/** * Returns details about currently logged session, if any * @return array */ public function action_current() { $user_type = \Input::param('user_type') ?: 'Admin\\Model_User'; $scope = \Input::param('scope') ?: 'api'; if (\CMF\Auth::logged_in(null, $user_type)) { // Find the logged in user and get an API key for it $user = \CMF\Auth::current_user(); $key = $this->getKey($user, $user_type, $scope); $user_data = $user->toArray(); unset($user_data['encrypted_password']); return array('user' => $user_data, 'api_key' => $key->toArray()); } throw new \HttpException('No valid session was found', \HttpException::NOT_FOUND); }
public function authorise() { // If there's a valid session already, allow access $user_type = \Input::param('user_type') ?: 'Admin\\Model_User'; if (\CMF\Auth::logged_in(null, $user_type)) { return; } $auth = explode(' ', \Input::headers('Authorization', ' ')); $sent_key = \Arr::get($auth, 1); // Try and find a valid key $key = \CMF\Model\User\Apikey::select('item')->where('item.access_token = :key')->andWhere('item.expires_at > :now')->setParameter('key', $sent_key)->setParameter('now', new \DateTime())->getQuery()->getResult(); // Check the scope of the key, if one was found if (count($key)) { $key = $key[0]; if ($key->scope == 'api') { return; } } throw new \HttpException('Login Required', \HttpException::UNAUTHORIZED); }