chore: complete update

src/Application/Security/Events/Auth/AccountLockedEvent.php

@@ -0,0 +1,51 @@
+<?php
+declare(strict_types=1);
+
+namespace App\Application\Security\Events\Auth;
+
+use App\Application\Security\ValueObjects\{OWASPEventIdentifier, OWASPLogLevel};
+
+final class AccountLockedEvent
+{
+    public function __construct(
+        public readonly string $email,
+        public readonly string $reason,
+        public readonly int $failedAttempts
+    ) {}
+
+    public function getOWASPEventIdentifier(): OWASPEventIdentifier
+    {
+        return OWASPEventIdentifier::accountLocked($this->maskEmail($this->email));
+    }
+
+    public function getOWASPLogLevel(): OWASPLogLevel
+    {
+        return OWASPLogLevel::ERROR;
+    }
+
+    public function getDescription(): string
+    {
+        return "Account {$this->maskEmail($this->email)} locked";
+    }
+
+    public function getEventData(): array
+    {
+        return [
+            'username' => $this->maskEmail($this->email),
+            'lock_reason' => $this->reason,
+            'failed_attempts' => $this->failedAttempts
+        ];
+    }
+
+    private function maskEmail(string $email): string
+    {
+        if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
+            return $email;
+        }
+
+        [$local, $domain] = explode('@', $email, 2);
+        $maskedLocal = substr($local, 0, 2) . str_repeat('*', max(0, strlen($local) - 2));
+
+        return $maskedLocal . '@' . $domain;
+    }
+}

src/Application/Security/Events/Auth/AuthenticationFailedEvent.php

@@ -0,0 +1,51 @@
+<?php
+declare(strict_types=1);
+
+namespace App\Application\Security\Events\Auth;
+
+use App\Application\Security\{OWASPSecurityEvent};
+use App\Application\Security\ValueObjects\{OWASPEventIdentifier, OWASPLogLevel, MaskedEmail};
+
+final class AuthenticationFailedEvent implements OWASPSecurityEvent
+{
+    private MaskedEmail $maskedEmail;
+
+    public function __construct(
+        public readonly string $email,
+        public readonly ?string $reason = null,
+        public readonly int $failedAttempts = 1
+    ) {
+        $this->maskedEmail = MaskedEmail::fromString($this->email);
+    }
+
+    public function getOWASPEventIdentifier(): OWASPEventIdentifier
+    {
+        return OWASPEventIdentifier::authenticationFailure($this->maskedEmail->toString());
+    }
+
+    public function getOWASPLogLevel(): OWASPLogLevel
+    {
+        return OWASPLogLevel::WARN;
+    }
+
+    public function getDescription(): string
+    {
+        return "User {$this->maskedEmail->toString()} login failed" .
+               ($this->reason ? " - {$this->reason}" : '');
+    }
+
+    public function getEventData(): array
+    {
+        return [
+            'email' => $this->maskedEmail->toString(),
+            'reason' => $this->reason,
+            'failed_attempts' => $this->failedAttempts,
+            'failure_reason' => $this->reason ?? 'invalid_credentials'
+        ];
+    }
+
+    public function getMaskedEmail(): MaskedEmail
+    {
+        return $this->maskedEmail;
+    }
+}

src/Application/Security/Events/Auth/AuthenticationSuccessEvent.php

@@ -0,0 +1,49 @@
+<?php
+declare(strict_types=1);
+
+namespace App\Application\Security\Events\Auth;
+
+use App\Application\Security\{OWASPSecurityEvent};
+use App\Application\Security\ValueObjects\{OWASPEventIdentifier, OWASPLogLevel, MaskedEmail};
+
+final class AuthenticationSuccessEvent implements OWASPSecurityEvent
+{
+    private MaskedEmail $maskedEmail;
+
+    public function __construct(
+        public readonly string $email,
+        public readonly string $sessionId,
+        public readonly ?string $method = 'password'
+    ) {
+        $this->maskedEmail = MaskedEmail::fromString($this->email);
+    }
+
+    public function getOWASPEventIdentifier(): OWASPEventIdentifier
+    {
+        return OWASPEventIdentifier::authenticationSuccess($this->maskedEmail->toString());
+    }
+
+    public function getOWASPLogLevel(): OWASPLogLevel
+    {
+        return OWASPLogLevel::INFO;
+    }
+
+    public function getDescription(): string
+    {
+        return "User {$this->maskedEmail->toString()} login successfully";
+    }
+
+    public function getEventData(): array
+    {
+        return [
+            'username' => $this->maskedEmail->toString(),
+            'session_id' => hash('sha256', $this->sessionId), // Session-ID hashen für Sicherheit
+            'method' => $this->method
+        ];
+    }
+
+    public function getMaskedEmail(): MaskedEmail
+    {
+        return $this->maskedEmail;
+    }
+}

src/Application/Security/Events/Auth/LoginFailed.php

@@ -0,0 +1,20 @@
+<?php
+declare(strict_types=1);
+
+namespace App\Application\Security\Events\Auth;
+
+use App\Application\Security\SecurityEvent;
+use App\Application\Security\SecurityEventType;
+
+final class LoginFailed implements SecurityEvent
+{
+    public function __construct(
+        public string $email
+    ) {}
+
+    public SecurityEventType $type {
+        get {
+            return SecurityEventType::LOGIN_FAILED;
+        }
+    }
+}

src/Application/Security/Events/Auth/PasswordChangedEvent.php

@@ -0,0 +1,49 @@
+<?php
+declare(strict_types=1);
+
+namespace App\Application\Security\Events\Auth;
+
+use App\Application\Security\ValueObjects\{OWASPEventIdentifier, OWASPLogLevel};
+
+final class PasswordChangedEvent
+{
+    public function __construct(
+        public readonly string $email,
+        public readonly string $method = 'self_service'
+    ) {}
+
+    public function getOWASPEventIdentifier(): OWASPEventIdentifier
+    {
+        return OWASPEventIdentifier::passwordChange($this->maskEmail($this->email));
+    }
+
+    public function getOWASPLogLevel(): OWASPLogLevel
+    {
+        return OWASPLogLevel::INFO;
+    }
+
+    public function getDescription(): string
+    {
+        return "User {$this->maskEmail($this->email)} changed password";
+    }
+
+    public function getEventData(): array
+    {
+        return [
+            'username' => $this->maskEmail($this->email),
+            'change_method' => $this->method
+        ];
+    }
+
+    private function maskEmail(string $email): string
+    {
+        if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
+            return $email;
+        }
+
+        [$local, $domain] = explode('@', $email, 2);
+        $maskedLocal = substr($local, 0, 2) . str_repeat('*', max(0, strlen($local) - 2));
+
+        return $maskedLocal . '@' . $domain;
+    }
+}

src/Application/Security/Events/Auth/SessionTerminatedEvent.php

@@ -0,0 +1,49 @@
+<?php
+declare(strict_types=1);
+
+namespace App\Application\Security\Events\Auth;
+
+use App\Application\Security\{OWASPSecurityEvent};
+use App\Application\Security\ValueObjects\{OWASPEventIdentifier, OWASPLogLevel, MaskedEmail};
+
+final class SessionTerminatedEvent implements OWASPSecurityEvent
+{
+    private MaskedEmail $maskedEmail;
+
+    public function __construct(
+        public readonly string $email,
+        public readonly string $sessionId,
+        public readonly string $reason = 'logout'
+    ) {
+        $this->maskedEmail = MaskedEmail::fromString($this->email);
+    }
+
+    public function getOWASPEventIdentifier(): OWASPEventIdentifier
+    {
+        return OWASPEventIdentifier::sessionTermination($this->maskedEmail->toString());
+    }
+
+    public function getOWASPLogLevel(): OWASPLogLevel
+    {
+        return OWASPLogLevel::INFO;
+    }
+
+    public function getDescription(): string
+    {
+        return "User {$this->maskedEmail->toString()} logged out";
+    }
+
+    public function getEventData(): array
+    {
+        return [
+            'username' => $this->maskedEmail->toString(),
+            'session_id' => hash('sha256', $this->sessionId),
+            'termination_reason' => $this->reason
+        ];
+    }
+
+    public function getMaskedEmail(): MaskedEmail
+    {
+        return $this->maskedEmail;
+    }
+}