public function __invoke(Request $request, Application $app) { /** @var EventDispatcherInterface $dispatcher */ $dispatcher = $app['dispatcher']; $context = new Context(Context::CONTEXT_OAUTH2_TOKEN); $dispatcher->dispatch(PhraseaEvents::PRE_AUTHENTICATE, new PreAuthenticate($request, $context)); $dispatcher->dispatch(PhraseaEvents::API_OAUTH2_START, new ApiOAuth2StartEvent()); /** @var \API_OAuth2_Adapter $oauth2 */ $oauth2 = $app['oauth2-server']; if (false === $this->verifyAccessToken($oauth2)) { $dispatcher->dispatch(PhraseaEvents::API_OAUTH2_END, new ApiOAuth2EndEvent()); return null; } $token = $app['token']; if (!$token instanceof ApiOauthToken) { throw new NotFoundHttpException('Provided token is not valid.'); } $this->getSession($app)->set('token', $token); $oAuth2Account = $token->getAccount(); $oAuth2App = $oAuth2Account->getApplication(); /** @var PropertyAccess $conf */ $conf = $app['conf']; if ($oAuth2App->getClientId() == \API_OAuth2_Application_Navigator::CLIENT_ID && !$conf->get(['registry', 'api-clients', 'navigator-enabled'])) { return Result::createError($request, 403, 'The use of Phraseanet Navigator is not allowed')->createResponse(); } if ($oAuth2App->getClientId() == \API_OAuth2_Application_OfficePlugin::CLIENT_ID && !$conf->get(['registry', 'api-clients', 'office-enabled'])) { return Result::createError($request, 403, 'The use of Office Plugin is not allowed.')->createResponse(); } $authentication = $this->getAuthenticator($app); if ($authentication->isAuthenticated()) { $dispatcher->dispatch(PhraseaEvents::API_OAUTH2_END, new ApiOAuth2EndEvent()); $this->registerClosingAccountCallback($dispatcher, $app); return null; } $authentication->openAccount($oAuth2Account->getUser()); $oauth2->rememberSession($app['session']); $dispatcher->dispatch(PhraseaEvents::API_OAUTH2_END, new ApiOAuth2EndEvent()); $this->registerClosingAccountCallback($dispatcher, $app); return null; }
public function onSilexError(GetResponseForExceptionEvent $event) { $headers = []; $e = $event->getException(); if ($e instanceof MethodNotAllowedHttpException) { $code = 405; } elseif ($e instanceof BadRequestHttpException) { $code = 400; } elseif ($e instanceof AccessDeniedHttpException) { $code = 403; } elseif ($e instanceof UnauthorizedHttpException) { $code = 401; } elseif ($e instanceof NotFoundHttpException) { $code = 404; } elseif ($e instanceof HttpExceptionInterface) { if (503 === $e->getStatusCode()) { $code = \API_V1_result::ERROR_MAINTENANCE; } else { if (406 === $e->getStatusCode()) { $code = \API_V1_result::ERROR_UNACCEPTABLE; } else { $code = 500; } } } else { $code = 500; } if ($e instanceof HttpExceptionInterface) { $headers = $e->getHeaders(); } $response = Result::createError($event->getRequest(), $code, $e->getMessage())->createResponse(); $response->headers->set('X-Status-Code', $response->getStatusCode()); foreach ($headers as $key => $value) { $response->headers->set($key, $value); } $event->setResponse($response); }
public function onSilexError(GetResponseForExceptionEvent $event) { $headers = []; $e = $event->getException(); if ($e instanceof MethodNotAllowedHttpException) { $code = 405; } elseif ($e instanceof BadRequestHttpException) { $code = 400; } elseif ($e instanceof AccessDeniedHttpException) { $code = 403; } elseif ($e instanceof UnauthorizedHttpException) { $code = 401; } elseif ($e instanceof NotFoundHttpException) { $code = 404; } elseif ($e instanceof HttpExceptionInterface) { if (in_array($e->getStatusCode(), [400, 401, 403, 404, 405, 406, 503])) { $code = $e->getStatusCode(); } else { $code = 500; } } else { $code = 500; } if ($code == 500) { $this->logger->error($e->getMessage(), ['code' => $e->getCode(), 'trace' => $e->getTrace()]); } if ($e instanceof HttpExceptionInterface) { $headers = $e->getHeaders(); } $response = Result::createError($event->getRequest(), $code, $e->getMessage())->createResponse(); $response->headers->set('X-Status-Code', $response->getStatusCode()); foreach ($headers as $key => $value) { $response->headers->set($key, $value); } $event->setResponse($response); }
private function assertErrorMessage(Result $apiResult, $code, $type, $message, $detail) { $response = json_decode($apiResult->createResponse()->getContent()); $this->checkResponseFieldMeta($response, 'http_code', $code, \PHPUnit_Framework_Constraint_IsType::TYPE_INT); if (is_null($type)) { $this->assertObjectHasAttribute('error_type', $response->meta); $this->assertNull($response->meta->error_type); } else { $this->checkResponseFieldMeta($response, 'error_type', $type, \PHPUnit_Framework_Constraint_IsType::TYPE_STRING); } if (is_null($message)) { $this->assertObjectHasAttribute('error_message', $response->meta); $this->assertNull($response->meta->error_message); } else { $this->checkResponseFieldMeta($response, 'error_message', $message, \PHPUnit_Framework_Constraint_IsType::TYPE_STRING); } if (is_null($detail)) { $this->assertObjectHasAttribute('error_details', $response->meta); $this->assertNull($response->meta->error_details); } else { $this->checkResponseFieldMeta($response, 'error_details', $detail, \PHPUnit_Framework_Constraint_IsType::TYPE_STRING); } }
$request->setRequestFormat(Result::FORMAT_JSONP); } else { $request->setRequestFormat($request->getFormat($format->getValue())); } // tells whether asked format is extended or not $request->attributes->set('_extended', in_array($request->getRequestFormat(Result::FORMAT_JSON), array(Result::FORMAT_JSON_EXTENDED, Result::FORMAT_YAML_EXTENDED, Result::FORMAT_JSONP_EXTENDED))); }, PhraseaApplication::EARLY_EVENT); $app->after(function (Request $request, Response $response) use($app) { if ($request->getRequestFormat(Result::FORMAT_JSON) === Result::FORMAT_JSONP && !$response->isOk() && !$response->isServerError()) { $response->setStatusCode(200); } // set response content type if (!$response->headers->get('Content-Type')) { $response->headers->set('Content-Type', $request->getMimeType($request->getRequestFormat(Result::FORMAT_JSON))); } }); $app->get('/api/', function (Request $request, SilexApplication $app) { return Result::create($request, ['name' => $app['conf']->get(['registry', 'general', 'title']), 'type' => 'phraseanet', 'description' => $app['conf']->get(['registry', 'general', 'description']), 'documentation' => 'https://docs.phraseanet.com/Devel', 'versions' => ['1' => ['number' => V1::VERSION, 'uri' => '/api/v1/', 'authenticationProtocol' => 'OAuth2', 'authenticationVersion' => 'draft#v9', 'authenticationEndPoints' => ['authorization_token' => '/api/oauthv2/authorize', 'access_token' => '/api/oauthv2/token']]]])->createResponse(); }); $app->mount('/api/oauthv2', new Oauth2()); $app->mount('/api/v1', new V1()); $app['dispatcher'] = $app->share($app->extend('dispatcher', function ($dispatcher, PhraseaApplication $app) { $dispatcher->addSubscriber(new ApiOauth2ErrorsSubscriber($app['phraseanet.exception_handler'], $app['translator'])); return $dispatcher; })); $app->after(function (Request $request, Response $response) use($app) { $app['dispatcher']->dispatch(PhraseaEvents::API_RESULT, new ApiResultEvent($request, $response)); }); $app['dispatcher']->addSubscriber(new ApiCorsSubscriber($app)); return $app; }, isset($environment) ? $environment : PhraseaApplication::ENV_PROD);
public function ensureCanMoveRecord(Request $request, Application $app) { $user = $app['session']->get('token')->getAccount()->getUser(); $record = $app['phraseanet.appbox']->get_databox($request->attributes->get('databox_id'))->get_record($request->attributes->get('record_id')); if (!$app['acl']->get($user)->has_right('addrecord') && !$app['acl']->get($user)->has_right('deleterecord') || !$app['acl']->get($user)->has_right_on_base($record->get_base_id(), 'candeleterecord')) { return Result::createError($request, 401, 'You are not authorized')->createResponse(); } }
public function ensureCanMoveRecord(Request $request) { $user = $this->getApiAuthenticatedUser(); $record = $this->findDataboxById($request->attributes->get('databox_id'))->get_record($request->attributes->get('record_id')); // TODO: Check comparison. seems to be a mismatch if (!$this->getAclForUser($user)->has_right('addrecord') && !$this->getAclForUser($user)->has_right('deleterecord') || !$this->getAclForUser($user)->has_right_on_base($record->getBaseId(), 'candeleterecord')) { return Result::createError($request, 401, 'You are not authorized')->createResponse(); } return null; }