//check that the current user is the token user
$webservice = new webservice();
$token = $webservice->get_token_by_id($tokenid);
if (empty($token) or empty($token->userid) or empty($USER->id) or $token->userid != $USER->id) {
throw new moodle_exception('docaccessrefused', 'webservice');
}
// get the list of all functions related to the token
$functions = $webservice->get_external_functions(array($token->externalserviceid));
// get all the function descriptions
$functiondescs = array();
foreach ($functions as $function) {
$functiondescs[$function->name] = external_function_info($function);
}
//get activated protocol
$activatedprotocol = array();
$activatedprotocol['rest'] = webservice_protocol_is_enabled('rest');
$activatedprotocol['xmlrpc'] = webservice_protocol_is_enabled('xmlrpc');
/// Check if we are in printable mode
$printableformat = false;
if (isset($_REQUEST['print'])) {
$printableformat = $_REQUEST['print'];
}
/// OUTPUT
echo $OUTPUT->header();
$renderer = $PAGE->get_renderer('core', 'webservice');
echo $renderer->documentation_html($functiondescs, $printableformat, $activatedprotocol, array('id' => $tokenid));
/// trigger browser print operation
if (!empty($printableformat)) {
$PAGE->requires->js_function_call('window.print', array());
}
echo $OUTPUT->footer();
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* XML-RPC web service entry point. The authentication is done via tokens.
*
* @package webservice
* @copyright 2009 Moodle Pty Ltd (http://moodle.com)
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
// disable moodle specific debug messages and any errors in output
define('NO_DEBUG_DISPLAY', true);
define('NO_MOODLE_COOKIES', true);
require '../../config.php';
require_once "{$CFG->dirroot}/webservice/xmlrpc/locallib.php";
if (!webservice_protocol_is_enabled('xmlrpc')) {
die;
}
$server = new webservice_xmlrpc_server(WEBSERVICE_AUTHMETHOD_PERMANENT_TOKEN);
$server->run();
die;
/**
* REST web service entry point. The authentication is done via tokens.
*
* @package webservice
* @copyright 2009 Moodle Pty Ltd (http://moodle.com)
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
// disable moodle specific debug messages and any errors in output
define('NO_DEBUG_DISPLAY', true);
define('NO_MOODLE_COOKIES', true);
require('../../config.php');
require_once("$CFG->dirroot/webservice/rest/locallib.php");
if (!webservice_protocol_is_enabled('rest')) {
die;
}
$restformat = optional_param('moodlewsrestformat', 'xml', PARAM_ALPHA);
//remove the alt from the request
if (isset($_REQUEST['moodlewsrestformat'])) {
unset($_REQUEST['moodlewsrestformat']);
}
if (isset($_GET['moodlewsrestformat'])) {
unset($_GET['moodlewsrestformat']);
}
if (isset($_POST['moodlewsrestformat'])) {
unset($_POST['moodlewsrestformat']);
}
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
define('INTERNAL', 1);
define('PUBLIC', 1);
define('XMLRPC', 1);
define('TITLE', '');
global $SESSION, $USER;
// Catch anything that goes wrong in init.php
ob_start();
require dirname(dirname(__FILE__)) . '/init.php';
$errors = trim(ob_get_contents());
ob_end_clean();
require_once dirname(__FILE__) . '/lib.php';
if (!webservice_protocol_is_enabled('oauth')) {
header("HTTP/1.0 404 Not Found");
die;
}
// you must use HTTPS as token based auth is a hazzard without it
if (!is_https()) {
header("HTTP/1.0 403 Forbidden - HTTPS must be used");
die;
}
/*
* Always announce XRDS OAuth discovery
*/
header('X-XRDS-Location: ' . get_config('wwwroot') . 'webservice/oauthv1/services.xrds');
/*
* Initialize OAuth store
*/
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* SOAP web service entry point. The authentication is done via tokens.
*
* @package webservice_soap
* @copyright 2009 Jerome Mouneyrac
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
/**
* NO_DEBUG_DISPLAY - disable moodle specific debug messages and any errors in output
*/
define('NO_DEBUG_DISPLAY', true);
/**
* NO_MOODLE_COOKIES - no cookies with web service
*/
define('NO_MOODLE_COOKIES', true);
require '../../config.php';
require_once "{$CFG->dirroot}/webservice/soap/locallib.php";
if (!webservice_protocol_is_enabled('soap')) {
die;
}
$server = new webservice_soap_server(WEBSERVICE_AUTHMETHOD_PERMANENT_TOKEN);
$server->run();
die;
* AMF web service entry point. The authentication is done via tokens.
*
* @package webservice_amf
* @copyright 2009 Jerome Mouneyrac
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
/**
* NO_DEBUG_DISPLAY - disable moodle specific debug messages and any errors in output
*/
define('NO_DEBUG_DISPLAY', true);
/**
* NO_MOODLE_COOKIES - no cookies with web service
*/
define('NO_MOODLE_COOKIES', true);
require('../../config.php');
require_once("$CFG->dirroot/webservice/amf/locallib.php");
if (!webservice_protocol_is_enabled('amf')) {
debugging('The server died because the web services or the AMF protocol are not enable',
DEBUG_DEVELOPER);
die;
}
$server = new webservice_amf_server(WEBSERVICE_AUTHMETHOD_PERMANENT_TOKEN);
$server->run();
die;
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
/**
* Hub XML-RPC web service entry point. The authentication is done via hub tokens (hidden).
*
* @package localhub
* @copyright 2009 Moodle Pty Ltd (http://moodle.com)
* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
*/
// disable moodle specific debug messages and any errors in output
define('NO_DEBUG_DISPLAY', true);
define('NO_MOODLE_COOKIES', true);
require '../../../config.php';
require_once $CFG->dirroot . "/local/hub/webservice/locallib.php";
if (!webservice_protocol_is_enabled('xmlrpc') and !get_config('local_hub', 'hubenabled')) {
die;
}
$server = new hub_webservice_xmlrpc_server(WEBSERVICE_AUTHMETHOD_PERMANENT_TOKEN);
$server->run();
die;
$dialog = param_integer('dialog', 0);
$dbfunction = get_record('external_functions', 'id', $function);
if (empty($dbfunction)) {
$SESSION->add_error_msg(get_string('invalidfunction', 'auth.webservice'));
redirect('/webservice/admin/index.php');
}
$fdesc = webservice_function_info($dbfunction->name);
$smarty = smarty(array(), array('<link rel="stylesheet" type="text/css" href="' . $THEME->get_url('style/webservice.css', false, 'auth/webservice') . '">'));
safe_require('auth', 'webservice');
PluginAuthWebservice::menu_items($smarty, 'webservice');
$smarty->assign('function', $dbfunction);
$smarty->assign('functiondescription', $fdesc->description);
$smarty->assign('fdesc', $fdesc);
$smarty->assign('xmlrpcactive', webservice_protocol_is_enabled('xmlrpc'));
$smarty->assign('restactive', webservice_protocol_is_enabled('rest'));
$smarty->assign('soapactive', webservice_protocol_is_enabled('soap'));
$heading = get_string('wsdoc', 'auth.webservice');
$smarty->assign('PAGEHEADING', $heading);
$smarty->assign('dialog', $dialog);
$smarty->display('auth:webservice:wsdoc.tpl');
die;
/**
* Return documentation for a ws description object
* ws description object can be 'external_multiple_structure', 'external_single_structure'
* or 'external_value'
* Example of documentation for moodle_group_create_groups function:
list of (
object {
courseid int //id of course
name string //multilang compatible name, course unique
description string //group description text
/**
* This method parses the $_REQUEST superglobal and looks for
* the following information:
* 1/ user authentication - username+password or token (wsusername, wspassword and wstoken parameters)
* 2/ function name (wsfunction parameter)
* 3/ function parameters (all other parameters except those above)
*
* @return void
*/
protected function parse_request()
{
// determine the request/response format
if (isset($_REQUEST['alt']) && trim($_REQUEST['alt']) == 'json' || isset($_GET['alt']) && trim($_GET['alt']) == 'json' || isset($_SERVER['HTTP_ACCEPT']) && $_SERVER['HTTP_ACCEPT'] == 'application/json' || isset($_SERVER['HTTP_ACCEPT']) && $_SERVER['HTTP_ACCEPT'] == 'application/jsonrequest' || isset($_SERVER['CONTENT_TYPE']) && $_SERVER['CONTENT_TYPE'] == 'application/json' || isset($_SERVER['CONTENT_TYPE']) && $_SERVER['CONTENT_TYPE'] == 'application/jsonrequest') {
$this->format = 'json';
} else {
if (isset($_REQUEST['alt']) && trim($_REQUEST['alt']) == 'atom' || isset($_GET['alt']) && trim($_GET['alt']) == 'atom' || isset($_SERVER['HTTP_ACCEPT']) && $_SERVER['HTTP_ACCEPT'] == 'application/atom+xml' || $_SERVER['CONTENT_TYPE'] == 'application/atom+xml') {
$this->format = 'atom';
} else {
$this->format = 'xml';
}
}
unset($_REQUEST['alt']);
$this->parameters = $_REQUEST;
// if we should have one - setup the OAuth server handler
if (webservice_protocol_is_enabled('oauth')) {
OAuthStore::instance('Mahara');
$this->oauth_server = new OAuthServer();
$oauth_token = null;
$headers = OAuthRequestLogger::getAllHeaders();
try {
$oauth_token = $this->oauth_server->verifyExtended();
} catch (OAuthException2 $e) {
// let all others fail
if (isset($_REQUEST['oauth_token']) || preg_grep('/oauth/', array_values($headers))) {
$this->auth = 'OAUTH';
throw $e;
}
}
if ($oauth_token) {
$this->authmethod = WEBSERVICE_AUTHMETHOD_OAUTH_TOKEN;
$token = $this->oauth_server->getParam('oauth_token');
$store = OAuthStore::instance();
$secrets = $store->getSecretsForVerify($oauth_token['consumer_key'], $this->oauth_server->urldecode($token), 'access');
$this->oauth_token_details = $secrets;
// the content type might be different for the OAuth client
if (isset($headers['Content-Type']) && $headers['Content-Type'] == 'application/octet-stream' && $this->format != 'json') {
$body = file_get_contents('php://input');
parse_str($body, $parameters);
$this->parameters = array_merge($this->parameters, $parameters);
}
}
}
// make sure oauth parameters are gone
foreach (array('oauth_nonce', 'oauth_timestamp', 'oauth_consumer_key', 'oauth_signature_method', 'oauth_version', 'oauth_token', 'oauth_signature') as $param) {
if (isset($this->parameters[$param])) {
unset($this->parameters[$param]);
}
}
// merge parameters from JSON request body if there is one
if ($this->format == 'json') {
// get request body
$values = (array) json_decode(@file_get_contents('php://input'), true);
if (!empty($values)) {
$this->parameters = array_merge($this->parameters, $values);
}
}
if ($this->authmethod == WEBSERVICE_AUTHMETHOD_USERNAME) {
$this->username = isset($this->parameters['wsusername']) ? trim($this->parameters['wsusername']) : null;
unset($this->parameters['wsusername']);
$this->password = isset($this->parameters['wspassword']) ? trim($this->parameters['wspassword']) : null;
unset($this->parameters['wspassword']);
} else {
if ($this->authmethod == WEBSERVICE_AUTHMETHOD_PERMANENT_TOKEN) {
// is some other form of token - what kind is it?
$this->token = isset($this->parameters['wstoken']) ? trim($this->parameters['wstoken']) : null;
unset($this->parameters['wstoken']);
}
}
$this->functionname = isset($this->parameters['wsfunction']) ? trim($this->parameters['wsfunction']) : null;
unset($this->parameters['wsfunction']);
}
