ENH: refs #250. create web api authentication component

zachmullen · zachmullen · commit 0d015def8555 · 2011-09-14T16:04:13.000-04:00
diff --git a/modules/api/controllers/IndexController.php b/modules/api/controllers/IndexController.php
@@ -23,6 +23,7 @@
 class Api_IndexController extends Api_AppController
 {
   public $_moduleModels = array('Userapi');
+  public $_moduleComponents = array('Authentication');
   public $_models = array('Community', 'ItemRevision', 'Item', 'User', 'Folderpolicyuser', 'Folderpolicygroup', 'Folder');
   public $_components = array('Upload', 'Search', 'Uuid', 'Sortdao');
 
@@ -403,30 +404,7 @@ private function _initApiCommons()
   /** Return the user dao */
   private function _getUser($args)
     {
-    if(array_key_exists('useSession', $args))
-      {
-      return $this->userSession->Dao;
-      }
-    else
-      {
-      if(!array_key_exists('token', $args))
-        {
-        return 0;
-        }
-      $token = $args['token'];
-      $userapiDao = $this->Api_Userapi->getUserapiFromToken($token);
-      if(!$userapiDao)
-        {
-        throw new Exception('Invalid token', MIDAS_INVALID_TOKEN);
-        }
-      $userid = $userapiDao->getUserId();
-      if($userid == 0)
-        {
-        return false;
-        }
-      $userDao = $this->User->load($userid);
-      return $userDao;
-      }
+    return $this->ModuleComponent->Authentication->getUser($args, $this->userSession->Dao);
     }
 
   /** Controller action handling REST request */
diff --git a/modules/api/controllers/components/AuthenticationComponent.php b/modules/api/controllers/components/AuthenticationComponent.php
@@ -0,0 +1,54 @@
+<?php
+/*=========================================================================
+MIDAS Server
+Copyright (c) Kitware SAS. 20 rue de la Villette. All rights reserved.
+69328 Lyon, FRANCE.
+
+See Copyright.txt for details.
+This software is distributed WITHOUT ANY WARRANTY; without even
+the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+PURPOSE.  See the above copyright notices for more information.
+=========================================================================*/
+
+/** Web API Authentication Component */
+class Api_AuthenticationComponent extends AppComponent
+{
+
+  /** Constructor */
+  function __construct()
+    {
+    }
+
+  /**
+   * Gets the user dao from either the session (if via ajax)
+   * or using token-based authentication otherwise.
+   * Returns false for anonymous users.
+   */
+  public function getUser($args, $sessionDao)
+    {
+    if(array_key_exists('useSession', $args))
+      {
+      return $sessionDao;
+      }
+    else
+      {
+      if(!array_key_exists('token', $args))
+        {
+        return 0;
+        }
+      $token = $args['token'];
+      $userapiDao = $this->Api_Userapi->getUserapiFromToken($token);
+      if(!$userapiDao)
+        {
+        throw new Exception('Invalid token', MIDAS_INVALID_TOKEN);
+        }
+      $userid = $userapiDao->getUserId();
+      if($userid == 0)
+        {
+        return false;
+        }
+      $userDao = $this->User->load($userid);
+      return $userDao;
+      }
+    }
+}
