\RESTfulAPI_TokenAuthenticator
RESTfulAPI Token authenticator handles login, logout and request authentication via token
- Author: Thierry Francois @colymba thierry@colymba.com
- Copyright: Copyright (c) 2013, Thierry Francois
- License: http://opensource.org/licenses/BSD-3-Clause BSD Simplified
Synopsis
class RESTfulAPI_TokenAuthenticator
implements
RESTfulAPI_Authenticator
{
- // constants
- const AUTH_CODE_LOGGED_IN = 0;
- const AUTH_CODE_LOGIN_FAIL = 1;
- const AUTH_CODE_TOKEN_INVALID = 2;
- const AUTH_CODE_TOKEN_EXPIRED = 3;
- // members
- private static integer $tokenLife = 10800;
- private static string $tokenHeader = 'X-Silverstripe-Apitoken';
- private static string $tokenQueryVar = 'token';
- private static string $tokenOwnerClass = 'SilverStripe\Security\Member';
- private static boolean $autoRefreshLifetime = false;
- protected $tokenConfig;
- private static array $allowed_actions = ;
- // methods
- public void __construct()
- public array login()
- public void logout()
- public array lostPassword()
- public string getToken()
- public void resetToken()
- private array generateToken()
- public null|DataObject getOwner()
- public true|RESTfulAPI_Error authenticate()
- private true|RESTfulAPI_Error validateAPIToken()
Hierarchy
Implements
Constants
Name | Value |
---|---|
AUTH_CODE_LOGGED_IN | 0 |
AUTH_CODE_LOGIN_FAIL | 1 |
AUTH_CODE_TOKEN_INVALID | 2 |
AUTH_CODE_TOKEN_EXPIRED | 3 |
Members
private
- $allowed_actions
—
array
List of URL accessible actions - $autoRefreshLifetime
—
boolean
Whether or not the token should auto-update on activity. - $tokenHeader
—
string
HTTP Header name storing authentication token - $tokenLife
—
integer
Authentication token life in seconds - $tokenOwnerClass
- $tokenQueryVar
—
string
Fallback GET/POST HTTP query var storing authentication token
protected
- $tokenConfig
—
array
Stores current token authentication configurations header, var, class, db columns....
Methods
private
- generateToken() — Generates an encrypted random token and an expiry date
- validateAPIToken() — Validate the API token
public
- __construct() — Instanciation + config aquisition
- authenticate() — Checks if a request to the API is authenticated Gets API Token from HTTP Request and return Auth result
- getOwner() — Returns the DataObject related to the token that sent the authenticated request
- getToken() — Return the stored API token for a specific owner
- login() — Login a user into the Framework and generates API token Only works if the token owner is a Member
- logout() — Logout a user from framework and update token with an expired one if token owner class is a Member
- lostPassword() — Sends password recovery email
- resetToken() — Reset an owner's token if $expired is set to true the owner's will have a new invalidated/expired token