TIDE/backend/app/Auth/UseCases/AuthenticateUser/AuthenticateUser.php

<?php

namespace App\Auth\UseCases\AuthenticateUser;

use App\Auth\PasswordHasher;
use App\Exceptions\BadRequestException;
use App\Exceptions\UnauthorizedException;
use App\Shared\ValueObject\EmailAddress;
use App\User\User;
use App\User\UserRepository;
use InvalidArgumentException;

class AuthenticateUser
{
    public function __construct(
        private UserRepository $userRepo,
        private PasswordHasher $hasher,
    ) {}

    /**
     * @throws BadRequestException
     * @throws UnauthorizedException
     */
    public function execute(AuthenticateUserRequest $request): User
    {
        if ($request->email === null || $request->email === '') {
            throw new BadRequestException('email is required');
        }
        if ($request->password === null || $request->password === '') {
            throw new BadRequestException('password is required');
        }

        try {
            $email = new EmailAddress($request->email);
        } catch (InvalidArgumentException $exception) {
            throw new BadRequestException($exception->getMessage());
        }

        $user = $this->userRepo->findByEmail($email);
        if ($user === null) {
            throw new UnauthorizedException('invalid credentials');
        }

        $passwordMatches = $this->hasher->verify(
            $request->password,
            $user->getPasswordHash(),
        );
        if (! $passwordMatches) {
            throw new UnauthorizedException('invalid credentials');
        }

        return $user;
    }
}