60 lines
2.0 KiB
PHP
60 lines
2.0 KiB
PHP
<?php
|
|
|
|
class RestAuth {
|
|
|
|
public static function verifyAuth($checkApiKey, $checkSession, $action) {
|
|
//Session takes precedence over API key for now:
|
|
if ($checkSession && self::verifySession()
|
|
|| $checkApiKey && self::verifyAPIKey($action)
|
|
) {
|
|
return true;
|
|
}
|
|
|
|
$action->getResponse()
|
|
->setHttpResponseCode(401)
|
|
->appendBody(json_encode(array("message" => "ERROR: Incorrect API key.")));
|
|
|
|
return false;
|
|
}
|
|
|
|
public static function getOwnerId() {
|
|
try {
|
|
if (self::verifySession()) {
|
|
$service_user = new Application_Service_UserService();
|
|
return $service_user->getCurrentUser()->getDbId();
|
|
} else {
|
|
$defaultOwner = CcSubjsQuery::create()
|
|
->filterByDbType(array('A', 'S'), Criteria::IN)
|
|
->orderByDbId()
|
|
->findOne();
|
|
if (!$defaultOwner) {
|
|
// what to do if there is no admin user?
|
|
// should we handle this case?
|
|
return null;
|
|
}
|
|
return $defaultOwner->getDbId();
|
|
}
|
|
} catch (Exception $e) {
|
|
Logging::info($e->getMessage());
|
|
}
|
|
}
|
|
|
|
private static function verifySession() {
|
|
$auth = Zend_Auth::getInstance();
|
|
return $auth->hasIdentity();
|
|
}
|
|
|
|
private static function verifyAPIKey($action) {
|
|
//The API key is passed in via HTTP "basic authentication":
|
|
// http://en.wikipedia.org/wiki/Basic_access_authentication
|
|
$CC_CONFIG = Config::getConfig();
|
|
|
|
//Decode the API key that was passed to us in the HTTP request.
|
|
$authHeader = $action->getRequest()->getHeader("Authorization");
|
|
$encodedRequestApiKey = substr($authHeader, strlen("Basic "));
|
|
$encodedStoredApiKey = base64_encode($CC_CONFIG["apiKey"][0] . ":");
|
|
|
|
return ($encodedRequestApiKey === $encodedStoredApiKey);
|
|
}
|
|
|
|
} |