From 924b36ee191d41c79595af7ea29142fcfadb8a89 Mon Sep 17 00:00:00 2001 From: Benjamin Sonntag Date: Sun, 21 Sep 2014 15:26:25 +0200 Subject: [PATCH] Auth() for Sharedsecret is now working, Token Object too. --- api/panel/bootstrap.php | 4 ++-- lib/Alternc/Api/Auth/Interface.php | 2 +- lib/Alternc/Api/Auth/Sharedsecret.php | 12 ++++++------ lib/Alternc/Api/Service.php | 3 ++- lib/Alternc/Api/Token.php | 13 +++++++------ 5 files changed, 18 insertions(+), 16 deletions(-) diff --git a/api/panel/bootstrap.php b/api/panel/bootstrap.php index 30c7b25a..52b8e808 100644 --- a/api/panel/bootstrap.php +++ b/api/panel/bootstrap.php @@ -2,7 +2,7 @@ /* Global variables (AlternC configuration) */ -require_once(__DIR__."/../../class/local.php"); +require_once("/usr/share/alternc/panel/class/local.php"); // Define constants from vars of /etc/alternc/local.sh // The you can't choose where is the AlternC Panel @@ -23,7 +23,7 @@ require_once($root."class/db_mysql.php"); require_once($root."class/functions.php"); -global $L_MYSQL_HOST,$L_MYSQL_DATABASE,$L_MYSQL_LOGIN,$L_MYSQL_PWD; +global $L_MYSQL_HOST,$L_MYSQL_DATABASE,$L_MYSQL_LOGIN,$L_MYSQL_PWD,$db,$dbh; class DB_system extends DB_Sql { var $Host,$Database,$User,$Password; diff --git a/lib/Alternc/Api/Auth/Interface.php b/lib/Alternc/Api/Auth/Interface.php index 626027e3..6e324e44 100644 --- a/lib/Alternc/Api/Auth/Interface.php +++ b/lib/Alternc/Api/Auth/Interface.php @@ -10,7 +10,7 @@ interface Alternc_Api_Auth_Interface { * contructor : * $service is an Alternc_Api_Service object having a getDb() method */ - function __constructor($service); + function __construct($service); /** diff --git a/lib/Alternc/Api/Auth/Sharedsecret.php b/lib/Alternc/Api/Auth/Sharedsecret.php index 26d1ec56..57e973bf 100644 --- a/lib/Alternc/Api/Auth/Sharedsecret.php +++ b/lib/Alternc/Api/Auth/Sharedsecret.php @@ -12,8 +12,7 @@ class Alternc_Api_Auth_Sharedsecret implements Alternc_Api_Auth_Interface { const ERR_INVALID_ARGUMENT = 1111801; const ERR_INVALID_SECRET = 1111802; const ERR_INVALID_LOGIN = 1111803; - const ERR_INVALID_LOGIN = 1111804; - const ERR_DISABLED_ACCOUNT = 1111805; + const ERR_DISABLED_ACCOUNT = 1111804; /** @@ -22,7 +21,7 @@ class Alternc_Api_Auth_Sharedsecret implements Alternc_Api_Auth_Interface { * @param $service an Alternc_Api_Service object * @return create the object */ - function __constructor($service) { + function __construct($service) { if (!($service instanceof Alternc_Api_Service)) throw new \Exception("Invalid argument (service)",ERR_INVALID_ARGUMENT); @@ -55,15 +54,16 @@ class Alternc_Api_Auth_Sharedsecret implements Alternc_Api_Auth_Interface { return new Alternc_Api_Response( array("code" => self::ERR_INVALID_LOGIN, "message" => "Invalid login") ); } - $stmt = $db->query("SELECT m.enabled,m.uid,m.login,m.su FROM membres m, sharedsecret s WHERE s.uid=m.uid AND m.login=? AND s.secret=?;",array($options["login"],$options["secret"]),PDO::FETCH_CLASS); - $me=$stmt->fetch(); + $stmt = $this->db->prepare("SELECT m.enabled,m.uid,m.login,m.su FROM membres m, sharedsecret s WHERE s.uid=m.uid AND m.login=? AND s.secret=?;"); + $stmt->execute(array($options["login"],$options["secret"]) ); + $me=$stmt->fetch(PDO::FETCH_OBJ); if (!$me) return new Alternc_Api_Response( array("code" => self::ERR_INVALID_AUTH, "message" => "Invalid shared secret") ); if (!$me->enabled) return new Alternc_Api_Response( array("code" => self::ERR_DISABLED_ACCOUNT, "message" => "Account is disabled") ); return Alternc_Api_Token::tokenGenerate( - array("uid"=>$me->uid, "isAdmin"=>($me->su!=0) ), + array("uid"=>(int)$me->uid, "isAdmin"=>($me->su!=0) ), $this->db ); } diff --git a/lib/Alternc/Api/Service.php b/lib/Alternc/Api/Service.php index 6a771649..1353c1f4 100644 --- a/lib/Alternc/Api/Service.php +++ b/lib/Alternc/Api/Service.php @@ -37,7 +37,7 @@ class Alternc_Api_Service { */ function __construct($options) { - + // What DB shall we connect to? // Note: it MUST be in this mode : $dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); if (isset($options["databaseAdapter"]) && $options["databaseAdapter"] instanceof PDO) { @@ -91,6 +91,7 @@ class Alternc_Api_Service { } $adapterName = "Alternc_Api_Auth_".ucfirst(strtolower($auth["method"])); + $authAdapter = new $adapterName($this); $token = $authAdapter->auth($auth["options"]); diff --git a/lib/Alternc/Api/Token.php b/lib/Alternc/Api/Token.php index 79f29220..8607e6e6 100644 --- a/lib/Alternc/Api/Token.php +++ b/lib/Alternc/Api/Token.php @@ -39,7 +39,7 @@ class Alternc_Api_Token { * * @var int */ - public static $tokenDuration = 2678400; // default is a month + public $tokenDuration = 2678400; // default is a month /** @@ -47,7 +47,7 @@ class Alternc_Api_Token { * @param options any of the public above * may contain a dbAdapter, in that case create() will be available */ - public function __constructor($options=array()) { + public function __construct($options=array()) { if (isset($options["uid"]) && is_int($options["uid"])) $this->uid=$options["uid"]; @@ -84,14 +84,15 @@ class Alternc_Api_Token { if (!isset($options["uid"]) || !isset($options["isAdmin"])) { throw new \Exception("Missing Arguments (uid,isAdmin)",self::ERR_MISSING_ARGUMENT); } - + $token=new Alternc_Api_Token($options); do { $token->token = $token->tokenRandom(); - $rows = $db->exec("INSERT IGNORE INTO token SET token=?, expire=DATE_ADD(NOW(), INTERVAL ? SECONDS), data=?", - array($token,$token->tokenDuration, $token->toJson()) - ); + $stmt=$db->prepare("INSERT IGNORE INTO token SET token=?, expire=DATE_ADD(NOW(), INTERVAL ? SECOND), data=?"); + $stmt->execute(array($token->token,$token->tokenDuration, $token->toJson())); + $rows = $stmt->rowCount(); + } while ($rows==0); // prevent collisions return $token;