2014-09-18 10:01:34 +00:00
< ? php
/**
* Authentication API used by server to authenticate a user using a
* SHARED SECRET ( ApiKey )
*/
class Alternc_Api_Auth_Sharedsecret implements Alternc_Api_Auth_Interface {
private $db ; // PDO object
const ERR_INVALID_ARGUMENT = 1111801 ;
2014-09-19 15:30:57 +00:00
const ERR_INVALID_SECRET = 1111802 ;
const ERR_INVALID_LOGIN = 1111803 ;
2014-09-21 13:26:25 +00:00
const ERR_DISABLED_ACCOUNT = 1111804 ;
2014-09-19 15:30:57 +00:00
2014-09-18 10:01:34 +00:00
/**
* Constructor of the Shared Secret Api Auth
*
* @ param $service an Alternc_Api_Service object
* @ return create the object
*/
2014-09-21 13:26:25 +00:00
function __construct ( $service ) {
2014-09-18 10:01:34 +00:00
if ( ! ( $service instanceof Alternc_Api_Service ))
throw new \Exception ( " Invalid argument (service) " , ERR_INVALID_ARGUMENT );
$this -> db = $service -> getDb ();
} // __construct
/**
* Authenticate a user
*
* @ param $options options , depending on the auth scheme , including uid for setuid users
* here , login is the alternc username , and secret is a valid shared secret for this user .
* @ return an Alternc_Api_Token
*/
function auth ( $options ) {
if ( ! isset ( $options [ " login " ]) || ! is_string ( $options [ " login " ])) {
throw new \Exception ( " Missing required parameter login " , self :: ERR_INVALID_ARGUMENT );
}
if ( ! isset ( $options [ " secret " ]) || ! is_string ( $options [ " secret " ])) {
throw new \Exception ( " Missing required parameter secret " , self :: ERR_INVALID_ARGUMENT );
}
if ( ! preg_match ( " #^[0-9a-zA-Z] { 32} $ # " , $options [ " secret " ])) {
2014-09-19 15:30:57 +00:00
return new Alternc_Api_Response ( array ( " code " => self :: ERR_INVALID_SECRET , " message " => " Invalid shared secret syntax " ) );
2014-09-18 10:01:34 +00:00
}
if ( ! preg_match ( " #^[0-9a-zA-Z-] { 1,32} $ # " , $options [ " login " ])) { // FIXME : normalize this on AlternC !!!
2014-09-19 15:30:57 +00:00
return new Alternc_Api_Response ( array ( " code " => self :: ERR_INVALID_LOGIN , " message " => " Invalid login " ) );
2014-09-18 10:01:34 +00:00
}
2014-09-21 13:26:25 +00:00
$stmt = $this -> db -> prepare ( " SELECT m.enabled,m.uid,m.login,m.su FROM membres m, sharedsecret s WHERE s.uid=m.uid AND m.login=? AND s.secret=?; " );
$stmt -> execute ( array ( $options [ " login " ], $options [ " secret " ]) );
$me = $stmt -> fetch ( PDO :: FETCH_OBJ );
2014-09-18 10:01:34 +00:00
if ( ! $me )
2014-09-19 15:30:57 +00:00
return new Alternc_Api_Response ( array ( " code " => self :: ERR_INVALID_AUTH , " message " => " Invalid shared secret " ) );
2014-09-18 10:01:34 +00:00
if ( ! $me -> enabled )
2014-09-19 15:30:57 +00:00
return new Alternc_Api_Response ( array ( " code " => self :: ERR_DISABLED_ACCOUNT , " message " => " Account is disabled " ) );
2014-09-18 10:01:34 +00:00
return Alternc_Api_Token :: tokenGenerate (
2014-09-21 13:26:25 +00:00
array ( " uid " => ( int ) $me -> uid , " isAdmin " => ( $me -> su != 0 ) ),
2014-09-18 10:01:34 +00:00
$this -> db
);
}
2014-09-19 15:30:57 +00:00
/**
* instructions on how to use this Auth class
* @ return array ( " fields " => array ( " fields to send, required or not " ), " description " => " description of this auth " )
*/
function instructions () {
return array ( " fields " => array ( " login " => " AlternC user account " , " secret " => " API Key, Shared secrets, valid for this account, stored in sharedsecret table. " ),
" description " => " Authenticate against an Api Key, also called SharedSecret. distinct from the account's password, can be plenty and revoked independently "
);
}
2014-09-18 10:01:34 +00:00
} // class Alternc_Api_Auth_Sharedsecret