/** * Setup an authenticated AIR user for this request * * @param string|Doctrine_Record $user the air user's name, or user object * @param array $authz (optional) an associative array of organizations and permissions */ public function set_user($user, $authz = null) { $usr = new AirUser(); if (is_string($user)) { if ($authz != null) { $usr->set_authz($authz); } $typedef = array('user' => array('type' => 'S')); // make system user $tktarr = $usr->get_tkt($user, 1, $typedef); // 1=fake user ID } else { $tktarr = $usr->create_tkt($user, false); } foreach ($tktarr as $ckname => $ckval) { $this->browser->setcookie($ckname, $ckval); $this->cookies[$ckname] = $ckval; } }
/** * Getting the public responses to display * * @return void * @param unknown $inq_uuid (optional) */ public function search($inq_uuid = null) { $query_term = $this->input->get('q'); $resp_format = $this->input->get('t'); $api_key = $this->input->get('a'); if (!$resp_format) { $resp_format = 'JSON'; } // "view" only used for errors // otherwise proxy response sets its own headers // we do not have any HTML view, so if that is detected, // it was the default. override with our local response format detection. if ($this->airoutput->view == 'html') { $this->airoutput->view = strtolower($resp_format); $this->airoutput->format = $this->router->get_content_type_for_view($this->airoutput->view); } elseif (!$this->input->get('t')) { $resp_format = strtoupper($this->airoutput->view); } $api_key_rec = null; if (!strlen($api_key)) { $this->response(array('success' => false, 'error' => 'API Key Required'), 401); return; } else { $api_key_rec = APIKey::find('APIKey', $api_key); if (!$api_key_rec || !$api_key_rec->ak_approved) { $this->response(array('success' => false, 'error' => 'Invalid API Key'), 403); return; } // ok key. log it. $ip_address = $this->input->server('REMOTE_ADDR'); $api_stat = new APIStat(); $api_stat->APIKey = $api_key_rec; $api_stat->as_ip_addr = $ip_address; $api_stat->save(); } // validity checks if ($this->method != 'GET') { header('Allow: GET', true, 405); $this->response(array('success' => false), 405); return; } if (!strlen($query_term)) { $this->response(array('success' => false, 'error' => '"q" param required'), 400); return; } if ($inq_uuid) { $query_term = "(" . $query_term . ") AND inq_uuid={$inq_uuid}"; } $airuser = new AirUser(); $tkt = $airuser->get_tkt($api_key_rec->ak_email, 0); $tktname = null; $tktval = null; foreach ($tkt as $k => $v) { $tktname = $k; $tktval = $v; } $opts = array("url" => AIR2_SEARCH_URI . '/public-responses/search', "cookie_name" => $tktname, "params" => array('t' => $resp_format), "tkt" => $tktval, "query" => $query_term, "GET" => true); $search_proxy = new Search_Proxy($opts); $response = $search_proxy->response(); $body = $response['json']; $this->airoutput->format = $response['response']['content_type']; $this->airoutput->send_headers($response['response']['http_code']); // if JSONP requested, wrap response if ($this->input->get('callback')) { echo $this->input->get('callback') . '(' . $body . ');'; } else { echo $body; } }
* This file is part of AIR2. * * AIR2 is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * AIR2 is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with AIR2. If not, see <http://www.gnu.org/licenses/>. * *************************************************************************/ require_once realpath(dirname(__FILE__) . '/../app/init.php'); require_once 'AirUser.php'; require_once 'User.php'; require_once 'AIR2_DBManager.php'; AIR2_DBManager::init(); array_shift($argv); $length = count($argv); for ($i = 0; $i < $length; $i++) { $airUser = new AirUser(); // user_username => $username )->load; $username = $argv[$i]; $user = Doctrine::getTable('User')->findOneBy('user_username', $username); $tkt = $airUser->get_tkt($user->user_username, $user->user_id); var_dump($tkt); }
<html> <head> <title>AIR2 auth check</title> </head> <body> <pre> <?php require_once realpath(dirname(__FILE__) . '/../app/init.php'); require_once 'AirUser.php'; $air_user = new AirUser(); printf("username=%s\n", $air_user->get_username()); print_r($air_user->get_authz()); ?> </pre> </body> </html>
/** * Add the results of a search (submissions or source) to a bin * * @param User $u * @param Bin $bin * @param array $params * @param string $notes * @return array $counts */ public static function add_search($u, $bin, $params, $notes = null) { if (!isset($params['i']) || !isset($params['q']) || !isset($params['total'])) { throw new Exception("Invalid search parameters - req'd: i, q, total"); } $i = $params['i']; $q = $params['q']; $M = isset($params['M']) ? $params['M'] : null; $total = $params['total']; // sanity check $valid_indexes = array('sources', 'active-sources', 'primary-sources', 'responses', 'fuzzy-sources', 'fuzzy-active-sources', 'fuzzy-primary-sources', 'fuzzy-responses', 'strict-sources', 'strict-active-sources', 'strict-primary-sources', 'strict-responses'); if (!in_array($i, $valid_indexes)) { throw new Exception("Invalid search type '{$i}'"); } // make sure we have an auth tkt $tkt = isset($_COOKIE[AIR2_AUTH_TKT_NAME]) ? $_COOKIE[AIR2_AUTH_TKT_NAME] : null; if (!$tkt) { $airuser = new AirUser(); $tkt = $airuser->get_tkt($u->user_username, $u->user_id); $tkt = $tkt[AIR2_AUTH_TKT_NAME]; } // call the search server $proxy = new Search_Proxy(array('url' => sprintf("%s/%s/search", AIR2_SEARCH_URI, $i), 'cookie_name' => AIR2_AUTH_TKT_NAME, 'query' => $q, 'params' => array('u' => 1, 'limit' => $total, 'M' => $M), 'tkt' => $tkt, 'GET' => true)); $rsp = $proxy->response(); //error_log(var_export($rsp, 1)); $json = json_decode($rsp['json'], true); if (!$json['success']) { throw new Exception("Search server returned error: " . $json['error']); } // check the total against the expected total if ($json['total'] != $total) { throw new Exception("Search returned unexpected total! Expected " . $json['total'] . ", got {$rsp_total}. Aborting operation!"); } // add sources or responses if ($i == 'responses' || $i == 'fuzzy-responses' || $i == 'strict-responses') { return self::add_submissions($bin, $json['results'], $notes); } else { return self::add_sources($bin, $json['results'], $notes); } }