diff --git a/application/controllers/api/v1/APIAuth.php b/application/controllers/api/v1/APIAuth.php deleted file mode 100644 index 162b112d3..000000000 --- a/application/controllers/api/v1/APIAuth.php +++ /dev/null @@ -1,133 +0,0 @@ -methods['login_get']['limit'] = 500; // 500 requests per hour per user/key - - // Load helper - //$this->load->helper('fhcauth'); - $this->load->library('session'); - $this->load->library('FHC_Auth'); - } - - /** - * Checks user credentials and creates a new session - * - * @example normal account: http://wsp.fortyseeds.at/backend/api/userauth/login/username/foo%40bar.at/password/secret/device_id/abcdef123 - * @example OAuth Google: http://wsp.fortyseeds.at/backend/api/userauth/login/username/foo%40bar.at/device_id/abcdef123/google_token/qwert321 - * @example OAuth Facebook: http://wsp.fortyseeds.at/backend/api/userauth/login/username/foo%40bar.at/device_id/abcdef123/fb_token/qwert321 - * @return void JSON that indicates success/failure of login. - */ - public function login_get() - { - $payload = array(); - $errormsg = ""; - $httpstatus = null; - $username = urldecode($this->get('username')); - $password = urldecode($this->get('password')); - - $account = $this->fhc_auth->auth($username, $password); - - // perform login checks - if (!$account) - $errormsg = "Auth not accepted!"; - - if (empty($errormsg)) - { - // generate new session - $this->session->sess_regenerate(); - $token = session_id(); - - $payload = [ - 'success' => true, - 'message' => 'User successfully logged in', - 'session_id' => $token - ]; - $httpstatus = REST_Controller::HTTP_OK; - } - else - { - $payload = [ - 'success' => false, - 'message' => $errormsg - ]; - $httpstatus = REST_Controller::HTTP_UNAUTHORIZED; - } - - // Set the response and exit - $this->response($payload, $httpstatus); - } - - /** - * Logs out user by destroying session - * - * @example http://wsp.fortyseeds.at/backend/api/userauth/logout/username/foo%40bar.at/session_id/55afab8ba6f1b/device_id/abcdef123 - * @return void JSON that indicates success/failure of logout - */ - public function logout_get() - { - $payload = array(); - $httpstatus = null; - $token = $this->get('session_id'); - $username = urldecode($this->get('username')); - $deviceid = $this->get('device_id'); - $account = $this->user_model->load($username); - - // destroy session - if ($this->session_model->destroy($account, $token, $deviceid)) - { - $payload = [ - 'success' => true, - 'message' => 'user successfully logged out' - ]; - $httpstatus = REST_Controller::HTTP_OK; - } - else - { - $payload = [ - 'success' => false, - 'message' => 'user could not be logged out' - ]; - $httpstatus = REST_Controller::HTTP_BAD_REQUEST; - } - - // Set the response and exit - $this->response($payload, $httpstatus); - } -} diff --git a/application/controllers/api/v1/APIKey.php b/application/controllers/api/v1/APIKey.php deleted file mode 100644 index b28712e8c..000000000 --- a/application/controllers/api/v1/APIKey.php +++ /dev/null @@ -1,316 +0,0 @@ - ['level' => 10, 'limit' => 10], - 'index_delete' => ['level' => 10], - 'level_post' => ['level' => 10], - 'regenerate_post' => ['level' => 10], - ]; - - /** - * Insert a key into the database - * - * @access public - * @return void - */ - public function index_put() - { - // Build a new key - $key = $this->__generateKey(); - - // If no key level provided, provide a generic key - $level = $this->put('level') ? $this->put('level') : 1; - $ignore_limits = ctype_digit($this->put('ignore_limits')) ? (int)$this->put('ignore_limits') : 1; - - // Insert the new key - if ($this->_insert_key($key, ['level' => $level, 'ignore_limits' => $ignore_limits])) - { - $this->response([ - 'status' => true, - 'key' => $key - ], REST_Controller::HTTP_CREATED); // CREATED (201) being the HTTP response code - } - else - { - $this->response([ - 'status' => false, - 'message' => 'Could not save the key' - ], REST_Controller::HTTP_INTERNAL_SERVER_ERROR); // INTERNAL_SERVER_ERROR (500) being the HTTP response code - } - } - - /** - * Remove a key from the database to stop it working - * - * @access public - * @return void - */ - public function index_delete() - { - $key = $this->delete('key'); - - // Does this key exist? - if (!$this->_key_exists($key)) - { - // It doesn't appear the key exists - $this->response([ - 'status' => false, - 'message' => 'Invalid API key' - ], REST_Controller::HTTP_BAD_REQUEST); // BAD_REQUEST (400) being the HTTP response code - } - - // Destroy it - $this->_delete_key($key); - - // Respond that the key was destroyed - $this->response([ - 'status' => true, - 'message' => 'API key was deleted' - ], REST_Controller::HTTP_NO_CONTENT); // NO_CONTENT (204) being the HTTP response code - } - - /** - * Change the level - * - * @access public - * @return void - */ - public function level_post() - { - $key = $this->post('key'); - $new_level = $this->post('level'); - - // Does this key exist? - if (!$this->_key_exists($key)) - { - // It doesn't appear the key exists - $this->response([ - 'status' => false, - 'message' => 'Invalid API key' - ], REST_Controller::HTTP_BAD_REQUEST); // BAD_REQUEST (400) being the HTTP response code - } - - // Update the key level - if ($this->_update_key($key, ['level' => $new_level])) - { - $this->response([ - 'status' => true, - 'message' => 'API key was updated' - ], REST_Controller::HTTP_OK); // OK (200) being the HTTP response code - } - else - { - $this->response([ - 'status' => false, - 'message' => 'Could not update the key level' - ], REST_Controller::HTTP_INTERNAL_SERVER_ERROR); // INTERNAL_SERVER_ERROR (500) being the HTTP response code - } - } - - /** - * Suspend a key - * - * @access public - * @return void - */ - public function suspend_post() - { - $key = $this->post('key'); - - // Does this key exist? - if (!$this->_key_exists($key)) - { - // It doesn't appear the key exists - $this->response([ - 'status' => false, - 'message' => 'Invalid API key' - ], REST_Controller::HTTP_BAD_REQUEST); // BAD_REQUEST (400) being the HTTP response code - } - - // Update the key level - if ($this->_update_key($key, ['level' => 0])) - { - $this->response([ - 'status' => true, - 'message' => 'Key was suspended' - ], REST_Controller::HTTP_OK); // OK (200) being the HTTP response code - } - else - { - $this->response([ - 'status' => false, - 'message' => 'Could not suspend the user' - ], REST_Controller::HTTP_INTERNAL_SERVER_ERROR); // INTERNAL_SERVER_ERROR (500) being the HTTP response code - } - } - - /** - * Regenerate a key - * - * @access public - * @return void - */ - public function regenerate_post() - { - $old_key = $this->post('key'); - $key_details = $this->__getKey($old_key); - - // Does this key exist? - if (!$key_details) - { - // It doesn't appear the key exists - $this->response([ - 'status' => false, - 'message' => 'Invalid API key' - ], REST_Controller::HTTP_BAD_REQUEST); // BAD_REQUEST (400) being the HTTP response code - } - - // Build a new key - $new_key = $this->__generateKey(); - - // Insert the new key - if ($this->_insert_key($new_key, ['level' => $key_details->level, 'ignore_limits' => $key_details->ignore_limits])) - { - // Suspend old key - $this->_update_key($old_key, ['level' => 0]); - - $this->response([ - 'status' => true, - 'key' => $new_key - ], REST_Controller::HTTP_CREATED); // CREATED (201) being the HTTP response code - } - else - { - $this->response([ - 'status' => false, - 'message' => 'Could not save the key' - ], REST_Controller::HTTP_INTERNAL_SERVER_ERROR); // INTERNAL_SERVER_ERROR (500) being the HTTP response code - } - } - - /* Helper Methods */ - - /** - * Generate a key - * - * @access private - * @return void - */ - private function __generateKey() - { - do - { - // Generate a random salt - $salt = base_convert(bin2hex($this->security->get_random_bytes(64)), 16, 36); - - // If an error occurred, then fall back to the previous method - if ($salt === false) - { - $salt = hash('sha256', time().mt_rand()); - } - - $new_key = substr($salt, 0, config_item('rest_key_length')); - } - while ($this->_key_exists($new_key)); - - return $new_key; - } - - /* Private Data Methods */ - - /** - * Get a key - * - * @access private - * @param string $key The API-Key. - * @return array - */ - private function __getKey($key) - { - return $this->db - ->where(config_item('rest_key_column'), $key) - ->get(config_item('rest_keys_table')) - ->row(); - } - - /** - * Check if key exists - * - * @access private - * @param string $key The API-Key. - * @return bool - */ - private function _key_exists($key) - { - return $this->db - ->where(config_item('rest_key_column'), $key) - ->count_all_results(config_item('rest_keys_table')) > 0; - } - - /** - * Insert a key - * - * @access private - * @param string $key The API-Key. - * @param array $data The API-Key-Data. - * @return bool - */ - private function _insert_key($key, $data) - { - $data[config_item('rest_key_column')] = $key; - $data['date_created'] = function_exists('now') ? now() : time(); - - return $this->db - ->set($data) - ->insert(config_item('rest_keys_table')); - } - - /** - * Update a key - * - * @access private - * @param string $key The API-Key. - * @param array $data The API-Key-Data. - * @return bool - */ - private function _update_key($key, $data) - { - return $this->db - ->where(config_item('rest_key_column'), $key) - ->update(config_item('rest_keys_table'), $data); - } - - /** - * Delete a key - * - * @access private - * @param string $key The API-Key. - * @return bool - */ - private function _delete_key($key) - { - return $this->db - ->where(config_item('rest_key_column'), $key) - ->delete(config_item('rest_keys_table')); - } - -} diff --git a/application/controllers/api/v1/Person.php b/application/controllers/api/v1/Person.php deleted file mode 100644 index b74bbce59..000000000 --- a/application/controllers/api/v1/Person.php +++ /dev/null @@ -1,207 +0,0 @@ -load->model('person/person_model'); - } - - public function person_get() - { - //if (!$this->session_model->validate($this->get('session_id'), $this->get('device_id'))) - // $this->response(array(['success' => false, 'message' => 'access denied']), REST_Controller::HTTP_UNAUTHORIZED); - - $code = $this->get('code'); - $email = $this->get('email'); - $person_id = $this->get('person_id'); - - if ((!is_null($code)) && (!is_null($email))) - { - $result = $this->person_model->getPersonByCodeAndEmail($code, $email); - } - elseif (! is_null($code)) - { - $result = $this->person_model->getPersonByCode($code, $email); - } - elseif (!is_null($person_id)) - { - $result = $this->person_model->getPerson($person_id); - } - else - { - $result = $this->person_model->getPerson(); - } - - if (empty($result)) - { - $payload = [ - 'success' => false, - 'message' => 'Person not found' - ]; - $httpstatus = REST_Controller::HTTP_OK; - } - else - { - // return all available persons - $payload = [ - 'success' => true, - 'message' => 'Persons found' - ]; - $payload['data'] = $result; - $httpstatus = REST_Controller::HTTP_OK; - } - - // Set the response and exit - $this->response($payload, $httpstatus); - } - - public function personFromCode_post() - { - $code = $this->post('code'); - $email = $this->post('email'); - $person_id = $this->post('person_id'); - - if ((!is_null($code)) && (!is_null($email))) - { - $result = $this->person_model->getPersonByCodeAndEmail($code, $email); - } - elseif (!is_null($person_id)) - { - $result = $this->person_model->getPerson($person_id); - } - else - { - $result = $this->person_model->getPerson(); - } - - if (empty($result)) - { - $payload = [ - 'success' => false, - 'message' => 'Person not found' - ]; - $httpstatus = REST_Controller::HTTP_OK; - } - else - { - // return all available persons - $payload = [ - 'success' => true, - 'message' => 'Persons found' - ]; - $payload['data'] = $result; - $httpstatus = REST_Controller::HTTP_OK; - } - - // Set the response and exit - $this->response($payload, $httpstatus); - } - - public function person_post() - { - $result = $this->person_model->savePerson($this->post()); - if($result != FALSE) - { - $httpstatus = REST_Controller::HTTP_OK; - $payload = [ - 'success' => true, - 'message' => 'Person saved.' - ]; - $payload['data'] = $result; - } - else - { - $payload = [ - 'success' => false, - 'message' => 'Could not save person.' - ]; - $httpstatus = REST_Controller::HTTP_OK; - } - - $this->response($payload, $httpstatus); - } - - public function personUpdate_post() - { - $result = $this->person_model->updatePerson($this->post()); - if($result != FALSE) - { - $httpstatus = REST_Controller::HTTP_OK; - $payload = [ - 'success' => true, - 'message' => 'Person updated.' - ]; - $payload['data'] = $result; - } - else - { - $payload = [ - 'success' => false, - 'message' => 'Could not update person.' - ]; - $httpstatus = REST_Controller::HTTP_OK; - } - // - $this->response($payload, $httpstatus); - } - - public function checkBewerbung_get() - { - $result = $this->person_model->checkBewerbung($this->get("email"),$this->get("studiensemester_kurzbz")); - $httpstatus = REST_Controller::HTTP_OK; - $payload = [ - 'success' => true, - 'message' => 'Bewerbung exists.' - ]; - $payload['data'] = $result; - - $this->response($payload, $httpstatus); - } - - public function checkZugangscodePerson_get() - { - $result = $this->person_model->checkZugangscodePerson($this->get("code")); - $httpstatus = REST_Controller::HTTP_OK; - if(!empty($result)) - { - $payload = [ - 'success' => true, - 'message' => 'Zugangscode exists.' - ]; - $payload['data'] = $result; - } - else - { - $payload = [ - 'success' => false, - 'message' => 'Zugangscode does not exist.' - ]; - $httpstatus = REST_Controller::HTTP_OK; - } - - $this->response($payload, $httpstatus); - } -} diff --git a/application/libraries/FHC_Auth.php b/application/libraries/FHC_Auth.php index d5cf7238a..e716cebf9 100644 --- a/application/libraries/FHC_Auth.php +++ b/application/libraries/FHC_Auth.php @@ -35,7 +35,7 @@ class FHC_Auth * @param string $password * @return bool */ - function basicAuthentication($username, $password) + public function basicAuthentication($username, $password) { $auth = new authentication(); if($auth->checkpassword($username, $password))