Ejemplo n.º 1
0
 /**
  * Check that this token is either a user token or the
  * site's API token, and auth the current request for that user if so.
  *
  * @return \Idno\Entities\User user on success
  */
 private static function authenticate()
 {
     $access_token = \Idno\Core\Input::getInput('access_token');
     $headers = \Idno\Common\Page::getallheaders();
     if (!empty($headers['Authorization'])) {
         $token = $headers['Authorization'];
         $token = trim(str_replace('Bearer', '', $token));
     } else {
         if ($token = \Idno\Core\Input::getInput('access_token')) {
             $token = trim($token);
         }
     }
     if (!empty($token)) {
         $found = Token::findUserForToken($token);
         if (!empty($found)) {
             \Idno\Core\Idno::site()->session()->setIsAPIRequest(true);
             $user = $found['user'];
             \Idno\Core\Idno::site()->session()->refreshSessionUser($user);
             return $user;
         }
         $user = \Idno\Entities\User::getOne(array('admin' => true));
         if ($token == $user->getAPIkey()) {
             \Idno\Core\Idno::site()->session()->setIsAPIRequest(true);
             \Idno\Core\Idno::site()->session()->refreshSessionUser($user);
             return $user;
         }
     }
     return false;
 }
Ejemplo n.º 2
0
 function registerEventHooks()
 {
     \Idno\Core\Idno::site()->addEventHook('syndicate', function (\Idno\Core\Event $event) {
         $object = $event->data()['object'];
         $object_type = $event->data()['object_type'];
         $syndication = Input::getInput('syndication');
         $object_array = $object->saveToArray();
         $object_array['url'] = $object->getURL();
         if (\Idno\Core\Idno::site()->hub()) {
             $results = \Idno\Core\Idno::site()->hub()->makeCall('hub/user/syndication/post', ['object' => $object_array, 'object_type' => $object_type, 'syndication' => $syndication]);
             if ($object_array = json_decode($results['content'], true)) {
                 $object->loadFromArray($object_array);
                 $object->save();
             }
         }
     });
 }
Ejemplo n.º 3
0
 /**
  * Retrieves input.
  *
  * @param string $name Name of the input variable
  * @param mixed $default A default return value if no value specified (default: null)
  * @param boolean $filter Whether or not to filter the variable for safety (default: null), you can pass
  *                 a callable method, function or enclosure with a definition like function($name, $value), which
  *                 will return the filtered result.
  * @return mixed
  */
 function getInput($name, $default = null, callable $filter = null)
 {
     if (!empty($name)) {
         $request = \Idno\Core\Input::getInput($name, $default, $filter);
         if (!empty($request)) {
             $value = $request;
         } else {
             if (!empty($this->data[$name])) {
                 $value = $this->data[$name];
             }
         }
         if (empty($value) && !empty($default)) {
             $value = $default;
         }
         if (!empty($value)) {
             if (isset($filter) && is_callable($filter) && empty($request)) {
                 $value = call_user_func($filter, $name, $value);
             }
             // TODO, we may want to add some sort of system wide default filter for when $filter is null
             return $value;
         }
     }
     return false;
 }
Ejemplo n.º 4
0
 /**
  * Called at the beginning of each request handler, attempts to authorize the request.
  *
  * Checks HTTP request headers to see if the request has been properly
  * signed for API access.
  *
  * If this is not an API request, then check the session for the logged in user's credentials.
  *
  * Triggers "user/auth/request" to give plugins an opportunity to implement their own auth mechanism.
  * Then "user/auth/success" or "user/auth/failure" depending on if a user was found for the provided credentials.
  *
  * @return \Idno\Entities\User|false The logged-in user, or false otherwise
  */
 function tryAuthUser()
 {
     // attempt to delegate auth to a plugin (note: plugin is responsible for calling setIsAPIRequest or not)
     $return = \Idno\Core\Idno::site()->triggerEvent('user/auth/request', [], false);
     // auth standard API requests
     if (!$return && !empty($_SERVER['HTTP_X_KNOWN_USERNAME']) && !empty($_SERVER['HTTP_X_KNOWN_SIGNATURE'])) {
         \Idno\Core\Idno::site()->logging()->debug("Attempting to auth via API credentials");
         $this->setIsAPIRequest(true);
         $t = \Idno\Core\Input::getInput('_t');
         if (empty($t)) {
             \Idno\Core\Idno::site()->template()->setTemplateType('json');
         }
         if ($user = \Idno\Entities\User::getByHandle($_SERVER['HTTP_X_KNOWN_USERNAME'])) {
             \Idno\Core\Idno::site()->logging()->debug("API auth found user by username: "******"API auth verified signature for user: "******"API auth failed signature validation for user: "******"Warning: Access credentials were sent over a non-secured connection! To disable this warning set disable_cleartext_warning in your config.ini");
         }
         // If this is an API request but we're not logged in, set page response code to access denied
         if (!$return) {
             $ip = $_SERVER['REMOTE_ADDR'];
             if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
                 $proxies = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
                 // We are behind a proxy
                 $ip = trim($proxies[0]);
             }
             \Idno\Core\Idno::site()->logging()->error("API Login failure from {$ip}");
         }
     }
     $return = \Idno\Core\Idno::site()->triggerEvent($return ? "user/auth/success" : "user/auth/failure", array("user" => $return, "is api" => $this->isAPIRequest()), $return);
     return $return;
 }