Support multi-factor authentication via 'onBeforeSuccess' callback

src/Auth.php

@@ -197,13 +197,15 @@ final class Auth extends UserManager {
 	 * @param string $email the user's email address
 	 * @param string $password the user's password
 	 * @param int|null $rememberDuration (optional) the duration in seconds to keep the user logged in ("remember me"), e.g. `60 * 60 * 24 * 365.25` for one year
+	 * @param callable|null $onBeforeSuccess (optional) a function that receives the user's ID as its single parameter and is executed before successful authentication; must return `true` to proceed or `false` to cancel
 	 * @throws InvalidEmailException if the email address was invalid or could not be found
 	 * @throws InvalidPasswordException if the password was invalid
 	 * @throws EmailNotVerifiedException if the email address has not been verified yet via confirmation email
+	 * @throws AttemptCancelledException if the attempt has been cancelled by the supplied callback that is executed before success
 	 * @throws AuthError if an internal problem occurred (do *not* catch)
 	 */
-	public function login($email, $password, $rememberDuration = null) {
-		$this->authenticateUserInternal($password, $email, null, $rememberDuration);
+	public function login($email, $password, $rememberDuration = null, callable $onBeforeSuccess = null) {
+		$this->authenticateUserInternal($password, $email, null, $rememberDuration, $onBeforeSuccess);
 	}
 
 	/**
@@ -216,14 +218,16 @@ final class Auth extends UserManager {
 	 * @param string $username the user's username
 	 * @param string $password the user's password
 	 * @param int|null $rememberDuration (optional) the duration in seconds to keep the user logged in ("remember me"), e.g. `60 * 60 * 24 * 365.25` for one year
+	 * @param callable|null $onBeforeSuccess (optional) a function that receives the user's ID as its single parameter and is executed before successful authentication; must return `true` to proceed or `false` to cancel
 	 * @throws UnknownUsernameException if the specified username does not exist
 	 * @throws AmbiguousUsernameException if the specified username is ambiguous, i.e. there are multiple users with that name
 	 * @throws InvalidPasswordException if the password was invalid
 	 * @throws EmailNotVerifiedException if the email address has not been verified yet via confirmation email
+	 * @throws AttemptCancelledException if the attempt has been cancelled by the supplied callback that is executed before success
 	 * @throws AuthError if an internal problem occurred (do *not* catch)
 	 */
-	public function loginWithUsername($username, $password, $rememberDuration = null) {
-		$this->authenticateUserInternal($password, null, $username, $rememberDuration);
+	public function loginWithUsername($username, $password, $rememberDuration = null, callable $onBeforeSuccess = null) {
+		$this->authenticateUserInternal($password, null, $username, $rememberDuration, $onBeforeSuccess);
 	}
 
 	/**
@@ -605,14 +609,16 @@ final class Auth extends UserManager {
 	 * @param string|null $email (optional) the user's email address
 	 * @param string|null $username (optional) the user's username
 	 * @param int|null $rememberDuration (optional) the duration in seconds to keep the user logged in ("remember me"), e.g. `60 * 60 * 24 * 365.25` for one year
+	 * @param callable|null $onBeforeSuccess (optional) a function that receives the user's ID as its single parameter and is executed before successful authentication; must return `true` to proceed or `false` to cancel
 	 * @throws InvalidEmailException if the email address was invalid or could not be found
 	 * @throws UnknownUsernameException if an attempt has been made to authenticate with a non-existing username
 	 * @throws AmbiguousUsernameException if an attempt has been made to authenticate with an ambiguous username
 	 * @throws InvalidPasswordException if the password was invalid
 	 * @throws EmailNotVerifiedException if the email address has not been verified yet via confirmation email
+	 * @throws AttemptCancelledException if the attempt has been cancelled by the supplied callback that is executed before success
 	 * @throws AuthError if an internal problem occurred (do *not* catch)
 	 */
-	private function authenticateUserInternal($password, $email = null, $username = null, $rememberDuration = null) {
+	private function authenticateUserInternal($password, $email = null, $username = null, $rememberDuration = null, callable $onBeforeSuccess = null) {
 		$columnsToFetch = [ 'id', 'email', 'password', 'verified', 'username', 'status' ];
 
 		if ($email !== null) {
@@ -680,21 +686,26 @@ final class Auth extends UserManager {
 			}
 
 			if ((int) $userData['verified'] === 1) {
-				$this->onLoginSuccessful($userData['id'], $userData['email'], $userData['username'], $userData['status'], false);
+				if (!isset($onBeforeSuccess) || (\is_callable($onBeforeSuccess) && $onBeforeSuccess($userData['id']) === true)) {
+					$this->onLoginSuccessful($userData['id'], $userData['email'], $userData['username'], $userData['status'], false);
 
-				// continue to support the old parameter format
-				if ($rememberDuration === true) {
-					$rememberDuration = 60 * 60 * 24 * 28;
-				}
-				elseif ($rememberDuration === false) {
-					$rememberDuration = null;
-				}
+					// continue to support the old parameter format
+					if ($rememberDuration === true) {
+						$rememberDuration = 60 * 60 * 24 * 28;
+					}
+					elseif ($rememberDuration === false) {
+						$rememberDuration = null;
+					}
 
-				if ($rememberDuration !== null) {
-					$this->createRememberDirective($userData['id'], $rememberDuration);
-				}
+					if ($rememberDuration !== null) {
+						$this->createRememberDirective($userData['id'], $rememberDuration);
+					}
 
-				return;
+					return;
+				}
+				else {
+					throw new AttemptCancelledException();
+				}
 			}
 			else {
 				throw new EmailNotVerifiedException();