public function testAuthenticateMethod()
 {
     $this->registerFunction(false, false);
     // anonymous with no user authentication
     $this->assertTrue(authenticate_method('test'));
 }
// Register the error handler
error_reporting(E_ALL);
set_error_handler('__php_api_error_handler');
// Register a default exception handler
set_exception_handler('__php_api_exception_handler');
// Check to see if the api is available
if (isset($CONFIG->disable_api) && $CONFIG->disable_api == true) {
    throw new SecurityException(elgg_echo('SecurityException:APIAccessDenied'));
}
// plugins should return true to control what API and user authentication handlers are registered
if (trigger_plugin_hook('rest', 'init', null, false) == false) {
    // check session - this usually means a REST call from a web browser
    register_pam_handler('pam_auth_session');
    // user token can also be used for user authentication
    register_pam_handler('pam_auth_usertoken');
    // simple API key check
    register_pam_handler('api_auth_key', "sufficient", "api");
    // hmac
    register_pam_handler('api_auth_hmac', "sufficient", "api");
}
// Get parameter variables
$method = get_input('method');
$result = null;
// this will throw an exception if authentication fails
authenticate_method($method);
$result = execute_method($method);
if (!$result instanceof GenericResult) {
    throw new APIException(elgg_echo('APIException:ApiResultUnknown'));
}
// Output the result
page_draw($method, elgg_view("api/output", array("result" => $result)));
Esempio n. 3
0
/**
 * REST API handler
 *
 * @return void
 * @access private
 *
 * @throws SecurityException|APIException
 */
function rest_handler()
{
    global $CONFIG;
    // Register the error handler
    error_reporting(E_ALL);
    set_error_handler('_php_api_error_handler');
    // Register a default exception handler
    set_exception_handler('_php_api_exception_handler');
    // Check to see if the api is available
    if (isset($CONFIG->disable_api) && $CONFIG->disable_api == true) {
        throw new SecurityException(elgg_echo('SecurityException:APIAccessDenied'));
    }
    // plugins should return true to control what API and user authentication handlers are registered
    if (elgg_trigger_plugin_hook('rest', 'init', null, false) == false) {
        // for testing from a web browser, you can use the session PAM
        // do not use for production sites!!
        //register_pam_handler('pam_auth_session');
        // user token can also be used for user authentication
        register_pam_handler('pam_auth_usertoken');
        // simple API key check
        register_pam_handler('api_auth_key', "sufficient", "api");
        // hmac
        register_pam_handler('api_auth_hmac', "sufficient", "api");
    }
    // Get parameter variables
    $method = get_input('method');
    $result = null;
    // this will throw an exception if authentication fails
    authenticate_method($method);
    $result = execute_method($method);
    if (!$result instanceof GenericResult) {
        throw new APIException(elgg_echo('APIException:ApiResultUnknown'));
    }
    // Output the result
    echo elgg_view_page($method, elgg_view("api/output", array("result" => $result)));
}
Esempio n. 4
0
/**
 * REST API handler
 *
 * @return void
 * @access private
 *
 * @throws SecurityException|APIException
 */
function ws_rest_handler()
{
    $viewtype = elgg_get_viewtype();
    if (!elgg_view_exists('api/output', $viewtype)) {
        header("HTTP/1.0 400 Bad Request");
        header("Content-type: text/plain");
        echo "Missing view 'api/output' in viewtype '{$viewtype}'.";
        if (in_array($viewtype, ['xml', 'php'])) {
            echo "\nEnable the 'data_views' plugin to add this view.";
        }
        exit;
    }
    elgg_load_library('elgg:ws');
    // Register the error handler
    error_reporting(E_ALL);
    set_error_handler('_php_api_error_handler');
    // Register a default exception handler
    set_exception_handler('_php_api_exception_handler');
    // plugins should return true to control what API and user authentication handlers are registered
    if (elgg_trigger_plugin_hook('rest', 'init', null, false) == false) {
        // for testing from a web browser, you can use the session PAM
        // do not use for production sites!!
        //register_pam_handler('pam_auth_session');
        // user token can also be used for user authentication
        register_pam_handler('pam_auth_usertoken');
        // simple API key check
        register_pam_handler('api_auth_key', "sufficient", "api");
        // hmac
        register_pam_handler('api_auth_hmac', "sufficient", "api");
    }
    // Get parameter variables
    $method = get_input('method');
    $result = null;
    // this will throw an exception if authentication fails
    authenticate_method($method);
    $result = execute_method($method);
    if (!$result instanceof GenericResult) {
        throw new APIException(elgg_echo('APIException:ApiResultUnknown'));
    }
    // Output the result
    echo elgg_view_page($method, elgg_view("api/output", array("result" => $result)));
}