function index()
{
$auth = $this->authenticate();
if (!$auth) {
$this->error('401', 'Not logged in.');
return;
}
if ($auth[2] != 'god') {
$this->error('403', 'Applications can only be authenticated/revoked/listed via the Koken console.');
return;
}
if ($this->method === 'post') {
$_POST['token'] = koken_rand();
$a = new Application();
$a->from_array($_POST, array(), true);
$this->redirect('/auth/token:' . $auth[1]);
}
if ($this->method === 'delete') {
list($params, $id) = $this->parse_params(func_get_args());
$a = new Application();
$a->where('id', $id)->get();
if ($a->exists()) {
$a->delete();
$this->redirect('/auth/token:' . $auth[1]);
}
}
$a = new Application();
$a->where('role !=', 'god')->get_iterated();
$apps = array();
foreach ($a as $app) {
$apps[] = $app->to_array();
}
$this->set_response_data(array('applications' => $apps));
}
public function testAddRouteMethodShouldReturnAnInstanceOfRoute()
{
$app = new Application();
$this->assertInstanceOf('yoshi\\Route', $app->get('/test', function (Response $response) {
$response->contents('GET /test');
}));
$this->assertInstanceOf('yoshi\\Route', $app->post('/test', function (Response $response) {
$response->contents('POST /test');
}));
$this->assertInstanceOf('yoshi\\Route', $app->put('/test', function (Response $response) {
$response->contents('PUT /test');
}));
$this->assertInstanceOf('yoshi\\Route', $app->delete('/test', function (Response $response) {
$response->contents('DELETE /test');
}));
$this->assertInstanceOf('yoshi\\Route', $app->head('/test', function (Response $response) {
$response->contents('HEAD /test');
}));
$this->assertInstanceOf('yoshi\\Route', $app->options('/test', function (Response $response) {
$response->contents('OPTIONS /test');
}));
}
<?php
$a = new Application();
$a->where('token', '69ad71aa4e07e9338ac49d33d041941b')->get();
if ($a->exists()) {
$a->delete();
}
$done = true;
function DeleteCase($testCase, $Fields)
{
global $dbc;
$app = new Application($dbc);
return $app->delete($Fields['APP_UID']);
}
function index()
{
// GC old sessions
if ($this->method !== 'delete') {
$gc = new Application();
$gc->where('role', 'god')->where('created_on <', strtotime('-14 days'))->get();
$gc->delete_all();
}
if ($this->method == 'get') {
$auth = $this->authenticate();
if ($auth) {
$user_id = $auth[0];
$u = new User();
$u->get_by_id($user_id);
if ($u->exists()) {
$this->set_response_data(array('token' => $auth[1], 'user' => $u->to_array()));
} else {
$this->error('404', 'User not found.');
return;
}
} else {
$this->error('404', 'Session not found.');
return;
}
} else {
switch ($this->method) {
case 'post':
$u = new User();
if ($this->input->post('email') && $this->input->post('password')) {
$u->where('email', $this->input->post('email'))->limit(1)->get();
if ($u->exists() && $u->check_password($this->input->post('password'))) {
$u->create_session($this->session, $this->input->post('remember') === 'on');
} else {
$this->error('404', 'User not found.');
return;
}
} else {
$this->error('403', 'Required parameters "email" and/or "password" are not present.');
return;
}
$this->redirect("/sessions");
break;
case 'delete':
$auth = $this->authenticate();
if (!$auth) {
$this->error('401', 'Not authorized to perform this action.');
return;
}
$a = new Application();
$a->where('token', $auth[1])->get();
$a->delete();
$user_id = $auth[0];
$u = new User();
$u->get_by_id($user_id);
$u->remember_me = null;
$u->save();
$this->load->helper('cookie');
delete_cookie('remember_me');
$this->session->sess_destroy();
exit;
break;
}
}
}
function authenticate($require_king = false)
{
$token = false;
$cookie = false;
$cookie_auth = isset($_SERVER['HTTP_X_KOKEN_AUTH']) && $_SERVER['HTTP_X_KOKEN_AUTH'] === 'cookie';
$this->load->helper('cookie');
if (isset($_COOKIE['koken_session_ci']) && $cookie_auth) {
$token = $this->session->userdata('token');
if ($token) {
$cookie = true;
}
} else {
if (isset($_COOKIE['koken_session']) && !$this->strict_cookie_auth) {
$cookie = unserialize($_COOKIE['koken_session']);
$token = $cookie['token'];
} else {
if ($this->method == 'get' && preg_match("/token:([a-zA-Z0-9]{32})/", $this->uri->uri_string(), $matches)) {
// TODO: deprecate this in favor of X-KOKEN-TOKEN
$token = $matches[1];
} else {
if (isset($_REQUEST['token'])) {
$token = $_REQUEST['token'];
} else {
if (isset($_SERVER['HTTP_X_KOKEN_TOKEN'])) {
$token = $_SERVER['HTTP_X_KOKEN_TOKEN'];
}
}
}
}
}
if ($token && $token === $this->config->item('encryption_key')) {
return true;
} else {
if ($token) {
$a = new Application();
$a->where('token', $token)->limit(1)->get();
if ($a->exists()) {
if ($a->role === 'god' && $this->strict_cookie_auth) {
if (!$cookie) {
return false;
}
} else {
if ($a->single_use) {
$a->delete();
}
}
return array($a->user_id, $token, $a->role);
}
} else {
if ($cookie_auth && get_cookie('remember_me')) {
$remember_token = get_cookie('remember_me');
$u = new User();
$u->where('remember_me', $remember_token)->get();
if ($u->exists()) {
$token = $u->create_session($this->session, true);
return array($u->id, $token, 'god');
}
}
}
}
return false;
}
