Esempio n. 1
0
 public function __construct(Restful $controller, $message = null, $description = null, $property = null, $previous = null)
 {
     $code = (int) "{$this->status}0";
     if (null === $message) {
         $message = $this->message;
     }
     parent::__construct($message, $code, $previous);
     if (null !== $property) {
         $this->property = $property;
     }
     if (null !== $description) {
         $this->description = $description;
     }
     $controller->respondWithError($this);
 }
Esempio n. 2
0
 /**
  * Determine if the client has authorization to make the request.
  *
  * @param Restful $controller
  *
  * @throws ForbiddenException
  * @throws UnauthorizedException
  * @return bool Returns true if the client has authorization to make the request.
  */
 public function isValidRequest(Restful $controller)
 {
     $signature = $this->getSignature($controller->getApp());
     if (empty($signature)) {
         throw new UnauthorizedException($controller, 'Unsigned Request', 'No valid authorization signature was provided with the request.');
     }
     $exploded = explode(':', $signature, 2);
     if (count($exploded) !== 2) {
         throw new UnauthorizedException($controller, 'Invalid Signature', 'The request contains an invalid authorization signature.');
     }
     list($username, $password) = $exploded;
     $secret = $this->getSecretKey($controller->getApp(), $username);
     if ($password !== $secret) {
         throw new ForbiddenException($controller, 'Unauthorized Signature', 'The request is not properly signed and has been rejected.');
     }
     return true;
 }
Esempio n. 3
0
 /**
  * Determine if the client has authorization to make the request.
  *
  * @param Restful $controller
  *
  * @throws \Tacit\Controller\Exception\UnauthorizedException
  * @throws \Tacit\Controller\Exception\ResourceConflictException
  * @return bool Returns true if the client has authorization to make the request.
  */
 public function isValidRequest(Restful $controller)
 {
     $signature = $this->getSignature($controller->getApp());
     if (empty($signature)) {
         throw new UnauthorizedException($controller, 'Unsigned Request', 'No valid authorization signature was provided with the request.', ['Signature-HMAC' => $signature]);
     }
     $exploded = explode(':', $signature, 3);
     if (count($exploded) !== 3) {
         throw new UnauthorizedException($controller, 'Invalid Signature', 'The request contains an invalid authorization signature.', ['Signature-HMAC' => $signature]);
     }
     list($timestamp, $clientKey, $rawHash) = $exploded;
     $requested = hexdec($timestamp);
     $expires = $requested + 60 * 15;
     if (time() >= $expires) {
         throw new ResourceConflictException($controller, 'Request Outdated', 'The signature indicates this request has expired and is no longer valid.', ['SignatureHMAC' => $signature]);
     }
     $secret = $this->getSecretKey($controller->getApp(), $clientKey);
     $fingerprint = $this->getInput($controller->getApp());
     $test = hash_hmac('sha1', $fingerprint, $secret);
     if ($test !== $rawHash) {
         throw new UnauthorizedException($controller, 'Unauthorized Signature', 'The request is not properly signed and has been rejected.', ['Signature-HMAC' => $signature]);
     }
     return true;
 }