Beispiel #1
0
 protected function run2($stage)
 {
     $hasone = false;
     //Selects only those users who do not have any key yet
     $rs = $this->db->Execute("\n            SELECT u.id FROM `account_users` u\n            LEFT JOIN `account_user_apikeys` k ON k.user_id = u.id\n            WHERE k.user_id IS NULL\n        ");
     while ($rec = $rs->FetchRow()) {
         if (!$hasone) {
             $this->console->out("Initializing API keys for all users who do not have one...");
             $hasone = true;
         }
         try {
             $apiKey = new ApiKeyEntity($rec['id']);
             $apiKey->save();
         } catch (\Exception $e) {
             continue;
         }
     }
 }
Beispiel #2
0
 /**
  * Authentication middleware
  */
 public function authenticationMiddleware()
 {
     $bDebug = $this->request->headers('x-scalr-debug', 0) == 1;
     //If API is not enabled
     if (!$this->getContainer()->config('scalr.system.api.enabled')) {
         $this->halt(403, 'API is not enabled. See scalr.system.api.enabled');
     }
     //Authentication
     $keyId = $this->request->headers('x-scalr-key-id');
     $signature = $this->request->headers('x-scalr-signature');
     //ISO-8601 formatted date
     $date = trim(preg_replace('/\\s+/', '', $this->request->headers('x-scalr-date')));
     if (empty($keyId) || empty($signature)) {
         throw new ApiErrorException(401, ErrorMessage::ERR_BAD_AUTHENTICATION, 'Unsigned request');
     } elseif (empty($date) || ($time = strtotime($date)) === false) {
         throw new ApiErrorException(400, ErrorMessage::ERR_BAD_REQUEST, 'Missing or invalid X-Scalr-Date header');
     }
     $sigparts = explode(' ', $signature, 2);
     if (empty($sigparts) || !in_array($sigparts[0], ['V1-HMAC-SHA256'])) {
         throw new ApiErrorException(401, ErrorMessage::ERR_BAD_AUTHENTICATION, 'Invalid signature');
     }
     $this->apiKey = ApiKeyEntity::findPk($keyId);
     if (!$this->apiKey instanceof ApiKeyEntity || !$this->apiKey->active) {
         throw new ApiErrorException(401, ErrorMessage::ERR_BAD_AUTHENTICATION, 'Invalid API Key');
     }
     if (abs(time() - $time) > 300) {
         throw new ApiErrorException(401, ErrorMessage::ERR_BAD_AUTHENTICATION, 'Request is expired.' . ($bDebug ? ' Now is ' . gmdate('Y-m-d\\TH:i:s\\Z') : ''));
     }
     $now = new \DateTime('now');
     if (empty($this->apiKey->lastUsed) || $now->getTimestamp() - $this->apiKey->lastUsed->getTimestamp() > 10) {
         $this->apiKey->lastUsed = $now;
         $this->apiKey->save();
     }
     $qstr = $this->request->get();
     $canonicalStr = '';
     if (!empty($qstr)) {
         ksort($qstr);
         $canonicalStr = http_build_query($qstr, null, '&', PHP_QUERY_RFC3986);
     }
     $reqBody = $this->request->getBody();
     $stringToSign = $this->request->getMethod() . "\n" . $date . "\n" . $this->request->getPath() . "\n" . $canonicalStr . "\n" . (empty($reqBody) ? '' : $reqBody);
     if ($bDebug) {
         $this->meta->stringToSign = $stringToSign;
     }
     switch ($sigparts[0]) {
         default:
             throw new ApiErrorException(401, ErrorMessage::ERR_BAD_AUTHENTICATION, 'Invalid signature method. Please use "V1-HMAC-SHA256 [SIGNATURE]"');
             break;
         case 'V1-HMAC-SHA256':
             $algo = strtolower(substr($sigparts[0], 8));
     }
     $sig = base64_encode(hash_hmac($algo, $stringToSign, $this->apiKey->secretKey, 1));
     if ($sig !== $sigparts[1]) {
         throw new ApiErrorException(401, ErrorMessage::ERR_BAD_AUTHENTICATION, 'Signature does not match');
     }
     $user = Entity\Account\User::findPk($this->apiKey->userId);
     /* @var $user Entity\Account\User */
     if (!$user instanceof Entity\Account\User) {
         throw new ApiErrorException(401, ErrorMessage::ERR_BAD_AUTHENTICATION, 'User does not exist');
     }
     if ($user->status != Entity\Account\User::STATUS_ACTIVE) {
         throw new ApiErrorException(403, ErrorMessage::ERR_PERMISSION_VIOLATION, 'Inactive user status');
     }
     if (\Scalr::config('scalr.auth_mode') == 'ldap') {
         try {
             $ldap = \Scalr::getContainer()->ldap($user->getLdapUsername(), null);
             if (!$ldap->isValidUsername()) {
                 if ($bDebug && $ldap->getConfig()->debug) {
                     $this->meta->ldapDebug = $ldap->getLog();
                 }
                 throw new ApiErrorException(401, ErrorMessage::ERR_BAD_AUTHENTICATION, 'User does not exist');
             }
             $user->applyLdapGroups($ldap->getUserGroups());
         } catch (LdapException $e) {
             if ($bDebug && $ldap instanceof LdapClient && $ldap->getConfig()->debug) {
                 $this->meta->ldapDebug = $ldap->getLog();
             }
             throw new \RuntimeException($e->getMessage());
         }
     }
     $this->limiter->checkAccountRateLimit($this->apiKey->keyId);
     //Validates API version
     if ($this->settings[ApiApplication::SETTING_API_VERSION] != 1) {
         throw new ApiErrorException(400, ErrorMessage::ERR_BAD_REQUEST, 'Invalid API version');
     }
     if ($this->request->getBody() !== '' && strtolower($this->request->getMediaType()) !== 'application/json') {
         throw new ApiErrorException(400, ErrorMessage::ERR_BAD_REQUEST, 'Invalid Content-Type');
     }
     $this->setUser($user);
     $container = $this->getContainer();
     //Releases auditloger to ensure it will be updated
     $container->release('auditlogger');
     //Adjusts metadata to invoke audit loger
     $container->setShared('auditlogger.metadata', function ($cont) use($user) {
         return (object) ['user' => $user, 'envId' => null, 'remoteAddr' => $this->request->getIp(), 'ruid' => null, 'requestType' => AuditLogger::REQUEST_TYPE_API, 'systemTask' => null];
     });
 }
Beispiel #3
0
 /**
  * Add test environment, test Acl, setups test user, environment and API key
  */
 public static function setUpBeforeClass()
 {
     if (!Scalr::getContainer()->config->defined('scalr.phpunit.apiv2')) {
         static::markTestIncomplete('phpunit apiv2 configurations is invalid');
     }
     if (Scalr::getContainer()->config->defined('scalr.phpunit.apiv2.params.max_results')) {
         static::$maxResults = Scalr::config('scalr.phpunit.apiv2.params.max_results');
     }
     static::$testUserId = Scalr::config('scalr.phpunit.apiv2.userid');
     static::$user = User::findPk(static::$testUserId);
     static::$testUserType = static::$user->type;
     static::$testEnvId = Scalr::config('scalr.phpunit.apiv2.envid');
     static::$env = Environment::findPk(static::$testEnvId);
     if (empty(static::$user) || empty(static::$env)) {
         static::markTestIncomplete('Either test environment or user is invalid.');
     }
     $apiKeyName = static::getTestName();
     $apiKeyEntity = ApiKeyEntity::findOne([['name' => $apiKeyName], ['userId' => static::$testUserId]]);
     if (empty($apiKeyEntity)) {
         $apiKeyEntity = new ApiKeyEntity(static::$testUserId);
         $apiKeyEntity->name = $apiKeyName;
         $apiKeyEntity->save();
     }
     static::$apiKeyEntity = $apiKeyEntity;
     static::$defaultAcl = Scalr::getContainer()->acl;
     static::$data = [static::$testEnvId => []];
     if (empty(static::$fullAccessAcl)) {
         static::$fullAccessAcl = new ApiTestAcl();
         static::$fullAccessAcl->setDb(Scalr::getContainer()->adodb);
         static::$fullAccessAcl->createTestAccountRole(static::$user->getAccountId(), static::getTestName(ApiFixture::ACL_FULL_ACCESS), ApiTestAcl::ROLE_ID_FULL_ACCESS);
         static::$fullAccessAcl->aclType = ApiFixture::ACL_FULL_ACCESS;
     }
     if (empty(static::$readOnlyAccessAcl)) {
         static::$readOnlyAccessAcl = new ApiTestAcl();
         static::$readOnlyAccessAcl->setDb(Scalr::getContainer()->adodb);
         static::$readOnlyAccessAcl->createTestAccountRole(static::$user->getAccountId(), static::getTestName(ApiFixture::ACL_READ_ONLY_ACCESS), ApiTestAcl::ROLE_ID_READ_ONLY_ACCESS);
         static::$readOnlyAccessAcl->aclType = ApiFixture::ACL_READ_ONLY_ACCESS;
     }
 }
Beispiel #4
0
 public function xGenerateApiKeyAction()
 {
     if ($this->user->isAdmin() || !\Scalr::config('scalr.system.api.enabled')) {
         throw new Scalr_Exception_InsufficientPermissions();
     }
     $apiKeyEntity = new ApiKeyEntity($this->user->getId());
     $apiKeyEntity->save();
     $row = get_object_vars($apiKeyEntity);
     $row['created'] = Scalr_Util_DateTime::convertTz($apiKeyEntity->created);
     $row['lastUsed'] = $apiKeyEntity->lastUsed ? Scalr_Util_DateTime::convertTz($apiKeyEntity->lastUsed) : 0;
     $row['createdHr'] = $apiKeyEntity->created ? Scalr_Util_DateTime::getFuzzyTimeString($apiKeyEntity->created) : '';
     $row['lastUsedHr'] = $apiKeyEntity->lastUsed ? Scalr_Util_DateTime::getFuzzyTimeString($apiKeyEntity->lastUsed) : 'Never';
     $this->response->data(['key' => $row]);
 }
Beispiel #5
0
 /**
  * Setups test user, environment and API key
  *
  * @throws \Scalr\Exception\ModelException
  */
 public static function setUpBeforeClass()
 {
     static::$testUserId = \Scalr::config('scalr.phpunit.userid');
     static::$user = User::findPk(static::$testUserId);
     static::$testEnvId = \Scalr::config('scalr.phpunit.envid');
     static::$env = Environment::findPk(static::$testEnvId);
     if (empty(static::$user) || empty(static::$env)) {
         static::markTestIncomplete('Either test environment or user is invalid.');
     }
     $apiKeyName = static::getTestName();
     $apiKeyEntity = ApiKeyEntity::findOne([['name' => $apiKeyName], ['userId' => static::$testUserId]]);
     if (empty($apiKeyEntity)) {
         $apiKeyEntity = new ApiKeyEntity(static::$testUserId);
         $apiKeyEntity->name = $apiKeyName;
         $apiKeyEntity->save();
     }
     static::$apiKeyEntity = $apiKeyEntity;
     static::changeLoggerConfiguration();
 }
Beispiel #6
0
 /**
  * Setups test user, environment and API key
  *
  * @beforeClass
  *
  * @throws \Scalr\Exception\ModelException
  */
 public static function setUpBeforeClass()
 {
     static::$testUserId = \Scalr::config('scalr.phpunit.userid');
     static::$user = User::findPk(static::$testUserId);
     static::$testEnvId = \Scalr::config('scalr.phpunit.envid');
     static::$env = Environment::findPk(static::$testEnvId);
     $apiKeyName = static::getTestName();
     $apiKeyEntity = ApiKeyEntity::findOne([['name' => $apiKeyName], ['userId' => static::$testUserId]]);
     if (empty($apiKeyEntity)) {
         $apiKeyEntity = new ApiKeyEntity(static::$testUserId);
         $apiKeyEntity->name = $apiKeyName;
         $apiKeyEntity->save();
     }
     static::$apiKeyEntity = $apiKeyEntity;
 }