[fix] Auth OK, Call OK
This commit is contained in:
Benjamin Sonntag
parent
924b36ee19
commit
eaa3f52364
|
|
@ -103,7 +103,7 @@ function apicall($data,$token,$mode) {
|
|||
$options["loginAdapterList"]=array("sharedsecret","login");
|
||||
// TODO (no loggerAdapter PSR3-Interface-compliant class as of now)
|
||||
try {
|
||||
|
||||
$data["token_hash"]=$token;
|
||||
$service=new Alternc_Api_Service($options);
|
||||
|
||||
$response = $service->call(
|
||||
|
|
@ -118,7 +118,7 @@ function apicall($data,$token,$mode) {
|
|||
// something went wrong, we spit out the exception as an Api_Response
|
||||
// TODO : Don't do that on production! spit out a generic "fatal error" code and LOG the exception !
|
||||
header("Content-Type: application/json");
|
||||
$response=new Alternc_Api_Response(array("code" => $e->code, "message" => $e->message));
|
||||
$response=new Alternc_Api_Response(array("code" => $e->getCode(), "message" => $e->getMessage() ));
|
||||
echo $response->toJson();
|
||||
exit();
|
||||
}
|
||||
|
|
@ -185,8 +185,7 @@ if ($_SERVER["REQUEST_URI"]=="/api/post") {
|
|||
exit();
|
||||
}
|
||||
}
|
||||
|
||||
if (preg_match("#^/api/rest/([^/]*)/([^/\?]*)[/\?]?$#",$_SERVER["REQUEST_URI"],$mat)) {
|
||||
if (preg_match("#^/api/rest/([^/]*)/([^/\?]*)[/\?]?#",$_SERVER["REQUEST_URI"],$mat)) {
|
||||
if ($_SERVER["REQUEST_METHOD"]=="POST") {
|
||||
$data=array("options" => $_POST,
|
||||
"object" => $mat[1],
|
||||
|
|
@ -205,3 +204,5 @@ if (preg_match("#^/api/rest/([^/]*)/([^/\?]*)[/\?]?$#",$_SERVER["REQUEST_URI"],$
|
|||
exit();
|
||||
}
|
||||
}
|
||||
|
||||
echo "I did nothing. Did you call the api properly?";
|
||||
|
|
@ -46,7 +46,7 @@ class Alternc_Api_Response {
|
|||
* initialize a response object
|
||||
* @param options any of the public above
|
||||
*/
|
||||
public function __constructor($options=array()) {
|
||||
public function __construct($options=array()) {
|
||||
$os=array("code","message","content","metadata");
|
||||
foreach ($os as $o) {
|
||||
if (isset($options[$o])) $this->$o=$options[$o];
|
||||
|
|
|
|||
|
|
@ -86,7 +86,7 @@ class Alternc_Api_Service {
|
|||
if (count($this->allowedAuth) && !in_array($auth["method"],$this->allowedAuth)) {
|
||||
throw new \Exception("Method not allowed", self::ERR_METHOD_DENIED);
|
||||
}
|
||||
if (isset($auth["options"]["uid"]) && !is_int($auth["options"]["uid"])) {
|
||||
if (isset($auth["options"]["uid"]) && !intval($auth["options"]["uid"])) {
|
||||
throw new \Exception("Invalid UID", self::ERR_INVALID_ARGUMENT);
|
||||
}
|
||||
|
||||
|
|
@ -109,9 +109,10 @@ class Alternc_Api_Service {
|
|||
return new Alternc_Api_Response( array("code" => self::ERR_SETUID_FORBIDDEN, "message" => "This user is not allowed to set his uid") );
|
||||
}
|
||||
// Search for the requested user. We allow using *disabled* account here since we are admin
|
||||
foreach($db->query("SELECT uid FROM membres WHERE uid=?",array($auth["options"]["uid"])) as $setuid) {
|
||||
$token->uid=$setuid;
|
||||
$db->exec("UPDATE token SET uid=? WHERE token=?",array( $token->uid, $token->token) );
|
||||
foreach($this->db->query("SELECT uid FROM membres WHERE uid=".intval($auth["options"]["uid"])) as $setuid) {
|
||||
$token->uid=intval($setuid['uid']);
|
||||
$stmt=$this->db->prepare("UPDATE token SET data=? WHERE token=?");
|
||||
$stmt->execute(array( $token->toJson(), $token->token));
|
||||
return $token;
|
||||
}
|
||||
return new Alternc_Api_Response( array("code" => self::ERR_SETUID_USER_NOT_FOUND, "message" => "Can't find the user you want to setuid to") );
|
||||
|
|
@ -149,7 +150,7 @@ class Alternc_Api_Service {
|
|||
$request->token=$this->token; // we receive $request->token_hash as a STRING, but we transmit its object as an Alternc_Api_Token.
|
||||
|
||||
// TODO: log this Api Call
|
||||
return $object->$action($request);
|
||||
return $object->$action($request->options);
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -114,8 +114,9 @@ class Alternc_Api_Token {
|
|||
if (!is_string($token) || !preg_match("#^[a-zA-Z0-9]{32}$#",$token)) {
|
||||
return new Alternc_Api_Response( array("code" => self::ERR_INVALID_TOKEN, "message" => "Invalid token") );
|
||||
}
|
||||
|
||||
foreach($db->query("SELECT * FROM token WHERE token=?", array($token)) as $tok) {
|
||||
$stmt=$db->prepare("SELECT * FROM token WHERE token=?");
|
||||
$stmt->execute(array($token));
|
||||
while ($tok=$stmt->fetch(PDO::FETCH_OBJ)) {
|
||||
return new Alternc_Api_Token( json_decode($tok->data,true) );
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue