Page MenuHomePhabricator

D671.id.diff
No OneTemporary

D671.id.diff

diff --git a/bin/classes/BaseController.php b/bin/classes/BaseController.php
--- a/bin/classes/BaseController.php
+++ b/bin/classes/BaseController.php
@@ -1,7 +1,6 @@
<?php
use magic3w\phpauth\sdk\SSO;
-use auth\Token;
use chad\Chad;
use permission\Permission;
use ping\Ping;
@@ -9,6 +8,7 @@
use spitfire\core\Environment;
use spitfire\io\session\Session;
use figure\sdk\Client as Figure;
+use magic3w\phpauth\sdk\Token;
class BaseController extends Controller
{
@@ -16,7 +16,10 @@
/** @var Session */
protected $session;
- /** @var SSO */
+ /**
+ *
+ * @var SSO
+ */
public $sso;
/**
@@ -52,9 +55,24 @@
#$this->chad = new Chad(Environment::get('chad'), $this->sso);
#$this->permission = new Permission(Environment::get('permission'), $this->sso);
+ #TODO: Read the expiration from a JWT from the Authorization header
+ #TODO: This code should be moved towards an authentication provider that generates tokens
$s = $this->session = Session::getInstance();
- $t = isset($_GET['token'])? $this->sso->makeToken($_GET['token']) : $s->getUser(spitfire());
+ if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
+ list($type, $token) = explode(' ', $_SERVER['HTTP_AUTHORIZATION'], 2);
+ /**
+ * NOTE: This code is dangerous without the later verification using getTokenInfo.
+ * This is a temprary measure for the time being while we implement JWT support
+ * properly.
+ */
+ $t = new Token($this->sso, $token, time() + 240);
+ }
+ else {
+ $t = $s->getUser(spitfire());
+ }
+
+ #TODO: This should be removed when the JWT are in place since they provide proper expiration times.
#Create a cache to reduce the load on PHPAuth
$c = new MemcachedAdapter();
$c->setTimeout(120);
@@ -64,10 +82,13 @@
return $t->isAuthenticated()? $t->getTokenInfo()->user : null;
}) : null;
- if (isset($_GET['signature']) && is_string($_GET['signature'])) {
-
- $this->authapp = $this->sso->authApp($_GET['signature'])->getSrc();
- }
+ /**
+ * From here on out, we will have a client for every token that we generate.
+ *
+ * This client might be the application itself (when just logging in a user)
+ * or it might be a remote application requesting to act on the user's behalf.
+ */
+ $this->authapp = $t? $t->client() : null;
$this->view->set('authUser', $this->user);
$this->view->set('authSSO', $this->sso);

File Metadata

Mime Type
text/plain
Expires
Tue, Apr 13, 6:43 AM (4 w, 8 h ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
7070
Default Alt Text
D671.id.diff (2 KB)

Event Timeline