diff --git a/auth/services_keyauth/services_keyauth.inc b/auth/services_keyauth/services_keyauth.inc index 447130a..33ae54e 100644 --- a/auth/services_keyauth/services_keyauth.inc +++ b/auth/services_keyauth/services_keyauth.inc @@ -7,12 +7,6 @@ */ function _services_keyauth_security_settings() { - $form['services_use_key'] = array( - '#type' => 'checkbox', - '#title' => t('Use keys'), - '#default_value' => variable_get('services_use_key', TRUE), - '#description' => t('When enabled all method calls need to provide a validation token to autheciate themselves with the server.'), - ); $form['services_key_expiry'] = array( '#type' => 'textfield', '#prefix' => "
", @@ -21,12 +15,6 @@ function _services_keyauth_security_settings() { '#default_value' => variable_get('services_key_expiry', 30), '#description' => t('The time frame for which the token will be valid. Default is 30 secs'), ); - $form['services_use_sessid'] = array( - '#type' => 'checkbox', - '#title' => t('Use sessid'), - '#default_value' => variable_get('services_use_sessid', TRUE), - '#description' => t('When enabled, all method calls must include a valid sessid. Only disable this setting if the application will user browser-based cookies.') - ); return $form; } @@ -49,13 +37,6 @@ function _services_keyauth_alter_methods(&$methods) { return; } - // sessid arg - $arg_sessid = array( - '#name' => 'sessid', - '#type' => 'string', - '#description' => t('A valid sessid.'), - ); - $arg_domain_time_stamp = array( '#name' => 'domain_time_stamp', '#type' => 'string', @@ -90,70 +71,50 @@ function _services_keyauth_alter_methods(&$methods) { case 'search.content': case 'search.users': $method['#key'] = FALSE; - $method['#auth'] = FALSE; break; default: $method['#key'] = TRUE; - $method['#auth'] = TRUE; - } - - if ($method['#auth'] and variable_get('services_use_sessid', TRUE)) { - array_unshift($method['#args'], $arg_sessid); - } - - if ($method['#key'] and variable_get('services_use_key', TRUE)) { - array_unshift($method['#args'], $arg_nonce); - array_unshift($method['#args'], $arg_domain_time_stamp); - array_unshift($method['#args'], $arg_domain_name); - array_unshift($method['#args'], $arg_api_key); + array_unshift($method['#args'], $arg_nonce); + array_unshift($method['#args'], $arg_domain_time_stamp); + array_unshift($method['#args'], $arg_domain_name); + array_unshift($method['#args'], $arg_api_key); } } } -function _services_keyauth_get_first_key() { - $keys = services_keyauth_get_keys(); - foreach ($keys as $kid => $key) { - return $kid; - } -} - function _services_keyauth_alter_browse_form(&$form, $method) { - //$timestamp = time(); - //$nonce = user_password(); - - foreach ($method['#args'] as $key => $arg) { - switch ($arg['#name']) { - case 'hash': - $form['arg'][$key] = array( - '#title' => 'Hash', - '#type' => 'textfield', - '#value' => t('Gets generated after form submission'), - '#disabled' => TRUE - ); - break; - case 'sessid': - $form['arg'][$key]['#default_value'] = session_id(); - break; - case 'domain_name': - $form['arg'][$key]['#default_value'] = $_SERVER['HTTP_HOST']; - break; - case 'domain_time_stamp': - $form['arg'][$key] = array( - '#title' => 'Timestamp', - '#type' => 'textfield', - '#value' => t('Gets generated after form submission'), - '#disabled' => TRUE - ); - break; - case 'nonce': - $form['arg'][$key]['#default_value'] = user_password(); - break; + if ($method['#key']) { + foreach ($method['#args'] as $key => $arg) { + switch ($arg['#name']) { + case 'hash': + $form['arg'][$key] = array( + '#title' => 'Hash', + '#type' => 'textfield', + '#value' => t('Gets generated after form submission'), + '#disabled' => TRUE + ); + break; + case 'domain_name': + $form['arg'][$key]['#default_value'] = $_SERVER['HTTP_HOST']; + break; + case 'domain_time_stamp': + $form['arg'][$key] = array( + '#title' => 'Timestamp', + '#type' => 'textfield', + '#value' => t('Gets generated after form submission'), + '#disabled' => TRUE + ); + break; + case 'nonce': + $form['arg'][$key]['#default_value'] = user_password(); + break; + } } } } function _services_keyauth_authenticate_call($method, $method_name, &$args) { - if ($method['#key'] and variable_get('services_use_key', TRUE)) { + if ($method['#key']) { $hash = array_shift($args); $domain = array_shift($args); $timestamp = array_shift($args); @@ -188,23 +149,15 @@ function _services_keyauth_authenticate_call($method, $method_name, &$args) { return services_error(t('Access denied.')); } } - - // Add additonal processing for methods requiring session - $session_backup = NULL; - if ($method['#auth'] && variable_get('services_use_sessid', TRUE)) { - $sessid = array_shift($args); - if (empty($sessid)) { - return t('Invalid sessid.'); - } - $session_backup = services_session_load($sessid); - } } function _services_keyauth_alter_browse_form_submit($method, &$args) { - $args_stripped = $args; - for ($i = 1; $i <= 4; $i++) { - array_shift($args_stripped); + if ($method['#key']) { + $args_stripped = $args; + for ($i = 1; $i <= 4; $i++) { + array_shift($args_stripped); + } + $args[2] = time(); + $args[0] = services_get_hash($args[2], $args[1], $args[3], $method, $args_stripped); } - $args[2] = time(); - $args[0] = services_get_hash($args[2], $args[1], $args[3], $method, $args_stripped); } \ No newline at end of file diff --git a/auth/services_keyauth/services_keyauth.module b/auth/services_keyauth/services_keyauth.module index e87c570..0cc7593 100644 --- a/auth/services_keyauth/services_keyauth.module +++ b/auth/services_keyauth/services_keyauth.module @@ -16,7 +16,6 @@ function services_keyauth_cron() { WHERE timestamp < '%s'", $expiry_time); } - /** * Implementation of hook_authentication_info(). * @@ -48,8 +47,7 @@ function services_keyauth_menu() { 'title' => 'Keys', 'description' => 'Manage application access to site services.', 'page callback' => 'services_keyauth_admin_keys_list', - 'access callback' => 'variable_get', - 'access arguments' => array('services_use_key', TRUE), + 'access callback' => 'services_keyauth_access', 'type' => MENU_LOCAL_TASK, 'file' => 'services_keyauth.admin.inc', ); @@ -71,16 +69,14 @@ function services_keyauth_menu() { $items['admin/build/services/keys/list'] = array( 'title' => 'List', 'type' => MENU_DEFAULT_LOCAL_TASK, - 'access callback' => 'variable_get', - 'access arguments' => array('services_use_key', TRUE), + 'access callback' => 'services_keyauth_access', 'weight' => -10, ); $items['admin/build/services/keys/add'] = array( 'title' => 'Create key', 'page callback' => 'drupal_get_form', 'page arguments' => array('services_keyauth_admin_keys_form'), - 'access callback' => 'variable_get', - 'access arguments' => array('services_use_key', TRUE), + 'access callback' => 'services_keyauth_access', 'type' => MENU_LOCAL_TASK, 'file' => 'services_keyauth.admin.inc', ); @@ -88,11 +84,9 @@ function services_keyauth_menu() { return $items; } -/*function services_keyauth_validate_key($kid, $timestamp, $domain, $nonce, $method_name, $hash_parameters, $hash) { - $hash_parameters = array_merge(array($timestamp, $domain, $nonce, $method_name), $hash_parameters); - $rehash = hash_hmac("sha256", implode(';', $hash_parameters), $kid); - return ($rehash == $hash) ? TRUE : FALSE; -}*/ +function services_keyauth_access() { + return variable_get('services_auth_module','') == 'services_keyauth' ? TRUE : FALSE; +} function services_get_hash($timestamp, $domain, $nonce, $method, $args) { $hash_parameters = array($timestamp, $domain, $nonce, $method['#method']); diff --git a/auth/services_sessauth/services_sessauth.inc b/auth/services_sessauth/services_sessauth.inc new file mode 100644 index 0000000..d730e2f --- /dev/null +++ b/auth/services_sessauth/services_sessauth.inc @@ -0,0 +1,59 @@ + 'sessid', + '#type' => 'string', + '#description' => t('A valid sessid.'), + ); + + foreach ($methods as $key => &$method) { + // set method defaults + switch ($method['#method']) { + case 'system.connect': + case 'search.nodes': + case 'search.content': + case 'search.users': + $method['#auth'] = FALSE; + break; + default: + $method['#auth'] = TRUE; + array_unshift($method['#args'], $arg_sessid); + } + } +} + +function _services_sessauth_alter_browse_form(&$form, $method) { + if ($method['#auth']) { + foreach ($method['#args'] as $key => $arg) { + switch ($arg['#name']) { + case 'sessid': + $form['arg'][$key]['#default_value'] = session_id(); + break; + } + } + } +} + +function _services_sessauth_authenticate_call($method, $method_name, &$args) { + // Add additonal processing for methods requiring session + $session_backup = NULL; + if ($method['#auth']) { + $sessid = array_shift($args); + if (empty($sessid)) { + return t('Invalid sessid.'); + } + $session_backup = services_session_load($sessid); + } +} diff --git a/auth/services_sessauth/services_sessauth.info b/auth/services_sessauth/services_sessauth.info new file mode 100644 index 0000000..d57fc7c --- /dev/null +++ b/auth/services_sessauth/services_sessauth.info @@ -0,0 +1,6 @@ +; $Id: $ +name = Session Authentication +description = Provides session authentication for the services module +package = Services - authentication +dependencies[] = services +core = 6.x diff --git a/auth/services_sessauth/services_sessauth.module b/auth/services_sessauth/services_sessauth.module new file mode 100644 index 0000000..afd5d1a --- /dev/null +++ b/auth/services_sessauth/services_sessauth.module @@ -0,0 +1,33 @@ + 'services_sessauth.inc', + '#title' => t('Session authentication'), + '#description' => t('The default session based authentication'), + 'alter_methods' => '_services_sessauth_alter_methods', + 'alter_browse_form' => '_services_sessauth_alter_browse_form', + 'authenticate_call' => '_services_sessauth_authenticate_call', + ); +} + + +function services_sessauth_disable() { + cache_clear_all('services:methods', 'cache'); +} + +function services_sessauth_enable() { + cache_clear_all('services:methods', 'cache'); +} diff --git a/services.module b/services.module index 20dce13..40ac1a7 100644 --- a/services.module +++ b/services.module @@ -247,7 +247,7 @@ function services_auth_invoke($method, &$arg1 = NULL, &$arg2 = NULL, &$arg3 = NU } } else{ - return TRUE; + return FALSE; } } @@ -267,7 +267,7 @@ function services_auth_invoke_custom($module, $method, &$arg1 = NULL, &$arg2 = N } } else{ - return TRUE; + return FALSE; } } diff --git a/services_admin_browse.inc b/services_admin_browse.inc index 827d799..d544b67 100644 --- a/services_admin_browse.inc +++ b/services_admin_browse.inc @@ -344,7 +344,7 @@ function _services_ahah_security_options() { $settings = services_auth_invoke_custom($_POST['auth_module'], 'security_settings'); } - if ($settings) { + if (is_array($settings)) { $cached_form['security']['options']['settings'] = $settings; } else {