/**
* Checks the request header for correct xAPI version.
**/
protected function checkVersion()
{
$version = \LockerRequest::header('X-Experience-API-Version');
if (!isset($version) || substr($version, 0, 4) !== '1.0.') {
throw new Exceptions\Exception('This is not an accepted version of xAPI.');
}
}
/**
* Checks the request header for correct xAPI version.
**/
protected function checkVersion()
{
$version = \LockerRequest::header('X-Experience-API-Version');
$isInvalidVersion = !(isset($version) && (substr($version, 0, 4) === '1.0.' || $version === '1.0'));
if ($isInvalidVersion) {
throw new Exceptions\Exception('This is not an accepted version of xAPI.');
}
}
/**
* Deals with multipart requests.
* @return ['content' => $content, 'attachments' => $attachments].
*/
private function getParts()
{
$content = \LockerRequest::getContent();
$contentType = \LockerRequest::header('Content-Type');
$types = explode(';', $contentType, 2);
$mimeType = count($types) >= 1 ? $types[0] : $types;
if ($mimeType == 'multipart/mixed') {
$components = Attachments::setAttachments($contentType, $content);
// Returns 'formatting' error.
if (empty($components)) {
throw new Exceptions\Exception('There is a problem with the formatting of your submitted content.');
}
// Returns 'no attachment' error.
if (!isset($components['attachments'])) {
throw new Exceptions\Exception('There were no attachments.');
}
$content = $components['body'];
$attachments = $components['attachments'];
} else {
$attachments = [];
}
return ['content' => $content, 'attachments' => $attachments];
}
/**
* Gets the username and password from the authorization string.
* @return [String] Formed of [Username, Password]
*/
static function getUserPassFromAuth()
{
$authorization = \LockerRequest::header('Authorization');
if ($authorization !== null && strpos($authorization, 'Basic') === 0) {
list($username, $password) = Helpers::getUserPassFromBAuth($authorization);
} else {
if ($authorization !== null && strpos($authorization, 'Bearer') === 0) {
list($username, $password) = Helpers::getUserPassFromOAuth($authorization);
} else {
throw new Exceptions\Exception('Invalid auth', 400);
}
}
return [$username, $password];
}
/**
* Checks and gets the updated header.
* @return String The updated timestamp ISO 8601 formatted.
*/
public function getUpdatedValue()
{
$updated = \LockerRequest::header('Updated');
// Checks the updated parameter.
if (!empty($updated)) {
if (!$this->validateTimestamp($updated)) {
\App::abort(400, sprintf("`%s` is not an valid ISO 8601 formatted timestamp", $updated));
}
} else {
$updated = Carbon::now()->toISO8601String();
}
return $updated;
}
/*
|--------------------------------------------------------------------------
| Guest Filter
|--------------------------------------------------------------------------
|
| The "guest" filter is the counterpart of the authentication filters as
| it simply checks that the current user is not logged in. A redirect
| response will be issued if they are, which you may freely change.
|
*/
Route::filter('guest', function () {
if (Auth::check()) {
return Redirect::to('/');
}
});
/*
|--------------------------------------------------------------------------
| CSRF Protection Filter
|--------------------------------------------------------------------------
|
| The CSRF filter is responsible for protecting your application against
| cross-site request forgery attacks. If this special token in a user
| session does not match the one given in this request, we'll bail.
|
*/
Route::filter('csrf', function () {
$token = Request::ajax() ? LockerRequest::header('X-CSRF-Token') : Input::get('_token');
if (Session::token() !== $token) {
throw new Illuminate\Session\TokenMismatchException();
}
});
