diff --git a/src/api/composer.lock b/src/api/composer.lock index 3f99e3d..b09ba6f 100644 --- a/src/api/composer.lock +++ b/src/api/composer.lock @@ -174,16 +174,16 @@ }, { "name": "monolog/monolog", - "version": "1.19.0", + "version": "1.20.0", "source": { "type": "git", "url": "https://github.com/Seldaek/monolog.git", - "reference": "5f56ed5212dc509c8dc8caeba2715732abb32dbf" + "reference": "55841909e2bcde01b5318c35f2b74f8ecc86e037" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/Seldaek/monolog/zipball/5f56ed5212dc509c8dc8caeba2715732abb32dbf", - "reference": "5f56ed5212dc509c8dc8caeba2715732abb32dbf", + "url": "https://api.github.com/repos/Seldaek/monolog/zipball/55841909e2bcde01b5318c35f2b74f8ecc86e037", + "reference": "55841909e2bcde01b5318c35f2b74f8ecc86e037", "shasum": "" }, "require": { @@ -202,8 +202,8 @@ "php-console/php-console": "^3.1.3", "phpunit/phpunit": "~4.5", "phpunit/phpunit-mock-objects": "2.3.0", - "raven/raven": "^0.13", "ruflin/elastica": ">=0.90 <3.0", + "sentry/sentry": "^0.13", "swiftmailer/swiftmailer": "~5.3" }, "suggest": { @@ -215,9 +215,9 @@ "mongodb/mongodb": "Allow sending log messages to a MongoDB server via PHP Driver", "php-amqplib/php-amqplib": "Allow sending log messages to an AMQP server using php-amqplib", "php-console/php-console": "Allow sending log messages to Google Chrome", - "raven/raven": "Allow sending log messages to a Sentry server", "rollbar/rollbar": "Allow sending log messages to Rollbar", - "ruflin/elastica": "Allow sending log messages to an Elastic Search server" + "ruflin/elastica": "Allow sending log messages to an Elastic Search server", + "sentry/sentry": "Allow sending log messages to a Sentry server" }, "type": "library", "extra": { @@ -248,7 +248,7 @@ "logging", "psr-3" ], - "time": "2016-04-12 18:29:35" + "time": "2016-07-02 14:02:10" }, { "name": "myclabs/php-enum", @@ -1553,16 +1553,16 @@ }, { "name": "symfony/yaml", - "version": "v3.1.1", + "version": "v3.1.2", "source": { "type": "git", "url": "https://github.com/symfony/yaml.git", - "reference": "c5a7e7fc273c758b92b85dcb9c46149ccda89623" + "reference": "2884c26ce4c1d61aebf423a8b912950fe7c764de" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/yaml/zipball/c5a7e7fc273c758b92b85dcb9c46149ccda89623", - "reference": "c5a7e7fc273c758b92b85dcb9c46149ccda89623", + "url": "https://api.github.com/repos/symfony/yaml/zipball/2884c26ce4c1d61aebf423a8b912950fe7c764de", + "reference": "2884c26ce4c1d61aebf423a8b912950fe7c764de", "shasum": "" }, "require": { @@ -1598,7 +1598,7 @@ ], "description": "Symfony Yaml Component", "homepage": "https://symfony.com", - "time": "2016-06-14 11:18:07" + "time": "2016-06-29 05:41:56" }, { "name": "webmozart/assert", diff --git a/src/api/controllers/Auth.php b/src/api/controllers/Auth.php index 5695ad4..c40be6f 100644 --- a/src/api/controllers/Auth.php +++ b/src/api/controllers/Auth.php @@ -162,6 +162,29 @@ class Auth extends BaseController { return $this->jsonResponse($response); } + public function authenticate($request, $response, $args) { + if (!$request->hasHeader('Authorization')) { + $this->apiJson->addData(false); + + return $this->jsonResponse($response, 400); + } + + $jwt = $request->getHeader('Authorization')[0]; + $payload = self::getJwtPayload($jwt); + + if ($payload === null) { + $this->apiJson->addAlert('error', 'Invalid access token.'); + $this->apiJson->addData(false); + + return $this->jsonResponse($response, 401); + } + + $this->apiJson->setSuccess(); + $this->apiJson->addData(true); + + return $this->jsonResponse($response); + } + private static function getJwtPayload($jwt) { try { $payload = JWT::decode($jwt, self::getJwtKey(), ['HS256']); diff --git a/src/api/index.php b/src/api/index.php index 8a603b8..0fc6221 100644 --- a/src/api/index.php +++ b/src/api/index.php @@ -51,6 +51,7 @@ $app->delete('/users/{id}', 'Users:removeUser'); // Admin $app->post ('/login', 'Auth:login'); // Unsecured $app->post ('/logout', 'Auth:logout'); // Unsecured +$app->post ('/authenticate', 'Auth:authenticate'); // Unsecured $app->run(); R::close(); diff --git a/test/api/controllers/AuthTest.php b/test/api/controllers/AuthTest.php index a874371..7054613 100644 --- a/test/api/controllers/AuthTest.php +++ b/test/api/controllers/AuthTest.php @@ -121,5 +121,48 @@ class AuthTest extends PHPUnit_Framework_TestCase { $actual = $this->auth->logout($request, new ResponseMock(), null); $this->assertTrue($actual->status === 'failure'); } + + /** + * @group single + */ + public function testAuthenticate() { + $data = new stdClass(); + $data->username = 'admin'; + $data->password = 'admin'; + + $request = new RequestMock(); + $request->payload = $data; + + Auth::CreateInitialAdmin(new ContainerMock()); + Auth::CreateJwtKey(); + + $actual = $this->auth->login($request, new ResponseMock(), null); + $this->assertTrue($actual->status === 'success'); + + $jwt = $actual->data[0]; + + $this->auth = new Auth(new ContainerMock()); + $request = new RequestMock(); + $request->header = [$jwt]; + + $actual = $this->auth->authenticate($request, new ResponseMock(), null); + $this->assertEquals('success', $actual->status); + $this->assertEquals(true, $actual->data[0]); + + $this->auth = new Auth(new ContainerMock()); + $request->hasHeader = false; + + $actual = $this->auth->authenticate($request, new ResponseMock(), null); + $this->assertEquals('failure', $actual->status); + $this->assertEquals(false, $actual->data[0]); + + $this->auth = new Auth(new ContainerMock()); + $request = new RequestMock(); + $request->header = ['not a valid JWT']; + + $actual = $this->auth->authenticate($request, new ResponseMock(), null); + $this->assertEquals('failure', $actual->status); + $this->assertEquals(false, $actual->data[0]); + } }