diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/rest/controllers/rest.php | 62 | ||||
| -rw-r--r-- | modules/rest/tests/Rest_Controller_Test.php | 14 |
2 files changed, 37 insertions, 39 deletions
diff --git a/modules/rest/controllers/rest.php b/modules/rest/controllers/rest.php index a932a285..a6b618e8 100644 --- a/modules/rest/controllers/rest.php +++ b/modules/rest/controllers/rest.php @@ -19,28 +19,24 @@ */ class Rest_Controller extends Controller { public function index() { - try { - $username = Input::instance()->post("user"); - $password = Input::instance()->post("password"); - - $user = identity::lookup_user_by_name($username); - if (empty($user) || !identity::is_correct_password($user, $password)) { - throw new Rest_Exception("Forbidden", 403); - } + $username = Input::instance()->post("user"); + $password = Input::instance()->post("password"); - $key = ORM::factory("user_access_token") - ->where("user_id", "=", $user->id) - ->find(); - if (!$key->loaded()) { - $key->user_id = $user->id; - $key->access_key = md5($user->name . rand()); - $key->save(); - } + $user = identity::lookup_user_by_name($username); + if (empty($user) || !identity::is_correct_password($user, $password)) { + throw new Rest_Exception("Forbidden", 403); + } - rest::reply($key->access_key); - } catch (Exception $e) { - rest::send_headers($e); + $key = ORM::factory("user_access_token") + ->where("user_id", "=", $user->id) + ->find(); + if (!$key->loaded()) { + $key->user_id = $user->id; + $key->access_key = md5($user->name . rand()); + $key->save(); } + + rest::reply($key->access_key); } public function __call($function, $args) { @@ -62,26 +58,22 @@ class Rest_Controller extends Controller { $request->access_token = $input->server("HTTP_X_GALLERY_REQUEST_KEY"); $request->url = url::abs_current(true); - try { - rest::set_active_user($request->access_token); + rest::set_active_user($request->access_token); - $handler_class = "{$function}_rest"; - $handler_method = $request->method; + $handler_class = "{$function}_rest"; + $handler_method = $request->method; - if (!method_exists($handler_class, $handler_method)) { - throw new Rest_Exception("Forbidden", 403); - } + if (!method_exists($handler_class, $handler_method)) { + throw new Rest_Exception("Forbidden", 403); + } - try { - print rest::reply(call_user_func(array($handler_class, $handler_method), $request)); - } catch (ORM_Validation_Exception $e) { - foreach ($e->validation->errors() as $key => $value) { - $msgs[] = "$key: $value"; - } - throw new Rest_Exception("Bad Request: " . join(", ", $msgs), 400); + try { + print rest::reply(call_user_func(array($handler_class, $handler_method), $request)); + } catch (ORM_Validation_Exception $e) { + foreach ($e->validation->errors() as $key => $value) { + $msgs[] = "$key: $value"; } - } catch (Rest_Exception $e) { - rest::send_headers($e); + throw new Rest_Exception("Bad Request: " . join(", ", $msgs), 400); } } }
\ No newline at end of file diff --git a/modules/rest/tests/Rest_Controller_Test.php b/modules/rest/tests/Rest_Controller_Test.php index ae5e6d48..e0663252 100644 --- a/modules/rest/tests/Rest_Controller_Test.php +++ b/modules/rest/tests/Rest_Controller_Test.php @@ -46,11 +46,17 @@ class Rest_Controller_Test extends Gallery_Unit_Test_Case { public function login_failed_test() { $user = test::random_user("password"); - $_POST["user"] = $user->name; - $_POST["password"] = "WRONG PASSWORD"; - // @todo check the http response code - $this->assert_equal(null, test::call_and_capture(array(new Rest_Controller(), "index"))); + try { + $_POST["user"] = $user->name; + $_POST["password"] = "WRONG PASSWORD"; + test::call_and_capture(array(new Rest_Controller(), "index")); + } catch (Rest_Exception $e) { + $this->assert_equal(403, $e->getCode()); + return; + } + + $this->assert_true(false, "Shouldn't get here"); } public function rest_get_resource_no_request_key_test_() { |