Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
P
projet-cdaw
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
1
Issues
1
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Quentin Vrel
projet-cdaw
Commits
01625f20
Commit
01625f20
authored
Nov 19, 2020
by
quentin.vrel
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
tp4 18/11/2020
parent
5ea03f1e
Changes
9
Hide whitespace changes
Inline
Side-by-side
Showing
9 changed files
with
170 additions
and
47 deletions
+170
-47
AutoLoader.class.php
BackEnd/tp4/classes/AutoLoader.class.php
+1
-1
Request.class.php
BackEnd/tp4/classes/Request.class.php
+15
-7
Response.class.php
BackEnd/tp4/classes/Response.class.php
+5
-0
config.php
BackEnd/tp4/config/config.php
+3
-0
LoginController.class.php
BackEnd/tp4/controller/LoginController.class.php
+55
-0
UserController.class.php
BackEnd/tp4/controller/UserController.class.php
+30
-30
ValidateTokenController.class.php
BackEnd/tp4/controller/ValidateTokenController.class.php
+37
-0
User.class.php
BackEnd/tp4/model/User.class.php
+23
-8
User.sql.php
BackEnd/tp4/sql/User.sql.php
+1
-1
No files found.
BackEnd/tp4/classes/AutoLoader.class.php
View file @
01625f20
...
...
@@ -12,7 +12,7 @@ class AutoLoader {
private
function
load
(
$className
)
{
$_model
=
[
"Model"
,
"Role"
,
"User"
];
$_classes
=
[
"DatabasePDO"
,
"Dispatcher"
,
"Request"
,
"Response"
];
$_controller
=
[
"Controller"
,
"DefaultController"
,
"UserController"
];
$_controller
=
[
"Controller"
,
"DefaultController"
,
"UserController"
,
"LoginController"
,
"ValidateTokenController"
];
if
(
in_array
(
$className
,
$_model
)){
require_once
"model/
$className
.class.php"
;
...
...
BackEnd/tp4/classes/Request.class.php
View file @
01625f20
...
...
@@ -69,13 +69,8 @@ class Request {
}
public
function
initData
()
{
if
(
$this
->
getHttpMethod
()
===
'PUT'
){
$this
->
data
=
""
;
$stream
=
fopen
(
"php://input"
,
"r"
);
$next_byte
=
fread
(
$stream
,
'1024'
);
$this
->
data
.=
$next_byte
;
fclose
(
$stream
);
$this
->
data
=
json_decode
(
$this
->
data
,
TRUE
);
if
(
$this
->
getHttpMethod
()
===
'PUT'
||
$this
->
getHttpMethod
()
===
'POST'
){
$this
->
data
=
json_decode
(
file_get_contents
(
"php://input"
),
true
);
}
}
...
...
@@ -89,6 +84,19 @@ class Request {
public
function
getData
()
{
return
$this
->
data
;
}
// returns JWT token in Authorization header or throw an exception
public
function
getJwtToken
()
{
$headers
=
getallheaders
();
$autorization
=
$headers
[
'Authorization'
];
$arr
=
explode
(
" "
,
$autorization
);
if
(
count
(
$arr
)
<
2
)
throw
new
Exception
(
"Missing JWT token"
);
$jwt_token
=
$arr
[
1
];
return
$jwt_token
;
}
...
...
BackEnd/tp4/classes/Response.class.php
View file @
01625f20
...
...
@@ -31,6 +31,11 @@ class Response {
{
return
new
Response
(
400
,
$message
);
}
public
static
function
unauthorizedResponse
(
$message
=
""
)
{
return
new
Response
(
401
,
$message
);
}
public
static
function
interceptEchos
()
{
ob_start
();
...
...
BackEnd/tp4/config/config.php
View file @
01625f20
...
...
@@ -8,6 +8,9 @@ define('DB_PASSWORD','');
// define('__DEBUG', false);
define
(
'__DEBUG'
,
true
);
define
(
'JWT_BACKEND_KEY'
,
'6d8HbcZndVGNAbo4Ih1TGaKcuA1y2BKs-I5CmP'
);
define
(
'JWT_ISSUER'
,
$_SERVER
[
'HTTP_HOST'
]
.
$_SERVER
[
'CONTEXT_PREFIX'
]);
// ================================================================================
// Debug utilities
...
...
BackEnd/tp4/controller/LoginController.class.php
0 → 100644
View file @
01625f20
<?php
include_once
__ROOT_DIR
.
'/libs/php-jwt/src/BeforeValidException.php'
;
include_once
__ROOT_DIR
.
'/libs/php-jwt/src/ExpiredException.php'
;
include_once
__ROOT_DIR
.
'/libs/php-jwt/src/SignatureInvalidException.php'
;
include_once
__ROOT_DIR
.
'/libs/php-jwt/src/JWT.php'
;
use
\Firebase\JWT\JWT
;
class
LoginController
extends
Controller
{
public
function
__construct
(
$name
,
$request
)
{
parent
::
__construct
(
$name
,
$request
);
}
public
function
processRequest
()
{
if
(
$this
->
request
->
getHttpMethod
()
!==
'POST'
)
return
Response
::
errorResponse
(
'{ "message" : "Unsupported endpoint" }'
);
$json
=
$this
->
request
->
getData
();
if
(
!
isset
(
$json
[
'login'
])
||
!
isset
(
$json
[
'login'
]))
{
$r
=
new
Response
(
422
,
"login and pwd fields are mandatory"
);
$r
->
send
();
}
$user
=
User
::
tryLogin
(
$json
[
'login'
]);
if
(
empty
(
$user
)
||
!
hash_equals
(
$json
[
'pwd'
],
$user
->
password
()))
{
$r
=
new
Response
(
422
,
"wrong credentials"
);
$r
->
send
();
}
// generate json web token
$issued_at
=
time
();
$expiration_time
=
$issued_at
+
(
60
*
60
);
// valid for 1 hour
$token
=
array
(
"iat"
=>
$issued_at
,
"exp"
=>
$expiration_time
,
"iss"
=>
JWT_ISSUER
,
"data"
=>
array
(
"id"
=>
$user
->
id
(),
"firstname"
=>
$user
->
firstname
(),
"lastname"
=>
$user
->
lastname
(),
"email"
=>
$user
->
email
()
)
);
$jwt
=
JWT
::
encode
(
$token
,
JWT_BACKEND_KEY
);
$jsonResult
=
json_encode
(
array
(
"jwt_token"
=>
$jwt
)
);
return
Response
::
okResponse
(
$jsonResult
);
}
}
\ No newline at end of file
BackEnd/tp4/controller/UserController.class.php
View file @
01625f20
<?php
include_once
__ROOT_DIR
.
'/libs/php-jwt/src/BeforeValidException.php'
;
include_once
__ROOT_DIR
.
'/libs/php-jwt/src/ExpiredException.php'
;
include_once
__ROOT_DIR
.
'/libs/php-jwt/src/SignatureInvalidException.php'
;
include_once
__ROOT_DIR
.
'/libs/php-jwt/src/JWT.php'
;
use
\Firebase\JWT\JWT
;
class
UserController
extends
Controller
{
public
function
__construct
(
$name
,
$request
)
{
...
...
@@ -20,8 +24,8 @@ class UserController extends Controller {
return
$this
->
getAllUsers
();
break
;
case
'PUT'
:
if
(
$this
->
request
->
getUriParams
())
return
$this
->
updateUser
(
$this
->
request
->
getUriParams
()[
0
],
$this
->
request
->
getData
());
return
$this
->
updateUser
(
$this
->
request
->
getData
());
break
;
}
return
Response
::
errorResponse
(
"unsupported parameters or method in users"
);
...
...
@@ -41,32 +45,28 @@ class UserController extends Controller {
$response
=
Response
::
okResponse
(
json_encode
(
$user
));
return
$response
;
}
protected
function
updateUser
(
$id
,
$data
){
$sets
=
[];
if
(
isset
(
$data
[
'login'
])){
$sets
[]
=
[
'USER_LOGIN'
,
$data
[
'login'
]];
}
if
(
isset
(
$data
[
'email'
])){
$sets
[]
=
[
'USER_EMAIL'
,
$data
[
'email'
]];
}
if
(
isset
(
$data
[
'role'
])){
$sets
[]
=
[
'USER_ROLE'
,
$data
[
'role'
]];
}
if
(
isset
(
$data
[
'pwd'
])){
$sets
[]
=
[
'USER_PWD'
,
$data
[
'pwd'
]];
}
if
(
isset
(
$data
[
'name'
])){
$sets
[]
=
[
'USER_NAME'
,
$data
[
'name'
]];
}
if
(
isset
(
$data
[
'surname'
])){
$sets
[]
=
[
'USER_SURNAME'
,
$data
[
'surname'
]];
}
//$sets = implode(', ', $sets);
$success
=
true
;
foreach
(
$sets
as
$set
)
{
$success
&=
User
::
update
(
$id
,
$set
);
}
$response
=
$success
?
Response
::
okResponse
(
"Updated"
)
:
Response
::
errorResponse
(
"failed"
);
return
$response
;
protected
function
updateUser
(
$array
){
try
{
$jwt_token
=
$this
->
request
->
getJwtToken
();
// echo "jwt = $jwt_token";
$decodedJWT
=
JWT
::
decode
(
$jwt_token
,
JWT_BACKEND_KEY
,
array
(
'HS256'
));
if
(
$decodedJWT
->
data
->
id
!=
$array
[
'id'
]){
throw
new
Exception
(
"You don't have access to this account."
,
1
);
}
User
::
updateUser
(
$array
);
}
catch
(
Exception
$e
){
header
(
'WWW-Authenticate: Bearer realm="'
.
JWT_ISSUER
.
'"'
);
$jsonResult
=
json_encode
(
array
(
"message"
=>
"Access denied."
,
"error"
=>
$e
->
getMessage
()
));
return
Response
::
unauthorizedResponse
(
$jsonResult
);
}
$response
=
Response
::
okResponse
(
'User succesfully updated !'
);
return
$response
;
}
}
\ No newline at end of file
BackEnd/tp4/controller/ValidateTokenController.class.php
0 → 100644
View file @
01625f20
<?php
include_once
__ROOT_DIR
.
'/libs/php-jwt/src/BeforeValidException.php'
;
include_once
__ROOT_DIR
.
'/libs/php-jwt/src/ExpiredException.php'
;
include_once
__ROOT_DIR
.
'/libs/php-jwt/src/SignatureInvalidException.php'
;
include_once
__ROOT_DIR
.
'/libs/php-jwt/src/JWT.php'
;
use
\Firebase\JWT\JWT
;
class
ValidateTokenController
extends
Controller
{
public
function
__construct
(
$name
,
$request
)
{
parent
::
__construct
(
$name
,
$request
);
}
public
function
processRequest
()
{
try
{
$jwt_token
=
$this
->
request
->
getJwtToken
();
// echo "jwt = $jwt_token";
$decodedJWT
=
JWT
::
decode
(
$jwt_token
,
JWT_BACKEND_KEY
,
array
(
'HS256'
));
$jsonResult
=
json_encode
(
array
(
"message"
=>
"Access granted."
,
"data"
=>
$decodedJWT
));
}
catch
(
Exception
$e
){
header
(
'WWW-Authenticate: Bearer realm="'
.
JWT_ISSUER
.
'"'
);
$jsonResult
=
json_encode
(
array
(
"message"
=>
"Access denied."
,
"error"
=>
$e
->
getMessage
()
));
return
Response
::
unauthorizedResponse
(
$jsonResult
);
}
$response
=
Response
::
okResponse
(
$jsonResult
);
return
$response
;
}
}
\ No newline at end of file
BackEnd/tp4/model/User.class.php
View file @
01625f20
...
...
@@ -17,15 +17,30 @@ class User extends Model {
return
$stm
->
fetchAll
();
}
public
static
function
update
(
$id
,
$set
)
{
$stm
=
parent
::
exec
(
'USER_UPDATE'
,
[
'id'
=>
$id
,
'set_field'
=>
$set
[
0
],
'set_value'
=>
$set
[
1
]]);
try
{
return
true
;
}
catch
(
\Throwable
$th
)
{
die
(
"dommage, fromage"
);
}
public
static
function
updateUser
(
$array
)
{
$stm
=
parent
::
exec
(
'USER_UPDATE'
,
$array
);
}
public
static
function
tryLogin
(
$login
){
$stm
=
parent
::
exec
(
'USER_GET_WITH_LOGIN'
,
[
'login'
=>
$login
]);
return
$stm
->
fetchAll
(
PDO
::
FETCH_CLASS
,
'User'
)[
0
];
}
public
function
password
(){
return
trim
(
$this
->
USER_PWD
);
}
public
function
id
(){
return
trim
(
$this
->
USER_ID
);
}
public
function
firstname
(){
return
trim
(
$this
->
USER_NAME
);
}
public
function
lastname
(){
return
trim
(
$this
->
USER_SURNAME
);
}
public
function
email
(){
return
trim
(
$this
->
USER_EMAIL
);
}
}
\ No newline at end of file
BackEnd/tp4/sql/User.sql.php
View file @
01625f20
...
...
@@ -16,4 +16,4 @@ User::addSqlQuery('USER_CONNECT',
'SELECT * FROM USER WHERE USER_LOGIN=:login and USER_PWD=:password'
);
User
::
addSqlQuery
(
'USER_UPDATE'
,
'UPDATE `USER` SET :set_field = :set_value WHERE `USER_ID` = :id'
);
\ No newline at end of file
'UPDATE USER SET USER_EMAIL = :email WHERE USER_ID = :id'
);
\ No newline at end of file
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment