Пример #1
0
 /**
  * Authenticates this user and signs them in, if the API key or session is valid.
  * 
  * @param sfActions $action
  * @throws Exception if validation fails.
  */
 public function authenticate()
 {
     //require SSL, if applicable
     $this->assertSslApiRequest();
     //authenticate via the API key, if provided
     $api_key = $this->getHttpRequestHeader('Authorization', null);
     if (!is_null($api_key)) {
         if (preg_match('/\\s*Basic\\s+(.*?)\\s*$/im', $api_key, $regs)) {
             $api_key = $regs[1];
             $api_user = \ApiUserQuery::create()->filterByApiKey($api_key)->filterByActive(true)->findOne();
             if (!$api_user) {
                 throw new \Exception('Unknown or inactive API user.');
             }
             if (0) {
                 $api_user = new \ApiUser();
             }
             $sf_guard_user = $api_user->getUser()->getsfGuardUser();
             if ($sf_guard_user->getIsActive()) {
                 \sfContext::getInstance()->getUser()->signIn($sf_guard_user, false);
             } else {
                 throw new \Exception('Unknown or inactive API user.');
             }
         } else {
             throw new \Exception('API key format not recognized');
         }
     }
     //try to authenticate via the session, if the api key was not provided
     if (is_null($api_key)) {
         $session_id = $this->getCookie(\sfConfig::get('altumo_api_session_cookie_name', 'my_session_name'), null);
         if (!is_null($session_id)) {
             $session = \SessionPeer::retrieveBySessionKey($session_id);
             if (!$session) {
                 throw new \Exception('Invalid session.');
             }
             $user = $session->getUser();
             if (!$user) {
                 throw new \Exception('Invalid session.');
             }
             if (!$user->hasApiUser()) {
                 throw new \Exception('Invalid session.');
             }
             $api_user = $user->getApiUser();
             if (!$api_user->isActive()) {
                 throw new \Exception('Inactive API user.');
             } else {
                 \sfContext::getInstance()->getUser()->signIn($user->getsfGuardUser(), false);
             }
         } else {
             throw new \Exception('Please provide either a valid session or valid API key.');
         }
     }
     //successful authentication
 }
 /**
  * Gets the Session object associated to the session.
  * 
  * @param mixed $session_key
  * @return Session
  */
 public function getSession()
 {
     $session = SessionPeer::retrieveBySessionKey($this->getSessionKey());
     return $session;
 }