Beispiel #1
0
 /**
  *  Initiate RequestToken request operation
  *
  * @return void
  */
 public function execute()
 {
     try {
         $requestUrl = $this->_helper->getRequestUrl($this->getRequest());
         $request = $this->_helper->prepareRequest($this->getRequest(), $requestUrl);
         // Request request token
         $response = $this->_oauthService->getRequestToken($request, $requestUrl, $this->getRequest()->getMethod());
     } catch (\Exception $exception) {
         $response = $this->_helper->prepareErrorResponse($exception, $this->getResponse());
     }
     $this->getResponse()->setBody(http_build_query($response));
 }
Beispiel #2
0
 /**
  * {@inheritdoc}
  */
 public function getUserId()
 {
     if ($this->integrationId) {
         return $this->integrationId;
     }
     $oauthRequest = $this->oauthHelper->prepareRequest($this->request);
     //If its not a valid Oauth request no further processing is needed
     if (empty($oauthRequest)) {
         return null;
     }
     $consumerId = $this->oauthService->validateAccessTokenRequest($oauthRequest, $this->oauthHelper->getRequestUrl($this->request), $this->request->getMethod());
     $integration = $this->integrationService->findActiveIntegrationByConsumerId($consumerId);
     return $this->integrationId = $integration->getId() ? (int) $integration->getId() : null;
 }
Beispiel #3
0
 /**
  * Initiate AccessToken request operation
  *
  * @return void
  */
 public function execute()
 {
     try {
         $requestUrl = $this->_helper->getRequestUrl($this->getRequest());
         $request = $this->_helper->prepareRequest($this->getRequest(), $requestUrl);
         // Request access token in exchange of a pre-authorized token
         $response = $this->_oauthService->getAccessToken($request, $requestUrl, $this->getRequest()->getMethod());
         //After sending the access token, update the integration status to active;
         $consumer = $this->_intOauthService->loadConsumerByKey($request['oauth_consumer_key']);
         $this->_integrationService->findByConsumerId($consumer->getId())->setStatus(IntegrationModel::STATUS_ACTIVE)->save();
     } catch (\Exception $exception) {
         $response = $this->_helper->prepareErrorResponse($exception, $this->getResponse());
     }
     $this->getResponse()->setBody(http_build_query($response));
 }
Beispiel #4
0
 /**
  * Perform authentication and authorization.
  *
  * Authentication can be based on active customer/guest session or it can be based on OAuth headers.
  *
  * @throws \Magento\Framework\Exception\AuthorizationException
  * @return void
  */
 protected function _checkPermissions()
 {
     /**
      * All mobile clients are expected to pass session cookie along with the request which will allow
      * to start session automatically. User ID and user type are initialized when session is created
      * during login call.
      */
     $userId = $this->session->getUserId();
     $userType = $this->session->getUserType();
     $userIdentifier = null;
     $consumerId = null;
     if ($userType) {
         /** @var \Magento\Authz\Model\UserIdentifier $userIdentifier */
         $userIdentifier = $this->_objectManager->create('Magento\\Authz\\Model\\UserIdentifier', ['userType' => $userType, 'userId' => $userId]);
     } else {
         $oauthRequest = $this->_oauthHelper->prepareRequest($this->_request);
         $consumerId = $this->_oauthService->validateAccessTokenRequest($oauthRequest, $this->_oauthHelper->getRequestUrl($this->_request), $this->_request->getMethod());
         $this->_request->setConsumerId($consumerId);
     }
     $route = $this->_getCurrentRoute();
     if (!$this->_authorizationService->isAllowed($route->getAclResources(), $userIdentifier)) {
         $params = ['resources' => implode(', ', $route->getAclResources())];
         throw new AuthorizationException(AuthorizationException::NOT_AUTHORIZED, $params);
     }
 }
 /**
  * Test the basic Request action.
  */
 public function testRequestAction()
 {
     $this->request->expects($this->any())->method('getMethod')->willReturn('GET');
     $this->helperMock->expects($this->once())->method('getRequestUrl');
     $this->helperMock->expects($this->once())->method('prepareRequest');
     $this->frameworkOauthSvcMock->expects($this->once())->method('getRequestToken')->willReturn(['response']);
     $this->response->expects($this->once())->method('setBody');
     $this->requestAction->execute();
 }
Beispiel #6
0
 public function testAuthorizationFailed()
 {
     $this->_authorizationMock->expects($this->once())->method('isAllowed')->will($this->returnValue(false));
     $this->_oauthServiceMock->expects($this->any())->method('validateAccessTokenRequest')->will($this->returnValue('fred'));
     $this->_routeMock->expects($this->any())->method('getAclResources')->will($this->returnValue(['5', '6']));
     $this->_restController->dispatch($this->_requestMock);
     /** Ensure that response contains proper error message. */
     $expectedMsg = 'Consumer is not authorized to access 5, 6';
     AuthorizationException::NOT_AUTHORIZED;
     $this->assertTrue($this->_responseMock->isException());
     $exceptionArray = $this->_responseMock->getException();
     $this->assertEquals($expectedMsg, $exceptionArray[0]->getMessage());
 }
Beispiel #7
0
 /**
  * Test the basic Access action.
  */
 public function testAccessAction()
 {
     $this->request->expects($this->any())->method('getMethod')->willReturn('GET');
     $this->helperMock->expects($this->once())->method('getRequestUrl');
     $this->helperMock->expects($this->once())->method('prepareRequest');
     $this->frameworkOauthSvcMock->expects($this->once())->method('getAccessToken')->willReturn(['response']);
     /** @var \Magento\Integration\Model\Oauth\Consumer|\PHPUnit_Framework_MockObject_MockObject */
     $consumerMock = $this->getMock('Magento\\Integration\\Model\\Oauth\\Consumer', [], [], '', false);
     $consumerMock->expects($this->once())->method('getId');
     $this->intOauthServiceMock->expects($this->once())->method('loadConsumerByKey')->willReturn($consumerMock);
     /** @var \Magento\Integration\Model\Integration|\PHPUnit_Framework_MockObject_MockObject */
     $integrationMock = $this->getMock('Magento\\Integration\\Model\\Integration', [], [], '', false);
     $integrationMock->expects($this->once())->method('save')->willReturnSelf();
     $this->integrationServiceMock->expects($this->once())->method('findByConsumerId')->willReturn($integrationMock);
     $this->response->expects($this->once())->method('setBody');
     $this->accessAction->executeInternal();
 }
Beispiel #8
0
 /**
  * Dispatch SOAP request.
  *
  * @param \Magento\Framework\App\RequestInterface $request
  * @return \Magento\Framework\App\ResponseInterface
  */
 public function dispatch(\Magento\Framework\App\RequestInterface $request)
 {
     $path = $this->_pathProcessor->process($request->getPathInfo());
     $this->_request->setPathInfo($path);
     $this->areaList->getArea($this->_appState->getAreaCode())->load(\Magento\Framework\App\Area::PART_TRANSLATE);
     try {
         if (!$this->_appState->isInstalled()) {
             throw new WebapiException(__('Magento is not yet installed'));
         }
         if ($this->_isWsdlRequest()) {
             $responseBody = $this->_wsdlGenerator->generate($this->_request->getRequestedServices(), $this->_soapServer->generateUri());
             $this->_setResponseContentType(self::CONTENT_TYPE_WSDL_REQUEST);
             $this->_setResponseBody($responseBody);
         } else {
             $consumerId = $this->_oauthService->validateAccessToken($this->_getAccessToken());
             $this->_request->setConsumerId($consumerId);
             $this->_soapServer->handle();
         }
     } catch (\Exception $e) {
         $this->_prepareErrorResponse($e);
     }
     return $this->_response;
 }