Example #1
0
 /**
  * handler for JSON api requests
  * 
  * @return JSON
  */
 public function handle()
 {
     try {
         // init server and request first
         $server = new Zend_Json_Server();
         $server->setClass('Setup_Frontend_Json', 'Setup');
         $server->setClass('Tinebase_Frontend_Json', 'Tinebase');
         $server->setAutoHandleExceptions(false);
         $server->setAutoEmitResponse(false);
         $request = new Zend_Json_Server_Request_Http();
         Setup_Core::initFramework();
         $method = $request->getMethod();
         $jsonKey = isset($_SERVER['HTTP_X_TINE20_JSONKEY']) ? $_SERVER['HTTP_X_TINE20_JSONKEY'] : '';
         Tinebase_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ . ' is JSON request. method: ' . $method);
         $anonymnousMethods = array('Setup.getAllRegistryData', 'Setup.login', 'Tinebase.getAvailableTranslations', 'Tinebase.getTranslations', 'Tinebase.setLocale');
         if (!Setup_Core::configFileExists()) {
             $anonymnousMethods = array_merge($anonymnousMethods, array('Setup.envCheck'));
         }
         // check json key for all methods but some exceptoins
         if (!in_array($method, $anonymnousMethods) && Setup_Core::configFileExists() && (empty($jsonKey) || $jsonKey != Setup_Core::get('jsonKey') || !Setup_Core::isRegistered(Setup_Core::USER))) {
             if (!Setup_Core::isRegistered(Setup_Core::USER)) {
                 Setup_Core::getLogger()->INFO(__METHOD__ . '::' . __LINE__ . ' Attempt to request a privileged Json-API method without authorisation from "' . $_SERVER['REMOTE_ADDR'] . '". (session timeout?)');
                 throw new Tinebase_Exception_AccessDenied('Not Authorised', 401);
             } else {
                 Setup_Core::getLogger()->WARN(__METHOD__ . '::' . __LINE__ . ' Fatal: got wrong json key! (' . $jsonKey . ') Possible CSRF attempt!' . ' affected account: ' . print_r(Setup_Core::getUser(), true) . ' request: ' . print_r($_REQUEST, true));
                 throw new Tinebase_Exception_AccessDenied('Not Authorised', 401);
             }
         }
         $response = $server->handle($request);
     } catch (Exception $exception) {
         $response = $this->_handleException($server, $request, $exception);
     }
     echo $response;
 }
Example #2
0
 /**
  * Übernimmt die übergebenen Parameter oder holt diese aus den Post Daten
  * @param array $options
  */
 public function __construct(array $options = null)
 {
     if (isset($options)) {
         $this->setOptions($options + array('jsonrpc' => '2.0'));
     } else {
         parent::__construct();
     }
 }
Example #3
0
 public function __construct()
 {
     try {
         parent::__construct();
     } catch (Zend_Json_Exception $e) {
         $this->_isParseError = true;
     }
 }
Example #4
0
 /**
  * handle exceptions
  * 
  * @param Zend_Json_Server_Request_Http $request
  * @param Exception $exception
  * @return Zend_Json_Server_Response
  */
 protected function _handleException($request, $exception)
 {
     $server = self::_getServer();
     $exceptionData = method_exists($exception, 'toArray') ? $exception->toArray() : array();
     $exceptionData['message'] = htmlentities($exception->getMessage(), ENT_COMPAT, 'UTF-8');
     $exceptionData['code'] = $exception->getCode();
     if ($exception instanceof Tinebase_Exception) {
         $exceptionData['appName'] = $exception->getAppName();
         $exceptionData['title'] = $exception->getTitle();
     }
     Tinebase_Core::getLogger()->warn(__METHOD__ . '::' . __LINE__ . ' ' . get_class($exception) . ' -> ' . $exception->getMessage());
     $suppressTrace = Tinebase_Core::getConfig()->suppressExceptionTraces;
     if ($suppressTrace !== TRUE) {
         $exceptionData['trace'] = Tinebase_Exception::getTraceAsArray($exception);
     }
     Tinebase_Exception::log($exception, $suppressTrace);
     $server->fault($exceptionData['message'], $exceptionData['code'], $exceptionData);
     $response = $server->getResponse();
     if (null !== ($id = $request->getId())) {
         $response->setId($id);
     }
     if (null !== ($version = $request->getVersion())) {
         $response->setVersion($version);
     }
     return $response;
 }
Example #5
0
 /**
  * handle exceptions
  * 
  * @param Zend_Json_Server $server
  * @param Zend_Json_Server_Request_Http $request
  * @param Exception $exception
  * @return Zend_Json_Server_Response
  */
 protected function _handleException($server, $request, $exception)
 {
     $exceptionData = method_exists($exception, 'toArray') ? $exception->toArray() : array();
     $exceptionData['message'] = htmlentities($exception->getMessage(), ENT_COMPAT, 'UTF-8');
     $exceptionData['code'] = $exception->getCode();
     if (Tinebase_Core::isLogLevel(Zend_Log::NOTICE)) {
         Tinebase_Core::getLogger()->notice(__METHOD__ . '::' . __LINE__ . ' ' . get_class($exception) . ' -> ' . $exception->getMessage());
     }
     if (Tinebase_Core::getConfig()->suppressExceptionTraces !== TRUE) {
         $exceptionData['trace'] = $this->_getTraceAsArray($exception);
         $this->_logExceptionTrace($exception);
     }
     $server->fault($exceptionData['message'], $exceptionData['code'], $exceptionData);
     $response = $server->getResponse();
     if (null !== ($id = $request->getId())) {
         $response->setId($id);
     }
     if (null !== ($version = $request->getVersion())) {
         $response->setVersion($version);
     }
     return $response;
 }