/** * Called synchronously before possibly submitting to async framework */ public function preExecute() { if ($this->requestMethod !== 'GET') { validateCsrfToken(); } // clean up the URL $this->url = str_replace(' ', '+', trim($this->url)); if (in_array($this->requestMethod, RestApiClient::getMethodsWithBodies()) && trim($this->requestBody) == "") { throw new WorkbenchHandledException("Must include a Request Body."); } }
/** * Called synchronously before possibly submitting to async framework */ public function preExecute() { if ($this->requestMethod !== 'GET') { validateCsrfToken(); } // clean up the URL $this->url = str_replace(' ', '+', trim($this->url)); if (in_array($this->requestMethod, RestApiClient::getMethodsWithBodies()) && trim($this->requestBody) == "") { if (stripos($this->requestHeaders, "Content-Type: application/json") !== false) { // If nothing's specified in the JSON body, set it to null. $this->requestBody = "null"; } else { throw new WorkbenchHandledException("Must include a Request Body."); } } }
public function processRequest() { if (isset($_POST['signed_request'])) { $this->processSignedRequest($_POST['signed_request']); return; } if (isset($_REQUEST["code"])) { if (!isset($_REQUEST['state'])) { throw new Exception("Invalid OAuth State"); } $state = json_decode($_REQUEST['state']); if (WorkbenchConfig::get()->value("loginCsrfEnabled")) { $_REQUEST['CSRF_TOKEN'] = $state->csrfToken; validateCsrfToken(); } $this->oauthProcessLogin($_REQUEST["code"], $state->host, $state->apiVersion, $state->startUrl); return; } if (WorkbenchConfig::get()->value("loginCsrfEnabled")) { if (!validateCsrfToken(false)) { $this->addError('This login method is not supported.'); return; } } if ($this->termsRequired && !isset($_POST['termsAccepted'])) { $this->addError("You must agree to terms of service."); return; } if (isset($_REQUEST['loginType']) && $_REQUEST['loginType'] == "oauth") { if (!isset($_POST["oauth_host"]) || !isset($_POST["api"])) { throw new Exception("Invalid parameters for Oauth login"); } $state = json_encode(array("host" => $_POST["oauth_host"], "apiVersion" => $_POST["oauth_apiVersion"], "csrfToken" => getCsrfToken(), "startUrl" => $this->startUrl)); $this->oauthRedirect($_POST["oauth_host"], $state); } else { $pw = isset($_REQUEST['pw']) ? $_REQUEST['pw'] : null; $sid = isset($_REQUEST['sid']) ? $_REQUEST['sid'] : null; $serverUrl = $this->buildServerUrl(); // special-cases for UI vs API logins if (isset($_POST['uiLogin'])) { $this->processRememberUserCookie(); } else { $_REQUEST['autoLogin'] = 1; } $this->processLogin($this->username, $pw, $serverUrl, $sid, $this->startUrl); } }
httpError("403.4 SSL Required", "Secure connection to Workbench and Salesforce required"); //TODO: what do we want to do here? } //kick user back to login page for any page that requires a session and one isn't established $myPage = getMyPage(); if (!isLoggedIn() && $myPage->requiresSfdcSession) { session_unset(); session_destroy(); header('Location: login.php'); exit; } if (!$myPage->isReadOnly && isReadOnlyMode()) { throw new WorkbenchHandledException("This page is not accessible in read-only mode"); } if (WorkbenchContext::isEstablished() && !$myPage->isReadOnly && $_SERVER['REQUEST_METHOD'] == 'POST') { validateCsrfToken(); } if (WorkbenchContext::isEstablished() && isset($_POST['termsAccepted'])) { WorkbenchContext::get()->agreeToTerms(); } if (isLoggedIn()) { // todo: should this be in the ctx? if (!in_array(basename($_SERVER['PHP_SELF'], ".php"), array("login", "logout")) && isset($_SESSION['lastRequestTime'])) { $idleTime = microtime(true) - $_SESSION['lastRequestTime']; if ($idleTime > WorkbenchConfig::get()->value("sessionIdleMinutes") * 60) { // ping SFDC to check if session is still alive WorkbenchContext::get()->getPartnerConnection()->getServerTimestamp(); } } $_SESSION['lastRequestTime'] = microtime(true); }