From 6819628b3ec4f7d1834a958d59c4f108c2bd6a91 Mon Sep 17 00:00:00 2001 From: Pierre Date: Fri, 19 May 2017 18:07:52 +0200 Subject: [PATCH] Changed user login strategy --- RestControllers/userController.php | 16 +++------ classes/tokens.php | 10 +++--- classes/user.php | 55 +++++++++++++++++++++++------- functions/user.php | 21 ++++++++++++ index.php | 36 +++++++++++++------ 5 files changed, 99 insertions(+), 39 deletions(-) create mode 100644 functions/user.php diff --git a/RestControllers/userController.php b/RestControllers/userController.php index 2cc1127..ed1dc01 100644 --- a/RestControllers/userController.php +++ b/RestControllers/userController.php @@ -71,15 +71,10 @@ class userController * @return array The result */ public function getCurrentUserInfosWithTokens() : array{ - //Check variables sent in request (for login) - if(!isset($_POST['token1']) OR !isset($_POST['token2'])) - throw new RestException(401, "Missing tokens !"); - - //Preparing data - $tokens = array($_POST['token1'], $_POST['token2']); + user_login_required(); //Try to get user infos from token - $userInfos = CS::get()->user->getUserInfosFromToken($tokens, APIServiceID); + $userInfos = CS::get()->user->getUserInfos(userID); //Check if response is empty if(count($userInfos) == 0) @@ -95,10 +90,9 @@ class userController * @url POST /user/getCurrentUserID */ public function getCurrentUserIDUsingTokens(){ - //Get user infos - $userInfos = $this->getCurrentUserInfosWithTokens(); + user_login_required(); - //Return userID - return array("userID" => $userInfos[0]["userID"]); + //Return userID + return array("userID" => userID); } } \ No newline at end of file diff --git a/classes/tokens.php b/classes/tokens.php index 0013cfa..7307d5b 100644 --- a/classes/tokens.php +++ b/classes/tokens.php @@ -8,16 +8,16 @@ class Tokens{ /** - * Check request tokens + * Check request client tokens * * @return Boolean Depends of the validity of the tokens */ - public function checkRequestTokens(){ + public function checkClientRequestTokens(){ if(!isset($_POST['serviceName']) OR !isset($_POST['serviceToken'])) return false; //No token specified //Check tokens - if(!$serviceID = $this->validateTokens($_POST['serviceName'], $_POST['serviceToken'])) + if(!$serviceID = $this->validateClientTokens($_POST['serviceName'], $_POST['serviceToken'])) return false; //Save service ID in a constant @@ -28,13 +28,13 @@ class Tokens{ } /** - * Check API credentials (tokens) + * Check client API credentials (tokens) * * @param String $serviceName The name of the service * @param String $token The service's token * @return Boolean False or Tokens ID / Depending of validity of credentials */ - private function validateTokens($serviceName, $token){ + private function validateClientTokens($serviceName, $token){ //Prepare DataBase request $tableName = "API_ServicesToken"; $conditions = "WHERE serviceName = ? AND token = ?"; diff --git a/classes/user.php b/classes/user.php index 4817ac3..a44b32d 100644 --- a/classes/user.php +++ b/classes/user.php @@ -64,7 +64,7 @@ class User{ * @param Integer $serviceID The ID of the service * @return False if it fails, or tokens if success */ - function getUserLoginTokenByIDs($userID, $serviceID){ + public function getUserLoginTokenByIDs($userID, $serviceID){ //Prepare database request $conditions = "WHERE ID_utilisateurs = ? AND ID_API_ServicesToken = ?"; $values = array( @@ -90,7 +90,7 @@ class User{ * @param String $serviceID The service ID * @return Boolean False if it fails */ - function deleteUserLoginToken(array $tokens, $serviceID){ + public function deleteUserLoginToken(array $tokens, $serviceID){ //Check the number of given tokens if(count($tokens) != 2) return false; @@ -112,20 +112,20 @@ class User{ } /** - * Get User Infos from token + * Get User ID from token * * @param Array $tokens The user login tokens * @param String $serviceID The ID of the service - * @return Array The result of the function (empty one if it fails) + * @return Integer User ID (0 for a failure) */ - function getUserInfosFromToken(array $tokens, $serviceID): array { + public function getUserIDfromToken($serviceID, array $tokens){ //Check token number if(count($tokens) != 2) - return array(); - + return 0; + //Prepare database request - $tablesName = "utilisateurs, API_userLoginToken"; - $conditions = "WHERE utilisateurs.ID = API_userLoginToken.ID_utilisateurs AND API_userLoginToken.ID_API_ServicesToken = ? AND API_userLoginToken.token1 = ? AND API_userLoginToken.token2 = ?"; + $tablesName = "API_userLoginToken"; + $conditions = "WHERE API_userLoginToken.ID_API_ServicesToken = ? AND API_userLoginToken.token1 = ? AND API_userLoginToken.token2 = ?"; $conditionsValues = array( $serviceID, $tokens[0], @@ -135,24 +135,53 @@ class User{ //Perform request $userInfos = CS::get()->db->select($tablesName, $conditions, $conditionsValues); + //Check if result is correct or not + if(count($userInfos) == 0) + return 0; //No result + + //Return ID + return $userInfos[0]["ID_utilisateurs"]; + } + + + /** + * Get User Infos + * + * @param Integer $userID The user ID + * @return Array The result of the function (user informations) (empty one if it fails) + */ + public function getUserInfos($userID): array { + //Prepare database request + $tablesName = "utilisateurs"; + $conditions = "WHERE utilisateurs.ID = ?"; + $conditionsValues = array( + $userID*1, + ); + + //Perform request + $userInfos = CS::get()->db->select($tablesName, $conditions, $conditionsValues); + //Check if result is correct or not if(count($userInfos) == 0) return array(); //No result //Prepare return $return = array(); - $return['userID'] = $userInfos[0]['ID_utilisateurs']; + $return['userID'] = $userInfos[0]['ID']; $return['firstName'] = $userInfos[0]['nom']; $return['lastName'] = $userInfos[0]['prenom']; - $return['mailAdress'] = $userInfos[0]['mail']; $return['accountCreationDate'] = $userInfos[0]['date_creation']; $return['publicPage'] = $userInfos[0]['public']; $return['openPage'] = $userInfos[0]['pageouverte']; - $return['noCommentOnHisPage'] = $userInfos[0]['bloquecommentaire']; $return['allowPostFromFriendOnHisPage'] = $userInfos[0]['autoriser_post_amis']; + $return['noCommentOnHisPage'] = $userInfos[0]['bloquecommentaire']; $return['virtualDirectory'] = $userInfos[0]['sous_repertoire']; $return['personnalWebsite'] = $userInfos[0]['site_web']; - $return['publicFriendList'] = $userInfos[0]['liste_amis_publique']; + $return['isPublicFriendList'] = $userInfos[0]['liste_amis_publique']; + + //Only the user may get its mail address + if(userID === $userID) + $return['mailAdress'] = $userInfos[0]['mail']; //Return result return $return; diff --git a/functions/user.php b/functions/user.php new file mode 100644 index 0000000..e570eb8 --- /dev/null +++ b/functions/user.php @@ -0,0 +1,21 @@ +config->get("site_mode") == "debug"){ $_POST['serviceName'] = "testService"; $_POST['serviceToken'] = "testPasswd"; } -if(!$cs->tokens->checkRequestTokens()) - Rest_fatal_error(401, "Please check your tokens!"); +if(!$cs->tokens->checkClientRequestTokens()) + Rest_fatal_error(401, "Please check your client tokens!"); + +//Check if login tokens where specified +if(isset($_POST['userToken1']) AND isset($_POST['userToken2'])){ + //Try to login user + $userID = $cs->user->getUserIDfromToken(APIServiceID, array( + $_POST['userToken1'], + $_POST['userToken2'] + )); + + if($userID < 1){ + Rest_fatal_error(401, "Please check your login tokens!"); + } + + //Else save userID + define("userID", $userID); +} /** * Handle Rest requests @@ -42,11 +58,11 @@ $server = new \Jacwright\RestServer\RestServer($cs->config->get("site_mode")); //Include controllers foreach(get_included_files() as $filePath){ - if(preg_match("", $filePath)){ - $className = strstr($filePath, "RestControllers/"); - $className = str_replace(array("RestControllers/", ".php"), "", $className); - $server->addClass($className); - } + if(preg_match("", $filePath)){ + $className = strstr($filePath, "RestControllers/"); + $className = str_replace(array("RestControllers/", ".php"), "", $className); + $server->addClass($className); + } } //Hanlde