From 93431e9a981faff99c5b2365868981ec43c75e57 Mon Sep 17 00:00:00 2001
From: Mike Koch <mkoch227@gmail.com>
Date: Sat, 21 Jan 2017 16:34:03 -0500
Subject: [PATCH] Build the user context based on hashed token

---
 .../security/UserContextBuilder.php           |  8 +++--
 api/dao/UserDao.php                           | 34 +++++++++++++++++++
 2 files changed, 39 insertions(+), 3 deletions(-)
 create mode 100644 api/dao/UserDao.php

diff --git a/api/businesslogic/security/UserContextBuilder.php b/api/businesslogic/security/UserContextBuilder.php
index 2ec6c954..a6d22645 100644
--- a/api/businesslogic/security/UserContextBuilder.php
+++ b/api/businesslogic/security/UserContextBuilder.php
@@ -3,10 +3,12 @@
 namespace BusinessLogic\Security;
 
 
+use DataAccess\Security\UserDao;
+
 class UserContextBuilder {
     static function buildUserContext($authToken, $hesk_settings) {
-        //$userForToken = gateway.getUserForToken($authToken);
-
+        $hashedToken = hash('sha512', $authToken);
+        return UserDao::getUserForAuthToken($hashedToken, $hesk_settings);
     }
 
     /**
@@ -14,7 +16,7 @@ class UserContextBuilder {
      * @param $dataRow array the $_SESSION superglobal or the hesk_users result set
      * @return UserContext the built user context
      */
-    static function fromSession($dataRow) {
+    static function fromDataRow($dataRow) {
         require_once(__DIR__ . '/UserContext.php');
         require_once(__DIR__ . '/UserContextPreferences.php');
         require_once(__DIR__ . '/UserContextNotifications.php');
diff --git a/api/dao/UserDao.php b/api/dao/UserDao.php
new file mode 100644
index 00000000..a2e14c77
--- /dev/null
+++ b/api/dao/UserDao.php
@@ -0,0 +1,34 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: user
+ * Date: 1/21/17
+ * Time: 4:23 PM
+ */
+
+namespace DataAccess\Security;
+
+
+use BusinessLogic\Security\UserContextBuilder;
+use Exception;
+
+class UserDao {
+    static function getUserForAuthToken($hashedToken, $hesk_settings) {
+        require_once(__DIR__ . '/../businesslogic/security/UserContextBuilder.php');
+
+        if (!function_exists('hesk_dbConnect')) {
+            throw new Exception('Database not loaded!');
+        }
+        hesk_dbConnect();
+
+        $rs = hesk_dbQuery('SELECT * FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'users` WHERE `id` = (
+                SELECT ``
+                FROM `' . hesk_dbEscape($hesk_settings['db_pfix']) . 'user_api_tokens`
+                WHERE `token` = ' . hesk_dbEscape($hashedToken) . '
+            )');
+
+        $row = hesk_dbFetchAssoc($rs);
+
+        return UserContextBuilder::fromDataRow($row);
+    }
+}
\ No newline at end of file