Source of file AuthFactory.php
Size: 2,240 Bytes - Last Modified: 2021-12-23T10:07:36+00:00
/var/www/docs.ssmods.com/process/src/code/authenticators/AuthFactory.php
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364 | <?php namespace Ntb\RestAPI; /** * Factory for different kind of rest authenticators. * @author Christian Blank <c.blank@notthatbad.net> */ class AuthFactory extends \SS_Object { /** * Returns a new instance of an authentication mechanism depending on the configured type. * @return IAuth an instance of an authentication mechanism * @throws RestSystemException */ public static function createAuth() { return \Injector::inst()->get('Authenticator'); } /** * Generates an encrypted random token. * @param \Member $user * @throws \PasswordEncryptor_NotFoundException * @return string */ public static function generate_token($user) { $generator = new \RandomGenerator(); $tokenString = $generator->randomToken(); $e = \PasswordEncryptor::create_for_algorithm('blowfish'); $salt = $e->salt($tokenString); $token = sha1($e->encrypt($tokenString, $salt)) . substr(md5($user->Created.$user->LastEdited.$user->ID), 7); return $token; } /** * Returns the token from the request. * * Silverstripe doesn't include Authorization header in its requests. We should check it, because we can use the * mechanism in the tests. * @param \SS_HTTPRequest $request * @return String the token * @throws \Exception */ public static function get_token($request) { // try to get the token from request object $tokenStrFromHeader = $request->getHeader('Authorization'); $tokenStrFromVar = $request->requestVar('access_token'); if (!empty($tokenStrFromHeader)) { // string must have format: type token return explode(' ', $tokenStrFromHeader)[1]; } else if(!empty($tokenStrFromVar)) { // try variables return $tokenStrFromVar; } else if(function_exists('getallheaders')) { // get all headers from apache server $headers = getallheaders(); if(isset($headers['Authorization'])) { return explode(' ', $headers['Authorization'])[1]; } } throw new \Exception("Token can't be read or was not specified"); } } |