public function test_forge()
{
$test_subject = \Remote::forge('http://google.com', 'curl', 'get');
$this->assertInternalType('object', $test_subject);
$this->assertSame('GET', $test_subject->get_method());
}
/**
* Run the request
*
* @param \Raml\SecurityScheme $securityscheme_obj The security scheme to process the call data for
* @param \V1\APICall $apicall_obj The APICall object
*
* @return mixed The object we just completed or an array describing the next step in the security process
*/
public function run(\Raml\SecurityScheme $securityscheme_obj, \V1\APICall $apicall_obj)
{
$settings = $securityscheme_obj->getSettings();
$credentials = $apicall_obj->get_credentials();
// Save the credentials
\V1\Keyring::set_credentials($credentials);
/**
* By default we'll return the response from the authentication request so that it's meaningful.
* However, in doing so, we'll need to block the main request, so developers may set this flag
* to ignore the authentication, signifying that they've already got the information they needed
* from it.
*
* NOTE: This security method is meant as a basic way to catch security methods we otherwise
* haven't implemented in our system. Take it for what it's worth.
*
* @TODO When using this security method, skip processing the APICall object for a speedup.
*/
if (!empty($credentials['CUSTOM_IGNORE_AUTH'])) {
return true;
}
// Remove unused credentials so as not to replace bad variables in the template.
foreach ($credentials as $variable => $entry) {
if (strpos($variable, 'CUSTOM_') !== 0) {
unset($credentials[$variable]);
}
}
// We need the method or we'll fail the call.
if (empty($settings['method'])) {
$this->error = true;
return $this;
}
// Normalize the data into arrays.
$described_by = $securityscheme_obj->getDescribedBy();
$headers = $this->get_param_array($described_by->getHeaders());
$query_params = $this->get_param_array($described_by->getQueryParameters());
$bodies = $described_by->getBodies();
$method = \Str::upper($settings['method']);
$url = $settings['url'];
// Grab the body if we have one, and the method supports one.
$body = null;
$body_type = null;
if (count($bodies) > 0 && !in_array($method, array('GET', 'HEAD'))) {
reset($bodies);
$body_type = key($bodies);
$body = $bodies[$body_type]->getExamples()[0];
}
/**
* NOTE: These replacements may ruin the formatting or allow for people to inject data into them.
* API Providers should be aware of that possibility.
*
* @TODO In the future, we can consider implementing checking to verify that people aren't sending
* crap data through the system.
*/
$headers = $this->remove_cr_and_lf($this->replace_variables($headers, $credentials));
$query_params = $this->remove_cr_and_lf($this->replace_variables($query_params, $credentials));
$body = $this->replace_variables($body, $credentials);
if (!empty($query_params)) {
$query_string = http_build_query($query_params, null, '&');
if (strpos($url, '?') === false) {
$url .= '?' . $query_string;
} else {
$url .= '&' . $query_string;
}
}
/**
* RUNCLE RICK'S RAD RUN CALLS (The second coming!)
*/
$curl = \Remote::forge($url, 'curl', $method);
// Set the headers
$headers = \V1\RunCall::get_headers($headers);
foreach ($headers as $header_name => $header_value) {
$curl->set_header($header_name, $header_value);
}
// Return the headers
$curl->set_option(CURLOPT_HEADER, true);
// If we need a body, set that.
if (!empty($body) && !in_array($method, array('GET', 'HEAD'))) {
$curl->set_header('Content-Type', $body_type);
$curl->set_params($body);
}
// Run the request
try {
$response = $curl->execute()->response();
} catch (\RequestStatusException $e) {
$response = \Remote::get_response($curl);
} catch (\RequestException $e) {
$this->error = true;
return $this;
}
// Set the usage stats, and format the response
return \V1\Socket::prepare_response(array('status' => $response->status, 'headers' => $response->headers, 'body' => $response->body));
}
/**
* Request the WWW-Authentication header from the remote server, and parse it.
*
* @param string $url The URL to contact and beg for a nonce
* @return bool True on success, or false on fail
*/
private function parse_www_auth_remote($url)
{
// We tried to pull the data, so if we can't get an array later, we'll know what happened.
$this->www_data = true;
$curl = \Remote::forge($url, 'curl', 'head');
try {
$headers = $curl->execute()->headers;
} catch (\RequestStatusException $e) {
$headers = \Remote::get_response($curl)->headers;
} catch (\RequestException $e) {
return false;
}
if (is_array($parsed = $this->parse_www_auth($headers))) {
$this->www_data = $parsed;
return true;
} else {
return false;
}
}