From 88f1d3b871ddb88809d9bb020836c2203662e591 Mon Sep 17 00:00:00 2001 From: xdrm-brackets Date: Sun, 26 Nov 2017 13:49:13 +0100 Subject: [PATCH] add: api.module.authentication (authentication methods for admin + user) | upd: config.modules (updated config according to @1) --- build/api/module/authentication.php | 104 ++++++++++++++++++++++++++++ config/modules.json | 29 ++++++++ 2 files changed, 133 insertions(+) create mode 100644 build/api/module/authentication.php diff --git a/build/api/module/authentication.php b/build/api/module/authentication.php new file mode 100644 index 0000000..a0ad346 --- /dev/null +++ b/build/api/module/authentication.php @@ -0,0 +1,104 @@ + error */ + if( !is_array($fetched_admin) || !isset($fetched_admin['id_admin']) || !is_numeric($fetched_admin['id_admin']) ) + return ['connected' => false]; + + /* (3) Extract @id_admin */ + $id_admin = intval( $fetched_admin['id_admin'] ); + + + /* (3) Check password for admin + ---------------------------------------------------------*/ + /* (1) Check password */ + $valid_pass = Repo::request('admin', 'checkPassword', $id_admin, $password); + + /* (2) If wrong password -> error */ + if( !$valid_pass ) + return ['connected' => false]; + + + /* (4) Update session to be connected + ---------------------------------------------------------*/ + /* (1) Update session */ + $_SESSION['TOKEN'] = 'a'.$fetched_admin['token']; + new AuthSystemDefault; + + /* (2) Return status */ + return ['connected' => true]; + + } + + public function POST_user($argv){ + extract($argv); + + + /* (1) Logout by default + ---------------------------------------------------------*/ + $_SESSION['TOKEN'] = []; + + + /* (2) Search for @id_user from username + ---------------------------------------------------------*/ + /* (1) Fetch by username */ + $fetched_user = Repo::request('user', 'getByUsername', $username); + + /* (2) If not found -> error */ + if( !is_array($fetched_user) || !isset($fetched_user['id_user']) || !is_numeric($fetched_user['id_user']) ) + return ['connected' => false]; + + /* (3) Extract @id_user */ + $id_user = intval( $fetched_user['id_user'] ); + + + /* (3) Check password for user + ---------------------------------------------------------*/ + /* (1) Check password */ + $valid_pass = Repo::request('user', 'checkPassword', $id_user, $password); + + /* (2) If wrong password -> error */ + if( !$valid_pass ) + return ['connected' => false]; + + + /* (4) Update session to be connected + ---------------------------------------------------------*/ + /* (1) Update session */ + $_SESSION['TOKEN'] = 'u'.$fetched_user['token']; + new AuthSystemDefault; + + /* (2) Return status */ + return ['connected' => true]; + } + +} diff --git a/config/modules.json b/config/modules.json index f71fe62..5d301fa 100755 --- a/config/modules.json +++ b/config/modules.json @@ -1,5 +1,34 @@ { + "authentication": { + "POST admin": { + "description": "Connexion administrateur", + "permissions": [], + "parameters": { + "username": { "description": "Identifiant de l'administrateur.", "type": "varchar(3,20,alphanumeric)" }, + "password": { "description": "Mot de passe de l'administrateur.", "type": "text" } + }, + "output": { + "connected": { "description": "Vrai si connecté.", "type": "boolean" } + } + }, + + "POST user": { + "description": "Connexion utilisateur", + "permissions": [], + "parameters": { + "username": { "description": "Identifiant de l'utilisateur.", "type": "varchar(3,20,alphanumeric)" }, + "password": { "description": "Mot de passe de l'utilisateur'.", "type": "text" } + }, + "output": { + "connected": { "description": "Vrai si connecté.", "type": "boolean" } + } + } + + }, + + + "RESTexample": { "POST article": { "description": "Posts a new article",