Skip to content
Snippets Groups Projects
Commit a109f800 authored by Sibidharan's avatar Sibidharan :speech_balloon:
Browse files

WIP: OAuth

parent 0db7a0af
No related branches found
No related tags found
No related merge requests found
......@@ -8,7 +8,7 @@ ${basename(__FILE__, '.php')} = function(){
$auth = new Auth($username, $password);
$data = [
"message" => "Login success",
"token" => $auth->getAuthToken()
"tokens" => $auth->getAuthTokens()
];
$data = $this->json($data);
$this->response($data, 200);
......
<?php
${basename(__FILE__, '.php')} = function(){
if($this->get_request_method() == "POST" and isset($this->_request['username']) and isset($this->_request['password'])){
$username = $this->_request['username'];
$password = $this->_request['password'];
try {
$auth = new Auth($username, $password);
$data = [
"message" => "Login success",
"tokens" => $auth->getAuthTokens()
];
$data = $this->json($data);
$this->response($data, 200);
} catch(Exception $e){
$data = [
"error" => $e->getMessage()
];
$data = $this->json($data);
$this->response($data, 406);
}
} else {
$data = [
"error" => "Bad request"
];
$data = $this->json($data);
$this->response($data, 400);
}
};
\ No newline at end of file
......@@ -2,13 +2,14 @@
require_once($_SERVER['DOCUMENT_ROOT'].'/api/lib/Database.class.php');
require_once($_SERVER['DOCUMENT_ROOT'].'/api/lib/User.class.php');
require_once($_SERVER['DOCUMENT_ROOT'].'/api/lib/OAuth.class.php');
require $_SERVER['DOCUMENT_ROOT'].'/vendor/autoload.php';
class Auth {
private $db;
private $isTokenAuth = false;
private $loginToken = null;
private $loginTokens = null;
public function __construct($username, $password = NULL){
$this->db = Database::getConnection();
......@@ -32,26 +33,21 @@ class Auth {
if(!$user->isActive()){
throw new Exception("Please check your email and activate your account.");
}
$this->loginToken = $this->addSession();
$this->loginTokens = $this->addSession();
} else {
throw new Exception("Password Mismatch");
}
}
}
public function getAuthToken(){
return $this->loginToken;
public function getAuthTokens(){
return $this->loginTokens;
}
private function addSession(){
$token = Auth::generateRandomHash(32);
$query = "INSERT INTO `apis`.`session` (`username`, `token`) VALUES ('$this->username', '$token');";
if(mysqli_query($this->db, $query)){
return $token;
} else {
throw new Exception(mysqli_error($this->db));
}
$oauth = new OAuth($this->username);
$session = $oauth->newSession();
return $session;
}
public static function generateRandomHash($len){
......
<?php
require_once($_SERVER['DOCUMENT_ROOT'].'/api/lib/Auth.class.php');
require_once($_SERVER['DOCUMENT_ROOT'].'/api/lib/Database.class.php');
require_once($_SERVER['DOCUMENT_ROOT'].'/api/lib/User.class.php');
class OAuth {
private $db;
private $refresh_token;
private $access_token;
private $valid_for = 7200;
private $username;
public function __construct($username, $refresh_token = NULL){
$this->refresh_token = $refresh_token;
$this->db = Database::getConnection();
$this->username = $username;
$u = new User($this->username);
}
public function newSession($valid_for = 7200){
$this->valid_for = $valid_for;
$this->access_token = Auth::generateRandomHash(32);
$this->refresh_token = Auth::generateRandomHash(32);
$query = "INSERT INTO `apis`.`session` (`username`, `access_token`, `refresh_token`, `valid_for`, `reference_token`)
VALUES ('$this->username', '$this->access_token', '$this->refresh_token', $this->valid_for, 'auth_grant');";
if(mysqli_query($this->db, $query)){
return array(
"access_token" => $this->access_token,
"valid_for" => $this->valid_for,
"refresh_token" => $this->refresh_token,
"type" => 'api'
);
} else {
throw new Exception(mysqli_error($this->db));
}
}
public function refreshAccess(){
if($this->refresh_token){
$query = "SELECT * FROM apis.session WHERE refresh_token = '$this->refresh_token';";
$result = mysqli_query($this->db, $query);
if($result){
$data = mysqli_fetch_assoc($result);
if($data['valid'] == 1){
} else {
throw new Exception("Expired token");
}
} else {
throw new Exception("Invalid request");
}
}
}
}
\ No newline at end of file
......@@ -26,7 +26,7 @@ class Signup {
//Homework - make a proper flow to throw username already exists
$query = "INSERT INTO `apis`.`auth` (`username`, `password`, `email`, `active`, `token`) VALUES ('$username', '$password', '$email', 0, '$token');";
if(!mysqli_query($this->db, $query)){
throw new Exception("Unable to signup.");
throw new Exception("Unable to signup, user account might already exist.");
} else {
$this->id = mysqli_insert_id($this->db);
$this->sendVerificationMail();
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment