We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit 4f4803a2 authored by Jonas Haraldsson's avatar Jonas Haraldsson

more clean-up

parent 5eb0dac5
......@@ -18,9 +18,10 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
//TODO move html to template
require_once('../../database.php');
require_once('../../templating.php');
require_once('../../config.php');
require_once($install_path . '/database.php');
require_once($install_path . '/templating.php');
require_once($install_path . '/data/Server.php');
function displayError($error_msg) {
global $smarty;
......@@ -29,54 +30,97 @@ function displayError($error_msg) {
exit();
}
// Desktop app auth
if (isset($_POST['username'], $_POST['api_key'], $_POST['token'])) {
/**
* if !api_key
* error
*
* if api_key && cb && !token
* web app step 1
*
* if api_key && token && !cb
* desktop app step 1
*
* if username && api_key && token && password
* web/desktop app step 2.1
*
* if cb
* web app step 2.2
* redirect to callback_url with token as param
* client needs to do a auth.getsession within 60 minutes
* else
* desktop app step 2.2
* print success message
* client needs to do a auth.getsession within 60 minutes
*
*
*/
// Authenticate the user using the submitted password
// We always need the api_key parameter
if (!isset($_REQUEST['api_key'])) {
displayError('Must submit a combination of parameters api_key and cb or api_key and token to proceed.');
// Web app auth step 1
} elseif (isset($_GET['api_key']) && isset($_GET['cb']) && !isset($_GET['token'])) {
$token = Server::getAuthToken();
$smarty->assign('token', $token);
$smarty->assign('cb', $_GET['cb']);
$smarty->assign('api_key', $_GET['api_key']);
// Desktop app auth step 1
} elseif (isset($_GET['api_key']) && isset($_GET['token']) && !isset($_GET['cb'])) {
// Ensures the token exists and is not already bound to a user
$query = 'SELECT * FROM Auth WHERE token = ? AND username IS NULL';
$params = array($_GET['token']);
try {
$result = $adodb->GetOne('SELECT username FROM Users WHERE '
. 'lower(username) = ' . $adodb->qstr(strtolower($_POST['username'])) . ' AND '
. 'password = ' . $adodb->qstr(md5($_POST['password'])));
$result = $adodb->GetRow($query, $params);
} catch (Exception $e) {
reportError($e->getMessage(), $e->getTraceAsString());
displayError('Database error');
}
if (!$result) {
displayError('Authentication failed');
displayError('Invalid token');
}
// Bind the user to the token and cancel the expiration rule
$smarty->assign('api_key', $_GET['api_key']);
$smarty->assign('token', $_GET['token']);
// Web/Desktop app auth step 2.1
} elseif (isset($_POST['username'], $_POST['api_key'], $_POST['token'], $_POST['password'])) {
// Authenticate the user using the submitted password
$query = 'SELECT username FROM Users WHERE lower(username) = lower(?) AND password = ?';
$params = array($_POST['username'], $_POST['password']);
try {
$result = $adodb->Execute('UPDATE Auth SET '
. 'username = ' . $adodb->qstr($_POST['username']) . ', '
. 'expires = 0 '
. 'WHERE '
. 'token = ' . $adodb->qstr($_POST['token']));
$result = $adodb->GetOne($query, $params);
} catch (Exception $e) {
reportError($e->getMessage(), $e->getTraceAsString());
displayError('Database error');
}
$smarty->assign('username', $_POST['username']);
} else if (!isset($_GET['api_key'], $_GET['token'])) {
displayError('Must submit an api_key and token to proceed.');
} else {
if (!$result) {
displayError('Authentication failed');
}
// Ensures the token exists and is not already bound to a user
// Bind the user to the token and cancel the expiration rule
$query = 'UPDATE Auth SET username = ?, expires = 0 WHERE token = ?';
$params = array($_POST['username'], $_POST['token']);
try {
$result = $adodb->GetRow('SELECT * FROM Auth WHERE '
. 'token = ' . $adodb->qstr($_GET['token']) . ' AND '
. 'username IS NULL');
$adodb->Execute($query, $params);
} catch (Exception $e) {
reportError($e->getMessage(), $e->getTraceAsString());
displayError('Database error');
}
if (!$result) {
displayError('Invalid token');
}
// Web app auth step 2.2
if(isset($_POST['cb'])) {
$redirect_url = $_POST['cb'];
header('Location:' . $redirect_url . '&token=' . $_POST['token']);
$smarty->assign('api_key', $_GET['api_key']);
$smarty->assign('token', $_GET['token']);
// Desktop app auth step 2.2
} else {
$smarty->assign('username', $_POST['username']);
}
}
$smarty->display('api_auth.tpl');
......@@ -13,6 +13,9 @@
<input type="submit" value="Submit" />
<input type="hidden" name="api_key" value="{$api_key}" />
<input type="hidden" name="token" value="{$token}" />
{if $callback_url}
<input type="hidden" name="callback_url" value="{$callback_url}" />
{/if}
</p>
</form>
{/if}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment