AlternC/lib/Alternc/Api/Auth/Sharedsecret.php

<?php

/**
 * Authentication API used by server to authenticate a user using a 
 * SHARED SECRET (ApiKey)
 */
class Alternc_Api_Auth_Sharedsecret implements Alternc_Api_Auth_Interface {
    

  private $db; // PDO object

  const ERR_INVALID_ARGUMENT = 1111801;
  const ERR_INVALID_SECRET = 1111802;
  const ERR_INVALID_LOGIN = 1111803;
  const ERR_INVALID_LOGIN = 1111804;
  const ERR_DISABLED_ACCOUNT = 1111805;


  /**
   * Constructor of the Shared Secret Api Auth
   *
   * @param $service an Alternc_Api_Service object
   * @return create the object
   */
  function __constructor($service) {

    if (!($service instanceof Alternc_Api_Service))
      throw new \Exception("Invalid argument (service)",ERR_INVALID_ARGUMENT);

    $this->db = $service->getDb();

  } // __construct


  /**
   * Authenticate a user
   *
   * @param $options options, depending on the auth scheme, including uid for setuid users
   *   here, login is the alternc username, and secret is a valid shared secret for this user.
   * @return an Alternc_Api_Token
   */
  function auth($options) {

    if (!isset($options["login"]) || !is_string($options["login"])) {
      throw new \Exception("Missing required parameter login", self::ERR_INVALID_ARGUMENT);
    }
    if (!isset($options["secret"]) || !is_string($options["secret"])) {
      throw new \Exception("Missing required parameter secret", self::ERR_INVALID_ARGUMENT);
    }
    if (!preg_match("#^[0-9a-zA-Z]{32}$#",$options["secret"])) {
      return new Alternc_Api_Response( array("code" => self::ERR_INVALID_SECRET, "message" => "Invalid shared secret syntax") );
    }

    if (!preg_match("#^[0-9a-zA-Z-]{1,32}$#",$options["login"])) { // FIXME : normalize this on AlternC !!!
      return new Alternc_Api_Response( array("code" => self::ERR_INVALID_LOGIN, "message" => "Invalid login") );
    }

    $stmt = $db->query("SELECT m.enabled,m.uid,m.login,m.su FROM membres m, sharedsecret s WHERE s.uid=m.uid AND m.login=? AND s.secret=?;",array($options["login"],$options["secret"]),PDO::FETCH_CLASS);
    $me=$stmt->fetch();
    if (!$me) 
      return new Alternc_Api_Response( array("code" => self::ERR_INVALID_AUTH, "message" => "Invalid shared secret") );
    if (!$me->enabled) 
      return new Alternc_Api_Response( array("code" => self::ERR_DISABLED_ACCOUNT, "message" => "Account is disabled") );

    return Alternc_Api_Token::tokenGenerate(
					     array("uid"=>$me->uid, "isAdmin"=>($me->su!=0) ), 
					     $this->db
					     );
  }


  /** 
   * instructions on how to use this Auth class
   * @return array("fields" => array("fields to send, required or not"), "description" => "description of this auth")
   */
  function instructions() {
    return array("fields" => array("login" => "AlternC user account", "secret" => "API Key, Shared secrets, valid for this account, stored in sharedsecret table."),
		 "description" => "Authenticate against an Api Key, also called SharedSecret. distinct from the account's password, can be plenty and revoked independently"
		 );
  }


} // class Alternc_Api_Auth_Sharedsecret
adding Alternc_Api_Token and Alternc_Api_Auth_SharedSecret + Alternc_Api_Auth_Interface 2014-09-18 10:01:34 +00:00			`<?php`

			`/**`
			`* Authentication API used by server to authenticate a user using a`
			`* SHARED SECRET (ApiKey)`
			`*/`
			`class Alternc_Api_Auth_Sharedsecret implements Alternc_Api_Auth_Interface {`


			`private $db; // PDO object`

			`const ERR_INVALID_ARGUMENT = 1111801;`
adding Login auth + adding description in Api_Auth_Interface + implementing SetUid Auth in Service 2014-09-19 15:30:57 +00:00			`const ERR_INVALID_SECRET = 1111802;`
			`const ERR_INVALID_LOGIN = 1111803;`
			`const ERR_INVALID_LOGIN = 1111804;`
			`const ERR_DISABLED_ACCOUNT = 1111805;`

adding Alternc_Api_Token and Alternc_Api_Auth_SharedSecret + Alternc_Api_Auth_Interface 2014-09-18 10:01:34 +00:00
			`/**`
			`* Constructor of the Shared Secret Api Auth`
			`*`
			`* @param $service an Alternc_Api_Service object`
			`* @return create the object`
			`*/`
			`function __constructor($service) {`

			`if (!($service instanceof Alternc_Api_Service))`
			`throw new \Exception("Invalid argument (service)",ERR_INVALID_ARGUMENT);`

			`$this->db = $service->getDb();`

			`} // __construct`


			`/**`
			`* Authenticate a user`
			`*`
			`* @param $options options, depending on the auth scheme, including uid for setuid users`
			`* here, login is the alternc username, and secret is a valid shared secret for this user.`
			`* @return an Alternc_Api_Token`
			`*/`
			`function auth($options) {`

			`if (!isset($options["login"]) \|\| !is_string($options["login"])) {`
			`throw new \Exception("Missing required parameter login", self::ERR_INVALID_ARGUMENT);`
			`}`
			`if (!isset($options["secret"]) \|\| !is_string($options["secret"])) {`
			`throw new \Exception("Missing required parameter secret", self::ERR_INVALID_ARGUMENT);`
			`}`
			`if (!preg_match("#^[0-9a-zA-Z]{32}$#",$options["secret"])) {`
adding Login auth + adding description in Api_Auth_Interface + implementing SetUid Auth in Service 2014-09-19 15:30:57 +00:00			`return new Alternc_Api_Response( array("code" => self::ERR_INVALID_SECRET, "message" => "Invalid shared secret syntax") );`
adding Alternc_Api_Token and Alternc_Api_Auth_SharedSecret + Alternc_Api_Auth_Interface 2014-09-18 10:01:34 +00:00			`}`

			`if (!preg_match("#^[0-9a-zA-Z-]{1,32}$#",$options["login"])) { // FIXME : normalize this on AlternC !!!`
adding Login auth + adding description in Api_Auth_Interface + implementing SetUid Auth in Service 2014-09-19 15:30:57 +00:00			`return new Alternc_Api_Response( array("code" => self::ERR_INVALID_LOGIN, "message" => "Invalid login") );`
adding Alternc_Api_Token and Alternc_Api_Auth_SharedSecret + Alternc_Api_Auth_Interface 2014-09-18 10:01:34 +00:00			`}`

			`$stmt = $db->query("SELECT m.enabled,m.uid,m.login,m.su FROM membres m, sharedsecret s WHERE s.uid=m.uid AND m.login=? AND s.secret=?;",array($options["login"],$options["secret"]),PDO::FETCH_CLASS);`
			`$me=$stmt->fetch();`
			`if (!$me)`
adding Login auth + adding description in Api_Auth_Interface + implementing SetUid Auth in Service 2014-09-19 15:30:57 +00:00			`return new Alternc_Api_Response( array("code" => self::ERR_INVALID_AUTH, "message" => "Invalid shared secret") );`
adding Alternc_Api_Token and Alternc_Api_Auth_SharedSecret + Alternc_Api_Auth_Interface 2014-09-18 10:01:34 +00:00			`if (!$me->enabled)`
adding Login auth + adding description in Api_Auth_Interface + implementing SetUid Auth in Service 2014-09-19 15:30:57 +00:00			`return new Alternc_Api_Response( array("code" => self::ERR_DISABLED_ACCOUNT, "message" => "Account is disabled") );`
adding Alternc_Api_Token and Alternc_Api_Auth_SharedSecret + Alternc_Api_Auth_Interface 2014-09-18 10:01:34 +00:00
			`return Alternc_Api_Token::tokenGenerate(`
			`array("uid"=>$me->uid, "isAdmin"=>($me->su!=0) ),`
			`$this->db`
			`);`
			`}`


adding Login auth + adding description in Api_Auth_Interface + implementing SetUid Auth in Service 2014-09-19 15:30:57 +00:00			`/**`
			`* instructions on how to use this Auth class`
			`* @return array("fields" => array("fields to send, required or not"), "description" => "description of this auth")`
			`*/`
			`function instructions() {`
			`return array("fields" => array("login" => "AlternC user account", "secret" => "API Key, Shared secrets, valid for this account, stored in sharedsecret table."),`
			`"description" => "Authenticate against an Api Key, also called SharedSecret. distinct from the account's password, can be plenty and revoked independently"`
			`);`
			`}`


adding Alternc_Api_Token and Alternc_Api_Auth_SharedSecret + Alternc_Api_Auth_Interface 2014-09-18 10:01:34 +00:00			`} // class Alternc_Api_Auth_Sharedsecret`