taffy authentication using a key

Question

using this code for taffy authentication

<cfscript>
    function onTaffyRequest(verb, cfc, requestArguments, mimeExt, headers, methodMetadata, matchedURI) {
        local.status = {Status:'Forbidden'};
        local.invalidReturnData = representationOf( local.status ).withStatus(401);

        //get basic auth data, if any, and pass it into the resources
        local.credentials = getBasicAuthCredentials();
        var validateResult = validate(credentials.username, credentials.password);

        arguments.requestArguments.username = local.credentials.username;
        arguments.requestArguments.password = local.credentials.password;

        /* CATCH NO BASIC auth*/            

        if ( methodMetadata.keyExists("allow_public") && methodMetadata.allow_public == true ){
            return true;
        }
        //if username is blank return false
        else if (arguments.requestArguments.username is ""){
            return local.invalidReturnData;
        }

        //check invalid password
        else if(arguments.requestArguments.password is ""){
            return local.invalidReturnData;
        }

        else if (structKeyExists(arguments.requestArguments, "refuse") and arguments.requestArguments.refuse)
        {
            return noData().withStatus(405);
        }

        else if ( validateResult == false ) {
            return noData().withStatus(401, "Not Authorized");
        }
        else{
            return true;
        }
    }
</cfscript>
<cffunction name="validate">
    <cfargument name="username" required="true" default="">
    <cfargument name="password" required="true" default="">
    <cfquery name="local.myQuery" datasource="dsn">
        SELECT username,password FROM auth 
        WHERE username = <cfqueryparam cfsqltype="cf_sql_varchar" value="#arguments.username#"> 
        AND password = <cfqueryparam cfsqltype="cf_sql_varchar" value="#arguments.password#"> 
        AND status = 1
    </cfquery>
    <cfif local.myQuery.recordcount>
        <cfreturn true>
    <cfelse>
        <cfreturn false>
    </cfif>
</cffunction>

here it works where with every call, i have to provide username/password but i want to change it like using as key, and one user can have multiple keys and if username/password do not exists, one method i want is to pass username/password and email which will generate a new signup and a key can anyone guide

also needs to pass the auth using headers

Answer 1

It looks like you are trying to do something like this.

Build the token at an end point

resources/login.cfc

 ...
var loginToken = createUUID();

User[1].setLoginToken(loginToken)
    .setTokenCreateDate(now());
EntitySave(User[1]);

return rep({
    'message' : {
        'type' : 'success', 
        'content' : '<b>Success:</b> You have logged in.'
        },
    'time' : GetHttpTimeString(now()),
    'data' : loginToken
    });
 ...

At token gets returned here. It is up to the client application to keep the token and to return it with subsequent requests

Application.cfc

function onTaffyRequest(verb, cfc, requestArguments, mimeExt, headers, methodMetaData, matchedURI)  {
    ...
   // lesser user identification happens here

    ...

    var Login = EntityLoad("Users", { loginToken : listrest(arguments.headers.authorization, " ") }, true);

    if (isNull(Login))  {
        return rep({
            'message' : {'type'     : 'error', 'content' : '<b>Error:</b> You must provide a authorization that is valid.' },
            'time'  : GetHttpTimeString(now())
            }).withStatus(401);
    }

Source code: https://github.com/jmohler1970/Taffy_withUI

Disclaimer the link is to code I have written