Exemplo n.º 1
0
 public function postProcess()
 {
     /* PrestaShop demo mode */
     if (_PS_MODE_DEMO_) {
         $this->_errors[] = Tools::displayError('This functionnality has been disabled.');
         return;
     }
     /* PrestaShop demo mode*/
     if (Tools::getValue('key') && strlen(Tools::getValue('key')) < 32) {
         $this->_errors[] = Tools::displayError($this->l('Key length must be 32 character long'));
     }
     if (WebserviceKey::keyExists(Tools::getValue('key')) && !Tools::getValue('id_webservice_account')) {
         $this->_errors[] = Tools::displayError($this->l('Key already exists'));
     }
     return parent::postProcess();
 }
Exemplo n.º 2
0
 protected function afterUpdate($object)
 {
     Tools::generateHtaccess();
     WebserviceKey::setPermissionForAccount($object->id, Tools::getValue('resources', array()));
 }
Exemplo n.º 3
0
    $input_xml = $_REQUEST['xml'];
} else {
    // if no XML
    $input_xml = NULL;
    // if a XML is in PUT
    if ($_SERVER['REQUEST_METHOD'] == 'PUT') {
        $putresource = fopen("php://input", "r");
        while ($putData = fread($putresource, 1024)) {
            $input_xml .= $putData;
        }
        fclose($putresource);
    }
}
$params = $_GET;
unset($params['url']);
$class_name = WebserviceKey::getClassFromKey($key);
$bad_class_name = false;
if (!class_exists($class_name)) {
    $class_name = 'WebserviceRequest';
    $bad_class_name = true;
}
// fetch the request
WebserviceRequest::$ws_current_classname = $class_name;
$request = call_user_func(array($class_name, 'getInstance'));
$result = $request->fetch($key, $method, $_GET['url'], $params, $bad_class_name, $input_xml);
// display result
if (ob_get_length() != 0) {
    header('Content-Type: application/javascript');
}
// Useful for debug...
// Manage cache
Exemplo n.º 4
0
 /**
  * Check request authentication
  *
  * @return boolean
  */
 protected function authenticate()
 {
     if (!$this->hasErrors()) {
         if (is_null($this->_key)) {
             $this->setError(401, 'Please enter the authentication key as the login. No password required', 16);
         } else {
             if (empty($this->_key)) {
                 $this->setError(401, 'Authentication key is empty', 17);
             } elseif (strlen($this->_key) != '32') {
                 $this->setError(401, 'Invalid authentication key format', 18);
             } else {
                 $keyValidation = WebserviceKey::isKeyActive($this->_key);
                 if (is_null($keyValidation)) {
                     $this->setError(401, 'Authentification key does not exist', 19);
                 } elseif ($keyValidation === true) {
                     $this->keyPermissions = WebserviceKey::getPermissionForAccount($this->_key);
                 } else {
                     $this->setError(401, 'Authentification key is not active', 20);
                 }
                 if (!$this->keyPermissions) {
                     $this->setError(401, 'No permission for this authentication key', 21);
                 }
             }
         }
         if ($this->hasErrors()) {
             header('WWW-Authenticate: Basic realm="Welcome to PrestaShop Webservice, please enter the authentication key as the login. No password required."');
             $this->objOutput->setStatus(401);
             return false;
         } else {
             // only now we can say the access is authenticated
             $this->_authenticated = true;
             return true;
         }
     }
 }
Exemplo n.º 5
0
 public static function setPermissionForAccount($id_account, $permissions_to_set)
 {
     $ok = true;
     $sql = 'DELETE FROM `' . _DB_PREFIX_ . 'webservice_permission` WHERE `id_webservice_account` = ' . (int) $id_account;
     if (!Db::getInstance()->execute($sql)) {
         $ok = false;
     }
     if (isset($permissions_to_set)) {
         $permissions = array();
         $resources = WebserviceRequest::getResources();
         $methods = array('GET', 'PUT', 'POST', 'DELETE', 'HEAD');
         foreach ($permissions_to_set as $resource_name => $resource_methods) {
             if (in_array($resource_name, array_keys($resources))) {
                 foreach (array_keys($resource_methods) as $method_name) {
                     if (in_array($method_name, $methods)) {
                         $permissions[] = array($method_name, $resource_name);
                     }
                 }
             }
         }
         $account = new WebserviceKey($id_account);
         if ($account->deleteAssociations() && $permissions) {
             $sql = 'INSERT INTO `' . _DB_PREFIX_ . 'webservice_permission` (`id_webservice_permission` ,`resource` ,`method` ,`id_webservice_account`) VALUES ';
             foreach ($permissions as $permission) {
                 $sql .= '(NULL , \'' . pSQL($permission[1]) . '\', \'' . pSQL($permission[0]) . '\', ' . (int) $id_account . '), ';
             }
             $sql = rtrim($sql, ', ');
             if (!Db::getInstance()->execute($sql)) {
                 $ok = false;
             }
         }
     }
     return $ok;
 }
Exemplo n.º 6
0
    public function displayForm($isMainTab = true)
    {
        global $currentIndex;
        parent::displayForm();
        if (!($obj = $this->loadObject(true))) {
            return;
        }
        echo '
		<form action="' . $currentIndex . '&submitAdd' . $this->table . '=1&token=' . $this->token . '" method="post" enctype="multipart/form-data">
		' . ($obj->id ? '<input type="hidden" name="id_' . $this->table . '" value="' . $obj->id . '" />' : '') . '
			<fieldset><legend><img src="../img/admin/access.png" />' . $this->l('Webservice Accounts') . '</legend>
				<label>' . $this->l('Key:') . '</label>
				<div class="margin-form">
					<input type="text" size="32" name="key" id="code" value="' . htmlentities(Tools::getValue('key', $obj->key), ENT_COMPAT, 'UTF-8') . '" />
					<input type="button" value="' . $this->l('   Generate!   ') . '" class="button" onclick="gencode(32)" />
					<sup>*</sup>
					<p class="clear">' . $this->l('Webservice account key') . '</p>
				</div>
				<label>' . $this->l('Key description') . '</label>
				<div class="margin-form">
					<textarea rows="3" style="width:400px" name="description">' . htmlentities(Tools::getValue('description', $obj->description), ENT_COMPAT, 'UTF-8') . '</textarea>
					<p class="clear">' . $this->l('Key description') . '</p>
				</div>
				<label>' . $this->l('Status:') . ' </label>
				<div class="margin-form">
					<input type="radio" name="active" id="active_on" value="1" ' . ((!$obj->id or Tools::getValue('active', $obj->active)) ? 'checked="checked" ' : '') . '/>
					<label class="t" for="active_on"> <img src="../img/admin/enabled.gif" alt="' . $this->l('Enabled') . '" title="' . $this->l('Enabled') . '" /></label>
					<input type="radio" name="active" id="active_off" value="0" ' . ((!Tools::getValue('active', $obj->active) and $obj->id) ? 'checked="checked" ' : '') . '/>
					<label class="t" for="active_off"> <img src="../img/admin/disabled.gif" alt="' . $this->l('Disabled') . '" title="' . $this->l('Disabled') . '" /></label>
				</div>
				<label>' . $this->l('Permissions:') . ' </label>
				<div class="margin-form">
					<p>' . $this->l('Set the resource permissions for this key:') . '</p>
					<table border="0" cellspacing="0" cellpadding="0" class="permissions">
						<thead>
							<tr>
								<th>' . $this->l('Resource') . '</th>
								<th width="30"></th>
								<th width="50">' . $this->l('View (GET)') . '</th>
								<th width="50">' . $this->l('Modify (PUT)') . '</th>
								<th width="50">' . $this->l('Add (POST)') . '</th>
								<th width="50">' . $this->l('Delete (DELETE)') . '</th>
								<th width="50">' . $this->l('Fast view (HEAD)') . '</th>
							</tr>
							
						</thead>
						<tbody>
						<tr class="all" style="vertical-align:cen">
								<th></th>
								<th></th>
								<th><input type="checkbox" class="all_get get " /></th>
								<th><input type="checkbox" class="all_put put " /></th>
								<th><input type="checkbox" class="all_post post " /></th>
								<th><input type="checkbox" class="all_delete delete" /></th>
								<th><input type="checkbox" class="all_head head" /></th>
							</tr>
						';
        $ressources = WebserviceRequest::getResources();
        $permissions = WebserviceKey::getPermissionForAccount($obj->key);
        foreach ($ressources as $resourceName => $resource) {
            echo '
							<tr>
								<th>' . $resourceName . '</th>
								<th><input type="checkbox" class="all"/></th>
								<td><input type="checkbox" ' . (isset($ressources[$resourceName]['forbidden_method']) && in_array('GET', $ressources[$resourceName]['forbidden_method']) ? 'disabled="disabled"' : '') . ' class="get" name="resources[' . $resourceName . '][GET]" ' . (isset($permissions[$resourceName]) && in_array('GET', $permissions[$resourceName]) ? 'checked="checked"' : '') . ' /></td>
								<td><input type="checkbox" ' . (isset($ressources[$resourceName]['forbidden_method']) && in_array('PUT', $ressources[$resourceName]['forbidden_method']) ? 'disabled="disabled"' : '') . ' class="put" name="resources[' . $resourceName . '][PUT]" ' . (isset($permissions[$resourceName]) && in_array('PUT', $permissions[$resourceName]) ? 'checked="checked"' : '') . '/></td>
								<td><input type="checkbox" ' . (isset($ressources[$resourceName]['forbidden_method']) && in_array('POST', $ressources[$resourceName]['forbidden_method']) ? 'disabled="disabled"' : '') . ' class="post" name="resources[' . $resourceName . '][POST]" ' . (isset($permissions[$resourceName]) && in_array('POST', $permissions[$resourceName]) ? 'checked="checked"' : '') . '/></td>
								<td><input type="checkbox" ' . (isset($ressources[$resourceName]['forbidden_method']) && in_array('DELETE', $ressources[$resourceName]['forbidden_method']) ? 'disabled="disabled"' : '') . ' class="delete" name="resources[' . $resourceName . '][DELETE]" ' . (isset($permissions[$resourceName]) && in_array('DELETE', $permissions[$resourceName]) ? 'checked="checked"' : '') . '/></td>
								<td><input type="checkbox" ' . (isset($ressources[$resourceName]['forbidden_method']) && in_array('HEAD', $ressources[$resourceName]['forbidden_method']) ? 'disabled="disabled"' : '') . ' class="head" name="resources[' . $resourceName . '][HEAD]" ' . (isset($permissions[$resourceName]) && in_array('HEAD', $permissions[$resourceName]) ? 'checked="checked"' : '') . '/></td>
							</tr>';
        }
        echo '
						</tbody>
					</table>
					<script>';
        ?>
				
						$(function() {
							$('table.permissions input.all').click(function() {
								if($(this).is(':checked'))
									$(this).parent().parent().find('input.get:not(:checked), input.put:not(:checked), input.post:not(:checked), input.delete:not(:checked), input.head:not(:checked)').click();
								else
									$(this).parent().parent().find('input.get:checked, input.put:checked, input.post:checked, input.delete:checked, input.head:checked').click();
							});
							$('table.permissions .all_get').click(function() {
								if($(this).is(':checked'))
									$(this).parent().parent().parent().find('input.get:not(:checked)').click();
								else
									$(this).parent().parent().parent().find('input.get:checked').click();
							});
							$('table.permissions .all_put').click(function() {
								if($(this).is(':checked'))
									$(this).parent().parent().parent().find('input.put:not(:checked)').click();
								else
									$(this).parent().parent().parent().find('input.put:checked').click();
							});
							$('table.permissions .all_post').click(function() {
								if($(this).is(':checked'))
									$(this).parent().parent().parent().find('input.post:not(:checked)').click();
								else
									$(this).parent().parent().parent().find('input.post:checked').click();
							});
							$('table.permissions .all_delete').click(function() {
								if($(this).is(':checked'))
									$(this).parent().parent().parent().find('input.delete:not(:checked)').click();
								else
									$(this).parent().parent().parent().find('input.delete:checked').click();
							});
							$('table.permissions .all_head').click(function() {
								if($(this).is(':checked'))
									$(this).parent().parent().parent().find('input.head:not(:checked)').click();
								else
									$(this).parent().parent().parent().find('input.head:checked').click();
							});
						});
				<?php 
        echo '
					</script>
				</div>
				<div class="margin-form">
					<input type="submit" value="' . $this->l('   Save   ') . '" name="submitAdd' . $this->table . '" class="button" />
				</div>
				<div class="small"><sup>*</sup> ' . $this->l('Required field') . '</div>
			</fieldset>
		</form>';
    }
 public function postProcess()
 {
     if (Tools::getValue('key') && strlen(Tools::getValue('key')) < 32) {
         $this->_errors[] = Tools::displayError($this->l('Key length must be 32 character long'));
     }
     if (WebserviceKey::keyExists(Tools::getValue('key')) && !Tools::getValue('id_webservice_account')) {
         $this->_errors[] = Tools::displayError($this->l('Key already exists'));
     }
     return parent::postProcess();
 }