add an access token to users table

directus · Feb 27, 2016 · 4c82967 · 4c82967
1 parent 42ffd5a
commit 4c82967
Show file tree

Hide file tree

Showing 7 changed files with 81 additions and 3 deletions.
diff --git a/api/api.php b/api/api.php
@@ -317,7 +317,8 @@
     if($response['success']) {
         unset($response['message']);
         $response['last_page'] = json_decode($user['last_page']);
-        $set = array('last_login' => new Expression('NOW()'));
+        $userSession = Auth::getUserInfo();
+        $set = array('last_login' => new Expression('NOW()'), 'access_token' => $userSession['access_token']);
         $where = array('id' => $user['id']);
         $updateResult = $Users->update($set, $where);
         $Activity = new DirectusActivityTableGateway($acl, $ZendDb);

diff --git a/api/core/Directus/Auth/Provider.php b/api/core/Directus/Auth/Provider.php
@@ -3,12 +3,15 @@
 namespace Directus\Auth;
 
 use Directus\Bootstrap;
+use Directus\Util\StringUtils;
+use Directus\Util\ArrayUtils;
 
 class Provider {
 
     const USER_RECORD_CACHE_SESSION_KEY = 'auth_provider_user_record_cache';
 
     protected static $prependedSessionKey = false;
+    protected static $authenticated;
 
     public static $userCacheRefreshProvider;
 
@@ -99,11 +102,36 @@ public static function logout() {
      * @return boolean
      */
     public static function loggedIn() {
+        if (self::$authenticated != null) {
+            return self::$authenticated;
+        }
+
         self::prependSessionKey();
         if(php_sapi_name() != 'cli' && "" === session_id()) {
             session_start();
         }
-        return isset($_SESSION[self::$SESSION_KEY]) && !empty($_SESSION[self::$SESSION_KEY]);
+        self::$authenticated = $isLoggedIn = false;
+        $ZendDb = Bootstrap::get('ZendDb');
+        $session = array();
+        if (isset($_SESSION[self::$SESSION_KEY]) && !empty($_SESSION[self::$SESSION_KEY])) {
+            $session = $_SESSION[self::$SESSION_KEY];
+        }
+
+        if (is_array($session) && ArrayUtils::contains($session, array('id', 'access_token'))) {
+            $DirectusUsersTableGateway = new \Zend\Db\TableGateway\TableGateway('directus_users', $ZendDb);
+
+            $user = $DirectusUsersTableGateway->select(array(
+                'id' => $session['id'],
+                'access_token' => $session['access_token']
+            ));
+
+            if ($user->count()) {
+                self::$authenticated = $isLoggedIn = true;
+            }
+        }
+
+
+        return $isLoggedIn;
     }
 
     /**
@@ -169,8 +197,9 @@ private static function completeLogin($uid) {
         if(self::loggedIn()) {
             throw new UserAlreadyLoggedInException("Attempting to authenticate a user when a user is already authenticated.");
         }
-        $user = array( 'id' => $uid );
+        $user = array( 'id' => $uid, 'access_token' => sha1($uid.StringUtils::random()) );
         $_SESSION[self::$SESSION_KEY] = $user;
+        self::$authenticated = true;
     }
 
     /**

diff --git a/api/core/Directus/Util/ArrayUtils.php b/api/core/Directus/Util/ArrayUtils.php
@@ -40,4 +40,21 @@ public static function pick($array, $keys)
         return $result;
     }
 
+    /**
+     * Return whether or not a set of keys exists in an array
+     * @param  array  $array
+     * @param  array  $keys
+     * @return bool
+     */
+    public static function contains($array, $keys)
+    {
+        foreach($keys as $key) {
+            if (!array_key_exists($key, $array)) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
 }
diff --git a/api/migrations/directus/20150204042725_CreateDirectusUsersTable.php b/api/migrations/directus/20150204042725_CreateDirectusUsersTable.php
@@ -87,6 +87,11 @@ public function up()
           "default"=>""
         )
       );
+      $t->column("access_token", "string", array(
+          "limit"=>255,
+          "default"=>""
+        )
+      );
       $t->column("reset_token", "string", array(
           "limit"=>255,
           "default"=>""

diff --git a/api/migrations/directus/20160226230144_AddAccessTokenColumnToUsers.php b/api/migrations/directus/20160226230144_AddAccessTokenColumnToUsers.php
@@ -0,0 +1,18 @@
+<?php
+use Ruckusing\Migration\Base as Ruckusing_Migration_Base;
+
+class AddAccessTokenColumnToUsers extends Ruckusing_Migration_Base
+{
+    public function up()
+    {
+        $this->add_column('directus_users', 'access_token', 'string', array(
+            "limit"=>255,
+            "default"=>""
+        ));
+    }//up()
+
+    public function down()
+    {
+        $this->remove_column('directus_users', 'access_token', 'string');
+    }//down()
+}
diff --git a/api/schema.sql b/api/schema.sql
@@ -371,6 +371,7 @@ CREATE TABLE `directus_users` (
   `password` varchar(255) DEFAULT '',
   `salt` varchar(255) DEFAULT '',
   `token` varchar(255) DEFAULT '',
+  `session_token` varchar(255) DEFAULT NULL,
   `reset_token` varchar(255) DEFAULT '',
   `reset_expiration` datetime DEFAULT NULL,
   `position` varchar(500) DEFAULT '',

diff --git a/tests/api/Util/ArrayUtilsTest.php b/tests/api/Util/ArrayUtilsTest.php
@@ -17,4 +17,11 @@ public function testPickItems()
         $this->assertEquals(count(ArrayUtils::pick($items, ['name', 'age'])), 2);
         $this->assertEquals(count(ArrayUtils::pick($items, ['name', 'age', 'city'])), 2);
     }
+
+    public function testContainsItems()
+    {
+        $items = ['name' => 'Jim', 'age' => 79, 'sex' => 'M', 'country' => 'N/A'];
+        $this->assertTrue(ArrayUtils::contains($items, ['name', 'age']));
+        $this->assertFalse(ArrayUtils::contains($items, ['name', 'age', 'city']));
+    }
 }