private function generateKs($partnerId, $additionalData, $privileges) { $partner = $this->getPartner($partnerId); $limitedKs = ''; $result = kSessionUtils::startKSession($partnerId, $partner->getAdminSecret(), '', $limitedKs, self::EXPIRY_SECONDS, kSessionBase::SESSION_TYPE_ADMIN, '', $privileges, null, $additionalData); if ($result < 0) { throw new Exception('Failed to create limited session for partner ' . $partnerId); } return $limitedKs; }
/** * @return string */ public static function generateKs($partnerId, $tokenPrefix) { $partner = PartnerPeer::retrieveByPK($partnerId); $userSecret = $partner->getSecret(); //actionslimit:1 $privileges = kSessionBase::PRIVILEGE_SET_ROLE . ":" . self::EXTERNAL_INTEGRATION_SERVICES_ROLE_NAME; $privileges .= "," . kSessionBase::PRIVILEGE_ACTIONS_LIMIT . ":1"; $dcParams = kDataCenterMgr::getCurrentDc(); $token = $dcParams["secret"]; $additionalData = md5($tokenPrefix . $token); $ks = ""; $creationSucces = kSessionUtils::startKSession($partnerId, $userSecret, "", $ks, self::THREE_DAYS_IN_SECONDS, KalturaSessionType::USER, "", $privileges, null, $additionalData); if ($creationSucces >= 0) { return $ks; } return false; }
public function executeImpl($partner_id, $subp_id, $puser_id, $partner_prefix, $puser_kuser) { // make sure the secret fits the one in the partner's table $ks = ""; $expiry = $this->getP("expiry", 86400); $admin = $this->getP("admin", false); $privileges = $this->getP("privileges", null); $result = kSessionUtils::startKSession($partner_id, $this->getPM("secret"), $puser_id, $ks, $expiry, $admin, "", $privileges); if ($result >= 0) { $this->addMsg("ks", $ks); $this->addMsg("partner_id", $partner_id); $this->addMsg("subp_id", $subp_id); $this->addMsg("uid", $puser_id); } else { // TODO - see that there is a good error for when the invalid login count exceed s the max $this->addError(APIErrors::START_SESSION_ERROR, $partner_id); $this->addDebug("error", $result); } }
public function getDownloadUrlWithExpiry($expiry, $useCdn = false) { $ksStr = ""; $partnerId = $this->getPartnerId(); $partner = PartnerPeer::retrieveByPK($partnerId); $secret = $partner->getSecret(); $privilege = ks::PRIVILEGE_DOWNLOAD . ":" . $this->getEntryId(); $result = kSessionUtils::startKSession($partnerId, $secret, null, $ksStr, $expiry, false, "", $privilege); if ($result < 0) { throw new Exception("Failed to generate session for flavor asset [" . $this->getId() . "]"); } $finalPath = myPartnerUtils::getUrlForPartner($this->getPartnerId(), $this->getPartnerId() * 100) . "/download" . "/entry_id/" . $this->getEntryId() . "/flavor/" . $this->getId() . "/ks/" . $ksStr; // Gonen May 12 2010 - removing CDN URLs. see ticket 5135 in internal mantis // in order to avoid conflicts with access_control (geo-location restriction), we always return the requestHost (www_host from kConf) // and not the CDN host relevant for the partner. // Tan-Tan January 27 2011 - in some places we do need the cdn, I added a paramter useCdn to force it. if ($useCdn) { $downloadUrl = myPartnerUtils::getCdnHost($partnerId) . $finalPath; } else { $downloadUrl = requestUtils::getRequestHost() . $finalPath; } return $downloadUrl; }
private static function createUrl($partner_id, $file_name) { $ksStr = ""; $partner = PartnerPeer::retrieveByPK($partner_id); $secret = $partner->getSecret(); $privilege = ks::PRIVILEGE_DOWNLOAD . ":" . $file_name; $maxExpiry = 86400; $expiry = $partner->getKsMaxExpiryInSeconds(); if (!$expiry || $expiry > $maxExpiry) { $expiry = $maxExpiry; } $result = kSessionUtils::startKSession($partner_id, $secret, null, $ksStr, $expiry, false, "", $privilege); if ($result < 0) { throw new Exception("Failed to generate session for asset [" . $this->getId() . "] of type " . $this->getType()); } //url is built with DC url in order to be directed to the same DC of the saved file $url = kDataCenterMgr::getCurrentDcUrl() . "/api_v3/index.php/service/report/action/serve/ks/{$ksStr}/id/{$file_name}/report.csv"; return $url; }
public function getDownloadUrlWithExpiry($expiry, $useCdn = false, $forceProxy = false, $preview = null) { $ksStr = ""; $partnerId = $this->getPartnerId(); if ($this->isKsNeededForDownload() || $preview) { $partner = PartnerPeer::retrieveByPK($partnerId); $secret = $partner->getSecret(); $privilege = ks::PRIVILEGE_DOWNLOAD . ":" . $this->getEntryId(); $privilege .= "," . kSessionBase::PRIVILEGE_DISABLE_ENTITLEMENT_FOR_ENTRY . ":" . $this->getEntryId(); $privilege .= "," . kSessionBase::PRIVILEGE_VIEW . ":" . $this->getEntryId(); $privilege .= "," . kSessionBase::PRIVILEGE_DOWNLOAD_ASSET . ":" . $this->getId(); if ($preview) { $privilege .= "," . kSessionBase::PRIVILEGE_PREVIEW . ":" . $preview; } $result = kSessionUtils::startKSession($partnerId, $secret, null, $ksStr, $expiry, false, "", $privilege); if ($result < 0) { throw new Exception("Failed to generate session for asset [" . $this->getId() . "] of type " . $this->getType()); } } $finalPath = $this->getFinalDownloadUrlPathWithoutKs(); if ($ksStr) { $finalPath .= "/ks/" . $ksStr; } if ($forceProxy) { $finalPath .= "/relocate/" . $this->getEntryId() . "." . $this->getFileExt(); } // Gonen May 12 2010 - removing CDN URLs. see ticket 5135 in internal mantis // in order to avoid conflicts with access_control (geo-location restriction), we always return the requestHost (www_host from kConf) // and not the CDN host relevant for the partner. // Tan-Tan January 27 2011 - in some places we do need the cdn, I added a paramter useCdn to force it. if ($useCdn) { // TODO in that case we should use the serve flavor and the url manager in order to support secured and signed urls $downloadUrl = myPartnerUtils::getCdnHost($partnerId) . $finalPath; } else { $downloadUrl = requestUtils::getRequestHost() . $finalPath; } return $downloadUrl; }
/** * * Gets KS for PS2 * @param string $secret * @param string $userId * @param KalturaSessionType $type * @param string $partnerId * @param int $expiry * @param unknown_type $privileges */ public static function getKs($secret, $userId = "", $type = 0, $partnerId = null, $expiry = 86400, $privileges = null) { $ks = ''; $result = kSessionUtils::startKSession($partnerId, $secret, $userId, $ks, $expiry, $type, "", $privileges); if ($result >= 0) { return $ks; } else { throw new Exception("Error starting admin session for: Partner: {$partnerId}, with Secret: {$secret} \n"); } }
/** * Start an impersonated session with Kaltura's server. * The result KS info contains the session key that you should pass to all services that requires a ticket. * Type, expiry and privileges won't be changed if they're not set * * @action impersonateByKs * @param string $session The old KS of the impersonated partner * @param KalturaSessionType $type Type of the new KS * @param int $expiry Expiry time in seconds of the new KS * @param string $privileges Privileges of the new KS * @return KalturaSessionInfo * * @throws APIErrors::START_SESSION_ERROR */ function impersonateByKsAction($session, $type = null, $expiry = null, $privileges = null) { KalturaResponseCacher::disableCache(); $oldKS = null; try { $oldKS = ks::fromSecureString($session); } catch (Exception $e) { KalturaLog::err($e->getMessage()); throw new KalturaAPIException(APIErrors::START_SESSION_ERROR, $this->getPartnerId()); } $impersonatedPartnerId = $oldKS->partner_id; $impersonatedUserId = $oldKS->user; $impersonatedType = $oldKS->type; $impersonatedExpiry = $oldKS->valid_until - time(); $impersonatedPrivileges = $oldKS->privileges; if (!is_null($type)) { $impersonatedType = $type; } if (!is_null($expiry)) { $impersonatedExpiry = $expiry; } if ($privileges) { $impersonatedPrivileges = $privileges; } // verify partner is allowed to start session for another partner $impersonatedPartner = null; if (!myPartnerUtils::allowPartnerAccessPartner($this->getPartnerId(), $this->partnerGroup(), $impersonatedPartnerId)) { $c = PartnerPeer::getDefaultCriteria(); $c->addAnd(PartnerPeer::ID, $impersonatedPartnerId); $impersonatedPartner = PartnerPeer::doSelectOne($c); } else { // get impersonated partner $impersonatedPartner = PartnerPeer::retrieveByPK($impersonatedPartnerId); } if (!$impersonatedPartner) { KalturaLog::err("Impersonated partner [{$impersonatedPartnerId} ]could not be fetched from the DB"); throw new KalturaAPIException(APIErrors::START_SESSION_ERROR, $this->getPartnerId()); } // set the correct secret according to required session type if ($impersonatedType == KalturaSessionType::ADMIN) { $impersonatedSecret = $impersonatedPartner->getAdminSecret(); } else { $impersonatedSecret = $impersonatedPartner->getSecret(); } $sessionInfo = new KalturaSessionInfo(); $result = kSessionUtils::startKSession($impersonatedPartnerId, $impersonatedSecret, $impersonatedUserId, $sessionInfo->ks, $impersonatedExpiry, $impersonatedType, '', $impersonatedPrivileges, $this->getPartnerId()); if ($result < 0) { KalturaLog::err("Failed starting a session with result [{$result}]"); throw new KalturaAPIException(APIErrors::START_SESSION_ERROR, $this->getPartnerId()); } $sessionInfo->partnerId = $impersonatedPartnerId; $sessionInfo->userId = $impersonatedUserId; $sessionInfo->expiry = $impersonatedExpiry; $sessionInfo->sessionType = $impersonatedType; $sessionInfo->privileges = $impersonatedPrivileges; return $sessionInfo; }
public function getDownloadUrlWithExpiry($expiry, $useCdn = false) { $ksStr = ""; $ksNeeded = true; $partnerId = $this->getPartnerId(); if (!PermissionPeer::isValidForPartner(PermissionName::FEATURE_ENTITLEMENT, $partnerId)) { $invalidModerationStatuses = array(entry::ENTRY_MODERATION_STATUS_PENDING_MODERATION, entry::ENTRY_MODERATION_STATUS_REJECTED); $entry = $this->getentry(); if ($entry && !in_array($entry->getModerationStatus(), $invalidModerationStatuses) && ($entry->getStartDate() === null || $entry->getStartDate(null) < time()) && ($entry->getEndDate() === null || $entry->getEndDate(null) > time() + 86400)) { $accessControl = $entry->getaccessControl(); if ($accessControl && !$accessControl->getRulesArray()) { $ksNeeded = false; } } } if ($ksNeeded) { $partner = PartnerPeer::retrieveByPK($partnerId); $secret = $partner->getSecret(); $privilege = ks::PRIVILEGE_DOWNLOAD . ":" . $this->getEntryId(); $privilege .= "," . kSessionBase::PRIVILEGE_DISABLE_ENTITLEMENT_FOR_ENTRY . ":" . $this->getEntryId(); $result = kSessionUtils::startKSession($partnerId, $secret, null, $ksStr, $expiry, false, "", $privilege); if ($result < 0) { throw new Exception("Failed to generate session for asset [" . $this->getId() . "] of type " . $this->getType()); } } $finalPath = $this->getFinalDownloadUrlPathWithoutKs(); if ($ksStr) { $finalPath .= "/ks/" . $ksStr; } // Gonen May 12 2010 - removing CDN URLs. see ticket 5135 in internal mantis // in order to avoid conflicts with access_control (geo-location restriction), we always return the requestHost (www_host from kConf) // and not the CDN host relevant for the partner. // Tan-Tan January 27 2011 - in some places we do need the cdn, I added a paramter useCdn to force it. if ($useCdn) { // TODO in that case we should use the serve flavor and the url manager in order to support secured and signed urls $downloadUrl = myPartnerUtils::getCdnHost($partnerId) . $finalPath; } else { $downloadUrl = requestUtils::getRequestHost() . $finalPath; } return $downloadUrl; }
/** * Start an impersonated session with Kaltura's server. * The result KS is the session key that you should pass to all services that requires a ticket. * * @action impersonate * @param string $secret Remember to provide the correct secret according to the sessionType you want * @param int $impersonatedPartnerId * @param string $userId * @param KalturaSessionType $type Regular session or Admin session * @param int $partnerId * @param int $expiry KS expiry time in seconds * @param string $privileges * @return string * * @throws APIErrors::START_SESSION_ERROR */ function impersonateAction($secret, $impersonatedPartnerId, $userId = "", $type = 0, $partnerId = null, $expiry = 86400, $privileges = null) { KalturaResponseCacher::disableCache(); // verify that partnerId exists and is in correspondence with given secret $result = myPartnerUtils::isValidSecret($partnerId, $secret, "", $expiry, $type); if ($result !== true) { throw new KalturaAPIException(APIErrors::START_SESSION_ERROR, $partnerId); } // verify partner is allowed to start session for another partner if (!myPartnerUtils::allowPartnerAccessPartner($partnerId, $this->partnerGroup(), $impersonatedPartnerId)) { throw new KalturaAPIException(APIErrors::START_SESSION_ERROR, $partnerId); } // get impersonated partner $impersonatedPartner = PartnerPeer::retrieveByPK($impersonatedPartnerId); if (!$impersonatedPartner) { // impersonated partner could not be fetched from the DB throw new KalturaAPIException(APIErrors::START_SESSION_ERROR, $partnerId); } // set the correct secret according to required session type if ($type == KalturaSessionType::ADMIN) { $impersonatedSecret = $impersonatedPartner->getAdminSecret(); } else { $impersonatedSecret = $impersonatedPartner->getSecret(); } // make sure the secret fits the one in the partner's table $ks = ""; $result = kSessionUtils::startKSession($impersonatedPartner->getId(), $impersonatedSecret, $userId, $ks, $expiry, $type, "", $privileges, $partnerId); if ($result >= 0) { return $ks; } else { throw new KalturaAPIException(APIErrors::START_SESSION_ERROR, $partnerId); } }
/** * @param CaptionAsset $captionAsset * @param int $expiry * @return string */ protected static function generateKsForCaptionServe($captionAsset, $expiry = 86400) { $partnerId = $captionAsset->getPartnerId(); $partner = PartnerPeer::retrieveByPK($partnerId); $secret = $partner->getSecret(); $privilege = self::KS_PRIVILEGE_CAPTION . ":" . $captionAsset->getEntryId(); $ksStr = ''; kSessionUtils::startKSession($partnerId, $secret, null, $ksStr, $expiry, false, "", $privilege); return $ksStr; }
protected function generateLimitedKs($partnerId, $stateData) { $partner = $this->getPartner($partnerId); $limitedKs = ''; $expiry = 30 * 60; // 30 minutes $privileges = kSessionBase::PRIVILEGE_ACTIONS_LIMIT . ':0'; $additionalData = json_encode($stateData); $result = kSessionUtils::startKSession($partnerId, $partner->getAdminSecret(), '', $limitedKs, $expiry, kSessionBase::SESSION_TYPE_ADMIN, '', $privileges, null, $additionalData); if ($result < 0) { throw new Exception('Failed to create limited session for partner ' . $partnerId); } return $limitedKs; }
private function getAdminKs($partnerId, $secret) { $ks = ''; $result = kSessionUtils::startKSession($partnerId, $secret, '', $ks, 86400, KalturaSessionType::ADMIN, '', null); if ($result >= 0) { return $ks; } else { $this->fail('Start session error'); } }