diff --git a/src/Authenticators/TokenAuthenticator.php b/src/Authenticators/TokenAuthenticator.php index 1d4873b..fea397e 100644 --- a/src/Authenticators/TokenAuthenticator.php +++ b/src/Authenticators/TokenAuthenticator.php @@ -11,6 +11,7 @@ use SilverStripe\Core\Config\Config; use SilverStripe\Core\Convert; use SilverStripe\ORM\DataObject; +use SilverStripe\Security\IdentityStore; use SilverStripe\Security\Member; use SilverStripe\Security\MemberAuthenticator\LostPasswordHandler; use SilverStripe\Security\MemberAuthenticator\MemberAuthenticator; @@ -422,10 +423,12 @@ private function validateAPIToken($token, $request) } //all good, log Member in if (is_a($tokenOwner, Member::class)) { - # $tokenOwner->logIn(); # this is a login without the logging - Config::inst()->set(Member::class, 'session_regenerate_id', true); - $request->getSession()->set("loggedInAs", $tokenOwner->ID); + Config::nest(); + Config::modify()->set(Member::class, 'session_regenerate_id', true); + $identityStore = Injector::inst()->get(IdentityStore::class); + $identityStore->logIn($tokenOwner, false, $request); + Config::unnest(); } return true; diff --git a/src/RESTfulAPI.php b/src/RESTfulAPI.php index e146c4d..21713ea 100644 --- a/src/RESTfulAPI.php +++ b/src/RESTfulAPI.php @@ -2,11 +2,17 @@ namespace Colymba\RESTfulAPI; -use Colymba\RESTfulAPI\RESTfulAPIError; +use Colymba\RESTfulAPI\Authenticators\Authenticator; +use Colymba\RESTfulAPI\PermissionManagers\PermissionManager; +use Colymba\RESTfulAPI\QueryHandlers\QueryHandler; +use Colymba\RESTfulAPI\Serializers\Serializer; use SilverStripe\Control\HTTPRequest; use SilverStripe\Control\HTTPResponse; use SilverStripe\Core\Config\Config; use SilverStripe\Control\Controller; +use SilverStripe\ORM\DataObject; +use SilverStripe\Security\Member; + /** * SilverStripe 3 RESTful API * @@ -232,7 +238,8 @@ public function init() * get response from API Authenticator * then passes it on to $answer() * - * @param HTTPRequest $request HTTP request + * @param HTTPRequest $request HTTP request + * @return HTTPResponse */ public function auth(HTTPRequest $request) { @@ -269,7 +276,8 @@ public function auth(HTTPRequest $request) * get response from API PermissionManager * then passes it on to $answer() * - * @param HTTPRequest $request HTTP request + * @param HTTPRequest $request HTTP request + * @return HTTPResponse */ public function acl(HTTPRequest $request) { @@ -307,7 +315,7 @@ public function acl(HTTPRequest $request) * * @todo move authentication check to another methode * - * @param SS_HTTPRequest $request HTTP request + * @param HTTPRequest $request HTTP request * @return string json object of the models found */ public function index(HTTPRequest $request) @@ -350,8 +358,9 @@ public function index(HTTPRequest $request) * Output the API response to client * then exit. * - * @param string $json Response body - * @param boolean $corsPreflight Set to true if this is a XHR preflight request answer. CORS shoud be enabled. + * @param string $json Response body + * @param boolean $corsPreflight Set to true if this is a XHR preflight request answer. CORS shoud be enabled. + * @return HTTPResponse */ public function answer($json = null, $corsPreflight = false) { @@ -378,6 +387,7 @@ public function answer($json = null, $corsPreflight = false) * then exit. * * @param RESTfulAPIError $error Error object to return + * @return HTTPResponse */ public function error(RESTfulAPIError $error) { @@ -402,6 +412,7 @@ public function error(RESTfulAPIError $error) * to an HTTPResponse * * @param HTTPResponse $answer The updated response if CORS are neabled + * @return HTTPResponse */ private function setAnswerCORS(HTTPResponse $answer) {