/**
* @param ServerRequestInterface $request PSR7 Request.
* @param ResponseInterface $response PSR7 Response.
* @return ResponseInterface
*/
public function run(RequestInterface $request, ResponseInterface $response)
{
$widgetType = $request->getParam('widget_type');
$widgetOptions = $request->getParam('widget_options');
if (!$widgetType) {
$this->setSuccess(false);
return $response->withStatus(400);
}
try {
$widget = $this->widgetFactory->create($widgetType);
$widget->setView($this->widgetView);
if (is_array($widgetOptions)) {
$widget->setData($widgetOptions);
}
$widgetHtml = $widget->renderTemplate($widgetType);
$widgetId = $widget->widgetId();
$this->setWidgetHtml($widgetHtml);
$this->setWidgetId($widgetId);
$this->setSuccess(true);
return $response;
} catch (Exception $e) {
$this->addFeedback('error', sprintf('An error occured reloading the widget: "%s"', $e->getMessage()));
$this->addFeedback('error', $e->getMessage());
$this->setSuccess(false);
return $response->withStatus(500);
}
}
/**
* @param RequestInterface $request A PSR-7 compatible Request instance.
* @param ResponseInterface $response A PSR-7 compatible Response instance.
* @return ResponseInterface
*/
public function run(RequestInterface $request, ResponseInterface $response)
{
try {
$objType = $request->getParam('obj_type');
$objId = $request->getParam('obj_id');
if (!$objType) {
$this->setSuccess(false);
return $response->withStatus(404);
}
if (!$objId) {
$this->setSuccess(false);
return $response->withStatus(404);
}
$this->logger->debug(sprintf('Admin Deleting object "%s" ID %s', $objType, $objId));
$obj = $this->modelFactory()->create($objType);
$obj->load($objId);
if (!$obj->id()) {
$this->setSuccess(false);
return $response->withStatus(404);
}
$res = $obj->delete();
if ($res) {
$this->setSuccess(true);
return $response;
}
} catch (Exception $e) {
$this->setSuccess(false);
return $response->withStatus(500);
}
}
/**
* Note that the lost-password action should never change status code and always return 200.
*
* @param RequestInterface $request A PSR-7 compatible Request instance.
* @param ResponseInterface $response A PSR-7 compatible Response instance.
* @return ResponseInterface
* @todo This should be done via an Authenticator object.
*/
public function run(RequestInterface $request, ResponseInterface $response)
{
$username = $request->getParam('username');
if (!$username) {
$this->addFeedback('error', 'Missing username.');
$this->setSuccess(false);
return $response->withStatus(404);
}
$recaptchaValue = $request->getParam('g-recaptcha-response');
if (!$recaptchaValue) {
$this->addFeedback('error', 'Missing captcha.');
$this->setSuccess(false);
return $response->withStatus(404);
}
if (!$this->validateCaptcha($recaptchaValue)) {
$this->addFeedback('error', 'Invalid captcha.');
$this->setSuccess(false);
return $response->withStatus(404);
}
$user = $this->loadUser($username);
if (!$user) {
// Fail silently.
$this->logger->error('Lost password request: can not find user in database.');
return $response;
}
$token = $this->generateLostPasswordToken($user);
$this->sendLostPasswordEmail($user, $token);
return $response;
}
/**
* @param RequestInterface $request A PSR-7 compatible Request instance.
* @param ResponseInterface $response A PSR-7 compatible Response instance.
* @return ResponseInterface
*/
public function run(RequestInterface $request, ResponseInterface $response)
{
$objType = $request->getParam('obj_type');
$objIds = $request->getParam('obj_ids');
if (!$objType || !$objIds) {
$this->setSuccess(false);
return $response->withStatus(404);
}
try {
$this->objects = [];
foreach ($objIds as $objId) {
$obj = $this->modelFactory()->create($objType);
$obj->load($objId);
if (!$obj->id()) {
continue;
}
$o = [];
$o['id'] = $obj->id();
$objForm = $this->widgetFactory()->create(ObjectForm::class);
$objForm->set_objType($objType);
$objForm->set_objId($objId);
$formProperties = $objForm->formProperties();
foreach ($formProperties as $propertyIdent => $property) {
if (!$property instanceof FormProperty) {
continue;
}
$p = $obj->p($propertyIdent);
$property->setPropertyVal($p->val());
$property->setProp($p);
$inputType = $property->inputType();
$o['inlineProperties'][$propertyIdent] = $property->renderTemplate($inputType);
}
$this->objects[] = $o;
}
$this->setSuccess(true);
return $response;
} catch (Exception $e) {
$this->setSuccess(false);
return $response->withStatus(404);
}
}
/**
* @param RequestInterface $request A PSR-7 compatible Request instance.
* @param ResponseInterface $response A PSR-7 compatible Response instance.
* @return ResponseInterface
*/
public function run(RequestInterface $request, ResponseInterface $response)
{
$objType = $request->getParam('obj_type');
$objOrders = $request->getParam('obj_orders');
$startingOrder = (int) $request->getParam('start_order');
if (!$objType) {
$this->setSuccess(false);
$this->addFeedback('error', 'obj_type required');
return $response->withStatus(404);
}
$this->setObjType($objType);
if (!$objOrders || !is_array($objOrders)) {
$this->setSuccess(false);
$this->addFeedback('error', 'obj_orders required / must be an array');
return $response->withStatus(404);
}
try {
$proto = $this->obj();
$pos = $startingOrder;
foreach ($objOrders as $orderId) {
$q = '
update
`' . $proto->source()->table() . '`
set
`position` = :position
where
`' . $proto->key() . '` = :id';
$proto->source()->dbQuery($q, ['id' => $orderId, 'position' => $pos]);
$pos++;
}
$this->setSuccess(true);
return $response;
} catch (Exception $e) {
$this->addFeedback('error', sprintf('An error occured loading the object: "%s"', $e->getMessage()));
$this->addFeedback('error', $e->getMessage());
$this->setSuccess(false);
return $response->withStatus(500);
}
}
/**
* @param RequestInterface $request The request options.
* @param ResponseInterface $response The response to return.
* @return ResponseInterface
* @throws UnexpectedValueException If "obj_id" is passed as $request option.
* @todo Implement obj_id support for load object action
*/
public function run(RequestInterface $request, ResponseInterface $response)
{
$objType = $request->getParam('obj_type');
$objId = $request->getParam('obj_id');
if ($objId) {
throw new UnexpectedValueException('An error occured loading the object: obj_id is not yet supported in LoadAction');
}
if (!$objType) {
$this->setSuccess(false);
$this->addFeedback('error', 'obj_type required');
return $response->withStatus(404);
}
try {
$this->setObjType($objType);
$this->objCollection = $this->loadObjectCollection($objType);
$this->setSuccess(true);
return $response;
} catch (Exception $e) {
$this->addFeedback('error', sprintf('An error occured loading the object: "%s"', $e->getMessage()));
$this->addFeedback('error', $e->getMessage());
$this->setSuccess(false);
return $response->withStatus(500);
}
}
/**
* @param RequestInterface $request The PSR-7 HTTP request.
* @return boolean
*/
public function init(RequestInterface $request)
{
// Undocumented Slim3 feature: The route attributes are stored in routeInfo[2].
$routeInfo = $request->getAttribute('routeInfo');
if (isset($routeInfo[2]['token'])) {
$this->lostPasswordToken = $routeInfo[2]['token'];
} else {
$this->lostPasswordToken = $request->getParam('token');
}
if ($this->lostPasswordToken) {
if (!$this->validateToken($this->lostPasswordToken)) {
$this->lostPasswordToken = false;
$this->addFeedback('warning', 'Invalid or expired token.');
}
}
return true;
}
/**
* Note that the lost-password action should never change status code and always return 200.
*
* @param RequestInterface $request A PSR-7 compatible Request instance.
* @param ResponseInterface $response A PSR-7 compatible Response instance.
* @return ResponseInterface
* @todo This should be done via an Authenticator object.
*/
public function run(RequestInterface $request, ResponseInterface $response)
{
$token = $request->getParam('token');
$username = $request->getParam('username');
$password = $request->getParam('password');
$passwordConfirm = $request->getParam('password_confirm');
if (!$token) {
$this->addFeedback('error', 'Missing token.');
$this->setSuccess(false);
return $response->withStatus(404);
}
if (!$username) {
$this->addFeedback('error', 'Missing username.');
$this->setSuccess(false);
return $response->withStatus(404);
}
if (!$password) {
$this->addFeedback('error', 'Missing password');
$this->setSuccess(false);
return $response->withStatus(404);
}
if ($password != $passwordConfirm) {
$this->addFeedback('error', 'Passwords do not match');
$this->setSuccess(false);
return $response->withStatus(404);
}
$recaptchaValue = $request->getParam('g-recaptcha-response');
if (!$recaptchaValue) {
$this->addFeedback('error', 'Missing captcha.');
$this->setSuccess(false);
return $response->withStatus(404);
}
if (!$this->validateCaptcha($recaptchaValue)) {
$this->addFeedback('error', 'Invalid captcha.');
$this->setSuccess(false);
return $response->withStatus(404);
}
$user = $this->loadUser($username);
if (!$user) {
$this->addFeedback('error', 'Invalid user.');
$this->setSuccess(false);
return $response->withStatus(404);
}
if (!$this->validateToken($token, $user->id())) {
$this->addFeedback('error', 'Invalid or expired token.');
$this->setSuccess(false);
return $response->withStatus(404);
}
try {
$user->resetPassword($password);
$this->addFeedback('success', 'Invalid or expired token.');
$this->setSuccess(true);
$this->deleteToken($token);
return $response;
} catch (Exception $e) {
$this->logger->error('Error resetting password: '******'error', 'Error resetting password.');
return $response->withStatus(404);
}
return $response;
}
/**
* Check the current url for oauth paths
*
* @param RequestInterface $request PSR7 request object
* @param ResponseInterface $response PSR7 response object
*
* @return ResponseInterface|false PSR7 response object
*/
private function checkForOAuthPaths(RequestInterface $request, ResponseInterface $response)
{
$path = $request->getUri()->getPath();
if (!is_string($path)) {
return false;
}
// this matches the request to authenticate for an oauth provider
if (1 === preg_match($this->getAuthRouteRegex(), $path, $matches)) {
// validate we have an allowed oAuthServiceType
if (!in_array($matches['oAuthServiceType'], $this->oAuthProviders)) {
throw new Exception("Unknown oAuthServiceType");
}
// validate the return url
parse_str($_SERVER['QUERY_STRING'], $query);
if (!array_key_exists('return', $query) || filter_var($query['return'], FILTER_VALIDATE_URL) === false) {
throw new Exception("Invalid return url");
}
$_SESSION['oauth_return_url'] = $query['return'];
$url = $this->oAuthFactory->getOrCreateByType($matches['oAuthServiceType'])->getAuthorizationUri();
return $response->withStatus(302)->withHeader('Location', $url);
} elseif (1 === preg_match($this->getCallbackRouteRegex(), $path, $matches)) {
// this matches the request to post-authentication for an oauth provider
if (!in_array($matches['oAuthServiceType'], $this->oAuthProviders)) {
throw new Exception("Unknown oAuthServiceType");
}
$service = $this->oAuthFactory->getOrCreateByType($matches['oAuthServiceType']);
// turn our code into a token that's stored internally
$service->requestAccessToken($request->getParam('code'));
// validates and creates the user entry in the db if not already exists
$user = $this->userService->createUser($service);
// set our token in the header and then redirect to the client's chosen url
return $response->withStatus(200)->withHeader('Authorization', 'token ' . $user->token)->withHeader('Location', $_SESSION['oauth_return_url']);
}
return false;
}
/**
* @param RequestInterface $request The request.
* @param User $u The user.
* @return void
*/
public function setRememberCookie(RequestInterface $request, User $u)
{
$remember = $request->getParam('remember-me');
if (!$remember) {
return;
}
$authToken = $this->modelFactory()->create('charcoal/admin/object/auth-token');
$authToken->generate($u->username());
$authToken->sendCookie();
$authToken->save();
}