public function updateUrlInfo($contextscript)
{
$haschanges = false;
$script = ContextScript::getContextScript($contextscript);
if ($script === null || intval($script->id) <= 0) {
return true;
}
//Check ownership
if ($this->ownsScript($script) === false) {
throw new Exception("Cannot remove contextualization script of a different software appliance");
}
//URL checking
$data = ContextScript::checkUrl($script->url);
if (is_string($data)) {
throw new Exception($data);
} else {
if (trim($script->checksum) !== trim($data["md5"])) {
$haschanges = true;
}
$script->name = $data["name"];
$script->size = $data["size"];
$script->checksum = $data["md5"];
$script->checksumfunc = "md5";
}
//Save context script entry
if ($this->user) {
$script->lastupdatedByID = $this->user->id;
}
$script->lastupdatedon = "NOW()";
$script->save();
if ($haschanges === true) {
//remove old script from storage
ContextualizationStorage::remove($script, $this->entry, $this->user->id);
//Store context script file
$script->guid = generate_uuid_v4();
$script->save();
}
$stored = ContextualizationStorage::store($script, $this->swappliance, $this->entry, $data["data"]);
if (is_string($stored)) {
throw new Exception($stored);
}
$this->save();
}
public function authenticationAction()
{
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
$uid = $this->session->userid;
header("Content-Type:text/xml");
echo "<" . "?xml version='1.0'?" . ">";
//Check if user is logged in
if ($_SERVER['HTTPS'] != "on") {
header("HTTP/1.0 403 Forbidden");
return;
}
if ($uid == null) {
header("HTTP/1.0 403 Forbidden");
echo "<apikeys error='Not logged in' ></apikeys>";
return;
}
if ($_SERVER['REQUEST_METHOD'] == 'DELETE') {
header("HTTP/1.0 400 Bad Request");
return;
}
if ($_SERVER['REQUEST_METHOD'] == "PUT") {
parse_str(file_get_contents("php://input"), $post_vars);
$keyid = null;
$passwd = null;
$displayname = null;
if (isset($post_vars["key"])) {
$keyid = $post_vars["key"];
}
if (isset($post_vars["pwd"])) {
$passwd = $post_vars["pwd"];
}
if (isset($post_vars["name"])) {
$displayname = $post_vars["name"];
}
if ($keyid === null) {
header("HTTP/1.0 400 Bad Request");
return;
}
if ($passwd === null) {
header("HTTP/1.0 400 Bad Request");
return;
}
if ($displayname === null) {
header("HTTP/1.0 400 Bad Request");
return;
}
$apikeys = new Default_Model_APIKeys();
$apikeys->filter->id->equals($keyid)->and($apikeys->filter->ownerid->equals($uid));
if (count($apikeys->items) == 0) {
header("HTTP/1.0 404 Not Found");
echo "<apikeys error='Could not retrieve key' ></apikeys>";
return;
}
$apikey = $apikeys->items[0];
if ($apikey->ownerid != $uid) {
header("HTTP/1.0 404 Not Found");
echo "<apikeys error='Could not retrieve key for user' ></apikeys>";
return;
}
if ($apikey->sysaccountid != null) {
header("HTTP/1.0 405 Method Not Allowed");
echo "<apikeys error='Api key is already associated with a system user account' ></apikeys>";
return;
}
$users = new Default_Model_Researchers();
$users->filter->id->equals($uid);
if (count($users->items) == 0) {
header("HTTP/1.0 404 Not Found");
echo "<apikeys error='Session user not found' ></apikeys>";
return;
}
$usercountryid = $users->items[0]->countryid;
$user = new Default_Model_Researcher();
$uname = "appdb-" . generate_uuid_v4();
$user->firstname = "";
$user->lastname = $displayname;
$user->institution = "";
$user->username = $uname;
$user->password = md5($passwd);
$user->accountType = 1;
$user->countryid = $usercountryid;
$user->positionTypeId = 4;
$user->save();
$apikeys = new Default_Model_APIKeys();
$apikeys->filter->id->equals($keyid);
$apikeys = $apikeys->items[0];
$apikeys->sysaccountid = $user->id;
$apikeys->authmethods = 2;
$apikeys->save();
} else {
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$data = json_decode($_POST["data"]);
$keyid = $data->keyid;
//Check if api key exists
$apikeys = new Default_Model_APIKeys();
$apikeys->filter->id->equals($keyid)->and($apikeys->filter->ownerid->equals($uid));
if (count($apikeys->items) == 0) {
header("HTTP/1.0 404 Not Found");
echo "<apikeys error='Could not retrieve key' ></apikeys>";
return;
}
//Check if sys account exists
$apikey = $apikeys->items[0];
$sysid = $apikey->sysaccountid;
$rs = new Default_Model_Researchers();
$rs->filter->id->equals($sysid);
if (count($rs->items) == 0) {
header("HTTP/1.0 404 Not Found");
echo "<apikeys error='Could not retrieve system user account.' ></apikeys>";
return;
}
//Check request type
if (isset($data->sysdisplayname)) {
//update system user name
if (trim($data->sysdisplayname) == "") {
header("HTTP/1.0 400 Bad Request");
echo "<apikeys error='Empty names are not allowed.' ></apikeys>";
return;
}
$s = $rs->items[0];
$s->firstname = "";
$s->lastname = $data->sysdisplayname;
$s->save();
} else {
if (isset($data->old)) {
//change password
$s = $rs->items[0];
if (!$data->new || trim($data->new) == "") {
header("HTTP/1.0 400 Bad Request");
echo "<apikeys error='Empty value for the new password is not allowed.' ></apikeys>";
return;
}
if ($s->password != md5($data->old)) {
header("HTTP/1.0 400 Bad Request");
echo "<apikeys error='The provided value for the old password is incorrect.' ></apikeys>";
return;
}
$s->password = md5($data->new);
$s->save();
} else {
if (isset($data->msg)) {
$msg = base64_decode($data->msg);
if (trim($msg) == '') {
header("HTTP/1.0 400 Bad Request");
echo "<apikeys error='Empty message is not allowed' ></apikeys>";
return;
}
$res = APIKeyRequests::sendPermissionsRequest($uid, $keyid, $msg);
if ($res !== true && trim($res) !== '') {
header("HTTP/1.0 400 Bad Request");
echo "<apikeys error='" . $res . "' ></apikeys>";
return;
}
} else {
header("HTTP/1.0 400 Bad Request");
return;
}
}
}
}
}
//Return xml representation of API keys for the current user
$apikeys = new Default_Model_APIKeys();
$apikeys->filter->ownerid->equals($uid)->and($apikeys->filter->authmethods->notequals(0));
$apikeys = $apikeys->items;
echo "<apikeys count='" . count($apikeys) . "' >";
if (count($apikeys) > 0) {
foreach ($apikeys as $apikey) {
echo "<apikey id='" . $apikey->id . "' key='" . $apikey->key . "' ownerid='" . $apikey->ownerid . "' createdon='" . $apikey->createdon . "' authmethods='" . $apikey->authmethods . "' ";
if ($apikey->sysaccountid != null) {
echo "sysaccount='" . $apikey->sysaccountid . "' ";
$rscs = new Default_Model_Researchers();
$rscs->filter->id->equals($apikey->sysaccountid);
if (count($rscs->items) > 0) {
echo "sysusername='******' ";
echo "sysdisplayname='" . $rscs->items[0]->lastname . "' ";
}
}
$netfilters = new Default_Model_APIKeyNetfilters();
$netfilters->filter->keyid->equals($apikey->id);
$netfilters = $netfilters->items;
if (count($netfilters) > 0) {
echo "netfilters='" . count($netfilters) . "' >";
foreach ($netfilters as $netfilter) {
echo "<netfilter value='" . $netfilter->netfilter . "' ></netfilter>";
}
} else {
echo "netfilters='0'>";
}
echo "</apikey>";
}
}
echo "</apikeys>";
}
