/**
* Returns User object for the provided auth token and device token.
* If user is not found, or session is invalid, an exception is thrown.
*
* @param $authToken
* @param $deviceToken
*
* @return bool|\Webiny\Component\Security\User\UserAbstract
* @throws LoginException
* @throws \Webiny\Component\Security\Authentication\FirewallException
* @throws \Webiny\Component\Security\SecurityException
*/
public function getUser($authToken, $deviceToken = '')
{
// 1. get user from firewall
$this->security($this->fwName)->getToken()->setTokenString($authToken);
$user = $this->security($this->fwName)->getUser();
if (!$user->isAuthenticated()) {
throw new LoginException('User is not authenticated', 6);
}
// 2. extract username
$this->username = $user->getUsername();
// do the checks
if ($this->isAccountBlocked($this->username)) {
$this->security->firewall($this->fwName)->processLogout();
throw new LoginException('User account is blocked.', 2);
}
if (!$this->isAccountActive($this->username)) {
$this->security->firewall($this->fwName)->processLogout();
throw new LoginException('User hasn\'t confirmed his account.', 4);
}
if ($this->config->get('Login.2FactorAuth', true)) {
// validate the device
if (!$this->isDeviceSessionValid($deviceToken)) {
$this->security->firewall($this->fwName)->processLogout();
//todo: invalidate session in login meta
throw new LoginException('The device session is no longer valid.', 8);
}
}
// is session still valid
if (!$this->isSessionValid($authToken)) {
$this->security->firewall($this->fwName)->processLogout();
throw new LoginException('The current auth session is no longer valid.', 7);
}
// return User
return $user;
}