|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace Ntb\RestAPI; |
|
4
|
|
|
|
|
5
|
|
|
/** |
|
6
|
|
|
* Authentication mechanism using a token in the request header. Valid tokens are saved in cache. |
|
7
|
|
|
* @author Christian Blank <[email protected]> |
|
8
|
|
|
*/ |
|
9
|
|
|
class TokenAuth extends \SS_Object implements IAuth { |
|
10
|
|
|
|
|
11
|
|
|
public static function authenticate($email, $password) { |
|
12
|
|
|
$authenticator = \Injector::inst()->get('ApiMemberAuthenticator'); |
|
13
|
|
View Code Duplication |
if($user = $authenticator->authenticate(['Password' => $password, 'Email' => $email])) { |
|
|
|
|
|
|
14
|
|
|
return self::createSession($user); |
|
15
|
|
|
} |
|
16
|
|
|
} |
|
17
|
|
|
|
|
18
|
|
|
/** |
|
19
|
|
|
* @param \Member $user |
|
20
|
|
|
* @return ApiSession |
|
21
|
|
|
*/ |
|
22
|
|
|
public static function createSession($user) { |
|
23
|
|
|
// create session |
|
24
|
|
|
$session = ApiSession::create(); |
|
25
|
|
|
$session->User = $user; |
|
26
|
|
|
$session->Token = AuthFactory::generate_token($user); |
|
27
|
|
|
|
|
28
|
|
|
// save session |
|
29
|
|
|
$cache = \SS_Cache::factory('rest_cache'); |
|
30
|
|
|
$cache->save(json_encode(['token' => $session->Token, 'user' => $session->User->ID]), $session->Token); |
|
31
|
|
|
|
|
32
|
|
|
return $session; |
|
33
|
|
|
} |
|
34
|
|
|
|
|
35
|
|
|
public static function delete($request) { |
|
36
|
|
|
try { |
|
37
|
|
|
$token = AuthFactory::get_token($request); |
|
38
|
|
|
$cache = \SS_Cache::factory('rest_cache'); |
|
39
|
|
|
$cache->remove($token); |
|
40
|
|
|
} catch(\Exception $e) { |
|
41
|
|
|
\SS_Log::log($e->getMessage(), \SS_Log::INFO); |
|
42
|
|
|
} |
|
43
|
|
|
} |
|
44
|
|
|
|
|
45
|
|
View Code Duplication |
public static function current($request) { |
|
|
|
|
|
|
46
|
|
|
try { |
|
47
|
|
|
$token = AuthFactory::get_token($request); |
|
48
|
|
|
return self::get_member_from_token($token); |
|
49
|
|
|
} catch(\Exception $e) { |
|
50
|
|
|
\SS_Log::log($e->getMessage(), \SS_Log::INFO); |
|
51
|
|
|
} |
|
52
|
|
|
return false; |
|
53
|
|
|
} |
|
54
|
|
|
|
|
55
|
|
|
/** |
|
56
|
|
|
* |
|
57
|
|
|
* |
|
58
|
|
|
* @param string $token |
|
59
|
|
|
* @throws RestUserException |
|
60
|
|
|
* @return \Member |
|
|
|
|
|
|
61
|
|
|
*/ |
|
62
|
|
|
private static function get_member_from_token($token) { |
|
63
|
|
|
$cache = \SS_Cache::factory('rest_cache'); |
|
64
|
|
|
if($data = $cache->load($token)) { |
|
65
|
|
|
$data = json_decode($data, true); |
|
66
|
|
|
$id = (int)$data['user']; |
|
67
|
|
|
$user = \DataObject::get(\Config::inst()->get('BaseRestController', 'Owner'))->byID($id); |
|
68
|
|
|
if(!$user) { |
|
69
|
|
|
throw new RestUserException("Owner not found in database", 404); |
|
70
|
|
|
} |
|
71
|
|
|
return $user; |
|
72
|
|
View Code Duplication |
} else if(\Director::isDev() && $token == \Config::inst()->get('TokenAuth', 'DevToken')) { |
|
|
|
|
|
|
73
|
|
|
return \DataObject::get(\Config::inst()->get('BaseRestController', 'Owner'))->first(); |
|
74
|
|
|
} |
|
75
|
|
|
throw new RestUserException("Owner not found in database", 404); |
|
76
|
|
|
} |
|
77
|
|
|
|
|
78
|
|
|
} |
|
79
|
|
|
|
notthatbad /
silverstripe-rest-api
Loading history...
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.