From 5b74e9d76ab58e3f9d7799c349bfd0e3d3f69bb8 Mon Sep 17 00:00:00 2001
From: yisroel <tech@bhbsdventures.com>
Date: Wed, 6 May 2026 15:14:34 +0300
Subject: [PATCH] implement AuthenticateUser use case

input validation: email + password required. constructs
EmailAddress vo (BadRequest on bad format). looks up user; absent
or password-mismatch -> UnauthorizedException with constant
'invalid credentials' message (no enumeration leak). password
verified through PasswordHasher->verify against stored hash on
the User entity (no separate profile lookup -> tide keeps
password on the user row). returns the User entity for the
caller (typically CreateSession + AuthController). 27 tests
pass.
---
 .../AuthenticateUser/AuthenticateUser.php     | 54 +++++++++++++++++++
 .../AuthenticateUserRequest.php               | 11 ++++
 2 files changed, 65 insertions(+)
 create mode 100644 backend/app/Auth/UseCases/AuthenticateUser/AuthenticateUser.php
 create mode 100644 backend/app/Auth/UseCases/AuthenticateUser/AuthenticateUserRequest.php

diff --git a/backend/app/Auth/UseCases/AuthenticateUser/AuthenticateUser.php b/backend/app/Auth/UseCases/AuthenticateUser/AuthenticateUser.php
new file mode 100644
index 0000000..a9a16ca
--- /dev/null
+++ b/backend/app/Auth/UseCases/AuthenticateUser/AuthenticateUser.php
@@ -0,0 +1,54 @@
+<?php
+
+namespace App\Auth\UseCases\AuthenticateUser;
+
+use App\Auth\PasswordHasher;
+use App\Exceptions\BadRequestException;
+use App\Exceptions\UnauthorizedException;
+use App\Shared\ValueObject\EmailAddress;
+use App\User\User;
+use App\User\UserRepository;
+use InvalidArgumentException;
+
+class AuthenticateUser
+{
+    public function __construct(
+        private UserRepository $userRepo,
+        private PasswordHasher $hasher,
+    ) {}
+
+    /**
+     * @throws BadRequestException
+     * @throws UnauthorizedException
+     */
+    public function execute(AuthenticateUserRequest $request): User
+    {
+        if ($request->email === null || $request->email === '') {
+            throw new BadRequestException('email is required');
+        }
+        if ($request->password === null || $request->password === '') {
+            throw new BadRequestException('password is required');
+        }
+
+        try {
+            $email = new EmailAddress($request->email);
+        } catch (InvalidArgumentException $exception) {
+            throw new BadRequestException($exception->getMessage());
+        }
+
+        $user = $this->userRepo->findByEmail($email);
+        if ($user === null) {
+            throw new UnauthorizedException('invalid credentials');
+        }
+
+        $passwordMatches = $this->hasher->verify(
+            $request->password,
+            $user->getPasswordHash(),
+        );
+        if (! $passwordMatches) {
+            throw new UnauthorizedException('invalid credentials');
+        }
+
+        return $user;
+    }
+}
diff --git a/backend/app/Auth/UseCases/AuthenticateUser/AuthenticateUserRequest.php b/backend/app/Auth/UseCases/AuthenticateUser/AuthenticateUserRequest.php
new file mode 100644
index 0000000..aa8b1df
--- /dev/null
+++ b/backend/app/Auth/UseCases/AuthenticateUser/AuthenticateUserRequest.php
@@ -0,0 +1,11 @@
+<?php
+
+namespace App\Auth\UseCases\AuthenticateUser;
+
+class AuthenticateUserRequest
+{
+    public function __construct(
+        public ?string $email,
+        public ?string $password,
+    ) {}
+}