Permalink
Browse files

Restoring original API login method cause of older API integrations.

  • Loading branch information...
EsmondTan committed Apr 3, 2016
1 parent 627496b commit 86793f9d25ab6d2c108490ce69c44eb1a1807e0d
Showing with 19 additions and 69 deletions.
  1. +19 −69 upload/application/controller/api/login.php
@@ -4,84 +4,34 @@
class ControllerApiLogin extends Controller {
public function index() {
$this->load->language('api/login');
$json = array();
$json['success'] = false;
$realm = 'API Area';
// Re-authenticate as was previously logged in
if (isset($this->session->data['api_key'])) {
unset($this->session->data['api_key']);
unset($this->request->server['PHP_AUTH_DIGEST']);
}
$this->load->model('api/api');
$this->load->model('system/activity');
if (isset($this->request->server['PHP_AUTH_DIGEST'])) {
$data = $this->http_digest_parse($this->request->server['PHP_AUTH_DIGEST']);
if ($data) {
$api_info = $this->model_api_api->getApiUserByKey($data['username']);
$json = array();
if ($api_info) {
$A1 = md5($data['username'] . ':' . $realm . ':' . $api_info['secret']);
$A2 = md5($this->request->server['REQUEST_METHOD'] . ':' . $data['uri']);
$valid_response = md5($A1 . ':' . $data['nonce'] . ':' . $data['nc'] . ':' . $data['cnonce'] . ':' . $data['qop'] . ':' . $A2);
$json['success'] = false;
if ($data['response'] == $valid_response) {
$json['success'] = true;
unset($this->session->data['api_key']);
$this->session->data['api_key'] = md5(mt_rand());
$this->session->data['username'] = $api_info['username'];
$this->load->model('api/api');
$this->load->model('system/activity');
$json['api_key'] = $this->session->data['api_key'];
if (isset($this->request->post['key']) && isset($this->request->post['secret'])) {
$api_info = $this->model_api_api->login($this->request->post['key'], $this->request->post['secret']);
$json['cookie'] = $this->session->getId();
if ($api_info) {
$json['success'] = true;
$this->model_system_activity->addActivity(sprintf($this->language->get('text_login'), $this->session->data['username']));
}
}
}
}
if ($json['success'] == false) {
$json['error'] = $this->language->get('error_login');
$this->response->addHeader('HTTP/1.1 401 Unauthorized');
$this->response->addHeader('WWW-Authenticate: Digest realm="' . $realm . '",qop="auth",nonce="' . uniqid() . '",opaque="' . md5($realm) . '"');
}
$this->response->addHeader('Content-Type: application/json');
$this->response->setOutput(json_encode($json));
}
protected function http_digest_parse($text) {
$required_parts = array(
'nonce' => 1,
'nc' => 1,
'cnonce' => 1,
'qop' => 1,
'username' => 1,
'uri' => 1,
'response' => 1
);
$data = array();
$this->session->data['api_key'] = md5(mt_rand());
$this->session->data['username'] = $api_info['username'];
$keys = implode('|', array_keys($required_parts));
$json['api_key'] = $this->session->data['api_key'];
preg_match_all('@(' . $keys . ')=(?:([\'"])([^\2]+?)\2|([^\s,]+))@', $text, $matches, PREG_SET_ORDER);
$json['cookie'] = $this->session->getId();
foreach ($matches as $match) {
$data[$match[1]] = str_replace('"', '', $match[3] ? $match[3] : $match[4]);
unset($required_parts[$match[1]]);
}
$this->model_system_activity->addActivity(sprintf($this->language->get('text_login'), $this->session->data['username']));
}
}
return $required_parts ? false : $data;
}
$this->response->addHeader('Content-Type: application/json');
$this->response->setOutput(json_encode($json));
}
}

0 comments on commit 86793f9

Please sign in to comment.