if (!$token) {
+            return new Result(null, Result::FAILURE_CREDENTIALS_MISSING);
+        }
+
+        $name = $request->getSession()->read('OneTimeLogin.name');
+        if (!$name) {
+            return new Result(null, Result::FAILURE_CREDENTIALS_MISSING);
+        }
+
+        $usersTable = TableRegistry::getTableLocator()->get(Configure::read('Users.table'));
+
+        $user = $usersTable->loginWithToken($name, $token);
+
+        if (!$user) {
+            return new Result(null, Result::FAILURE_CREDENTIALS_MISSING);
+        }
+
+        return new Result($user, Result::SUCCESS);
+    }
+}