From b14cd565bbb05a52ecce4b645d33d829654c4267 Mon Sep 17 00:00:00 2001
From: Yisroel Baum <yisroel.d.baum@gmail.com>
Date: Sat, 16 May 2026 21:30:20 +0300
Subject: [PATCH] implement authenticate user use case

Green phase: AuthenticateUser validates credentials, throws BadRequestException for empty fields, UnauthorizedException for unknown email or wrong password.
---
 .../AuthenticateUser/AuthenticateUser.php     | 51 +++++++++++++++++++
 .../AuthenticateUserRequest.php               | 11 ++++
 2 files changed, 62 insertions(+)
 create mode 100644 backend/app/Auth/UseCases/AuthenticateUser/AuthenticateUser.php
 create mode 100644 backend/app/Auth/UseCases/AuthenticateUser/AuthenticateUserRequest.php

diff --git a/backend/app/Auth/UseCases/AuthenticateUser/AuthenticateUser.php b/backend/app/Auth/UseCases/AuthenticateUser/AuthenticateUser.php
new file mode 100644
index 0000000..6899620
--- /dev/null
+++ b/backend/app/Auth/UseCases/AuthenticateUser/AuthenticateUser.php
@@ -0,0 +1,51 @@
+<?php
+
+namespace App\Auth\UseCases\AuthenticateUser;
+
+use App\Auth\PasswordHasher;
+use App\Exceptions\BadRequestException;
+use App\Exceptions\UnauthorizedException;
+use App\Shared\ValueObject\EmailAddress;
+use App\User\User;
+use App\User\UserRepository;
+
+class AuthenticateUser
+{
+    public function __construct(
+        private UserRepository $userRepo,
+        private PasswordHasher $hasher,
+    ) {}
+
+    /**
+     * @throws BadRequestException
+     * @throws UnauthorizedException
+     */
+    public function execute(AuthenticateUserRequest $request): User
+    {
+        if ($request->email === null || $request->email === '') {
+            throw new BadRequestException('email is required');
+        }
+        if ($request->password === null || $request->password === '') {
+            throw new BadRequestException('password is required');
+        }
+
+        $user = $this->userRepo->findByEmail(
+            new EmailAddress($request->email),
+        );
+
+        if ($user === null) {
+            throw new UnauthorizedException('invalid credentials');
+        }
+
+        $passwordMatches = $this->hasher->verify(
+            $request->password,
+            $user->getPasswordHash(),
+        );
+
+        if (! $passwordMatches) {
+            throw new UnauthorizedException('invalid credentials');
+        }
+
+        return $user;
+    }
+}
diff --git a/backend/app/Auth/UseCases/AuthenticateUser/AuthenticateUserRequest.php b/backend/app/Auth/UseCases/AuthenticateUser/AuthenticateUserRequest.php
new file mode 100644
index 0000000..aa8b1df
--- /dev/null
+++ b/backend/app/Auth/UseCases/AuthenticateUser/AuthenticateUserRequest.php
@@ -0,0 +1,11 @@
+<?php
+
+namespace App\Auth\UseCases\AuthenticateUser;
+
+class AuthenticateUserRequest
+{
+    public function __construct(
+        public ?string $email,
+        public ?string $password,
+    ) {}
+}