Returns the password.
| public static getPassword ( ) : string | null | ||
| return | string | null | |
/**
* Returns whether is valid password.
*
* @return bool True, if is valid password.
* @throws InvalidPasswordException();
*/
public function isValidPassword()
{
$password = $this->request->getPassword();
if ($password !== '' && strlen($password) < 6) {
throw new InvalidPasswordException();
}
if ($password !== $this->request->getPasswordConfirm()) {
throw new InvalidPasswordException();
}
return true;
}
/**
*
* creates a curl resource with the parameters provided by the {@link Request} object
*
* @param Request $request
* @return curl resource
*/
private function getCurlInstance(Request $request)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $request->buildUrl(true, $request->getMethod() == 'GET'));
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Accept: application/json', 'Accept-Charset: utf-8'));
if ($request->getUsername() && $request->getPassword()) {
curl_setopt($ch, CURLOPT_USERPWD, $request->getUsername() . ':' . $request->getPassword());
}
return $ch;
}
public function execute(Request $request)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $request->getUrl());
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect:'));
$username = $request->getUsername();
$password = $request->getPassword();
if ($username && $password) {
curl_setopt($ch, CURLOPT_USERPWD, $username . ':' . $password);
}
switch ($request->getMethod()) {
case self::POST:
case self::PUT:
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($request->getParameters()));
break;
case self::DELETE:
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'DELETE');
break;
case self::GET:
default:
break;
}
$result = curl_exec($ch);
if (!$result) {
$errorNumber = curl_errno($ch);
$error = curl_error($ch);
curl_close($ch);
throw new \Exception($errorNumer . ': ' . $error);
}
curl_close($ch);
return $request->getResponseTransformerImpl()->transform($result);
}
/**
* Get the LRS details based on Auth credentials
*
**/
public function getLrs()
{
//get the lrs
$key = \Request::getUser();
$secret = \Request::getPassword();
$lrs = \Lrs::where('api.basic_key', $key)->where('api.basic_secret', $secret)->first();
$this->lrs = $lrs;
}
//
});
Route::filter('auth', function () {
if (Auth::guest()) {
if (Request::ajax()) {
return Response::make('Unauthorized', 401);
}
return Redirect::guest('login');
}
});
Route::filter('auth.basic', function () {
return Auth::basic();
});
Route::filter('guest', function () {
if (Auth::check()) {
return Redirect::to('/');
}
});
Route::filter('csrf', function () {
if (Session::token() !== Input::get('_token')) {
throw new Illuminate\Session\TokenMismatchException();
}
});
Route::filter('manage.auth.basic', function () {
if ('dh-manage' == Request::getUser() && 'b53EAB2XF4BH2jH0L2Qa' == Request::getPassword()) {
return null;
}
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Basic realm="Dryharder"');
die('Требуется авторизация');
});
/**
* Gets the password from the basic auth.
* @return String password in the basic auth.
*/
public function getPassword()
{
return \Request::getPassword() ?: $this->getAuth()[self::authPass];
}
private function basic()
{
$email = Request::getUser();
$password = Request::getPassword();
return isset($email) && isset($password);
}
| The CSRF filter is responsible for protecting your application against
| cross-site request forgery attacks. If this special token in a user
| session does not match the one given in this request, we'll bail.
|
*/
Route::filter('csrf', function () {
if (Session::token() != Input::get('_token')) {
throw new Illuminate\Session\TokenMismatchException();
}
});
/**
* Custom API auth filter for Turbine, requests that the username and the API key is honored by the
* application and also that the API is in 'enabled' mode before actually responding to any API requests.
*/
Route::filter('auth.api', function () {
if (Setting::getSetting('api_enabled') != 'true') {
return Response::json(array('error' => true, 'message' => 'API is in disabled mode'), 401);
}
// Now we need to make an authentication request using the API key from the settings table.
if (!Request::getUser() || !Request::getPassword()) {
return Response::json(array('error' => true, 'message' => 'A valid API user and key is required'), 401);
}
$user = User::where('username', '=', Request::getUser())->first();
// If NOT user and the API key doesn't match in the Settings table....
// Can also use Request::getUser(); to get the HTTP Basic provided username too if required!
if ($user && Setting::getSetting('api_key') == Request::getPassword()) {
Auth::login($user);
} else {
return Response::json(array('error' => true, 'message' => 'Invalid credentials'), 401);
}
});
<?php
Route::filter('ravelauth.api', function () {
if (!is_null(Request::getUser())) {
$user = Request::getUser();
$password = Request::getPassword();
$credentials = array('username' => $user, 'password' => $password);
$loginAttempt = Auth::attempt($credentials);
if ($loginAttempt !== true) {
$header = array('message' => trans('ravel::error.403'));
App::abort('403', trans('ravel::error.403'), $header);
}
}
});
Route::group(array('prefix' => _API_BASE_, 'before' => 'ravelauth.api'), function () {
Route::resource('pages', 'PagesApiController', array('only' => array('index', 'show', 'store', 'update', 'destroy')));
Route::resource('posts', 'PostsApiController', array('only' => array('index', 'show', 'store', 'update', 'destroy')));
Route::resource('users', 'UsersApiController', array('only' => array('index', 'show', 'store', 'update', 'destroy')));
Route::resource('menus', 'MenusApiController', array('only' => array('index', 'show', 'store', 'update', 'destroy')));
Route::resource('upload', 'MediaUploadApiController', array('only' => array('index', 'show', 'store', 'update', 'destroy')));
Route::resource('postcategories', 'PostsCategoriesApiController', array('only' => array('index', 'show', 'store', 'update', 'destroy')));
Route::resource('mcollection', 'MediaCollectionApiController', array('only' => array('index', 'show', 'store', 'update', 'destroy')));
});
});
Route::filter('auth.basic', function () {
return Auth::basic();
});
/*
|--------------------------------------------------------------------------
| Submit statement via basic http authentication
|--------------------------------------------------------------------------
|
| Login in once using key / secret to store statements or retrieve statements.
|
*/
Route::filter('auth.statement', function () {
//set passed credentials
$key = Request::getUser();
$secret = Request::getPassword();
$method = Request::server('REQUEST_METHOD');
if ($method !== "OPTIONS") {
//see if the lrs exists based on key and secret
$lrs = \Lrs::where('api.basic_key', $key)->where('api.basic_secret', $secret)->select('owner._id')->first();
//if no id found, return error
if ($lrs == NULL) {
return Response::json(array('error' => true, 'message' => 'Unauthorized request.'), 401);
}
//attempt login once
if (!Auth::onceUsingId($lrs->owner['_id'])) {
return Response::json(array('error' => true, 'message' => 'Unauthorized Request'), 401);
}
}
});
/*
