These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | /** |
||
4 | * Authentication mechanism using a BasicAuth request. |
||
5 | * |
||
6 | * @author Andre Lohmann <[email protected]> |
||
7 | */ |
||
8 | class HttpAuth extends Object implements IAuth { |
||
9 | |||
10 | public static function authenticate($email, $password) { |
||
11 | $authenticator = Injector::inst()->get('ApiMemberAuthenticator'); |
||
12 | if($user = $authenticator->authenticate(['Password' => $password, 'Email' => $email])) { |
||
13 | return self::createSession($user); |
||
14 | } |
||
15 | } |
||
16 | |||
17 | /** |
||
18 | * @param Member $user |
||
19 | * @return ApiSession |
||
20 | */ |
||
21 | View Code Duplication | public static function createSession($user) { |
|
22 | $user->logIn(); |
||
23 | /** @var Member $user */ |
||
24 | $user = DataObject::get(Config::inst()->get('BaseRestController', 'Owner'))->byID($user->ID); |
||
25 | |||
26 | // create session |
||
27 | $session = ApiSession::create(); |
||
28 | $session->User = $user; |
||
29 | $session->Token = AuthFactory::generate_token($user); |
||
30 | |||
31 | return $session; |
||
32 | } |
||
33 | |||
34 | View Code Duplication | public static function delete($request) { |
|
35 | $owner = self::current($request); |
||
36 | if(!$owner) { |
||
37 | throw new RestUserException("No session found", 404, 404); |
||
38 | } |
||
39 | $owner->logOut(); |
||
40 | return true; |
||
41 | } |
||
42 | |||
43 | |||
44 | /** |
||
45 | * @param SS_HTTPRequest $request |
||
46 | * @return Member |
||
47 | */ |
||
48 | public static function current($request) { |
||
49 | $member = self::getBasicAuthMember(); |
||
50 | return ($member instanceof Member) ? DataObject::get(Config::inst()->get('BaseRestController', 'Owner'))->byID($member->ID) : null; |
||
51 | } |
||
52 | |||
53 | /** |
||
54 | * @return Member |
||
0 ignored issues
–
show
|
|||
55 | */ |
||
56 | protected static function getBasicAuthMember(){ |
||
57 | $realm = Config::inst()->get('HttpAuth', 'Realm'); |
||
58 | $permissionCode = Config::inst()->get('HttpAuth', 'PermissionCode'); |
||
59 | $isRunningTests = (class_exists('SapphireTest', false) && SapphireTest::is_running_test()); |
||
60 | $tryUsingSessionLogin = $isRunningTests || Config::inst()->get('HttpAuth', 'TryUsingSessionLogin'); |
||
61 | |||
62 | try{ |
||
63 | $member = BasicAuth::requireLogin($realm, $permissionCode, $tryUsingSessionLogin); |
||
64 | return $member; |
||
65 | } catch (Exception $ex) { |
||
66 | return null; |
||
67 | } |
||
68 | } |
||
69 | |||
70 | } |
||
71 |
This check compares the return type specified in the
@return
annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch.