/**
* This method validates that the action type passed is a valid one.
*
* This method will look in the loginrequired and partnerId (pid) required
* actions array for the key passed. If it's missing, it's not allowed.
*
* ANY ACTION must be either logged or contain partner id/key
*
* @param string $type The type to validate
* @return bool Type is valid or it is not.
*/
public static function validateActionType($type)
{
if (!Frapi_Rules::isPartnerAction($type)) {
return false;
}
return true;
}
/**
* This method will verify the data that has been passed and authorize it or not.
*
* It will return an error in case it does not authorize.
*
* @return mixed Error in case it is not valid True if it is for
* partner, or if login is valid.
*/
public function authorize()
{
$valid = Frapi_Rules::isPartnerAction($this->getAction());
if (!$valid) {
return false;
}
/**
* Make sure the params needed are passed
* if not, return an error with invalid partner
* id/key
*/
$partnerID = isset($this->params['email']) ? $this->params['email'] : false;
$partnerKey = isset($this->params['secretKey']) ? $this->params['secretKey'] : false;
if (!empty($partnerID) && !empty($partnerKey)) {
/**
* Last step, validate the partner information
* using the security Context
*/
$partnerID = $this->params['email'];
$partnerKey = $this->params['secretKey'];
$security = new Frapi_Security();
$securityPass = $security->isPartner($partnerID, $partnerKey);
// Seems ok to me.. might as well go through.
return true;
}
header('WWW-Authenticate: Basic realm="API Authentication"');
exit(0);
}
/**
* This method will verify the data that has been passed and authorize it or not.
*
* It will return an error in case it does not authorize.
*
* @return mixed Error in case it is not valid True if it is for
* partner, or if login is valid.
*/
public function authorize()
{
$valid = Frapi_Rules::isPartnerAction($this->getAction());
if (!$valid) {
return false;
}
$auth = new Frapi_Authorization_HTTP_Digest();
/**
* Make sure the params needed are passed
* if not, return an error with invalid partner
* id/key
*/
if (!empty($this->params['digest'])) {
$authed = $auth->authorize();
return true;
}
$auth->send();
}
/**
* Detect and set the output format and mimetype
*
* This method bases it's detection on the ACCEPT header passed
* to the API.
*
* @return array of mimetype, outputFormat and params
*/
public function detectOutputFormat()
{
$mimetypes = Frapi_Output::getMimeTypeMap();
if ($mimetypes) {
$this->mimeMaps = $mimetypes;
}
$types = $this->parseAcceptHeader();
$return = array('outputFormat' => false, 'mimetype' => false, 'params' => array());
if (!empty($types)) {
$mimetypes = $this->parseMimeTypes();
foreach ($types as $type) {
if (isset($this->mimeMaps[$type['mimetype']])) {
$return['outputFormat'] = $this->mimeMaps[$type['mimetype']];
$return['mimetype'] = $type['mimetype'];
$return['params'] = isset($type['params']) ? $type['params'] : array();
break;
} else {
foreach ($mimetypes as $mimetype) {
$matches = array();
if (preg_match($mimetype['pattern'], $type['mimetype'], $matches)) {
$return['mimetype'] = $type['mimetype'];
$return['params'] = isset($type['params']) ? $type['params'] : array();
if ($mimetype['output_format'][0] == ':') {
$format = substr($mimetype['output_format'], 1);
if (!empty($matches[$format]) && Frapi_Rules::validateOutputType($matches[$format])) {
$return['outputFormat'] = $matches[$format];
}
} else {
$return['outputFormat'] = $mimetype['output_format'];
}
foreach ($mimetype['params'] as $param) {
$return['params'][$param] = $matches[$param];
}
break 2;
}
}
}
}
}
// Final catch-all (for cases like Accept: */*)
if (!$return['outputFormat']) {
$return['outputFormat'] = $this->getDefaultFormatFromConfiguration();
$return['mimetype'] = Frapi_Output::getMimeTypeByFormat($return['outputFormat']);
}
$this->setOutputFormat($return['outputFormat']);
return $return;
}
/**
* Set format
*
* This method will check if the format is
* an acceptable one, if so it'll set it to the
* requested format.
*
* In the case where there are no format passed, we
* default the value to 'xml'
*
* @param string $format The format to use.
* @throws Frapi_Error
*/
protected function setFormat($format = false)
{
if ($format) {
$typeValid = Frapi_Rules::validateOutputType($format);
$this->format = $format;
} else {
throw new Frapi_Error(Frapi_Error::ERROR_INVALID_URL_PROMPT_FORMAT_NAME, Frapi_Error::ERROR_INVALID_URL_PROMPT_FORMAT_MSG, Frapi_Error::ERROR_INVALID_URL_PROMPT_FORMAT_NO);
}
}
/**
* Authorize
*
* This method authenticates by verifying if the requested action
* is made by a **partner** or if it's a public action.
*
* Partner is a term I grabbed when working at mobivox. They are not
* users in the term that they need to register and keep a logged in
* session but stateless "users". I decided to keep that term since
* it makes more sense than "statelessUser";
*
* @return boolean Either it's authorized or not.
*/
public function authorize()
{
// If this is a public action, it doesn't need authorization.
if (Frapi_Rules::isPublicAction($this->getAction())) {
return true;
}
//For Basic HTTP Auth, use headers automatically filled by PHP, if available.
$headers = $_SERVER;
$auth_params = array("email" => isset($headers['PHP_AUTH_USER']) ? $headers['PHP_AUTH_USER'] : null, "secretKey" => isset($headers['PHP_AUTH_PW']) ? $headers['PHP_AUTH_PW'] : null);
// First step: Set the state of the context objects.
$partner = $this->authorization->getPartner()->setAction($this->getAction())->setAuthorizationParams($auth_params);
/**
* Second step: Run the authorization, error in case of
* error in returned values, else it's just a true.
*/
$partnerAuth = $partner->authorize();
/**
* Step Three: If we have no partner
* auth we return an error of invalid requested action
* because if the action is not found in the contexts
* it returns true.
*
* If it is found but has an error, it throws Frapi_Error
*
* If it is ok, it returns true.
*/
if (!$partnerAuth) {
throw new Frapi_Error(Frapi_Error::ERROR_INVALID_ACTION_REQUEST_NAME, Frapi_Error::ERROR_INVALID_ACTION_REQUEST_MSG, Frapi_Error::ERROR_INVALID_ACTION_REQUEST_NO);
}
return true;
}
