public function onConstruct()
{
parent::onConstruct();
$config = $this->getDI()->get('config');
$auth = $this->getDI()->get('auth');
switch ($config['security']) {
case true:
$token = $this->getAuthToken();
// check for a valid session
if ($auth->isLoggedIn($token)) {
// get the security service object
$securityService = $this->getDI()->get('securityService');
// run security check
$this->securityCheck($securityService);
} else {
throw new HTTPException('Unauthorized, please authenticate first.', 401, ['dev' => 'Must be authenticated to access.', 'code' => '30945680384502037']);
}
break;
case false:
// if security is off, then create a fake user profile
// todo figure out a way to do this w/o this assumption
// notice the specific requirement to a client application
if ($auth->isLoggedIn('HACKYHACKERSON')) {
// run security check
$this->securityCheck($this->getDI()->get('securityService'));
} else {
throw new HTTPException('Security False is not loading a valid user.', 401, ['dev' => 'The authenticator isn\'t loading a valid user.', 'code' => '23749873490704']);
}
break;
default:
throw new HTTPException('Bad security value supplied', 500, ['code' => '280273409724075']);
break;
}
}
public function __construct($parseQueryString = true)
{
$config = $this->getDI()->get('config');
switch ($config['security']) {
case true:
// try to read in from header first, otherwise attempt to read in from query param
if ($headerToken = $this->request->getHeader('X_AUTHORIZATION')) {
$token = $headerToken;
} elseif ($queryParamToken = $this->request->getQuery('token')) {
$token = $queryParamToken;
} elseif ($postedParamToken = $this->request->getPost('token')) {
$token = $postedParamToken;
unset($_POST['token']);
} else {
$token = '';
}
$token = trim(str_ireplace('Token: ', '', $token));
if (strlen($token) < 30) {
throw new HTTPException('Bad token supplied', 401, ['dev' => 'Supplied Token: ' . $token, 'code' => '0273497957']);
}
// check for a valid session
if ($this->auth->isLoggedIn($token)) {
// get the security service object
$securityService = $this->getDI()->get('securityService');
// run security check
$this->securityCheck($securityService);
parent::__construct($parseQueryString);
} else {
throw new HTTPException('Unauthorized, please authenticate first.', 401, ['dev' => 'Must be authenticated to access.', 'code' => '30945680384502037']);
}
break;
case false:
// if security is off, then create a fake user profile
// todo figure out a way to do this w/o this assumption
// notice the specific requirement to a client application
if ($this->auth->isLoggedIn('HACKYHACKERSON')) {
// get the security service object
$securityService = $this->getDI()->get('securityService');
// run security check
$this->securityCheck($securityService);
parent::__construct($parseQueryString);
} else {
throw new HTTPException('Security False is not loading a valid user.', 401, ['dev' => 'The authenticator isn\'t loading a valid user.', 'code' => '23749873490704']);
}
break;
default:
throw new HTTPException('Bad security value supplied', 500, ['code' => '280273409724075']);
break;
}
}
/**
* extend to hard code the plural controller name
*
* @param string $parseQueryString
*/
public function __construct($parseQueryString = true)
{
$this->pluralName = 'Addresses';
return parent::__construct($parseQueryString);
}
