Changed user login strategy

This commit is contained in:
Pierre 2017-05-19 18:07:52 +02:00
parent 033da4e0e3
commit 6819628b3e
5 changed files with 99 additions and 39 deletions

View File

@ -71,15 +71,10 @@ class userController
* @return array The result
*/
public function getCurrentUserInfosWithTokens() : array{
//Check variables sent in request (for login)
if(!isset($_POST['token1']) OR !isset($_POST['token2']))
throw new RestException(401, "Missing tokens !");
//Preparing data
$tokens = array($_POST['token1'], $_POST['token2']);
user_login_required();
//Try to get user infos from token
$userInfos = CS::get()->user->getUserInfosFromToken($tokens, APIServiceID);
$userInfos = CS::get()->user->getUserInfos(userID);
//Check if response is empty
if(count($userInfos) == 0)
@ -95,10 +90,9 @@ class userController
* @url POST /user/getCurrentUserID
*/
public function getCurrentUserIDUsingTokens(){
//Get user infos
$userInfos = $this->getCurrentUserInfosWithTokens();
user_login_required();
//Return userID
return array("userID" => $userInfos[0]["userID"]);
return array("userID" => userID);
}
}

View File

@ -8,16 +8,16 @@
class Tokens{
/**
* Check request tokens
* Check request client tokens
*
* @return Boolean Depends of the validity of the tokens
*/
public function checkRequestTokens(){
public function checkClientRequestTokens(){
if(!isset($_POST['serviceName']) OR !isset($_POST['serviceToken']))
return false; //No token specified
//Check tokens
if(!$serviceID = $this->validateTokens($_POST['serviceName'], $_POST['serviceToken']))
if(!$serviceID = $this->validateClientTokens($_POST['serviceName'], $_POST['serviceToken']))
return false;
//Save service ID in a constant
@ -28,13 +28,13 @@ class Tokens{
}
/**
* Check API credentials (tokens)
* Check client API credentials (tokens)
*
* @param String $serviceName The name of the service
* @param String $token The service's token
* @return Boolean False or Tokens ID / Depending of validity of credentials
*/
private function validateTokens($serviceName, $token){
private function validateClientTokens($serviceName, $token){
//Prepare DataBase request
$tableName = "API_ServicesToken";
$conditions = "WHERE serviceName = ? AND token = ?";

View File

@ -64,7 +64,7 @@ class User{
* @param Integer $serviceID The ID of the service
* @return False if it fails, or tokens if success
*/
function getUserLoginTokenByIDs($userID, $serviceID){
public function getUserLoginTokenByIDs($userID, $serviceID){
//Prepare database request
$conditions = "WHERE ID_utilisateurs = ? AND ID_API_ServicesToken = ?";
$values = array(
@ -90,7 +90,7 @@ class User{
* @param String $serviceID The service ID
* @return Boolean False if it fails
*/
function deleteUserLoginToken(array $tokens, $serviceID){
public function deleteUserLoginToken(array $tokens, $serviceID){
//Check the number of given tokens
if(count($tokens) != 2)
return false;
@ -112,20 +112,20 @@ class User{
}
/**
* Get User Infos from token
* Get User ID from token
*
* @param Array $tokens The user login tokens
* @param String $serviceID The ID of the service
* @return Array The result of the function (empty one if it fails)
* @return Integer User ID (0 for a failure)
*/
function getUserInfosFromToken(array $tokens, $serviceID): array {
public function getUserIDfromToken($serviceID, array $tokens){
//Check token number
if(count($tokens) != 2)
return array();
return 0;
//Prepare database request
$tablesName = "utilisateurs, API_userLoginToken";
$conditions = "WHERE utilisateurs.ID = API_userLoginToken.ID_utilisateurs AND API_userLoginToken.ID_API_ServicesToken = ? AND API_userLoginToken.token1 = ? AND API_userLoginToken.token2 = ?";
$tablesName = "API_userLoginToken";
$conditions = "WHERE API_userLoginToken.ID_API_ServicesToken = ? AND API_userLoginToken.token1 = ? AND API_userLoginToken.token2 = ?";
$conditionsValues = array(
$serviceID,
$tokens[0],
@ -135,24 +135,53 @@ class User{
//Perform request
$userInfos = CS::get()->db->select($tablesName, $conditions, $conditionsValues);
//Check if result is correct or not
if(count($userInfos) == 0)
return 0; //No result
//Return ID
return $userInfos[0]["ID_utilisateurs"];
}
/**
* Get User Infos
*
* @param Integer $userID The user ID
* @return Array The result of the function (user informations) (empty one if it fails)
*/
public function getUserInfos($userID): array {
//Prepare database request
$tablesName = "utilisateurs";
$conditions = "WHERE utilisateurs.ID = ?";
$conditionsValues = array(
$userID*1,
);
//Perform request
$userInfos = CS::get()->db->select($tablesName, $conditions, $conditionsValues);
//Check if result is correct or not
if(count($userInfos) == 0)
return array(); //No result
//Prepare return
$return = array();
$return['userID'] = $userInfos[0]['ID_utilisateurs'];
$return['userID'] = $userInfos[0]['ID'];
$return['firstName'] = $userInfos[0]['nom'];
$return['lastName'] = $userInfos[0]['prenom'];
$return['mailAdress'] = $userInfos[0]['mail'];
$return['accountCreationDate'] = $userInfos[0]['date_creation'];
$return['publicPage'] = $userInfos[0]['public'];
$return['openPage'] = $userInfos[0]['pageouverte'];
$return['noCommentOnHisPage'] = $userInfos[0]['bloquecommentaire'];
$return['allowPostFromFriendOnHisPage'] = $userInfos[0]['autoriser_post_amis'];
$return['noCommentOnHisPage'] = $userInfos[0]['bloquecommentaire'];
$return['virtualDirectory'] = $userInfos[0]['sous_repertoire'];
$return['personnalWebsite'] = $userInfos[0]['site_web'];
$return['publicFriendList'] = $userInfos[0]['liste_amis_publique'];
$return['isPublicFriendList'] = $userInfos[0]['liste_amis_publique'];
//Only the user may get its mail address
if(userID === $userID)
$return['mailAdress'] = $userInfos[0]['mail'];
//Return result
return $return;

21
functions/user.php Normal file
View File

@ -0,0 +1,21 @@
<?php
/**
* User functions
*
* @author Pierre HUBERT
*/
/**
* A function that check login information are specified,
* else it quit the scripts because of missing login
*
* @return Boolean True for a success
*/
function user_login_required(){
if(!defined("userID")){
Rest_fatal_error(401, "This function requires user to be logged in!");
}
//User logged in
return true;
}

View File

@ -27,13 +27,29 @@ header("Access-Control-Allow-Origin: *");
if(!isset($_GET["format"]))
$_GET['format'] = "json";
//Check tokens
//Check client tokens
if($cs->config->get("site_mode") == "debug"){
$_POST['serviceName'] = "testService";
$_POST['serviceToken'] = "testPasswd";
}
if(!$cs->tokens->checkRequestTokens())
Rest_fatal_error(401, "Please check your tokens!");
if(!$cs->tokens->checkClientRequestTokens())
Rest_fatal_error(401, "Please check your client tokens!");
//Check if login tokens where specified
if(isset($_POST['userToken1']) AND isset($_POST['userToken2'])){
//Try to login user
$userID = $cs->user->getUserIDfromToken(APIServiceID, array(
$_POST['userToken1'],
$_POST['userToken2']
));
if($userID < 1){
Rest_fatal_error(401, "Please check your login tokens!");
}
//Else save userID
define("userID", $userID);
}
/**
* Handle Rest requests