public function accesstokenlistAction()
{
$this->_helper->layout->disableLayout();
$this->_helper->viewRenderer->setNoRender();
$uid = $this->session->userid;
header("Content-Type:text/xml");
echo "<" . "?xml version='1.0'?" . ">";
//Check if user is logged in
if ($_SERVER['HTTPS'] != "on") {
header("HTTP/1.0 403 Forbidden");
return;
}
if ($uid == null) {
header("HTTP/1.0 403 Forbidden");
echo "<accesstokens error='Not logged in' ></accesstokens>";
return;
}
if ($_SERVER['REQUEST_METHOD'] == 'PUT') {
//Generate new access token
//Create an access token for current user
$result = AccessTokens::createPersonalAccessToken($uid);
if ($result !== true) {
echo "<accesstokens error='" . $result . "' ></accesstokens>";
return;
}
} else {
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
//Update netfilters of given tokenid
//Check if acccess token exists
$tokenid = isset($_GET["k"]) ? intval($_GET["k"]) : null;
$nfltdata = json_decode($_POST["data"]);
$nflts = array_unique($nfltdata->netfilters);
$result = AccessTokens::setNetfilters($uid, $tokenid, $nflts);
if ($result !== true) {
echo "<accesstokens error='" . $result . "' ></accesstokens>";
return;
}
} else {
if ($_SERVER['REQUEST_METHOD'] == 'DELETE') {
//Delete given token along with its netfilters
$tokenid = isset($_GET["k"]) ? intval($_GET["k"]) : null;
$result = AccessTokens::removeAccessToken($uid, $tokenid);
if ($result !== true) {
echo "<accesstokens error='" . $result . "' ></accesstokens>";
return;
}
}
}
}
//Return xml representation of access tokens for the current user
$acctokenslist = new Default_Model_AccessTokens();
$acctokenslist->filter->addedby->equals($uid)->and($acctokenslist->filter->type->like('personal'));
$acctokens = $acctokenslist->items;
echo "<accesstokens count='" . count($acctokens) . "' >";
if (count($acctokens) === 0) {
echo "</accesstokens>";
return;
}
foreach ($acctokens as $acctoken) {
echo "<accesstoken id='" . $acctoken->id . "' token='" . $acctoken->token . "' addedby='" . $acctoken->addedbyid . "' createdon='" . $acctoken->createdon . "' tokentype='" . $acctoken->type . "' ";
$netfilters = new Default_Model_AccessTokenNetfilters();
$netfilters->filter->tokenid->equals($acctoken->id);
$nfilters = $netfilters->items;
echo "netfilters='" . count($nfilters) . "' >";
foreach ($nfilters as $netfilter) {
echo "<netfilter value='" . $netfilter->netfilter . "' ></netfilter>";
}
echo "</accesstoken>";
}
echo "</accesstokens>";
}
/**
* realization of authenticate() from iRestAuthModule
*/
public function authenticate()
{
//if ( ! isset($this->_userid) ) {
if (true) {
if (!is_null($this->getParam("userid")) && !is_null($this->getParam("passwd")) && !is_null($this->getParam("apikey"))) {
// SAML Token auth
$keys = new Default_Model_APIKeys();
$keys->filter->key->equals($this->getParam("apikey"));
if (count($keys->items) === 1) {
if ($this->_validateAPIKey($keys->items[0])) {
$u = new Default_Model_UserCredentials();
$u->filter->researcherid->equals($this->getParam("userid"))->and($u->filter->sessionid->equals($this->getParam("sessionid"))->and($u->filter->token->equals($this->getParam("passwd"))));
if (count($u->items) > 0) {
$u = new Default_Model_Researchers();
$u->filter->id->equals($this->getParam("userid"));
if (count($u->items) > 0) {
$this->_userid = $u->items[0]->id;
$this->_userGroups = $u->items[0]->actorGroups;
return $this->_validateAPIKeyAuthMethod($keys->items[0], $u->items[0]);
}
}
}
}
} elseif (!is_null($this->getParam("username")) && !is_null($this->getParam("passwd")) && !is_null($this->getParam("apikey"))) {
// EGI SSO Account auth
$keys = new Default_Model_APIKeys();
$keys->filter->key->equals(trim($this->getParam("apikey")));
if (count($keys->items) === 1) {
if ($this->_validateAPIKey($keys->items[0])) {
//$u = new Default_Model_Researchers();
//$u->filter->username->equals($this->getParam("username"));
$u = new Default_Model_UserAccounts();
$u->filter->account_type->equals('egi-sso-ldap')->and($u->filter->accountid->equals($this->getParam("username")));
if (count($u->items) > 0) {
$username = $this->getParam("username");
$userid = $u->items[0]->researcherid;
$u = $u->items[0]->researcher;
$this->_userGroups = $u->actorGroups;
} else {
$username = null;
}
if ($username !== null) {
$username = "******" . $username . ",ou=people,dc=egi,dc=eu";
$password = $this->getParam('passwd');
$ds = initLDAP(true, $username, $password, 'RestResource::ldapErrorFunc');
if (is_resource($ds)) {
//login info was valid
ldap_close($ds);
// error_log('API call authenticated');
$this->_userid = $userid;
$_GET['userid'] = $userid;
return $this->_validateAPIKeyAuthMethod($keys->items[0], $u);
} else {
error_log('API call authentication failed');
}
}
}
}
} elseif (!is_null($this->getParam("accesstoken"))) {
$actor = AccessTokens::getActorByToken($this->getParam("accesstoken"), true);
if ($actor !== null) {
if ($actor->type === "ppl") {
$this->_userid = $actor->id;
$_GET['userid'] = $actor->id;
return true;
}
} else {
error_log("API call authentication failed: cannot map access token to actor (invalid token?)");
}
}
$this->_userid = 0;
return false;
} else {
return $this->_userid !== 0;
}
}