<?php
/***************************************************************************
- * Copyright (C) 2003-2010 Polytechnique.org *
+ * Copyright (C) 2003-2011 Polytechnique.org *
* http://opensource.polytechnique.org/ *
* *
* This program is free software; you can redistribute it and/or modify *
define('AUTH_SUID', -1);
define('AUTH_PUBLIC', 0);
define('AUTH_COOKIE', 5);
+define('AUTH_PASSWD', 10);
+// Backwards compatibility: AUTH_MDP must be an alias for AUTH_PASSWD.
define('AUTH_MDP', 10);
/** Build the session structure with system fields.
*/
- private function fillSession()
+ protected function fillSession()
{
S::bootstrap('user', null);
S::bootstrap('auth', AUTH_PUBLIC);
*/
abstract protected function startSessionAs($user, $level);
+ /** Authenticate the request for the given (method, payload) pair.
+ *
+ * Implementations are expected to provide strong authentication. It is
+ * suggested to use an HMAC-based scheme, where the signature validates the
+ * method, url, and payload (to avoid replay of the signature against other
+ * methods), and the timestamp (to avoid replay in time).
+ *
+ * @param method method of the request (GET, POST, PUT, DELETE)
+ * @param resource URL path of the resource (eg. "/api/user")
+ * @param payload binary payload sent with the request (before decoding)
+ * @return a valid PlUser object if authentication is successfull, or null.
+ */
+ public function apiAuth($method, $resource, $payload)
+ {
+ return null; // Default implementation does nothing
+ }
+
/** Check authentication with the given token.
*
* Token authentication is a light-weight authentication based on a user-specific token.
if (S::suid()) {
return false;
}
- $backup = $_SESSION;
- $_SESSION = array();
+ $backup = S::changeSession(array());
$this->fillSession();
S::set('suid', $backup);
if (!$this->startSessionAs($user, AUTH_SUID)) {
if (!S::suid()) {
return false;
}
- $_SESSION = $_SESSION['suid'];
+ S::changeSession(S::v('suid'));
return true;
}