Exemple #1
0
 /**
  * Build authentication headers
  *
  * @param string $sessionToken Session token of a User
  * @param bool   $useMasterKey
  * @return array
  */
 public static function buildHeaders($sessionToken, $useMasterKey)
 {
     if (is_null($useMasterKey)) {
         $useMasterKey = self::$useMasterKey;
     }
     $h = self::$defaultHeaders;
     $h['X-LC-Prod'] = self::$isProduction ? 1 : 0;
     $timestamp = time();
     $key = $useMasterKey ? self::$appMasterKey : self::$appKey;
     $sign = md5($timestamp . $key);
     $h['X-LC-Sign'] = $sign . "," . $timestamp;
     if ($useMasterKey) {
         $h['X-LC-Sign'] .= ",master";
     }
     if (!$sessionToken) {
         $sessionToken = User::getCurrentSessionToken();
     }
     if ($sessionToken) {
         $h['X-LC-Session'] = $sessionToken;
     }
     return $h;
 }
Exemple #2
0
 /**
  * Dispatch onVerified hook
  *
  * @param string $type Verify type: email or sms
  * @param array  $body JSON decoded body params
  */
 private function dispatchOnVerified($type, $body)
 {
     if (!Client::verifyHookSign("__on_verified_{$type}", $body["object"]["__sign"])) {
         error_log("Invalid hook sign for onVerified {$type}" . " from {$this->env['REMOTE_ADDR']}");
         $this->renderError("Unauthorized.", 401, 401);
     }
     $userObj = Client::decode($body["object"], null);
     User::saveCurrentUser($userObj);
     $meta["remoteAddress"] = $this->env["REMOTE_ADDR"];
     try {
         Cloud::runOnVerified($type, $userObj, $meta);
     } catch (FunctionError $err) {
         $this->renderError($err->getMessage(), $err->getCode());
     }
     $this->renderJSON(array("result" => "ok"));
 }
Exemple #3
0
 /**
  * Delete objects in batch
  *
  * @param array $objects Array of Objects to destroy
  */
 public static function destroyAll($objects)
 {
     $batch = array();
     foreach ($objects as $obj) {
         if (!$obj->getObjectId()) {
             throw new \RuntimeException("Cannot destroy object without ID");
         }
         // Remove duplicate objects by ID
         $batch[$obj->getObjectId()] = $obj;
     }
     if (empty($batch)) {
         return;
     }
     $requests = array();
     $objects = array();
     foreach ($batch as $obj) {
         $requests[] = array("path" => "/1.1/classes/{$obj->getClassName()}" . "/{$obj->getObjectId()}", "method" => "DELETE");
         $objects[] = $obj;
     }
     $sessionToken = User::getCurrentSessionToken();
     $response = Client::batch($requests, $sessionToken);
 }
Exemple #4
0
 public function testFindUserWithSession()
 {
     $user = User::logIn("alice", "blabla");
     $query = new Query("_User");
     // it should not raise: 1 Forbidden to find by class permission.
     $query->first();
 }