Merge pull request #220 from GRyall/refactorWriteAPIAuth

Refactor the write API authentication
GOCDB · May 12, 2020 · fb1fccb · fb1fccb
2 parents d3ab5bc + 8ed5808
commit fb1fccb
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 14 deletions.
diff --git a/htdocs/PI/write/PIWriteRequest.php b/htdocs/PI/write/PIWriteRequest.php
@@ -23,7 +23,6 @@
 
 require_once __DIR__ . '/../../../lib/Gocdb_Services/Config.php';
 require_once __DIR__ . '/../../../lib/Gocdb_Services/Validate.php';
-require_once __DIR__ . '/../../web_portal/components/Get_User_Principle.php';
 
 // Set the timezone to UTC for rendering all times/dates in PI.
 // The date-times stored in the DB are in UTC, however, we still need to
@@ -111,16 +110,17 @@ public function __construct() {
      * @param  string $requestUrl url used to access API, only the last section
      * @param  string|null $requestContents contents of the request (JSON String or null)
      * @param  Site $siteService Site Service
+     * @param array ('userIdentifier'=><Identifier of user>,'userIdentifierType'=><Type of identifier e.g. X509>)
      * @return array ('httpResponseCode'=><code>,'returnObject'=><object to return to user>)
      */
-    public function processRequest($method, $requestUrl, $requestContents, Site $siteService) {
+    public function processRequest($method, $requestUrl, $requestContents, Site $siteService, $authArray) {
         try {
             $this->processURL($method, $requestUrl);
             $this->generateExceptionMessages();
             $this->getRequestContent($requestContents);
             $this->validateEntityTypePropertyAndPropValue();
             $this->checkIfGOCDBIsReadOnlyAndRequestisNotGET();
-            $this->getAndSetAuthInfo();
+            $this->setAuthInfo($authArray);
             $this->updateEntity($siteService);
 
         } catch (\Exception $e) {
@@ -554,19 +554,30 @@ private function checkIfGOCDBIsReadOnlyAndRequestisNotGET(){
       }
     }
 
-
     /**
-     * Gets authentication information and sets the relevant class property
+     * Sets the class properties relating to authentication
+     * @param array $authArray 'userIdentifier'=>[The identifier of the user accessing the API],
+     *                         'userIdentifierType'=>[The type of identifier being used to access the API]
      */
-    private function getAndSetAuthInfo() {
+    private function setAuthInfo($authArray) {
       #Authentication
-      #$this->userIdentifier will be empty if the unser doesn't provide a credential
+      #$this->userIdentifier will be empty if the user doesn't provide a credential
       #If in the future we implement API keys, then I suggest we only look for
       #the DN if the API key isn't presented.
       #Failure to authenticate is handled elsewhere
-      if(is_null($this->userIdentifier)){
-          $this->userIdentifier = Get_User_Principle_PI();
-          $this->userIdentifierType = 'X509';
+      if (array_key_exists('userIdentifier', $authArray)) {
+        $this->userIdentifier = $authArray['userIdentifier'];
+      } else {
+        $this->exceptionWithResponseCode(500,
+          "Internal error: no identifier found. Please contact the GOCDB administrators"
+        );
+      }
+      if (array_key_exists('userIdentifierType', $authArray)) {
+        $this->userIdentifierType = $authArray['userIdentifierType'];
+      } else {
+        $this->exceptionWithResponseCode(500,
+          "Internal error: no identifier type found. Please contact the GOCDB administrators"
+        );
       }
     }
 

diff --git a/htdocs/PI/write/index.php b/htdocs/PI/write/index.php
@@ -23,7 +23,7 @@
 
 require_once __DIR__ . '/../../../lib/Gocdb_Services/Factory.php';
 require_once __DIR__ . '/PIWriteRequest.php';
-require_once __DIR__ . '/resultReturnFunctions.php';
+require_once __DIR__ . '/utils.php';
 
 #services for request
 $siteServ = \Factory::getSiteService();
@@ -47,10 +47,13 @@
 #see http://php.net/manual/en/wrappers.php.php
 $requestContents = file_get_contents('php://input');
 
+#Get authentication details
+$authArray = getAuthenticationInfo();
+
 #Run the request
 $piReq = new PIWriteRequest();
 $piReq->setServiceService($serviceServ);
-$returnArray = $piReq->processRequest($requestMethod, $baseUrl, $requestContents, $siteServ);
+$returnArray = $piReq->processRequest($requestMethod, $baseUrl, $requestContents, $siteServ, $authArray);
 
 #Return the object to the user
 returnJsonWriteAPIResult($returnArray['httpResponseCode'],$returnArray['returnObject']);
diff --git a/htdocs/PI/write/resultReturnFunctions.php → htdocs/PI/write/utils.php b/htdocs/PI/write/resultReturnFunctions.php → htdocs/PI/write/utils.php
@@ -1,9 +1,9 @@
 <?php
 /*______________________________________________________
  *======================================================
- * File: index.php
+ * File: utils.php
  * Author: George Ryall
- * Description: Entry point for the write programmatic interface
+ * Description: utils for the write programmatic interface
  *
  * License information
  *
@@ -54,3 +54,19 @@ function returnJsonWriteAPIResult ($httpResponseCode, $object) {
         echo json_encode($object);
     }
 }
+
+/**
+ * Get the authentication information for the user making an API requests
+ *
+ * @return array type of user identifier and identifier string
+ */
+function getAuthenticationInfo () {
+  require_once __DIR__ . '/../../web_portal/components/Get_User_Principle.php';
+  #Only x509 authentication is currently supported. If in the future we support
+  #API keys then I suggest we only look for a x509 DN if an API key isn't presented
+  $identifierType = 'X509';
+  #This will return null if no cert is presented
+  $identifier = Get_User_Principle_PI();
+
+  return array('userIdentifier'=>$identifier,'userIdentifierType'=>$identifierType);
+}