Skip to content

P
projet-cdaw
Commit c9b788aa authored by thibaut-felten's avatar thibaut-felten
Browse files
Options

Authenticated PUT + Doc

parent 9d22d3c8
Show whitespace changes
Inline Side-by-side
Showing with 125 additions and 37 deletions
backend/MVC/README.md
View file @ c9b788aa
......@@ -4,13 +4,73 @@
Open endpoints require no Authentication.
* Login : `POST /api/login/`
* Get all users infos : `GET /api.php/users/`
* Show info : `GET /api/user/{id}`
* Update info : `PUT /api/user/{id}`
* [Login](#Login) : `POST /api/login/`
* Get all users data : `GET /api.php/users/`
* Show data of a user : `GET /api.php/user/{id}`
* Create a new user : `POST /api.php/user/{id}`
* Delete a user : `DELETE /api.php/user/{id}` Should be a closed endpoint.
## Endpoints that require Authentication
Closed endpoints require a valid Token to be included in the header of the
request.
* Update data : `PUT /api.php/user/{id}`
<!-- LOGIN -->
# Login
Used to collect a Token for a registered User.
**URL** : `/api/login/`
**Method** : `POST`
**Auth required** : NO
**Data constraints**
```json
{
"username": "[valid email address]",
"password": "[password in plain text]"
}
```
**Data example**
```json
{
"username": "iloveauth@example.com",
"password": "abcd1234"
}
```
## Success Response
**Code** : `200 OK`
**Content example**
```json
{
"token": "93144b288eb1fdccbe46d6fc0f241a51766ecd3d"
}
```
## Error Response
**Condition** : If 'username' and 'password' combination is wrong.
**Code** : `400 BAD REQUEST`
**Content** :
```json
{
"non_field_errors": [
"Unable to login with provided credentials."
]
}
```
\ No newline at end of file
backend/MVC/config/config.php
View file @ c9b788aa
<?php
// Config Eden
define('DB_HOST','localhost');
define('DB_PORT',3306);
define('DB_DBNAME','thibaut_felten');
define('DB_USER','thibaut.felten');
define('DB_PASSWORD','YpIaegvG');
//Config local
// define('DB_HOST','localhost');
// define('DB_PORT',3306);
// define('DB_DBNAME','dbtest');
// define('DB_USER','root');
// define('DB_PASSWORD','root');
define( 'JWT_BACKEND_KEY', '6d8HbcZndVGNAbo4Ih1TGaKcuA1y2BKs-I5CmP' );
define( 'JWT_ISSUER', $_SERVER['HTTP_HOST'] . $_SERVER['CONTEXT_PREFIX']);
\ No newline at end of file
backend/MVC/controller/LoginController.class.php
View file @ c9b788aa
......@@ -23,8 +23,6 @@ class LoginController extends Controller {
}
$user = User::tryLogin($json->login);
// print_r($user);
// exit;
if(empty($user) || !hash_equals($json->pwd,$user->USER_PASSWORD)) {
$r = new Response(422,"wrong credentials");
$r->send();
......
backend/MVC/controller/UserController.class.php
View file @ c9b788aa
<?php
include_once __ROOT_DIR . '/libs/php-jwt/src/BeforeValidException.php';
include_once __ROOT_DIR . '/libs/php-jwt/src/ExpiredException.php';
include_once __ROOT_DIR . '/libs/php-jwt/src/SignatureInvalidException.php';
include_once __ROOT_DIR . '/libs/php-jwt/src/JWT.php';
use \Firebase\JWT\JWT;
class UserController extends Controller {
public function __construct($name, $request) {
......@@ -52,12 +58,14 @@ class UserController extends Controller {
return $response;
}
protected function updateUser($id,$data)
{
protected function updateUser($id,$data){
try {
$jwt_token = $this->request->getJwtToken();
$decodedJWT = JWT::decode($jwt_token, JWT_BACKEND_KEY, array('HS256'));
$userValues = User::getUserById($id);
$userValues=($userValues[0]);
// print_r($userValues);
// exit;
if($userValues == []){
$response = Response::errorResponse("User not found");
return $response;
......@@ -90,6 +98,17 @@ class UserController extends Controller {
$response = new Response(200,json_encode($user));
return $response;
}
} catch (Exception $e){
header('WWW-Authenticate: Bearer realm="'.JWT_ISSUER.'"');
$jsonResult = json_encode(array(
"message" => "Access denied.",
"error" => $e->getMessage()
));
return Response::unauthorizedResponse($jsonResult);
}
}
protected function createUser($data)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment