/**
* This extended constructor is setting up
* the underlying AuthorizationServer with
* the grant types that GLPi Plugins support
* on it's OAuth2 Framework
*/
public function __construct()
{
parent::__construct();
$this->setSessionStorage(OAuthHelper::getSessionStorage());
$this->setAccessTokenStorage(OAuthHelper::getAccessTokenStorage());
$this->setRefreshTokenStorage(OAuthHelper::getRefreshTokenStorage());
$this->setClientStorage(OAuthHelper::getClientStorage());
$this->setScopeStorage(OAuthHelper::getScopeStorage());
$this->setAuthCodeStorage(new AuthCodeStorage());
// Adding the password grant to able users to login by themselves
$passwordGrant = new PasswordGrant();
$passwordGrant->setVerifyCredentialsCallback(function ($login, $password) {
$user = User::where(function ($q) use($login) {
return $q->where('email', '=', $login)->orWhere('username', '=', $login);
});
$count = $user->count();
if ($count < 1) {
return false;
}
if ($count > 1) {
throw new \Exception('Dangerous, query result count > 1 when user tried' . ' to log with login "' . $login . '" ' . 'and password "' . $password . '"');
return false;
} elseif ($count == 0) {
return false;
} else {
$user = $user->first();
if ($user->assertPasswordIs($password)) {
return $user->id;
} else {
return false;
}
}
});
$this->addGrantType($passwordGrant);
$appGrant = new ClientCredentialsGrant();
$this->addGrantType($appGrant);
$refreshTokenGrant = new RefreshTokenGrant();
$this->addGrantType($refreshTokenGrant);
}
<?php
use Illuminate\Database\Capsule\Manager as DB;
use API\Core\Tool;
use API\Model\Plugin;
use API\OAuthServer\OAuthHelper;
$version_plugins = Tool::makeEndpoint(function ($version) {
OAuthHelper::needsScopes(['version', 'plugins']);
$plugins = Tool::paginateCollection(Plugin::short()->with('authors', 'versions', 'descriptions')->withAverageNote()->descWithLang(Tool::getRequestLang())->withGlpiVersion($version));
Tool::endWithJson($plugins);
});
$app->get('/version/:version/plugin', $version_plugins);
$app->options('/version/:version/plugin', function () {
});
$tags = $tags->withLang('en');
} else {
$tags = $tags->withLang(Tool::getRequestLang());
}
Tool::endWithJson($tags->get());
});
$tag_single = Tool::makeEndpoint(function ($key) use($app) {
OAuthHelper::needsScopes(['tag']);
$tag = Tag::where('key', '=', $key)->first();
if ($tag == NULL) {
throw new \API\Exception\ResourceNotFound('Tag', $key);
}
Tool::endWithJson($tag);
});
$tag_plugins = Tool::makeEndpoint(function ($key) use($app) {
OAuthHelper::needsScopes(['tag', 'plugins']);
$tag = Tag::where('key', '=', $key)->first();
if ($tag == NULL) {
throw new \API\Exception\ResourceNotFound('Tag', $key);
}
$plugins = Tool::paginateCollection(Plugin::with('versions', 'authors')->short()->withAverageNote()->descWithLang(Tool::getRequestLang())->withTag($tag));
Tool::endWithJson($plugins);
});
// HTTP rest map
$app->get('/tags', $tags_all);
$app->get('/tags/top', $tags_top);
$app->get('/tags/:id/plugin', $tag_plugins);
$app->get('/tags/:id', $tag_single);
$app->options('/tags', function () {
});
$app->options('/tags/top', function () {
* /plugin/popular
* /plugin/trending
* /plugin/star
*/
use API\Core\Tool;
use API\Core\Mailer;
use Illuminate\Database\Capsule\Manager as DB;
use API\Model\Message;
use ReCaptcha\ReCaptcha;
use API\OAuthServer\OAuthHelper;
use API\Exception\InvalidField;
use API\Exception\MissingField;
use API\Exception\InvalidRecaptcha;
require dirname(__FILE__) . '/../../config.php';
$send = Tool::makeEndpoint(function () use($app) {
OAuthHelper::needsScopes(['message']);
$msg_alerts_settings = Tool::getConfig()['msg_alerts'];
$body = Tool::getBody();
$fields = ['firstname', 'lastname', 'email', 'subject', 'message'];
$recaptcha = new ReCaptcha(Tool::getConfig()['recaptcha_secret']);
$resp = $recaptcha->verify($body->recaptcha_response);
if (!$resp->isSuccess()) {
throw new InvalidRecaptcha();
}
foreach ($fields as $prop) {
if (!property_exists($body->contact, $prop)) {
throw new MissingField($prop);
} else {
switch ($prop) {
case 'email':
if (gettype($body->contact->email) != 'string' || !filter_var($body->contact->email, FILTER_VALIDATE_EMAIL)) {
} else {
$user_app->homepage_url = $body->homepage_url;
}
}
if (isset($body->description)) {
if (gettype($body->description) != 'string' || !App::isValidDescription($body->description)) {
throw new InvalidField('description');
} else {
$user_app->description = $body->description;
}
}
$user_app->save();
Tool::endWithJson($user_app);
});
$user_delete_app = Tool::makeEndpoint(function ($id) use($app, $resourceServer) {
OAuthHelper::needsScopes(['user', 'user:apps']);
$body = Tool::getBody();
$user_id = $resourceServer->getAccessToken()->getSession()->getOwnerId();
$user = User::where('id', '=', $user_id)->first();
$user_app = $user->apps()->find($id);
if ($user_app) {
$user_app->delete();
$app->halt(200);
} else {
throw new ResourceNotFound('App', $id);
}
});
// HTTP REST Map
$app->get('/user/apps', $user_apps);
$app->get('/user/apps/:id', $user_app);
$app->put('/user/apps/:id', $user_edit_app);
$body = Tool::getBody();
$user = OAuthHelper::currentlyAuthed();
$plugin = Plugin::where('key', '=', $key)->first();
if (!$plugin) {
throw new ResourceNotFound('Plugin', $key);
}
$watch = $user->watchs()->where('plugin_id', '=', $plugin->id)->first();
if ($watch) {
$watch->delete();
} else {
$app->halt(404);
}
$app->halt(200);
});
$user_search = Tool::makeEndpoint(function () {
OAuthHelper::needsScopes(['users:search']);
$body = Tool::getBody();
if (!isset($body->search) || gettype($body->search) != 'string') {
throw new InvalidField('search');
}
$search = $body->search;
$results = User::select(['username', 'realname'])->where('username', 'LIKE', "%{$search}%")->orWhere('realname', 'LIKE', "%{$search}%")->orWhere('email', '=', $search)->get();
Tool::endWithJson($results);
});
$user_send_password_reset_link = Tool::makeEndpoint(function () use($app) {
$body = Tool::getBody();
if (!isset($body->email) || gettype($body->email) !== 'string') {
throw new InvalidField('email');
}
// -- <this_is_not_used_for_now> --
// rejecting if request isn't signed by
<?php
/**
* Search
*
* This REST module hooks on
* following URLs
*
* /search
*/
use API\Core\Tool;
use Illuminate\Database\Capsule\Manager as DB;
use API\OAuthServer\OAuthHelper;
// Minimal length of search string
$search_min_length = 2;
$search = Tool::makeEndpoint(function () use($app) {
OAuthHelper::needsScopes(['plugins:search']);
global $search_min_length, $allowed_languages;
$body = Tool::getBody();
if ($body == NULL || !isset($body->query_string) || strlen($body->query_string) < $search_min_length) {
Tool::endWithJson(["error" => "Your search string needs to " . "have at least " . $search_min_length . " chars"], 400);
}
$query_string = $body->query_string;
$_search = Tool::paginateCollection(\API\Model\Plugin::short()->with('authors', 'versions', 'descriptions')->withAverageNote()->descWithLang(Tool::getRequestLang())->where('active', '=', true)->where(function ($q) use($query_string) {
return $q->where('name', 'LIKE', "%{$query_string}%")->orWhere('key', 'LIKE', "%{$query_string}%")->orWhere('plugin_description.short_description', 'LIKE', "%{$query_string}%")->orWhere('plugin_description.long_description', 'LIKE', "%{$query_string}%");
})->orderBy('download_count', 'DESC')->orderBy('note', 'DESC')->orderBy('name', 'ASC'));
Tool::endWithJson($_search);
});
$app->post('/search', $search);
$app->options('/search', function () {
});
<?php
require 'vendor/autoload.php';
use API\Core\Tool;
use API\OAuthServer\OAuthHelper;
// Initialisation of Database (Illuminate)
// and webapp global object
\API\Core\DB::initCapsule();
$app = new \Slim\Slim();
// Instantiating the Resource Server
$resourceServer = new \League\OAuth2\Server\ResourceServer(OAuthHelper::getSessionStorage(), OAuthHelper::getAccessTokenStorage(), OAuthHelper::getClientStorage(), OAuthHelper::getScopeStorage());
// Loading all REST modules
// with their endpoints like that:
// inside 'src/endpoints'
$dir_endpoints = opendir('src/endpoints');
while ($ent = readdir($dir_endpoints)) {
// For each .php file
if (preg_match('/^(.*)\\.php$/', $ent, $m)) {
$endpoint = $m[0];
// Read the file with PHP
require 'src/endpoints/' . $endpoint;
}
}
closedir($dir_endpoints);
// JSON 404 response
$app->notFound(Tool::makeEndpoint(function () {
throw new \API\Exception\InvalidEndpoint();
}));
// Welcoming browsers when they reach /api
$app->get('/', function () use($app) {
$app->halt(200);
if ($user->email) {
$author->gravatar = md5(strtolower(trim($user->email)));
}
}
Tool::endWithJson($author);
});
$author_plugins = Tool::makeEndpoint(function ($id) use($app) {
OAuthHelper::needsScopes(['author', 'plugins']);
$author = \API\Model\Author::where('id', '=', $id)->first();
if (!$author) {
throw new \API\Exception\ResourceNotFound('Author', $id);
}
Tool::endWithJson(Tool::paginateCollection(\API\Model\Plugin::with('versions', 'authors', 'descriptions')->short()->withAverageNote()->descWithLang(Tool::getRequestLang())->whereAuthor($author->id)));
});
$claim_authorship = Tool::makeEndpoint(function () use($app, $resourceServer) {
OAuthHelper::needsScopes(['user']);
$body = Tool::getBody();
$user_id = $resourceServer->getAccessToken()->getSession()->getOwnerId();
$user = User::where('id', '=', $user_id)->first();
// We ensure the recatpcha_response
// is provided as a string
if (!isset($body->recaptcha_response) || gettype($body->recaptcha_response) != 'string') {
throw new InvalidRecaptcha();
}
// and we verify it with recaptcha
Tool::assertRecaptchaValid($body->recaptcha_response);
if (!isset($body->author) || gettype($body->author) != 'string' || strlen($body->author) > 90) {
throw new InvalidField('author');
}
if (!($author = Author::where('name', '=', $body->author)->first())) {
throw new ResourceNotFound('Author', $body->author);
Tool::endWithJson(["error" => "you try to note a plugin that doesn't exists"], 400);
}
$plugin_star = new PluginStar();
$plugin_star->note = $body->note;
$plugin_star->date = DB::raw('NOW()');
$plugin->stars()->save($plugin_star);
$plugin = Plugin::withAverageNote()->find($body->plugin_id);
// returning new average
Tool::endWithJson(["new_average" => $plugin->note]);
});
/**
* Method called when an user submits a plugin
*/
$submit = Tool::makeEndpoint(function () use($app) {
OAuthHelper::needsScopes(['plugin:submit']);
$user = OAuthHelper::currentlyAuthed();
$body = Tool::getBody();
$recaptcha = new ReCaptcha(Tool::getConfig()['recaptcha_secret']);
$resp = $recaptcha->verify($body->recaptcha_response);
if (!$resp->isSuccess()) {
throw new InvalidRecaptcha();
}
if (!isset($body->plugin_url) || gettype($body->plugin_url) != 'string') {
throw new InvalidField('plugin_url');
}
// Quickly validating
if (Plugin::where('xml_url', '=', $body->plugin_url)->count() > 0) {
throw new UnavailableName('XML_URL', $body->plugin_url);
}
$xml = @file_get_contents($body->plugin_url);
if (!$xml) {
