Ejemplo n.º 1
0
 /**
  * N.B.: if the user passed as input is a supporter, the method prefix '1'
  * to the token, making it 41-character long, rather than 40
  *
  * @param PcApiApp $apiApp
  * @param int $userId
  * @return string
  */
 public static function createToken(PcApiApp $apiApp, $userId)
 {
     $apiAppId = $apiApp->getId();
     // if there is already a token entry for the application and the user, we delete it
     $c = new Criteria();
     $c->add(PcApiTokenPeer::API_APP_ID, $apiAppId);
     $c->add(PcApiTokenPeer::USER_ID, $userId);
     PcApiTokenPeer::doDelete($c);
     $apiTokenEntry = new PcApiToken();
     $tokenPrefix = PcUserPeer::retrieveByPK($userId)->isSupporter() ? '1' : '';
     // we want to be extra-sure the token is unique
     $token = '';
     $safetyCounter = 0;
     // to avoid infinite loop under any circumstances
     do {
         $token = $tokenPrefix . PcUtils::generate40CharacterRandomHash();
         $c = new Criteria();
         $c->add(PcApiTokenPeer::TOKEN, $token);
         $alreadyExisting = PcApiTokenPeer::doSelectOne($c);
         $safetyCounter++;
         if ($safetyCounter == 100) {
             throw new Exception("Detected possible infinite loop while creating API token");
         }
     } while (is_object($alreadyExisting));
     $apiTokenEntry->setToken($token)->setApiAppId($apiAppId)->setUserId($userId)->setExpiryTimestamp(time() + sfConfig::get('app_api_tokenValidity') * 3600)->save();
     return $token;
 }
Ejemplo n.º 2
0
 /**
  *
  * @param string $token
  * @return boolean - whether the token is valid or not
  */
 private function isTokenValid($token)
 {
     if ($this->methodName == 'getToken') {
         return true;
     }
     $c = new Criteria();
     $c->add(PcApiTokenPeer::TOKEN, $token);
     $apiTokenEntry = PcApiTokenPeer::doSelectOne($c);
     if (!is_object($apiTokenEntry)) {
         return false;
     }
     if ($apiTokenEntry->getExpiryTimestamp() < time() || $apiTokenEntry == null || $apiTokenEntry->getUserId() <= 0) {
         return false;
     }
     return true;
 }