public function testGetMethod()
{
$_SERVER['REQUEST_METHOD'] = 'POST';
$this->assertEquals('POST', $this->_request->getMethod());
$_SERVER['REQUEST_METHOD'] = 'GET';
$this->assertEquals('GET', $this->_request->getMethod());
}
public function getMethod()
{
if (is_null($this->method)) {
return parent::getMethod();
}
return $this->method;
}
public function handle()
{
if ($this->_logger instanceof Zend_Log) {
$this->_logger->debug(__METHOD__ . '::' . __LINE__ . ' REQUEST METHOD: ' . $this->_request->getMethod());
}
switch ($this->_request->getMethod()) {
case 'OPTIONS':
$this->_handleOptions();
break;
case 'POST':
$this->_handlePost();
break;
case 'GET':
echo "It works!<br>Your userid is: {$this->_userId} and your IP address is: {$_SERVER['REMOTE_ADDR']}.";
break;
}
}
/**
* See if the request has the proper method
*
* @param Zend_Controller_Request_Http $request The request to check
* @return boolean
*/
public function isValid($request)
{
$this->_setValue($this->_method);
// Does the method match ?
if ($request->getMethod() != $this->_method) {
$this->_error(self::MUSTBE);
return false;
}
return true;
}
public function setRouter()
{
// Подключение файла правил маршрутизации
$router = new Zend_Controller_Router_Rewrite();
$request = new Zend_Controller_Request_Http();
$method = strtolower($request->getMethod());
if (!$router instanceof Zend_Controller_Router_Abstract) {
throw new Exception('Incorrect config file: routes');
}
return $router;
}
public function dispatch()
{
$method = strtoupper($this->_request->getMethod());
if ($method === 'POST' && null !== ($extraMethod = $this->_request->getParam('_method', null))) {
$extraMethod = strtoupper(filter_var($extraMethod, FILTER_SANITIZE_STRING));
if (in_array($extraMethod, array('PUT', 'DELETE'))) {
$method = $extraMethod;
}
}
$action = strtolower($method) . 'Action';
$aclResource = strtolower(get_called_class() . '_' . $method);
if (method_exists($this, $action)) {
if (Tools_Security_Acl::isAllowed($aclResource)) {
return $this->_jsonHelper->direct($this->{$action}());
} else {
$this->_error(null, self::REST_STATUS_FORBIDDEN);
}
} else {
throw new Exceptions_SeotoasterPluginException(get_called_class() . ' doesn\'t have ' . $method . ' implemented');
}
}
/**
* Match the user submitted path.
*
* Via Omeka_Application_Resource_Router, this is the only available route
* for API requests.
*
* @throws Omeka_Controller_Exception_Api
* @param Zend_Controller_Request_Http $request
* @return array|false
*/
public function match($request)
{
$front = Zend_Controller_Front::getInstance();
// Extract URL components.
preg_match('#^/api/([a-z_]+)(.+)?$#', $request->getPathInfo(), $matches);
if (!$matches) {
return false;
}
// Throw an error if a key was given but there is no user identity.
if (isset($_GET['key']) && !Zend_Auth::getInstance()->hasIdentity()) {
throw new Omeka_Controller_Exception_Api('Invalid key.', 403);
}
// The API must be enabled.
if (!get_option('api_enable')) {
throw new Omeka_Controller_Exception_Api('API is disabled', 403);
}
$resource = $matches[1];
// Extract path parameters. Not to be confused with request parameters.
$params = array();
if (isset($matches[2]) && '/' != $matches[2]) {
$params = explode('/', $matches[2]);
array_shift($params);
}
// Allow clients to override the HTTP method. This is helpful if the
// server is configured to reject certain methods.
if (!($method = $request->getHeader('X-HTTP-Method-Override'))) {
$method = $request->getMethod();
}
// Get all available API resources.
$apiResources = $front->getParam('api_resources');
// Get and validate resource, record_type, module, controller, and action.
$resource = $this->_getResource($resource, $apiResources);
$recordType = $this->_getRecordType($resource, $apiResources);
$module = $this->_getModule($resource, $apiResources);
$controller = $this->_getController($resource, $apiResources);
$action = $this->_getAction($method, $params, $resource, $apiResources);
// Validate the GET parameters.
$this->_validateParams($action, $resource, $apiResources);
// Set the route variables. Namespace the API parameters to prevent
// collisions with the request parameters.
$routeVars = array('module' => $module, 'controller' => $controller, 'action' => $action, 'api_resource' => $resource, 'api_record_type' => $recordType, 'api_params' => $params);
return $routeVars;
}
/**
* Digest Authentication
*
* @param string $header Client's Authorization header
* @throws Zend_Auth_Adapter_Exception
* @return Zend_Auth_Result Valid auth result only on successful auth
*/
protected function _digestAuth($header)
{
if (empty($header)) {
/**
* @see Zend_Auth_Adapter_Exception
*/
#require_once 'Zend/Auth/Adapter/Exception.php';
throw new Zend_Auth_Adapter_Exception('The value of the client Authorization header is required');
}
if (empty($this->_digestResolver)) {
/**
* @see Zend_Auth_Adapter_Exception
*/
#require_once 'Zend/Auth/Adapter/Exception.php';
throw new Zend_Auth_Adapter_Exception('A digestResolver object must be set before doing Digest authentication');
}
$data = $this->_parseDigestAuth($header);
if ($data === false) {
$this->_response->setHttpResponseCode(400);
return new Zend_Auth_Result(Zend_Auth_Result::FAILURE_UNCATEGORIZED, array(), array('Invalid Authorization header format'));
}
// See ZF-1052. This code was a bit too unforgiving of invalid
// usernames. Now, if the username is bad, we re-challenge the client.
if ('::invalid::' == $data['username']) {
return $this->_challengeClient();
}
// Verify that the client sent back the same nonce
if ($this->_calcNonce() != $data['nonce']) {
return $this->_challengeClient();
}
// The opaque value is also required to match, but of course IE doesn't
// play ball.
if (!$this->_ieNoOpaque && $this->_calcOpaque() != $data['opaque']) {
return $this->_challengeClient();
}
// Look up the user's password hash. If not found, deny access.
// This makes no assumptions about how the password hash was
// constructed beyond that it must have been built in such a way as
// to be recreatable with the current settings of this object.
$ha1 = $this->_digestResolver->resolve($data['username'], $data['realm']);
if ($ha1 === false) {
return $this->_challengeClient();
}
// If MD5-sess is used, a1 value is made of the user's password
// hash with the server and client nonce appended, separated by
// colons.
if ($this->_algo == 'MD5-sess') {
$ha1 = hash('md5', $ha1 . ':' . $data['nonce'] . ':' . $data['cnonce']);
}
// Calculate h(a2). The value of this hash depends on the qop
// option selected by the client and the supported hash functions
switch ($data['qop']) {
case 'auth':
$a2 = $this->_request->getMethod() . ':' . $data['uri'];
break;
case 'auth-int':
// Should be REQUEST_METHOD . ':' . uri . ':' . hash(entity-body),
// but this isn't supported yet, so fall through to default case
// Should be REQUEST_METHOD . ':' . uri . ':' . hash(entity-body),
// but this isn't supported yet, so fall through to default case
default:
/**
* @see Zend_Auth_Adapter_Exception
*/
#require_once 'Zend/Auth/Adapter/Exception.php';
throw new Zend_Auth_Adapter_Exception('Client requested an unsupported qop option');
}
// Using hash() should make parameterizing the hash algorithm
// easier
$ha2 = hash('md5', $a2);
// Calculate the server's version of the request-digest. This must
// match $data['response']. See RFC 2617, section 3.2.2.1
$message = $data['nonce'] . ':' . $data['nc'] . ':' . $data['cnonce'] . ':' . $data['qop'] . ':' . $ha2;
$digest = hash('md5', $ha1 . ':' . $message);
// If our digest matches the client's let them in, otherwise return
// a 401 code and exit to prevent access to the protected resource.
if ($this->_secureStringCompare($digest, $data['response'])) {
$identity = array('username' => $data['username'], 'realm' => $data['realm']);
return new Zend_Auth_Result(Zend_Auth_Result::SUCCESS, $identity);
} else {
return $this->_challengeClient();
}
}
/**
* Auto-redirect to base url (without SID) if the requested url doesn't match it.
* By default this feature is enabled in configuration.
*
* @param Zend_Controller_Request_Http $request
*/
protected function _checkBaseUrl($request)
{
if (!Mage::isInstalled() || $request->getPost() || strtolower($request->getMethod()) == 'post') {
return;
}
$redirectCode = (int) Mage::getStoreConfig('web/url/redirect_to_base');
if (!$redirectCode) {
return;
} elseif ($redirectCode != 301) {
$redirectCode = 302;
}
if ($this->_isAdminFrontNameMatched($request)) {
return;
}
$baseUrl = Mage::getBaseUrl(Mage_Core_Model_Store::URL_TYPE_WEB, Mage::app()->getStore()->isCurrentlySecure());
if (!$baseUrl) {
return;
}
$uri = @parse_url($baseUrl);
$requestUri = $request->getRequestUri() ? $request->getRequestUri() : '/';
if (isset($uri['scheme']) && $uri['scheme'] != $request->getScheme() || isset($uri['host']) && $uri['host'] != $request->getHttpHost() || isset($uri['path']) && strpos($requestUri, $uri['path']) === false) {
Mage::app()->getFrontController()->getResponse()->setRedirect($baseUrl, $redirectCode)->sendResponse();
exit;
}
}
/**
* Matches a user submitted request. Assigns and returns an array of variables
* on a successful match.
*
* If a request object is registered, it uses its setModuleName(),
* setControllerName(), and setActionName() accessors to set those values.
* Always returns the values as an array.
*
* @param Zend_Controller_Request_Http $request Request used to match against this routing ruleset
* @return array An array of assigned values or a false on a mismatch
*/
public function match($request)
{
$this->_setRequestKeys();
$path = $request->getPathInfo();
$values = array();
$params = array();
$path = trim($path, self::URI_DELIMITER);
if ($path != '') {
$path = explode(self::URI_DELIMITER, $path);
// Determine Module
$moduleName = $this->_defaults[$this->_moduleKey];
if ($this->_dispatcher && $this->_dispatcher->isValidModule($path[0])) {
$moduleName = $path[0];
if ($this->_checkRestfulModule($moduleName)) {
$values[$this->_moduleKey] = array_shift($path);
$this->_moduleValid = true;
}
}
// Determine Controller
$controllerName = $this->_defaults[$this->_controllerKey];
if (count($path) && !empty($path[0])) {
if ($this->_checkRestfulController($moduleName, $path[0])) {
$controllerName = $path[0];
$values[$this->_controllerKey] = array_shift($path);
$values[$this->_actionKey] = 'get';
} else {
// If Controller in URI is not found to be a RESTful
// Controller, return false to fall back to other routes
return false;
}
}
//Store path count for method mapping
$pathElementCount = count($path);
// Check for leading "special get" URI's
$specialGetTarget = false;
if ($pathElementCount && array_search($path[0], array('index', 'new')) > -1) {
$specialGetTarget = array_shift($path);
} elseif ($pathElementCount == 1) {
$params['id'] = array_shift($path);
} elseif ($pathElementCount == 0 || $pathElementCount > 1) {
$specialGetTarget = 'list';
}
// Digest URI params
if ($numSegs = count($path)) {
for ($i = 0; $i < $numSegs; $i = $i + 2) {
$key = urldecode($path[$i]);
$val = isset($path[$i + 1]) ? urldecode($path[$i + 1]) : null;
$params[$key] = $val;
}
}
// Check for trailing "special get" URI
if (array_key_exists('edit', $params)) {
$specialGetTarget = 'edit';
}
// Determine Action
$requestMethod = strtolower($request->getMethod());
if ($requestMethod != 'get') {
if ($request->getParam('_method')) {
$values[$this->_actionKey] = strtolower($request->getParam('_method'));
} elseif ($this->_request->getHeader('X-HTTP-Method-Override')) {
$values[$this->_actionKey] = strtolower($this->_request->getHeader('X-HTTP-Method-Override'));
} else {
$values[$this->_actionKey] = $requestMethod;
}
//Map PUT and POST to actual create/update actions
//based on parameter count (posting to resource or collection)
switch ($values[$this->_actionKey]) {
case 'post':
if ($pathElementCount > 0) {
$values[$this->_actionKey] = 'put';
} else {
$values[$this->_actionKey] = 'post';
}
break;
case 'put':
$values[$this->_actionKey] = 'put';
break;
}
} elseif ($specialGetTarget) {
$values[$this->_actionKey] = $specialGetTarget;
}
}
$this->_values = $values + $params;
return $this->_values + $this->_defaults;
}
/**
* Returns the REQUEST_METHOD header.
*
* @return string
*/
public function getMethod()
{
return strtoupper(parent::getMethod());
}
public function getRequestMethod()
{
return $this->request->getMethod();
}
/**
* Validate signature
*
* @throws Mage_Oauth_Exception
*/
protected function _validateSignature()
{
$util = new Zend_Oauth_Http_Utility();
$calculatedSign = $util->sign(array_merge($this->_params, $this->_protocolParams), $this->_protocolParams['oauth_signature_method'], $this->_consumer->getSecret(), !is_null($this->_token) ? $this->_token->getSecret() : null, $this->_request->getMethod(), $this->_request->getScheme() . '://' . $this->_request->getHttpHost() . $this->_request->getRequestUri());
if ($calculatedSign != $this->_protocolParams['oauth_signature']) {
$this->_throwException('Invalid signature.', self::ERR_SIGNATURE_INVALID);
}
}
public function getMethod()
{
return $this->_method ? $this->_method : parent::getMethod();
}
public function getIntendedMethod()
{
require_once 'Sitengine/Env.php';
if (parent::getMethod() == Sitengine_Env::METHOD_POST) {
if ($this->getPost(Sitengine_Env::PARAM_METHOD) == Sitengine_Env::METHOD_PUT) {
return Sitengine_Env::METHOD_PUT;
} else {
if ($this->getPost(Sitengine_Env::PARAM_METHOD) == Sitengine_Env::METHOD_DELETE) {
return Sitengine_Env::METHOD_DELETE;
}
}
return Sitengine_Env::METHOD_POST;
} else {
if (parent::getMethod() == Sitengine_Env::METHOD_PUT) {
return Sitengine_Env::METHOD_PUT;
} else {
if (parent::getMethod() == Sitengine_Env::METHOD_DELETE) {
return Sitengine_Env::METHOD_DELETE;
} else {
return Sitengine_Env::METHOD_GET;
}
}
}
}
if ($http->getUri() === null) {
$http->setUri($proxyingUrl . '/' . $request->getParam('proxyingUri'));
unset($_GET['proxyingUri']);
}
$headers = array();
$headers[] = 'Accept-encoding: ' . $request->getHeader('Accept-encoding');
$headers[] = 'User-Agent: ' . $request->getHeader('User-Agent');
$headers[] = 'Accept: ' . $request->getHeader('Accept');
$headers[] = 'Cache-Control: ' . $request->getHeader('Cache-Control');
$headers[] = 'Connection: ' . $request->getHeader('Connection');
$headers[] = 'Keep-Alive: ' . $request->getHeader('Keep-Alive');
$headers[] = 'Accept-Charset: ' . $request->getHeader('Accept-Charset');
$headers[] = 'Accept-Language: ' . $request->getHeader('Accept-Language');
$http->setHeaders($headers);
$request->getHeader('Content-Type') == 'application/x-www-form-urlencoded' ? $http->setEncType(Zend_Http_Client::ENC_URLENCODED) : $http->setEncType(Zend_Http_Client::ENC_FORMDATA);
if ($request->getMethod() == 'PUT') {
$fh = fopen('php://input', 'r');
if (!$fh) {
echo 'Can\'t load PUT data';
die;
}
$data = '';
while (!feof($fh)) {
$data .= fgets($fh);
}
fclose($fh);
$http->setRawData($data);
}
foreach ($_POST as $k => $v) {
$http->setParameterPost($k, $v);
}
