Changed user login strategy

This commit is contained in:
Pierre 2017-05-19 18:07:52 +02:00
parent 033da4e0e3
commit 6819628b3e
5 changed files with 99 additions and 39 deletions

View File

@ -71,15 +71,10 @@ class userController
* @return array The result * @return array The result
*/ */
public function getCurrentUserInfosWithTokens() : array{ public function getCurrentUserInfosWithTokens() : array{
//Check variables sent in request (for login) user_login_required();
if(!isset($_POST['token1']) OR !isset($_POST['token2']))
throw new RestException(401, "Missing tokens !");
//Preparing data
$tokens = array($_POST['token1'], $_POST['token2']);
//Try to get user infos from token //Try to get user infos from token
$userInfos = CS::get()->user->getUserInfosFromToken($tokens, APIServiceID); $userInfos = CS::get()->user->getUserInfos(userID);
//Check if response is empty //Check if response is empty
if(count($userInfos) == 0) if(count($userInfos) == 0)
@ -95,10 +90,9 @@ class userController
* @url POST /user/getCurrentUserID * @url POST /user/getCurrentUserID
*/ */
public function getCurrentUserIDUsingTokens(){ public function getCurrentUserIDUsingTokens(){
//Get user infos user_login_required();
$userInfos = $this->getCurrentUserInfosWithTokens();
//Return userID //Return userID
return array("userID" => $userInfos[0]["userID"]); return array("userID" => userID);
} }
} }

View File

@ -8,16 +8,16 @@
class Tokens{ class Tokens{
/** /**
* Check request tokens * Check request client tokens
* *
* @return Boolean Depends of the validity of the tokens * @return Boolean Depends of the validity of the tokens
*/ */
public function checkRequestTokens(){ public function checkClientRequestTokens(){
if(!isset($_POST['serviceName']) OR !isset($_POST['serviceToken'])) if(!isset($_POST['serviceName']) OR !isset($_POST['serviceToken']))
return false; //No token specified return false; //No token specified
//Check tokens //Check tokens
if(!$serviceID = $this->validateTokens($_POST['serviceName'], $_POST['serviceToken'])) if(!$serviceID = $this->validateClientTokens($_POST['serviceName'], $_POST['serviceToken']))
return false; return false;
//Save service ID in a constant //Save service ID in a constant
@ -28,13 +28,13 @@ class Tokens{
} }
/** /**
* Check API credentials (tokens) * Check client API credentials (tokens)
* *
* @param String $serviceName The name of the service * @param String $serviceName The name of the service
* @param String $token The service's token * @param String $token The service's token
* @return Boolean False or Tokens ID / Depending of validity of credentials * @return Boolean False or Tokens ID / Depending of validity of credentials
*/ */
private function validateTokens($serviceName, $token){ private function validateClientTokens($serviceName, $token){
//Prepare DataBase request //Prepare DataBase request
$tableName = "API_ServicesToken"; $tableName = "API_ServicesToken";
$conditions = "WHERE serviceName = ? AND token = ?"; $conditions = "WHERE serviceName = ? AND token = ?";

View File

@ -64,7 +64,7 @@ class User{
* @param Integer $serviceID The ID of the service * @param Integer $serviceID The ID of the service
* @return False if it fails, or tokens if success * @return False if it fails, or tokens if success
*/ */
function getUserLoginTokenByIDs($userID, $serviceID){ public function getUserLoginTokenByIDs($userID, $serviceID){
//Prepare database request //Prepare database request
$conditions = "WHERE ID_utilisateurs = ? AND ID_API_ServicesToken = ?"; $conditions = "WHERE ID_utilisateurs = ? AND ID_API_ServicesToken = ?";
$values = array( $values = array(
@ -90,7 +90,7 @@ class User{
* @param String $serviceID The service ID * @param String $serviceID The service ID
* @return Boolean False if it fails * @return Boolean False if it fails
*/ */
function deleteUserLoginToken(array $tokens, $serviceID){ public function deleteUserLoginToken(array $tokens, $serviceID){
//Check the number of given tokens //Check the number of given tokens
if(count($tokens) != 2) if(count($tokens) != 2)
return false; return false;
@ -112,20 +112,20 @@ class User{
} }
/** /**
* Get User Infos from token * Get User ID from token
* *
* @param Array $tokens The user login tokens * @param Array $tokens The user login tokens
* @param String $serviceID The ID of the service * @param String $serviceID The ID of the service
* @return Array The result of the function (empty one if it fails) * @return Integer User ID (0 for a failure)
*/ */
function getUserInfosFromToken(array $tokens, $serviceID): array { public function getUserIDfromToken($serviceID, array $tokens){
//Check token number //Check token number
if(count($tokens) != 2) if(count($tokens) != 2)
return array(); return 0;
//Prepare database request //Prepare database request
$tablesName = "utilisateurs, API_userLoginToken"; $tablesName = "API_userLoginToken";
$conditions = "WHERE utilisateurs.ID = API_userLoginToken.ID_utilisateurs AND API_userLoginToken.ID_API_ServicesToken = ? AND API_userLoginToken.token1 = ? AND API_userLoginToken.token2 = ?"; $conditions = "WHERE API_userLoginToken.ID_API_ServicesToken = ? AND API_userLoginToken.token1 = ? AND API_userLoginToken.token2 = ?";
$conditionsValues = array( $conditionsValues = array(
$serviceID, $serviceID,
$tokens[0], $tokens[0],
@ -135,24 +135,53 @@ class User{
//Perform request //Perform request
$userInfos = CS::get()->db->select($tablesName, $conditions, $conditionsValues); $userInfos = CS::get()->db->select($tablesName, $conditions, $conditionsValues);
//Check if result is correct or not
if(count($userInfos) == 0)
return 0; //No result
//Return ID
return $userInfos[0]["ID_utilisateurs"];
}
/**
* Get User Infos
*
* @param Integer $userID The user ID
* @return Array The result of the function (user informations) (empty one if it fails)
*/
public function getUserInfos($userID): array {
//Prepare database request
$tablesName = "utilisateurs";
$conditions = "WHERE utilisateurs.ID = ?";
$conditionsValues = array(
$userID*1,
);
//Perform request
$userInfos = CS::get()->db->select($tablesName, $conditions, $conditionsValues);
//Check if result is correct or not //Check if result is correct or not
if(count($userInfos) == 0) if(count($userInfos) == 0)
return array(); //No result return array(); //No result
//Prepare return //Prepare return
$return = array(); $return = array();
$return['userID'] = $userInfos[0]['ID_utilisateurs']; $return['userID'] = $userInfos[0]['ID'];
$return['firstName'] = $userInfos[0]['nom']; $return['firstName'] = $userInfos[0]['nom'];
$return['lastName'] = $userInfos[0]['prenom']; $return['lastName'] = $userInfos[0]['prenom'];
$return['mailAdress'] = $userInfos[0]['mail'];
$return['accountCreationDate'] = $userInfos[0]['date_creation']; $return['accountCreationDate'] = $userInfos[0]['date_creation'];
$return['publicPage'] = $userInfos[0]['public']; $return['publicPage'] = $userInfos[0]['public'];
$return['openPage'] = $userInfos[0]['pageouverte']; $return['openPage'] = $userInfos[0]['pageouverte'];
$return['noCommentOnHisPage'] = $userInfos[0]['bloquecommentaire'];
$return['allowPostFromFriendOnHisPage'] = $userInfos[0]['autoriser_post_amis']; $return['allowPostFromFriendOnHisPage'] = $userInfos[0]['autoriser_post_amis'];
$return['noCommentOnHisPage'] = $userInfos[0]['bloquecommentaire'];
$return['virtualDirectory'] = $userInfos[0]['sous_repertoire']; $return['virtualDirectory'] = $userInfos[0]['sous_repertoire'];
$return['personnalWebsite'] = $userInfos[0]['site_web']; $return['personnalWebsite'] = $userInfos[0]['site_web'];
$return['publicFriendList'] = $userInfos[0]['liste_amis_publique']; $return['isPublicFriendList'] = $userInfos[0]['liste_amis_publique'];
//Only the user may get its mail address
if(userID === $userID)
$return['mailAdress'] = $userInfos[0]['mail'];
//Return result //Return result
return $return; return $return;

21
functions/user.php Normal file
View File

@ -0,0 +1,21 @@
<?php
/**
* User functions
*
* @author Pierre HUBERT
*/
/**
* A function that check login information are specified,
* else it quit the scripts because of missing login
*
* @return Boolean True for a success
*/
function user_login_required(){
if(!defined("userID")){
Rest_fatal_error(401, "This function requires user to be logged in!");
}
//User logged in
return true;
}

View File

@ -27,13 +27,29 @@ header("Access-Control-Allow-Origin: *");
if(!isset($_GET["format"])) if(!isset($_GET["format"]))
$_GET['format'] = "json"; $_GET['format'] = "json";
//Check tokens //Check client tokens
if($cs->config->get("site_mode") == "debug"){ if($cs->config->get("site_mode") == "debug"){
$_POST['serviceName'] = "testService"; $_POST['serviceName'] = "testService";
$_POST['serviceToken'] = "testPasswd"; $_POST['serviceToken'] = "testPasswd";
} }
if(!$cs->tokens->checkRequestTokens()) if(!$cs->tokens->checkClientRequestTokens())
Rest_fatal_error(401, "Please check your tokens!"); Rest_fatal_error(401, "Please check your client tokens!");
//Check if login tokens where specified
if(isset($_POST['userToken1']) AND isset($_POST['userToken2'])){
//Try to login user
$userID = $cs->user->getUserIDfromToken(APIServiceID, array(
$_POST['userToken1'],
$_POST['userToken2']
));
if($userID < 1){
Rest_fatal_error(401, "Please check your login tokens!");
}
//Else save userID
define("userID", $userID);
}
/** /**
* Handle Rest requests * Handle Rest requests