NEW Support for other authenticators

I've added the ability to add other authenticators to the RestfulServer

Use the config system to change the authenticator option and it'll call
'authenticate' on that class.

I've assumed that one won't need any parameters sent to that and
everything can be taken from `Controller::curr()->request`

This relies on the default authenticator being able to accept the
standard email/password identifiers. I imagine anyone using a default
authenticator to that will go to the trouble of adding a RestfulServer
authenticator too.
This commit is contained in:
Daniel Hensby 2013-05-01 15:52:55 +01:00
parent 9ea7097acc
commit 687fac83f7
2 changed files with 49 additions and 16 deletions

View File

@ -0,0 +1,39 @@
<?php
/**
* A simple authenticator for the Restful server.
*
* This allows users to be authenticated against that RestfulServer using their
* login details, however they will be passed 'in the open' and will require the
* application accessing the RestfulServer to store logins in plain text (or in
* decrytable form)
*/
class BasicRestfulAuthenticator {
/**
* The authenticate function
*
* Takes the basic auth details and attempts to log a user in from the DB
*
* @return Member|false The Member object, or false if no member
*/
public static function authenticate() {
//if there is no username or password, break
if(!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) return false;
//Attempt to authenticate with the default authenticator for the site
$authClass = Authenticator::get_default_authenticator();
$member = $authClass::authenticate(array(
'Email' => $_SERVER['PHP_AUTH_USER'],
'Password' => $_SERVER['PHP_AUTH_PW'],
));
//Log the member in and return the member, if they were found
if($member) {
$member->LogIn(false);
return $member;
}
return false;
}
}

View File

@ -10,7 +10,6 @@
* but not their relation with each other) * but not their relation with each other)
* @todo Make SearchContext specification customizeable for each class * @todo Make SearchContext specification customizeable for each class
* @todo Allow for range-searches (e.g. on Created column) * @todo Allow for range-searches (e.g. on Created column)
* @todo Allow other authentication methods (currently only HTTP BasicAuth)
* @todo Filter relation listings by $api_access and canView() permissions * @todo Filter relation listings by $api_access and canView() permissions
* @todo Exclude relations when "fields" are specified through URL (they should be explicitly * @todo Exclude relations when "fields" are specified through URL (they should be explicitly
* requested in this case) * requested in this case)
@ -36,6 +35,8 @@ class RestfulServer extends Controller {
protected static $api_base = "api/v1/"; protected static $api_base = "api/v1/";
protected static $authenticator = 'BasicRestfulAuthenticator';
/** /**
* If no extension is given in the request, resolve to this extension * If no extension is given in the request, resolve to this extension
* (and subsequently the {@link self::$default_mimetype}. * (and subsequently the {@link self::$default_mimetype}.
@ -57,7 +58,7 @@ class RestfulServer extends Controller {
*/ */
protected $member; protected $member;
static $allowed_actions = array( public static $allowed_actions = array(
'index' 'index'
); );
@ -540,21 +541,14 @@ class RestfulServer extends Controller {
return "Unsupported Media Type"; return "Unsupported Media Type";
} }
/**
* A function to authenticate a user
*
* @return Member|false the logged in member
*/
protected function authenticate() { protected function authenticate() {
if(!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) return false; $authClass = self::config()->authenticator;
return $authClass::authenticate();
if($member = Member::currentUser()) return $member;
$member = MemberAuthenticator::authenticate(array(
'Email' => $_SERVER['PHP_AUTH_USER'],
'Password' => $_SERVER['PHP_AUTH_PW'],
), null);
if($member) {
$member->LogIn(false);
return $member;
} else {
return false;
}
} }
/** /**