/** * handler for JSON api requests * * @return JSON */ public function handle() { try { // init server and request first $server = new Zend_Json_Server(); $server->setClass('Setup_Frontend_Json', 'Setup'); $server->setClass('Tinebase_Frontend_Json', 'Tinebase'); $server->setAutoHandleExceptions(false); $server->setAutoEmitResponse(false); $request = new Zend_Json_Server_Request_Http(); Setup_Core::initFramework(); $method = $request->getMethod(); $jsonKey = isset($_SERVER['HTTP_X_TINE20_JSONKEY']) ? $_SERVER['HTTP_X_TINE20_JSONKEY'] : ''; Tinebase_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ . ' is JSON request. method: ' . $method); $anonymnousMethods = array('Setup.getAllRegistryData', 'Setup.login', 'Tinebase.getAvailableTranslations', 'Tinebase.getTranslations', 'Tinebase.setLocale'); if (!Setup_Core::configFileExists()) { $anonymnousMethods = array_merge($anonymnousMethods, array('Setup.envCheck')); } // check json key for all methods but some exceptoins if (!in_array($method, $anonymnousMethods) && Setup_Core::configFileExists() && (empty($jsonKey) || $jsonKey != Setup_Core::get('jsonKey') || !Setup_Core::isRegistered(Setup_Core::USER))) { if (!Setup_Core::isRegistered(Setup_Core::USER)) { Setup_Core::getLogger()->INFO(__METHOD__ . '::' . __LINE__ . ' Attempt to request a privileged Json-API method without authorisation from "' . $_SERVER['REMOTE_ADDR'] . '". (session timeout?)'); throw new Tinebase_Exception_AccessDenied('Not Authorised', 401); } else { Setup_Core::getLogger()->WARN(__METHOD__ . '::' . __LINE__ . ' Fatal: got wrong json key! (' . $jsonKey . ') Possible CSRF attempt!' . ' affected account: ' . print_r(Setup_Core::getUser(), true) . ' request: ' . print_r($_REQUEST, true)); throw new Tinebase_Exception_AccessDenied('Not Authorised', 401); } } $response = $server->handle($request); } catch (Exception $exception) { $response = $this->_handleException($server, $request, $exception); } echo $response; }
/** * Übernimmt die übergebenen Parameter oder holt diese aus den Post Daten * @param array $options */ public function __construct(array $options = null) { if (isset($options)) { $this->setOptions($options + array('jsonrpc' => '2.0')); } else { parent::__construct(); } }
public function __construct() { try { parent::__construct(); } catch (Zend_Json_Exception $e) { $this->_isParseError = true; } }
/** * handle exceptions * * @param Zend_Json_Server_Request_Http $request * @param Exception $exception * @return Zend_Json_Server_Response */ protected function _handleException($request, $exception) { $server = self::_getServer(); $exceptionData = method_exists($exception, 'toArray') ? $exception->toArray() : array(); $exceptionData['message'] = htmlentities($exception->getMessage(), ENT_COMPAT, 'UTF-8'); $exceptionData['code'] = $exception->getCode(); if ($exception instanceof Tinebase_Exception) { $exceptionData['appName'] = $exception->getAppName(); $exceptionData['title'] = $exception->getTitle(); } Tinebase_Core::getLogger()->warn(__METHOD__ . '::' . __LINE__ . ' ' . get_class($exception) . ' -> ' . $exception->getMessage()); $suppressTrace = Tinebase_Core::getConfig()->suppressExceptionTraces; if ($suppressTrace !== TRUE) { $exceptionData['trace'] = Tinebase_Exception::getTraceAsArray($exception); } Tinebase_Exception::log($exception, $suppressTrace); $server->fault($exceptionData['message'], $exceptionData['code'], $exceptionData); $response = $server->getResponse(); if (null !== ($id = $request->getId())) { $response->setId($id); } if (null !== ($version = $request->getVersion())) { $response->setVersion($version); } return $response; }
/** * handle exceptions * * @param Zend_Json_Server $server * @param Zend_Json_Server_Request_Http $request * @param Exception $exception * @return Zend_Json_Server_Response */ protected function _handleException($server, $request, $exception) { $exceptionData = method_exists($exception, 'toArray') ? $exception->toArray() : array(); $exceptionData['message'] = htmlentities($exception->getMessage(), ENT_COMPAT, 'UTF-8'); $exceptionData['code'] = $exception->getCode(); if (Tinebase_Core::isLogLevel(Zend_Log::NOTICE)) { Tinebase_Core::getLogger()->notice(__METHOD__ . '::' . __LINE__ . ' ' . get_class($exception) . ' -> ' . $exception->getMessage()); } if (Tinebase_Core::getConfig()->suppressExceptionTraces !== TRUE) { $exceptionData['trace'] = $this->_getTraceAsArray($exception); $this->_logExceptionTrace($exception); } $server->fault($exceptionData['message'], $exceptionData['code'], $exceptionData); $response = $server->getResponse(); if (null !== ($id = $request->getId())) { $response->setId($id); } if (null !== ($version = $request->getVersion())) { $response->setVersion($version); } return $response; }