Kilian/PHP-Course
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Reauth endpoint

Browse Source
This commit is contained in:
Kilian Hofmann
2024-07-28 22:37:12 +02:00
parent 7723dd0722
commit 9828ee762a
9 changed files with 201 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files
exam/api/Login/Login.php
+1 -1
View File
@@ -33,7 +33,7 @@ class Login extends Api
case "NotFound":
throw ApiError::notFound("user");
case "Invalid":
throw ApiError::unauthorized("Invalid username or password");
throw ApiError::notAllowed("Invalid username or password");
default:
throw $err;
}
exam/api/Posts/Posts.php
+1 -1
View File
@@ -60,7 +60,7 @@ class Posts extends Api
$post = Post::getByID($id);
// Throw 400 if we aren't admin but trying to edit another users post.
if (!$self->getIsAdmin() && $post->getUser()->getID() !== $self->getID()) throw ApiError::unauthorized("Not allowed");
if (!$self->getIsAdmin() && $post->getUser()->getID() !== $self->getID()) throw ApiError::notAllowed("Not allowed");
// Try update.
Response::json($post->update($content));
exam/api/Refresh/Refresh.php
+38
View File
@@ -0,0 +1,38 @@
<?php
namespace Api\Refresh;
use Exception;
use Khofmann\Api\Api;
use Khofmann\ApiError\ApiError;
use Khofmann\Input\Input;
use Khofmann\Response\Response;
use Khofmann\Models\User\User;
use Khofmann\Request\Request;
class Refresh extends Api
{
public function post(): void
{
// Fetch all required inputs.
// Throw 400 error if a required one is missing.
$token = Request::token();
$refreshToken = Input::post("refreshToken");
if (empty($refreshToken)) throw ApiError::missingField(["refreshToken"]);
// Try and log in user.
// Throw errors according to situation.
try {
Response::json(User::refresh($token, $refreshToken));
} catch (Exception $err) {
switch ($err->getMessage()) {
case "Failed":
throw ApiError::failed("Refresh failed");
case "NotFound":
throw ApiError::unauthorized("Not authorized");
default:
throw $err;
}
}
}
}
exam/api/docs/api.yaml
+51 -2
View File
@@ -310,6 +310,45 @@ paths:
value: { "code": "NotFound", "entity": "post" }
tags:
- Post
/refresh:
post:
summary: Refresh
description: Token refresh.
security:
- BasicAuth: []
requestBody:
required: true
content:
application/json:
schema:
$ref: "#/components/schemas/RefreshRequest"
responses:
200:
description: Success.
content:
application/json:
schema:
$ref: "#/components/schemas/LoginResponse"
400:
description: Missing fields.
content:
application/json:
schema:
$ref: "#/components/schemas/MissingFieldResponse"
examples:
Missing fields:
value: { "code": "MissingField", "fields": ["refreshToken"] }
500:
description: Failed.
content:
application/json:
schema:
$ref: "#/components/schemas/FailedResponse"
examples:
Failed:
value: { "code": "Failed", "message": "Refresh failed" }
tags:
- Refresh
/register:
post:
summary: Register
@@ -678,8 +717,7 @@ components:
UnauthorizedResponse:
type: object
properties:
code:
type: Unauthorized
code: type:NotAllowed
message:
type: string
FailedResponse:
@@ -731,6 +769,8 @@ components:
$ref: "#/components/schemas/UserResponse"
token:
type: string
refreshToken:
type: string
UserResponse:
type: object
properties:
@@ -855,6 +895,14 @@ components:
properties:
content:
type: string
RefreshRequest:
type: object
required:
- refreshToken
properties:
refreshToken:
type: string
format: uuid4
securitySchemes:
BasicAuth:
type: apiKey
@@ -864,4 +912,5 @@ tags:
- name: Login/Logout
- name: Post
- name: Register
- name: Refresh
- name: User
exam/api/docs/index.html
+18 -10
View File
File diff suppressed because one or more lines are too long