/** * Authenticates this user and signs them in, if the API key or session is valid. * * @param sfActions $action * @throws Exception if validation fails. */ public function authenticate() { //require SSL, if applicable $this->assertSslApiRequest(); //authenticate via the API key, if provided $api_key = $this->getHttpRequestHeader('Authorization', null); if (!is_null($api_key)) { if (preg_match('/\\s*Basic\\s+(.*?)\\s*$/im', $api_key, $regs)) { $api_key = $regs[1]; $api_user = \ApiUserQuery::create()->filterByApiKey($api_key)->filterByActive(true)->findOne(); if (!$api_user) { throw new \Exception('Unknown or inactive API user.'); } if (0) { $api_user = new \ApiUser(); } $sf_guard_user = $api_user->getUser()->getsfGuardUser(); if ($sf_guard_user->getIsActive()) { \sfContext::getInstance()->getUser()->signIn($sf_guard_user, false); } else { throw new \Exception('Unknown or inactive API user.'); } } else { throw new \Exception('API key format not recognized'); } } //try to authenticate via the session, if the api key was not provided if (is_null($api_key)) { $session_id = $this->getCookie(\sfConfig::get('altumo_api_session_cookie_name', 'my_session_name'), null); if (!is_null($session_id)) { $session = \SessionPeer::retrieveBySessionKey($session_id); if (!$session) { throw new \Exception('Invalid session.'); } $user = $session->getUser(); if (!$user) { throw new \Exception('Invalid session.'); } if (!$user->hasApiUser()) { throw new \Exception('Invalid session.'); } $api_user = $user->getApiUser(); if (!$api_user->isActive()) { throw new \Exception('Inactive API user.'); } else { \sfContext::getInstance()->getUser()->signIn($user->getsfGuardUser(), false); } } else { throw new \Exception('Please provide either a valid session or valid API key.'); } } //successful authentication }
/** * Gets the Session object associated to the session. * * @param mixed $session_key * @return Session */ public function getSession() { $session = SessionPeer::retrieveBySessionKey($this->getSessionKey()); return $session; }