function get_restapi_tokens_search($params)
{
if (!isset($params['user'], $params['hash'], $params['nonce'])) {
return array('status' => 'error', 'msg' => 'Invalid params');
}
$user = core_users_get($params['user']);
//password MUST be set
if (!$user['password']) {
return false;
}
//password must match!
//note: we send a sha1+nonce to prevent password snooping. nonce is the
//time, and must match the servers time within a 10 minute frame
$time = time();
$time_frame = 5 * 60;
if ($params['nonce'] < $time - $time_frame || $params['nonce'] > $time + $time_frame) {
return false;
}
if ($params['hash'] != hash('sha256', $user['password'] . $params['nonce'])) {
return false;
}
//seems this request is legit. Lets see if we have any tokens for
//this user
$t = restapi_user_get_user_tokens($params['user']);
if (!isset($t[0])) {
return array('status' => 'error', 'msg' => 'No tokens found!');
} else {
return restapi_tokens_get($t[0]);
}
}
function restapi_user_get_user_tokens_by_username($username)
{
$ret = array();
if (!function_exists('setup_userman')) {
return $ret;
}
$user = setup_userman()->getUserByUsername($username);
if (empty($user)) {
return $ret;
}
return restapi_user_get_user_tokens($user['id']);
}
public function usermanShowPage()
{
if (isset($_REQUEST['action'])) {
switch ($_REQUEST['action']) {
case 'showgroup':
case 'addgroup':
case 'adduser':
case 'showuser':
$enabled = null;
if ($_REQUEST['action'] == "showuser") {
$enabled = $this->userman->getModuleSettingByID($_REQUEST['user'], 'restapi', 'restapi_token_status', true);
$tokens = restapi_user_get_user_tokens($_REQUEST['user']);
} else {
$tokens = array();
}
$displayvars = array("mode" => in_array($_REQUEST['action'], array("showgroup", "addgroup")) ? "group" : "user", "enabled" => $enabled);
$tokens = !empty($tokens) ? $tokens : array();
$displayvars['user_list_all'] = array();
if (in_array($_REQUEST['action'], array("showgroup", "addgroup"))) {
$displayvars['user_list_all']['self'] = _("User Primary Extension");
}
$cul = array();
foreach (core_users_list() as $list) {
$cul[$list[0]] = array("name" => $list[1], "vmcontext" => $list[2]);
$displayvars['user_list_all'][$list[0]] = $list[1] . " <" . $list[0] . ">";
}
// Get list of modules that have been API enabled.
$api = new \Api();
$api_mods = array();
foreach ($api->maps as $verb => $urls) {
foreach ($urls as $url => $maps) {
foreach ($maps as $map => $details) {
$api_mods[$details["module"]] = 1;
}
}
}
unset($api);
//modules
global $db;
$mods = \modulelist::create($db);
$displayvars['module_list'] = array();
foreach ($mods->module_array as $mod) {
if (isset($mod['rawname']) && isset($api_mods[$mod['rawname']])) {
$displayvars['module_list'][$mod['rawname']] = $mod['name'];
}
}
asort($displayvars['module_list']);
$displayvars['module_list'] = array('*' => _('All')) + $displayvars['module_list'];
//everything else
$rest_template = $displayvars;
if (!empty($tokens)) {
foreach ($tokens as $token) {
$displayvars['tokens'][] = array_merge($rest_template, restapi_tokens_get($token));
}
} else {
$displayvars['tokens'][0] = array_merge($rest_template, restapi_tokens_get());
$displayvars['tokens'][0]['token'] = \restapi_tokens_generate();
$displayvars['tokens'][0]['tokenkey'] = \restapi_tokens_generate();
$displayvars['tokens'][0]['id'] = 0;
$displayvars['tokens'][0]['users'] = array("self");
$displayvars['tokens'][0]['rate'] = 1000;
}
if ($displayvars['mode'] == "user") {
} else {
//group mode
$enabled = $this->userman->getModuleSettingByGID($_REQUEST['group'], 'restapi', 'restapi_token_status');
$users = $this->userman->getModuleSettingByGID($_REQUEST['group'], 'restapi', 'restapi_users');
$modules = $this->userman->getModuleSettingByGID($_REQUEST['group'], 'restapi', 'restapi_modules');
$rate = $this->userman->getModuleSettingByGID($_REQUEST['group'], 'restapi', 'restapi_rate');
$displayvars['tokens'][0] = array_merge($rest_template, restapi_tokens_get());
$displayvars['tokens'][0]['token'] = 1;
$displayvars['tokens'][0]['tokenkey'] = 1;
$displayvars['tokens'][0]['id'] = 0;
if (!$enabled) {
$displayvars['tokens'][0]['users'] = is_array($users) ? $users : array("self");
$displayvars['enabled'] = $enabled;
} else {
$displayvars['tokens'][0]['users'] = is_array($users) ? $users : array("self");
$displayvars['tokens'][0]['rate'] = !empty($rate) ? $rate : "1000";
$displayvars['tokens'][0]['modules'] = is_array($modules) ? $modules : array();
$displayvars['enabled'] = $enabled;
}
}
return array(array("title" => _("Rest API"), "rawname" => "restapi", "content" => load_view(__DIR__ . '/views/hook_userman.php', $displayvars)));
break;
}
}
}