예제 #1
0
 public function token($api, $args)
 {
     $validVersion = $this->isSupportedClientVersion($api, $args);
     if (!$validVersion) {
         throw new SugarApiExceptionClientOutdated();
     }
     $oauth2Server = $this->getOAuth2Server($args);
     try {
         $GLOBALS['logic_hook']->call_custom_logic('Users', 'before_login');
         $authData = $oauth2Server->grantAccessToken($args);
         // if we're here, the login was OK
         if (!empty($GLOBALS['current_user'])) {
             //Update password expired since user's essentially logged in at this point
             require_once 'modules/Users/password_utils.php';
             $GLOBALS['current_user']->call_custom_logic('after_login');
         }
         $cleanupChance = isset($GLOBALS['sugar_config']['token_cleanup_probability']) ? (int) $GLOBALS['sugar_config']['token_cleanup_probability'] : 10;
         if (mt_rand() % $cleanupChance == 0) {
             // cleanup based on probability
             OAuthToken::cleanup();
         }
     } catch (OAuth2ServerException $e) {
         // failed to get token - something went wrong - list as failed login
         $GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed');
         throw $e;
     } catch (SugarApiExceptionNeedLogin $e) {
         $GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed');
         // have API throw login exception wil full data
         $api->needLogin($e);
     }
     $loginStatus = apiCheckLoginStatus();
     if ($loginStatus !== true && $loginStatus['level'] != 'warning') {
         if (($loginStatus['level'] == 'admin_only' || $loginStatus['level'] == 'maintenance') && $GLOBALS['current_user']->isAdmin()) {
             // Let them through
         } else {
             // This is no good, they shouldn't be allowed in.
             $e = new SugarApiExceptionMaintenance($loginStatus['message'], null, null, 0, $loginStatus['level']);
             if (!empty($loginStatus['url'])) {
                 $e->setExtraData("url", $loginStatus['url']);
             }
             $api->needLogin($e);
             return;
         }
     }
     $platform = 'base';
     if (!empty($args['platform'])) {
         $platform = $args['platform'];
     }
     // Adding the setcookie() here instead of calling $api->setHeader() because
     // manually adding a cookie header will break 3rd party apps that use cookies
     setcookie(RestService::DOWNLOAD_COOKIE . '_' . $platform, $authData['download_token'], time() + $authData['refresh_expires_in'], ini_get('session.cookie_path'), ini_get('session.cookie_domain'), ini_get('session.cookie_secure'), true);
     // For reauth requests we need to send back the session cookie as well to
     // keep the client in sync if there was a session cookie to begin with
     if (isset($_COOKIE[session_name()]) && !empty($args['grant_type']) && $args['grant_type'] == 'refresh_token' && !empty($args['refresh'])) {
         $this->sendSessionCookie();
     }
     return $authData;
 }
예제 #2
0
 /**
  * @ticket 62822
  */
 public function testCleanup()
 {
     // create request token
     $tok = OAuthToken::generate();
     $tok->consumer = create_guid();
     $tok->setState(OAuthToken::REQUEST);
     $tok->assigned_user_id = $GLOBALS['current_user']->id;
     $tok->save();
     // create invalid token
     $tok = OAuthToken::generate();
     $tok->consumer = create_guid();
     $tok->setState(OAuthToken::INVALID);
     $tok->assigned_user_id = $GLOBALS['current_user']->id;
     $tok->save();
     $cnt = $GLOBALS['db']->getOne("SELECT count(*) c FROM {$tok->table_name} WHERE assigned_user_id=" . $GLOBALS['db']->quoted($GLOBALS['current_user']->id));
     $this->assertEquals(2, $cnt, "Wrong number of tokens in the table");
     // set time way in the past
     $GLOBALS['db']->query("UPDATE {$tok->table_name} SET token_ts=1 WHERE assigned_user_id=" . $GLOBALS['db']->quoted($GLOBALS['current_user']->id));
     // run cleanup
     OAuthToken::cleanup();
     // ensure tokens are gone
     $cnt = $GLOBALS['db']->getOne("SELECT count(*) c FROM {$tok->table_name} WHERE assigned_user_id=" . $GLOBALS['db']->quoted($GLOBALS['current_user']->id));
     $this->assertEquals(0, $cnt, "Tokens were not deleted");
 }
예제 #3
0
 /**
  * Create OAuth provider
  *
  * Checks current request for OAuth valitidy
  * @param bool $add_rest add REST endpoint as request path
  */
 public function __construct($req_path = '')
 {
     $GLOBALS['log']->debug("OAUTH: __construct({$req_path}): " . var_export($_REQUEST, true));
     $this->check();
     $this->provider = new Zend_Oauth_Provider();
     try {
         $this->provider->setConsumerHandler(array($this, 'lookupConsumer'));
         $this->provider->setTimestampNonceHandler(array($this, 'timestampNonceChecker'));
         $this->provider->setTokenHandler(array($this, 'tokenHandler'));
         if (!empty($req_path)) {
             $this->provider->setRequestTokenPath($req_path);
             // No token needed for this end point
         }
         $this->provider->checkOAuthRequest(null, $this->decodePostGet());
         if (mt_rand() % 10 == 0) {
             // cleanup 1 in 10 times
             OAuthToken::cleanup();
         }
     } catch (Exception $e) {
         $GLOBALS['log']->debug($this->reportProblem($e));
         throw $e;
     }
 }
예제 #4
0
 public function testcleanup()
 {
     //execute the method and test if it works and does not throws an exception.
     try {
         OAuthToken::cleanup();
         $this->assertTrue(true);
     } catch (Exception $e) {
         $this->fail();
     }
 }