/**
* Determine if the client has authorization to make the request.
*
* @param Restful $controller
*
* @throws ForbiddenException
* @throws UnauthorizedException
* @return bool Returns true if the client has authorization to make the request.
*/
public function isValidRequest(Restful $controller)
{
$signature = $this->getSignature($controller->getApp());
if (empty($signature)) {
throw new UnauthorizedException($controller, 'Unsigned Request', 'No valid authorization signature was provided with the request.');
}
$exploded = explode(':', $signature, 2);
if (count($exploded) !== 2) {
throw new UnauthorizedException($controller, 'Invalid Signature', 'The request contains an invalid authorization signature.');
}
list($username, $password) = $exploded;
$secret = $this->getSecretKey($controller->getApp(), $username);
if ($password !== $secret) {
throw new ForbiddenException($controller, 'Unauthorized Signature', 'The request is not properly signed and has been rejected.');
}
return true;
}
/**
* Determine if the client has authorization to make the request.
*
* @param Restful $controller
*
* @throws \Tacit\Controller\Exception\UnauthorizedException
* @throws \Tacit\Controller\Exception\ResourceConflictException
* @return bool Returns true if the client has authorization to make the request.
*/
public function isValidRequest(Restful $controller)
{
$signature = $this->getSignature($controller->getApp());
if (empty($signature)) {
throw new UnauthorizedException($controller, 'Unsigned Request', 'No valid authorization signature was provided with the request.', ['Signature-HMAC' => $signature]);
}
$exploded = explode(':', $signature, 3);
if (count($exploded) !== 3) {
throw new UnauthorizedException($controller, 'Invalid Signature', 'The request contains an invalid authorization signature.', ['Signature-HMAC' => $signature]);
}
list($timestamp, $clientKey, $rawHash) = $exploded;
$requested = hexdec($timestamp);
$expires = $requested + 60 * 15;
if (time() >= $expires) {
throw new ResourceConflictException($controller, 'Request Outdated', 'The signature indicates this request has expired and is no longer valid.', ['SignatureHMAC' => $signature]);
}
$secret = $this->getSecretKey($controller->getApp(), $clientKey);
$fingerprint = $this->getInput($controller->getApp());
$test = hash_hmac('sha1', $fingerprint, $secret);
if ($test !== $rawHash) {
throw new UnauthorizedException($controller, 'Unauthorized Signature', 'The request is not properly signed and has been rejected.', ['Signature-HMAC' => $signature]);
}
return true;
}
