/**
* Authenticate user using username+password or token.
* This function sets up $USER global.
* It is safe to use has_capability() after this.
* This method also verifies user is allowed to use this
* server.
* @return void
*/
protected function authenticate_user()
{
global $USER, $SESSION, $WEBSERVICE_INSTITUTION, $WEBSERVICE_OAUTH_USER;
if ($this->authmethod == WEBSERVICE_AUTHMETHOD_USERNAME) {
$this->auth = 'USER';
//we check that authentication plugin is enabled
//it is only required by simple authentication
$plugin = get_record('auth_installed', 'name', 'webservice');
if (empty($plugin) || $plugin->active != 1) {
throw new WebserviceAccessException(get_string('wsauthnotenabled', 'auth.webservice'));
}
if (!$this->username) {
throw new WebserviceAccessException(get_string('missingusername', 'auth.webservice'));
}
if (!$this->password) {
throw new WebserviceAccessException(get_string('missingpassword', 'auth.webservice'));
}
// special web service login
safe_require('auth', 'webservice');
// get the user
$user = get_record('usr', 'username', $this->username);
if (empty($user)) {
throw new WebserviceAccessException(get_string('wrongusernamepassword', 'auth.webservice'));
}
// user account is nolonger validly configured
if (!($auth_instance = webservice_validate_user($user))) {
throw new WebserviceAccessException(get_string('invalidaccount', 'auth.webservice'));
}
// set the global for the web service users defined institution
$WEBSERVICE_INSTITUTION = $auth_instance->institution;
// get the institution from the external user
$ext_user = get_record('external_services_users', 'userid', $user->id);
if (empty($ext_user)) {
throw new WebserviceAccessException(get_string('wrongusernamepassword', 'auth.webservice'));
}
// determine the internal auth instance
$auth_instance = get_record('auth_instance', 'institution', $ext_user->institution, 'authname', 'webservice');
if (empty($auth_instance)) {
throw new WebserviceAccessException(get_string('wrongusernamepassword', 'auth.webservice'));
}
// authenticate the user
$auth = new AuthWebservice($auth_instance->id);
if (!$auth->authenticate_user_account($user, $this->password, 'webservice')) {
// log failed login attempts
throw new WebserviceAccessException(get_string('wrongusernamepassword', 'auth.webservice'));
}
} else {
if ($this->authmethod == WEBSERVICE_AUTHMETHOD_PERMANENT_TOKEN) {
$this->auth = 'TOKEN';
$user = $this->authenticate_by_token(EXTERNAL_TOKEN_PERMANENT);
} else {
if ($this->authmethod == WEBSERVICE_AUTHMETHOD_OAUTH_TOKEN) {
//OAuth
$this->auth = 'OAUTH';
// special web service login
safe_require('auth', 'webservice');
// get the user - the user that authorised the token
$user = get_record('usr', 'id', $this->oauth_token_details['user_id']);
if (empty($user)) {
throw new WebserviceAccessException(get_string('wrongusernamepassword', 'auth.webservice'));
}
// check user is member of configured OAuth institution
$institutions = array_keys(load_user_institutions($this->oauth_token_details['user_id']));
$auth_instance = get_record('auth_instance', 'id', $user->authinstance);
$institutions[] = $auth_instance->institution;
if (!in_array($this->oauth_token_details['institution'], $institutions)) {
throw new WebserviceAccessException(get_string('institutiondenied', 'auth.webservice'));
}
// set the global for the web service users defined institution
$WEBSERVICE_INSTITUTION = $this->oauth_token_details['institution'];
// set the note of the OAuth service owner
$WEBSERVICE_OAUTH_USER = $this->oauth_token_details['service_user'];
} else {
$this->auth = 'OTHER';
$user = $this->authenticate_by_token(EXTERNAL_TOKEN_USER);
}
}
}
// now fake user login, the session is completely empty too
$USER->reanimate($user->id, $user->authinstance);
}
/**
* submit callback
*
* @param Pieform $form
* @param array $values
*/
function testclient_submit(Pieform $form, $values)
{
global $SESSION, $params, $iterations, $function, $dbsf;
if ($values['authtype'] == 'token' && !empty($values['wstoken']) || $values['authtype'] == 'user' && !empty($values['wsusername']) && !empty($values['wspassword'])) {
$vars = testclient_get_interface($dbsf->functionname);
$inputs = array();
for ($i = 0; $i <= $iterations; $i++) {
foreach ($vars as $var) {
$name = preg_replace('/NUM/', $i, $var['name']);
$parts = explode('_', $name);
testclient_build_inputs($inputs, $parts, $values[$name]);
}
}
if ($values['authtype'] == 'token') {
// check token
$dbtoken = get_record('external_tokens', 'token', $values['wstoken']);
if (empty($dbtoken)) {
$SESSION->add_error_msg(get_string('invalidtoken', 'auth.webservice'));
redirect('/webservice/testclient.php?' . implode('&', $params));
}
} else {
// check user is a valid web services account
$dbuser = get_record('usr', 'username', $values['wsusername']);
if (empty($dbuser)) {
$SESSION->add_error_msg(get_string('invaliduser', 'auth.webservice', $values['wsusername']));
redirect('/webservice/testclient.php?' . implode('&', $params));
}
// special web service login
safe_require('auth', 'webservice');
// do password auth
$ext_user = get_record('external_services_users', 'userid', $dbuser->id);
if (empty($ext_user)) {
$SESSION->add_error_msg(get_string('invaliduser', 'auth.webservice', $values['wsusername']));
redirect('/webservice/testclient.php?' . implode('&', $params));
}
// determine the internal auth instance
$auth_instance = get_record('auth_instance', 'institution', $ext_user->institution, 'authname', 'webservice');
if (empty($auth_instance)) {
$SESSION->add_error_msg(get_string('invaliduser', 'auth.webservice', $values['wsusername']));
redirect('/webservice/testclient.php?' . implode('&', $params));
}
// authenticate the user
$auth = new AuthWebservice($auth_instance->id);
if (!$auth->authenticate_user_account($dbuser, $values['wspassword'], 'webservice')) {
// log failed login attempts
$SESSION->add_error_msg(get_string('invaliduserpass', 'auth.webservice', $values['wsusername']));
redirect('/webservice/testclient.php?' . implode('&', $params));
}
}
// now build the test call
switch ($values['protocol']) {
case 'rest':
error_log('creating REST client');
require_once get_config('docroot') . '/webservice/rest/lib.php';
$client = new webservice_rest_client(get_config('wwwroot') . '/webservice/rest/server.php', $values['authtype'] == 'token' ? array('wstoken' => $values['wstoken']) : array('wsusername' => $values['wsusername'], 'wspassword' => $values['wspassword']), $values['authtype']);
break;
case 'xmlrpc':
error_log('creating XML-RPC client');
require_once get_config('docroot') . 'webservice/xmlrpc/lib.php';
$client = new webservice_xmlrpc_client(get_config('wwwroot') . '/webservice/xmlrpc/server.php', $values['authtype'] == 'token' ? array('wstoken' => $values['wstoken']) : array('wsusername' => $values['wsusername'], 'wspassword' => $values['wspassword']));
break;
case 'soap':
error_log('creating SOAP client');
// stop failed to load external entity error
libxml_disable_entity_loader(false);
require_once get_config('docroot') . 'webservice/soap/lib.php';
//force SOAP synchronous mode
$client = new webservice_soap_client(get_config('wwwroot') . 'webservice/soap/server.php', $values['authtype'] == 'token' ? array('wstoken' => $values['wstoken']) : array('wsusername' => $values['wsusername'], 'wspassword' => $values['wspassword']), array("features" => SOAP_WAIT_ONE_WAY_CALLS));
$client->setWsdlCache(false);
break;
}
try {
$results = $client->call($dbsf->functionname, $inputs, true);
} catch (Exception $e) {
$results = "exception: " . $e->getMessage();
}
$SESSION->set('ws_call_results', serialize($results));
$SESSION->add_ok_msg(get_string('executed', 'auth.webservice'));
}
redirect('/webservice/testclient.php?' . implode('&', $params));
}
