code sample

<?php
namespace PBackend\Service;

use PBackend\DB\Mappings\Doctrine\MongoDB\Document;
use PBackend\Model;
use PBackend\Service;
use PBackend\Api;
use PBackend\Util;
use PBackend\Model\Api\Oauth\Token;
use PBackend\DB\Mappings\Doctrine\MongoDB\Document\Api\Oauth\Consumer;

class Account extends Service
{

        /**
         * Set Service ACL.
         *
         * @param \Zend_Acl $acl
         * @return \Zend_Acl
         */
        public static function provideMethodsAcl(\Zend_Acl $acl) {

                self::_aclAllowMethod($acl, 'guest', 'requestRegistration');
                self::_aclAllowMethod($acl, 'guest', 'confirmRegistration');
                self::_aclAllowMethod($acl, 'user', 'get');
                self::_aclAllowMethod($acl, 'user', 'update');
                self::_aclAllowMethod($acl, 'user', 'requestPrimaryEmailUpdate');
                self::_aclAllowMethod($acl, 'user', 'confirmPrimaryEmailUpdate');
                self::_aclAllowMethod($acl, 'guest', 'validatePassword');
                self::_aclAllowMethod($acl, 'guest', 'requestPasswordReset');
                self::_aclAllowMethod($acl, 'guest', 'confirmPasswordReset');

                return $acl;
        }

    /**
     * Register new user account.
     *
     * API Method:
     *  account.requestRegistration(confirmationURL, email, password, firstName, lastName)
     *
     * Authorization:
     *  guest
     *
     * Description:
     *  Register new user account.
     *  This is a first part of the classic registration process:
     *   1. User submits his account details
     *   2. User receives an email with confirmation link
     *   3. User clicks the link in order to finish the process.
     *
     *  Confirmation token is generated from user's email address and system's secret key. It is then appended to "confirmationURL" and is sent in the email.
     *  For example if confirmationURL is http://www.example.com/user/confirmRegistration,the following URL will be sent to the user - http://www.example.com/user/confirmRegistration?confirmationToken=b20ab007190ccb069019935a9ef72188
     *  @see \PBackend\Service\User\Account#confirmRegistration()
     *
     * Arguments:
     *  @param string $confirmationURL (required) URL link which user must access in order to complete registration process. Confirmation token will be appended to this URL which will be later sent in the email message.
     *  @param string $email (required) Valid email address.
     *  @param string $password (required) Password, at least 6 characters, any character is accepted.
     *  @param string $firstName (required) First name, limited to 32 characters.
     *  @param string $lastName (required) Last name, limited to 32 characters.
     *
     * Response:
     *  This method has no specific response if completes without error.
     *
     * Error codes (in addition to standard API errors):
     *  @throws \PBackend\Service\Exception if API error occurres
     *  201: Confirmation URL is empty or malformed.
     *  202: Email is empty or malformed.
     *  203: Password is too short, should be at least 6 characters.
     *  204: First name is empty or too long, should be at most 32 characters.
     *  205: Last name is empty or too long, should be at most 32 characters.
     *  206: User already registered.
     *
     *  @todo If user has not confirmed registration yet, just resend the email
     */
    public static function requestRegistration($confirmationURL, $email, $password, $firstName, $lastName) {
        $config = self::getConfig();

        try {
            $url = \Zend_Uri::factory($confirmationURL);
            $salt = Util\Security::getSalt();
            /* @var Zend_Uri_Http $url */
            $url->setQuery(array_merge($url->getQueryAsArray(), array('confirmationToken' => md5($email . $salt))));
            $url = $url->getUri();
        } catch (\Zend_Uri_Exception $e) {
            throw new Service\Exception('Confirmation URL is empty or malformed.', 201, $e);
        }

        try {
            $user = new Model\User();
            $user->requestRegistration($email, $password, $firstName, $lastName);
        } catch (Model\Exception $e) {
            throw new Service\Exception($e->getMessage(), 200 + $e->getCode(), $e);
        }

        $mailOptions = array(
            'to' => $email,
            'toName' => $user->getFullName(),
        );
        $mailVariables = array(
            'NAME' => $user->getFullName(),
            'LINK' => $url,
            'SERVICE' => $config['service']['site']['name'],
            'HOME' => $config['service']['site']['home']
        );

        Util\Mail::send('registration/confirmation', $mailOptions, $mailVariables);
    }

    /**
     * Finalize account registration.
     *
     * API Method:
     *  account.confirmRegistration(consumerKey, confirmationToken, email)
     *
     * Authorization:
     *  guest
     *
     * Description:
     *  Finalize account registration. This is the second part of registration process @see PBackend\Service\User#requestRegistration()
     *  After this step user is considered fully registered in the system and receives a general "Welcome" email.
     *  At the end of the process API user will receive user's unique identifier of newly registered application user and credentials to authenticate against API and access its methods as registered user.
     *
     * Arguments:
     *  @param string $consumerKey (required) Key of a consumer requesting this method.
     *  @param string $confirmationToken (required) Confirmation token, previously generated by "user.account.requestRegistration" method.
     *  @param string $email (required) Valid email address.
     *
     * Response:
     *  @return array [
     *      string 'userId' Unique user identifier.
     *      string 'accessToken' Access token, used for authentication with API.
     *      string 'accessTokenSecret' Access token secret, used for signing authenticated API requests.
     *      ]
     *
     * Error codes (in addition to standard API errors):
     *  @throws \PBackend\Service\Exception if API error occurres
     *  201: Consumer not found.
     *  202: Confirmation token is invalid.
     *  203: Email is empty or malformed.
     *  204: User already confirmed.
     *  205: User not found.
     *
     */
    public static function confirmRegistration($consumerKey, $confirmationToken, $email)
    {
        $config = self::getConfig();

        $salt = Util\Security::getSalt();

        $consumer = Consumer::findOneByKey($consumerKey);
        if (is_null($consumer)) {
            throw new Service\Exception('Consumer not found.', 201);
        }

        try {
            Model\User::validateEmail($email);
        } catch (Model\Exception $exception) {
            if($exception->getCode() == 1) { // Email is empty or malformed.
                throw new Service\Exception($exception->getMessage(), 203);
            } else {
                throw $exception;
            }
        }

        if (md5($email . $salt) != $confirmationToken) {
            throw new Service\Exception('Confirmation token is invalid.', 202);
        }

        /* @var \PBackend\Model\User $user */
        $user = Model\User::findOneByEmail($email);
        if (!$user) {
            throw new Service\Exception('User not found.', 205);
        }

        try {
            $user->confirmRegistration($email);
        } catch (Model\Exception $exception) {
            switch($exception->getCode()) {
            case 1: // Email is empty or malformed.
                $code = 203;
                break;
            case 3: // User already confirmed.
                $code = 204;
                break;
            default:
                throw new \PBackend\Exception('Unknown exception code');
            }
            throw new Service\Exception($exception->getMessage(), $code, $exception);
        }

        $accessToken = new Token\Access();
        $accessToken->user = $user;
        $accessToken->consumer = $consumer;

        $mailOptions = array(
            'to' => $user->email,
            'toName' => $user->getFullName(),
        );
        $mailVariables = array(
            'NAME' => $user->getFullName(),
            'SERVICE' => $config['service']['site']['name'],
            'HOME' => $config['service']['site']['home']
        );

        Util\Mail::send('registration/congratulation', $mailOptions, $mailVariables);

        return array(
            'userId' => $user->id,
            'accessToken' => $accessToken->token,
            'accessTokenSecret' => $accessToken->secret
        );
    }

    /**
     * Get information about currently authenticated user.
     *
     * API Method:
     *  account.get()
     *
     * Authorization:
     *  user
     *
     * Description:
     *  Get information about currently authenticated user.
     *
     * Arguments:
     *  This method has no specific arguments.
     * Response:
     *  @return array [
     *      string 'userId' Identifier.
     *      int 'createdAt' Unix timestamp, date when the user was created in the system.
     *      int 'updatedAt' Unix timestamp, date when user's information was updated in the system.
     *      string 'email' Email address.
     *      string 'firstName' First name.
     *      string 'lastName' Last name.
     *      string 'role' User's role.
     *      int 'availableInvitations' Count of invitations available to the user.
     *      ]
     *
     * Error codes (in addition to standard API errors):
     *  This method has no additional error codes.
     *
     */
    public static function get()
    {
        $api = self::getApi();

        $user = $api->getIdentity();

        if(is_null($user->createdAt)){
            $createdAt = null;
        }else{
            $createdAt = $user->createdAt->format('U');
        }

        if(is_null($user->updatedAt)){
            $updatedAt = null;
        }else{
            $updatedAt = $user->updatedAt->format('U');
        }

        return array(
            'userId' => $user->id,
            'createdAt' => $createdAt,
            'updatedAt' => $updatedAt,
            'email' => $user->email,
            'firstName' => $user->firstName,
            'lastName' => $user->lastName,
            'role' => $user->role,
            'availableInvitations' => $user->availableInvitations,
        );
    }

    /**
     * Update user account details.
     *
     * API Method:
     *  account.udpate(password, firstName, lastName)
     *
     * Authorization:
     *  user
     *
     * Description:
     *  Update user account details.
     *  In addition, methods "account.requestPrimaryEmailUpdate" and "account.confirmPrimaryEmailUpdate" can be used to change user's primary email address.
     *
     * Arguments:
     *  @param string $password (required) Password, at least 6 characters, any character is accepted.
     *  @param string $firstName (required) First name, limited to 32 characters.
     *  @param string $lastName (required) Last name, limited to 32 characters.
     *
     * Response:
     *  This method has no specific response if completes without error.
     *
     * Error codes (in addition to standard API errors):
     *  @throws \PBackend\Service\Exception if API error occurres
     *  201: Password is too short, should be at least 6 characters.
     *  202: First name is empty or too long, should be at most 32 characters.
     *  203: Last name is empty or too long, should be at most 32 characters.
     */
    public static function update($password, $firstName, $lastName)
    {
        $api = self::getApi();

        $user = $api->getIdentity();
        try {
            $user->update($password, $firstName, $lastName);
        } catch (Model\Exception $exception) {
            throw new Service\Exception($exception->getMessage(), 200 + $exception->getCode(), $exception);
        }
    }

    /**
     * Request primary email address update.
     *
     * API Method:
     *  account.requestEmailUpdate(confirmationURL, email)
     *
     * Authorization:
     *  user
     *
     * Description:
     *  This is a first step of a three-step process allowing authenticated users to change their email address.
     *   1. User requests primary email change
     *   2. User receives an email with confirmation link
     *   3. User clicks the link in order to finish the process
     *  Confirmation token is appended to "confirmationURL", for example if confirmationURL is http://www.example.com/user/account/confirmPrimaryEmailUpdate, the following URL will be sent to the user:  http://www.example.com/user/account/confirmPrimaryEmailUpdate?confirmationToken=b20ab007190ccb069019935a9ef72188
     *
     * Developer notes:
     *  Confirmation token is generated from requested email address and system's secret key.
     *
     * Arguments:
     *  @param string $confirmationURL (required) URL link which user must access in order to complete email update process. Confirmation token will be appended to this URL which will be later sent in the email message.
     *  @param string $email (required) Valid, not-registered email address.
     *
     * Response:
     *  This method has no specific response if completes without error.
     *
     * Error codes (in addition to standard API errors):
     *  @throws \PBackend\Service\Exception if API error occurres
     *  201: Confirmation URL is empty or malformed.
     *  202: Email is empty or malformed.
     *  203: Email is already in use.
     */
    public static function requestPrimaryEmailUpdate($confirmationURL, $email)
    {
        $config     = self::getConfig();
        $api        = self::getApi();

        $user   = $api->getIdentity();

        try {
            $url = \Zend_Uri::factory($confirmationURL);
            $salt = Util\Security::getSalt();
            /* @var Zend_Uri_Http $url */
            $url->setQuery(array_merge($url->getQueryAsArray(), array('confirmationToken' => md5($email . $salt))));
            $url = $url->getUri();
        } catch (\Zend_Uri_Exception $e) {
            throw new Service\Exception('Confirmation URL is empty or malformed.', 201, $e);
        }

        try {
            Model\User::validateEmail($email);
        } catch (Model\Exception $exception) {
            if($exception->getCode() == 1) { // Email is empty or malformed.
                throw new Service\Exception($exception->getMessage(), 202);
            } else {
                throw $exception;
            }
        }

        $userDocument = Document\User::findOneByEmail($email);
        if (!is_null($userDocument)) {
            throw new Service\Exception('Email is already in use.', 203);
        }

        $mailOptions = array(
            'to' => $email,
            'toName' => $user->getFullName(),
        );
        $mailVariables = array(
            'NAME' => $user->getFullName(),
            'LINK' => $url,
            'SERVICE' => $config['service']['site']['name'],
            'HOME' => $config['service']['site']['home']
        );

        Util\Mail::send('update-email/requestPrimaryEmailUpdate', $mailOptions, $mailVariables);
    }

    /**
     * Confirm primary email address update.
     *
     * API Method:
     *  account.confirmPrimaryEmailUpdate(email, confirmationToken)
     *
     * Authorization:
     *  user
     *
     * Description:
     *  This is the second part of the email update process (see "account.requestPrimaryEmailUpdate"). If confirmation token is valid, user's email address is changed to the reqeusted one. At the end of the process the user will recieve a general "Email update success" email to his new address.
     *
     * Developer notes:
     *  Validate confirmation token by matching it with hash of requested email address and system's secret key.
     *
     * Arguments:
     *  @param string $email (required) Valid, not-registered email address.
     *  @param string $confirmationToken (required) Confirmation token, previously generated by "account.requestPrimaryEmailUpdate" method.
     *
     * Response:
     *  This method has no specific response if completes without error.
     *
     * Error codes (in addition to standard API errors):
     *  @throws \PBackend\Service\Exception if API error occurres
     *  201: Email is empty or malformed.
     *  202: Email is already in use.
     *  203: Confirmation token is invalid.
     */
    public static function confirmPrimaryEmailUpdate($email, $confirmationToken) {
        $config = self::getConfig();
        $log = self::getLog();

        $api = self::getApi();
        $user= $api->getIdentity();

        try {
            Model\User::validateEmail($email);
        } catch (Model\Exception $exception) {
            if($exception->getCode() == 1) { // Email is empty or malformed.
                throw new Service\Exception($exception->getMessage(), 201);
            } else {
                throw $exception;
            }
        }

        $userDocument = Document\User::findOneByEmail($email);
        if (!is_null($userDocument)) {
            throw new Service\Exception('Email is already in use.', 203);
        }

        $salt = Util\Security::getSalt();
        if (md5($email . $salt) != $confirmationToken) {
            throw new Service\Exception('Confirmation token is invalid.', 203);
        }

        try {
            $user->updateEmail($email);
        } catch (Model\Exception $e) {
            throw new Service\Exception($e->getMessage(), 200 + $e->getCode(), $e);
        }

        $mailOptions = array(
            'to' => $email,
            'toName' => $user->getFullName(),
        );
        $mailVariables = array(
            'NAME' => $user->getFullName(),
            'SERVICE' => $config['service']['site']['name'],
            'HOME' => $config['service']['site']['home']
        );

        Util\Mail::send('update-email/confirmPrimaryEmailUpdate', $mailOptions, $mailVariables);
    }

    /**
     * Match password and email address.
     *
     * API Method:
     *  account.validatePassword(email, password)
     *
     * Authorization:
     *  guest
     *
     * Description:
     *  This method allows API clients to perform log-in operation by matching user's email and password.
     *
     * Developer notes:
     *  Make sure to use User Model's utility for password hashing.
     *
     * Arguments:
     *  @param string $email (required) Valid, registered email address.
     *  @param string $password (required) Password, at least 6 characters, any character is accepted.
     *
     * Response:
     *  This method has no specific response if completes without error.
     *
     * Error codes (in addition to standard API errors):
     *  @throws \PBackend\Service\Exception if API error occurres
     *  201: Email is empty or malformed.
     *  202: Password is too short, should be at least 6 characters.
     *  203: Invalid credentials.
     */
    public static function validatePassword($email, $password)
    {

        try {
            Model\User::validateEmail($email);
        } catch (Model\Exception $exception) {
            if($exception->getCode() == 1) { // Email is empty or malformed.
                throw new Service\Exception($exception->getMessage(), 201);
            } else {
                throw $exception;
            }
        }

        try {
            Model\User::validatePassword($password);
        } catch (Model\Exception $exception) {
            if($exception->getCode() == 1) { // Password is too short, should be at least 6 characters.
                throw new Service\Exception($exception->getMessage(), 202);
            } else {
                throw $exception;
            }
        }

        $user = Model\User::findOneByEmail($email);
        if (!$user || $user->password != $user->hashPassword($password)) {
            throw new Service\Exception('Invalid credentials.', 203);
        }
    }

    /**
     * Request password reset.
     *
     * API Method:
     *  account.requestPasswordReset(confirmationURL, email)
     *
     * Authorization:
     *  guest
     *
     * Description:
     *  The reset password process consists of two steps:
     *   1. Guest User requests password reset by calling "account.requestPasswordReset" method, the system sends a confirmation token to email address that the user provides.
     *   2. Guest User confirms password reset by calling "account.confirmPasswordReset" method, the system changes the password to one provided by the user.
     *  For example if confirmationURL is http://www.example.com/user/confirmResetPassword, the following URL will be sent to the user: http://www.example.com/user/confirmResetPassword?confirmationToken=b20ab007190ccb069019935a9ef72188&confirmationTokenTime=1322402163.0289
     *  Note: "confirmationToken" and "confirmationTokenTime" parameters will be overwritten in the original confirmationURL.
     *
     * Developer notes:
     *  - Confirmation token is a hash of email, current time and system security salt.
     *  - "confirmationToken" and "confirmationTokenTime" parameters are added to the original confirmationURL.
     *  - Time should include milliseconds, use "microtime(true)" PHP function.
     *
     * Arguments:
     *  @param string $confirmationURL (required) URL link which user must access in order to complete password reset process. Confirmation token and current time will be appended to this URL which will be later sent in the email message.
     *  @param string $email (required) Valid, registered email address.
     *
     * Response:
     *  This method has no specific response if completes without error.
     *
     * Error codes (in addition to standard API errors):
     *  @throws \PBackend\Service\Exception if API error occurres
     *  201: Confirmation URL is empty or malformed.
     *  202: Email is empty or malformed.
     *  203: Email not found.
     */
    public static function requestPasswordReset($confirmationURL, $email)
    {
        $config = self::getConfig();

        try {
            $url = \Zend_Uri::factory($confirmationURL);
            $salt = Util\Security::getSalt();
            $currentTime = microtime(true);
            /* @var Zend_Uri_Http $url */
            $url->setQuery(array_merge($url->getQueryAsArray(), array('confirmationToken' => md5($email . $currentTime . $salt), 'confirmationTokenTime' => $currentTime )));
            $url = $url->getUri();
        } catch (\Zend_Uri_Exception $e) {
            throw new Service\Exception('Confirmation URL is empty or malformed.', 201, $e);
        }

        try {
            Model\User::validateEmail($email);
        } catch (Model\Exception $exception) {
            if($exception->getCode() == 1) { // Email is empty or malformed.
                throw new Service\Exception($exception->getMessage(), 202);
            } else {
                throw $exception;
            }
        }

        $user = Model\User::findOneByEmail($email);
        if (!$user) {
            throw new Service\Exception('Email not found.', 203);
        }

        $mailOptions = array(
                        'to' => $email,
                'toName' => $user->getFullName(),
                );

        $mailVariables = array(
                        'NAME' => $user->getFullName(),
                'LINK' => $url,
                'SERVICE' => $config['service']['site']['name'],
                'HOME' => $config['service']['site']['home']
                );

        Util\Mail::send('request-password/requestPasswordReset', $mailOptions, $mailVariables);
    }

    /**
     * Confirm password reset.
     *
     * API Method:
     *  account.confirmPasswordReset(email, password, confirmationToken, confirmationTokenTime)
     *
     * Authorization:
     *  guest
     *
     * Description:
     *  This is the second step of the password reset process (see "account.requestPasswordReset" method). When Guest User received email and clicked password reset link, API client calls "user.account.confirmPasswordReset" in order to complete the process. If confirmationToken and confirmationTokenDate are valid, password of user with given email is changed and user will receive notification email.
     *  Note: confrimationTokenTime should not be greater than current time and should not differ from current time for less than 2 seconds or more than 48 hours.
     *
     * Developer notes:
     *  - Confirmation token is a hash of email, current time and system security salt.
     *  - Confrimation token Time should be a valid result of PHP function "microtime(true)", should be not greater than current time and should not differ from current time for less than 2 seconds or more than 48 hours.
     *
     * Arguments:
     *  @param string $email (required) Valid, registered email address.
     *  @param string $password (required) Password, at least 6 characters, any character is accepted.
     *  @param string $confirmationToken (required) Confirmation token, previously generated by "account.requestPasswordReset" method.
     *  @param float $confirmationTokenTime (required) Confirmation token time, previously generated by "account.requestPasswordReset" method.
     *
     * Response:
     *  This method has no specific response if completes without error.
     *
     * Error codes (in addition to standard API errors):
     *  @throws \PBackend\Service\Exception if API error occurres
     *  201: Email is empty or malformed.
     *  202: Email not found.
     *  203: Password is too short, should be at least 6 characters.
     *  204: Confirmation token is invalid.
     *  205: Confirmation token time is invalid.
     *
     */
    public static function confirmPasswordReset($email, $password, $confirmationToken, $confirmationTokenTime)
    {
        $config = self::getConfig();

        try {
            Model\User::validateEmail($email);
        } catch (Model\Exception $exception) {
            if($exception->getCode() == 1) { // Email is empty or malformed.
                throw new Service\Exception($exception->getMessage(), 201);
            } else {
                throw $exception;
            }
        }

        $user = Model\User::findOneByEmail($email);
        if (!$user) {
            throw new Service\Exception('Email not found.', 202);
        }

        try {
            Model\User::validatePassword($password);
        } catch (Model\Exception $exception) {
            if($exception->getCode() == 1) { // Password is too short, should be at least 6 characters.
                throw new Service\Exception($exception->getMessage(), 203);
            } else {
                throw $exception;
            }
        }

        $salt = Util\Security::getSalt();
        $currentTime = microtime(true);

        if (md5($email . $confirmationTokenTime . $salt) != $confirmationToken) {
            throw new Service\Exception('Confirmation token is invalid.', 204);
        }

        /*
         * Difference Between CurrentTime and ConfirmationTokenTime
         */
        $timeDifference = $currentTime - $confirmationTokenTime;
        if ($confirmationTokenTime > $currentTime || $timeDifference > 48 * 60 * 60 || $timeDifference < 2) {
            throw new Service\Exception('Confirmation token time is invalid.', 205);
        }

        $user->updatePassword($password);

        $mailOptions = array(
                        'to' => $email,
                'toName' => $user->getFullName(),
                );

        $mailVariables = array(
                        'NAME' => $user->getFullName(),
                'SERVICE' => $config['service']['site']['name'],
                'HOME' => $config['service']['site']['home']
                );

        Util\Mail::send('request-password/confirmPasswordReset', $mailOptions, $mailVariables);
    }
}