private function getUrlContent($url, $config) { $url = parse_url($url); $port = ""; if (isset($url["port"])) { $port = ":" . $url["port"]; } $query = ""; if (isset($url["query"])) { $query = "?" . $url["query"]; } $path = $url["path"] . $query; $host = $url["scheme"] . "://" . $url["host"] . $port; $httpClient = new MOXMAN_Http_HttpClient($host); $httpClient->setProxy($config->get("general.http_proxy")); $request = $httpClient->createRequest($path); $response = $request->send(); // Handle redirects $location = $response->getHeader("location"); if ($location) { $httpClient->close(); $httpClient = new MOXMAN_Http_HttpClient($location); $request = $httpClient->createRequest($location); $response = $request->send(); } // Read file into ram // TODO: This should not happen if we know the file size $content = ""; while (($chunk = $response->read()) != "") { $content .= $chunk; } $httpClient->close(); return $content; }
private function sendRequest(MOXMAN_Util_Config $config) { $secretKey = $config->get("ExternalAuthenticator.secret_key"); $authUrl = $config->get("ExternalAuthenticator.external_auth_url"); $url = ""; $defaultPort = 80; if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") { $url = "https://"; $defaultPort = 443; } $url .= $_SERVER['HTTP_HOST']; if ($_SERVER['SERVER_PORT'] != $defaultPort) { $url .= ':' . $defaultPort; } $httpClient = new MOXMAN_Http_HttpClient($url); $httpClient->setProxy($config->get("general.http_proxy", "")); $authUrl = MOXMAN_Util_PathUtils::toAbsolute(dirname($_SERVER["REQUEST_URI"]) . '/plugins/ExternalAuthenticator', $authUrl); $request = $httpClient->createRequest($authUrl, "POST"); $authUser = $config->get("ExternalAuthenticator.basic_auth_user"); $authPw = $config->get("ExternalAuthenticator.basic_auth_password"); if ($authUser && $authPw) { $request->setAuth($authUser, $authPw); } $cookie = isset($_SERVER["HTTP_COOKIE"]) ? $_SERVER["HTTP_COOKIE"] : ""; if ($cookie) { $request->setHeader('cookie', $cookie); } $seed = hash_hmac('sha256', $cookie . uniqid() . time(), $secretKey); $hash = hash_hmac('sha256', $seed, $secretKey); $response = $request->send(array("seed" => $seed, "hash" => $hash)); if ($response->getCode() < 200 || $response->getCode() > 399) { throw new MOXMAN_Exception("Did not get a proper http status code from Auth url: " . $url . $authUrl . ".", $response->getCode()); } return $response->getBody(); }
/** * Executes the command logic with the specified RPC parameters. * * @param Object $params Command parameters sent from client. * @return Object Result object to be passed back to client. */ public function execute($params) { $file = MOXMAN::getFile($params->path); $url = parse_url($params->url); $config = $file->getConfig(); if ($config->get('general.demo')) { throw new MOXMAN_Exception("This action is restricted in demo mode.", MOXMAN_Exception::DEMO_MODE); } if ($file->exists()) { throw new MOXMAN_Exception("To file already exist: " . $file->getPublicPath(), MOXMAN_Exception::FILE_EXISTS); } if (!$file->canWrite()) { throw new MOXMAN_Exception("No write access to file: " . $file->getPublicPath(), MOXMAN_Exception::NO_WRITE_ACCESS); } $filter = MOXMAN_Vfs_CombinedFileFilter::createFromConfig($config, "upload"); if (!$filter->accept($file, true)) { throw new MOXMAN_Exception("Invalid file name for: " . $file->getPublicPath(), MOXMAN_Exception::INVALID_FILE_NAME); } $port = ""; if (isset($url["port"])) { $port = ":" . $url["port"]; } $query = ""; if (isset($url["query"])) { $query = "?" . $url["query"]; } $path = $url["path"] . $query; $host = $url["scheme"] . "://" . $url["host"] . $port; $httpClient = new MOXMAN_Http_HttpClient($host); $request = $httpClient->createRequest($path); $response = $request->send(); // Handle redirects $location = $response->getHeader("location"); if ($location) { $httpClient->close(); $httpClient = new MOXMAN_Http_HttpClient($location); $request = $httpClient->createRequest($location); $response = $request->send(); } // Read file into ram // TODO: This should not happen if we know the file size $content = ""; while (($chunk = $response->read()) != "") { $content .= $chunk; } $httpClient->close(); // Fire before file action add event $args = $this->fireBeforeFileAction("add", $file, strlen($content)); $file = $args->getFile(); $stream = $file->open(MOXMAN_Vfs_IFileStream::WRITE); $stream->write($content); $stream->close(); $args = new MOXMAN_Vfs_FileActionEventArgs("add", $file); MOXMAN::getPluginManager()->get("core")->fire("FileAction", $args); return parent::fileToJson($file, true); }
public function authenticate(MOXMAN_Auth_User $user) { $config = MOXMAN::getConfig(); $secretKey = $config->get("ExternalAuthenticator.secret_key"); $authUrl = $config->get("ExternalAuthenticator.external_auth_url"); if (!$secretKey || !$authUrl) { throw new MOXMAN_Exception("No key/url set for ExternalAuthenticator, check config."); } // Build url if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") { $url = "https://"; } else { $url = "http://"; } $url .= $_SERVER['HTTP_HOST']; if ($_SERVER['SERVER_PORT'] != 80) { $url .= ':' . $_SERVER['SERVER_PORT']; } $httpClient = new MOXMAN_Http_HttpClient($url); $authUrl = MOXMAN_Util_PathUtils::toAbsolute(dirname($_SERVER["REQUEST_URI"]) . '/plugins/ExternalAuthenticator', $authUrl); $request = $httpClient->createRequest($url . $authUrl); $cookie = ''; foreach ($_COOKIE as $name => $value) { $cookie .= ($cookie ? '; ' : '') . $name . '=' . $value; } $request->setHeader('cookie', $cookie); $seed = $cookie . uniqid() . time(); $hash = hash_hmac('sha256', $seed, $secretKey); $response = $request->send(array("seed" => $seed, "hash" => $hash)); $json = json_decode($response->getBody()); if (!$json) { throw new MOXMAN_Exception("Did not get a proper JSON response from Auth url."); } if (isset($json->result)) { foreach ($json->result as $key => $value) { $key = str_replace('_', '.', $key); $config->put($key, $value); } return true; } else { if (isset($json->error)) { throw new MOXMAN_Exception($json->error->message . " - " . $json->error->code); } else { throw new MOXMAN_Exception("Generic unknown error, did not get a proper JSON response from Auth url."); } } }
/** * Constructs a new http client response instance this is normally done by the HTTP client. * * @param MOXMAN_Http_HttpClient $client HTTP client instance to connect to request. * @param MOXMAN_Http_HttpClientRequest $req HTTP client request instance for the specified response. */ public function __construct(MOXMAN_Http_HttpClient $client, MOXMAN_Http_HttpClientRequest $req, $contentLength = 0, $stream = null) { $this->client = $client; $this->req = $req; $this->stream = $stream; $this->bufferSize = $client->getBufferSize(); $this->chunkLength = 0; $this->contentIndex = 0; $this->readHead(); $this->transferEncoding = strtolower($this->getHeader("transfer-encoding", "")); $this->contentEncoding = strtolower($this->getHeader("content-encoding", "")); $this->contentLength = $contentLength ? $contentLength : $this->getHeader("content-length", 0); $this->chunkedContentLength = $this->contentLength; $method = $req->getMethod(); $code = $this->getCode(); // These requests doesn't have a body if ($method == "head" || $code == 204 || $code == 304 || $method == "connect" && $code >= 200 && $code < 300) { $this->isEmptyBody = true; } }
/** * Validate token * @param string $token Token should be gotten by $_GET["code"] from redirect. */ public function validate($token) { $this->token = $token; $urlParts = parse_url($this->token_url); $path = $urlParts["path"]; $parameters = array(); $parameters["grant_type"] = "authorization_code"; $parameters["code"] = $token; $parameters["client_id"] = $this->client_id; $parameters["client_secret"] = $this->client_secret; $parameters["redirect_uri"] = $this->callback; $client = new MOXMAN_Http_HttpClient($urlParts["scheme"] . "://" . $urlParts["host"]); $client->setLogLevel(0); $request = $client->createRequest($path, "POST"); $response = $request->send($parameters); $body = $response->getBody(); $client->close(); $data = json_decode($body); $this->refresh_token = $data->refresh_token; $this->token = $data->access_token; $this->expires = $data->expires_in; $this->id_token = $data->id_token; return $data; }
public function authenticate(MOXMAN_Auth_User $user) { $config = MOXMAN::getConfig(); $configPrefix = "moxiemanager"; $authUserKey = "moxiemanager.auth.user"; // Use cached auth state valid for 5 minutes if (isset($_SESSION["moxiemanager.authtime"]) && time() - $_SESSION["moxiemanager.authtime"] < 60 * 5) { // Extend config with session prefixed sessions $sessionConfig = array(); if ($configPrefix) { foreach ($_SESSION as $key => $value) { if (strpos($key, $configPrefix) === 0) { $sessionConfig[substr($key, strlen($configPrefix) + 1)] = $value; } } } $config->extend($sessionConfig); if (isset($_SESSION[$authUserKey])) { $config->replaceVariable("user", $_SESSION[$authUserKey]); $user->setName($_SESSION[$authUserKey]); } return true; } $secretKey = $config->get("ExternalAuthenticator.secret_key"); $authUrl = $config->get("ExternalAuthenticator.external_auth_url"); if (!$secretKey || !$authUrl) { throw new MOXMAN_Exception("No key/url set for ExternalAuthenticator, check config."); } // Build url if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on") { $url = "https://"; } else { $url = "http://"; } $url .= $_SERVER['HTTP_HOST']; if ($_SERVER['SERVER_PORT'] != 80) { $url .= ':' . $_SERVER['SERVER_PORT']; } $httpClient = new MOXMAN_Http_HttpClient($url); $httpClient->setProxy($config->get("general.http_proxy", "")); $authUrl = MOXMAN_Util_PathUtils::toAbsolute(dirname($_SERVER["REQUEST_URI"]) . '/plugins/ExternalAuthenticator', $authUrl); $request = $httpClient->createRequest($authUrl, "POST"); $authUser = $config->get("ExternalAuthenticator.basic_auth_user"); $authPw = $config->get("ExternalAuthenticator.basic_auth_password"); if ($authUser && $authPw) { $request->setAuth($authUser, $authPw); } $cookie = isset($_SERVER["HTTP_COOKIE"]) ? $_SERVER["HTTP_COOKIE"] : ""; if ($cookie) { $request->setHeader('cookie', $cookie); } $seed = hash_hmac('sha256', $cookie . uniqid() . time(), $secretKey); $hash = hash_hmac('sha256', $seed, $secretKey); $response = $request->send(array("seed" => $seed, "hash" => $hash)); if ($response->getCode() < 200 || $response->getCode() > 399) { throw new MOXMAN_Exception("Did not get a proper http status code from Auth url: " . $url . $authUrl . ".", $response->getCode()); } $json = json_decode($response->getBody(), true); if (!$json) { throw new MOXMAN_Exception("Did not get a proper JSON response from Auth url."); } if (isset($json["result"])) { foreach ($json["result"] as $key => $value) { $config->put($key, $value); $_SESSION["moxiemanager." . $key] = $value; } if (isset($json["result"][$authUserKey])) { $config->replaceVariable("user", $json["result"][$authUserKey]); $user->setName($json["result"][$authUserKey]); } $_SESSION["moxiemanager.authtime"] = time(); return true; } else { if (isset($json["error"])) { throw new MOXMAN_Exception($json["error"]["message"] . " - " . $json["error"]["code"]); } else { throw new MOXMAN_Exception("Generic unknown error, did not get a proper JSON response from Auth url."); } } }