protected function _logRequest($controllerResponse, $controllerName, $action)
{
// skip logging for successful /batch request
if ($controllerResponse instanceof XenForo_ControllerResponse_View) {
return false;
}
return parent::_logRequest($controllerResponse, $controllerName, $action);
}
public function bdApi_actionGetResults(array $poll, $canVote, bdApi_ControllerApi_Abstract $controller)
{
$poll = $this->preparePoll($poll, $canVote);
$pollData = $this->prepareApiDataForPoll($poll, $canVote);
$results = array();
foreach ($pollData['responses'] as $responseData) {
$response = $poll['responses'][$responseData['response_id']];
$resultData = $responseData;
$resultData['response_vote_count'] = $response['response_vote_count'];
if (!empty($poll['public_votes'])) {
$resultData['voters'] = array();
if (!empty($response['voters'])) {
$resultData['voters'] = array_values($response['voters']);
}
}
$results[] = $resultData;
}
$data = array('results' => $controller->_filterDataMany($results));
if (!$controller->_isFieldExcluded('poll')) {
$data['poll'] = $controller->_filterDataSingle($pollData, array('poll'));
}
return $controller->responseData('bdApi_ViewApi_Helper_Poll_Results', $data);
}
protected function _preDispatch($action)
{
$this->_assertRegistrationRequired();
$this->_assertRequiredScope(bdApi_Model_OAuth2::SCOPE_PARTICIPATE_IN_CONVERSATIONS);
parent::_preDispatch($action);
}
protected function _getScopeForAction($action)
{
if ($action === 'PostIndex') {
/* @var $session bdApi_Session */
$session = XenForo_Application::getSession();
$clientId = $session->getOAuthClientId();
if (empty($clientId)) {
return false;
}
}
return parent::_getScopeForAction($action);
}
/**
* @return XenForo_Model_Attachment
*/
protected function _getAttachmentModel()
{
return $this->_controller->getModelFromCache('XenForo_Model_Attachment');
}
protected function _prepareSessionActivityForApi(&$controllerName, &$action, array &$params)
{
switch ($action) {
case 'GetIndex':
$forumId = $this->_request->getParam('forum_id');
if (!empty($forumId) && is_numeric($forumId)) {
$params['node_id'] = $forumId;
}
$controllerName = 'XenForo_ControllerPublic_Forum';
break;
case 'Single':
$controllerName = 'XenForo_ControllerPublic_Thread';
break;
case 'GetNew':
case 'GetRecent':
$controllerName = 'XenForo_ControllerPublic_FindNew';
break;
default:
parent::_prepareSessionActivityForApi($controllerName, $action, $params);
}
}
protected function _checkUserCredentials_runTfaValidation($userId)
{
if ($userId < 1 || XenForo_Application::$versionId < 1050000) {
return true;
}
if ($this->_controller === null) {
// since XenForo 1.5+, $_controller must be set to check for two factor authentication
// otherwise, deny access immediately
return false;
}
/** @var XenForo_ControllerHelper_Login $loginHelper */
$loginHelper = $this->_controller->getHelper('Login');
$user = $this->_model->getUserModel()->getFullUserById($userId);
if (!$loginHelper->userTfaConfirmationRequired($user)) {
return true;
}
/** @var XenForo_Model_Tfa $tfaModel */
$tfaModel = $this->_model->getModelFromCache('XenForo_Model_Tfa');
$providers = $tfaModel->getTfaConfigurationForUser($user['user_id'], $userData);
if (empty($providers)) {
return true;
}
$this->_server->actionOauthToken_setTfaProviders($providers);
$tfaProvider = $this->_controller->getInput()->filterSingle('tfa_provider', XenForo_Input::STRING);
if (strlen($tfaProvider) === 0) {
return false;
}
$tfaTrigger = $this->_controller->getInput()->filterSingle('tfa_trigger', XenForo_Input::BOOLEAN);
if ($tfaTrigger) {
$loginHelper->triggerTfaCheck($user, $tfaProvider, $providers, $userData);
throw $this->_controller->responseException($this->_controller->responseMessage(new XenForo_Phrase('changes_saved')));
}
$loginHelper->assertNotTfaAttemptLimited($user['user_id']);
if ($loginHelper->runTfaValidation($user, $tfaProvider, $providers, $userData) === true) {
return true;
}
throw $this->_controller->responseException($this->_controller->responseError(new XenForo_Phrase('two_step_verification_value_could_not_be_confirmed')));
}
public function responseNoPermission()
{
if ($this->_redirectAsNoPermission) {
// this "hack" is required because other pre dispatch jobs may throw no permission response around
// and we want to redirect them all, not just from our actions
$redirectUri = $this->_input->filterSingle('redirect_uri', XenForo_Input::STRING);
if (!empty($redirectUri)) {
return $this->responseRedirect(XenForo_ControllerResponse_Redirect::RESOURCE_CANONICAL_PERMANENT, $redirectUri);
}
}
return parent::responseNoPermission();
}
