/**
* Run Controller
*
* @param ServerRequestInterface $request PSR7 Request object
* @param ResponseInterface $response PSR7 Response object
* @param array $args Request arguments
* @return ResponseInterface
*/
public function dispatch(Request $request, Response $response, $args)
{
$netid = $request->getHeaderLine('AUTH_PRINCIPAL');
$eppa = $request->getHeaderLine('AUTH_ATTR_EDUPERSONPRIMARYAFFILIATION');
$albumID = $args['album_id'] ?? $request->getQueryParams()['album'] ?? 1;
$view_attr = ['page_title' => 'SlimSkeleton | Example', 'username' => $netid, 'eppa' => $eppa, 'data' => $this->service->getPhotos($albumID)];
return $this->view->render($response, 'example.html', $view_attr);
}
public function parseHttpRequest(ServerHttpRequest $httpRequest, array $attributes) : RequestInterface
{
$rpHelper = new HttpRequestParserHelper($httpRequest);
$validator = $rpHelper->getValidator();
$validator->required('token')->uuid();
$validator->required('pass_code')->length(40);
return new Request(self::MESSAGE, $rpHelper->filterAndValidate(['token' => $httpRequest->getHeaderLine('Authentication-Token'), 'pass_code' => $httpRequest->getHeaderLine('Authentication-Pass-Code')]), $httpRequest);
}
public function it_can_parse_a_HttpRequest(ServerRequestInterface $httpRequest)
{
$token = Uuid::uuid4()->toString();
$passCode = bin2hex(random_bytes(20));
$httpRequest->getHeaderLine('Accept')->shouldBeCalled();
$httpRequest->getHeaderLine('Authentication-Token')->willReturn($token);
$httpRequest->getHeaderLine('Authentication-Pass-Code')->willReturn($passCode);
$request = $this->parseHttpRequest($httpRequest, []);
$request->shouldHaveType(RequestInterface::class);
$request->getRequestName()->shouldReturn(RefreshTokenHandler::MESSAGE);
$request['token']->shouldBe($token);
$request['pass_code']->shouldBe($passCode);
}
/**
* {@inheritdoc}
*
* @throws \RuntimeException
*/
public function isExcluded(ServerRequestInterface $request)
{
if (!count($this->headers)) {
throw new \RuntimeException('No headers defined in header excluder');
}
foreach ($this->headers as $header => $value) {
if ($value === null && $request->hasHeader($header)) {
return true;
} elseif ($value !== null && (trim($value) === $request->getHeaderLine($header) || @preg_match(trim($value), $request->getHeaderLine($header)))) {
return true;
}
}
return false;
}
/**
* attempt to build up a request from a PSR-7 compatible request
*
* @param ServerRequestInterface $request
* @return Request
*/
public static function fromPsrRequest(ServerRequestInterface $request)
{
$url = (string) $request->getUri();
$httpMethod = $request->getMethod();
// Let's find the parameters relevant to this request
$parameters = (array) $request->getParsedBody() + $request->getQueryParams();
// We have a Authorization-header with OAuth data. Parse the header
// and add those overriding any duplicates from GET or POST
if (substr($request->getHeaderLine('Authorization'), 0, 6) == 'OAuth ') {
$header_parameters = Util::splitHeader($request->getHeaderLine('Authorization'));
$parameters = array_merge($parameters, $header_parameters);
}
return new Request($httpMethod, $url, $parameters);
}
private function isAllowed(RequestInterface $request, ServerHttpRequest $httpRequest)
{
if (in_array($request->getRequestName(), $this->publicMessageNames, true)) {
return true;
}
try {
$this->tokenService->getToken(Uuid::fromString($httpRequest->getHeaderLine('Authentication-Token')), $httpRequest->getHeaderLine('Authentication-Pass-Code'));
return true;
} catch (\Throwable $exception) {
if (!$exception instanceof AuthException) {
$this->log(LogLevel::ERROR, $exception->getMessage());
}
return false;
}
}
public function __invoke(Request $req, Response $res, $args = [])
{
$vaultName = $args['vaultName'];
if (!($vault = Vault::get($vaultName))) {
return $res->withStatus(404);
}
if (!($partSize = $req->getHeaderLine('x-amz-part-size'))) {
return $res->withStatus(400)->write('Part size missing.');
}
if (!($desc = $req->getHeaderLine('x-amz-archive-description'))) {
$desc = '';
}
$m = $vault->createMultipart($partSize, $desc);
return $res->withStatus(201)->withHeader('x-amz-multipart-upload-id', $m->getId());
}
/**
* Invoking the middleware
*
* @param ServerRequestInterface $request
* @param ResponseInterface $response
* @param callable $next
* @return ResponseInterface $response
* @throws InternalServerError
* @throws UnsupportedMediaType
*/
public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next = null)
{
// Make sure we have deserializers
if (!isset($this->container['contentTypes'])) {
throw new InternalServerError('No serializers seems to be configured');
}
// Make sure we have a content type header to work with
if ($request->hasHeader('Content-Type')) {
// Get the content of the header
$header = $request->getHeaderLine('Content-Type');
// Make sure the header value isn't empty
if (!empty($header)) {
// Get priorities
$supported = $this->container['contentTypes'];
// Remove included parts that aren't part of the RFC
$header = preg_replace('/(;[a-z]*=[a-z0-9\\-]*)/i', '', $header);
// Replace the original header value
$request = $request->withHeader('Content-Type', $header);
// Check if the content type is supported
if (!in_array($header, $supported)) {
// The content type isn't supported
throw new UnsupportedMediaType('Can not handle the supplied content type. Supported types are ' . implode(', ', $supported));
}
}
}
// Call next middleware
return $next($request, $response, $next);
}
/**
* @param Request $request
* @return Request
*/
protected function logIn(Request $request)
{
$header = $request->getHeaderLine('authorization');
$parts = explode(';', $header);
$actor = new Guest();
if (isset($parts[0]) && starts_with($parts[0], $this->prefix)) {
$token = substr($parts[0], strlen($this->prefix));
if (($accessToken = AccessToken::find($token)) && $accessToken->isValid()) {
$actor = $accessToken->user;
$actor->updateLastSeen()->save();
} elseif (isset($parts[1]) && ($apiKey = ApiKey::valid($token))) {
$userParts = explode('=', trim($parts[1]));
if (isset($userParts[0]) && $userParts[0] === 'userId') {
$actor = User::find($userParts[1]);
}
}
}
if ($actor->exists) {
$locale = $actor->getPreference('locale');
} else {
$locale = array_get($request->getCookieParams(), 'locale');
}
if ($locale && $this->locales->hasLocale($locale)) {
$this->locales->setLocale($locale);
}
return $request->withAttribute('actor', $actor ?: new Guest());
}
public function it_errors_on_invalid_data_in_request(ServerRequestInterface $httpRequest)
{
$post = ['data' => ['type' => 'pages', 'attributes' => ['title' => 'Long title', 'slug' => 'long_title', 'short_title' => '', 'parent_uuid' => null, 'sort_order' => 42, 'status' => 'concept']]];
$httpRequest->getHeaderLine('Accept')->willReturn('application/json');
$httpRequest->getParsedBody()->willReturn($post);
$this->shouldThrow(ValidationFailedException::class)->duringParseHttpRequest($httpRequest, []);
}
/**
* {@inheritdoc}
*/
public function __invoke(ServerRequestInterface $request, ResponseInterface $response, \Closure $next)
{
if ($request->getHeaderLine('Content-Type') == 'application/json') {
$request = $request->withParsedBody(json_decode($request->getBody()->__toString(), true));
}
return $next($request);
}
/**
* {@inheritdoc}
*/
public function __invoke(Request $request, Response $response, callable $out = null)
{
if (str_contains($request->getHeaderLine('content-type'), 'json')) {
$input = json_decode($request->getBody(), true);
$request = $request->withParsedBody($input ?: []);
}
return $out ? $out($request, $response) : $response;
}
public function modify(ServerRequestInterface $request) : ServerRequestInterface
{
if (false === strpos($request->getHeaderLine('Content-Type'), 'application/json')) {
return $request;
}
// TODO: Implement broken json handling
return $request->withParsedBody(json_decode($request->getBody()->getContents(), $this->asAssociativeArray));
}
public function it_errors_on_invalid_uuid_when_parsing_request(ServerRequestInterface $httpRequest)
{
$post = ['data' => ['type' => 'pageBlocks', 'attributes' => ['type' => 'type', 'parameters' => ['thx' => 1138], 'location' => 'main', 'sort_order' => 42, 'status' => 'published']]];
$attributes = ['page_uuid' => 'nope'];
$httpRequest->getHeaderLine('Accept')->willReturn('application/json');
$httpRequest->getParsedBody()->willReturn($post);
$this->shouldThrow(ValidationFailedException::class)->duringParseHttpRequest($httpRequest, $attributes);
}
/**
* {@inheritdoc}
*/
public function __invoke(Request $request, Response $response, callable $out = null)
{
if ($request->getMethod() === 'POST' && $request->hasHeader(self::HEADER_NAME)) {
$fakeMethod = $request->getHeaderLine(self::HEADER_NAME);
$request = $request->withMethod(strtoupper($fakeMethod));
}
return $out ? $out($request, $response) : $response;
}
/**
* Execute the middleware.
*
* @param ServerRequestInterface $request
* @param ResponseInterface $response
* @param callable $next
*
* @return ResponseInterface
*/
public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
{
$authorization = self::parseAuthorizationHeader($request->getHeaderLine('Authorization'));
if ($authorization && $this->checkUserPassword($authorization['username'], $authorization['password'])) {
return $next(Middleware::setAttribute($request, self::KEY, $authorization['username']), $response);
}
return $response->withStatus(401)->withHeader('WWW-Authenticate', 'Basic realm="' . $this->realm . '"');
}
/**
* Check the not modified header.
*
* @param \Psr\Http\Message\ServerRequestInterface $request The request to check.
* @param \Cake\Filesystem\File $file The file object to compare.
* @return bool
*/
protected function isNotModified($request, $file)
{
$modifiedSince = $request->getHeaderLine('If-Modified-Since');
if (!$modifiedSince) {
return false;
}
return strtotime($modifiedSince) === $file->lastChange();
}
/**
* Retrieve request authentication information.
*
* @param ServerRequestInterface $request
*
* @return array
*/
protected function getAuth(ServerRequestInterface $request)
{
$authHeader = $request->getHeaderLine('Authorization');
if (preg_match('/^Basic /', $authHeader)) {
$auth = explode(':', base64_decode(substr($authHeader, 6)), 2);
return ['username' => $auth[0], 'password' => isset($auth[1]) ? $auth[1] : null];
}
}
/**
* Validate authorization token
* @param Request $request
* @return boolean
*/
private function isValid(Request $request)
{
$token = $request->getHeaderLine('authorization');
if ($token == 'pasando') {
return true;
}
return false;
}
public function it_will_error_on_invalid_request_data(ServerRequestInterface $httpRequest)
{
$uuid = Uuid::uuid4();
$post = ['data' => ['type' => 'pages', 'id' => $uuid->toString(), 'attributes' => ['title' => 'Long title ', 'slug' => 'long-title', 'short_title' => ' Title', 'sort_order' => 'joe', 'status' => 'nonsense']]];
$httpRequest->getHeaderLine('Accept')->willReturn('application/json');
$httpRequest->getParsedBody()->willReturn($post);
$this->shouldThrow(ValidationFailedException::class)->duringParseHttpRequest($httpRequest, ['uuid' => $uuid->toString()]);
}
public function modify(ServerRequestInterface $request) : ServerRequestInterface
{
if (false === strpos($request->getHeaderLine('Content-Type'), 'application/x-www-form-urlencoded')) {
return $request;
}
parse_str($request->getBody()->getContents(), $parsedBody);
return $request->withParsedBody($parsedBody);
}
public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
{
$referer = (string) parse_url($request->getHeaderLine('referer'), PHP_URL_HOST);
$uri = (string) parse_url((string) $request->getUri(), PHP_URL_HOST);
if ($referer && $referer != $uri) {
throw new SecurityException("Unallowed referer {$referer}");
}
return $next($request, $response);
}
public function __invoke(Request $req, Response $res, $args = [])
{
$vaultName = $args['vaultName'];
$multipartID = $args['multipartID'];
if (!($vault = Vault::get($vaultName))) {
return $res->withStatus(404);
}
if (!($m = $vault->getMultipart($multipartID))) {
return $res->withStatus(404);
}
$treeHash = $req->getHeaderLine('x-amz-sha256-tree-hash');
$archiveSize = $req->getHeaderLine('x-amz-archive-size');
if (($a = $m->finalize($archiveSize, $treeHash)) === false) {
return $res->withStatus(400)->write('Finalize failed');
}
$vault->invalidateInventory();
return $res->withStatus(201)->withHeader('x-amz-archive-id', $a->getId());
}
/**
* @param \Psr\Http\Message\ServerRequestInterface $request
* @param \Psr\Http\Message\ResponseInterface $response
* @param callable $next
*/
public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
{
if (!$request->getParsedBody() && in_array($request->getMethod(), ['POST', 'PUT', 'DELETE'], true)) {
if ($request->getHeaderLine('Content-Type') === "application/json") {
$request = $request->withParsedBody(json_decode((string) $request->getBody(), true));
}
}
return $next($request);
}
/**
* Parses request bodies based on content type
*
* @param Request $request
* @param Response $response
* @param callable $next
* @return Response
*/
public function __invoke(Request $request, Response $response, callable $next)
{
$mime = strtolower($request->getHeaderLine('Content-Type'));
if ($this->isApplicableMimeType($mime) && !$request->getParsedBody()) {
$parsed = $this->getParsedBody((string) $request->getBody());
$request = $request->withParsedBody($parsed);
}
return $next($request, $response);
}
public function enrichRequestWithParsedBody(ServerRequestInterface $request)
{
if ($request->hasHeader(HeaderName::CONTENT_TYPE) && $request->getHeaderLine(HeaderName::CONTENT_TYPE) === 'application/json') {
$parsedBody = $this->serializer->deserialize($request->getBody()->__toString(), 'array', 'json');
return $request->withParsedBody($parsedBody);
} else {
return $request->withParsedBody([]);
}
}
public function __invoke(Request $request, Response $response, callable $next) : Response
{
$parent = $request->getOriginalRequest();
$parentUrl = str_replace('/thank-you', '', (string) $parent->getUri());
if (!$request->hasHeader('Referer') || !preg_match('#^' . $parentUrl . '#', $request->getHeaderLine('Referer'))) {
return $response->withStatus(302)->withHeader('Location', $parentUrl);
}
return new HtmlResponse($this->template->render('contact::thankyou', []));
}
/**
* Determine which content type we know about is wanted using Accept header
*
* @param ServerRequestInterface $request
* @return string
*/
private function determineContentType(ServerRequestInterface $request)
{
$acceptHeader = $request->getHeaderLine('Accept');
$selectedContentTypes = array_intersect(explode(',', $acceptHeader), $this->knownContentTypes);
if (count($selectedContentTypes)) {
return $selectedContentTypes[0];
}
return 'text/html';
}
/**
* {@inheritdoc}
*/
public function __invoke(Request $request, Response $response, callable $out = null)
{
$header = $request->getHeaderLine('authorization');
if (starts_with($header, $this->prefix) && ($token = substr($header, strlen($this->prefix))) && ($accessToken = AccessToken::valid($token))) {
$this->app->instance('flarum.actor', $user = $accessToken->user);
$user->updateLastSeen()->save();
}
return $out ? $out($request, $response) : $response;
}
/**
* Execute the middleware.
*
* @param ServerRequestInterface $request
* @param ResponseInterface $response
* @param callable $next
*
* @return ResponseInterface
*/
public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
{
$language = $this->negotiateHeader($request->getHeaderLine('Accept-Language'), new Negotiator(), $this->languages);
if (empty($language)) {
$language = isset($this->languages[0]) ? $this->languages[0] : null;
}
$request = Middleware::setAttribute($request, self::KEY, $language);
return $next($request, $response);
}
