public function __invoke(Request $request, Application $app) { /** @var EventDispatcherInterface $dispatcher */ $dispatcher = $app['dispatcher']; $context = new Context(Context::CONTEXT_OAUTH2_TOKEN); $dispatcher->dispatch(PhraseaEvents::PRE_AUTHENTICATE, new PreAuthenticate($request, $context)); $dispatcher->dispatch(PhraseaEvents::API_OAUTH2_START, new ApiOAuth2StartEvent()); /** @var \API_OAuth2_Adapter $oauth2 */ $oauth2 = $app['oauth2-server']; if (false === $this->verifyAccessToken($oauth2)) { $dispatcher->dispatch(PhraseaEvents::API_OAUTH2_END, new ApiOAuth2EndEvent()); return null; } $token = $app['token']; if (!$token instanceof ApiOauthToken) { throw new NotFoundHttpException('Provided token is not valid.'); } $this->getSession($app)->set('token', $token); $oAuth2Account = $token->getAccount(); $oAuth2App = $oAuth2Account->getApplication(); /** @var PropertyAccess $conf */ $conf = $app['conf']; if ($oAuth2App->getClientId() == \API_OAuth2_Application_Navigator::CLIENT_ID && !$conf->get(['registry', 'api-clients', 'navigator-enabled'])) { return Result::createError($request, 403, 'The use of Phraseanet Navigator is not allowed')->createResponse(); } if ($oAuth2App->getClientId() == \API_OAuth2_Application_OfficePlugin::CLIENT_ID && !$conf->get(['registry', 'api-clients', 'office-enabled'])) { return Result::createError($request, 403, 'The use of Office Plugin is not allowed.')->createResponse(); } $authentication = $this->getAuthenticator($app); if ($authentication->isAuthenticated()) { $dispatcher->dispatch(PhraseaEvents::API_OAUTH2_END, new ApiOAuth2EndEvent()); $this->registerClosingAccountCallback($dispatcher, $app); return null; } $authentication->openAccount($oAuth2Account->getUser()); $oauth2->rememberSession($app['session']); $dispatcher->dispatch(PhraseaEvents::API_OAUTH2_END, new ApiOAuth2EndEvent()); $this->registerClosingAccountCallback($dispatcher, $app); return null; }
public function onSilexError(GetResponseForExceptionEvent $event) { $headers = []; $e = $event->getException(); if ($e instanceof MethodNotAllowedHttpException) { $code = 405; } elseif ($e instanceof BadRequestHttpException) { $code = 400; } elseif ($e instanceof AccessDeniedHttpException) { $code = 403; } elseif ($e instanceof UnauthorizedHttpException) { $code = 401; } elseif ($e instanceof NotFoundHttpException) { $code = 404; } elseif ($e instanceof HttpExceptionInterface) { if (503 === $e->getStatusCode()) { $code = \API_V1_result::ERROR_MAINTENANCE; } else { if (406 === $e->getStatusCode()) { $code = \API_V1_result::ERROR_UNACCEPTABLE; } else { $code = 500; } } } else { $code = 500; } if ($e instanceof HttpExceptionInterface) { $headers = $e->getHeaders(); } $response = Result::createError($event->getRequest(), $code, $e->getMessage())->createResponse(); $response->headers->set('X-Status-Code', $response->getStatusCode()); foreach ($headers as $key => $value) { $response->headers->set($key, $value); } $event->setResponse($response); }
public function onSilexError(GetResponseForExceptionEvent $event) { $headers = []; $e = $event->getException(); if ($e instanceof MethodNotAllowedHttpException) { $code = 405; } elseif ($e instanceof BadRequestHttpException) { $code = 400; } elseif ($e instanceof AccessDeniedHttpException) { $code = 403; } elseif ($e instanceof UnauthorizedHttpException) { $code = 401; } elseif ($e instanceof NotFoundHttpException) { $code = 404; } elseif ($e instanceof HttpExceptionInterface) { if (in_array($e->getStatusCode(), [400, 401, 403, 404, 405, 406, 503])) { $code = $e->getStatusCode(); } else { $code = 500; } } else { $code = 500; } if ($code == 500) { $this->logger->error($e->getMessage(), ['code' => $e->getCode(), 'trace' => $e->getTrace()]); } if ($e instanceof HttpExceptionInterface) { $headers = $e->getHeaders(); } $response = Result::createError($event->getRequest(), $code, $e->getMessage())->createResponse(); $response->headers->set('X-Status-Code', $response->getStatusCode()); foreach ($headers as $key => $value) { $response->headers->set($key, $value); } $event->setResponse($response); }
public function testCreateError() { $apiResult = Result::createError(new Request(), 400, 'detaillage'); $this->assertErrorMessage($apiResult, 400, Result::ERROR_BAD_REQUEST, 'Parameter is invalid or missing', 'detaillage'); $apiResult = Result::createError(new Request(), 401, 'detaillage'); $this->assertErrorMessage($apiResult, 401, Result::ERROR_UNAUTHORIZED, 'The OAuth token was provided but was invalid.', 'detaillage'); $apiResult = Result::createError(new Request(), 403, 'detaillage'); $this->assertErrorMessage($apiResult, 403, Result::ERROR_FORBIDDEN, 'Access to the requested resource is forbidden', 'detaillage'); $apiResult = Result::createError(new Request(), 404, 'detaillage'); $this->assertErrorMessage($apiResult, 404, Result::ERROR_NOTFOUND, 'Requested resource is not found', 'detaillage'); $apiResult = Result::createError(new Request(), 405, 'detaillage'); $this->assertErrorMessage($apiResult, 405, Result::ERROR_METHODNOTALLOWED, 'Attempting to use POST with a GET-only endpoint, or vice-versa', 'detaillage'); $apiResult = Result::createError(new Request(), 500, 'detaillage'); $this->assertErrorMessage($apiResult, 500, Result::ERROR_INTERNALSERVERERROR, 'Internal Server Error', 'detaillage'); }
public function ensureCanMoveRecord(Request $request, Application $app) { $user = $app['session']->get('token')->getAccount()->getUser(); $record = $app['phraseanet.appbox']->get_databox($request->attributes->get('databox_id'))->get_record($request->attributes->get('record_id')); if (!$app['acl']->get($user)->has_right('addrecord') && !$app['acl']->get($user)->has_right('deleterecord') || !$app['acl']->get($user)->has_right_on_base($record->get_base_id(), 'candeleterecord')) { return Result::createError($request, 401, 'You are not authorized')->createResponse(); } }
public function ensureCanMoveRecord(Request $request) { $user = $this->getApiAuthenticatedUser(); $record = $this->findDataboxById($request->attributes->get('databox_id'))->get_record($request->attributes->get('record_id')); // TODO: Check comparison. seems to be a mismatch if (!$this->getAclForUser($user)->has_right('addrecord') && !$this->getAclForUser($user)->has_right('deleterecord') || !$this->getAclForUser($user)->has_right_on_base($record->getBaseId(), 'candeleterecord')) { return Result::createError($request, 401, 'You are not authorized')->createResponse(); } return null; }