You are here

Home » API reference » RESTful 7 » RestfulAuthenticationCookie.class.php » RestfulAuthenticationCookie

public function RestfulAuthenticationCookie::authenticate in RESTful 7

Implements RestfulAuthenticationInterface::authenticate().

Overrides RestfulAuthenticationInterface::authenticate

File

plugins/authentication/RestfulAuthenticationCookie.class.php, line 12
Contains RestfulAuthenticationCookie.

Class

RestfulAuthenticationCookie
@file Contains RestfulAuthenticationCookie.

Code

public function authenticate(array $request = array(), $method = \RestfulInterface::GET) {
  if (!drupal_session_started() && !$this
    ->isCli()) {
    return;
  }
  global $user;
  $account = user_load($user->uid);
  if (!\RestfulBase::isWriteMethod($method) || empty($request['__application']['rest_call'])) {

    // Request is done via API not CURL, or not a write operation, so we don't
    // need to check for a CSRF token.
    return $account;
  }
  if (empty($request['__application']['csrf_token'])) {
    throw new \RestfulBadRequestException('No CSRF token passed in the HTTP header.');
  }
  if (!drupal_valid_token($request['__application']['csrf_token'], \RestfulBase::TOKEN_VALUE)) {
    throw new \RestfulForbiddenException('CSRF token validation failed.');
  }

  // CSRF validation passed.
  return $account;
}