first commit
This commit is contained in:
145
app/Models/User.php
Normal file
145
app/Models/User.php
Normal file
@@ -0,0 +1,145 @@
|
||||
<?php
|
||||
|
||||
namespace App\Models;
|
||||
|
||||
use App\Models\Concerns\HasPdnEncryption;
|
||||
use Database\Factories\UserFactory;
|
||||
use Illuminate\Database\Eloquent\Factories\HasFactory;
|
||||
use Illuminate\Database\Eloquent\Relations\HasMany;
|
||||
use Illuminate\Database\Eloquent\SoftDeletes;
|
||||
use Illuminate\Foundation\Auth\User as Authenticatable;
|
||||
use Illuminate\Notifications\Notifiable;
|
||||
use Illuminate\Support\Carbon;
|
||||
use Spatie\Permission\Traits\HasRoles;
|
||||
|
||||
/**
|
||||
* Учётная запись пользователя.
|
||||
*
|
||||
* Меры ФСТЭК: ИАФ.2 (жизненный цикл идентификатора, soft delete), ИАФ.4 (MFA),
|
||||
* ИАФ.3 (срок действия пароля), УПД.4 (роли через spatie/laravel-permission).
|
||||
*
|
||||
* @property int $id
|
||||
* @property string $name
|
||||
* @property string $email
|
||||
* @property Carbon|null $email_verified_at
|
||||
* @property string $password
|
||||
* @property Carbon|null $password_changed_at
|
||||
* @property string|null $mfa_secret Зашифровано (ЗНИ)
|
||||
* @property string|null $mfa_recovery_codes Зашифровано (ЗНИ), JSON
|
||||
* @property Carbon|null $mfa_confirmed_at
|
||||
* @property bool $is_blocked
|
||||
* @property Carbon|null $last_login_at
|
||||
* @property string|null $remember_token
|
||||
*/
|
||||
class User extends Authenticatable
|
||||
{
|
||||
/** @use HasFactory<UserFactory> */
|
||||
use HasFactory;
|
||||
|
||||
use HasPdnEncryption;
|
||||
use HasRoles;
|
||||
use Notifiable;
|
||||
use SoftDeletes;
|
||||
|
||||
protected $fillable = [
|
||||
'name',
|
||||
'email',
|
||||
'password',
|
||||
];
|
||||
|
||||
protected $hidden = [
|
||||
'password',
|
||||
'remember_token',
|
||||
'mfa_secret',
|
||||
'mfa_recovery_codes',
|
||||
];
|
||||
|
||||
/**
|
||||
* Поля ПДн/секреты, шифруемые на уровне приложения (мера ЗНИ).
|
||||
*
|
||||
* @var array<int, string>
|
||||
*/
|
||||
protected array $encrypted = [
|
||||
'mfa_secret',
|
||||
'mfa_recovery_codes',
|
||||
];
|
||||
|
||||
protected function casts(): array
|
||||
{
|
||||
return [
|
||||
'email_verified_at' => 'datetime',
|
||||
'password' => 'hashed',
|
||||
'password_changed_at' => 'datetime',
|
||||
'mfa_confirmed_at' => 'datetime',
|
||||
'last_login_at' => 'datetime',
|
||||
'is_blocked' => 'boolean',
|
||||
];
|
||||
}
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Многофакторная аутентификация (ИАФ.4)
|
||||
|--------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
public function hasMfaEnabled(): bool
|
||||
{
|
||||
return $this->mfa_secret !== null && $this->mfa_confirmed_at !== null;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return array<int, string>
|
||||
*/
|
||||
public function recoveryCodes(): array
|
||||
{
|
||||
$raw = $this->mfa_recovery_codes;
|
||||
|
||||
return $raw ? (array) json_decode($raw, true) : [];
|
||||
}
|
||||
|
||||
/**
|
||||
* @param array<int, string> $codes
|
||||
*/
|
||||
public function setRecoveryCodes(array $codes): void
|
||||
{
|
||||
$this->mfa_recovery_codes = (string) json_encode(array_values($codes), JSON_UNESCAPED_UNICODE);
|
||||
}
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Парольная политика (ИАФ.3)
|
||||
|--------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
public function passwordExpired(): bool
|
||||
{
|
||||
$maxAge = (int) config('security.password.max_age_days');
|
||||
|
||||
if ($maxAge <= 0) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$changedAt = $this->password_changed_at ?? $this->created_at;
|
||||
|
||||
return $changedAt === null || $changedAt->lt(now()->subDays($maxAge));
|
||||
}
|
||||
|
||||
/**
|
||||
* @return HasMany<PasswordHistory, $this>
|
||||
*/
|
||||
public function passwordHistories(): HasMany
|
||||
{
|
||||
return $this->hasMany(PasswordHistory::class);
|
||||
}
|
||||
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Состояние учётной записи (ИАФ.2, УПД.1)
|
||||
|--------------------------------------------------------------------------
|
||||
*/
|
||||
|
||||
public function isBlocked(): bool
|
||||
{
|
||||
return (bool) $this->is_blocked;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user