Authenticate using Taffy on APIkey level

Skip to first unread message


Sep 22, 2019, 6:23:39 PM9/22/19
to Taffy Users

using this code for taffy authentication

function onTaffyRequest(verb, cfc, requestArguments, mimeExt, headers, methodMetadata, matchedURI) {
            local.status = {Status:'Forbidden'};
            local.invalidReturnData = representationOf( local.status ).withStatus(401);

            //get basic auth data, if any, and pass it into the resources
            local.credentials = getBasicAuthCredentials();
            var validateResult = validate(credentials.username, credentials.password);

            arguments.requestArguments.username = local.credentials.username;
            arguments.requestArguments.password = local.credentials.password;

            /* CATCH NO BASIC auth*/            

            if ( methodMetadata.keyExists("allow_public") && methodMetadata.allow_public == true ){
                return true;
            //if username is blank return false
            else if (arguments.requestArguments.username is ""){
                return local.invalidReturnData;

            //check invalid password
            else if(arguments.requestArguments.password is ""){
                return local.invalidReturnData;

            else if (structKeyExists(arguments.requestArguments, "refuse") and arguments.requestArguments.refuse)
                return noData().withStatus(405);

            else if ( validateResult == false ) {
                return noData().withStatus(401, "Not Authorized");
                return true;
    <cffunction name="validate">
        <cfargument name="username" required="true" default="">
        <cfargument name="password" required="true" default="">
        <cfquery name="local.myQuery" datasource="dsn">
            SELECT username,password FROM auth 
            WHERE username = <cfqueryparam cfsqltype="cf_sql_varchar" value="#arguments.username#"> 
            AND password = <cfqueryparam cfsqltype="cf_sql_varchar" value="#arguments.password#"> 
            AND status = 1
        <cfif local.myQuery.recordcount>
            <cfreturn true>
            <cfreturn false>

here it works where with every call, i have to provide username/password but i want to change it like using as key, and one user can have multiple keys and if username/password do not exists, one method i want is to pass username/password and email which will generate a new signup and a key can anyone guide

also needs to pass the auth using headers

My Goal here is to authenticate the user aganst a key stored in the table for every single user

how should i proceed this 

want to keep username/password as a secondary login, if they use username/password, it will create a new user and then add a key to their account and only one method which is named as getyourkey will support the username/password 

all other methods i want the apikey to be the authentication and every user will have its own key. 

what steps i am missing here 

Reply all
Reply to author
0 new messages