mirror of
https://github.com/pierre42100/ComunicAPI
synced 2024-11-23 13:59:29 +00:00
Changed user login strategy
This commit is contained in:
parent
033da4e0e3
commit
6819628b3e
@ -71,15 +71,10 @@ class userController
|
||||
* @return array The result
|
||||
*/
|
||||
public function getCurrentUserInfosWithTokens() : array{
|
||||
//Check variables sent in request (for login)
|
||||
if(!isset($_POST['token1']) OR !isset($_POST['token2']))
|
||||
throw new RestException(401, "Missing tokens !");
|
||||
|
||||
//Preparing data
|
||||
$tokens = array($_POST['token1'], $_POST['token2']);
|
||||
user_login_required();
|
||||
|
||||
//Try to get user infos from token
|
||||
$userInfos = CS::get()->user->getUserInfosFromToken($tokens, APIServiceID);
|
||||
$userInfos = CS::get()->user->getUserInfos(userID);
|
||||
|
||||
//Check if response is empty
|
||||
if(count($userInfos) == 0)
|
||||
@ -95,10 +90,9 @@ class userController
|
||||
* @url POST /user/getCurrentUserID
|
||||
*/
|
||||
public function getCurrentUserIDUsingTokens(){
|
||||
//Get user infos
|
||||
$userInfos = $this->getCurrentUserInfosWithTokens();
|
||||
user_login_required();
|
||||
|
||||
//Return userID
|
||||
return array("userID" => $userInfos[0]["userID"]);
|
||||
return array("userID" => userID);
|
||||
}
|
||||
}
|
@ -8,16 +8,16 @@
|
||||
class Tokens{
|
||||
|
||||
/**
|
||||
* Check request tokens
|
||||
* Check request client tokens
|
||||
*
|
||||
* @return Boolean Depends of the validity of the tokens
|
||||
*/
|
||||
public function checkRequestTokens(){
|
||||
public function checkClientRequestTokens(){
|
||||
if(!isset($_POST['serviceName']) OR !isset($_POST['serviceToken']))
|
||||
return false; //No token specified
|
||||
|
||||
//Check tokens
|
||||
if(!$serviceID = $this->validateTokens($_POST['serviceName'], $_POST['serviceToken']))
|
||||
if(!$serviceID = $this->validateClientTokens($_POST['serviceName'], $_POST['serviceToken']))
|
||||
return false;
|
||||
|
||||
//Save service ID in a constant
|
||||
@ -28,13 +28,13 @@ class Tokens{
|
||||
}
|
||||
|
||||
/**
|
||||
* Check API credentials (tokens)
|
||||
* Check client API credentials (tokens)
|
||||
*
|
||||
* @param String $serviceName The name of the service
|
||||
* @param String $token The service's token
|
||||
* @return Boolean False or Tokens ID / Depending of validity of credentials
|
||||
*/
|
||||
private function validateTokens($serviceName, $token){
|
||||
private function validateClientTokens($serviceName, $token){
|
||||
//Prepare DataBase request
|
||||
$tableName = "API_ServicesToken";
|
||||
$conditions = "WHERE serviceName = ? AND token = ?";
|
||||
|
@ -64,7 +64,7 @@ class User{
|
||||
* @param Integer $serviceID The ID of the service
|
||||
* @return False if it fails, or tokens if success
|
||||
*/
|
||||
function getUserLoginTokenByIDs($userID, $serviceID){
|
||||
public function getUserLoginTokenByIDs($userID, $serviceID){
|
||||
//Prepare database request
|
||||
$conditions = "WHERE ID_utilisateurs = ? AND ID_API_ServicesToken = ?";
|
||||
$values = array(
|
||||
@ -90,7 +90,7 @@ class User{
|
||||
* @param String $serviceID The service ID
|
||||
* @return Boolean False if it fails
|
||||
*/
|
||||
function deleteUserLoginToken(array $tokens, $serviceID){
|
||||
public function deleteUserLoginToken(array $tokens, $serviceID){
|
||||
//Check the number of given tokens
|
||||
if(count($tokens) != 2)
|
||||
return false;
|
||||
@ -112,20 +112,20 @@ class User{
|
||||
}
|
||||
|
||||
/**
|
||||
* Get User Infos from token
|
||||
* Get User ID from token
|
||||
*
|
||||
* @param Array $tokens The user login tokens
|
||||
* @param String $serviceID The ID of the service
|
||||
* @return Array The result of the function (empty one if it fails)
|
||||
* @return Integer User ID (0 for a failure)
|
||||
*/
|
||||
function getUserInfosFromToken(array $tokens, $serviceID): array {
|
||||
public function getUserIDfromToken($serviceID, array $tokens){
|
||||
//Check token number
|
||||
if(count($tokens) != 2)
|
||||
return array();
|
||||
return 0;
|
||||
|
||||
//Prepare database request
|
||||
$tablesName = "utilisateurs, API_userLoginToken";
|
||||
$conditions = "WHERE utilisateurs.ID = API_userLoginToken.ID_utilisateurs AND API_userLoginToken.ID_API_ServicesToken = ? AND API_userLoginToken.token1 = ? AND API_userLoginToken.token2 = ?";
|
||||
$tablesName = "API_userLoginToken";
|
||||
$conditions = "WHERE API_userLoginToken.ID_API_ServicesToken = ? AND API_userLoginToken.token1 = ? AND API_userLoginToken.token2 = ?";
|
||||
$conditionsValues = array(
|
||||
$serviceID,
|
||||
$tokens[0],
|
||||
@ -135,24 +135,53 @@ class User{
|
||||
//Perform request
|
||||
$userInfos = CS::get()->db->select($tablesName, $conditions, $conditionsValues);
|
||||
|
||||
//Check if result is correct or not
|
||||
if(count($userInfos) == 0)
|
||||
return 0; //No result
|
||||
|
||||
//Return ID
|
||||
return $userInfos[0]["ID_utilisateurs"];
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Get User Infos
|
||||
*
|
||||
* @param Integer $userID The user ID
|
||||
* @return Array The result of the function (user informations) (empty one if it fails)
|
||||
*/
|
||||
public function getUserInfos($userID): array {
|
||||
//Prepare database request
|
||||
$tablesName = "utilisateurs";
|
||||
$conditions = "WHERE utilisateurs.ID = ?";
|
||||
$conditionsValues = array(
|
||||
$userID*1,
|
||||
);
|
||||
|
||||
//Perform request
|
||||
$userInfos = CS::get()->db->select($tablesName, $conditions, $conditionsValues);
|
||||
|
||||
//Check if result is correct or not
|
||||
if(count($userInfos) == 0)
|
||||
return array(); //No result
|
||||
|
||||
//Prepare return
|
||||
$return = array();
|
||||
$return['userID'] = $userInfos[0]['ID_utilisateurs'];
|
||||
$return['userID'] = $userInfos[0]['ID'];
|
||||
$return['firstName'] = $userInfos[0]['nom'];
|
||||
$return['lastName'] = $userInfos[0]['prenom'];
|
||||
$return['mailAdress'] = $userInfos[0]['mail'];
|
||||
$return['accountCreationDate'] = $userInfos[0]['date_creation'];
|
||||
$return['publicPage'] = $userInfos[0]['public'];
|
||||
$return['openPage'] = $userInfos[0]['pageouverte'];
|
||||
$return['noCommentOnHisPage'] = $userInfos[0]['bloquecommentaire'];
|
||||
$return['allowPostFromFriendOnHisPage'] = $userInfos[0]['autoriser_post_amis'];
|
||||
$return['noCommentOnHisPage'] = $userInfos[0]['bloquecommentaire'];
|
||||
$return['virtualDirectory'] = $userInfos[0]['sous_repertoire'];
|
||||
$return['personnalWebsite'] = $userInfos[0]['site_web'];
|
||||
$return['publicFriendList'] = $userInfos[0]['liste_amis_publique'];
|
||||
$return['isPublicFriendList'] = $userInfos[0]['liste_amis_publique'];
|
||||
|
||||
//Only the user may get its mail address
|
||||
if(userID === $userID)
|
||||
$return['mailAdress'] = $userInfos[0]['mail'];
|
||||
|
||||
//Return result
|
||||
return $return;
|
||||
|
21
functions/user.php
Normal file
21
functions/user.php
Normal file
@ -0,0 +1,21 @@
|
||||
<?php
|
||||
/**
|
||||
* User functions
|
||||
*
|
||||
* @author Pierre HUBERT
|
||||
*/
|
||||
|
||||
/**
|
||||
* A function that check login information are specified,
|
||||
* else it quit the scripts because of missing login
|
||||
*
|
||||
* @return Boolean True for a success
|
||||
*/
|
||||
function user_login_required(){
|
||||
if(!defined("userID")){
|
||||
Rest_fatal_error(401, "This function requires user to be logged in!");
|
||||
}
|
||||
|
||||
//User logged in
|
||||
return true;
|
||||
}
|
22
index.php
22
index.php
@ -27,13 +27,29 @@ header("Access-Control-Allow-Origin: *");
|
||||
if(!isset($_GET["format"]))
|
||||
$_GET['format'] = "json";
|
||||
|
||||
//Check tokens
|
||||
//Check client tokens
|
||||
if($cs->config->get("site_mode") == "debug"){
|
||||
$_POST['serviceName'] = "testService";
|
||||
$_POST['serviceToken'] = "testPasswd";
|
||||
}
|
||||
if(!$cs->tokens->checkRequestTokens())
|
||||
Rest_fatal_error(401, "Please check your tokens!");
|
||||
if(!$cs->tokens->checkClientRequestTokens())
|
||||
Rest_fatal_error(401, "Please check your client tokens!");
|
||||
|
||||
//Check if login tokens where specified
|
||||
if(isset($_POST['userToken1']) AND isset($_POST['userToken2'])){
|
||||
//Try to login user
|
||||
$userID = $cs->user->getUserIDfromToken(APIServiceID, array(
|
||||
$_POST['userToken1'],
|
||||
$_POST['userToken2']
|
||||
));
|
||||
|
||||
if($userID < 1){
|
||||
Rest_fatal_error(401, "Please check your login tokens!");
|
||||
}
|
||||
|
||||
//Else save userID
|
||||
define("userID", $userID);
|
||||
}
|
||||
|
||||
/**
|
||||
* Handle Rest requests
|
||||
|
Loading…
Reference in New Issue
Block a user