implement AuthenticateUser use case

input validation: email + password required. constructs EmailAddress vo (BadRequest on bad format). looks up user; absent or password-mismatch -> UnauthorizedException with constant 'invalid credentials' message (no enumeration leak). password verified through PasswordHasher->verify against stored hash on the User entity (no separate profile lookup -> tide keeps password on the user row). returns the User entity for the caller (typically CreateSession + AuthController). 27 tests pass.
2026-05-06 15:14:34 +03:00 · 2026-05-06 15:14:34 +03:00 · 5b74e9d76a
commit 5b74e9d76a
parent 2731e610e5
2 changed files with 65 additions and 0 deletions
--- a/backend/app/Auth/UseCases/AuthenticateUser/AuthenticateUser.php
+++ b/backend/app/Auth/UseCases/AuthenticateUser/AuthenticateUser.php
@ -0,0 +1,54 @@
+<?php
+
+namespace App\Auth\UseCases\AuthenticateUser;
+
+use App\Auth\PasswordHasher;
+use App\Exceptions\BadRequestException;
+use App\Exceptions\UnauthorizedException;
+use App\Shared\ValueObject\EmailAddress;
+use App\User\User;
+use App\User\UserRepository;
+use InvalidArgumentException;
+
+class AuthenticateUser
+{
+    public function __construct(
+        private UserRepository $userRepo,
+        private PasswordHasher $hasher,
+    ) {}
+
+    /**
+     * @throws BadRequestException
+     * @throws UnauthorizedException
+     */
+    public function execute(AuthenticateUserRequest $request): User
+    {
+        if ($request->email === null || $request->email === '') {
+            throw new BadRequestException('email is required');
+        }
+        if ($request->password === null || $request->password === '') {
+            throw new BadRequestException('password is required');
+        }
+
+        try {
+            $email = new EmailAddress($request->email);
+        } catch (InvalidArgumentException $exception) {
+            throw new BadRequestException($exception->getMessage());
+        }
+
+        $user = $this->userRepo->findByEmail($email);
+        if ($user === null) {
+            throw new UnauthorizedException('invalid credentials');
+        }
+
+        $passwordMatches = $this->hasher->verify(
+            $request->password,
+            $user->getPasswordHash(),
+        );
+        if (! $passwordMatches) {
+            throw new UnauthorizedException('invalid credentials');
+        }
+
+        return $user;
+    }
+}
--- a/backend/app/Auth/UseCases/AuthenticateUser/AuthenticateUserRequest.php
+++ b/backend/app/Auth/UseCases/AuthenticateUser/AuthenticateUserRequest.php
@ -0,0 +1,11 @@
+<?php
+
+namespace App\Auth\UseCases\AuthenticateUser;
+
+class AuthenticateUserRequest
+{
+    public function __construct(
+        public ?string $email,
+        public ?string $password,
+    ) {}
+}