/**
* N.B.: if the user passed as input is a supporter, the method prefix '1'
* to the token, making it 41-character long, rather than 40
*
* @param PcApiApp $apiApp
* @param int $userId
* @return string
*/
public static function createToken(PcApiApp $apiApp, $userId)
{
$apiAppId = $apiApp->getId();
// if there is already a token entry for the application and the user, we delete it
$c = new Criteria();
$c->add(PcApiTokenPeer::API_APP_ID, $apiAppId);
$c->add(PcApiTokenPeer::USER_ID, $userId);
PcApiTokenPeer::doDelete($c);
$apiTokenEntry = new PcApiToken();
$tokenPrefix = PcUserPeer::retrieveByPK($userId)->isSupporter() ? '1' : '';
// we want to be extra-sure the token is unique
$token = '';
$safetyCounter = 0;
// to avoid infinite loop under any circumstances
do {
$token = $tokenPrefix . PcUtils::generate40CharacterRandomHash();
$c = new Criteria();
$c->add(PcApiTokenPeer::TOKEN, $token);
$alreadyExisting = PcApiTokenPeer::doSelectOne($c);
$safetyCounter++;
if ($safetyCounter == 100) {
throw new Exception("Detected possible infinite loop while creating API token");
}
} while (is_object($alreadyExisting));
$apiTokenEntry->setToken($token)->setApiAppId($apiAppId)->setUserId($userId)->setExpiryTimestamp(time() + sfConfig::get('app_api_tokenValidity') * 3600)->save();
return $token;
}
/**
*
* @param string $token
* @return boolean - whether the token is valid or not
*/
private function isTokenValid($token)
{
if ($this->methodName == 'getToken') {
return true;
}
$c = new Criteria();
$c->add(PcApiTokenPeer::TOKEN, $token);
$apiTokenEntry = PcApiTokenPeer::doSelectOne($c);
if (!is_object($apiTokenEntry)) {
return false;
}
if ($apiTokenEntry->getExpiryTimestamp() < time() || $apiTokenEntry == null || $apiTokenEntry->getUserId() <= 0) {
return false;
}
return true;
}