Пример #1
0
 public function accesstokenlistAction()
 {
     $this->_helper->layout->disableLayout();
     $this->_helper->viewRenderer->setNoRender();
     $uid = $this->session->userid;
     header("Content-Type:text/xml");
     echo "<" . "?xml version='1.0'?" . ">";
     //Check if user is logged in
     if ($_SERVER['HTTPS'] != "on") {
         header("HTTP/1.0 403 Forbidden");
         return;
     }
     if ($uid == null) {
         header("HTTP/1.0 403 Forbidden");
         echo "<accesstokens error='Not logged in' ></accesstokens>";
         return;
     }
     if ($_SERVER['REQUEST_METHOD'] == 'PUT') {
         //Generate new access token
         //Create an access token for current user
         $result = AccessTokens::createPersonalAccessToken($uid);
         if ($result !== true) {
             echo "<accesstokens error='" . $result . "' ></accesstokens>";
             return;
         }
     } else {
         if ($_SERVER['REQUEST_METHOD'] == 'POST') {
             //Update netfilters of given tokenid
             //Check if acccess token exists
             $tokenid = isset($_GET["k"]) ? intval($_GET["k"]) : null;
             $nfltdata = json_decode($_POST["data"]);
             $nflts = array_unique($nfltdata->netfilters);
             $result = AccessTokens::setNetfilters($uid, $tokenid, $nflts);
             if ($result !== true) {
                 echo "<accesstokens error='" . $result . "' ></accesstokens>";
                 return;
             }
         } else {
             if ($_SERVER['REQUEST_METHOD'] == 'DELETE') {
                 //Delete given token along with its netfilters
                 $tokenid = isset($_GET["k"]) ? intval($_GET["k"]) : null;
                 $result = AccessTokens::removeAccessToken($uid, $tokenid);
                 if ($result !== true) {
                     echo "<accesstokens error='" . $result . "' ></accesstokens>";
                     return;
                 }
             }
         }
     }
     //Return xml representation of access tokens for the current user
     $acctokenslist = new Default_Model_AccessTokens();
     $acctokenslist->filter->addedby->equals($uid)->and($acctokenslist->filter->type->like('personal'));
     $acctokens = $acctokenslist->items;
     echo "<accesstokens count='" . count($acctokens) . "' >";
     if (count($acctokens) === 0) {
         echo "</accesstokens>";
         return;
     }
     foreach ($acctokens as $acctoken) {
         echo "<accesstoken id='" . $acctoken->id . "' token='" . $acctoken->token . "' addedby='" . $acctoken->addedbyid . "' createdon='" . $acctoken->createdon . "' tokentype='" . $acctoken->type . "' ";
         $netfilters = new Default_Model_AccessTokenNetfilters();
         $netfilters->filter->tokenid->equals($acctoken->id);
         $nfilters = $netfilters->items;
         echo "netfilters='" . count($nfilters) . "' >";
         foreach ($nfilters as $netfilter) {
             echo "<netfilter value='" . $netfilter->netfilter . "' ></netfilter>";
         }
         echo "</accesstoken>";
     }
     echo "</accesstokens>";
 }
Пример #2
0
 /**
  * realization of authenticate() from iRestAuthModule
  */
 public function authenticate()
 {
     //if ( ! isset($this->_userid) ) {
     if (true) {
         if (!is_null($this->getParam("userid")) && !is_null($this->getParam("passwd")) && !is_null($this->getParam("apikey"))) {
             // SAML Token auth
             $keys = new Default_Model_APIKeys();
             $keys->filter->key->equals($this->getParam("apikey"));
             if (count($keys->items) === 1) {
                 if ($this->_validateAPIKey($keys->items[0])) {
                     $u = new Default_Model_UserCredentials();
                     $u->filter->researcherid->equals($this->getParam("userid"))->and($u->filter->sessionid->equals($this->getParam("sessionid"))->and($u->filter->token->equals($this->getParam("passwd"))));
                     if (count($u->items) > 0) {
                         $u = new Default_Model_Researchers();
                         $u->filter->id->equals($this->getParam("userid"));
                         if (count($u->items) > 0) {
                             $this->_userid = $u->items[0]->id;
                             $this->_userGroups = $u->items[0]->actorGroups;
                             return $this->_validateAPIKeyAuthMethod($keys->items[0], $u->items[0]);
                         }
                     }
                 }
             }
         } elseif (!is_null($this->getParam("username")) && !is_null($this->getParam("passwd")) && !is_null($this->getParam("apikey"))) {
             // EGI SSO Account auth
             $keys = new Default_Model_APIKeys();
             $keys->filter->key->equals(trim($this->getParam("apikey")));
             if (count($keys->items) === 1) {
                 if ($this->_validateAPIKey($keys->items[0])) {
                     //$u = new Default_Model_Researchers();
                     //$u->filter->username->equals($this->getParam("username"));
                     $u = new Default_Model_UserAccounts();
                     $u->filter->account_type->equals('egi-sso-ldap')->and($u->filter->accountid->equals($this->getParam("username")));
                     if (count($u->items) > 0) {
                         $username = $this->getParam("username");
                         $userid = $u->items[0]->researcherid;
                         $u = $u->items[0]->researcher;
                         $this->_userGroups = $u->actorGroups;
                     } else {
                         $username = null;
                     }
                     if ($username !== null) {
                         $username = "******" . $username . ",ou=people,dc=egi,dc=eu";
                         $password = $this->getParam('passwd');
                         $ds = initLDAP(true, $username, $password, 'RestResource::ldapErrorFunc');
                         if (is_resource($ds)) {
                             //login info was valid
                             ldap_close($ds);
                             //                  error_log('API call authenticated');
                             $this->_userid = $userid;
                             $_GET['userid'] = $userid;
                             return $this->_validateAPIKeyAuthMethod($keys->items[0], $u);
                         } else {
                             error_log('API call authentication failed');
                         }
                     }
                 }
             }
         } elseif (!is_null($this->getParam("accesstoken"))) {
             $actor = AccessTokens::getActorByToken($this->getParam("accesstoken"), true);
             if ($actor !== null) {
                 if ($actor->type === "ppl") {
                     $this->_userid = $actor->id;
                     $_GET['userid'] = $actor->id;
                     return true;
                 }
             } else {
                 error_log("API call authentication failed: cannot map access token to actor (invalid token?)");
             }
         }
         $this->_userid = 0;
         return false;
     } else {
         return $this->_userid !== 0;
     }
 }