Author: chabotc
Date: Sun Jul 20 01:33:35 2008
New Revision: 678259
URL: http://svn.apache.org/viewvc?rev=678259&view=rev
Log:
The SecurityToken now has an isAnonymous() function to indicate if it's
anonymous or not. Using one of the token fields (viewer, owner, etc) on an
anonymous token will throw an exception
Modified:
incubator/shindig/trunk/php/src/common/SecurityToken.php
incubator/shindig/trunk/php/src/common/samplecontainer/BasicSecurityToken.php
incubator/shindig/trunk/php/src/social-api/dataservice/DataRequestHandler.php
incubator/shindig/trunk/php/src/social-api/http/RestServlet.php
incubator/shindig/trunk/php/src/social-api/samplecontainer/BasicPeopleService.php
Modified: incubator/shindig/trunk/php/src/common/SecurityToken.php
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/common/SecurityToken.php?rev=678259&r1=678258&r2=678259&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/common/SecurityToken.php (original)
+++ incubator/shindig/trunk/php/src/common/SecurityToken.php Sun Jul 20
01:33:35 2008
@@ -24,47 +24,53 @@
*/
abstract class SecurityToken {
- //FIXME Hmm seems php is refusing to let me make abstract static functions?
odd
- static public function createFromToken($token, $maxage) {}
- static public function createFromValues($owner, $viewer, $app, $domain,
$appUrl, $moduleId) {}
-
-
- /**
- * Serializes the token into a string. This can be the exact same as
- * toString; using a different name here is only to force interface
- * compliance.
- *
- * @return A string representation of the token.
- */
- abstract public function toSerialForm();
-
- /**
- * @return the owner from the token, or null if there is none.
- */
- abstract public function getOwnerId();
-
- /**
- * @return the viewer from the token, or null if there is none.
- */
- abstract public function getViewerId();
-
- /**
- * @return the application id from the token, or null if there is none.
- */
- abstract public function getAppId();
-
- /**
- * @return the domain from the token, or null if there is none.
- */
- abstract public function getDomain();
-
- /**
- * @return the URL of the application
- */
- abstract public function getAppUrl();
-
- /**
- * @return the module ID of the application
- */
- abstract public function getModuleId();
+ static public function createFromToken($token, $maxage) {}
+
+ static public function createFromValues($owner, $viewer, $app, $domain,
$appUrl, $moduleId) {}
+
+ /**
+ * is this an anonymous token? Always check this before using the
owner/viewer/etc
+ *
+ * @return boolean if it's anonymous
+ */
+ abstract public function isAnonymous();
+
+ /**
+ * Serializes the token into a string. This can be the exact same as
+ * toString; using a different name here is only to force interface
+ * compliance.
+ *
+ * @return A string representation of the token.
+ */
+ abstract public function toSerialForm();
+
+ /**
+ * @return the owner from the token, or null if there is none.
+ */
+ abstract public function getOwnerId();
+
+ /**
+ * @return the viewer from the token, or null if there is none.
+ */
+ abstract public function getViewerId();
+
+ /**
+ * @return the application id from the token, or null if there is none.
+ */
+ abstract public function getAppId();
+
+ /**
+ * @return the domain from the token, or null if there is none.
+ */
+ abstract public function getDomain();
+
+ /**
+ * @return the URL of the application
+ */
+ abstract public function getAppUrl();
+
+ /**
+ * @return the module ID of the application
+ */
+ abstract public function getModuleId();
}
Modified:
incubator/shindig/trunk/php/src/common/samplecontainer/BasicSecurityToken.php
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/common/samplecontainer/BasicSecurityToken.php?rev=678259&r1=678258&r2=678259&view=diff
==============================================================================
---
incubator/shindig/trunk/php/src/common/samplecontainer/BasicSecurityToken.php
(original)
+++
incubator/shindig/trunk/php/src/common/samplecontainer/BasicSecurityToken.php
Sun Jul 20 01:33:35 2008
@@ -89,12 +89,20 @@
$this->token = $this->crypter->wrap($this->tokenData);
}
}
+
+ public function isAnonymous()
+ {
+ return ($this->tokenData[$this->OWNER_KEY] === 0 &&
$this->tokenData[$this->VIEWER_KEY] === 0);
+ }
/**
* [EMAIL PROTECTED]
*/
public function getAppId()
{
+ if ($this->isAnonymous()) {
+ throw new Exception("Can't get appId from an anonymous
token");
+ }
return $this->tokenData[$this->APP_KEY];
}
@@ -103,6 +111,9 @@
*/
public function getDomain()
{
+ if ($this->isAnonymous()) {
+ throw new Exception("Can't get domain from an anonymous
token");
+ }
return $this->tokenData[$this->DOMAIN_KEY];
}
@@ -111,6 +122,9 @@
*/
public function getOwnerId()
{
+ if ($this->isAnonymous()) {
+ throw new Exception("Can't get ownerId from an
anonymous token");
+ }
return $this->tokenData[$this->OWNER_KEY];
}
@@ -119,6 +133,9 @@
*/
public function getViewerId()
{
+ if ($this->isAnonymous()) {
+ throw new Exception("Can't get viewerId from an
anonymous token");
+ }
return $this->tokenData[$this->VIEWER_KEY];
}
@@ -127,6 +144,9 @@
*/
public function getAppUrl()
{
+ if ($this->isAnonymous()) {
+ throw new Exception("Can't get appUrl from an anonymous
token");
+ }
return $this->tokenData[$this->APPURL_KEY];
}
@@ -135,6 +155,9 @@
*/
public function getModuleId()
{
+ if ($this->isAnonymous()) {
+ throw new Exception("Can't get moduleId from an
anonymous token");
+ }
return intval($this->tokenData[$this->MODULE_KEY]);
}
}
Modified:
incubator/shindig/trunk/php/src/social-api/dataservice/DataRequestHandler.php
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/social-api/dataservice/DataRequestHandler.php?rev=678259&r1=678258&r2=678259&view=diff
==============================================================================
---
incubator/shindig/trunk/php/src/social-api/dataservice/DataRequestHandler.php
(original)
+++
incubator/shindig/trunk/php/src/social-api/dataservice/DataRequestHandler.php
Sun Jul 20 01:33:35 2008
@@ -22,10 +22,8 @@
public function handleMethod(RestRequestItem $requestItem)
{
$token = $requestItem->getToken();
- $owner = $token->getOwnerId();
- $viewer = $token->getViewerId();
$method = $requestItem->getMethod();
- if ($owner === 0 && $viewer === 0 && $method != 'GET') {
+ if ($token->isAnonymous() && $method != 'GET') {
// Anonymous requests are only allowed to GET data (not
create/edit/delete)
$response = new ResponseItem(BAD_REQUEST, "[$method]
not allowed for anonymous users", null);
} elseif ($method == 'GET') {
Modified: incubator/shindig/trunk/php/src/social-api/http/RestServlet.php
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/social-api/http/RestServlet.php?rev=678259&r1=678258&r2=678259&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/social-api/http/RestServlet.php (original)
+++ incubator/shindig/trunk/php/src/social-api/http/RestServlet.php Sun Jul 20
01:33:35 2008
@@ -128,10 +128,10 @@
} catch (Exception $e) {
header("HTTP/1.0 500 Internal Server Error");
echo "<html><body><h1>500 Internal Server Error</h1>";
+ echo "Message: ".$e->getMessage()."<br />\n";
if (Config::get('debug')) {
- echo "Message: ".$e->getMessage()."<br />\n";
echo "<pre>\n";
- print_r(debug_backtrace());
+ print_r($e);
echo "\n</pre>";
}
echo "</body></html>";
@@ -301,6 +301,9 @@
private function decodeRequests($requestParam, $requestType, $format =
'json')
{
+ if (empty($requestParam)) {
+ return null;
+ }
switch ($format) {
case 'json':
$inputConverter = new InputJsonConverter();
Modified:
incubator/shindig/trunk/php/src/social-api/samplecontainer/BasicPeopleService.php
URL:
http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/social-api/samplecontainer/BasicPeopleService.php?rev=678259&r1=678258&r2=678259&view=diff
==============================================================================
---
incubator/shindig/trunk/php/src/social-api/samplecontainer/BasicPeopleService.php
(original)
+++
incubator/shindig/trunk/php/src/social-api/samplecontainer/BasicPeopleService.php
Sun Jul 20 01:33:35 2008
@@ -58,7 +58,7 @@
break;
}
$allPeople = XmlStateFileFetcher::get()->getAllPeople();
- if ($filter == "hasApp") {
+ if (!$token->isAnonymous() && $filter == "hasApp") {
$appId = $token->getAppId();
$peopleWithApp =
XmlStateFileFetcher::get()->getPeopleWithApp($appId);
}
@@ -70,10 +70,10 @@
$person = null;
if (is_array($allPeople) && isset($allPeople[$id])) {
$person = $allPeople[$id];
- if ($id == $token->getViewerId()) {
+ if (!$token->isAnonymous() && $id ==
$token->getViewerId()) {
$person->setIsViewer(true);
}
- if ($id == $token->getOwnerId()) {
+ if (!$token->isAnonymous() && $id ==
$token->getOwnerId()) {
$person->setIsOwner(true);
}
if (is_array($profileDetails) &&
count($profileDetails) && !in_array('all', $profileDetails)) {
