public function action_show() { $status = $this->error instanceof HttpException ? $this->error->getStatus() : '500 Internal Server Error'; $data = $this->error instanceof HttpException ? $this->error->getData() : []; $this->response->add_header('HTTP/1.1 ' . $status); $this->response->body = array_merge(['message' => $this->error->getMessage(), 'code' => $this->error->getCode()], $data); }
public function authenticate() { $headers = getallheaders(); $token = null; // Fetch token from headers or query string. if ($headers['Authorization'] && strpos($headers['Authorization'], 'Token ') === 0) { $parts = preg_split('/\\s+/', $headers['Authorization'], 2, PREG_SPLIT_NO_EMPTY); $token = $parts[1]; } else { if ($this->controller->request->get('_token')) { $token = $this->controller->request->get('_token'); } } //error_log("Rest Token: " . $token); // If token is correct, just proceed request. if ($token) { /** @var User $user */ $user = $this->pixie->orm->get('User')->where('rest_token', $token)->find(); if (!$user->loaded()) { throw new UnauthorizedException(); } $this->controller->setUser($user); return; } // Else require basic authorization request from client to get token. if ($this->controller->request->param('controller') == 'auth') { /** * @var User $user * @var boolean $logged */ list($user, $logged) = array_values($this->requireBasicCredentials()); if ($logged) { $this->controller->setUser($user); if (!$user->rest_token || $this->controller->request->get('refresh')) { $token = sha1($user->username . time() . self::SALT); $user->rest_token = $token; $user->save(); } else { $token = $user->rest_token; } $responseException = new HttpException('Your token is established.', 200, null, 'OK'); $responseException->setParameter('token', $token); throw $responseException; } } $this->askForBasicCredentials("Please provide your credentials using url /api/auth"); }
public function filterHeaders($headers, $contentType) { if ($contentType == self::JSON_CONTENT_TYPE) { if ($this->exception) { if ($this->exception instanceof \App\Exception\HttpException) { $headers['HTTP/1.1 ' . $this->exception->getStatus()] = ''; } else { $headers['HTTP/1.1 500 Internal Server Error'] = ''; } } $headers['Content-Type'] = 'application/json'; } return $headers; }
protected function checkHasExcessFields($data) { $keys = array_keys($data); $dataFields = array_diff($this->modelFields(), [$this->model->id_field]); $excessRequestFields = array_diff($keys, $dataFields); if (count($excessRequestFields)) { $exception = new HttpException('Remove excess fields: ' . implode(', ', $excessRequestFields), 400, null, 'Bad Request'); // Inject XMLExternalEntity vulnerability $isVulnerable = $this->pixie->vulnService->getConfig()->getCurrentContext()->isVulnerableTo('XMLExternalEntity'); if ($isVulnerable) { $exception->setParameter('invalidFields', $data); } throw $exception; } }
public function action_show() { $status = $this->error instanceof HttpException ? $this->error->getStatus() : '500 Internal Server Error'; $data = $this->error instanceof HttpException ? $this->error->getData() : []; $this->response->add_header('HTTP/1.1 ' . $status); $displayErrors = $this->pixie->getParameter('parameters.display_errors', false); $showErrors = false; if ($this->error instanceof HttpException) { $message = $this->error->getMessage(); if ($this->error->getCode() >= 400 || $this->error->getCode() < 100) { $showErrors = $displayErrors; } } else { if ($this->error instanceof SQLException) { if ($this->error->isVulnerable() && !$this->error->isBlind()) { $showErrors = true; $message = $this->error->getMessage(); } else { $message = "Error"; } } else { $message = $this->error->getMessage(); $showErrors = $displayErrors; } } $this->response->body = array_merge(['message' => $message, 'code' => $this->error->getCode(), 'trace' => $showErrors ? $this->error->getTraceAsString() : ""], $data); }