public function handle($data) { $this->validate_request(["user", "request-token", "password"]); // Check to see if request token is valid $request = Token::decode($data->{"request-token"}); $profile = UserBackend::fetch_user_profile($data->{"user"}); if ($request->getType() != TOKEN_REQUEST) { throw new InvalidTokenException("Request token provided is not a valid request token"); } if (!TokenBackend::validate_token($this->clientid, $profile->getUserId(), $request)) { throw new InvalidTokenException("Request token is invalid"); } // Remove used request token TokenBackend::invalidate_token($this->clientid, $request); // Check to see if username matches password $password = $data->{"password"}; if (!UserBackend::validate_user($profile, $password)) { throw new AuthenticationException("Invalid password for user", ["user" => $profile->toExternalForm()]); } // Remove any current login sessions for this user and this client TokenBackend::clear_tokens($this->clientid, $profile->getUserId(), TOKEN_ACCESS); TokenBackend::clear_tokens($this->clientid, $profile->getUserId(), TOKEN_REFRESH); // create the new login session $accessToken = TokenBackend::create_token($this->clientid, $profile->getUserId(), TOKEN_ACCESS, "1 HOUR"); $refreshToken = TokenBackend::create_token($this->clientid, $profile->getUserId(), TOKEN_REFRESH, "1 YEAR"); return ["access-token" => $accessToken->toExternalForm(3600), "refresh-token" => $refreshToken->toExternalForm(false), "profile" => $profile->toExternalForm()]; }
public function execute($body, array $params) { // Decode the request body $this->data = $body == "" ? [] : json_decode($body); // Check a client id was provided if (!array_key_exists(Headers::CLIENT_ID, $_SERVER)) { throw new InvalidClientException(); } // Check the auth details were provided if (!isset($_SERVER[Headers::AUTH_USER]) || !isset($_SERVER[Headers::AUTH_TOKEN])) { throw new AuthorizationException("Must provide authentication"); } // Collect the request details $this->user = UserBackend::fetch_user_profile($_SERVER[Headers::AUTH_USER]); $this->params = $params; $this->method = $_SERVER["REQUEST_METHOD"]; $token = Token::decode($_SERVER[Headers::AUTH_TOKEN]); $this->clientid = Token::decode($_SERVER[Headers::CLIENT_ID]); // If debugging we ignore auth checks if (DEBUG) { return parent::execute($body, $params); } // Validate the access token if ($token->getType() != TOKEN_ACCESS) { throw new AuthorizationException("Token provided is not a access token"); } if (!TokenBackend::validate_token($this->clientid, $this->user->getUserId(), $token)) { throw new InvalidTokenException("Token provided is not a valid access token"); } // Handle the request $payload = $this->handle($this->data); $payload["client-id"] = $this->clientid->toString(); return $payload; }
public function handle($data) { $this->validate_request(["user"]); $profile = UserBackend::fetch_user_profile($data->{"user"}); $token = TokenBackend::create_token($this->clientid, $profile->getUserId(), TOKEN_REQUEST, "1 HOUR"); return ["user" => $profile->toExternalForm(), "request-token" => $token->toExternalForm(3600)]; }
public function handle($data) { $this->validate_request(["assignment", "answers"]); $assignmentId = Token::decode($data->{'assignment'}); $user = UserBackend::fetch_user_profile($this->params['id']); $assignment = AssignmentBackend::fetch_assignment_profile($assignmentId); $answers = AssessmentBackend::fetch_assessment_answers(new AssessmentProfile($assignment['assessment-id'])); $provided = $data->{'answers'}; $scores = []; foreach ($answers as $answer) { /** @var Token $question */ $question = $answer['question-id']; $score = ["question-id" => $question->toString(), "question-number" => $answer['question-number'], "max-score" => 1]; if ($answer['question-type'] == QuestionType::MULTI_CHOICE) { $score['score'] = $this->mark_multichoice_question($answer['answer-value'], $provided->{$question->toString()}); } elseif ($answer['question-type'] == QuestionType::ANSWER) { $score['score'] = $this->mark_answer_question($answer['answer-value'], $provided->{$question->toString()}); } $scores[] = $score; } if (count($scores) != count($answers)) { throw new EndpointExecutionException("An error has occurred whilst executing this endpoint"); } UserBackend::add_assignment_scores($user, $assignmentId, $assignment['assessment-id'], $scores); return ["scores" => $scores]; }
public function handle($data) { $this->validate_request(["group"]); $user = UserBackend::fetch_user_profile($this->params['id']); $group = GroupBackend::fetch_group_profile($data->{"group"}); UserBackend::add_user_group($user, $group); return []; }
public function handle($data) { $this->validate_request(["permission"]); $profile = UserBackend::fetch_user_profile($this->params["id"]); $permission = $data->{"permission"}; UserBackend::set_user_permission($profile, $permission, true); return ["user" => $profile->toExternalForm(), "permission" => $permission]; }
public function handle($data) { $this->validate_request(["setting" => ["key", "value"]]); $profile = UserBackend::fetch_user_profile($this->params["id"]); $setting = $data->{"setting"}; UserBackend::set_user_setting($profile, $setting); return ["user" => $profile->toExternalForm(), "setting" => $setting]; }
public function handle($data) { $this->validate_request(["assignment"]); $user = UserBackend::fetch_user_profile($this->params['id']); $assignment = Token::decode($data->{"assignment"}); $data = UserBackend::add_user_assignment($user, $assignment); return $data; }
public function handle($data) { $profile = UserBackend::fetch_user_profile($this->params['id']); $groups = []; /** @var \meteor\data\profiles\GroupProfile $group */ foreach (UserBackend::fetch_user_groups($profile) as $group) { $groups[] = $group->toExternalForm(); } return ["groups" => $groups]; }
public function handle_get($data) { $profile = UserBackend::fetch_user_profile($this->params["id"]); $data = []; $data["profile"] = $profile->toExternalForm(); $data["settings"] = UserBackend::fetch_user_settings($profile); $data["permissions"] = UserBackend::fetch_user_permissions($profile); $groups = []; /** @var GroupProfile $group */ foreach (UserBackend::fetch_user_groups($profile) as $group) { $groups[] = $group->toExternalForm(); } $data["groups"] = $groups; return $data; }
public function handle($data) { $this->validate_request(["user", "refresh-token"]); $profile = UserBackend::fetch_user_profile($data->{"user"}); $refresh = Token::decode($data->{"refresh-token"}); if (!$refresh->getUserSecret() == $profile->getUserId()->getUserSecret()) { throw new InvalidUserException("User provided and token do not match"); } if (!TokenBackend::validate_token($this->clientid, $profile->getUserId(), $refresh)) { throw new InvalidTokenException("Invalid refresh token or userid provided"); } TokenBackend::clear_tokens($this->clientid, $profile->getUserId(), TOKEN_ACCESS); $access = TokenBackend::create_token($this->clientid, $profile->getUserId(), TOKEN_ACCESS, "1 HOUR"); return ["user-profile" => $profile->toExternalForm(), "access-token" => ["token" => $access->toString(), "expires" => 3600]]; }
private function handlePost($data) { $profile = UserBackend::fetch_user_profile($this->params["id"]); UserBackend::set_user_permission($profile, $this->params["permission"], false); return []; }
private function handleOutstanding($data) { return UserBackend::fetch_user_assignments_outstanding(UserBackend::fetch_user_profile($this->params['id'])); }
public function handle($data) { $profile = UserBackend::fetch_user_profile($this->params["id"]); $settings = UserBackend::fetch_user_settings($profile); return ["settings" => $settings]; }
private function handlePost($data) { $profile = UserBackend::fetch_user_profile($this->params["id"]); UserBackend::delete_user_setting($profile, $this->params["setting"], false); return []; }
public function handle($data) { $user = UserBackend::fetch_user_profile($this->params['id']); $assignment = AssignmentBackend::fetch_assignment_profile(Token::decode($this->params['assignment'])); return UserBackend::fetch_user_scores($user, $assignment); }
public function handle($data) { $profile = UserBackend::fetch_user_profile($this->params["id"]); $permissions = UserBackend::fetch_user_permissions($profile); return ["permissions" => $permissions]; }