web service MDL-12886 implement authentication token systemprototype

diff --git a/webservice/rest/locallib.php b/webservice/rest/locallib.php
index 064825a912a086032aa84ea3b7c98ecef13512b2..de818681076dc381278308dddb35dd66294fc614 100644 (file)
--- a/webservice/rest/locallib.php
+++ b/webservice/rest/locallib.php
@@ -35,6 +35,26 @@ function call_moodle_function ($rest_arguments) {
     if ($params === false) {
         //return an error message, the REST params doesn't match with the web service description
     }
+
+/// Authentication process
+/// TODO: this use a fake token => need to implement token generation
+    $token = optional_param('token',null,PARAM_ALPHANUM);
+    if (empty($token)) {
+        if ($functionname != 'tmp_get_token') {
+            throw new moodle_exception('identifyfirst');
+        } else {
+            if (optional_param('username',null,PARAM_ALPHANUM) == 'admin' && optional_param('password',null,PARAM_ALPHANUM) == 'admin') {
+                return '465465465468468464';
+            } else {
+                throw new moodle_exception('wrongusernamepassword');
+            }
+        }
+    } else {
+        if (!mock_check_token($token)) {
+            throw new moodle_exception('wrongidentification');
+        }
+    }
+
     $res = call_user_func_array  ( $classname.'::'.$functionname, array($params));
     
 ///Transform result into xml in order to send the REST response
@@ -43,6 +63,19 @@ function call_moodle_function ($rest_arguments) {
        return "<Result>$return</Result>";
 }
 
+/**
+ * TODO: remove this funcion once token implementation is done
+ * Mock function waiting for token system implementation
+ * @param <type> $token
+ * @return <type> 
+ */
+function mock_check_token($token) {
+    if ($token == 465465465468468464) {
+        return true;
+    } else {
+        return false;
+    }
+}
 
 /**
  *

diff --git a/webservice/rest/testclient/createuser.php b/webservice/rest/testclient/createuser.php
index 5e564eba01cf74d4396d5a045d7a42f8f6b02b67..3b86fab617660811df6d7e268450ba8265f2b680 100644 (file)
--- a/webservice/rest/testclient/createuser.php
+++ b/webservice/rest/testclient/createuser.php
@@ -21,6 +21,17 @@ $data['email'] = "mockuser5@lastname.com";
 
 var_dump($data);
 
+//we are asking for a token
+$connectiondata['username'] = 'admin';
+$connectiondata['password'] = 'admin';
+$ch = curl_init();
+curl_setopt($ch, CURLOPT_URL, $CFG->serverurl.'/user/tmp_get_token');
+curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+curl_setopt($ch, CURLOPT_POST, 1);
+curl_setopt($ch, CURLOPT_POSTFIELDS, format_postdata($connectiondata));
+$token = curl_exec($ch);
+$data['token'] = $token;
+
 curl_setopt($ch, CURLOPT_URL, $CFG->serverurl.'/user/tmp_create_user');
 curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
 curl_setopt($ch, CURLOPT_POST, 1);

diff --git a/webservice/rest/testclient/deleteuser.php b/webservice/rest/testclient/deleteuser.php
index b8ee31b5d8c2e549a4ca29c3915871ba72225ef0..a83e99bd46feb3623b73bf2bfb1aabf76f61076e 100644 (file)
--- a/webservice/rest/testclient/deleteuser.php
+++ b/webservice/rest/testclient/deleteuser.php
@@ -30,6 +30,18 @@ start_interface("Delete a user");
 <?php
 
 if ($username) {
+  
+     //we are asking for a token
+    $connectiondata['username'] = 'admin';
+    $connectiondata['password'] = 'admin';
+    $ch = curl_init();
+    curl_setopt($ch, CURLOPT_URL, $CFG->serverurl.'/user/tmp_get_token');
+    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+    curl_setopt($ch, CURLOPT_POST, 1);
+    curl_setopt($ch, CURLOPT_POSTFIELDS, format_postdata($connectiondata));
+    $token = curl_exec($ch);
+    $data['token'] = $token;
+
     $data['username'] = $username;
     $data['mnethostid'] = $mnethostid;
 

diff --git a/webservice/rest/testclient/getusers.php b/webservice/rest/testclient/getusers.php
index 5287b94da7f07ae2725d664ba32763e941363382..44e9eef1d264715164686d73d53862b49167ebfd 100644 (file)
--- a/webservice/rest/testclient/getusers.php
+++ b/webservice/rest/testclient/getusers.php
@@ -34,6 +34,18 @@ if ($search) {
 
     var_dump($CFG->serverurl.'/user/tmp_get_users');
 
+    
+    //we are asking for a token
+    $connectiondata['username'] = 'admin';
+    $connectiondata['password'] = 'admin';
+    $ch = curl_init();
+    curl_setopt($ch, CURLOPT_URL, $CFG->serverurl.'/user/tmp_get_token');
+    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+    curl_setopt($ch, CURLOPT_POST, 1);
+    curl_setopt($ch, CURLOPT_POSTFIELDS, format_postdata($connectiondata));
+    $token = curl_exec($ch);
+    $data['token'] = $token;
+  
     $ch = curl_init();
     curl_setopt($ch, CURLOPT_URL, $CFG->serverurl.'/user/tmp_get_users');
     curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

diff --git a/webservice/rest/testclient/updateuser.php b/webservice/rest/testclient/updateuser.php
index f086c0f32e4cb14a60ba39218096774408b9ac52..65b9fd94c3fab50dbc0213ed00823c6122c24c18 100644 (file)
--- a/webservice/rest/testclient/updateuser.php
+++ b/webservice/rest/testclient/updateuser.php
@@ -32,6 +32,18 @@ start_interface("Update a user");
 <?php
 
 if ($username) {
+
+    //we are asking for a token
+    $connectiondata['username'] = 'admin';
+    $connectiondata['password'] = 'admin';
+    $ch = curl_init();
+    curl_setopt($ch, CURLOPT_URL, $CFG->serverurl.'/user/tmp_get_token');
+    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
+    curl_setopt($ch, CURLOPT_POST, 1);
+    curl_setopt($ch, CURLOPT_POSTFIELDS, format_postdata($connectiondata));
+    $token = curl_exec($ch);
+    $data['token'] = $token;
+
     $data['username'] = $username;
     $data['mnethostid'] = $mnethostid;
     $data['newusername'] = $newusername;