mirror of
https://github.com/pierre42100/ComunicAPI
synced 2024-11-23 13:59:29 +00:00
Changed user login strategy
This commit is contained in:
parent
033da4e0e3
commit
6819628b3e
@ -71,15 +71,10 @@ class userController
|
|||||||
* @return array The result
|
* @return array The result
|
||||||
*/
|
*/
|
||||||
public function getCurrentUserInfosWithTokens() : array{
|
public function getCurrentUserInfosWithTokens() : array{
|
||||||
//Check variables sent in request (for login)
|
user_login_required();
|
||||||
if(!isset($_POST['token1']) OR !isset($_POST['token2']))
|
|
||||||
throw new RestException(401, "Missing tokens !");
|
|
||||||
|
|
||||||
//Preparing data
|
|
||||||
$tokens = array($_POST['token1'], $_POST['token2']);
|
|
||||||
|
|
||||||
//Try to get user infos from token
|
//Try to get user infos from token
|
||||||
$userInfos = CS::get()->user->getUserInfosFromToken($tokens, APIServiceID);
|
$userInfos = CS::get()->user->getUserInfos(userID);
|
||||||
|
|
||||||
//Check if response is empty
|
//Check if response is empty
|
||||||
if(count($userInfos) == 0)
|
if(count($userInfos) == 0)
|
||||||
@ -95,10 +90,9 @@ class userController
|
|||||||
* @url POST /user/getCurrentUserID
|
* @url POST /user/getCurrentUserID
|
||||||
*/
|
*/
|
||||||
public function getCurrentUserIDUsingTokens(){
|
public function getCurrentUserIDUsingTokens(){
|
||||||
//Get user infos
|
user_login_required();
|
||||||
$userInfos = $this->getCurrentUserInfosWithTokens();
|
|
||||||
|
|
||||||
//Return userID
|
//Return userID
|
||||||
return array("userID" => $userInfos[0]["userID"]);
|
return array("userID" => userID);
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -8,16 +8,16 @@
|
|||||||
class Tokens{
|
class Tokens{
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check request tokens
|
* Check request client tokens
|
||||||
*
|
*
|
||||||
* @return Boolean Depends of the validity of the tokens
|
* @return Boolean Depends of the validity of the tokens
|
||||||
*/
|
*/
|
||||||
public function checkRequestTokens(){
|
public function checkClientRequestTokens(){
|
||||||
if(!isset($_POST['serviceName']) OR !isset($_POST['serviceToken']))
|
if(!isset($_POST['serviceName']) OR !isset($_POST['serviceToken']))
|
||||||
return false; //No token specified
|
return false; //No token specified
|
||||||
|
|
||||||
//Check tokens
|
//Check tokens
|
||||||
if(!$serviceID = $this->validateTokens($_POST['serviceName'], $_POST['serviceToken']))
|
if(!$serviceID = $this->validateClientTokens($_POST['serviceName'], $_POST['serviceToken']))
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
//Save service ID in a constant
|
//Save service ID in a constant
|
||||||
@ -28,13 +28,13 @@ class Tokens{
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check API credentials (tokens)
|
* Check client API credentials (tokens)
|
||||||
*
|
*
|
||||||
* @param String $serviceName The name of the service
|
* @param String $serviceName The name of the service
|
||||||
* @param String $token The service's token
|
* @param String $token The service's token
|
||||||
* @return Boolean False or Tokens ID / Depending of validity of credentials
|
* @return Boolean False or Tokens ID / Depending of validity of credentials
|
||||||
*/
|
*/
|
||||||
private function validateTokens($serviceName, $token){
|
private function validateClientTokens($serviceName, $token){
|
||||||
//Prepare DataBase request
|
//Prepare DataBase request
|
||||||
$tableName = "API_ServicesToken";
|
$tableName = "API_ServicesToken";
|
||||||
$conditions = "WHERE serviceName = ? AND token = ?";
|
$conditions = "WHERE serviceName = ? AND token = ?";
|
||||||
|
@ -64,7 +64,7 @@ class User{
|
|||||||
* @param Integer $serviceID The ID of the service
|
* @param Integer $serviceID The ID of the service
|
||||||
* @return False if it fails, or tokens if success
|
* @return False if it fails, or tokens if success
|
||||||
*/
|
*/
|
||||||
function getUserLoginTokenByIDs($userID, $serviceID){
|
public function getUserLoginTokenByIDs($userID, $serviceID){
|
||||||
//Prepare database request
|
//Prepare database request
|
||||||
$conditions = "WHERE ID_utilisateurs = ? AND ID_API_ServicesToken = ?";
|
$conditions = "WHERE ID_utilisateurs = ? AND ID_API_ServicesToken = ?";
|
||||||
$values = array(
|
$values = array(
|
||||||
@ -90,7 +90,7 @@ class User{
|
|||||||
* @param String $serviceID The service ID
|
* @param String $serviceID The service ID
|
||||||
* @return Boolean False if it fails
|
* @return Boolean False if it fails
|
||||||
*/
|
*/
|
||||||
function deleteUserLoginToken(array $tokens, $serviceID){
|
public function deleteUserLoginToken(array $tokens, $serviceID){
|
||||||
//Check the number of given tokens
|
//Check the number of given tokens
|
||||||
if(count($tokens) != 2)
|
if(count($tokens) != 2)
|
||||||
return false;
|
return false;
|
||||||
@ -112,20 +112,20 @@ class User{
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get User Infos from token
|
* Get User ID from token
|
||||||
*
|
*
|
||||||
* @param Array $tokens The user login tokens
|
* @param Array $tokens The user login tokens
|
||||||
* @param String $serviceID The ID of the service
|
* @param String $serviceID The ID of the service
|
||||||
* @return Array The result of the function (empty one if it fails)
|
* @return Integer User ID (0 for a failure)
|
||||||
*/
|
*/
|
||||||
function getUserInfosFromToken(array $tokens, $serviceID): array {
|
public function getUserIDfromToken($serviceID, array $tokens){
|
||||||
//Check token number
|
//Check token number
|
||||||
if(count($tokens) != 2)
|
if(count($tokens) != 2)
|
||||||
return array();
|
return 0;
|
||||||
|
|
||||||
//Prepare database request
|
//Prepare database request
|
||||||
$tablesName = "utilisateurs, API_userLoginToken";
|
$tablesName = "API_userLoginToken";
|
||||||
$conditions = "WHERE utilisateurs.ID = API_userLoginToken.ID_utilisateurs AND API_userLoginToken.ID_API_ServicesToken = ? AND API_userLoginToken.token1 = ? AND API_userLoginToken.token2 = ?";
|
$conditions = "WHERE API_userLoginToken.ID_API_ServicesToken = ? AND API_userLoginToken.token1 = ? AND API_userLoginToken.token2 = ?";
|
||||||
$conditionsValues = array(
|
$conditionsValues = array(
|
||||||
$serviceID,
|
$serviceID,
|
||||||
$tokens[0],
|
$tokens[0],
|
||||||
@ -135,24 +135,53 @@ class User{
|
|||||||
//Perform request
|
//Perform request
|
||||||
$userInfos = CS::get()->db->select($tablesName, $conditions, $conditionsValues);
|
$userInfos = CS::get()->db->select($tablesName, $conditions, $conditionsValues);
|
||||||
|
|
||||||
|
//Check if result is correct or not
|
||||||
|
if(count($userInfos) == 0)
|
||||||
|
return 0; //No result
|
||||||
|
|
||||||
|
//Return ID
|
||||||
|
return $userInfos[0]["ID_utilisateurs"];
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get User Infos
|
||||||
|
*
|
||||||
|
* @param Integer $userID The user ID
|
||||||
|
* @return Array The result of the function (user informations) (empty one if it fails)
|
||||||
|
*/
|
||||||
|
public function getUserInfos($userID): array {
|
||||||
|
//Prepare database request
|
||||||
|
$tablesName = "utilisateurs";
|
||||||
|
$conditions = "WHERE utilisateurs.ID = ?";
|
||||||
|
$conditionsValues = array(
|
||||||
|
$userID*1,
|
||||||
|
);
|
||||||
|
|
||||||
|
//Perform request
|
||||||
|
$userInfos = CS::get()->db->select($tablesName, $conditions, $conditionsValues);
|
||||||
|
|
||||||
//Check if result is correct or not
|
//Check if result is correct or not
|
||||||
if(count($userInfos) == 0)
|
if(count($userInfos) == 0)
|
||||||
return array(); //No result
|
return array(); //No result
|
||||||
|
|
||||||
//Prepare return
|
//Prepare return
|
||||||
$return = array();
|
$return = array();
|
||||||
$return['userID'] = $userInfos[0]['ID_utilisateurs'];
|
$return['userID'] = $userInfos[0]['ID'];
|
||||||
$return['firstName'] = $userInfos[0]['nom'];
|
$return['firstName'] = $userInfos[0]['nom'];
|
||||||
$return['lastName'] = $userInfos[0]['prenom'];
|
$return['lastName'] = $userInfos[0]['prenom'];
|
||||||
$return['mailAdress'] = $userInfos[0]['mail'];
|
|
||||||
$return['accountCreationDate'] = $userInfos[0]['date_creation'];
|
$return['accountCreationDate'] = $userInfos[0]['date_creation'];
|
||||||
$return['publicPage'] = $userInfos[0]['public'];
|
$return['publicPage'] = $userInfos[0]['public'];
|
||||||
$return['openPage'] = $userInfos[0]['pageouverte'];
|
$return['openPage'] = $userInfos[0]['pageouverte'];
|
||||||
$return['noCommentOnHisPage'] = $userInfos[0]['bloquecommentaire'];
|
|
||||||
$return['allowPostFromFriendOnHisPage'] = $userInfos[0]['autoriser_post_amis'];
|
$return['allowPostFromFriendOnHisPage'] = $userInfos[0]['autoriser_post_amis'];
|
||||||
|
$return['noCommentOnHisPage'] = $userInfos[0]['bloquecommentaire'];
|
||||||
$return['virtualDirectory'] = $userInfos[0]['sous_repertoire'];
|
$return['virtualDirectory'] = $userInfos[0]['sous_repertoire'];
|
||||||
$return['personnalWebsite'] = $userInfos[0]['site_web'];
|
$return['personnalWebsite'] = $userInfos[0]['site_web'];
|
||||||
$return['publicFriendList'] = $userInfos[0]['liste_amis_publique'];
|
$return['isPublicFriendList'] = $userInfos[0]['liste_amis_publique'];
|
||||||
|
|
||||||
|
//Only the user may get its mail address
|
||||||
|
if(userID === $userID)
|
||||||
|
$return['mailAdress'] = $userInfos[0]['mail'];
|
||||||
|
|
||||||
//Return result
|
//Return result
|
||||||
return $return;
|
return $return;
|
||||||
|
21
functions/user.php
Normal file
21
functions/user.php
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
<?php
|
||||||
|
/**
|
||||||
|
* User functions
|
||||||
|
*
|
||||||
|
* @author Pierre HUBERT
|
||||||
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A function that check login information are specified,
|
||||||
|
* else it quit the scripts because of missing login
|
||||||
|
*
|
||||||
|
* @return Boolean True for a success
|
||||||
|
*/
|
||||||
|
function user_login_required(){
|
||||||
|
if(!defined("userID")){
|
||||||
|
Rest_fatal_error(401, "This function requires user to be logged in!");
|
||||||
|
}
|
||||||
|
|
||||||
|
//User logged in
|
||||||
|
return true;
|
||||||
|
}
|
22
index.php
22
index.php
@ -27,13 +27,29 @@ header("Access-Control-Allow-Origin: *");
|
|||||||
if(!isset($_GET["format"]))
|
if(!isset($_GET["format"]))
|
||||||
$_GET['format'] = "json";
|
$_GET['format'] = "json";
|
||||||
|
|
||||||
//Check tokens
|
//Check client tokens
|
||||||
if($cs->config->get("site_mode") == "debug"){
|
if($cs->config->get("site_mode") == "debug"){
|
||||||
$_POST['serviceName'] = "testService";
|
$_POST['serviceName'] = "testService";
|
||||||
$_POST['serviceToken'] = "testPasswd";
|
$_POST['serviceToken'] = "testPasswd";
|
||||||
}
|
}
|
||||||
if(!$cs->tokens->checkRequestTokens())
|
if(!$cs->tokens->checkClientRequestTokens())
|
||||||
Rest_fatal_error(401, "Please check your tokens!");
|
Rest_fatal_error(401, "Please check your client tokens!");
|
||||||
|
|
||||||
|
//Check if login tokens where specified
|
||||||
|
if(isset($_POST['userToken1']) AND isset($_POST['userToken2'])){
|
||||||
|
//Try to login user
|
||||||
|
$userID = $cs->user->getUserIDfromToken(APIServiceID, array(
|
||||||
|
$_POST['userToken1'],
|
||||||
|
$_POST['userToken2']
|
||||||
|
));
|
||||||
|
|
||||||
|
if($userID < 1){
|
||||||
|
Rest_fatal_error(401, "Please check your login tokens!");
|
||||||
|
}
|
||||||
|
|
||||||
|
//Else save userID
|
||||||
|
define("userID", $userID);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Handle Rest requests
|
* Handle Rest requests
|
||||||
|
Loading…
Reference in New Issue
Block a user