class RestfulAuthenticationCookie in RESTful 7
@file Contains RestfulAuthenticationCookie.
Hierarchy
- class \RestfulPluginBase implements RestfulPluginInterface
- class \RestfulAuthenticationBase implements RestfulAuthenticationInterface
- class \RestfulAuthenticationCookie implements RestfulAuthenticationInterface
- class \RestfulAuthenticationBase implements RestfulAuthenticationInterface
Expanded class hierarchy of RestfulAuthenticationCookie
1 string reference to 'RestfulAuthenticationCookie'
- cookie.inc in plugins/
authentication/ cookie.inc
File
- plugins/
authentication/ RestfulAuthenticationCookie.class.php, line 7 - Contains RestfulAuthenticationCookie.
View source
class RestfulAuthenticationCookie extends RestfulAuthenticationBase implements RestfulAuthenticationInterface {
/**
* Implements RestfulAuthenticationInterface::authenticate().
*/
public function authenticate(array $request = array(), $method = \RestfulInterface::GET) {
if (!drupal_session_started() && !$this
->isCli()) {
return;
}
global $user;
$account = user_load($user->uid);
if (!\RestfulBase::isWriteMethod($method) || empty($request['__application']['rest_call'])) {
// Request is done via API not CURL, or not a write operation, so we don't
// need to check for a CSRF token.
return $account;
}
if (empty($request['__application']['csrf_token'])) {
throw new \RestfulBadRequestException('No CSRF token passed in the HTTP header.');
}
if (!drupal_valid_token($request['__application']['csrf_token'], \RestfulBase::TOKEN_VALUE)) {
throw new \RestfulForbiddenException('CSRF token validation failed.');
}
// CSRF validation passed.
return $account;
}
/**
* Detects whether the script is running from a command line environment.
*
* @return bool
* TRUE if a command line environment is detected. FALSE otherwise.
*/
protected function isCli() {
// Needed to detect if run-tests.sh is running the tests.
$cli = \RestfulManager::getRequestHttpHeader('User-Agent') == 'Drupal command line';
return $cli || drupal_is_cli();
}
}Members
Name |
Modifiers | Type | Description | Overrides |
|---|---|---|---|---|
|
RestfulAuthenticationBase:: |
protected | property | Settings from the plugin definition. | |
|
RestfulAuthenticationBase:: |
public | function |
Determines if the request can be checked for authentication. For example,
when authenticating with HTTP header, return FALSE if the header values do
not exist. Overrides RestfulAuthenticationInterface:: |
2 |
|
RestfulAuthenticationBase:: |
public | function |
Get the name of the authentication plugin. Overrides RestfulAuthenticationInterface:: |
|
|
RestfulAuthenticationBase:: |
public | function |
Constructor. Overrides RestfulPluginBase:: |
|
|
RestfulAuthenticationCookie:: |
public | function |
Implements RestfulAuthenticationInterface::authenticate(). Overrides RestfulAuthenticationInterface:: |
|
|
RestfulAuthenticationCookie:: |
protected | function | Detects whether the script is running from a command line environment. | |
|
RestfulPluginBase:: |
protected | property | The plugin definition array. | |
|
RestfulPluginBase:: |
public | function |
Gets information about the restful plugin. Overrides RestfulPluginInterface:: |
|
|
RestfulPluginBase:: |
public | function |
Gets information about the restful plugin key. Overrides RestfulPluginInterface:: |
|
|
RestfulPluginBase:: |
public | function |
Sets information about the restful plugin. Overrides RestfulPluginInterface:: |
|
|
RestfulPluginBase:: |
public | function |
Gets information about the restful plugin key. Overrides RestfulPluginInterface:: |