From 1a333128ae34860a1c10d1fdae7353e9f17589ee Mon Sep 17 00:00:00 2001 From: kenjis Date: Sun, 15 Nov 2015 18:27:19 +0900 Subject: [PATCH] Update codeigniter-restserver and tests codeigniter-restserver 2015/11/15 master abce915786a7667b9150105df27039b7e4209110 --- application/config/rest.php | 37 ++- application/config/routes.php | 14 +- application/controllers/Rest_server.php | 1 + application/controllers/Welcome.php | 0 application/controllers/api/Example.php | 4 +- application/controllers/api/Key.php | 22 +- application/controllers/api/index.html | 0 .../language/english/rest_controller_lang.php | 17 ++ application/libraries/Format.php | 22 +- application/libraries/REST_Controller.php | 237 +++++++++++------- .../tests/controllers/api/Example_test.php | 2 +- .../tests/controllers/api/Key_test.php | 2 +- application/views/rest_server.php | 125 ++++++--- application/views/welcome_message.php | 13 +- 14 files changed, 334 insertions(+), 162 deletions(-) mode change 100644 => 100755 application/config/rest.php mode change 100644 => 100755 application/config/routes.php mode change 100644 => 100755 application/controllers/Rest_server.php mode change 100644 => 100755 application/controllers/Welcome.php mode change 100644 => 100755 application/controllers/api/Example.php mode change 100644 => 100755 application/controllers/api/Key.php mode change 100644 => 100755 application/controllers/api/index.html create mode 100755 application/language/english/rest_controller_lang.php mode change 100644 => 100755 application/libraries/Format.php mode change 100644 => 100755 application/libraries/REST_Controller.php mode change 100644 => 100755 application/views/rest_server.php mode change 100644 => 100755 application/views/welcome_message.php diff --git a/application/config/rest.php b/application/config/rest.php old mode 100644 new mode 100755 index 2e914fe..15af4ed --- a/application/config/rest.php +++ b/application/config/rest.php @@ -14,7 +14,7 @@ /* |-------------------------------------------------------------------------- -| REST Format +| REST Output Format |-------------------------------------------------------------------------- | | The default format of the response @@ -31,6 +31,29 @@ */ $config['rest_default_format'] = 'json'; +/* +|-------------------------------------------------------------------------- +| REST Supported Output Formats +|-------------------------------------------------------------------------- +| +| The following setting contains a list of the supported/allowed formats. +| You may remove those formats that you don't want to use. +| If the default format $config['rest_default_format'] is missing within +| $config['rest_supported_formats'], it will be added silently during +| REST_Controller initialization. +| +*/ +$config['rest_supported_formats'] = [ + 'json', + 'array', + 'csv', + 'html', + 'jsonp', + 'php', + 'serialized', + 'xml', +]; + /* |-------------------------------------------------------------------------- | REST Status Field Name @@ -352,7 +375,7 @@ | `time` INT(11) NOT NULL, | `rtime` FLOAT DEFAULT NULL, | `authorized` VARCHAR(1) NOT NULL, -| `response_code` SMALLINT(3) NOT NULL, +| `response_code` smallint(3) DEFAULT '0', | PRIMARY KEY (`id`) | ) ENGINE=InnoDB DEFAULT CHARSET=utf8; | @@ -477,3 +500,13 @@ | */ $config['rest_ajax_only'] = FALSE; + +/* +|-------------------------------------------------------------------------- +| REST Language File +|-------------------------------------------------------------------------- +| +| Language file to load from the language directory +| +*/ +$config['rest_language'] = 'english'; diff --git a/application/config/routes.php b/application/config/routes.php old mode 100644 new mode 100755 index 750e6f1..1a6bc67 --- a/application/config/routes.php +++ b/application/config/routes.php @@ -11,7 +11,7 @@ | and its corresponding controller class/method. The segments in a | URL normally follow this pattern: | -| example.com/class/method/id/ +| example.com/class/method/id/ | | In some instances, however, you may want to remap this relationship | so that a different class/function is called than the one @@ -19,7 +19,7 @@ | | Please see the user guide for complete details: | -| http://codeigniter.com/user_guide/general/routing.html +| http://codeigniter.com/user_guide/general/routing.html | | ------------------------------------------------------------------------- | RESERVED ROUTES @@ -27,18 +27,18 @@ | | There are three reserved routes: | -| $route['default_controller'] = 'welcome'; +| $route['default_controller'] = 'welcome'; | | This route indicates which controller class should be loaded if the | URI contains no data. In the above example, the "welcome" class | would be loaded. | -| $route['404_override'] = 'errors/page_missing'; +| $route['404_override'] = 'errors/page_missing'; | | This route will tell the Router which controller/method to use if those | provided in the URL cannot be matched to a valid route. | -| $route['translate_uri_dashes'] = FALSE; +| $route['translate_uri_dashes'] = FALSE; | | This is not exactly a route, but allows you to automatically route | controller and method names that contain dashes. '-' isn't a valid @@ -46,8 +46,8 @@ | When you set this option to TRUE, it will replace ALL dashes in the | controller and method URI segments. | -| Examples: my-controller/index -> my_controller/index -| my-controller/my-method -> my_controller/my_method +| Examples: my-controller/index -> my_controller/index +| my-controller/my-method -> my_controller/my_method */ $route['default_controller'] = 'welcome'; $route['404_override'] = 'errors/page_missing'; diff --git a/application/controllers/Rest_server.php b/application/controllers/Rest_server.php old mode 100644 new mode 100755 index 7ceef85..5d44f92 --- a/application/controllers/Rest_server.php +++ b/application/controllers/Rest_server.php @@ -1,4 +1,5 @@ response([ 'status' => FALSE, - 'error' => 'No users were found' + 'message' => 'No users were found' ], REST_Controller::HTTP_NOT_FOUND); // NOT_FOUND (404) being the HTTP response code } } @@ -96,7 +96,7 @@ public function users_get() { $this->set_response([ 'status' => FALSE, - 'error' => 'User could not be found' + 'message' => 'User could not be found' ], REST_Controller::HTTP_NOT_FOUND); // NOT_FOUND (404) being the HTTP response code } } diff --git a/application/controllers/api/Key.php b/application/controllers/api/Key.php old mode 100644 new mode 100755 index 3974bab..67a1955 --- a/application/controllers/api/Key.php +++ b/application/controllers/api/Key.php @@ -52,7 +52,7 @@ public function index_put() { $this->response([ 'status' => FALSE, - 'error' => 'Could not save the key' + 'message' => 'Could not save the key' ], REST_Controller::HTTP_INTERNAL_SERVER_ERROR); // INTERNAL_SERVER_ERROR (500) being the HTTP response code } } @@ -73,7 +73,7 @@ public function index_delete() // It doesn't appear the key exists $this->response([ 'status' => FALSE, - 'error' => 'Invalid API key' + 'message' => 'Invalid API key' ], REST_Controller::HTTP_BAD_REQUEST); // BAD_REQUEST (400) being the HTTP response code } @@ -83,7 +83,7 @@ public function index_delete() // Respond that the key was destroyed $this->response([ 'status' => TRUE, - 'success' => 'API key was deleted' + 'message' => 'API key was deleted' ], REST_Controller::HTTP_NO_CONTENT); // NO_CONTENT (204) being the HTTP response code } @@ -104,7 +104,7 @@ public function level_post() // It doesn't appear the key exists $this->response([ 'status' => FALSE, - 'error' => 'Invalid API key' + 'message' => 'Invalid API key' ], REST_Controller::HTTP_BAD_REQUEST); // BAD_REQUEST (400) being the HTTP response code } @@ -113,14 +113,14 @@ public function level_post() { $this->response([ 'status' => TRUE, - 'success' => 'API key was updated' + 'message' => 'API key was updated' ], REST_Controller::HTTP_OK); // OK (200) being the HTTP response code } else { $this->response([ 'status' => FALSE, - 'error' => 'Could not update the key level' + 'message' => 'Could not update the key level' ], REST_Controller::HTTP_INTERNAL_SERVER_ERROR); // INTERNAL_SERVER_ERROR (500) being the HTTP response code } } @@ -141,7 +141,7 @@ public function suspend_post() // It doesn't appear the key exists $this->response([ 'status' => FALSE, - 'error' => 'Invalid API key' + 'message' => 'Invalid API key' ], REST_Controller::HTTP_BAD_REQUEST); // BAD_REQUEST (400) being the HTTP response code } @@ -150,14 +150,14 @@ public function suspend_post() { $this->response([ 'status' => TRUE, - 'success' => 'Key was suspended' + 'message' => 'Key was suspended' ], REST_Controller::HTTP_OK); // OK (200) being the HTTP response code } else { $this->response([ 'status' => FALSE, - 'error' => 'Could not suspend the user' + 'message' => 'Could not suspend the user' ], REST_Controller::HTTP_INTERNAL_SERVER_ERROR); // INTERNAL_SERVER_ERROR (500) being the HTTP response code } } @@ -179,7 +179,7 @@ public function regenerate_post() // It doesn't appear the key exists $this->response([ 'status' => FALSE, - 'error' => 'Invalid API key' + 'message' => 'Invalid API key' ], REST_Controller::HTTP_BAD_REQUEST); // BAD_REQUEST (400) being the HTTP response code } @@ -201,7 +201,7 @@ public function regenerate_post() { $this->response([ 'status' => FALSE, - 'error' => 'Could not save the key' + 'message' => 'Could not save the key' ], REST_Controller::HTTP_INTERNAL_SERVER_ERROR); // INTERNAL_SERVER_ERROR (500) being the HTTP response code } } diff --git a/application/controllers/api/index.html b/application/controllers/api/index.html old mode 100644 new mode 100755 diff --git a/application/language/english/rest_controller_lang.php b/application/language/english/rest_controller_lang.php new file mode 100755 index 0000000..1c665bd --- /dev/null +++ b/application/language/english/rest_controller_lang.php @@ -0,0 +1,17 @@ +_ci = &get_instance(); + $this->_CI = &get_instance(); // Load the inflector helper - $this->_ci->load->helper('inflector'); + $this->_CI->load->helper('inflector'); // If the provided data is already formatted we should probably convert it to an array if ($from_type !== NULL) @@ -283,20 +283,20 @@ public function to_html($data = NULL) } // Load the table library - $this->_ci->load->library('table'); + $this->_CI->load->library('table'); - $this->_ci->table->set_heading($headings); + $this->_CI->table->set_heading($headings); foreach ($data as $row) { - // Suppressing the "array to string conversion" notice. - // Keep the "evil" @ here. - $row = @ array_map('strval', $row); + // Suppressing the "array to string conversion" notice + // Keep the "evil" @ here + $row = @array_map('strval', $row); - $this->_ci->table->add_row($row); + $this->_CI->table->add_row($row); } - return $this->_ci->table->generate(); + return $this->_CI->table->generate(); } /** @@ -405,7 +405,7 @@ public function to_json($data = NULL) } // Get the callback parameter (if set) - $callback = $this->_ci->input->get('callback'); + $callback = $this->_CI->input->get('callback'); if (empty($callback) === TRUE) { diff --git a/application/libraries/REST_Controller.php b/application/libraries/REST_Controller.php old mode 100644 new mode 100755 index b9beb26..9e2e819 --- a/application/libraries/REST_Controller.php +++ b/application/libraries/REST_Controller.php @@ -150,8 +150,8 @@ abstract class REST_Controller extends CI_Controller { const HTTP_NETWORK_AUTHENTICATION_REQUIRED = 511; /** - * This defines the rest format. - * Must be overridden it in a controller so that it is set. + * This defines the rest format + * Must be overridden it in a controller so that it is set * * @var string|NULL */ @@ -212,13 +212,6 @@ abstract class REST_Controller extends CI_Controller { */ protected $_post_args = []; - /** - * The insert_id of the log entry (if we have one) - * - * @var string - */ - protected $_insert_id = ''; - /** * The arguments for the PUT request method * @@ -269,7 +262,14 @@ abstract class REST_Controller extends CI_Controller { protected $_args = []; /** - * If the request is allowed based on the API key provided. + * The insert_id of the log entry (if we have one) + * + * @var string + */ + protected $_insert_id = ''; + + /** + * If the request is allowed based on the API key provided * * @var bool */ @@ -323,7 +323,7 @@ abstract class REST_Controller extends CI_Controller { * Enable XSS flag * Determines whether the XSS filter is always active when * GET, OPTIONS, HEAD, POST, PUT, DELETE and PATCH data is encountered. - * Set automatically based on config setting. + * Set automatically based on config setting * * @var bool */ @@ -381,13 +381,13 @@ public function __construct($config = 'rest') if (is_php('5.4') === FALSE) { // CodeIgniter 3 is recommended for v5.4 or above - exit('Using PHP v' . PHP_VERSION . ', though PHP v5.4 or greater is required'); + throw new Exception('Using PHP v' . PHP_VERSION . ', though PHP v5.4 or greater is required'); } // Check to see if this is CI 3.x if (explode('.', CI_VERSION, 2)[0] < 3) { - exit('REST Server requires CodeIgniter 3.x'); + throw new Exception('REST Server requires CodeIgniter 3.x'); } // Set the default value of global xss filtering. Same approach as CodeIgniter 3 @@ -406,6 +406,40 @@ public function __construct($config = 'rest') // At present the library is bundled with REST_Controller 2.5+, but will eventually be part of CodeIgniter (no citation) $this->load->library('format'); + // Determine supported output formats from configiguration. + $supported_formats = $this->config->item('rest_supported_formats'); + + // Validate the configuration setting output formats + if (empty($supported_formats)) + { + $supported_formats = []; + } + + if (!is_array($supported_formats)) + { + $supported_formats = [$supported_formats]; + } + + // Add silently the default output format if it is missing. + $default_format = $this->_get_default_output_format(); + if (!in_array($default_format, $supported_formats)) + { + $supported_formats[] = $default_format; + } + + // Now update $this->_supported_formats + $this->_supported_formats = array_intersect_key($this->_supported_formats, array_flip($supported_formats)); + + // Get the language + $language = $this->config->item('rest_language'); + if ($language === NULL) + { + $language = 'english'; + } + + // Load the language file + $this->lang->load('rest_controller', $language); + // Initialise the response, request and rest objects $this->request = new stdClass(); $this->response = new stdClass(); @@ -501,7 +535,7 @@ public function __construct($config = 'rest') // Display an error response $this->response([ $this->config->item('rest_status_field_name') => FALSE, - $this->config->item('rest_message_field_name') => 'Only AJAX requests are acceptable' + $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_ajax_only') ], self::HTTP_NOT_ACCEPTABLE); } @@ -550,11 +584,11 @@ public function __destruct() /** * Requests are not made to methods directly, the request will be for * an "object". This simply maps the object and method to the correct - * Controller method. + * Controller method * * @access public * @param string $object_called - * @param array $arguments The arguments passed to the controller method. + * @param array $arguments The arguments passed to the controller method */ public function _remap($object_called, $arguments) { @@ -563,7 +597,7 @@ public function _remap($object_called, $arguments) { $this->response([ $this->config->item('rest_status_field_name') => FALSE, - $this->config->item('rest_message_field_name') => 'Unsupported protocol' + $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_unsupported') ], self::HTTP_FORBIDDEN); } @@ -578,7 +612,7 @@ public function _remap($object_called, $arguments) // Use keys for this method? $use_key = !(isset($this->methods[$controller_method]['key']) && $this->methods[$controller_method]['key'] === FALSE); - // They provided a key, but it wasn't valid, so get them out of here. + // They provided a key, but it wasn't valid, so get them out of here if ($this->config->item('rest_enable_keys') && $use_key && $this->_allow === FALSE) { if ($this->config->item('rest_enable_logging') && $log_method) @@ -588,11 +622,11 @@ public function _remap($object_called, $arguments) $this->response([ $this->config->item('rest_status_field_name') => FALSE, - $this->config->item('rest_message_field_name') => 'Invalid API Key ' . $this->rest->key + $this->config->item('rest_message_field_name') => sprintf($this->lang->line('text_rest_invalid_api_key'), $this->rest->key) ], self::HTTP_FORBIDDEN); } - // Check to see if this key has access to the requested controller. + // Check to see if this key has access to the requested controller if ($this->config->item('rest_enable_keys') && $use_key && empty($this->rest->key) === FALSE && $this->_check_access() === FALSE) { if ($this->config->item('rest_enable_logging') && $log_method) @@ -602,7 +636,7 @@ public function _remap($object_called, $arguments) $this->response([ $this->config->item('rest_status_field_name') => FALSE, - $this->config->item('rest_message_field_name') => 'This API key does not have access to the requested controller.' + $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_api_key_unauthorized') ], self::HTTP_UNAUTHORIZED); } @@ -611,7 +645,7 @@ public function _remap($object_called, $arguments) { $this->response([ $this->config->item('rest_status_field_name') => FALSE, - $this->config->item('rest_message_field_name') => 'Unknown method.' + $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_unknown_method') ], self::HTTP_NOT_FOUND); } @@ -621,7 +655,7 @@ public function _remap($object_called, $arguments) // Check the limit if ($this->config->item('rest_enable_limits') && $this->_check_limit($controller_method) === FALSE) { - $response = [$this->config->item('rest_status_field_name') => FALSE, $this->config->item('rest_message_field_name') => 'This API key has reached the time limit for this method.']; + $response = [$this->config->item('rest_status_field_name') => FALSE, $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_api_key_time_limit')]; $this->response($response, self::HTTP_UNAUTHORIZED); } @@ -638,7 +672,7 @@ public function _remap($object_called, $arguments) } // They don't have good enough perms - $response = [$this->config->item('rest_status_field_name') => FALSE, $this->config->item('rest_message_field_name') => 'This API key does not have enough permissions.']; + $response = [$this->config->item('rest_status_field_name') => FALSE, $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_api_key_permissions')]; $authorized || $this->response($response, self::HTTP_UNAUTHORIZED); } @@ -708,7 +742,7 @@ public function response($data = NULL, $http_code = NULL, $continue = FALSE) $this->output->set_content_type($this->_supported_formats[$this->response->format], strtolower($this->config->item('charset'))); $output = $this->format->factory($data)->{'to_' . $this->response->format}(); - // An array must be parsed as a string, so as not to cause an array to string error. + // An array must be parsed as a string, so as not to cause an array to string error // Json is the most appropriate form for such a datatype if ($this->response->format === 'array') { @@ -758,7 +792,7 @@ public function response($data = NULL, $http_code = NULL, $continue = FALSE) * Takes mixed data and optionally a status code, then creates the response * within the buffers of the Output class. The response is sent to the client * lately by the framework, after the current controller's method termination. - * All the hooks after the controller's method termination are executable. + * All the hooks after the controller's method termination are executable * * @access public * @param array|NULL $data Data to output to the user @@ -803,6 +837,20 @@ protected function _detect_input_format() return NULL; } + /** + * Gets the default format from the configuration. Fallbacks to 'json'. + * if the corresponding configuration option $config['rest_default_format'] + * is missing or is empty. + * + * @access protected + * @return string The default supported input format + */ + protected function _get_default_output_format() + { + $default_format = (string) $this->config->item('rest_default_format'); + return $default_format === '' ? 'json' : $default_format; + } + /** * Detect which format should be used to output the data * @@ -871,7 +919,7 @@ protected function _detect_output_format() } // Obtain the default format from the configuration - return $this->config->item('rest_default_format'); + return $this->_get_default_output_format(); } /** @@ -899,7 +947,7 @@ protected function _detect_method() if (empty($method)) { - // Get the request method as a lowercase string. + // Get the request method as a lowercase string $method = $this->input->method(); } @@ -943,7 +991,7 @@ protected function _detect_api_key() /* * If "is private key" is enabled, compare the ip address with the list - * of valid ip addresses stored in the database. + * of valid ip addresses stored in the database */ if (empty($row->is_private_key) === FALSE) { @@ -968,12 +1016,12 @@ protected function _detect_api_key() } else { - // There should be at least one IP address for this private key. + // There should be at least one IP address for this private key return FALSE; } } - return $row; + return TRUE; } // No key has been sent @@ -1032,7 +1080,7 @@ protected function _log_request($authorized = FALSE) 'params' => $this->_args ? ($this->config->item('rest_logs_json_params') === TRUE ? json_encode($this->_args) : serialize($this->_args)) : NULL, 'api_key' => isset($this->rest->key) ? $this->rest->key : '', 'ip_address' => $this->input->ip_address(), - 'time' => now(), // Used to be: function_exists('now') ? now() : time() + 'time' => time(), 'authorized' => $authorized ]); @@ -1162,13 +1210,13 @@ protected function _auth_override_check() if (!empty($auth_override_class_method[$this->router->class]['*'])) // Check for class overrides { // None auth override found, prepare nothing but send back a TRUE override flag - if ($auth_override_class_method[$this->router->class]['*'] == 'none') + if ($auth_override_class_method[$this->router->class]['*'] === 'none') { return TRUE; } // Basic auth override found, prepare basic - if ($auth_override_class_method[$this->router->class]['*'] == 'basic') + if ($auth_override_class_method[$this->router->class]['*'] === 'basic') { $this->_prepare_basic_auth(); @@ -1176,15 +1224,23 @@ protected function _auth_override_check() } // Digest auth override found, prepare digest - if ($auth_override_class_method[$this->router->class]['*'] == 'digest') + if ($auth_override_class_method[$this->router->class]['*'] === 'digest') { $this->_prepare_digest_auth(); return TRUE; } + // Session auth override found, check session + if ($auth_override_class_method[$this->router->class]['*'] === 'session') + { + $this->_check_php_session(); + + return TRUE; + } + // Whitelist auth override found, check client's ip against config whitelist - if ($auth_override_class_method[$this->router->class]['*'] == 'whitelist') + if ($auth_override_class_method[$this->router->class]['*'] === 'whitelist') { $this->_check_whitelist_auth(); @@ -1196,13 +1252,13 @@ protected function _auth_override_check() if (!empty($auth_override_class_method[$this->router->class][$this->router->method])) { // None auth override found, prepare nothing but send back a TRUE override flag - if ($auth_override_class_method[$this->router->class][$this->router->method] == 'none') + if ($auth_override_class_method[$this->router->class][$this->router->method] === 'none') { return TRUE; } // Basic auth override found, prepare basic - if ($auth_override_class_method[$this->router->class][$this->router->method] == 'basic') + if ($auth_override_class_method[$this->router->class][$this->router->method] === 'basic') { $this->_prepare_basic_auth(); @@ -1210,15 +1266,23 @@ protected function _auth_override_check() } // Digest auth override found, prepare digest - if ($auth_override_class_method[$this->router->class][$this->router->method] == 'digest') + if ($auth_override_class_method[$this->router->class][$this->router->method] === 'digest') { $this->_prepare_digest_auth(); return TRUE; } + // Session auth override found, check session + if ($auth_override_class_method[$this->router->class][$this->router->method] === 'session') + { + $this->_check_php_session(); + + return TRUE; + } + // Whitelist auth override found, check client's ip against config whitelist - if ($auth_override_class_method[$this->router->class][$this->router->method] == 'whitelist') + if ($auth_override_class_method[$this->router->class][$this->router->method] === 'whitelist') { $this->_check_whitelist_auth(); @@ -1237,13 +1301,13 @@ protected function _auth_override_check() if(!empty($auth_override_class_method_http[$this->router->class]['*'][$this->request->method])) { // None auth override found, prepare nothing but send back a TRUE override flag - if ($auth_override_class_method_http[$this->router->class]['*'][$this->request->method] == 'none') + if ($auth_override_class_method_http[$this->router->class]['*'][$this->request->method] === 'none') { return TRUE; } // Basic auth override found, prepare basic - if ($auth_override_class_method_http[$this->router->class]['*'][$this->request->method] == 'basic') + if ($auth_override_class_method_http[$this->router->class]['*'][$this->request->method] === 'basic') { $this->_prepare_basic_auth(); @@ -1251,15 +1315,23 @@ protected function _auth_override_check() } // Digest auth override found, prepare digest - if ($auth_override_class_method_http[$this->router->class]['*'][$this->request->method] == 'digest') + if ($auth_override_class_method_http[$this->router->class]['*'][$this->request->method] === 'digest') { $this->_prepare_digest_auth(); return TRUE; } + // Session auth override found, check session + if ($auth_override_class_method_http[$this->router->class]['*'][$this->request->method] === 'session') + { + $this->_check_php_session(); + + return TRUE; + } + // Whitelist auth override found, check client's ip against config whitelist - if ($auth_override_class_method_http[$this->router->class]['*'][$this->request->method] == 'whitelist') + if ($auth_override_class_method_http[$this->router->class]['*'][$this->request->method] === 'whitelist') { $this->_check_whitelist_auth(); @@ -1271,13 +1343,13 @@ protected function _auth_override_check() if(!empty($auth_override_class_method_http[$this->router->class][$this->router->method][$this->request->method])) { // None auth override found, prepare nothing but send back a TRUE override flag - if ($auth_override_class_method_http[$this->router->class][$this->router->method][$this->request->method] == 'none') + if ($auth_override_class_method_http[$this->router->class][$this->router->method][$this->request->method] === 'none') { return TRUE; } // Basic auth override found, prepare basic - if ($auth_override_class_method_http[$this->router->class][$this->router->method][$this->request->method] == 'basic') + if ($auth_override_class_method_http[$this->router->class][$this->router->method][$this->request->method] === 'basic') { $this->_prepare_basic_auth(); @@ -1285,15 +1357,23 @@ protected function _auth_override_check() } // Digest auth override found, prepare digest - if ($auth_override_class_method_http[$this->router->class][$this->router->method][$this->request->method] == 'digest') + if ($auth_override_class_method_http[$this->router->class][$this->router->method][$this->request->method] === 'digest') { $this->_prepare_digest_auth(); return TRUE; } + // Session auth override found, check session + if ($auth_override_class_method_http[$this->router->class][$this->router->method][$this->request->method] === 'session') + { + $this->_check_php_session(); + + return TRUE; + } + // Whitelist auth override found, check client's ip against config whitelist - if ($auth_override_class_method_http[$this->router->class][$this->router->method][$this->request->method] == 'whitelist') + if ($auth_override_class_method_http[$this->router->class][$this->router->method][$this->request->method] === 'whitelist') { $this->_check_whitelist_auth(); @@ -1344,13 +1424,10 @@ protected function _parse_put() { $this->request->body = $this->input->raw_input_stream; } - else + else if ($this->input->method() === 'put') { - // If no filetype is provided, then there are probably just arguments - if ($this->input->method() === 'put') - { - $this->_put_args = $this->input->input_stream(); - } + // If no filetype is provided, then there are probably just arguments + $this->_put_args = $this->input->input_stream(); } } @@ -1397,13 +1474,10 @@ protected function _parse_patch() { $this->request->body = $this->input->raw_input_stream; } - else + else if ($this->input->method() === 'patch') { // If no filetype is provided, then there are probably just arguments - if ($this->input->method() === 'patch') - { - $this->_patch_args = $this->input->input_stream(); - } + $this->_patch_args = $this->input->input_stream(); } } @@ -1430,30 +1504,7 @@ protected function _parse_delete() */ protected function _parse_query() { - // Declare a variable that will hold the REQUEST_URI - $request_uri = NULL; - - // If using the commandline version - if (is_cli()) - { - $args = $this->input->server('argv'); - unset($args[0]); - - // Combine the arguments using '/' as the delimiter - $request_uri = '/' . implode('/', $args) . '/'; - - // Set the following server variables (perhaps not required anymore?) - $_SERVER['REQUEST_URI'] = $request_uri; - $_SERVER['PATH_INFO'] = $request_uri; - $_SERVER['QUERY_STRING'] = $request_uri; - } - else - { - $request_uri = $this->input->server('REQUEST_URI'); - } - - // Parse the query parameters from the query string - parse_str(parse_url($request_uri, PHP_URL_QUERY), $this->_query_args); + $this->_query_args = $this->input->get(); } // INPUT FUNCTION -------------------------------------------------------------- @@ -1509,10 +1560,10 @@ public function head($key = NULL, $xss_clean = NULL) { if ($key === NULL) { - return $this->head_args; + return $this->_head_args; } - return isset($this->head_args[$key]) ? $this->_xss_clean($this->head_args[$key], $xss_clean) : NULL; + return isset($this->_head_args[$key]) ? $this->_xss_clean($this->_head_args[$key], $xss_clean) : NULL; } /** @@ -1612,7 +1663,7 @@ public function query($key = NULL, $xss_clean = NULL) /** * Sanitizes data so that Cross Site Scripting Hacks can be - * prevented. + * prevented * * @access protected * @param string $value Input data @@ -1849,7 +1900,7 @@ protected function _check_php_session() // Display an error response $this->response([ $this->config->item('rest_status_field_name') => FALSE, - $this->config->item('rest_message_field_name') => 'Not Authorized' + $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_unauthorized') ], self::HTTP_UNAUTHORIZED); } } @@ -1946,8 +1997,8 @@ protected function _prepare_digest_auth() { // Display an error response $this->response([ - $this->config->item('rest_status_field_name') => 0, - $this->config->item('rest_message_field_name') => 'Invalid credentials' + $this->config->item('rest_status_field_name') => FALSE, + $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_invalid_credentials') ], self::HTTP_UNAUTHORIZED); } } @@ -1968,8 +2019,8 @@ protected function _check_blacklist_auth() { // Display an error response $this->response([ - 'status' => FALSE, - 'error' => 'IP Denied' + $this->config->item('rest_status_field_name') => FALSE, + $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_ip_denied') ], self::HTTP_UNAUTHORIZED); } } @@ -1997,7 +2048,7 @@ protected function _check_whitelist_auth() { $this->response([ $this->config->item('rest_status_field_name') => FALSE, - $this->config->item('rest_message_field_name') => 'IP not authorized' + $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_ip_unauthorized') ], self::HTTP_UNAUTHORIZED); } } @@ -2031,7 +2082,7 @@ protected function _force_login($nonce = '') // Display an error response $this->response([ $this->config->item('rest_status_field_name') => FALSE, - $this->config->item('rest_message_field_name') => 'Not authorized' + $this->config->item('rest_message_field_name') => $this->lang->line('text_rest_unauthorized') ], self::HTTP_UNAUTHORIZED); } diff --git a/application/tests/controllers/api/Example_test.php b/application/tests/controllers/api/Example_test.php index 129e04b..90d31a7 100644 --- a/application/tests/controllers/api/Example_test.php +++ b/application/tests/controllers/api/Example_test.php @@ -114,7 +114,7 @@ public function test_users_get_id_user_not_found() { $output = $this->request('GET', 'api/example/users/id/999'); $this->assertEquals( - '{"status":false,"error":"User could not be found"}', + '{"status":false,"message":"User could not be found"}', $output ); $this->assertResponseCode(404); diff --git a/application/tests/controllers/api/Key_test.php b/application/tests/controllers/api/Key_test.php index 217a0c1..98791a4 100644 --- a/application/tests/controllers/api/Key_test.php +++ b/application/tests/controllers/api/Key_test.php @@ -51,7 +51,7 @@ public function test_level_post() $response = json_decode($output); $this->assertTrue($response->status); - $this->assertEquals('API key was updated', $response->success); + $this->assertEquals('API key was updated', $response->message); $this->assertResponseCode(200); } diff --git a/application/views/rest_server.php b/application/views/rest_server.php old mode 100644 new mode 100755 index ffcdd7d..aab0b9d --- a/application/views/rest_server.php +++ b/application/views/rest_server.php @@ -1,25 +1,28 @@ + defined('BASEPATH') OR exit('No direct script access allowed'); +?> + + REST Server Tests -