implementing API basic auth

directus · Jan 21, 2016 · c6f2f93 · c6f2f93
1 parent 828001b
commit c6f2f93
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 14 deletions.
diff --git a/api/api.php b/api/api.php
@@ -93,10 +93,42 @@
     "debug_acl_poc",
 );
 
-$app->hook('slim.before.dispatch', function() use ($app, $requestNonceProvider, $authAndNonceRouteWhitelist) {
+/**
+ * Bootstrap Providers
+ */
+
+/**
+ * @var \Zend\Db\Adapter
+ */
+$ZendDb = Bootstrap::get('ZendDb');
+
+/**
+ * @var \Directus\Acl
+ */
+$acl = Bootstrap::get('acl');
+
+$app->hook('slim.before.dispatch', function() use ($app, $requestNonceProvider, $authAndNonceRouteWhitelist, $ZendDb) {
     /** Skip routes which don't require these protections */
     $routeName = $app->router()->getCurrentRoute()->getName();
     if(!in_array($routeName, $authAndNonceRouteWhitelist)) {
+        $req = $app->request();
+        $authUser = $req->headers('PHP_AUTH_USER');
+        // $authPass = $req->headers('PHP_AUTH_PW');
+
+        if ($authUser) {
+            $DirectusUsersTableGateway = new \Zend\Db\TableGateway\TableGateway('directus_users', $ZendDb);
+            $user = $DirectusUsersTableGateway->select(array('token' => $authUser));
+            if (!$user->count()) {
+                $app->halt(401, 'You must be logged in to access the API.');
+            }
+
+            $user = $user->toArray();
+            $user = reset($user);
+            $GLOBALS['_SESSION'] = $_SESSION;
+
+            Auth::setLoggedUser($user['id']);
+        }
+
         /** Enforce required authentication. */
         if(!Auth::loggedIn()) {
             $app->halt(401, "You must be logged in to access the API.");
@@ -117,19 +149,9 @@
     }
 });
 
-/**
- * Bootstrap Providers
- */
-
-/**
- * @var \Zend\Db\Adapter
- */
-$ZendDb = Bootstrap::get('ZendDb');
-
-/**
- * @var \Directus\Acl
- */
-$acl = Bootstrap::get('acl');
+$app->hook('slim.after', function() use ($app) {
+    $_SESSION = $GLOBALS['_SESSION'];
+});
 
 /**
  * Authentication

diff --git a/api/core/Directus/Auth/Provider.php b/api/core/Directus/Auth/Provider.php
@@ -72,6 +72,16 @@ public static function login($uid, $password, $salt, $passwordAttempt) {
         return false;
     }
 
+    /**
+     * Force a user id to be the logged user
+     *
+     * @param  int $uid             The User account's ID.
+     * @return boolean
+     */
+    public static function setLoggedUser($uid) {
+        self::completeLogin($uid);
+    }
+
     /**
      * De-authenticate the logged-in user.
      * @return null