Example #1
0
 /**
  * Grant access tokens for basic user credentials.
  * Check the supplied username and password for validity.
  *
  * You can also use the $client_id param to do any checks required based
  * on a client, if you need that.
  *
  * Required for OAuth2::GRANT_TYPE_USER_CREDENTIALS.
  *
  * @param   string  $username  Username to be check with.
  * @param   string  $password  Password to be check with.
  *
  * @return boolean  TRUE if the username and password are valid, and FALSE if it isn't.
  * Moreover, if the username and password are valid, and you want to
  *
  * @see http://tools.ietf.org/html/rfc6749#section-4.3
  *
  * @ingroup oauth2_section_4
  */
 public function checkUserCredentials($username, $password)
 {
     $credentials = array('username' => $username, 'password' => $password);
     $response = \RUser::userLogin($credentials);
     return $response;
 }
Example #2
0
 /**
  * 从cursor游标得到数组
  * 同时获取该记录的操作者
  */
 public static function getRowsFromCursor($e_cursor)
 {
     $rows = array();
     $e_cursor->next();
     $_ids = array();
     $user_ids = array();
     while ($row = $e_cursor->current()) {
         $t = $row->attributes;
         $rows[] = $t;
         $_ids[] = $t['_id'];
         if (isset($t['user'])) {
             if (!is_numeric($t['user'])) {
                 //不是管理员用户
                 $user_ids[] = $t['user'];
             }
         }
         $e_cursor->next();
     }
     $total = count($rows);
     if ($total > 0) {
         $model = $e_cursor->getModel();
         $db_name = $model->getMongoDBComponent()->dbName;
         $c_name = $model->getCollectionName();
         $criteria = new EMongoCriteria();
         $criteria->db_name('==', $db_name);
         $criteria->c_name('==', $c_name);
         $criteria->r_id('in', $_ids);
         $criteria->limit($total);
         $cursor = DbAction::model()->findAll($criteria);
         //var_dump($_ids);exit;
         if ($cursor->count() > 0) {
             $action_info = array();
             $admin_user_ids = array();
             foreach ($cursor as $v) {
                 $_id = (string) $v->r_id;
                 $action = $v->action;
                 $last = count($action) - 1;
                 $admin_user_ids[] = $action[$last]['user'];
                 $action_info[$_id] = array('action_time' => date("Y-m-d H:i", $action[$last]['time']), 'admin_id' => $action[$last]['user'], 'action_log' => isset($action[$last]['action_log']) ? $action[$last]['action_log'] : '');
             }
             $criteria = new EMongoCriteria();
             $criteria->_id('in', $admin_user_ids);
             $user_cursor = User::model()->findAll($criteria);
             $ruser_cursor = RUser::model()->findAll($criteria);
             $admin_names = array();
             foreach ($user_cursor as $v) {
                 $admin_names[$v->_id] = $v->name;
             }
             foreach ($ruser_cursor as $v) {
                 $admin_names[(string) $v->_id] = $v->user_name;
             }
             foreach ($rows as $k => $v) {
                 $_id = (string) $v['_id'];
                 if (isset($action_info[$_id])) {
                     $admin_id = (string) $action_info[$_id]['admin_id'];
                     $admin_user = $admin_names[$admin_id];
                     $rows[$k]['action_user'] = $admin_user;
                     $rows[$k]['action_time'] = $action_info[$_id]['action_time'];
                     $rows[$k]['action_log'] = $action_info[$_id]['action_log'];
                 } else {
                     $rows[$k]['action_user'] = '';
                     $rows[$k]['action_time'] = '';
                     $rows[$k]['action_log'] = '';
                 }
             }
         } else {
             foreach ($rows as $k => $v) {
                 $rows[$k]['action_user'] = '';
                 $rows[$k]['action_time'] = '';
                 $rows[$k]['action_log'] = '';
             }
         }
     }
     return $rows;
 }
Example #3
0
 /**
  * Log-in client if successful or terminate api if not authorized
  *
  * @param   string  $scope                     Name of the scope to test against
  * @param   bool    $terminateIfNotAuthorized  Terminate api if client is not authorized
  *
  * @throws Exception
  * @return  bool
  *
  * @since   1.2
  */
 public function isAuthorized($scope, $terminateIfNotAuthorized)
 {
     $authorized = false;
     JFactory::getApplication()->triggerEvent('RApiHalBeforeIsAuthorizedCheck', array($scope, $terminateIfNotAuthorized, $this->options, $this->authorizationCheck, &$authorized));
     if ($authorized) {
         return $authorized;
     }
     // OAuth2 check
     if ($this->authorizationCheck == 'oauth2') {
         /** @var $response OAuth2\Response */
         $response = RApiOauth2Helper::verifyResourceRequest($scope);
         if ($response instanceof OAuth2\Response) {
             if (!$response->isSuccessful() && $terminateIfNotAuthorized) {
                 // OAuth2 Server response is in fact correct output for errors
                 $response->send($this->options->get('format', 'json'));
                 JFactory::getApplication()->close();
             }
         } elseif ($response === false && $terminateIfNotAuthorized) {
             throw new Exception(JText::_('LIB_REDCORE_API_OAUTH2_SERVER_IS_NOT_ACTIVE'));
         } else {
             $response = json_decode($response);
             if (!empty($response->user_id)) {
                 $user = JFactory::getUser($response->user_id);
                 // Load the JUser class on application for this client
                 JFactory::getApplication()->loadIdentity($user);
                 JFactory::getSession()->set('user', $user);
                 return true;
             }
             $authorized = false || !$terminateIfNotAuthorized;
         }
     } elseif ($this->authorizationCheck == 'joomla') {
         // Get username and password from globals
         $credentials = RApiHalHelper::getCredentialsFromGlobals();
         $authorized = RUser::userLogin($credentials) || !$terminateIfNotAuthorized;
     }
     if (!$authorized && $terminateIfNotAuthorized) {
         $customError = $this->triggerFunction('createCustomHttpError', 401, $this->apiErrors);
         $this->setStatusCode(401, $customError);
     }
     return $authorized || !$terminateIfNotAuthorized;
 }