private function validateRequest($isNew = false) { $app = JFactory::getApplication(); $token = $app->input->getString('token'); $m_id = $app->input->getInt('m_id'); $l = $app->input->getString('l'); //1. check necessary arguments are exist if (is_null($token) || is_null($m_id) || is_null($l)) { $app->enqueueMessage('Either token, m_id (modality), or l (language) are missing', 'error'); throw new Exception('Request is invalid'); } //set language ImcFrontendHelper::setLanguage($app->input->getString('l'), array('com_users', 'com_imc')); //check for nonce (existing token) if (ImcModelTokens::exists($token)) { throw new Exception('Token is already used'); } //2. get the appropriate key according to given modality $result = $this->keyModel->getItem($m_id); $key = $result->skey; if (strlen($key) < 16) { $app->enqueueMessage('Secret key is not 16 characters', 'error'); throw new Exception('Secret key is invalid. Contact administrator'); } else { $this->mcrypt->setKey($key); } //3. decrypt and check token validity $decryptedToken = $this->mcrypt->decrypt($token); $objToken = json_decode($decryptedToken); if (!is_object($objToken)) { throw new Exception('Token is invalid'); } if (!isset($objToken->u) || !isset($objToken->p) || !isset($objToken->t) || !isset($objToken->r)) { throw new Exception('Token is not well formatted'); } //TODO: Set timeout at options if (time() - $objToken->t > 3 * 60) { throw new Exception('Token has expired'); } //4. authenticate user $userid = JUserHelper::getUserId($objToken->u); $user = JFactory::getUser($userid); $userInfo = array(); if ($isNew) { $userInfo['username'] = $objToken->u; $userInfo['password'] = $objToken->p; } else { if ($objToken->u == 'imc-guest' && $objToken->p == 'imc-guest') { $userid = 0; } else { $match = JUserHelper::verifyPassword($objToken->p, $user->password, $userid); if (!$match) { $app->enqueueMessage(JText::_('COM_IMC_API_USERNAME_PASSWORD_NO_MATCH'), 'error'); throw new Exception('Token does not match'); } if ($user->block) { $app->enqueueMessage(JText::_('COM_IMC_API_USER_NOT_ACTIVATED'), 'error'); throw new Exception(JText::_('COM_IMC_API_USER_BLOCKED')); } } } //5. populate token table $record = new stdClass(); $record->key_id = $m_id; $record->user_id = $userid; //$record->json_size = $json_size; $record->method = $app->input->getMethod(); $record->token = $token; $record->unixtime = $objToken->t; ImcModelTokens::insertToken($record); //this static method throws exception on error return $isNew ? $userInfo : (int) $userid; }
private function validateRequest() { return 569; //TODO: REMOVE THIS LINE. ONLY FOR DEBUGGING PURPOSES $app = JFactory::getApplication(); $token = $app->input->getString('token'); $m_id = $app->input->getInt('m_id'); $l = $app->input->getString('l'); //1. check necessary arguments are exist if (is_null($token) || is_null($m_id) || is_null($l)) { $app->enqueueMessage('Either token, m_id (modality), or l (language) are missing', 'error'); throw new Exception('Request is invalid'); } //check for nonce (existing token) if (ImcModelTokens::exists($token)) { throw new Exception('Token is already used'); } //2. get the appropriate key according to given modality $result = $this->keyModel->getItem($m_id); $key = $result->skey; if (strlen($key) < 16) { $app->enqueueMessage('Secret key is not 16 characters', 'error'); throw new Exception('Secret key is invalid. Contact administrator'); } else { $this->mcrypt->setKey($key); } //3. decrypt and check token validity $decryptedToken = $this->mcrypt->decrypt($token); $objToken = json_decode($decryptedToken); if (!is_object($objToken)) { throw new Exception('Token is invalid'); } if (!isset($objToken->u) || !isset($objToken->p) || !isset($objToken->t) || !isset($objToken->r)) { throw new Exception('Token is not well formatted'); } //TODO: Set timeout at options (default is 1 minute) if (time() - $objToken->t > 1 * 60) { throw new Exception('Token has expired'); } //4. authenticate user $userid = JUserHelper::getUserId($objToken->u); $user = JFactory::getUser($userid); $match = JUserHelper::verifyPassword($objToken->p, $user->password, $userid); if (!$match) { $app->enqueueMessage('Either username or password do not match', 'error'); throw new Exception('Token does not match'); } if ($user->block) { $app->enqueueMessage('User is found but probably is not yet activated', 'error'); throw new Exception('Token user is blocked'); } //5. populate token table $record = new stdClass(); $record->key_id = $m_id; $record->user_id = $userid; //$record->json_size = $json_size; $record->method = $app->input->getMethod(); $record->token = $token; $record->unixtime = $objToken->t; ImcModelTokens::insertToken($record); //this static method throws exception on error return $userid; }