Merge origin/ci into ci

Conflicts:
	application/config/rest.php
	application/libraries/FHC_Auth.php
	tests/codeception/api/LoginCept.php
This commit is contained in:
paolo
2016-04-18 09:03:15 +02:00
4 changed files with 1 additions and 657 deletions
-133
View File
@@ -1,133 +0,0 @@
<?php
/**
* Whisperocity
*
* @package Whisperocity
* @author WSP-Team
* @copyright Copyright (c) 2015, Whisperocity
* @license proprietary
* @link http://whisperocity.com/
* @since Version 1.0
* @filesource
* @example curl -H "FHC-API-Key: testapikey@fhcomplete.org" http://localhost/fhcomplete/index.ci.php/api/v1/APIAuth/login?code=aladsfasdf
*/
// ------------------------------------------------------------------------
if (! defined('BASEPATH'))
exit('No direct script access allowed');
// This can be removed if you use __autoload() in config.php OR use Modular Extensions
//require APPPATH . '/libraries/REST_Controller.php';
/**
* Handles user authentication and registration process
*/
class APIAuth extends APIv1_Controller
{
/**
* Userauth-Controller constructor.
* A more elaborate description of the constructor.
* {@inheritdoc}
*/
public function __construct()
{
// Construct the parent class
parent::__construct();
// Configure limits on our controller methods
// Ensure you have created the 'limits' table and enabled 'limits' within application/config/rest.php
$this->methods['login_get']['limit'] = 500; // 500 requests per hour per user/key
// Load helper
//$this->load->helper('fhcauth');
$this->load->library('session');
$this->load->library('FHC_Auth');
}
/**
* Checks user credentials and creates a new session
*
* @example normal account: http://wsp.fortyseeds.at/backend/api/userauth/login/username/foo%40bar.at/password/secret/device_id/abcdef123
* @example OAuth Google: http://wsp.fortyseeds.at/backend/api/userauth/login/username/foo%40bar.at/device_id/abcdef123/google_token/qwert321
* @example OAuth Facebook: http://wsp.fortyseeds.at/backend/api/userauth/login/username/foo%40bar.at/device_id/abcdef123/fb_token/qwert321
* @return void JSON that indicates success/failure of login.
*/
public function login_get()
{
$payload = array();
$errormsg = "";
$httpstatus = null;
$username = urldecode($this->get('username'));
$password = urldecode($this->get('password'));
$account = $this->fhc_auth->auth($username, $password);
// perform login checks
if (!$account)
$errormsg = "Auth not accepted!";
if (empty($errormsg))
{
// generate new session
$this->session->sess_regenerate();
$token = session_id();
$payload = [
'success' => true,
'message' => 'User successfully logged in',
'session_id' => $token
];
$httpstatus = REST_Controller::HTTP_OK;
}
else
{
$payload = [
'success' => false,
'message' => $errormsg
];
$httpstatus = REST_Controller::HTTP_UNAUTHORIZED;
}
// Set the response and exit
$this->response($payload, $httpstatus);
}
/**
* Logs out user by destroying session
*
* @example http://wsp.fortyseeds.at/backend/api/userauth/logout/username/foo%40bar.at/session_id/55afab8ba6f1b/device_id/abcdef123
* @return void JSON that indicates success/failure of logout
*/
public function logout_get()
{
$payload = array();
$httpstatus = null;
$token = $this->get('session_id');
$username = urldecode($this->get('username'));
$deviceid = $this->get('device_id');
$account = $this->user_model->load($username);
// destroy session
if ($this->session_model->destroy($account, $token, $deviceid))
{
$payload = [
'success' => true,
'message' => 'user successfully logged out'
];
$httpstatus = REST_Controller::HTTP_OK;
}
else
{
$payload = [
'success' => false,
'message' => 'user could not be logged out'
];
$httpstatus = REST_Controller::HTTP_BAD_REQUEST;
}
// Set the response and exit
$this->response($payload, $httpstatus);
}
}
-316
View File
@@ -1,316 +0,0 @@
<?php
if (! defined('BASEPATH'))
exit('No direct script access allowed');
// This can be removed if you use __autoload() in config.php OR use Modular Extensions
require APPPATH.'/libraries/REST_Controller.php';
/**
* Keys Controller
* This is a basic Key Management REST controller to make and delete keys
*
* @package CodeIgniter
* @subpackage Rest Server
* @category Controller
* @author Phil Sturgeon, Chris Kacerguis
* @license MIT
* @link https://github.com/chriskacerguis/codeigniter-restserver
*/
class APIKey extends REST_Controller
{
protected $methods = [
'index_put' => ['level' => 10, 'limit' => 10],
'index_delete' => ['level' => 10],
'level_post' => ['level' => 10],
'regenerate_post' => ['level' => 10],
];
/**
* Insert a key into the database
*
* @access public
* @return void
*/
public function index_put()
{
// Build a new key
$key = $this->__generateKey();
// If no key level provided, provide a generic key
$level = $this->put('level') ? $this->put('level') : 1;
$ignore_limits = ctype_digit($this->put('ignore_limits')) ? (int)$this->put('ignore_limits') : 1;
// Insert the new key
if ($this->_insert_key($key, ['level' => $level, 'ignore_limits' => $ignore_limits]))
{
$this->response([
'status' => true,
'key' => $key
], REST_Controller::HTTP_CREATED); // CREATED (201) being the HTTP response code
}
else
{
$this->response([
'status' => false,
'message' => 'Could not save the key'
], REST_Controller::HTTP_INTERNAL_SERVER_ERROR); // INTERNAL_SERVER_ERROR (500) being the HTTP response code
}
}
/**
* Remove a key from the database to stop it working
*
* @access public
* @return void
*/
public function index_delete()
{
$key = $this->delete('key');
// Does this key exist?
if (!$this->_key_exists($key))
{
// It doesn't appear the key exists
$this->response([
'status' => false,
'message' => 'Invalid API key'
], REST_Controller::HTTP_BAD_REQUEST); // BAD_REQUEST (400) being the HTTP response code
}
// Destroy it
$this->_delete_key($key);
// Respond that the key was destroyed
$this->response([
'status' => true,
'message' => 'API key was deleted'
], REST_Controller::HTTP_NO_CONTENT); // NO_CONTENT (204) being the HTTP response code
}
/**
* Change the level
*
* @access public
* @return void
*/
public function level_post()
{
$key = $this->post('key');
$new_level = $this->post('level');
// Does this key exist?
if (!$this->_key_exists($key))
{
// It doesn't appear the key exists
$this->response([
'status' => false,
'message' => 'Invalid API key'
], REST_Controller::HTTP_BAD_REQUEST); // BAD_REQUEST (400) being the HTTP response code
}
// Update the key level
if ($this->_update_key($key, ['level' => $new_level]))
{
$this->response([
'status' => true,
'message' => 'API key was updated'
], REST_Controller::HTTP_OK); // OK (200) being the HTTP response code
}
else
{
$this->response([
'status' => false,
'message' => 'Could not update the key level'
], REST_Controller::HTTP_INTERNAL_SERVER_ERROR); // INTERNAL_SERVER_ERROR (500) being the HTTP response code
}
}
/**
* Suspend a key
*
* @access public
* @return void
*/
public function suspend_post()
{
$key = $this->post('key');
// Does this key exist?
if (!$this->_key_exists($key))
{
// It doesn't appear the key exists
$this->response([
'status' => false,
'message' => 'Invalid API key'
], REST_Controller::HTTP_BAD_REQUEST); // BAD_REQUEST (400) being the HTTP response code
}
// Update the key level
if ($this->_update_key($key, ['level' => 0]))
{
$this->response([
'status' => true,
'message' => 'Key was suspended'
], REST_Controller::HTTP_OK); // OK (200) being the HTTP response code
}
else
{
$this->response([
'status' => false,
'message' => 'Could not suspend the user'
], REST_Controller::HTTP_INTERNAL_SERVER_ERROR); // INTERNAL_SERVER_ERROR (500) being the HTTP response code
}
}
/**
* Regenerate a key
*
* @access public
* @return void
*/
public function regenerate_post()
{
$old_key = $this->post('key');
$key_details = $this->__getKey($old_key);
// Does this key exist?
if (!$key_details)
{
// It doesn't appear the key exists
$this->response([
'status' => false,
'message' => 'Invalid API key'
], REST_Controller::HTTP_BAD_REQUEST); // BAD_REQUEST (400) being the HTTP response code
}
// Build a new key
$new_key = $this->__generateKey();
// Insert the new key
if ($this->_insert_key($new_key, ['level' => $key_details->level, 'ignore_limits' => $key_details->ignore_limits]))
{
// Suspend old key
$this->_update_key($old_key, ['level' => 0]);
$this->response([
'status' => true,
'key' => $new_key
], REST_Controller::HTTP_CREATED); // CREATED (201) being the HTTP response code
}
else
{
$this->response([
'status' => false,
'message' => 'Could not save the key'
], REST_Controller::HTTP_INTERNAL_SERVER_ERROR); // INTERNAL_SERVER_ERROR (500) being the HTTP response code
}
}
/* Helper Methods */
/**
* Generate a key
*
* @access private
* @return void
*/
private function __generateKey()
{
do
{
// Generate a random salt
$salt = base_convert(bin2hex($this->security->get_random_bytes(64)), 16, 36);
// If an error occurred, then fall back to the previous method
if ($salt === false)
{
$salt = hash('sha256', time().mt_rand());
}
$new_key = substr($salt, 0, config_item('rest_key_length'));
}
while ($this->_key_exists($new_key));
return $new_key;
}
/* Private Data Methods */
/**
* Get a key
*
* @access private
* @param string $key The API-Key.
* @return array
*/
private function __getKey($key)
{
return $this->db
->where(config_item('rest_key_column'), $key)
->get(config_item('rest_keys_table'))
->row();
}
/**
* Check if key exists
*
* @access private
* @param string $key The API-Key.
* @return bool
*/
private function _key_exists($key)
{
return $this->db
->where(config_item('rest_key_column'), $key)
->count_all_results(config_item('rest_keys_table')) > 0;
}
/**
* Insert a key
*
* @access private
* @param string $key The API-Key.
* @param array $data The API-Key-Data.
* @return bool
*/
private function _insert_key($key, $data)
{
$data[config_item('rest_key_column')] = $key;
$data['date_created'] = function_exists('now') ? now() : time();
return $this->db
->set($data)
->insert(config_item('rest_keys_table'));
}
/**
* Update a key
*
* @access private
* @param string $key The API-Key.
* @param array $data The API-Key-Data.
* @return bool
*/
private function _update_key($key, $data)
{
return $this->db
->where(config_item('rest_key_column'), $key)
->update(config_item('rest_keys_table'), $data);
}
/**
* Delete a key
*
* @access private
* @param string $key The API-Key.
* @return bool
*/
private function _delete_key($key)
{
return $this->db
->where(config_item('rest_key_column'), $key)
->delete(config_item('rest_keys_table'));
}
}
-207
View File
@@ -1,207 +0,0 @@
<?php
/**
* FH-Complete
*
* @package FHC-API
* @author FHC-Team
* @copyright Copyright (c) 2016, fhcomplete.org
* @license GPLv3
* @link http://fhcomplete.org
* @since Version 1.0
* @filesource
*/
// ------------------------------------------------------------------------
defined('BASEPATH') || exit('No direct script access allowed');
class Person extends APIv1_Controller
{
//public $session;
/**
* Person API constructor.
*/
public function __construct()
{
parent::__construct();
$this->load->model('person/person_model');
}
public function person_get()
{
//if (!$this->session_model->validate($this->get('session_id'), $this->get('device_id')))
// $this->response(array(['success' => false, 'message' => 'access denied']), REST_Controller::HTTP_UNAUTHORIZED);
$code = $this->get('code');
$email = $this->get('email');
$person_id = $this->get('person_id');
if ((!is_null($code)) && (!is_null($email)))
{
$result = $this->person_model->getPersonByCodeAndEmail($code, $email);
}
elseif (! is_null($code))
{
$result = $this->person_model->getPersonByCode($code, $email);
}
elseif (!is_null($person_id))
{
$result = $this->person_model->getPerson($person_id);
}
else
{
$result = $this->person_model->getPerson();
}
if (empty($result))
{
$payload = [
'success' => false,
'message' => 'Person not found'
];
$httpstatus = REST_Controller::HTTP_OK;
}
else
{
// return all available persons
$payload = [
'success' => true,
'message' => 'Persons found'
];
$payload['data'] = $result;
$httpstatus = REST_Controller::HTTP_OK;
}
// Set the response and exit
$this->response($payload, $httpstatus);
}
public function personFromCode_post()
{
$code = $this->post('code');
$email = $this->post('email');
$person_id = $this->post('person_id');
if ((!is_null($code)) && (!is_null($email)))
{
$result = $this->person_model->getPersonByCodeAndEmail($code, $email);
}
elseif (!is_null($person_id))
{
$result = $this->person_model->getPerson($person_id);
}
else
{
$result = $this->person_model->getPerson();
}
if (empty($result))
{
$payload = [
'success' => false,
'message' => 'Person not found'
];
$httpstatus = REST_Controller::HTTP_OK;
}
else
{
// return all available persons
$payload = [
'success' => true,
'message' => 'Persons found'
];
$payload['data'] = $result;
$httpstatus = REST_Controller::HTTP_OK;
}
// Set the response and exit
$this->response($payload, $httpstatus);
}
public function person_post()
{
$result = $this->person_model->savePerson($this->post());
if($result != FALSE)
{
$httpstatus = REST_Controller::HTTP_OK;
$payload = [
'success' => true,
'message' => 'Person saved.'
];
$payload['data'] = $result;
}
else
{
$payload = [
'success' => false,
'message' => 'Could not save person.'
];
$httpstatus = REST_Controller::HTTP_OK;
}
$this->response($payload, $httpstatus);
}
public function personUpdate_post()
{
$result = $this->person_model->updatePerson($this->post());
if($result != FALSE)
{
$httpstatus = REST_Controller::HTTP_OK;
$payload = [
'success' => true,
'message' => 'Person updated.'
];
$payload['data'] = $result;
}
else
{
$payload = [
'success' => false,
'message' => 'Could not update person.'
];
$httpstatus = REST_Controller::HTTP_OK;
}
//
$this->response($payload, $httpstatus);
}
public function checkBewerbung_get()
{
$result = $this->person_model->checkBewerbung($this->get("email"),$this->get("studiensemester_kurzbz"));
$httpstatus = REST_Controller::HTTP_OK;
$payload = [
'success' => true,
'message' => 'Bewerbung exists.'
];
$payload['data'] = $result;
$this->response($payload, $httpstatus);
}
public function checkZugangscodePerson_get()
{
$result = $this->person_model->checkZugangscodePerson($this->get("code"));
$httpstatus = REST_Controller::HTTP_OK;
if(!empty($result))
{
$payload = [
'success' => true,
'message' => 'Zugangscode exists.'
];
$payload['data'] = $result;
}
else
{
$payload = [
'success' => false,
'message' => 'Zugangscode does not exist.'
];
$httpstatus = REST_Controller::HTTP_OK;
}
$this->response($payload, $httpstatus);
}
}
+1 -1
View File
@@ -35,7 +35,7 @@ class FHC_Auth
* @param string $password
* @return bool
*/
function basicAuthentication($username, $password)
public function basicAuthentication($username, $password)
{
$auth = new authentication();
if($auth->checkpassword($username, $password))