/**
* Build authentication headers
*
* @param string $sessionToken Session token of a User
* @param bool $useMasterKey
* @return array
*/
public static function buildHeaders($sessionToken, $useMasterKey)
{
if (is_null($useMasterKey)) {
$useMasterKey = self::$useMasterKey;
}
$h = self::$defaultHeaders;
$h['X-LC-Prod'] = self::$isProduction ? 1 : 0;
$timestamp = time();
$key = $useMasterKey ? self::$appMasterKey : self::$appKey;
$sign = md5($timestamp . $key);
$h['X-LC-Sign'] = $sign . "," . $timestamp;
if ($useMasterKey) {
$h['X-LC-Sign'] .= ",master";
}
if (!$sessionToken) {
$sessionToken = User::getCurrentSessionToken();
}
if ($sessionToken) {
$h['X-LC-Session'] = $sessionToken;
}
return $h;
}
/**
* Dispatch onVerified hook
*
* @param string $type Verify type: email or sms
* @param array $body JSON decoded body params
*/
private function dispatchOnVerified($type, $body)
{
if (!Client::verifyHookSign("__on_verified_{$type}", $body["object"]["__sign"])) {
error_log("Invalid hook sign for onVerified {$type}" . " from {$this->env['REMOTE_ADDR']}");
$this->renderError("Unauthorized.", 401, 401);
}
$userObj = Client::decode($body["object"], null);
User::saveCurrentUser($userObj);
$meta["remoteAddress"] = $this->env["REMOTE_ADDR"];
try {
Cloud::runOnVerified($type, $userObj, $meta);
} catch (FunctionError $err) {
$this->renderError($err->getMessage(), $err->getCode());
}
$this->renderJSON(array("result" => "ok"));
}
/**
* Delete objects in batch
*
* @param array $objects Array of Objects to destroy
*/
public static function destroyAll($objects)
{
$batch = array();
foreach ($objects as $obj) {
if (!$obj->getObjectId()) {
throw new \RuntimeException("Cannot destroy object without ID");
}
// Remove duplicate objects by ID
$batch[$obj->getObjectId()] = $obj;
}
if (empty($batch)) {
return;
}
$requests = array();
$objects = array();
foreach ($batch as $obj) {
$requests[] = array("path" => "/1.1/classes/{$obj->getClassName()}" . "/{$obj->getObjectId()}", "method" => "DELETE");
$objects[] = $obj;
}
$sessionToken = User::getCurrentSessionToken();
$response = Client::batch($requests, $sessionToken);
}
public function testFindUserWithSession()
{
$user = User::logIn("alice", "blabla");
$query = new Query("_User");
// it should not raise: 1 Forbidden to find by class permission.
$query->first();
}
