/**
* Called synchronously before possibly submitting to async framework
*/
public function preExecute()
{
if ($this->requestMethod !== 'GET') {
validateCsrfToken();
}
// clean up the URL
$this->url = str_replace(' ', '+', trim($this->url));
if (in_array($this->requestMethod, RestApiClient::getMethodsWithBodies()) && trim($this->requestBody) == "") {
throw new WorkbenchHandledException("Must include a Request Body.");
}
}
/**
* Called synchronously before possibly submitting to async framework
*/
public function preExecute()
{
if ($this->requestMethod !== 'GET') {
validateCsrfToken();
}
// clean up the URL
$this->url = str_replace(' ', '+', trim($this->url));
if (in_array($this->requestMethod, RestApiClient::getMethodsWithBodies()) && trim($this->requestBody) == "") {
if (stripos($this->requestHeaders, "Content-Type: application/json") !== false) {
// If nothing's specified in the JSON body, set it to null.
$this->requestBody = "null";
} else {
throw new WorkbenchHandledException("Must include a Request Body.");
}
}
}
public function processRequest()
{
if (isset($_POST['signed_request'])) {
$this->processSignedRequest($_POST['signed_request']);
return;
}
if (isset($_REQUEST["code"])) {
if (!isset($_REQUEST['state'])) {
throw new Exception("Invalid OAuth State");
}
$state = json_decode($_REQUEST['state']);
if (WorkbenchConfig::get()->value("loginCsrfEnabled")) {
$_REQUEST['CSRF_TOKEN'] = $state->csrfToken;
validateCsrfToken();
}
$this->oauthProcessLogin($_REQUEST["code"], $state->host, $state->apiVersion, $state->startUrl);
return;
}
if (WorkbenchConfig::get()->value("loginCsrfEnabled")) {
if (!validateCsrfToken(false)) {
$this->addError('This login method is not supported.');
return;
}
}
if ($this->termsRequired && !isset($_POST['termsAccepted'])) {
$this->addError("You must agree to terms of service.");
return;
}
if (isset($_REQUEST['loginType']) && $_REQUEST['loginType'] == "oauth") {
if (!isset($_POST["oauth_host"]) || !isset($_POST["api"])) {
throw new Exception("Invalid parameters for Oauth login");
}
$state = json_encode(array("host" => $_POST["oauth_host"], "apiVersion" => $_POST["oauth_apiVersion"], "csrfToken" => getCsrfToken(), "startUrl" => $this->startUrl));
$this->oauthRedirect($_POST["oauth_host"], $state);
} else {
$pw = isset($_REQUEST['pw']) ? $_REQUEST['pw'] : null;
$sid = isset($_REQUEST['sid']) ? $_REQUEST['sid'] : null;
$serverUrl = $this->buildServerUrl();
// special-cases for UI vs API logins
if (isset($_POST['uiLogin'])) {
$this->processRememberUserCookie();
} else {
$_REQUEST['autoLogin'] = 1;
}
$this->processLogin($this->username, $pw, $serverUrl, $sid, $this->startUrl);
}
}
httpError("403.4 SSL Required", "Secure connection to Workbench and Salesforce required");
//TODO: what do we want to do here?
}
//kick user back to login page for any page that requires a session and one isn't established
$myPage = getMyPage();
if (!isLoggedIn() && $myPage->requiresSfdcSession) {
session_unset();
session_destroy();
header('Location: login.php');
exit;
}
if (!$myPage->isReadOnly && isReadOnlyMode()) {
throw new WorkbenchHandledException("This page is not accessible in read-only mode");
}
if (WorkbenchContext::isEstablished() && !$myPage->isReadOnly && $_SERVER['REQUEST_METHOD'] == 'POST') {
validateCsrfToken();
}
if (WorkbenchContext::isEstablished() && isset($_POST['termsAccepted'])) {
WorkbenchContext::get()->agreeToTerms();
}
if (isLoggedIn()) {
// todo: should this be in the ctx?
if (!in_array(basename($_SERVER['PHP_SELF'], ".php"), array("login", "logout")) && isset($_SESSION['lastRequestTime'])) {
$idleTime = microtime(true) - $_SESSION['lastRequestTime'];
if ($idleTime > WorkbenchConfig::get()->value("sessionIdleMinutes") * 60) {
// ping SFDC to check if session is still alive
WorkbenchContext::get()->getPartnerConnection()->getServerTimestamp();
}
}
$_SESSION['lastRequestTime'] = microtime(true);
}
