diff options
| -rw-r--r-- | src/CamilStaps/BotleaguesApi/ActivationCodeAuthenticationProvider.php | 2 | ||||
| -rw-r--r-- | src/CamilStaps/BotleaguesApi/Database/Bot.php | 2 | ||||
| -rw-r--r-- | src/CamilStaps/BotleaguesApi/Database/PasswordReminder.php | 4 | ||||
| -rw-r--r-- | src/CamilStaps/BotleaguesApi/Database/User.php | 9 | ||||
| -rw-r--r-- | src/CamilStaps/BotleaguesApi/Database/UserToken.php | 6 | ||||
| -rw-r--r-- | src/CamilStaps/BotleaguesApi/TokenAuthenticationProvider.php | 8 | ||||
| -rw-r--r-- | src/controllers/PasswordReminderController.php | 8 | ||||
| -rw-r--r-- | src/controllers/UserTokenController.php | 12 | ||||
| -rw-r--r-- | src/filters.php | 12 | ||||
| -rw-r--r-- | src/routes.php | 13 |
10 files changed, 44 insertions, 32 deletions
diff --git a/src/CamilStaps/BotleaguesApi/ActivationCodeAuthenticationProvider.php b/src/CamilStaps/BotleaguesApi/ActivationCodeAuthenticationProvider.php index 3fe3ee0..b3a2d19 100644 --- a/src/CamilStaps/BotleaguesApi/ActivationCodeAuthenticationProvider.php +++ b/src/CamilStaps/BotleaguesApi/ActivationCodeAuthenticationProvider.php @@ -33,7 +33,7 @@ class ActivationCodeAuthenticationProvider implements Provider { $user = User::findOrFail($request->route('user')); $passwordReminder = PasswordReminder::findOrFail($request->route('password_reminder')); - if (!empty($user) && !empty($passwordReminder) && $passwordReminder->userId == $user->id && $passwordReminder->isValid()) { + if (!empty($user) && !empty($passwordReminder) && $passwordReminder->userEmail == $user->email && $passwordReminder->isValid()) { Auth::login($user); return Auth::user(); } diff --git a/src/CamilStaps/BotleaguesApi/Database/Bot.php b/src/CamilStaps/BotleaguesApi/Database/Bot.php index f0be0fc..abdd78a 100644 --- a/src/CamilStaps/BotleaguesApi/Database/Bot.php +++ b/src/CamilStaps/BotleaguesApi/Database/Bot.php @@ -4,6 +4,6 @@ namespace CamilStaps\BotleaguesApi\Database; class Bot extends Model { protected $table = 'bots'; - protected $fillable = ['userId', 'gameId', 'title']; + protected $fillable = ['userEmail', 'gameId', 'title']; }
\ No newline at end of file diff --git a/src/CamilStaps/BotleaguesApi/Database/PasswordReminder.php b/src/CamilStaps/BotleaguesApi/Database/PasswordReminder.php index 696a0a1..18c60d0 100644 --- a/src/CamilStaps/BotleaguesApi/Database/PasswordReminder.php +++ b/src/CamilStaps/BotleaguesApi/Database/PasswordReminder.php @@ -14,7 +14,7 @@ class PasswordReminder extends Model { protected $table = 'password_reminders'; protected $hidden = ['token']; - protected $fillable = ['userId', 'token', 'valid_till']; + protected $fillable = ['userEmail', 'token', 'valid_till']; protected $primaryKey = 'token'; public static function boot() { @@ -25,7 +25,7 @@ class PasswordReminder extends Model { $user = User::findOrFail($passwordReminder->userEmail); Mail::send('botleagues-api::emails.auth.reminder', ['token' => $passwordReminder->token], function($message) use ($user) { - $message->to($user->email, "User " . $user->id); + $message->to($user->email, "User " . $user->email); }); }); } diff --git a/src/CamilStaps/BotleaguesApi/Database/User.php b/src/CamilStaps/BotleaguesApi/Database/User.php index 6b0d863..cabd126 100644 --- a/src/CamilStaps/BotleaguesApi/Database/User.php +++ b/src/CamilStaps/BotleaguesApi/Database/User.php @@ -23,12 +23,17 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon } public function validToken($token) { - return UserToken::where('userId', $this->id)->where('token', $token)->where('valid_till', '>', date("Y-m-d H:i:s"))->count() > 0; + $token = UserToken::where('userEmail', $this->email)->where('token', $token)->where('valid_till', '>', date("Y-m-d H:i:s"))->first(); + if (empty($token)) { + return false; + } + $token->refresh(); + return true; } public function findPasswordReminders($token = null) { $base = PasswordReminder - ::where('userId', $this->id) + ::where('userEmail', $this->email) ->where('used_at', null) ->where('valid_till', '>', date('Y-m-d H:i:s')); if ($token == null) { diff --git a/src/CamilStaps/BotleaguesApi/Database/UserToken.php b/src/CamilStaps/BotleaguesApi/Database/UserToken.php index 92b03b8..f328f59 100644 --- a/src/CamilStaps/BotleaguesApi/Database/UserToken.php +++ b/src/CamilStaps/BotleaguesApi/Database/UserToken.php @@ -5,7 +5,7 @@ class UserToken extends Model { protected $table = 'user_tokens'; protected $hidden = ['token']; - protected $fillable = ['userId', 'token', 'valid_till']; + protected $fillable = ['userEmail', 'token', 'valid_till']; protected $dates = ['created_at', 'updated_at', 'valid_till']; /** @@ -21,4 +21,8 @@ class UserToken extends Model { return $this->formatDate($attr); } + public function refresh() { + $this->save(); + } + }
\ No newline at end of file diff --git a/src/CamilStaps/BotleaguesApi/TokenAuthenticationProvider.php b/src/CamilStaps/BotleaguesApi/TokenAuthenticationProvider.php index c973174..b7369cc 100644 --- a/src/CamilStaps/BotleaguesApi/TokenAuthenticationProvider.php +++ b/src/CamilStaps/BotleaguesApi/TokenAuthenticationProvider.php @@ -28,12 +28,12 @@ class TokenAuthenticationProvider implements Provider { * @return mixed */ public function authenticate(Request $request, Route $route) { - if (!$request->has(['user_id', 'token'])) { - throw new UnauthorizedHttpException(null, "Include user_id and token in your request."); + if (!$request->has(['email', 'token'])) { + throw new UnauthorizedHttpException(null, "Include email and token in your request."); } - $user = User::find($request->get('user_id')); - if ($user != null && $user->validToken($request->get('token'))) { + $user = User::findOrFail($request->get('email')); + if ($user->validToken($request->get('token'))) { Auth::login($user); return Auth::user(); } diff --git a/src/controllers/PasswordReminderController.php b/src/controllers/PasswordReminderController.php index ed3592e..569973b 100644 --- a/src/controllers/PasswordReminderController.php +++ b/src/controllers/PasswordReminderController.php @@ -23,13 +23,13 @@ class PasswordReminderController extends BaseController { } /** - * Set the userId and create a random token - * @param $userId + * Set the userEmail and create a random token + * @param $userEmail * @throws StoreResourceFailedException * @return PasswordReminder */ - public function store($userId) { - $user = User::findOrFail($userId); + public function store($userEmail) { + $user = User::findOrFail($userEmail); $this->passwordReminder->userEmail = $user->email; $this->passwordReminder->token = bin2hex(openssl_random_pseudo_bytes(24)); diff --git a/src/controllers/UserTokenController.php b/src/controllers/UserTokenController.php index 20bd06c..fe0d37d 100644 --- a/src/controllers/UserTokenController.php +++ b/src/controllers/UserTokenController.php @@ -16,22 +16,22 @@ class UserTokenController extends BaseController { /** * Only the tokens of the authenticated user are shown */ - public function index() { - return $this->userToken->where('userId', '=', Auth::user()->id)->get(); + public function index($userEmail = null) { + return $this->userToken->where('userEmail', Auth::user()->email)->get(); } /** * Only the tokens of the authenticated user are available */ - public function show($id) { - return $this->userToken->where('userId', '=', Auth::user()->id)->findOrFail($id); + public function show($userEmail, $id) { + return $this->userToken->where('userEmail', Auth::user()->email)->findOrFail($id); } /** - * Set the userId and create a random token + * Set the userEmail and create a random token */ public function store() { - $this->userToken->userId = Auth::user()->id; + $this->userToken->userEmail = Auth::user()->email; $this->userToken->token = base64_encode(openssl_random_pseudo_bytes(64)); if ($this->userToken->save()) { diff --git a/src/filters.php b/src/filters.php index 11f0096..ae59923 100644 --- a/src/filters.php +++ b/src/filters.php @@ -1,16 +1,14 @@ <?php Route::filter('administrator', function(){ - Auth::basic(); - - if (!Auth::user()->isAdministrator) { + $auth = app('api.auth'); + if (empty($auth->user()) || !$auth->user()->isAdministrator) { throw new \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException(); } }); -Route::filter('current_user', function(){ - Auth::basic(); - - if (empty(Auth::user()) || Route::input('user') != Auth::user()->id) { +Route::filter('current_user', function() { + $auth = app('api.auth'); + if (empty($auth->user()) || Route::input('user') != $auth->user()->email) { throw new \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException(); } });
\ No newline at end of file diff --git a/src/routes.php b/src/routes.php index d86759d..ddfafbb 100644 --- a/src/routes.php +++ b/src/routes.php @@ -1,5 +1,6 @@ <?php $api = app('api.router'); + Route::group(['https'], function() use ($api) { $api->version('v1', ['protected' => false], function ($api) { @@ -28,7 +29,7 @@ Route::group(['https'], function() use ($api) { }); $api->version('v1', ['protected' => true, 'providers' => 'basic'], function ($api) { - $api->resource('user_token', 'CamilStaps\BotleaguesApi\Controllers\UserTokenController', + $api->resource('user.token', 'CamilStaps\BotleaguesApi\Controllers\UserTokenController', ['only' => ['store']]); $api->resource('user', 'CamilStaps\BotleaguesApi\Controllers\UserController', @@ -45,9 +46,6 @@ Route::group(['https'], function() use ($api) { $api->resource('bot', 'CamilStaps\BotleaguesApi\Controllers\BotController', ['except' => ['index', 'show', 'create','edit']]); - $api->resource('user_token', 'CamilStaps\BotleaguesApi\Controllers\UserTokenController', - ['only' => ['index', 'show']]); - $api->group(array('before' => 'administrator'), function() use ($api) { $api->resource('competition', 'CamilStaps\BotleaguesApi\Controllers\CompetitionController', @@ -61,6 +59,13 @@ Route::group(['https'], function() use ($api) { }); + $api->group(['before' => 'current_user'], function() use ($api) { + + $api->resource('user.token', 'CamilStaps\BotleaguesApi\Controllers\UserTokenController', + ['only' => ['index', 'show']]); + + }); + }); }); |