ndi-2018
/
main
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fix: api.core.AuthSystemDefault (re-use stored token in session if session_connected (check again for each api call))

This commit is contained in:
xdrm-brackets 2017-11-26 13:48:03 +01:00
parent 4aec7e790d
commit 6399608ef5
1 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
build/api/core/AuthSystemDefault.php
View File

@ -25,6 +25,7 @@
public static function check(){ public static function check(){
/* (1) Initialisation /* (1) Initialisation
---------------------------------------------------------*/ ---------------------------------------------------------*/
if( !isset($_SESSION['TOKEN']) ) $_SESSION['TOKEN'] = [];
if( !isset($_SESSION['AUTH']) ) $_SESSION['AUTH'] = []; if( !isset($_SESSION['AUTH']) ) $_SESSION['AUTH'] = [];
if( !isset($_SESSION['PERM']) ) $_SESSION['PERM'] = []; if( !isset($_SESSION['PERM']) ) $_SESSION['PERM'] = [];
if( !isset($_SESSION['USER']) ) $_SESSION['USER'] = []; if( !isset($_SESSION['USER']) ) $_SESSION['USER'] = [];
@ -33,12 +34,15 @@
/* (2) Gestion de AUTH (authentification) /* (2) Gestion de AUTH (authentification)
---------------------------------------------------------*/ ---------------------------------------------------------*/
/* (1) Si Auth dans HEADER, on le récupère */ $AUTH = '';
$AUTH = isset($_SERVER['PHP_AUTH_DIGEST']) ? $_SERVER['PHP_AUTH_DIGEST'] : '';
/* (2) Si Auth dans SESSION, on le récupère */ /* (1) Si Auth dans HEADER, on le récupère */
if( $AUTH == '' && isset($_SESSION['AUTH']) ) if( isset($_SERVER['PHP_AUTH_DIGEST']) && is_string($_SERVER['PHP_AUTH_DIGEST']) )
$AUTH = implode('', $_SESSION['AUTH']); $AUTH = $_SERVER['PHP_AUTH_DIGEST'];
/* (2) Si SESSION déja connectée -> no récupère le token */
elseif( isset($_SESSION['TOKEN']) && is_string($_SESSION['TOKEN']) )
$AUTH = $_SESSION['TOKEN'];
/* (3) Gestion de AUTH en fonction des tokens /* (3) Gestion de AUTH en fonction des tokens
@ -53,6 +57,7 @@
/* (2) Aucune authentification */ /* (2) Aucune authentification */
else{ else{
$_SESSION['TOKEN'] = [];
$_SESSION['AUTH'] = []; $_SESSION['AUTH'] = [];
$_SESSION['USER'] = []; $_SESSION['USER'] = [];
$_SESSION['ADMIN'] = []; $_SESSION['ADMIN'] = [];
@ -61,6 +66,7 @@
/* (4) On vérifie l'authentification par BDD /* (4) On vérifie l'authentification par BDD
---------------------------------------------------------*/ ---------------------------------------------------------*/
if( !self::deepCheck() ){ if( !self::deepCheck() ){
$_SESSION['TOKEN'] = [];
$_SESSION['AUTH'] = []; $_SESSION['AUTH'] = [];
$_SESSION['USER'] = []; $_SESSION['USER'] = [];
$_SESSION['ADMIN'] = []; $_SESSION['ADMIN'] = [];