/** * This method validates that the action type passed is a valid one. * * This method will look in the loginrequired and partnerId (pid) required * actions array for the key passed. If it's missing, it's not allowed. * * ANY ACTION must be either logged or contain partner id/key * * @param string $type The type to validate * @return bool Type is valid or it is not. */ public static function validateActionType($type) { if (!Frapi_Rules::isPartnerAction($type)) { return false; } return true; }
/** * This method will verify the data that has been passed and authorize it or not. * * It will return an error in case it does not authorize. * * @return mixed Error in case it is not valid True if it is for * partner, or if login is valid. */ public function authorize() { $valid = Frapi_Rules::isPartnerAction($this->getAction()); if (!$valid) { return false; } /** * Make sure the params needed are passed * if not, return an error with invalid partner * id/key */ $partnerID = isset($this->params['email']) ? $this->params['email'] : false; $partnerKey = isset($this->params['secretKey']) ? $this->params['secretKey'] : false; if (!empty($partnerID) && !empty($partnerKey)) { /** * Last step, validate the partner information * using the security Context */ $partnerID = $this->params['email']; $partnerKey = $this->params['secretKey']; $security = new Frapi_Security(); $securityPass = $security->isPartner($partnerID, $partnerKey); // Seems ok to me.. might as well go through. return true; } header('WWW-Authenticate: Basic realm="API Authentication"'); exit(0); }
/** * This method will verify the data that has been passed and authorize it or not. * * It will return an error in case it does not authorize. * * @return mixed Error in case it is not valid True if it is for * partner, or if login is valid. */ public function authorize() { $valid = Frapi_Rules::isPartnerAction($this->getAction()); if (!$valid) { return false; } $auth = new Frapi_Authorization_HTTP_Digest(); /** * Make sure the params needed are passed * if not, return an error with invalid partner * id/key */ if (!empty($this->params['digest'])) { $authed = $auth->authorize(); return true; } $auth->send(); }
/** * Detect and set the output format and mimetype * * This method bases it's detection on the ACCEPT header passed * to the API. * * @return array of mimetype, outputFormat and params */ public function detectOutputFormat() { $mimetypes = Frapi_Output::getMimeTypeMap(); if ($mimetypes) { $this->mimeMaps = $mimetypes; } $types = $this->parseAcceptHeader(); $return = array('outputFormat' => false, 'mimetype' => false, 'params' => array()); if (!empty($types)) { $mimetypes = $this->parseMimeTypes(); foreach ($types as $type) { if (isset($this->mimeMaps[$type['mimetype']])) { $return['outputFormat'] = $this->mimeMaps[$type['mimetype']]; $return['mimetype'] = $type['mimetype']; $return['params'] = isset($type['params']) ? $type['params'] : array(); break; } else { foreach ($mimetypes as $mimetype) { $matches = array(); if (preg_match($mimetype['pattern'], $type['mimetype'], $matches)) { $return['mimetype'] = $type['mimetype']; $return['params'] = isset($type['params']) ? $type['params'] : array(); if ($mimetype['output_format'][0] == ':') { $format = substr($mimetype['output_format'], 1); if (!empty($matches[$format]) && Frapi_Rules::validateOutputType($matches[$format])) { $return['outputFormat'] = $matches[$format]; } } else { $return['outputFormat'] = $mimetype['output_format']; } foreach ($mimetype['params'] as $param) { $return['params'][$param] = $matches[$param]; } break 2; } } } } } // Final catch-all (for cases like Accept: */*) if (!$return['outputFormat']) { $return['outputFormat'] = $this->getDefaultFormatFromConfiguration(); $return['mimetype'] = Frapi_Output::getMimeTypeByFormat($return['outputFormat']); } $this->setOutputFormat($return['outputFormat']); return $return; }
/** * Set format * * This method will check if the format is * an acceptable one, if so it'll set it to the * requested format. * * In the case where there are no format passed, we * default the value to 'xml' * * @param string $format The format to use. * @throws Frapi_Error */ protected function setFormat($format = false) { if ($format) { $typeValid = Frapi_Rules::validateOutputType($format); $this->format = $format; } else { throw new Frapi_Error(Frapi_Error::ERROR_INVALID_URL_PROMPT_FORMAT_NAME, Frapi_Error::ERROR_INVALID_URL_PROMPT_FORMAT_MSG, Frapi_Error::ERROR_INVALID_URL_PROMPT_FORMAT_NO); } }
/** * Authorize * * This method authenticates by verifying if the requested action * is made by a **partner** or if it's a public action. * * Partner is a term I grabbed when working at mobivox. They are not * users in the term that they need to register and keep a logged in * session but stateless "users". I decided to keep that term since * it makes more sense than "statelessUser"; * * @return boolean Either it's authorized or not. */ public function authorize() { // If this is a public action, it doesn't need authorization. if (Frapi_Rules::isPublicAction($this->getAction())) { return true; } //For Basic HTTP Auth, use headers automatically filled by PHP, if available. $headers = $_SERVER; $auth_params = array("email" => isset($headers['PHP_AUTH_USER']) ? $headers['PHP_AUTH_USER'] : null, "secretKey" => isset($headers['PHP_AUTH_PW']) ? $headers['PHP_AUTH_PW'] : null); // First step: Set the state of the context objects. $partner = $this->authorization->getPartner()->setAction($this->getAction())->setAuthorizationParams($auth_params); /** * Second step: Run the authorization, error in case of * error in returned values, else it's just a true. */ $partnerAuth = $partner->authorize(); /** * Step Three: If we have no partner * auth we return an error of invalid requested action * because if the action is not found in the contexts * it returns true. * * If it is found but has an error, it throws Frapi_Error * * If it is ok, it returns true. */ if (!$partnerAuth) { throw new Frapi_Error(Frapi_Error::ERROR_INVALID_ACTION_REQUEST_NAME, Frapi_Error::ERROR_INVALID_ACTION_REQUEST_MSG, Frapi_Error::ERROR_INVALID_ACTION_REQUEST_NO); } return true; }