Congegni/sintonia
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'saas' of github.com:sourcefabric/Airtime into saas

Browse source 
Conflicts:
	airtime_mvc/application/modules/rest/controllers/MediaController.php
This commit is contained in:
Albert Santoni 2014-10-29 18:01:31 -04:00
commit 359727fc66
11 changed files with 797 additions and 261 deletions
Download patch file Download diff file Expand all files Collapse all files

33
airtime_mvc/application/modules/rest/controllers/MediaController.php
View file

@ -129,6 +129,15 @@ class Rest_MediaController extends Zend_Rest_Controller
public function postAction()
{
/* If the user presents a valid API key, we don't check CSRF tokens.
CSRF tokens are only used for session based authentication.
*/
if(!$this->verifyAPIKey()){
if(!$this->verifyCSRFToken($this->_getParam('csrf_token'))){
return;
}
}
if (!$this->verifyAuth(true, true))
{
return;
@ -295,6 +304,18 @@ class Rest_MediaController extends Zend_Rest_Controller
return $id;
}
private function verifyCSRFToken($token){
$current_namespace = new Zend_Session_Namespace('csrf_namespace');
$observed_csrf_token = $token;
$expected_csrf_token = $current_namespace->authtoken;
if($observed_csrf_token == $expected_csrf_token){
return true;
}else{
return false;
}
}
private function verifyAuth($checkApiKey, $checkSession)
{
// Session takes precedence over API key for now:
@ -321,18 +342,6 @@ class Rest_MediaController extends Zend_Rest_Controller
return false;
}
private function verifyCSRFToken($token){
$current_namespace = new Zend_Session_Namespace('csrf_namespace');
$observed_csrf_token = $token;
$expected_csrf_token = $current_namespace->authtoken;
if($observed_csrf_token == $expected_csrf_token){
return true;
}else{
return false;
}
}
private function verifyAPIKey()
{
//The API key is passed in via HTTP "basic authentication":