function __construct() { parent::__construct(); if (Session::authenticate() == 0) { header('Location: ' . URL . '/login'); exit; } }
/** * @test */ public function shouldBeAbleToAuthenticateSession() { // given $username = '******'; $password = '******'; $this->createUser($username, $password); $login = new Session(); $login->signIn(array('username' => $username, 'password' => md5($password))); $key = $login->getKey(); // when $auth = new Session(); $session = $auth->authenticate($key); // then $this->assertNotNull($session); }
if (!Session::isAuthenticated() || !$app->request->isAjax()) { die; } $req = $app->request; $res = $app->response; if (!$req->post('user') || !$req->post('pass')) { return json($res, array('error' => true, 'message' => 'You must supply a username and password.'), 403); } $credentials = json_decode(file_get_contents('../../credentials.json'), true); if (!array_key_exists('user', $credentials) || !array_key_exists('pass', $credentials)) { return json($res, array('error' => true, 'message' => 'Credentials file incorrectly formatted.'), 403); } if ($req->post('user') !== $credentials['user'] || $req->post('pass') !== $credentials['pass']) { return json($res, array('error' => true, 'message' => 'Username or password incorrect.'), 401); } Session::authenticate(); return json($res, array('success' => true)); }); $app->get('/logout/', function () use($app) { auth($app); Session::clear(); $app->redirect(createUrl('/')); }); $app->get('/save/', function () { if (!Session::isAuthenticated() || !$app->request->isAjax()) { die; } $req = $app->request(); $currentList = json_decode(file_get_contents('../bloglist.json'), true); if (array_key_exists('title', $req->post())) { $currentList['title'] = $req->post('title');
} // Authentification phpCAS::forceAuthentication(); // Initialisation de la session, avec blocage de l'initialisation de la // session php ainsi que des tests de timeout et update de logs, // car l'authentification CAS n'est pas encore validée côté Gepi ! $session_gepi = new Session(true); } else { $session_gepi = new Session(); } # L'instance de Session permettant de gérer directement les authentifications # SSO, on ne s'embête pas : $auth = $session_gepi->authenticate(); if ($auth == "1") { # Authentification réussie session_write_close(); header("Location:accueil.php"); die(); } else { # Echec d'authentification. session_write_close(); header("Location:login_failure.php?error=".$auth."&mode=sso"); die(); } ?>