public function signoutAction() { $request_data = $this->jsonRequest(); if (empty($request_data) || !array_key_exists('user', $request_data) && !array_key_exists('client', $request_data)) { $this->renderJson(array('error' => 'User and client are missing'), 404); } $userRepository = new UserRepository($this->app->db); $user = $userRepository->findBy('name', $request_data['user']); if (!$user) { $this->renderJson(array('error' => 'User not found'), 404); } $accessRepository = new AccessRepository($this->app->db); $accessRepository->removeUserClient($user['id'], $request_data['client']); $this->renderJson(array('logout' => 'successful')); }
public function call() { $req = $this->app->request(); $res = $this->app->response(); $access_granted = false; $auth_user = filter_var($req->headers('X-FeedBox-User'), FILTER_SANITIZE_STRING); $auth_pass = filter_var($req->headers('X-FeedBox-Pass'), FILTER_SANITIZE_STRING); $auth_client = filter_var($req->headers('X-FeedBox-Client'), FILTER_SANITIZE_STRING); // find corrensponding user $user = $this->userRepository->findBy('name', $auth_user); if (empty($user)) { $user = $this->checkConfigUser($auth_user, $auth_pass); } if (!empty($auth_pass)) { if (!empty($user) && $auth_client && password_verify($auth_pass, $user['password'])) { $token = md5(uniqid($auth_user . $auth_pass . microtime(), true)); $expire = date('Y-m-d H:i:s', strtotime($this->app->config('login.expire'))); $this->accessRepository->persist(['user_id' => $user['id'], 'client' => $auth_client, 'token' => $token, 'expire' => $expire]); $res['X-FeedBox-Next-Token'] = $token; $access_granted = true; } } else { $token = filter_var($req->headers('X-FeedBox-Token'), FILTER_SANITIZE_STRING); if (!empty($user) && !empty($token)) { $access = $this->accessRepository->findByUserClient($user['id'], $auth_client); if ($access !== false && $access['token'] === $token && strtotime($access['expire']) >= strtotime('now')) { $access_granted = true; } } } if ($access_granted) { $this->app->user = $user; $this->next->call(); } else { $res->status(401); $res->body('{"error": "Access denied."}'); } }