/**
* Assigns a new authentication token
*
* This route will assign the user a new
* authentication token, if they provide
* valid credentials.
*
* this token can be used on further
* requests to authenticate the user.
*
**/
public function login($app)
{
$username = $app->request->post('username');
$password = $app->request->post('password');
if ($username === null || $password === null) {
$app->response->setStatus(403);
$app->response->write('username and password required');
return $app->response->finalize();
}
$users = UserModel::findWhere(['username' => $username]);
if (count($users) == 0) {
$app->response->setStatus(401);
$app->response->write('invalid credentials');
return $app->response->finalize();
}
$user = $users[0];
if ($user->checkPassword($password)) {
$previous_token = $app->getCookie(self::TOKEN_COOKIE);
if ($previous_token != null) {
TokenModel::invalidate($previous_token);
}
$key = TokenModel::makeKey();
$token = TokenModel::generate($user, $key);
$token->save();
$app->setCookie(self::TOKEN_COOKIE, $key);
$app->response->write("logged in");
return $app->response->finalize();
} else {
$app->response->setStatus(403);
$app->response->write('invalid credentials');
return $app->response->finalize();
}
}
/**
* a token can be found by it's key
**/
public function testFindToken()
{
$user = new UserModel();
$user->username = '******';
$user->password = '******';
$user->save();
$key = TokenModel::makeKey();
$token = TokenModel::generate($user, $key);
$token->save();
$token2 = TokenModel::findToken($key);
$this->assertNotNull($token2);
}
/**
* authorize users with a valid token
*
* users without a valid token are
* forbidden(code: 401) from proceeding.
**/
public function handle(\Slim\Slim $app)
{
$token_cookie = $app->getCookie(AuthController::TOKEN_COOKIE);
if (empty($token_cookie)) {
$app->response->setStatus(401);
$app->response->finalize();
return $app->response->finalize();
}
$token = TokenModel::findToken($token_cookie);
if ($token == null) {
$app->response->setStatus(401);
$app->response->finalize();
return $app->response->finalize();
}
}