function establish(ConnectionConfiguration $connConfig)
{
$restConnection = new RestApiClient($this->buildEndpoint($connConfig), $connConfig->getSessionId());
$restConnection->setCompressionEnabled(WorkbenchConfig::get()->value("enableGzip"));
$restConnection->setUserAgent(getWorkbenchUserAgent());
$restConnection->setExternalLogReference($_SESSION['restDebugLog']);
//TODO: maybe replace w/ its own log?? //TODO: move into ctx
$restConnection->setLoggingEnabled(WorkbenchConfig::get()->value("debug") == true);
$restConnection->setProxySettings(getProxySettings());
$restConnection->setIncludeSessionCookie(WorkbenchConfig::get()->value("includeSessionCookie"));
return $restConnection;
}
private function oauthProcessLogin($code, $hostName, $apiVersion, $startUrl)
{
if (!$this->oauthEnabled) {
throw new Exception("OAuth not enabled");
}
// we set this again below to the real value returned,
// but in case it fails prior, need to set for logout iframe hack
if (isset($_SERVER['HTTP_REFERER']) && !empty($_SERVER['HTTP_REFERER'])) {
$_SESSION['oauth']['serverUrlPrefix'] = "https://" . parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST);
}
$oauthConfigs = WorkbenchConfig::get()->value("oauthConfigs");
$tokenUrl = "https://" . $hostName . "/services/oauth2/token";
if (!isset($oauthConfigs[$hostName]['key']) || !isset($oauthConfigs[$hostName]['secret'])) {
throw new Exception("Misconfigured OAuth Host");
}
$params = "code=" . $code . "&grant_type=authorization_code" . "&client_id=" . $oauthConfigs[$hostName]['key'] . "&client_secret=" . $oauthConfigs[$hostName]['secret'] . "&redirect_uri=" . urlencode($this->oauthBuildRedirectUrl());
$curl = curl_init($tokenUrl);
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, $params);
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
//TODO: use ca-bundle instead
$proxySettings = getProxySettings();
if ($proxySettings != null) {
curl_setopt($curl, CURLOPT_PROXY, $proxySettings["proxy_host"]);
curl_setopt($curl, CURLOPT_PROXYPORT, $proxySettings["proxy_port"]);
curl_setopt($curl, CURLOPT_PROXYUSERPWD, $proxySettings["proxy_username"] . ":" . $proxySettings["proxy_password"]);
}
try {
$json_response = curl_exec($curl);
if (curl_error($curl) != null) {
// not printing exception because it could contain the secret
throw new Exception("Unknown OAuth Error");
}
$status = curl_getinfo($curl, CURLINFO_HTTP_CODE);
$response = json_decode($json_response, true);
curl_close($curl);
} catch (Exception $e) {
throw new WorkbenchAuthenticationException("OAuth authentication failed connect to: " . $tokenUrl);
}
if (isset($response["error"]) && isset($response["error_description"])) {
throw new WorkbenchAuthenticationException($response["error"] . ": " . $response["error_description"]);
} else {
if ($status != 200) {
throw new WorkbenchAuthenticationException("Unknown OAuth Error. Status Code: {$status}");
}
}
$accessToken = $response['access_token'];
$serverUrlPrefix = $response['instance_url'];
$_SESSION['oauth']['serverUrlPrefix'] = $serverUrlPrefix;
if (empty($accessToken)) {
throw new Exception("OAuth response missing access token");
}
if (empty($serverUrlPrefix)) {
throw new Exception("OAuth response missing instance name");
}
$_POST['termsAccepted'] = 1;
// re-apply terms acceptance on oauth redirect
$this->processLogin(null, null, $serverUrlPrefix . "/services/Soap/u/" . $apiVersion, $accessToken, $startUrl);
}
function initCurlProxySettings(&$ch)
{
$options = getProxySettings();
if (isset($options['host']) && strlen($options['host'])) {
curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, TRUE);
curl_setopt($ch, CURLOPT_PROXY, sprintf("%s%s", $options['host'], isset($options['port']) && $options['port'] ? ':' . $options['port'] : ''));
// print(sprintf("%s%s",$options['host'],(isset($options['port'])&&($options['port'])) ? ':'.$options['port'] : '').'<br><hr>');
if (isset($options['user']) && strlen($options['user'])) {
curl_setopt($ch, CURLOPT_PROXYUSERPWD, sprintf("%s:%s", $options['user'], $options['password']));
// print(sprintf("%s:%s",$options['user'],$options['password']).'<br><hr>');
}
}
curl_setopt($ch, CURLOPT_USERAGENT, 'WebAsyst CURL 1.0');
}
<?php
require_once "context/WorkbenchContext.php";
require_once "util/PhpReverseProxy.php";
require_once "session.php";
if (!WorkbenchContext::isEstablished()) {
httpError("401 Unauthorized", "CometD Proxy only available if Workbench Context has been established.");
exit;
}
// dereference session-based vars so we can close the session before entering the proxy
// this will allow concurrent long requests on the same session to work better
$host = WorkbenchContext::get()->getHost();
$apiVersion = WorkbenchContext::get()->getApiVersion();
$forceSSL = WorkbenchContext::get()->isSecure();
$sessionId = WorkbenchContext::get()->getSessionId();
session_write_close();
$proxy = new PhpReverseProxy();
$proxy->headers[] = "Authorization: OAuth {$sessionId}";
$proxy->host = $host;
$proxy->forceSSL = $forceSSL;
$proxy->forward_path = "/cometd/{$apiVersion}";
$proxy->cookie_whitelist = array("sfdc-stream", "BAYEUX_BROWSER");
$proxy->proxy_settings = getProxySettings();
$proxy->is_forward_path_static = true;
$proxy->connect();
$proxy->output();