authenticate static method

Future<UuidValue> authenticate(
  1. Session session, {
  2. required String email,
  3. required String password,
  4. Transaction? transaction,
})

Returns the AuthUser's ID upon successful email/password verification.

Throws EmailAccountLoginException for expected error cases.

In case of invalid credentials, the failed attempt will be logged to the database outside of the transaction and can not be rolled back.

Implementation

static Future<UuidValue> authenticate(
  final Session session, {
  required String email,
  required final String password,
  final Transaction? transaction,
}) async {
  return DatabaseUtil.runInTransactionOrSavepoint(
    session.db,
    transaction,
    (final transaction) async {
      email = email.trim().toLowerCase();

      if (await _hasTooManyFailedSignIns(
        session,
        email,
        transaction: transaction,
      )) {
        throw EmailAccountLoginException(
          reason: EmailAccountLoginFailureReason.tooManyAttempts,
        );
      }

      final account = await EmailAccount.db.findFirstRow(
        session,
        where: (final t) => t.email.equals(email),
        transaction: transaction,
      );

      if (account == null ||
          !await EmailAccountSecretHash.validateHash(
            value: password,
            hash: account.passwordHash.asUint8List,
            salt: account.passwordSalt.asUint8List,
          )) {
        await _logFailedSignIn(session, email);

        throw EmailAccountLoginException(
          reason: EmailAccountLoginFailureReason.invalidCredentials,
        );
      }

      return account.authUserId;
    },
  );
}