/application/src/Application/Model/Authentication/Innovative.php

https://github.com/dswalker/xerxes · PHP · 211 lines · 99 code · 53 blank · 59 comment · 10 complexity · f8b78871f9d10194398d70797796084f MD5 · raw file 

    

  1. <?php

    2. 

  2. 

    3. 

  3. /*

    4. 

  4.  * This file is part of Xerxes.

    5. 

  5.  *

    6. 

  6.  * (c) California State University <library@calstate.edu>

    7. 

  7.  *

    8. 

  8.  * For the full copyright and license information, please view the LICENSE

    9. 

  9.  * file that was distributed with this source code.

    10. 

  10.  */

    11. 

  11. 

    12. 

  12. namespace Application\Model\Authentication;

    13. 

  13. 

    14. 

  14. use Xerxes\Mvc\Exception\AccessDeniedException;

    15. 

  15. use Xerxes\Utility\Factory;

    16. 

  16. use Xerxes\Mvc\Request;

    17. 

  17. 

    18. 

  18. /**

    19. 

  19.  * Authenticates users and downloads data from the Innovative Patron API

    20. 

  20.  * 

    21. 

  21.  * Based on the functions originally developed by John Blyberg

    22. 

  22.  * 

    23. 

  23.  * @author David Walker <dwalker@calstate.edu>

    24. 

  24.  */

    25. 

  25. 

    26. 

  26. class Innovative extends Scheme 

    27. 

  27. {

    28. 

  28. 	protected $server;

    29. 

  29. 	protected $user_data;

    30. 

  30. 	

    31. 

  31. 	/*

    32. 

  32. 	 * Create new Innovative authentication

    33. 

  33. 	 */

    34. 

  34. 	

    35. 

  35. 	public function __construct(Request $request)

    36. 

  36. 	{

    37. 

  37. 		parent::__construct($request);

    38. 

  38. 		

    39. 

  39. 		$this->server = $this->registry->getConfig( "INNOVATIVE_PATRON_API", true );

    40. 

  40. 		$this->server = rtrim($this->server, '/');

    41. 

  41. 	}

    42. 

  42. 	

    43. 

  43. 	/**

    44. 

  44. 	 * Authenticate the user against the III Patron API

    45. 

  45. 	 */

    46. 

  46. 	

    47. 

  47. 	public function onCallBack()

    48. 

  48. 	{

    49. 

  49. 		$strUsername = $this->request->getParam( "username" );	// barcode

    50. 

  50. 		$strPassword = $this->request->getParam( "password" );	// pin

    51. 

  51. 		

    52. 

  52. 		$bolAuth = $this->authenticate( $strUsername, $strPassword );

    53. 

  53. 		

    54. 

  54. 		$this->user_data = $this->getUserData($strUsername);

    55. 

  55. 

    56. 

  56. 		// print_r($this->user_data); exit;

    57. 

  57. 		

    58. 

  58. 		if ( $bolAuth == true )

    59. 

  59. 		{

    60. 

  60. 			// make sure user is in the list of approved patron types

    61. 

  61. 		

    62. 

  62. 			$configPatronTypes = $this->registry->getConfig( "INNOVATIVE_PATRON_TYPES", false );

    63. 

  63. 			

    64. 

  64. 			if ( $configPatronTypes != null )

    65. 

  65. 			{

    66. 

  66. 				$arrTypes = explode(",", $configPatronTypes);

    67. 

  67. 				

    68. 

  68. 				// make them all integers for consitency

    69. 

  69. 				

    70. 

  70. 				for ( $x = 0; $x < count($arrTypes); $x++ )

    71. 

  71. 				{

    72. 

  72. 					$arrTypes[$x] = (int) $arrTypes[$x];

    73. 

  73. 				}

    74. 

  74. 

    75. 

  75. 				if ( ! in_array( (int) $this->user_data["P TYPE"], $arrTypes) )

    76. 

  76. 				{

    77. 

  77. 					throw new AccessDeniedException("User is not authorized to use this service");

    78. 

  78. 				}

    79. 

  79. 			}

    80. 

  80. 			

    81. 

  81. 			// register the user and stop the flow

    82. 

  82. 			

    83. 

  83. 			$this->user->username = $strUsername;

    84. 

  84. 			

    85. 

  85. 			$this->mapUserData();

    86. 

  86. 			

    87. 

  87. 			return $this->register();

    88. 

  88. 		}

    89. 

  89. 		else

    90. 

  90. 		{

    91. 

  91. 			return self::FAILED;

    92. 

  92. 		}

    93. 

  93. 	}

    94. 

  94. 	

    95. 

  95. 	/**

    96. 

  96. 	 * Innovative_Local class defines this

    97. 

  97. 	 */

    98. 

  98. 	

    99. 

  99. 	protected function mapUserData()

    100. 

  100. 	{

    101. 

  101. 		

    102. 

  102. 	}

    103. 

  103. 	

    104. 

  104. 	

    105. 

  105. 	/**

    106. 

  106. 	* Returns patron data from the API as array

    107. 

  107. 	*

    108. 

  108. 	* @param string $id 		barcode

    109. 

  109. 	* @return array 			data returned by the api as associative array

    110. 

  110. 	* @exception 				throws exception when iii patron api reports error

    111. 

  111. 	*/

    112. 

  112. 	

    113. 

  113. 	protected function getUserData( $id )

    114. 

  114. 	{

    115. 

  115. 		// normalize the barcode

    116. 

  116. 		

    117. 

  117. 		$id = str_replace(" ", "", $id);

    118. 

  118. 		

    119. 

  119. 		// fetch data from the api

    120. 

  120. 		

    121. 

  121. 		$url = $this->server . "/PATRONAPI/$id/dump";

    122. 

  122. 		$arrData = $this->getContent($url);

    123. 

  123. 		

    124. 

  124. 		// if something went wrong

    125. 

  125. 		

    126. 

  126. 		if ( array_key_exists("ERRMSG", $arrData ) )

    127. 

  127. 		{

    128. 

  128. 			throw new \Exception($arrData["ERRMSG"]);	

    129. 

  129. 		}

    130. 

  130. 

    131. 

  131. 		return $arrData;

    132. 

  132. 	}

    133. 

  133. 

    134. 

  134. 	/**

    135. 

  135. 	* Checks tha validity of a barcode / pin combo, essentially a login test

    136. 

  136. 	*

    137. 

  137. 	* @param string $id 	barcode

    138. 

  138. 	* @param string $pin 	the pin to use with $id

    139. 

  139. 	* @return bool			true if valid, false if not

    140. 

  140. 	*/

    141. 

  141. 	

    142. 

  142. 	protected function authenticate ( $id, $pin )

    143. 

  143. 	{

    144. 

  144. 		// normalize the barcode and pin

    145. 

  145. 		

    146. 

  146. 		$id = str_replace(" ", "", $id);

    147. 

  147. 		$pin = str_replace(" ", "", $pin);

    148. 

  148. 		

    149. 

  149. 		// fetch data from the api

    150. 

  150. 

    151. 

  151. 		$pin = urlencode($pin);

    152. 

  152. 		$url = $this->server . "/PATRONAPI/$id/$pin/pintest";

    153. 

  153. 		$arrData = $this->getContent($url);

    154. 

  154. 		

    155. 

  155. 		// check pin test for error message, indicating

    156. 

  156. 		// failure

    157. 

  157. 		

    158. 

  158. 		if ( array_key_exists("ERRMSG", $arrData ) )

    159. 

  159. 		{

    160. 

  160. 			return false;

    161. 

  161. 		}

    162. 

  162. 		else

    163. 

  163. 		{

    164. 

  164. 			return true;

    165. 

  165. 		}

    166. 

  166. 	}

    167. 

  167. 	

    168. 

  168. 	/**

    169. 

  169. 	* Fetches and normalize the API data

    170. 

  170. 	*

    171. 

  171. 	* @param string $url 	url of patron dump or pint test

    172. 

  172. 	* @return array			patron data

    173. 

  173. 	*/

    174. 

  174. 	

    175. 

  175. 	private function getContent( $url )

    176. 

  176. 	{

    177. 

  177. 		$arrRawData = array();

    178. 

  178. 		$arrData = array();

    179. 

  179. 		

    180. 

  180. 		// get the data and strip out html tags

    181. 

  181. 		

    182. 

  182. 		$client = Factory::getHttpClient();

    183. 

  183. 		

    184. 

  184. 		$strResponse = $client->getUrl($url);

    185. 

  185. 		$strResponse = trim(strip_tags($strResponse));

    186. 

  186. 		

    187. 

  187. 		if ( $strResponse == "" )

    188. 

  188. 		{

    189. 

  189. 			throw new \Exception("Could not connect to Innovative Patron API");			

    190. 

  190. 		}

    191. 

  191. 		else

    192. 

  192. 		{

    193. 

  193. 			// cycle thru each line in the response, splitting each

    194. 

  194. 			// on the equal sign into an associative array

    195. 

  195. 			

    196. 

  196. 			$arrRawData = explode("\n", $strResponse);

    197. 

  197. 			

    198. 

  198. 			foreach ($arrRawData as $strLine)

    199. 

  199. 			{

    200. 

  200. 				$arrLine = explode("=", $strLine);

    201. 

  201. 				

    202. 

  202. 				// strip out the code, leaving just the attribute name

    203. 

  203. 				

    204. 

  204. 				$arrLine[0] = preg_replace('/\[[^\]]{1,}\]/', "", $arrLine[0]);

    205. 

  205. 				$arrData[trim($arrLine[0])] = trim( $arrLine[1] );

    206. 

  206. 			}

    207. 

  207. 		}

    208. 

  208. 		

    209. 

  209. 		return $arrData;

    210. 

  210. 	}

    211. 

  211. }
    212.