FLOW3 API Token

ApiKeyToken.php

<?php
declare(ENCODING = 'utf-8');
namespace Networkteam\MyProject\Security\Authentication\Token;

/*                                                                        *
 * This script belongs to the FLOW3 package "MyProject".                 *
 *                                                                        *
 * @copyright Copyright 2011, networkteam GmbH                            *
 *                                                                        */

/**
 * API key authentication token
 *
 * An authentication token used for API key authentication. Will accept credentials
 * either from HTTP headers (with <code>Api-Identifier</code> and <code>Api-Key</code>)
 * or from SOAP headers (with <code>apiIdentifier</code> and <code>apiKey</code>).
 *
 * @scope prototype
 */
class ApiKeyToken extends \TYPO3\FLOW3\Security\Authentication\Token\UsernamePassword {

	/**
	 * The API key credential
	 *
	 * @var array
	 * @transient
	 */
	protected $credentials = array('apiIdentifier' => '', 'apiKey' => '');

	/**
	 * Updates the API key credential from the request header.
	 * Sets the authentication status to REAUTHENTICATION_NEEDED,
	 * if credential has been sent.
	 *
	 * This token will accept HTTP headers and SOAP headers.
	 *
	 * @param \TYPO3\FLOW3\MVC\RequestInterface $request The current request instance
	 * @return void
	 * @author Christopher Hlubek <[email protected]>
	 */
	public function updateCredentials(\TYPO3\FLOW3\MVC\RequestInterface $request) {
		$headers = $this->environment->getRequestHeaders();
		if (isset($headers['Api-Identifier']) && isset($headers['Api-Key'])) {
			$this->credentials['apiIdentifier'] = $headers['Api-Identifier'];
			$this->credentials['apiKey'] = $headers['Api-Key'];
			$this->setAuthenticationStatus(self::AUTHENTICATION_NEEDED);
		}
		if ($request instanceof \TYPO3\Soap\Request) {
			$soapHeaders = $request->getSoapHeaders();
			if (isset($soapHeaders['apiIdentifier']) && isset($soapHeaders['apiKey'])) {
				$this->credentials['apiIdentifier'] = $soapHeaders['apiIdentifier'];
				$this->credentials['apiKey'] = $soapHeaders['apiKey'];
				$this->setAuthenticationStatus(self::AUTHENTICATION_NEEDED);
			}
		}
	}

	/**
	 * Returns a string representation of the token for logging purposes.
	 *
	 * @return string The Api-Identifier credential
	 * @author Christopher Hlubek <[email protected]>
	 */
	public function  __toString() {
		return 'Api-Identifier: "' . $this->credentials['apiIdentifier'] . '"';
	}

}
?>

PersistedApiKeyProvider.php

<?php
declare(ENCODING = 'utf-8');
namespace Networkteam\MyProject\Security\Authentication\Provider;

/*                                                                        *
 * This script belongs to the FLOW3 package "MyProject".                 *
 *                                                                        *
 * @copyright Copyright 2011, networkteam GmbH                            *
 *                                                                        */

/**
 * An authentication provider that authenticates
 * Networkteam\MyProject\Security\Authentication\Token\ApiKeyToken tokens.
 *
 * @scope prototype
 */
class PersistedApiKeyProvider extends \TYPO3\FLOW3\Security\Authentication\Provider\PersistedUsernamePasswordProvider {

	/**
	 * Returns the classnames of the tokens this provider is responsible for.
	 *
	 * @return string The classname of the token this provider is responsible for
	 * @author Christopher Hlubek <[email protected]>
	 */
	public function getTokenClassNames() {
		return array('Networkteam\MyProject\Security\Authentication\Token\ApiKeyToken');
	}

	/**
	 * Sets isAuthenticated to TRUE for all tokens.
	 *
	 * @param TYPO3\FLOW3\Security\Authentication\TokenInterface $authenticationToken The token to be authenticated
	 * @return void
	 * @author Andreas Förthner <[email protected]>
	 * @author Christopher Hlubek <[email protected]>
	 */
	public function authenticate(\TYPO3\FLOW3\Security\Authentication\TokenInterface $authenticationToken) {
		if (!($authenticationToken instanceof \Networkteam\MyProject\Security\Authentication\Token\ApiKeyToken)) {
			throw new \TYPO3\FLOW3\Security\Exception\UnsupportedAuthenticationTokenException('This provider cannot authenticate the given token.', 1217339840);
		}

		$account = NULL;
		$credentials = $authenticationToken->getCredentials();

		if (is_array($credentials) && isset($credentials['apiIdentifier'])) {
			$account = $this->accountRepository->findByAccountIdentifierAndAuthenticationProviderName($credentials['apiIdentifier'], $this->name);
		}

		if (is_object($account)) {
			if ($this->hashService->validatePassword($credentials['apiKey'], $account->getCredentialsSource())) {
				$authenticationToken->setAuthenticationStatus(\TYPO3\FLOW3\Security\Authentication\TokenInterface::AUTHENTICATION_SUCCESSFUL);
				$authenticationToken->setAccount($account);
			} else {
				$authenticationToken->setAuthenticationStatus(\TYPO3\FLOW3\Security\Authentication\TokenInterface::WRONG_CREDENTIALS);
			}
		} elseif ($authenticationToken->getAuthenticationStatus() !== \TYPO3\FLOW3\Security\Authentication\TokenInterface::AUTHENTICATION_SUCCESSFUL) {
			$authenticationToken->setAuthenticationStatus(\TYPO3\FLOW3\Security\Authentication\TokenInterface::NO_CREDENTIALS_GIVEN);
		}
	}
}
?>

Settings.yaml

TYPO3:
  FLOW3:
    security:
      authentication:
        authenticationStrategy: atLeastOneToken
        providers:
          ApiKeyProvider:
            providerClass: Networkteam\MyProject\Security\Authentication\Provider\PersistedApiKeyProvider
          ...