diff --git a/homepage/participo/apiKeyTest.php b/homepage/participo/apiKeyTest.php index fd6ba82..4edfac2 100644 --- a/homepage/participo/apiKeyTest.php +++ b/homepage/participo/apiKeyTest.php @@ -17,10 +17,11 @@ dbConnector::connect( $userId = 1; $apiKey = ApiKey::create(); -$rightString = 'event:' . PHP_EOL . ' id: 1'; -$rightArray = Spyc::YAMLLoadString($rightString); +// $rightString = 'event:' . PHP_EOL . ' id: 1'; +// $rightArray = Spyc::YAMLLoadString($rightString); +$right = 'login'; $date = new DateTime(); -$newKey = new ApiKey(null, $userId, $apiKey, $rightString, $date->format('Y-m-d')); +$newKey = new ApiKey(null, $userId, $apiKey, $right, $date->format('Y-m-d')); $newKey->addToDb(); $loadedKey = ApiKey::loadFromDb($apiKey); @@ -29,7 +30,7 @@ $loadedKey = ApiKey::loadFromDb($apiKey); \ No newline at end of file diff --git a/homepage/participo/lib/participoLib/apiKey.php b/homepage/participo/lib/participoLib/apiKey.php index 0acf4d8..77bfba1 100644 --- a/homepage/participo/lib/participoLib/apiKey.php +++ b/homepage/participo/lib/participoLib/apiKey.php @@ -1,44 +1,82 @@ 0 + */ private $id = null; + /** Id of the user + * + * @var int > 0 + */ private $userId = null; + /** base62 coded key + * + * @var string + */ private $key = null; + /** what you can do with this key + * + * @var array(string) + */ private $rights = null; + /** until when the key is valid + * + * @var DateTime + */ private $endDate = null; + /** Constructor + * + * sets all the members: + * - converts the params to the internal type + * - provides input sanitation + * + * @param mixed $id unique identifier of the apiKey + * @param mixed $userId $id of the user the apiKey belongs to + * @param mixed $key key identifier/representation + * @param mixed $rights set of rights describing what the key is valid for + * @param mixed $endDate the last day the key will be valid + */ public function __construct($id, $userId, $key, $rights, $endDate) { - //! @todo input validation and sanitation - $this->id = filter_var($id, FILTER_VALIDATE_INT, ['options' => ['default' => null, 'min_range' => 1]]); - $this->userId = filter_var($userId, FILTER_VALIDATE_INT, ['options' => ['default' => null, 'min_range' => 1]]); + $this->id = filterId($id); + $this->userId = filterId($userId); $this->key = self::isWellFormatted($key) ? $key : null; $this->rights = explode(',', $rights); $this->endDate = DateTime::createFromFormat('Y-m-d', $endDate); + // @todo It would be safer to set an endDate in the past as "default" value if ($this->endDate == false) { $this->endDate = null; } } + /** Getter for the userId + * + * @return int >0 representing the id of the user the apiKey is for + */ public function getUserId() { return $this->userId; } + /** Getter for the apiKey + * + * @return string base62 coded string representing the apiKey + */ public function getKey(){ return $this->key; } - /** - * testing if the apiKey is valid for a certain action + /** Checking if the apiKey is valid for a certain action * * @param string $action the action to test the apiKey against * @return boolean true if apiKey is valid for the action, false otherwise @@ -54,8 +92,7 @@ class ApiKey ); } - /** - * request a specific apiKey from the db + /** request a specific apiKey from the db * * @param string $key the key to request * @return ApiKey found in the db, null otherwise @@ -77,6 +114,10 @@ class ApiKey return ApiKey::fromDbArray($response[0]); } + /** Add a key to the DB + * + * @return void + */ public function addToDb() { $query = 'INSERT INTO `cwsvjudo`.`participo_apiKeys` (userId, apiKey, rights, endDate) VALUES (:userId, :apiKey, :rights, :endDate);'; @@ -88,6 +129,7 @@ class ApiKey ]; $response = dbConnector::query($query, $params); // @todo use the response in an error handling/messaging + // @todo differentiate between inserting and updating if the id is set it should only be updated (e.g. prolonging) } /** create an Api key from the return of an sql select * */ @@ -102,10 +144,15 @@ class ApiKey ); } + /** + * List of symbols that can be used for the encoding + * + * @var string + */ private static $BASE = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; - /** - * quick and dirty implementation of a convert_to_base62 + /** quick and dirty implementation of a convert_to_base62 + * * stolen from https://stackoverflow.com/a/4964352 * * @param [int] $num @@ -114,6 +161,7 @@ class ApiKey */ private static function toBase($num, $b = 62) :string { + $b = filter_var($id, FILTER_VALIDATE_INT, ['options' => ['default' => strlen(self::$BASE), 'min_range' => 1]]); // @todo What is with negative numbers? How are they supposed to be converted? $r = $num % $b ; $res = ApiKey::$BASE[$r]; @@ -126,8 +174,7 @@ class ApiKey return $res; } - /** - * simple check if a string a well formatted apiKey + /** simple check if a string is a well formatted apiKey * * Basically checks, if it consists only of 0-9, a-z or A-Z * @@ -139,8 +186,7 @@ class ApiKey return (bool) preg_match('/^[0-9a-zA-Z]+$/', $string); } - /** - * provides a random api key value + /** provides a random api key value * * @return string a random api key value */ @@ -150,6 +196,7 @@ class ApiKey return ApiKey::toBase(random_int(0, PHP_INT_MAX)); } + /** more of a backup */ private static function createTable() { dbConnector::query("CREATE TABLE `cwsvjudo`.`participo_apiKeys` (`id` INT NOT NULL AUTO_INCREMENT COMMENT 'unique identifier' , `userId` INT NOT NULL COMMENT 'id of the user the key belongs to' , `apiKey` VARCHAR(16) NOT NULL COMMENT 'the apiKey itself' , `rights` INT NOT NULL COMMENT 'a comma separated list of rights for the key' , `endDate` DATE NOT NULL COMMENT 'endDate for the apiKey' , PRIMARY KEY (`id`), UNIQUE (`key`)); "); diff --git a/homepage/participo/lib/participoLib/participo.php b/homepage/participo/lib/participoLib/participo.php index 4960c84..7a25818 100644 --- a/homepage/participo/lib/participoLib/participo.php +++ b/homepage/participo/lib/participoLib/participo.php @@ -95,6 +95,7 @@ class participo 'userConfig' => $user->getConfig(), ] ]; + logLoginsToJsonFile($user->getLoginName()); // we're not logged in, but authorized for the stuff we want to do. So don't redirect return; };