public function token($api, $args)
{
$validVersion = $this->isSupportedClientVersion($api, $args);
if (!$validVersion) {
throw new SugarApiExceptionClientOutdated();
}
$oauth2Server = $this->getOAuth2Server($args);
try {
$GLOBALS['logic_hook']->call_custom_logic('Users', 'before_login');
$authData = $oauth2Server->grantAccessToken($args);
// if we're here, the login was OK
if (!empty($GLOBALS['current_user'])) {
//Update password expired since user's essentially logged in at this point
require_once 'modules/Users/password_utils.php';
$GLOBALS['current_user']->call_custom_logic('after_login');
}
$cleanupChance = isset($GLOBALS['sugar_config']['token_cleanup_probability']) ? (int) $GLOBALS['sugar_config']['token_cleanup_probability'] : 10;
if (mt_rand() % $cleanupChance == 0) {
// cleanup based on probability
OAuthToken::cleanup();
}
} catch (OAuth2ServerException $e) {
// failed to get token - something went wrong - list as failed login
$GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed');
throw $e;
} catch (SugarApiExceptionNeedLogin $e) {
$GLOBALS['logic_hook']->call_custom_logic('Users', 'login_failed');
// have API throw login exception wil full data
$api->needLogin($e);
}
$loginStatus = apiCheckLoginStatus();
if ($loginStatus !== true && $loginStatus['level'] != 'warning') {
if (($loginStatus['level'] == 'admin_only' || $loginStatus['level'] == 'maintenance') && $GLOBALS['current_user']->isAdmin()) {
// Let them through
} else {
// This is no good, they shouldn't be allowed in.
$e = new SugarApiExceptionMaintenance($loginStatus['message'], null, null, 0, $loginStatus['level']);
if (!empty($loginStatus['url'])) {
$e->setExtraData("url", $loginStatus['url']);
}
$api->needLogin($e);
return;
}
}
$platform = 'base';
if (!empty($args['platform'])) {
$platform = $args['platform'];
}
// Adding the setcookie() here instead of calling $api->setHeader() because
// manually adding a cookie header will break 3rd party apps that use cookies
setcookie(RestService::DOWNLOAD_COOKIE . '_' . $platform, $authData['download_token'], time() + $authData['refresh_expires_in'], ini_get('session.cookie_path'), ini_get('session.cookie_domain'), ini_get('session.cookie_secure'), true);
// For reauth requests we need to send back the session cookie as well to
// keep the client in sync if there was a session cookie to begin with
if (isset($_COOKIE[session_name()]) && !empty($args['grant_type']) && $args['grant_type'] == 'refresh_token' && !empty($args['refresh'])) {
$this->sendSessionCookie();
}
return $authData;
}
/**
* @ticket 62822
*/
public function testCleanup()
{
// create request token
$tok = OAuthToken::generate();
$tok->consumer = create_guid();
$tok->setState(OAuthToken::REQUEST);
$tok->assigned_user_id = $GLOBALS['current_user']->id;
$tok->save();
// create invalid token
$tok = OAuthToken::generate();
$tok->consumer = create_guid();
$tok->setState(OAuthToken::INVALID);
$tok->assigned_user_id = $GLOBALS['current_user']->id;
$tok->save();
$cnt = $GLOBALS['db']->getOne("SELECT count(*) c FROM {$tok->table_name} WHERE assigned_user_id=" . $GLOBALS['db']->quoted($GLOBALS['current_user']->id));
$this->assertEquals(2, $cnt, "Wrong number of tokens in the table");
// set time way in the past
$GLOBALS['db']->query("UPDATE {$tok->table_name} SET token_ts=1 WHERE assigned_user_id=" . $GLOBALS['db']->quoted($GLOBALS['current_user']->id));
// run cleanup
OAuthToken::cleanup();
// ensure tokens are gone
$cnt = $GLOBALS['db']->getOne("SELECT count(*) c FROM {$tok->table_name} WHERE assigned_user_id=" . $GLOBALS['db']->quoted($GLOBALS['current_user']->id));
$this->assertEquals(0, $cnt, "Tokens were not deleted");
}
/**
* Create OAuth provider
*
* Checks current request for OAuth valitidy
* @param bool $add_rest add REST endpoint as request path
*/
public function __construct($req_path = '')
{
$GLOBALS['log']->debug("OAUTH: __construct({$req_path}): " . var_export($_REQUEST, true));
$this->check();
$this->provider = new Zend_Oauth_Provider();
try {
$this->provider->setConsumerHandler(array($this, 'lookupConsumer'));
$this->provider->setTimestampNonceHandler(array($this, 'timestampNonceChecker'));
$this->provider->setTokenHandler(array($this, 'tokenHandler'));
if (!empty($req_path)) {
$this->provider->setRequestTokenPath($req_path);
// No token needed for this end point
}
$this->provider->checkOAuthRequest(null, $this->decodePostGet());
if (mt_rand() % 10 == 0) {
// cleanup 1 in 10 times
OAuthToken::cleanup();
}
} catch (Exception $e) {
$GLOBALS['log']->debug($this->reportProblem($e));
throw $e;
}
}
public function testcleanup()
{
//execute the method and test if it works and does not throws an exception.
try {
OAuthToken::cleanup();
$this->assertTrue(true);
} catch (Exception $e) {
$this->fail();
}
}
