51 lines
2.1 KiB
Python
51 lines
2.1 KiB
Python
import logging
|
|
from typing import Optional, Dict, Any
|
|
from database.interface import DatabaseInterface
|
|
from utils.password_utils import PasswordUtils
|
|
from utils.validation import ValidationUtils
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
class AuthService:
|
|
|
|
def __init__(self, database: DatabaseInterface):
|
|
self.db = database
|
|
|
|
def authenticate(self, email: str, password: str) -> tuple[bool, Optional[Dict[str, Any]], str]:
|
|
if not ValidationUtils.validate_email(email):
|
|
return False, None, "Invalid email format"
|
|
|
|
if not password:
|
|
return False, None, "Password is required"
|
|
try:
|
|
# User holen
|
|
user = self.db.get_user_by_email(email.lower())
|
|
if not user:
|
|
logger.warning(f"Authentication failed: user not found for email {email}")
|
|
return False, None, "Invalid email or password"
|
|
# Passwort prüfen
|
|
stored_hash = user.get('password_hash')
|
|
if not stored_hash:
|
|
logger.error(f"No password hash found for user {email}")
|
|
return False, None, "Authentication error"
|
|
# Einfacher Hash-Vergleich (für Rückwärtskompatibilität)
|
|
entered_hash = PasswordUtils.hash_password_simple(password)
|
|
|
|
if entered_hash == stored_hash:
|
|
logger.info(f"Authentication successful for user: {email}")
|
|
# Sensible Daten nicht zurückgeben
|
|
safe_user_data = {
|
|
'id': user['id'],
|
|
'username': user['username'],
|
|
'email': user['email'],
|
|
'created_at': user.get('created_at')
|
|
}
|
|
return True, safe_user_data, "Authentication successful"
|
|
else:
|
|
logger.warning(f"Authentication failed: wrong password for email {email}")
|
|
return False, None, "Invalid email or password"
|
|
|
|
except Exception as e:
|
|
logger.error(f"Authentication error for email {email}: {e}")
|
|
return False, None, "Authentication error"
|