mirror of
https://github.com/FH-Complete/FHC-Core.git
synced 2026-07-16 22:42:16 +00:00
Merge origin/ci into ci
Conflicts: application/config/rest.php application/libraries/FHC_Auth.php tests/codeception/api/LoginCept.php
This commit is contained in:
@@ -1,133 +0,0 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* Whisperocity
|
||||
*
|
||||
* @package Whisperocity
|
||||
* @author WSP-Team
|
||||
* @copyright Copyright (c) 2015, Whisperocity
|
||||
* @license proprietary
|
||||
* @link http://whisperocity.com/
|
||||
* @since Version 1.0
|
||||
* @filesource
|
||||
* @example curl -H "FHC-API-Key: testapikey@fhcomplete.org" http://localhost/fhcomplete/index.ci.php/api/v1/APIAuth/login?code=aladsfasdf
|
||||
*/
|
||||
|
||||
// ------------------------------------------------------------------------
|
||||
|
||||
if (! defined('BASEPATH'))
|
||||
exit('No direct script access allowed');
|
||||
|
||||
// This can be removed if you use __autoload() in config.php OR use Modular Extensions
|
||||
//require APPPATH . '/libraries/REST_Controller.php';
|
||||
|
||||
/**
|
||||
* Handles user authentication and registration process
|
||||
*/
|
||||
class APIAuth extends APIv1_Controller
|
||||
{
|
||||
/**
|
||||
* Userauth-Controller constructor.
|
||||
* A more elaborate description of the constructor.
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function __construct()
|
||||
{
|
||||
// Construct the parent class
|
||||
parent::__construct();
|
||||
|
||||
// Configure limits on our controller methods
|
||||
// Ensure you have created the 'limits' table and enabled 'limits' within application/config/rest.php
|
||||
$this->methods['login_get']['limit'] = 500; // 500 requests per hour per user/key
|
||||
|
||||
// Load helper
|
||||
//$this->load->helper('fhcauth');
|
||||
$this->load->library('session');
|
||||
$this->load->library('FHC_Auth');
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks user credentials and creates a new session
|
||||
*
|
||||
* @example normal account: http://wsp.fortyseeds.at/backend/api/userauth/login/username/foo%40bar.at/password/secret/device_id/abcdef123
|
||||
* @example OAuth Google: http://wsp.fortyseeds.at/backend/api/userauth/login/username/foo%40bar.at/device_id/abcdef123/google_token/qwert321
|
||||
* @example OAuth Facebook: http://wsp.fortyseeds.at/backend/api/userauth/login/username/foo%40bar.at/device_id/abcdef123/fb_token/qwert321
|
||||
* @return void JSON that indicates success/failure of login.
|
||||
*/
|
||||
public function login_get()
|
||||
{
|
||||
$payload = array();
|
||||
$errormsg = "";
|
||||
$httpstatus = null;
|
||||
$username = urldecode($this->get('username'));
|
||||
$password = urldecode($this->get('password'));
|
||||
|
||||
$account = $this->fhc_auth->auth($username, $password);
|
||||
|
||||
// perform login checks
|
||||
if (!$account)
|
||||
$errormsg = "Auth not accepted!";
|
||||
|
||||
if (empty($errormsg))
|
||||
{
|
||||
// generate new session
|
||||
$this->session->sess_regenerate();
|
||||
$token = session_id();
|
||||
|
||||
$payload = [
|
||||
'success' => true,
|
||||
'message' => 'User successfully logged in',
|
||||
'session_id' => $token
|
||||
];
|
||||
$httpstatus = REST_Controller::HTTP_OK;
|
||||
}
|
||||
else
|
||||
{
|
||||
$payload = [
|
||||
'success' => false,
|
||||
'message' => $errormsg
|
||||
];
|
||||
$httpstatus = REST_Controller::HTTP_UNAUTHORIZED;
|
||||
}
|
||||
|
||||
// Set the response and exit
|
||||
$this->response($payload, $httpstatus);
|
||||
}
|
||||
|
||||
/**
|
||||
* Logs out user by destroying session
|
||||
*
|
||||
* @example http://wsp.fortyseeds.at/backend/api/userauth/logout/username/foo%40bar.at/session_id/55afab8ba6f1b/device_id/abcdef123
|
||||
* @return void JSON that indicates success/failure of logout
|
||||
*/
|
||||
public function logout_get()
|
||||
{
|
||||
$payload = array();
|
||||
$httpstatus = null;
|
||||
$token = $this->get('session_id');
|
||||
$username = urldecode($this->get('username'));
|
||||
$deviceid = $this->get('device_id');
|
||||
$account = $this->user_model->load($username);
|
||||
|
||||
// destroy session
|
||||
if ($this->session_model->destroy($account, $token, $deviceid))
|
||||
{
|
||||
$payload = [
|
||||
'success' => true,
|
||||
'message' => 'user successfully logged out'
|
||||
];
|
||||
$httpstatus = REST_Controller::HTTP_OK;
|
||||
}
|
||||
else
|
||||
{
|
||||
$payload = [
|
||||
'success' => false,
|
||||
'message' => 'user could not be logged out'
|
||||
];
|
||||
$httpstatus = REST_Controller::HTTP_BAD_REQUEST;
|
||||
}
|
||||
|
||||
// Set the response and exit
|
||||
$this->response($payload, $httpstatus);
|
||||
}
|
||||
}
|
||||
@@ -1,316 +0,0 @@
|
||||
<?php
|
||||
|
||||
if (! defined('BASEPATH'))
|
||||
exit('No direct script access allowed');
|
||||
|
||||
// This can be removed if you use __autoload() in config.php OR use Modular Extensions
|
||||
require APPPATH.'/libraries/REST_Controller.php';
|
||||
|
||||
/**
|
||||
* Keys Controller
|
||||
* This is a basic Key Management REST controller to make and delete keys
|
||||
*
|
||||
* @package CodeIgniter
|
||||
* @subpackage Rest Server
|
||||
* @category Controller
|
||||
* @author Phil Sturgeon, Chris Kacerguis
|
||||
* @license MIT
|
||||
* @link https://github.com/chriskacerguis/codeigniter-restserver
|
||||
*/
|
||||
class APIKey extends REST_Controller
|
||||
{
|
||||
protected $methods = [
|
||||
'index_put' => ['level' => 10, 'limit' => 10],
|
||||
'index_delete' => ['level' => 10],
|
||||
'level_post' => ['level' => 10],
|
||||
'regenerate_post' => ['level' => 10],
|
||||
];
|
||||
|
||||
/**
|
||||
* Insert a key into the database
|
||||
*
|
||||
* @access public
|
||||
* @return void
|
||||
*/
|
||||
public function index_put()
|
||||
{
|
||||
// Build a new key
|
||||
$key = $this->__generateKey();
|
||||
|
||||
// If no key level provided, provide a generic key
|
||||
$level = $this->put('level') ? $this->put('level') : 1;
|
||||
$ignore_limits = ctype_digit($this->put('ignore_limits')) ? (int)$this->put('ignore_limits') : 1;
|
||||
|
||||
// Insert the new key
|
||||
if ($this->_insert_key($key, ['level' => $level, 'ignore_limits' => $ignore_limits]))
|
||||
{
|
||||
$this->response([
|
||||
'status' => true,
|
||||
'key' => $key
|
||||
], REST_Controller::HTTP_CREATED); // CREATED (201) being the HTTP response code
|
||||
}
|
||||
else
|
||||
{
|
||||
$this->response([
|
||||
'status' => false,
|
||||
'message' => 'Could not save the key'
|
||||
], REST_Controller::HTTP_INTERNAL_SERVER_ERROR); // INTERNAL_SERVER_ERROR (500) being the HTTP response code
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Remove a key from the database to stop it working
|
||||
*
|
||||
* @access public
|
||||
* @return void
|
||||
*/
|
||||
public function index_delete()
|
||||
{
|
||||
$key = $this->delete('key');
|
||||
|
||||
// Does this key exist?
|
||||
if (!$this->_key_exists($key))
|
||||
{
|
||||
// It doesn't appear the key exists
|
||||
$this->response([
|
||||
'status' => false,
|
||||
'message' => 'Invalid API key'
|
||||
], REST_Controller::HTTP_BAD_REQUEST); // BAD_REQUEST (400) being the HTTP response code
|
||||
}
|
||||
|
||||
// Destroy it
|
||||
$this->_delete_key($key);
|
||||
|
||||
// Respond that the key was destroyed
|
||||
$this->response([
|
||||
'status' => true,
|
||||
'message' => 'API key was deleted'
|
||||
], REST_Controller::HTTP_NO_CONTENT); // NO_CONTENT (204) being the HTTP response code
|
||||
}
|
||||
|
||||
/**
|
||||
* Change the level
|
||||
*
|
||||
* @access public
|
||||
* @return void
|
||||
*/
|
||||
public function level_post()
|
||||
{
|
||||
$key = $this->post('key');
|
||||
$new_level = $this->post('level');
|
||||
|
||||
// Does this key exist?
|
||||
if (!$this->_key_exists($key))
|
||||
{
|
||||
// It doesn't appear the key exists
|
||||
$this->response([
|
||||
'status' => false,
|
||||
'message' => 'Invalid API key'
|
||||
], REST_Controller::HTTP_BAD_REQUEST); // BAD_REQUEST (400) being the HTTP response code
|
||||
}
|
||||
|
||||
// Update the key level
|
||||
if ($this->_update_key($key, ['level' => $new_level]))
|
||||
{
|
||||
$this->response([
|
||||
'status' => true,
|
||||
'message' => 'API key was updated'
|
||||
], REST_Controller::HTTP_OK); // OK (200) being the HTTP response code
|
||||
}
|
||||
else
|
||||
{
|
||||
$this->response([
|
||||
'status' => false,
|
||||
'message' => 'Could not update the key level'
|
||||
], REST_Controller::HTTP_INTERNAL_SERVER_ERROR); // INTERNAL_SERVER_ERROR (500) being the HTTP response code
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Suspend a key
|
||||
*
|
||||
* @access public
|
||||
* @return void
|
||||
*/
|
||||
public function suspend_post()
|
||||
{
|
||||
$key = $this->post('key');
|
||||
|
||||
// Does this key exist?
|
||||
if (!$this->_key_exists($key))
|
||||
{
|
||||
// It doesn't appear the key exists
|
||||
$this->response([
|
||||
'status' => false,
|
||||
'message' => 'Invalid API key'
|
||||
], REST_Controller::HTTP_BAD_REQUEST); // BAD_REQUEST (400) being the HTTP response code
|
||||
}
|
||||
|
||||
// Update the key level
|
||||
if ($this->_update_key($key, ['level' => 0]))
|
||||
{
|
||||
$this->response([
|
||||
'status' => true,
|
||||
'message' => 'Key was suspended'
|
||||
], REST_Controller::HTTP_OK); // OK (200) being the HTTP response code
|
||||
}
|
||||
else
|
||||
{
|
||||
$this->response([
|
||||
'status' => false,
|
||||
'message' => 'Could not suspend the user'
|
||||
], REST_Controller::HTTP_INTERNAL_SERVER_ERROR); // INTERNAL_SERVER_ERROR (500) being the HTTP response code
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Regenerate a key
|
||||
*
|
||||
* @access public
|
||||
* @return void
|
||||
*/
|
||||
public function regenerate_post()
|
||||
{
|
||||
$old_key = $this->post('key');
|
||||
$key_details = $this->__getKey($old_key);
|
||||
|
||||
// Does this key exist?
|
||||
if (!$key_details)
|
||||
{
|
||||
// It doesn't appear the key exists
|
||||
$this->response([
|
||||
'status' => false,
|
||||
'message' => 'Invalid API key'
|
||||
], REST_Controller::HTTP_BAD_REQUEST); // BAD_REQUEST (400) being the HTTP response code
|
||||
}
|
||||
|
||||
// Build a new key
|
||||
$new_key = $this->__generateKey();
|
||||
|
||||
// Insert the new key
|
||||
if ($this->_insert_key($new_key, ['level' => $key_details->level, 'ignore_limits' => $key_details->ignore_limits]))
|
||||
{
|
||||
// Suspend old key
|
||||
$this->_update_key($old_key, ['level' => 0]);
|
||||
|
||||
$this->response([
|
||||
'status' => true,
|
||||
'key' => $new_key
|
||||
], REST_Controller::HTTP_CREATED); // CREATED (201) being the HTTP response code
|
||||
}
|
||||
else
|
||||
{
|
||||
$this->response([
|
||||
'status' => false,
|
||||
'message' => 'Could not save the key'
|
||||
], REST_Controller::HTTP_INTERNAL_SERVER_ERROR); // INTERNAL_SERVER_ERROR (500) being the HTTP response code
|
||||
}
|
||||
}
|
||||
|
||||
/* Helper Methods */
|
||||
|
||||
/**
|
||||
* Generate a key
|
||||
*
|
||||
* @access private
|
||||
* @return void
|
||||
*/
|
||||
private function __generateKey()
|
||||
{
|
||||
do
|
||||
{
|
||||
// Generate a random salt
|
||||
$salt = base_convert(bin2hex($this->security->get_random_bytes(64)), 16, 36);
|
||||
|
||||
// If an error occurred, then fall back to the previous method
|
||||
if ($salt === false)
|
||||
{
|
||||
$salt = hash('sha256', time().mt_rand());
|
||||
}
|
||||
|
||||
$new_key = substr($salt, 0, config_item('rest_key_length'));
|
||||
}
|
||||
while ($this->_key_exists($new_key));
|
||||
|
||||
return $new_key;
|
||||
}
|
||||
|
||||
/* Private Data Methods */
|
||||
|
||||
/**
|
||||
* Get a key
|
||||
*
|
||||
* @access private
|
||||
* @param string $key The API-Key.
|
||||
* @return array
|
||||
*/
|
||||
private function __getKey($key)
|
||||
{
|
||||
return $this->db
|
||||
->where(config_item('rest_key_column'), $key)
|
||||
->get(config_item('rest_keys_table'))
|
||||
->row();
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if key exists
|
||||
*
|
||||
* @access private
|
||||
* @param string $key The API-Key.
|
||||
* @return bool
|
||||
*/
|
||||
private function _key_exists($key)
|
||||
{
|
||||
return $this->db
|
||||
->where(config_item('rest_key_column'), $key)
|
||||
->count_all_results(config_item('rest_keys_table')) > 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* Insert a key
|
||||
*
|
||||
* @access private
|
||||
* @param string $key The API-Key.
|
||||
* @param array $data The API-Key-Data.
|
||||
* @return bool
|
||||
*/
|
||||
private function _insert_key($key, $data)
|
||||
{
|
||||
$data[config_item('rest_key_column')] = $key;
|
||||
$data['date_created'] = function_exists('now') ? now() : time();
|
||||
|
||||
return $this->db
|
||||
->set($data)
|
||||
->insert(config_item('rest_keys_table'));
|
||||
}
|
||||
|
||||
/**
|
||||
* Update a key
|
||||
*
|
||||
* @access private
|
||||
* @param string $key The API-Key.
|
||||
* @param array $data The API-Key-Data.
|
||||
* @return bool
|
||||
*/
|
||||
private function _update_key($key, $data)
|
||||
{
|
||||
return $this->db
|
||||
->where(config_item('rest_key_column'), $key)
|
||||
->update(config_item('rest_keys_table'), $data);
|
||||
}
|
||||
|
||||
/**
|
||||
* Delete a key
|
||||
*
|
||||
* @access private
|
||||
* @param string $key The API-Key.
|
||||
* @return bool
|
||||
*/
|
||||
private function _delete_key($key)
|
||||
{
|
||||
return $this->db
|
||||
->where(config_item('rest_key_column'), $key)
|
||||
->delete(config_item('rest_keys_table'));
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,207 +0,0 @@
|
||||
<?php
|
||||
|
||||
/**
|
||||
* FH-Complete
|
||||
*
|
||||
* @package FHC-API
|
||||
* @author FHC-Team
|
||||
* @copyright Copyright (c) 2016, fhcomplete.org
|
||||
* @license GPLv3
|
||||
* @link http://fhcomplete.org
|
||||
* @since Version 1.0
|
||||
* @filesource
|
||||
*/
|
||||
// ------------------------------------------------------------------------
|
||||
|
||||
defined('BASEPATH') || exit('No direct script access allowed');
|
||||
|
||||
class Person extends APIv1_Controller
|
||||
{
|
||||
|
||||
//public $session;
|
||||
/**
|
||||
* Person API constructor.
|
||||
*/
|
||||
public function __construct()
|
||||
{
|
||||
parent::__construct();
|
||||
|
||||
$this->load->model('person/person_model');
|
||||
}
|
||||
|
||||
public function person_get()
|
||||
{
|
||||
//if (!$this->session_model->validate($this->get('session_id'), $this->get('device_id')))
|
||||
// $this->response(array(['success' => false, 'message' => 'access denied']), REST_Controller::HTTP_UNAUTHORIZED);
|
||||
|
||||
$code = $this->get('code');
|
||||
$email = $this->get('email');
|
||||
$person_id = $this->get('person_id');
|
||||
|
||||
if ((!is_null($code)) && (!is_null($email)))
|
||||
{
|
||||
$result = $this->person_model->getPersonByCodeAndEmail($code, $email);
|
||||
}
|
||||
elseif (! is_null($code))
|
||||
{
|
||||
$result = $this->person_model->getPersonByCode($code, $email);
|
||||
}
|
||||
elseif (!is_null($person_id))
|
||||
{
|
||||
$result = $this->person_model->getPerson($person_id);
|
||||
}
|
||||
else
|
||||
{
|
||||
$result = $this->person_model->getPerson();
|
||||
}
|
||||
|
||||
if (empty($result))
|
||||
{
|
||||
$payload = [
|
||||
'success' => false,
|
||||
'message' => 'Person not found'
|
||||
];
|
||||
$httpstatus = REST_Controller::HTTP_OK;
|
||||
}
|
||||
else
|
||||
{
|
||||
// return all available persons
|
||||
$payload = [
|
||||
'success' => true,
|
||||
'message' => 'Persons found'
|
||||
];
|
||||
$payload['data'] = $result;
|
||||
$httpstatus = REST_Controller::HTTP_OK;
|
||||
}
|
||||
|
||||
// Set the response and exit
|
||||
$this->response($payload, $httpstatus);
|
||||
}
|
||||
|
||||
public function personFromCode_post()
|
||||
{
|
||||
$code = $this->post('code');
|
||||
$email = $this->post('email');
|
||||
$person_id = $this->post('person_id');
|
||||
|
||||
if ((!is_null($code)) && (!is_null($email)))
|
||||
{
|
||||
$result = $this->person_model->getPersonByCodeAndEmail($code, $email);
|
||||
}
|
||||
elseif (!is_null($person_id))
|
||||
{
|
||||
$result = $this->person_model->getPerson($person_id);
|
||||
}
|
||||
else
|
||||
{
|
||||
$result = $this->person_model->getPerson();
|
||||
}
|
||||
|
||||
if (empty($result))
|
||||
{
|
||||
$payload = [
|
||||
'success' => false,
|
||||
'message' => 'Person not found'
|
||||
];
|
||||
$httpstatus = REST_Controller::HTTP_OK;
|
||||
}
|
||||
else
|
||||
{
|
||||
// return all available persons
|
||||
$payload = [
|
||||
'success' => true,
|
||||
'message' => 'Persons found'
|
||||
];
|
||||
$payload['data'] = $result;
|
||||
$httpstatus = REST_Controller::HTTP_OK;
|
||||
}
|
||||
|
||||
// Set the response and exit
|
||||
$this->response($payload, $httpstatus);
|
||||
}
|
||||
|
||||
public function person_post()
|
||||
{
|
||||
$result = $this->person_model->savePerson($this->post());
|
||||
if($result != FALSE)
|
||||
{
|
||||
$httpstatus = REST_Controller::HTTP_OK;
|
||||
$payload = [
|
||||
'success' => true,
|
||||
'message' => 'Person saved.'
|
||||
];
|
||||
$payload['data'] = $result;
|
||||
}
|
||||
else
|
||||
{
|
||||
$payload = [
|
||||
'success' => false,
|
||||
'message' => 'Could not save person.'
|
||||
];
|
||||
$httpstatus = REST_Controller::HTTP_OK;
|
||||
}
|
||||
|
||||
$this->response($payload, $httpstatus);
|
||||
}
|
||||
|
||||
public function personUpdate_post()
|
||||
{
|
||||
$result = $this->person_model->updatePerson($this->post());
|
||||
if($result != FALSE)
|
||||
{
|
||||
$httpstatus = REST_Controller::HTTP_OK;
|
||||
$payload = [
|
||||
'success' => true,
|
||||
'message' => 'Person updated.'
|
||||
];
|
||||
$payload['data'] = $result;
|
||||
}
|
||||
else
|
||||
{
|
||||
$payload = [
|
||||
'success' => false,
|
||||
'message' => 'Could not update person.'
|
||||
];
|
||||
$httpstatus = REST_Controller::HTTP_OK;
|
||||
}
|
||||
//
|
||||
$this->response($payload, $httpstatus);
|
||||
}
|
||||
|
||||
public function checkBewerbung_get()
|
||||
{
|
||||
$result = $this->person_model->checkBewerbung($this->get("email"),$this->get("studiensemester_kurzbz"));
|
||||
$httpstatus = REST_Controller::HTTP_OK;
|
||||
$payload = [
|
||||
'success' => true,
|
||||
'message' => 'Bewerbung exists.'
|
||||
];
|
||||
$payload['data'] = $result;
|
||||
|
||||
$this->response($payload, $httpstatus);
|
||||
}
|
||||
|
||||
public function checkZugangscodePerson_get()
|
||||
{
|
||||
$result = $this->person_model->checkZugangscodePerson($this->get("code"));
|
||||
$httpstatus = REST_Controller::HTTP_OK;
|
||||
if(!empty($result))
|
||||
{
|
||||
$payload = [
|
||||
'success' => true,
|
||||
'message' => 'Zugangscode exists.'
|
||||
];
|
||||
$payload['data'] = $result;
|
||||
}
|
||||
else
|
||||
{
|
||||
$payload = [
|
||||
'success' => false,
|
||||
'message' => 'Zugangscode does not exist.'
|
||||
];
|
||||
$httpstatus = REST_Controller::HTTP_OK;
|
||||
}
|
||||
|
||||
$this->response($payload, $httpstatus);
|
||||
}
|
||||
}
|
||||
@@ -35,7 +35,7 @@ class FHC_Auth
|
||||
* @param string $password
|
||||
* @return bool
|
||||
*/
|
||||
function basicAuthentication($username, $password)
|
||||
public function basicAuthentication($username, $password)
|
||||
{
|
||||
$auth = new authentication();
|
||||
if($auth->checkpassword($username, $password))
|
||||
|
||||
Reference in New Issue
Block a user