Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

required authentication for users_recent and users/find API endpoints…

…. Updated social_auth model + lib as well as corresponding queries to not show ALL user fields for getting basic user info
  • Loading branch information...
commit 7df845cce0cc35e76472cdc97b10e22fc2e553a9 1 parent a6c222c
@bnvk bnvk authored
View
47 application/controllers/api/users.php
@@ -39,8 +39,8 @@ function __construct()
$this->email->initialize($config_email);
}
- function recent_get()
- {
+ function recent_authd_get()
+ {
$users = $this->social_auth->get_users('active', 1);
if($users)
@@ -55,11 +55,11 @@ function recent_get()
$this->response($message, 200);
}
- function find_get()
+ function find_authd_get()
{
$search_by = $this->uri->segment(4);
$search_for = $this->uri->segment(5);
- $user = $this->social_auth->get_user($search_by, $search_for);
+ $user = $this->social_auth->get_user($search_by, $search_for, FALSE);
if ($user)
{
@@ -164,32 +164,20 @@ function login_post()
if ($this->form_validation->run() == true)
{
- // Check "remember me"
- if ($this->input->post('remember') == 1)
- {
- $remember = TRUE;
- }
- else
- {
- $remember = FALSE;
- }
+ // Remember User
+ if ($this->input->post('remember') == 1) $remember = TRUE;
+ else $remember = FALSE;
// Store Session Data
- if ($this->input->post('session') == 1)
- {
- $session = TRUE;
- }
- else
- {
- $session = FALSE;
- }
+ if ($this->input->post('session') == 1) $session = TRUE;
+ else $session = FALSE;
// Attempt Login
- if ($this->social_auth->login($this->input->post('email'), $this->input->post('password'), $remember, $session))
+ if ($user = $this->social_auth->login($this->input->post('email'), $this->input->post('password'), $remember, $session))
{
// Get User Data
- $user = $this->social_auth->get_user('email', $this->input->post('email'));
- $user->email = $this->input->post('email');
+ //$user = $this->social_auth->get_user('email', $this->input->post('email'), TRUE);
+ //$user->email = $this->input->post('email');
$meta = $this->social_auth->get_user_meta($user->user_id);
$message = array('status' => 'success', 'message' => 'Success you will now be logged in', 'user' => $user, 'meta' => $meta);
@@ -201,7 +189,7 @@ function login_post()
}
else
{
- $message = array('message' => 'Oops '.validation_errors());
+ $message = array('message' => validation_errors());
}
$this->response($message, 200);
@@ -567,7 +555,7 @@ function password_forgot_post()
{
if ($this->social_auth->forgotten_password($this->input->post('email')))
{
- $profile = $this->social_auth->get_user('email', $this->input->post('email'));
+ $profile = $this->social_auth->get_user('email', $this->input->post('email'), TRUE);
// Email Data
$data = array(
@@ -746,11 +734,4 @@ function deactivate_authd_get($id)
$this->response($message, $response);
}
- function destroy_get()
- {
- // $this->some_model->deletesomething($this->get('id'));
- $message = array('status' => 'success', 'message' => 'User was deleted');
-
- $this->response($message, 200);
- }
}
View
2  application/controllers/settings.php
@@ -18,7 +18,7 @@ function profile()
{
if ($this->session->userdata('user_level_id') > config_item('users_settings_level')) redirect(base_url(), 'refresh');
- $user = $this->social_auth->get_user('user_id', $this->session->userdata('user_id'));
+ $user = $this->social_auth->get_user('user_id', $this->session->userdata('user_id'), TRUE);
// Profile Data
$this->data['sub_title'] = 'Profile';
View
2  application/controllers/site.php
@@ -155,7 +155,7 @@ function reset_password()
// Has URL Code
if (!$this->uri->segment(2)) redirect(base_url().'forgot_password');
- if ($user = $this->social_auth->get_user('forgotten_password_code', $this->uri->segment(2)))
+ if ($user = $this->social_auth->get_user('forgotten_password_code', $this->uri->segment(2), TRUE))
{
// Reset Password
if ($new_password = $this->social_auth->forgotten_password_complete($user))
View
8 application/libraries/Social_auth.php
@@ -351,9 +351,9 @@ function oauth_register($email, $user_id, $name=NULL)
function login($email, $password, $remember=FALSE, $session=FALSE)
{
- if ($this->ci->auth_model->login($email, $password, $remember, $session))
+ if ($user = $this->ci->auth_model->login($email, $password, $remember, $session))
{
- return TRUE;
+ return $user;
}
else
{
@@ -414,9 +414,9 @@ function get_users($parameter, $value)
return $this->ci->auth_model->get_users($parameter, $value);
}
- function get_user($parameter, $value)
+ function get_user($parameter, $value, $details=FALSE)
{
- return $this->ci->auth_model->get_user($parameter, $value);
+ return $this->ci->auth_model->get_user($parameter, $value, $details);
}
function update_user($user_id, $data)
View
38 application/models/auth_model.php
@@ -411,11 +411,11 @@ function login($email, $password, $remember=FALSE, $session=FALSE)
if ($remember && config_item('remember_users'))
{
- $this->remember_user($user->user_id);
+ $this->remember_user($user);
}
}
- return TRUE;
+ return $user;
}
}
@@ -444,7 +444,7 @@ function social_login($user_id, $connection)
$this->social_auth->set_userdata_meta($user->user_id);
$this->social_auth->set_userdata_connections($user->user_id);
- return TRUE;
+ return $user;
}
return FALSE;
@@ -454,10 +454,9 @@ function get_users($parameter, $value)
{
if (in_array($parameter, array('user_level_id','active')))
{
- $this->db->select('*');
+ $this->db->select('users.user_id, user_level_id, username, gravatar, name, image, time_zone, privacy, language, geo_enabled, created_on');
$this->db->from('users');
- $this->db->join('users_level', 'users.user_level_id = users_level.user_level_id');
- $this->db->where('users.'.$parameter, $value);
+ $this->db->where($parameter, $value);
$result = $this->db->get();
return $result->result();
}
@@ -467,14 +466,23 @@ function get_users($parameter, $value)
}
}
- function get_user($parameter, $value)
+ function get_user($parameter, $value, $details)
{
if (($value) && (in_array($parameter, array('user_id','username', 'email','gravatar', 'consumer_key', 'token', 'forgotten_password_code'))))
{
- $this->db->select('*');
+ // Selects all fields (oauths tokens, reset info but not password & salt)
+ if ($details)
+ {
+ $select = 'user_id, user_level_id, username, salt, email, gravatar, name, image, time_zone, privacy, language, geo_enabled, consumer_key, consumer_secret, token, token_secret, activation_code, forgotten_password_code, active, remember_code, created_on';
+ }
+ else
+ {
+ $select = 'user_id, user_level_id, username, gravatar, name, image, time_zone, privacy, language, geo_enabled, active, created_on';
+ }
+
+ $this->db->select($select);
$this->db->from('users');
- $this->db->join('users_level', 'users.user_level_id = users_level.user_level_id');
- $this->db->where('users.'.$parameter, $value);
+ $this->db->where($parameter, $value);
$this->db->limit(1);
$result = $this->db->get()->row();
return $result;
@@ -654,7 +662,7 @@ function login_remembered_user()
// Causesing compression header issue
if (config_item('user_extend_on_login'))
{
- $this->remember_user($user->user_id);
+ $this->remember_user($user);
}
return $user;
@@ -663,18 +671,16 @@ function login_remembered_user()
return FALSE;
}
- function remember_user($user_id)
+ function remember_user($user)
{
- if (!$user_id) return FALSE;
+ if (!$user->user_id) return FALSE;
$salt = sha1(md5(microtime()));
- $this->db->update('users', array('remember_code' => $salt), array('user_id' => $user_id));
+ $this->db->update('users', array('remember_code' => $salt), array('user_id' => $user->user_id));
if ($this->db->affected_rows() == 1)
{
- $user = $this->get_user('user_id', $user_id);
-
$email = array('name' => 'email', 'value' => $user->email, 'expire' => config_item('user_expire'));
$remember_code = array('name' => 'remember_code', 'value' => $salt, 'expire' => config_item('user_expire'));
View
4 robots.txt
@@ -1,2 +1,4 @@
User-agent: *
-Disallow: /application/
+Disallow: /application/
+Disallow: /api/
+Disallow: /uploads/
Please sign in to comment.
Something went wrong with that request. Please try again.