kienan
/
AlternC
mirror of https://github.com/kienanstewart/AlternC.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Auth() for Sharedsecret is now working, Token Object too.

This commit is contained in:
Benjamin Sonntag 2014-09-21 15:26:25 +02:00
parent 3058ed4cbe
commit 924b36ee19
5 changed files with 18 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
api/panel/bootstrap.php
View File

@ -2,7 +2,7 @@
/* Global variables (AlternC configuration) */ /* Global variables (AlternC configuration) */
require_once(__DIR__."/../../class/local.php"); require_once("/usr/share/alternc/panel/class/local.php");
// Define constants from vars of /etc/alternc/local.sh // Define constants from vars of /etc/alternc/local.sh
// The you can't choose where is the AlternC Panel // The you can't choose where is the AlternC Panel
@ -23,7 +23,7 @@ require_once($root."class/db_mysql.php");
require_once($root."class/functions.php"); require_once($root."class/functions.php");
global $L_MYSQL_HOST,$L_MYSQL_DATABASE,$L_MYSQL_LOGIN,$L_MYSQL_PWD; global $L_MYSQL_HOST,$L_MYSQL_DATABASE,$L_MYSQL_LOGIN,$L_MYSQL_PWD,$db,$dbh;
class DB_system extends DB_Sql { class DB_system extends DB_Sql {
var $Host,$Database,$User,$Password; var $Host,$Database,$User,$Password;

2
lib/Alternc/Api/Auth/Interface.php
View File

@ -10,7 +10,7 @@ interface Alternc_Api_Auth_Interface {
* contructor : * contructor :
* $service is an Alternc_Api_Service object having a getDb() method * $service is an Alternc_Api_Service object having a getDb() method
*/ */
function __constructor($service); function __construct($service);
/** /**

12
lib/Alternc/Api/Auth/Sharedsecret.php
View File

@ -12,8 +12,7 @@ class Alternc_Api_Auth_Sharedsecret implements Alternc_Api_Auth_Interface {
const ERR_INVALID_ARGUMENT = 1111801; const ERR_INVALID_ARGUMENT = 1111801;
const ERR_INVALID_SECRET = 1111802; const ERR_INVALID_SECRET = 1111802;
const ERR_INVALID_LOGIN = 1111803; const ERR_INVALID_LOGIN = 1111803;
const ERR_INVALID_LOGIN = 1111804; const ERR_DISABLED_ACCOUNT = 1111804;
const ERR_DISABLED_ACCOUNT = 1111805;
/** /**
@ -22,7 +21,7 @@ class Alternc_Api_Auth_Sharedsecret implements Alternc_Api_Auth_Interface {
* @param $service an Alternc_Api_Service object * @param $service an Alternc_Api_Service object
* @return create the object * @return create the object
*/ */
function __constructor($service) { function __construct($service) {
if (!($service instanceof Alternc_Api_Service)) if (!($service instanceof Alternc_Api_Service))
throw new \Exception("Invalid argument (service)",ERR_INVALID_ARGUMENT); throw new \Exception("Invalid argument (service)",ERR_INVALID_ARGUMENT);
@ -55,15 +54,16 @@ class Alternc_Api_Auth_Sharedsecret implements Alternc_Api_Auth_Interface {
return new Alternc_Api_Response( array("code" => self::ERR_INVALID_LOGIN, "message" => "Invalid login") ); return new Alternc_Api_Response( array("code" => self::ERR_INVALID_LOGIN, "message" => "Invalid login") );
} }
$stmt = $db->query("SELECT m.enabled,m.uid,m.login,m.su FROM membres m, sharedsecret s WHERE s.uid=m.uid AND m.login=? AND s.secret=?;",array($options["login"],$options["secret"]),PDO::FETCH_CLASS); $stmt = $this->db->prepare("SELECT m.enabled,m.uid,m.login,m.su FROM membres m, sharedsecret s WHERE s.uid=m.uid AND m.login=? AND s.secret=?;");
$me=$stmt->fetch(); $stmt->execute(array($options["login"],$options["secret"]) );
$me=$stmt->fetch(PDO::FETCH_OBJ);
if (!$me) if (!$me)
return new Alternc_Api_Response( array("code" => self::ERR_INVALID_AUTH, "message" => "Invalid shared secret") ); return new Alternc_Api_Response( array("code" => self::ERR_INVALID_AUTH, "message" => "Invalid shared secret") );
if (!$me->enabled) if (!$me->enabled)
return new Alternc_Api_Response( array("code" => self::ERR_DISABLED_ACCOUNT, "message" => "Account is disabled") ); return new Alternc_Api_Response( array("code" => self::ERR_DISABLED_ACCOUNT, "message" => "Account is disabled") );
return Alternc_Api_Token::tokenGenerate( return Alternc_Api_Token::tokenGenerate(
array("uid"=>$me->uid, "isAdmin"=>($me->su!=0) ), array("uid"=>(int)$me->uid, "isAdmin"=>($me->su!=0) ),
$this->db $this->db
); );
} }

1
lib/Alternc/Api/Service.php
View File

@ -91,6 +91,7 @@ class Alternc_Api_Service {
} }
$adapterName = "Alternc_Api_Auth_".ucfirst(strtolower($auth["method"])); $adapterName = "Alternc_Api_Auth_".ucfirst(strtolower($auth["method"]));
$authAdapter = new $adapterName($this); $authAdapter = new $adapterName($this);
$token = $authAdapter->auth($auth["options"]); $token = $authAdapter->auth($auth["options"]);

11
lib/Alternc/Api/Token.php
View File

@ -39,7 +39,7 @@ class Alternc_Api_Token {
* *
* @var int * @var int
*/ */
public static $tokenDuration = 2678400; // default is a month public $tokenDuration = 2678400; // default is a month
/** /**
@ -47,7 +47,7 @@ class Alternc_Api_Token {
* @param options any of the public above * @param options any of the public above
* may contain a dbAdapter, in that case create() will be available * may contain a dbAdapter, in that case create() will be available
*/ */
public function __constructor($options=array()) { public function __construct($options=array()) {
if (isset($options["uid"]) && is_int($options["uid"])) if (isset($options["uid"]) && is_int($options["uid"]))
$this->uid=$options["uid"]; $this->uid=$options["uid"];
@ -89,9 +89,10 @@ class Alternc_Api_Token {
do { do {
$token->token = $token->tokenRandom(); $token->token = $token->tokenRandom();
$rows = $db->exec("INSERT IGNORE INTO token SET token=?, expire=DATE_ADD(NOW(), INTERVAL ? SECONDS), data=?", $stmt=$db->prepare("INSERT IGNORE INTO token SET token=?, expire=DATE_ADD(NOW(), INTERVAL ? SECOND), data=?");
array($token,$token->tokenDuration, $token->toJson()) $stmt->execute(array($token->token,$token->tokenDuration, $token->toJson()));
); $rows = $stmt->rowCount();
} while ($rows==0); // prevent collisions } while ($rows==0); // prevent collisions
return $token; return $token;