Ejemplo n.º 1
0
 public function authenticate(SS_HTTPRequest $request)
 {
     $token = $this->getToken($request);
     $user = null;
     if (!Member::currentUserID() && !$this->allowPublicAccess || $token) {
         if (!$token) {
             throw new WebServiceException(403, "Missing token parameter");
         }
         $user = $this->tokenAuthenticator->authenticate($token);
         if (!$user) {
             throw new WebServiceException(403, "Invalid user token");
         }
     } else {
         if ($this->allowSecurityId && Member::currentUserID()) {
             // we check the SecurityID parameter for the current user
             $secParam = SecurityToken::inst()->getName();
             $securityID = $request->requestVar($secParam);
             if ($securityID && $securityID != SecurityToken::inst()->getValue()) {
                 throw new WebServiceException(403, "Invalid security ID");
             }
             $user = Member::currentUser();
         }
     }
     if (!$user && !$this->allowPublicAccess) {
         throw new WebServiceException(403, "Invalid request");
     }
     // now, if we have an hmacValidator in place, use it
     if ($this->hmacValidator && $user) {
         if (!$this->hmacValidator->validateHmac($user, $request)) {
             throw new WebServiceException(403, "Invalid message");
         }
     }
     return true;
 }
Ejemplo n.º 2
0
 public function testAuthenticateUserToken()
 {
     $member = new Member();
     $member->Email = "*****@*****.**";
     $member->Password = "******";
     $member->write();
     $this->assertNotNull($member->Token);
     $this->assertNotNull($member->AuthPrivateKey);
     $token = $member->ID . ":" . $member->userToken();
     // create an authenticator and see what we get back
     $tokenAuth = new TokenAuthenticator();
     $user = $tokenAuth->authenticate($token);
     $this->assertEquals($member->ID, $user->ID);
     $token = "42:" . $member->userToken();
     $user = $tokenAuth->authenticate($token);
     $this->assertNull($user);
 }