/**
* This method is used to valide the user's authority with token in help desk chat system.
* This method is invoked right before an action is executed.
*
* The method will trigger the [[EVENT_BEFORE_ACTION]] event. The return value of the method
* will determine whether the action should continue to run.
*
* If you override this method, your code should look like the following:
*
* ```php
* public function beforeAction($action)
* {
* if (parent::beforeAction($action)) {
* // your custom code here
* return true; // or false if needed
* } else {
* return false;
* }
* }
* ```
* @param Action $action the action to be executed.
* @return boolean whether the action should continue to run.
* @author Harry Sun
*/
public function beforeAction($action)
{
$route = $this->id . '/' . $action->id;
//init i18n configuration from user agent
Yii::$app->language = LanguageUtil::getBrowserLanguage();
// the action ids without auth
$noAuth = ['site/login', 'site/logout', 'conversation/state', 'conversation/message', 'setting/index', 'setting/self-helpdesk', 'site/send-reset-password-email', 'site/reset-password', 'help-desk/check-auth', 'conversation/user-state', 'issue/create-from-js-sdk', 'issue/remove-attachment'];
if (in_array($route, $noAuth)) {
return true;
} else {
$accessToken = $this->getQuery('accesstoken');
$info = Token::getToken($accessToken);
if (!empty($info) && isset($info->expireTime) && !MongodbUtil::isExpired($info->expireTime)) {
Yii::$app->language = empty($info->language) ? LanguageUtil::DEFAULT_LANGUAGE : $info->language;
$expireTime = new \MongoDate(time() + Token::EXPIRE_TIME);
if ($info->expireTime < $expireTime) {
$info->expireTime = $expireTime;
}
$updateResult = $info->update();
return true;
}
LogUtil::error(['accessToken' => $accessToken, 'message' => 'You have not logined']);
throw new \yii\web\UnauthorizedHttpException('You have not logined');
}
}
public function actionUpdate($id)
{
$campaign = Campaign::findByPk($id);
if (empty($campaign)) {
throw new BadRequestHttpException(Yii::t('product', 'campaign_not_found'));
}
if (MongodbUtil::isExpired($campaign->endTime)) {
throw new BadRequestHttpException(Yii::t('product', 'can_not_update'));
}
$params = $this->getParams();
$params['startTime'] = empty($params['startTime']) ? $campaign->startTime : new \MongoDate(TimeUtil::ms2sTime($params['startTime']));
$params['endTime'] = empty($params['endTime']) ? $campaign->endTime : new \MongoDate(TimeUtil::ms2sTime($params['endTime']));
$attributeNames = null;
foreach ($params as $key => $value) {
if (in_array($key, ['productIds', 'gift', 'products', 'tags', 'channels'])) {
$attributeNames[] = 'promotion';
$promotion = $campaign->promotion;
$promotion['type'] = Campaign::TYPE_PROMOTION_CODE;
$key == 'productIds' ? $promotion['data'] = $params['productIds'] : '';
$key == 'gift' ? $promotion['gift'] = $params['gift'] : '';
$key == 'products' ? $promotion['products'] = $params['products'] : '';
$key == 'tags' ? $promotion['tags'] = $params['tags'] : '';
$key == 'channels' ? $promotion['channels'] = $params['channels'] : '';
$campaign->promotion = $promotion;
} else {
if (in_array($key, ['participantCount', 'limitTimes'])) {
$attributeNames[] = $key;
$campaign->{$key} = is_null($value) ? null : intval($value);
} else {
$attributeNames[] = $key;
$campaign->{$key} = $value;
}
}
}
$campaign->save(true, $attributeNames);
return $campaign;
}
/**
* Activate
*
* <b>Request Type </b>: GET<br/>
* <b>Request Endpoint </b>: http://{server-domain}/api/old-site/activate?code=abcd1234abcd1234<br/>
*
**/
public function actionActivate()
{
$code = $this->getQuery('code');
if (empty($code)) {
$this->_activateFail(0);
//此链接无效,请联系管理员
}
$validation = Validation::findOne(['code' => $code]);
if (empty($validation)) {
$this->_activateFail(0);
//此链接无效,请联系管理员
}
if (empty($validation->expire) || MongodbUtil::isExpired($validation->expire)) {
$this->_activateFail(1);
//'此链接已过期,请联系管理员'
}
$userId = $validation->userId;
if (User::updateAll(['isActivated' => User::ACTIVATED], ['_id' => $userId])) {
$validation->delete();
$this->redirect('/old/activate?type=0&link=' . urlencode('/site/login'));
Yii::$app->end();
}
$this->_activateFail(1);
//'此链接已过期,请联系管理员'
}
/**
* Validate code when activate user
* @param $code, String.
* @return String, error code or userId
*
* @author Sara Zhang
*/
public static function validateCode($code, $isDeleted = true)
{
if (empty($code)) {
return self::LINK_INVALID;
}
$validation = Validation::findOne(['code' => $code]);
if (empty($validation)) {
return self::LINK_INVALID;
}
if (empty($validation->expire) || MongodbUtil::isExpired($validation->expire)) {
return self::LINK_EXPIRED;
}
$userId = $validation->userId;
if ($validation->toValidateAccount) {
$user = User::findOne(['_id' => $userId]);
$attributes = ['status' => Account::STATUS_ACTIVATED, 'trialStartAt' => new \MongoDate(), 'trialEndAt' => new \MongoDate(strtotime("+30 day"))];
Account::updateAll($attributes, ['_id' => $user->accountId]);
}
if ($isDeleted) {
$validation->delete();
}
return $userId;
}
public static function isAlreadyPrepay($orderNumber)
{
$condition = ['orderNumber' => $orderNumber, 'status' => self::STATUS_PREPARE];
$payment = self::find()->where($condition)->orderBy(['createdAt' => SORT_DESC])->one();
if (empty($payment)) {
return false;
}
if (MongodbUtil::isExpired($payment->timeExpire)) {
return false;
}
return true;
}
public function checkAuth($module, $token)
{
$baseId = Yii::$app->id;
$moduleId = $module->id;
//init i18n configuration from user agent
Yii::$app->language = LanguageUtil::getBrowserLanguage();
if ($baseId === $moduleId) {
return true;
}
//accountId
$accountId = $this->getAccountIdFromCookies();
if (!empty($accountId) && $this->validateSignature()) {
return true;
}
if (!empty($token)) {
$info = Token::getToken($token);
if (!empty($info)) {
//set the language for i18n
Yii::$app->language = empty($info->language) ? LanguageUtil::DEFAULT_LANGUAGE : $info->language;
// If $module is a child module, use the parent module
if (!empty($module->module->id) && $module->module->id !== $baseId) {
$module = $module->module;
$moduleId = $module->id;
}
if (isset($info->expireTime) && !MongodbUtil::isExpired($info->expireTime)) {
if (isset($module->roleAccess) && !empty($roleAccess = $module->roleAccess) && in_array($info->role, $roleAccess) && in_array($moduleId, $info->enabledMods)) {
//set the current user
$userId = $this->getUserId();
$controllerId = $this->owner->id;
$actionId = $this->owner->action->id;
// the current route
// change 'POST product/products' to 'product/product/create'
$route = "{$moduleId}/{$controllerId}/{$actionId}";
// find the sensitive operation with route
$condition = ['isActivated' => true, 'actions' => $route, 'accountId' => $info->accountId];
$option = SensitiveOperation::findOne($condition);
if (!empty($option)) {
// admin has all sensitive operation access authority
if ($info->role !== User::ROLE_ADMIN) {
if ($info->role !== User::ROLE_OPERATOR) {
// other's role hasn't sensitive operation access authority
throw new ForbiddenHttpException(Yii::t('common', 'no_permission'));
} else {
if (empty($option->users) || !in_array($info->userId, $option->users)) {
throw new ForbiddenHttpException(Yii::t('common', 'no_permission'));
}
}
}
}
define('CURRENT_USER_ID', $userId);
$info->expireTime = new \MongoDate(time() + Token::EXPIRE_TIME);
$updateResult = $info->update();
$this->updateAccessTokenExpire();
LogUtil::info(['tokenId' => $info->_id, 'updateResult' => $updateResult]);
return true;
} else {
throw new ForbiddenHttpException(Yii::t('common', 'no_permission'));
}
} else {
Yii::$app->language = LanguageUtil::getBrowserLanguage();
throw new UnauthorizedHttpException(Yii::t('common', 'login_timeout'));
}
}
}
throw new UnauthorizedHttpException(Yii::t('common', 'not_logined'));
}
