From 687fac83f7e3aacd12b48ad44a7b4c19e4654c30 Mon Sep 17 00:00:00 2001 From: Daniel Hensby Date: Wed, 1 May 2013 15:52:55 +0100 Subject: [PATCH] NEW Support for other authenticators I've added the ability to add other authenticators to the RestfulServer Use the config system to change the authenticator option and it'll call 'authenticate' on that class. I've assumed that one won't need any parameters sent to that and everything can be taken from `Controller::curr()->request` This relies on the default authenticator being able to accept the standard email/password identifiers. I imagine anyone using a default authenticator to that will go to the trouble of adding a RestfulServer authenticator too. --- code/BasicRestfulAuthenticator.php | 39 ++++++++++++++++++++++++++++++ code/RestfulServer.php | 26 ++++++++------------ 2 files changed, 49 insertions(+), 16 deletions(-) create mode 100644 code/BasicRestfulAuthenticator.php diff --git a/code/BasicRestfulAuthenticator.php b/code/BasicRestfulAuthenticator.php new file mode 100644 index 0000000..ac9af7f --- /dev/null +++ b/code/BasicRestfulAuthenticator.php @@ -0,0 +1,39 @@ + $_SERVER['PHP_AUTH_USER'], + 'Password' => $_SERVER['PHP_AUTH_PW'], + )); + + //Log the member in and return the member, if they were found + if($member) { + $member->LogIn(false); + return $member; + } + return false; + } + +} diff --git a/code/RestfulServer.php b/code/RestfulServer.php index d1daaf9..c5ad885 100644 --- a/code/RestfulServer.php +++ b/code/RestfulServer.php @@ -10,7 +10,6 @@ * but not their relation with each other) * @todo Make SearchContext specification customizeable for each class * @todo Allow for range-searches (e.g. on Created column) - * @todo Allow other authentication methods (currently only HTTP BasicAuth) * @todo Filter relation listings by $api_access and canView() permissions * @todo Exclude relations when "fields" are specified through URL (they should be explicitly * requested in this case) @@ -36,6 +35,8 @@ class RestfulServer extends Controller { protected static $api_base = "api/v1/"; + protected static $authenticator = 'BasicRestfulAuthenticator'; + /** * If no extension is given in the request, resolve to this extension * (and subsequently the {@link self::$default_mimetype}. @@ -57,7 +58,7 @@ class RestfulServer extends Controller { */ protected $member; - static $allowed_actions = array( + public static $allowed_actions = array( 'index' ); @@ -540,21 +541,14 @@ class RestfulServer extends Controller { return "Unsupported Media Type"; } + /** + * A function to authenticate a user + * + * @return Member|false the logged in member + */ protected function authenticate() { - if(!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) return false; - - if($member = Member::currentUser()) return $member; - $member = MemberAuthenticator::authenticate(array( - 'Email' => $_SERVER['PHP_AUTH_USER'], - 'Password' => $_SERVER['PHP_AUTH_PW'], - ), null); - - if($member) { - $member->LogIn(false); - return $member; - } else { - return false; - } + $authClass = self::config()->authenticator; + return $authClass::authenticate(); } /**