Log failed logins + translate messages

tatevikg1 · tatevikg1 · commit 71f0d376ef90 · 2025-09-02T12:41:29.000+04:00
diff --git a/config/services/services.yml b/config/services/services.yml
@@ -107,3 +107,10 @@ services:
   PhpList\Core\Domain\Messaging\Service\BounceActionResolver:
     arguments:
       - !tagged_iterator { tag: 'phplist.bounce_action_handler' }
+
+  # I18n
+  PhpList\Core\Domain\Common\I18n\SimpleTranslator:
+    autowire: true
+    autoconfigure: true
+
+  PhpList\Core\Domain\Common\I18n\TranslatorInterface: '@PhpList\Core\Domain\Common\I18n\SimpleTranslator'
diff --git a/resources/translations/messages.en.php b/resources/translations/messages.en.php
@@ -0,0 +1,10 @@
+<?php
+
+use PhpList\Core\Domain\Common\I18n\Messages;
+
+return [
+    // Authentication
+    Messages::AUTH_NOT_AUTHORIZED => 'Not authorized',
+    Messages::AUTH_LOGIN_FAILED => "Failed admin login attempt for '{login}'",
+    Messages::AUTH_LOGIN_DISABLED => "Login attempt for disabled admin '{login}'",
+];
diff --git a/src/Domain/Common/I18n/Messages.php b/src/Domain/Common/I18n/Messages.php
@@ -0,0 +1,21 @@
+<?php
+
+declare(strict_types=1);
+
+namespace PhpList\Core\Domain\Common\I18n;
+
+/**
+ * Centralized message keys to be used across the application.
+ * These keys map to translation strings in resources/translations.
+ */
+final class Messages
+{
+    // Authentication / Authorization
+    public const AUTH_NOT_AUTHORIZED = 'auth.not_authorized';
+    public const AUTH_LOGIN_FAILED = 'auth.login_failed';
+    public const AUTH_LOGIN_DISABLED = 'auth.login_disabled';
+
+    private function __construct()
+    {
+    }
+}
diff --git a/src/Domain/Common/I18n/SimpleTranslator.php b/src/Domain/Common/I18n/SimpleTranslator.php
@@ -0,0 +1,60 @@
+<?php
+
+declare(strict_types=1);
+
+namespace PhpList\Core\Domain\Common\I18n;
+
+/**
+ * Minimal translator to support message keys and parameter interpolation.
+ * Designed to be compatible with future integration with Symfony Translator and POEditor.
+ */
+class SimpleTranslator implements TranslatorInterface
+{
+    private string $defaultLocale;
+
+    /** @var array<string,array<string,string>> */
+    private array $catalogues = [];
+
+    public function __construct(string $defaultLocale = 'en')
+    {
+        $this->defaultLocale = $defaultLocale;
+    }
+
+    public function translate(string $key, array $params = [], ?string $locale = null): string
+    {
+        $loc = $locale ?? $this->defaultLocale;
+        $messages = $this->loadCatalogue($loc);
+        $message = $messages[$key] ?? $key;
+
+        $replacements = [];
+        foreach ($params as $name => $value) {
+            $replacements['{' . $name . '}'] = (string)$value;
+        }
+
+        return strtr($message, $replacements);
+    }
+
+    /**
+     * @return array<string,string>
+     */
+    private function loadCatalogue(string $locale): array
+    {
+        if (!isset($this->catalogues[$locale])) {
+            $pathPhp = __DIR__ . '/../../../../resources/translations/messages.' . $locale . '.php';
+            if (is_file($pathPhp)) {
+                /** @var array<string,string> $messages */
+                $messages = include $pathPhp;
+            } else {
+                $fallback = __DIR__ . '/../../../../resources/translations/messages.en.php';
+                if (is_file($fallback)) {
+                    /** @var array<string,string> $messages */
+                    $messages = include $fallback;
+                } else {
+                    $messages = [];
+                }
+            }
+            $this->catalogues[$locale] = $messages;
+        }
+        return $this->catalogues[$locale];
+    }
+}
diff --git a/src/Domain/Common/I18n/TranslatorInterface.php b/src/Domain/Common/I18n/TranslatorInterface.php
@@ -0,0 +1,16 @@
+<?php
+
+declare(strict_types=1);
+
+namespace PhpList\Core\Domain\Common\I18n;
+
+interface TranslatorInterface
+{
+    /**
+     * Translate a message key with optional parameters.
+     * @param string $key Message key (e.g., Messages::AUTH_NOT_AUTHORIZED)
+     * @param array<string,string|int|float> $params Placeholder values (e.g., ['login' => 'admin'])
+     * @param string|null $locale Optional locale (defaults to environment/app locale)
+     */
+    public function translate(string $key, array $params = [], ?string $locale = null): string;
+}
diff --git a/src/Domain/Identity/Service/SessionManager.php b/src/Domain/Identity/Service/SessionManager.php
@@ -4,6 +4,9 @@
 
 namespace PhpList\Core\Domain\Identity\Service;
 
+use PhpList\Core\Domain\Common\I18n\Messages;
+use PhpList\Core\Domain\Common\I18n\TranslatorInterface;
+use PhpList\Core\Domain\Configuration\Service\Manager\EventLogManager;
 use PhpList\Core\Domain\Identity\Model\AdministratorToken;
 use PhpList\Core\Domain\Identity\Repository\AdministratorRepository;
 use PhpList\Core\Domain\Identity\Repository\AdministratorTokenRepository;
@@ -13,24 +16,36 @@ class SessionManager
 {
     private AdministratorTokenRepository $tokenRepository;
     private AdministratorRepository $administratorRepository;
+    private EventLogManager $eventLogManager;
+    private TranslatorInterface $translator;
 
     public function __construct(
         AdministratorTokenRepository $tokenRepository,
-        AdministratorRepository $administratorRepository
+        AdministratorRepository $administratorRepository,
+        EventLogManager $eventLogManager,
+        TranslatorInterface $translator
     ) {
         $this->tokenRepository = $tokenRepository;
         $this->administratorRepository = $administratorRepository;
+        $this->eventLogManager = $eventLogManager;
+        $this->translator = $translator;
     }
 
     public function createSession(string $loginName, string $password): AdministratorToken
     {
         $administrator = $this->administratorRepository->findOneByLoginCredentials($loginName, $password);
         if ($administrator === null) {
-            throw new UnauthorizedHttpException('', 'Not authorized', null, 1500567098);
+            $entry = $this->translator->translate(Messages::AUTH_LOGIN_FAILED, ['login' => $loginName]);
+            $this->eventLogManager->log('login', $entry);
+            $message = $this->translator->translate(Messages::AUTH_NOT_AUTHORIZED);
+            throw new UnauthorizedHttpException('', $message, null, 1500567098);
         }
 
         if ($administrator->isDisabled()) {
-            throw new UnauthorizedHttpException('', 'Not authorized', null, 1500567099);
+            $entry = $this->translator->translate(Messages::AUTH_LOGIN_DISABLED, ['login' => $loginName]);
+            $this->eventLogManager->log('login', $entry);
+            $message = $this->translator->translate(Messages::AUTH_NOT_AUTHORIZED);
+            throw new UnauthorizedHttpException('', $message, null, 1500567099);
         }
 
         $token = new AdministratorToken();
diff --git a/tests/Unit/Domain/Identity/Service/SessionManagerTest.php b/tests/Unit/Domain/Identity/Service/SessionManagerTest.php
@@ -4,6 +4,9 @@
 
 namespace PhpList\Core\Tests\Unit\Domain\Identity\Service;
 
+use PhpList\Core\Domain\Common\I18n\Messages;
+use PhpList\Core\Domain\Common\I18n\TranslatorInterface;
+use PhpList\Core\Domain\Configuration\Service\Manager\EventLogManager;
 use PhpList\Core\Domain\Identity\Model\AdministratorToken;
 use PhpList\Core\Domain\Identity\Repository\AdministratorRepository;
 use PhpList\Core\Domain\Identity\Repository\AdministratorTokenRepository;
@@ -13,7 +16,7 @@
 
 class SessionManagerTest extends TestCase
 {
-    public function testCreateSessionWithInvalidCredentialsThrowsException(): void
+    public function testCreateSessionWithInvalidCredentialsThrowsExceptionAndLogs(): void
     {
         $adminRepo = $this->createMock(AdministratorRepository::class);
         $adminRepo->expects(self::once())
@@ -24,7 +27,24 @@ public function testCreateSessionWithInvalidCredentialsThrowsException(): void
         $tokenRepo = $this->createMock(AdministratorTokenRepository::class);
         $tokenRepo->expects(self::never())->method('save');
 
-        $manager = new SessionManager($tokenRepo, $adminRepo);
+        $eventLogManager = $this->createMock(EventLogManager::class);
+        $eventLogManager->expects(self::once())
+            ->method('log')
+            ->with('login', $this->stringContains('admin'));
+
+        $translator = $this->createMock(TranslatorInterface::class);
+        $translator->expects(self::exactly(2))
+            ->method('translate')
+            ->withConsecutive(
+                [Messages::AUTH_LOGIN_FAILED, ['login' => 'admin']],
+                [Messages::AUTH_NOT_AUTHORIZED, []]
+            )
+            ->willReturnOnConsecutiveCalls(
+                "Failed admin login attempt for 'admin'",
+                'Not authorized'
+            );
+
+        $manager = new SessionManager($tokenRepo, $adminRepo, $eventLogManager, $translator);
 
         $this->expectException(UnauthorizedHttpException::class);
         $this->expectExceptionMessage('Not authorized');
@@ -42,8 +62,10 @@ public function testDeleteSessionCallsRemove(): void
             ->with($token);
 
         $adminRepo = $this->createMock(AdministratorRepository::class);
+        $eventLogManager = $this->createMock(EventLogManager::class);
+        $translator = $this->createMock(TranslatorInterface::class);
 
-        $manager = new SessionManager($tokenRepo, $adminRepo);
+        $manager = new SessionManager($tokenRepo, $adminRepo, $eventLogManager, $translator);
         $manager->deleteSession($token);
     }
 }
