aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/CamilStaps/BotleaguesApi/ActivationCodeAuthenticationProvider.php2
-rw-r--r--src/CamilStaps/BotleaguesApi/Database/Bot.php2
-rw-r--r--src/CamilStaps/BotleaguesApi/Database/PasswordReminder.php4
-rw-r--r--src/CamilStaps/BotleaguesApi/Database/User.php9
-rw-r--r--src/CamilStaps/BotleaguesApi/Database/UserToken.php6
-rw-r--r--src/CamilStaps/BotleaguesApi/TokenAuthenticationProvider.php8
-rw-r--r--src/controllers/PasswordReminderController.php8
-rw-r--r--src/controllers/UserTokenController.php12
-rw-r--r--src/filters.php12
-rw-r--r--src/routes.php13
10 files changed, 44 insertions, 32 deletions
diff --git a/src/CamilStaps/BotleaguesApi/ActivationCodeAuthenticationProvider.php b/src/CamilStaps/BotleaguesApi/ActivationCodeAuthenticationProvider.php
index 3fe3ee0..b3a2d19 100644
--- a/src/CamilStaps/BotleaguesApi/ActivationCodeAuthenticationProvider.php
+++ b/src/CamilStaps/BotleaguesApi/ActivationCodeAuthenticationProvider.php
@@ -33,7 +33,7 @@ class ActivationCodeAuthenticationProvider implements Provider {
$user = User::findOrFail($request->route('user'));
$passwordReminder = PasswordReminder::findOrFail($request->route('password_reminder'));
- if (!empty($user) && !empty($passwordReminder) && $passwordReminder->userId == $user->id && $passwordReminder->isValid()) {
+ if (!empty($user) && !empty($passwordReminder) && $passwordReminder->userEmail == $user->email && $passwordReminder->isValid()) {
Auth::login($user);
return Auth::user();
}
diff --git a/src/CamilStaps/BotleaguesApi/Database/Bot.php b/src/CamilStaps/BotleaguesApi/Database/Bot.php
index f0be0fc..abdd78a 100644
--- a/src/CamilStaps/BotleaguesApi/Database/Bot.php
+++ b/src/CamilStaps/BotleaguesApi/Database/Bot.php
@@ -4,6 +4,6 @@ namespace CamilStaps\BotleaguesApi\Database;
class Bot extends Model {
protected $table = 'bots';
- protected $fillable = ['userId', 'gameId', 'title'];
+ protected $fillable = ['userEmail', 'gameId', 'title'];
} \ No newline at end of file
diff --git a/src/CamilStaps/BotleaguesApi/Database/PasswordReminder.php b/src/CamilStaps/BotleaguesApi/Database/PasswordReminder.php
index 696a0a1..18c60d0 100644
--- a/src/CamilStaps/BotleaguesApi/Database/PasswordReminder.php
+++ b/src/CamilStaps/BotleaguesApi/Database/PasswordReminder.php
@@ -14,7 +14,7 @@ class PasswordReminder extends Model {
protected $table = 'password_reminders';
protected $hidden = ['token'];
- protected $fillable = ['userId', 'token', 'valid_till'];
+ protected $fillable = ['userEmail', 'token', 'valid_till'];
protected $primaryKey = 'token';
public static function boot() {
@@ -25,7 +25,7 @@ class PasswordReminder extends Model {
$user = User::findOrFail($passwordReminder->userEmail);
Mail::send('botleagues-api::emails.auth.reminder', ['token' => $passwordReminder->token], function($message) use ($user) {
- $message->to($user->email, "User " . $user->id);
+ $message->to($user->email, "User " . $user->email);
});
});
}
diff --git a/src/CamilStaps/BotleaguesApi/Database/User.php b/src/CamilStaps/BotleaguesApi/Database/User.php
index 6b0d863..cabd126 100644
--- a/src/CamilStaps/BotleaguesApi/Database/User.php
+++ b/src/CamilStaps/BotleaguesApi/Database/User.php
@@ -23,12 +23,17 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
}
public function validToken($token) {
- return UserToken::where('userId', $this->id)->where('token', $token)->where('valid_till', '>', date("Y-m-d H:i:s"))->count() > 0;
+ $token = UserToken::where('userEmail', $this->email)->where('token', $token)->where('valid_till', '>', date("Y-m-d H:i:s"))->first();
+ if (empty($token)) {
+ return false;
+ }
+ $token->refresh();
+ return true;
}
public function findPasswordReminders($token = null) {
$base = PasswordReminder
- ::where('userId', $this->id)
+ ::where('userEmail', $this->email)
->where('used_at', null)
->where('valid_till', '>', date('Y-m-d H:i:s'));
if ($token == null) {
diff --git a/src/CamilStaps/BotleaguesApi/Database/UserToken.php b/src/CamilStaps/BotleaguesApi/Database/UserToken.php
index 92b03b8..f328f59 100644
--- a/src/CamilStaps/BotleaguesApi/Database/UserToken.php
+++ b/src/CamilStaps/BotleaguesApi/Database/UserToken.php
@@ -5,7 +5,7 @@ class UserToken extends Model {
protected $table = 'user_tokens';
protected $hidden = ['token'];
- protected $fillable = ['userId', 'token', 'valid_till'];
+ protected $fillable = ['userEmail', 'token', 'valid_till'];
protected $dates = ['created_at', 'updated_at', 'valid_till'];
/**
@@ -21,4 +21,8 @@ class UserToken extends Model {
return $this->formatDate($attr);
}
+ public function refresh() {
+ $this->save();
+ }
+
} \ No newline at end of file
diff --git a/src/CamilStaps/BotleaguesApi/TokenAuthenticationProvider.php b/src/CamilStaps/BotleaguesApi/TokenAuthenticationProvider.php
index c973174..b7369cc 100644
--- a/src/CamilStaps/BotleaguesApi/TokenAuthenticationProvider.php
+++ b/src/CamilStaps/BotleaguesApi/TokenAuthenticationProvider.php
@@ -28,12 +28,12 @@ class TokenAuthenticationProvider implements Provider {
* @return mixed
*/
public function authenticate(Request $request, Route $route) {
- if (!$request->has(['user_id', 'token'])) {
- throw new UnauthorizedHttpException(null, "Include user_id and token in your request.");
+ if (!$request->has(['email', 'token'])) {
+ throw new UnauthorizedHttpException(null, "Include email and token in your request.");
}
- $user = User::find($request->get('user_id'));
- if ($user != null && $user->validToken($request->get('token'))) {
+ $user = User::findOrFail($request->get('email'));
+ if ($user->validToken($request->get('token'))) {
Auth::login($user);
return Auth::user();
}
diff --git a/src/controllers/PasswordReminderController.php b/src/controllers/PasswordReminderController.php
index ed3592e..569973b 100644
--- a/src/controllers/PasswordReminderController.php
+++ b/src/controllers/PasswordReminderController.php
@@ -23,13 +23,13 @@ class PasswordReminderController extends BaseController {
}
/**
- * Set the userId and create a random token
- * @param $userId
+ * Set the userEmail and create a random token
+ * @param $userEmail
* @throws StoreResourceFailedException
* @return PasswordReminder
*/
- public function store($userId) {
- $user = User::findOrFail($userId);
+ public function store($userEmail) {
+ $user = User::findOrFail($userEmail);
$this->passwordReminder->userEmail = $user->email;
$this->passwordReminder->token = bin2hex(openssl_random_pseudo_bytes(24));
diff --git a/src/controllers/UserTokenController.php b/src/controllers/UserTokenController.php
index 20bd06c..fe0d37d 100644
--- a/src/controllers/UserTokenController.php
+++ b/src/controllers/UserTokenController.php
@@ -16,22 +16,22 @@ class UserTokenController extends BaseController {
/**
* Only the tokens of the authenticated user are shown
*/
- public function index() {
- return $this->userToken->where('userId', '=', Auth::user()->id)->get();
+ public function index($userEmail = null) {
+ return $this->userToken->where('userEmail', Auth::user()->email)->get();
}
/**
* Only the tokens of the authenticated user are available
*/
- public function show($id) {
- return $this->userToken->where('userId', '=', Auth::user()->id)->findOrFail($id);
+ public function show($userEmail, $id) {
+ return $this->userToken->where('userEmail', Auth::user()->email)->findOrFail($id);
}
/**
- * Set the userId and create a random token
+ * Set the userEmail and create a random token
*/
public function store() {
- $this->userToken->userId = Auth::user()->id;
+ $this->userToken->userEmail = Auth::user()->email;
$this->userToken->token = base64_encode(openssl_random_pseudo_bytes(64));
if ($this->userToken->save()) {
diff --git a/src/filters.php b/src/filters.php
index 11f0096..ae59923 100644
--- a/src/filters.php
+++ b/src/filters.php
@@ -1,16 +1,14 @@
<?php
Route::filter('administrator', function(){
- Auth::basic();
-
- if (!Auth::user()->isAdministrator) {
+ $auth = app('api.auth');
+ if (empty($auth->user()) || !$auth->user()->isAdministrator) {
throw new \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException();
}
});
-Route::filter('current_user', function(){
- Auth::basic();
-
- if (empty(Auth::user()) || Route::input('user') != Auth::user()->id) {
+Route::filter('current_user', function() {
+ $auth = app('api.auth');
+ if (empty($auth->user()) || Route::input('user') != $auth->user()->email) {
throw new \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException();
}
}); \ No newline at end of file
diff --git a/src/routes.php b/src/routes.php
index d86759d..ddfafbb 100644
--- a/src/routes.php
+++ b/src/routes.php
@@ -1,5 +1,6 @@
<?php
$api = app('api.router');
+
Route::group(['https'], function() use ($api) {
$api->version('v1', ['protected' => false], function ($api) {
@@ -28,7 +29,7 @@ Route::group(['https'], function() use ($api) {
});
$api->version('v1', ['protected' => true, 'providers' => 'basic'], function ($api) {
- $api->resource('user_token', 'CamilStaps\BotleaguesApi\Controllers\UserTokenController',
+ $api->resource('user.token', 'CamilStaps\BotleaguesApi\Controllers\UserTokenController',
['only' => ['store']]);
$api->resource('user', 'CamilStaps\BotleaguesApi\Controllers\UserController',
@@ -45,9 +46,6 @@ Route::group(['https'], function() use ($api) {
$api->resource('bot', 'CamilStaps\BotleaguesApi\Controllers\BotController',
['except' => ['index', 'show', 'create','edit']]);
- $api->resource('user_token', 'CamilStaps\BotleaguesApi\Controllers\UserTokenController',
- ['only' => ['index', 'show']]);
-
$api->group(array('before' => 'administrator'), function() use ($api) {
$api->resource('competition', 'CamilStaps\BotleaguesApi\Controllers\CompetitionController',
@@ -61,6 +59,13 @@ Route::group(['https'], function() use ($api) {
});
+ $api->group(['before' => 'current_user'], function() use ($api) {
+
+ $api->resource('user.token', 'CamilStaps\BotleaguesApi\Controllers\UserTokenController',
+ ['only' => ['index', 'show']]);
+
+ });
+
});
});