Added support for user-based authentication, resulting changes: Implemented auth...

[hermes] / api / lib / auth_base.php

diff --git a/api/lib/auth_base.php b/api/lib/auth_base.php
index 97e557f9d4e63e0878f0dd50b93549ef718296f1..a2ce62c36bd0715c6fedcbc83aa2705e8271354d 100644 (file)
--- a/api/lib/auth_base.php
+++ b/api/lib/auth_base.php
@@ -252,7 +252,7 @@ function add_apikey ( $host, $level )
 
        // Try to add the new key to authorizations first. If this
        // fails, there will be the least amount of data to clean up ...
-       if ( ! update_authorization( $key, $level ) ) return false;
+       if ( ! update_authorization( "key", $key, $level ) ) return false;
 
        $query = sprintf("INSERT INTO %s ( host, apikey ) VALUES ( '%s', '%s' )",
                $config['apikeys_table'],
@@ -301,7 +301,8 @@ function list_apikeys ()
        global $config;
        $query = sprintf("SELECT k.apikey AS apikey, k.host AS host, 
                                a.access_level AS access_level 
-                               FROM %s k INNER JOIN %s a ON k.apikey = a.authid",
+                               FROM %s k INNER JOIN %s a ON k.apikey = a.authid
+                               WHERE a.type = 'key'",
                        $config['apikeys_table'], 
                        $config['authorizations_table']);
        $list = array();
@@ -318,14 +319,49 @@ function list_apikeys ()
        return $list;
 
 }
-function update_authorization( $authid, $level )
+
+function list_users ()
+{
+       global $config;
+       $query = sprintf("SELECT authid, access_level
+                               FROM %s
+                               WHERE type = 'user'",
+                       $config['authorizations_table']);
+       $list = array();
+       $result = sql_dbquery( $config['provision_db'], $query);
+       if ( ! $result ) return $list; 
+       while ( $row = @mysql_fetch_assoc( $result ) )
+       {
+               $username = $row['authid'];
+               $user_data = authuser_getinfo( $username );
+
+               // TODO: Remove invalid users here?
+               if ( ! $user_data ) continue;
+
+               array_push( $list, array(
+                       'user' => $username,
+                       'name' => $user_data['name'],
+                       'email' => $user_data['email'],
+                       'level' => authlevel_name( $row['access_level'] )
+               ));
+       }
+       return $list;
+
+}
+
+
+
+function update_authorization( $type, $authid, $level )
 {
        global $config;
        if ( !is_numeric($level) ) return false;
-       $query = sprintf("INSERT INTO %s ( authid, access_level ) VALUES ( '%s', %d )
+       if ( ($type != "key") && ($type != "user") ) return false;
+
+       $query = sprintf("INSERT INTO %s ( authid, type, access_level ) VALUES ( '%s', '%s', %d )
                        ON DUPLICATE KEY UPDATE access_level=%d",
                $config['authorizations_table'],
                sql_clean($authid),
+               $type,
                $level, $level);
        if ( ! sql_dbexec( $config['provision_db'], $query ) ) return false;
        return true;
@@ -348,7 +384,7 @@ function get_authorization( $type, $authid )
        global $config;
 
        // If API-key is used, but key fails verification, write is impossible.
-       if ( ( $type == "key" ) && ( ! verify_apikey( $authid ) ) )
+       if ( ( $type == "key" ) && ( ! verify_apikey( $authid, true ) ) )
                return false;
 
        // If User-login is used, but backend is unable to provide info, fail.
@@ -373,7 +409,7 @@ function can_write ( )
        // Stub, to be called on any API nodes that write data in the DB.
        $authid = $_SESSION['authid'];
        $type   = $_SESSION['type'];
-       
+
        $level = get_authorization( $type, $authid );
        if ( $level >= authlevel_value('read_write') ) return $level;
        else return false;