/**
* Check that this token is either a user token or the
* site's API token, and auth the current request for that user if so.
*
* @return \Idno\Entities\User user on success
*/
private static function authenticate()
{
$access_token = \Idno\Core\Input::getInput('access_token');
$headers = \Idno\Common\Page::getallheaders();
if (!empty($headers['Authorization'])) {
$token = $headers['Authorization'];
$token = trim(str_replace('Bearer', '', $token));
} else {
if ($token = \Idno\Core\Input::getInput('access_token')) {
$token = trim($token);
}
}
if (!empty($token)) {
$found = Token::findUserForToken($token);
if (!empty($found)) {
\Idno\Core\Idno::site()->session()->setIsAPIRequest(true);
$user = $found['user'];
\Idno\Core\Idno::site()->session()->refreshSessionUser($user);
return $user;
}
$user = \Idno\Entities\User::getOne(array('admin' => true));
if ($token == $user->getAPIkey()) {
\Idno\Core\Idno::site()->session()->setIsAPIRequest(true);
\Idno\Core\Idno::site()->session()->refreshSessionUser($user);
return $user;
}
}
return false;
}
function registerEventHooks()
{
\Idno\Core\Idno::site()->addEventHook('syndicate', function (\Idno\Core\Event $event) {
$object = $event->data()['object'];
$object_type = $event->data()['object_type'];
$syndication = Input::getInput('syndication');
$object_array = $object->saveToArray();
$object_array['url'] = $object->getURL();
if (\Idno\Core\Idno::site()->hub()) {
$results = \Idno\Core\Idno::site()->hub()->makeCall('hub/user/syndication/post', ['object' => $object_array, 'object_type' => $object_type, 'syndication' => $syndication]);
if ($object_array = json_decode($results['content'], true)) {
$object->loadFromArray($object_array);
$object->save();
}
}
});
}
/**
* Retrieves input.
*
* @param string $name Name of the input variable
* @param mixed $default A default return value if no value specified (default: null)
* @param boolean $filter Whether or not to filter the variable for safety (default: null), you can pass
* a callable method, function or enclosure with a definition like function($name, $value), which
* will return the filtered result.
* @return mixed
*/
function getInput($name, $default = null, callable $filter = null)
{
if (!empty($name)) {
$request = \Idno\Core\Input::getInput($name, $default, $filter);
if (!empty($request)) {
$value = $request;
} else {
if (!empty($this->data[$name])) {
$value = $this->data[$name];
}
}
if (empty($value) && !empty($default)) {
$value = $default;
}
if (!empty($value)) {
if (isset($filter) && is_callable($filter) && empty($request)) {
$value = call_user_func($filter, $name, $value);
}
// TODO, we may want to add some sort of system wide default filter for when $filter is null
return $value;
}
}
return false;
}
/**
* Called at the beginning of each request handler, attempts to authorize the request.
*
* Checks HTTP request headers to see if the request has been properly
* signed for API access.
*
* If this is not an API request, then check the session for the logged in user's credentials.
*
* Triggers "user/auth/request" to give plugins an opportunity to implement their own auth mechanism.
* Then "user/auth/success" or "user/auth/failure" depending on if a user was found for the provided credentials.
*
* @return \Idno\Entities\User|false The logged-in user, or false otherwise
*/
function tryAuthUser()
{
// attempt to delegate auth to a plugin (note: plugin is responsible for calling setIsAPIRequest or not)
$return = \Idno\Core\Idno::site()->triggerEvent('user/auth/request', [], false);
// auth standard API requests
if (!$return && !empty($_SERVER['HTTP_X_KNOWN_USERNAME']) && !empty($_SERVER['HTTP_X_KNOWN_SIGNATURE'])) {
\Idno\Core\Idno::site()->logging()->debug("Attempting to auth via API credentials");
$this->setIsAPIRequest(true);
$t = \Idno\Core\Input::getInput('_t');
if (empty($t)) {
\Idno\Core\Idno::site()->template()->setTemplateType('json');
}
if ($user = \Idno\Entities\User::getByHandle($_SERVER['HTTP_X_KNOWN_USERNAME'])) {
\Idno\Core\Idno::site()->logging()->debug("API auth found user by username: "******"API auth verified signature for user: "******"API auth failed signature validation for user: "******"Warning: Access credentials were sent over a non-secured connection! To disable this warning set disable_cleartext_warning in your config.ini");
}
// If this is an API request but we're not logged in, set page response code to access denied
if (!$return) {
$ip = $_SERVER['REMOTE_ADDR'];
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$proxies = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
// We are behind a proxy
$ip = trim($proxies[0]);
}
\Idno\Core\Idno::site()->logging()->error("API Login failure from {$ip}");
}
}
$return = \Idno\Core\Idno::site()->triggerEvent($return ? "user/auth/success" : "user/auth/failure", array("user" => $return, "is api" => $this->isAPIRequest()), $return);
return $return;
}
