/**
* Starts a new KS (kaltura Session) based on application authentication token id
*
* @action startSession
* @param string $id application token id
* @param string $tokenHash hashed token, built of sha1 on current KS concatenated with the application token
* @param string $userId session user id, will be ignored if a different user id already defined on the application token
* @param KalturaSessionType $type session type, will be ignored if a different session type already defined on the application token
* @param int $expiry session expiry (in seconds), could be overwritten by shorter expiry of the application token and the session-expiry that defined on the application token
* @param string $privileges session privileges, will be appended to privileges that defined on the application token
* @throws KalturaErrors::APP_TOKEN_ID_NOT_FOUND
* @return KalturaSessionInfo
*/
function startSessionAction($id, $tokenHash, $userId = null, $type = null, $expiry = null)
{
$dbAppToken = AppTokenPeer::retrieveByPK($id);
if (!$dbAppToken) {
throw new KalturaAPIException(KalturaErrors::APP_TOKEN_ID_NOT_FOUND, $id);
}
if ($dbAppToken->getStatus() != AppTokenStatus::ACTIVE) {
throw new KalturaAPIException(KalturaErrors::APP_TOKEN_NOT_ACTIVE, $id);
}
$appTokenHash = sha1(kCurrentContext::$ks . $dbAppToken->getToken());
if ($appTokenHash !== $tokenHash) {
throw new KalturaAPIException(KalturaErrors::INVALID_APP_TOKEN_HASH);
}
KalturaResponseCacher::disableCache();
$tokenExpiry = $dbAppToken->getSessionDuration();
if (!is_null($dbAppToken->getExpiry())) {
$tokenExpiry = min($tokenExpiry, $dbAppToken->getExpiry() - time());
if ($tokenExpiry < 0) {
throw new KalturaAPIException(KalturaErrors::APP_TOKEN_EXPIRED, $id);
}
}
if (!$expiry) {
$expiry = $tokenExpiry;
}
$expiry = min($expiry, $tokenExpiry);
if (!is_null($dbAppToken->getSessionType())) {
$type = $dbAppToken->getSessionType();
}
if (is_null($type)) {
$type = SessionType::USER;
}
if (!is_null($dbAppToken->getSessionUserId())) {
$userId = $dbAppToken->getSessionUserId();
}
$partnerId = kCurrentContext::getCurrentPartnerId();
$partner = PartnerPeer::retrieveByPK($partnerId);
$secret = $type == SessionType::ADMIN ? $partner->getAdminSecret() : $partner->getSecret();
$privilegesArray = array(ks::PRIVILEGE_SESSION_ID => array($id), ks::PRIVILEGE_APP_TOKEN => array($id));
if ($dbAppToken->getSessionPrivileges()) {
$privilegesArray = array_merge_recursive($privilegesArray, ks::parsePrivileges($dbAppToken->getSessionPrivileges()));
}
$privileges = ks::buildPrivileges($privilegesArray);
$ks = kSessionUtils::createKSession($partnerId, $secret, $userId, $expiry, $type, $privileges);
if (!$ks) {
throw new KalturaAPIException(APIErrors::START_SESSION_ERROR, $partnerId);
}
$sessionInfo = new KalturaSessionInfo();
$sessionInfo->ks = $ks->toSecureString();
$sessionInfo->partnerId = $partnerId;
$sessionInfo->userId = $userId;
$sessionInfo->expiry = $ks->valid_until;
$sessionInfo->sessionType = $type;
$sessionInfo->privileges = $privileges;
return $sessionInfo;
}
