/** * Authenticate an application using a one-time application password. * Creates a token to be used for subsequent requests. * * @param framework\Request $request */ public function runAuthenticate(framework\Request $request) { framework\Logging::log('Authenticating new application password.', 'api', framework\Logging::LEVEL_INFO); $username = trim($request['username']); $password = trim($request['password']); if ($username) { $user = tables\Users::getTable()->getByUsername($username); if ($password && $user instanceof entities\User) { // Generate token from the application password $token = entities\ApplicationPassword::createToken($password); // Crypt, for comparison with db value $hashed_token = entities\User::hashPassword($token, $user->getSalt()); foreach ($user->getApplicationPasswords() as $app_password) { // Only return the token for new application passwords! if (!$app_password->isUsed()) { if ($app_password->getHashPassword() == $hashed_token) { $app_password->useOnce(); $app_password->save(); return $this->renderJSON(array('token' => $token, 'name' => $app_password->getName(), 'created_at' => $app_password->getCreatedAt())); } } } } framework\Logging::log('No password matched.', 'api', framework\Logging::LEVEL_INFO); } $this->getResponse()->setHttpStatus(400); return $this->renderJSON(array('error' => 'Incorrect username or application password')); }