authenticate method

Future<UuidValue> authenticate(Session session, { required String email, required String password, required Transaction? transaction, })

Returns the AuthUser's ID upon successful email/password verification.

Can throw the following EmailLoginServerException subclasses:

• EmailAccountNotFoundException if the email address is not registered in the database.
• EmailAuthenticationInvalidCredentialsException if the password is not valid for an existing account.
• EmailAuthenticationTooManyAttemptsException if the user has made too many failed attempts.

In case of invalid credentials, the failed attempt will be logged to the database outside of the transaction and can not be rolled back.

Implementation

Future<UuidValue> authenticate(
  final Session session, {
  required String email,
  required final String password,
  required final Transaction? transaction,
}) async {
  email = email.normalizedEmail;

  final attemptCount = await _rateLimitUtil.countAttempts(
    session,
    nonce: email,
    transaction: transaction,
  );
  if (attemptCount >= _maxAttempts) {
    throw EmailAuthenticationTooManyAttemptsException();
  }

  final account = await EmailAccount.db.findFirstRow(
    session,
    where: (final t) => t.email.equals(email),
    transaction: transaction,
  );

  if (account == null) {
    await _rateLimitUtil.recordAttempt(
      session,
      nonce: email,
    );
    throw EmailAccountNotFoundException();
  }

  if (!await _hashUtil.validateHashFromString(
    secret: password,
    hashString: account.passwordHash,
  )) {
    await _rateLimitUtil.recordAttempt(
      session,
      nonce: email,
    );
    throw EmailAuthenticationInvalidCredentialsException();
  }

  return account.authUserId;
}