/** * handler for command line scripts * * @return boolean */ public function handle() { Tinebase_Core::initFramework(); #if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ .' is Asterisk curl request: ' . print_r($_REQUEST, true)); if (Tinebase_Controller::getInstance()->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'], $_SERVER['REMOTE_ADDR'], 'TineAsterisk') === true) { $server = new Tinebase_Http_Server(); $server->setClass('Voipmanager_Frontend_Asterisk_SipPeers', 'Voipmanager_SipPeers'); $server->setClass('Voipmanager_Frontend_Asterisk_SipRegs', 'Voipmanager_SipRegs'); $server->setClass('Voipmanager_Frontend_Asterisk_CallForward', 'Voipmanager_CallForward'); $server->setClass('Voipmanager_Frontend_Asterisk_MeetMe', 'Voipmanager_MeetMe'); list($class, $method) = explode('.', $_REQUEST['method']); // ugly hack to parse requests from res_config_curl if ($method == 'handleResConfig') { // set method to a usefull value $pos = strpos($_REQUEST['action'], '?'); if ($pos !== false) { $action = substr($_REQUEST['action'], 0, $pos); list($key, $value) = explode('=', substr($_REQUEST['action'], $pos + 1)); $_REQUEST[$key] = $value; } else { $action = $_REQUEST['action']; } #if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ .' action: ' . $action); $method = ucfirst(substr($action, 1)); $_REQUEST['method'] = $class . '.handle' . $method; } #if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ .' action: ' . print_r($_REQUEST, true)); $server->handle($_REQUEST); Tinebase_Controller::getInstance()->logout($_SERVER['REMOTE_ADDR']); } else { if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' auth failed '); } } }
/** * init the test framework */ public function initFramework() { $this->setWhiteAndBlacklists(); // get config $configData = @(include 'phpunitconfig.inc.php'); if ($configData === false) { $configData = (include 'config.inc.php'); } if ($configData === false) { die('central configuration file config.inc.php not found in includepath: ' . get_include_path()); } $config = new Zend_Config($configData); Zend_Registry::set('testConfig', $config); $_SERVER['DOCUMENT_ROOT'] = $config->docroot; $_SERVER['REQUEST_URI'] = ''; Tinebase_Core::startCoreSession(); Tinebase_Core::initFramework(); // set default test mailer Tinebase_Smtp::setDefaultTransport(new Zend_Mail_Transport_Array()); // set max execution time Tinebase_Core::setExecutionLifeTime(1200); if ($config->locale) { Tinebase_Core::setupUserLocale($config->locale); } // this is needed for session handling in unittests (deactivate Zend_Session::writeClose and others) Zend_Session::$_unitTestEnabled = TRUE; }
/** * (non-PHPdoc) * @see Tinebase_Server_Interface::handle() */ public function handle(\Zend\Http\Request $request = null, $body = null) { $method = $this->getRequestMethod(); if (!in_array($method, array('Tinebase.monitoringCheckDB', 'Tinebase.monitoringCheckConfig'))) { Tinebase_Core::initFramework(); if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' Is cli request. method: ' . $method); } } // prevents problems with missing request uri (@see Sabre\HTTP\Request->getUri()) if (!isset($_SERVER['REQUEST_URI'])) { $_SERVER['REQUEST_URI'] = ''; } $tinebaseServer = new Tinebase_Frontend_Cli(); $opts = Tinebase_Core::get('opts'); if (!in_array($method, self::getAnonymousMethods($method))) { $tinebaseServer->authenticate($opts->username, $opts->password); } $result = $tinebaseServer->handle($opts); //@todo remove cli session path // convert function result to shell return code if ($result === NULL || $result === TRUE || !is_int($result)) { $result = 0; } else { if ($result === FALSE) { $result = 1; } } // finish profiling here - we won't run in Tinebase_Core again Tinebase_Core::finishProfiling(); Tinebase_Core::getDbProfiling(); exit($result); }
/** * handle request * * @return void */ public function handle() { try { Tinebase_Core::initFramework(); $exception = FALSE; } catch (Exception $exception) { if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' initFramework exception: ' . $exception); } // handle all kind of session exceptions as 'Not Authorised' if ($exception instanceof Zend_Session_Exception) { $exception = new Tinebase_Exception_AccessDenied('Not Authorised', 401); // expire session cookie for client Zend_Session::expireSessionCookie(); } } $server = new Zend_Json_Server(); $server->setAutoEmitResponse(false); $server->setAutoHandleExceptions(false); //$server->setUseNamedParams(true); $json = file_get_contents('php://input'); if (substr($json, 0, 1) == '[') { if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' batched request'); } $isBatchedRequest = true; $requests = Zend_Json::decode($json); } else { $isBatchedRequest = false; $requests = array(Zend_Json::decode($json)); } if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { $_requests = $requests; foreach (array('password', 'oldPassword', 'newPassword') as $field) { if (isset($requests[0]["params"][$field])) { $_requests[0]["params"][$field] = "*******"; } } if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' is JSON request. rawdata: ' . print_r($_requests, true)); } } $response = array(); foreach ($requests as $requestOptions) { if ($requestOptions !== NULL) { $request = new Zend_Json_Server_Request(); $request->setOptions($requestOptions); $response[] = $exception ? $this->_handleException($server, $request, $exception) : $this->_handle($server, $request); } else { if (Tinebase_Core::isLogLevel(Zend_Log::NOTICE)) { Tinebase_Core::getLogger()->notice(__METHOD__ . '::' . __LINE__ . ' Got empty request options: skip request.'); } $response[] = NULL; } } echo $isBatchedRequest ? '[' . implode(',', $response) . ']' : $response[0]; }
public function handle() { try { Tinebase_Core::initFramework(); } catch (Zend_Session_Exception $exception) { if (Tinebase_Core::isLogLevel(Zend_Log::WARN)) { Tinebase_Core::getLogger()->warn(__METHOD__ . '::' . __LINE__ . ' invalid session. Delete session cookie.'); } Zend_Session::expireSessionCookie(); header('WWW-Authenticate: Basic realm="WebDAV for Tine 2.0"'); header('HTTP/1.1 401 Unauthorized'); return; } if (Tinebase_Core::isLogLevel(Zend_Log::INFO)) { Tinebase_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ . ' is CalDav, CardDAV or WebDAV request.'); } if (empty($_SERVER['PHP_AUTH_USER']) && empty($_SERVER['REMOTE_USER']) && empty($_SERVER['REDIRECT_REMOTE_USER'])) { header('WWW-Authenticate: Basic realm="WebDav for Tine 2.0"'); header('HTTP/1.1 401 Unauthorized'); return; } // when used with (f)cgi no PHP_AUTH variables are available without defining a special rewrite rule if (!isset($_SERVER['PHP_AUTH_USER'])) { // $_SERVER["REMOTE_USER"] == "Basic didhfiefdhfu4fjfjdsa34drsdfterrde..." $basicAuthData = base64_decode(substr(isset($_SERVER["REMOTE_USER"]) ? $_SERVER["REMOTE_USER"] : $_SERVER['REDIRECT_REMOTE_USER'], 6)); list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(":", $basicAuthData); } if (Tinebase_Controller::getInstance()->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'], $_SERVER['REMOTE_ADDR'], 'TineWebDav') !== true) { header('WWW-Authenticate: Basic realm="CardDav for Tine 2.0"'); header('HTTP/1.1 401 Unauthorized'); return; } self::$_server = new Sabre_DAV_Server(new Tinebase_WebDav_Root()); // compute base uri $request = new Zend_Controller_Request_Http(); self::$_server->setBaseUri($request->getBaseUrl() . '/'); $tempDir = Tinebase_Core::getTempDir(); if (!empty($tempDir)) { $lockBackend = new Sabre_DAV_Locks_Backend_File($tempDir . '/webdav.lock'); $lockPlugin = new Sabre_DAV_Locks_Plugin($lockBackend); self::$_server->addPlugin($lockPlugin); } $authPlugin = new Sabre_DAV_Auth_Plugin(new Tinebase_WebDav_Auth(), null); self::$_server->addPlugin($authPlugin); $aclPlugin = new Sabre_DAVACL_Plugin(); $aclPlugin->defaultUsernamePath = 'principals/users'; $aclPlugin->principalCollectionSet = array($aclPlugin->defaultUsernamePath); self::$_server->addPlugin($aclPlugin); self::$_server->addPlugin(new Sabre_CardDAV_Plugin()); self::$_server->addPlugin(new Sabre_CalDAV_Plugin()); self::$_server->addPlugin(new Sabre_CalDAV_Schedule_Plugin()); self::$_server->addPlugin(new Sabre_DAV_Browser_Plugin()); self::$_server->exec(); }
/** * (non-PHPdoc) * @see Tinebase_Server_Interface::handle() */ public function handle(\Zend\Http\Request $request = null, $body = null) { Tinebase_Session::setSessionOptions(array('use_cookies' => 0, 'use_only_cookies' => 0)); Tinebase_Core::initFramework(); if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' is snom xml request. method: ' . $this->getRequestMethod()); } $server = new Tinebase_Http_Server(); $server->setClass('Voipmanager_Frontend_Snom', 'Voipmanager'); $server->setClass('Phone_Frontend_Snom', 'Phone'); $server->handle($_REQUEST); }
/** * handler for command line scripts * * @return boolean */ public function handle() { if (isset($_REQUEST['TINE20SESSID'])) { Zend_Session::setId($_REQUEST['TINE20SESSID']); } Tinebase_Core::initFramework(); if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' is snom xml request. method: ' . (isset($_REQUEST['method']) ? $_REQUEST['method'] : 'EMPTY')); } $server = new Tinebase_Http_Server(); $server->setClass('Voipmanager_Frontend_Snom', 'Voipmanager'); $server->setClass('Phone_Frontend_Snom', 'Phone'); $server->handle($_REQUEST); }
/** * init the test framework */ public function initFramework() { $this->setWhiteAndBlacklists(); $config = $this->getConfig(); // set some server vars. sabredav complains if REQUEST_URI is not set $_SERVER['DOCUMENT_ROOT'] = $config->docroot; $_SERVER['REQUEST_URI'] = ''; Tinebase_Core::startCoreSession(); Tinebase_Core::initFramework(); // set default test mailer Tinebase_Smtp::setDefaultTransport(new Zend_Mail_Transport_Array()); // set max execution time Tinebase_Core::setExecutionLifeTime(1200); if ($config->locale) { Tinebase_Core::setupUserLocale($config->locale); } // this is needed for session handling in unittests (deactivate Zend_Session::writeClose and others) Zend_Session::$_unitTestEnabled = TRUE; Tinebase_Core::set('frameworkInitialized', true); }
/** * init the test framework * */ public function initFramework() { // get config $configData = @(include 'phpunitconfig.inc.php'); if ($configData === false) { $configData = (include 'config.inc.php'); } if ($configData === false) { die('central configuration file config.inc.php not found in includepath: ' . get_include_path()); } $config = new Zend_Config($configData); Zend_Registry::set('testConfig', $config); $_SERVER['DOCUMENT_ROOT'] = $config->docroot; Tinebase_Core::initFramework(); // set default test mailer Tinebase_Smtp::setDefaultTransport(new Zend_Mail_Transport_Array()); // set max execution time Tinebase_Core::setExecutionLifeTime(1200); // set default internal encoding iconv_set_encoding("internal_encoding", "UTF-8"); Zend_Registry::set('locale', new Zend_Locale($config->locale)); }
/** * (non-PHPdoc) * @see Tinebase_Server_Interface::handle() */ public function handle(\Zend\Http\Request $request = null, $body = null) { $this->_request = $request instanceof \Zend\Http\Request ? $request : Tinebase_Core::get(Tinebase_Core::REQUEST); $this->_body = $body !== null ? $body : fopen('php://input', 'r'); Tinebase_Core::initFramework(); if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' is Asterisk curl request: ' . print_r($_REQUEST, true)); } if (Tinebase_Controller::getInstance()->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'], $this->_request, self::REQUEST_TYPE) === true) { $server = new Tinebase_Http_Server(); $server->setClass('Voipmanager_Frontend_Asterisk_SipPeers', 'Voipmanager_SipPeers'); $server->setClass('Voipmanager_Frontend_Asterisk_SipRegs', 'Voipmanager_SipRegs'); $server->setClass('Voipmanager_Frontend_Asterisk_CallForward', 'Voipmanager_CallForward'); $server->setClass('Voipmanager_Frontend_Asterisk_MeetMe', 'Voipmanager_MeetMe'); $_REQUEST['method'] = $this->getRequestMethod(); $server->handle($_REQUEST); Tinebase_Controller::getInstance()->logout($_SERVER['REMOTE_ADDR']); } else { if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' auth failed '); } } }
/** * (non-PHPdoc) * @see Tinebase_Server_Interface::handle() */ public function handle(\Zend\Http\Request $request = null, $body = null) { $this->_request = $request instanceof \Zend\Http\Request ? $request : Tinebase_Core::get(Tinebase_Core::REQUEST); $this->_body = $this->_getBody($body); try { list($loginName, $password) = $this->_getAuthData($this->_request); } catch (Tinebase_Exception_NotFound $tenf) { header('WWW-Authenticate: Basic realm="ActiveSync for Tine 2.0"'); header('HTTP/1.1 401 Unauthorized'); return; } if (Tinebase_Core::isLogLevel(Zend_Log::INFO)) { Tinebase_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ . ' is ActiveSync request.'); } Tinebase_Core::initFramework(); try { $authResult = $this->_authenticate($loginName, $password, $this->_request); } catch (Exception $e) { Tinebase_Exception::log($e); $authResult = false; } if ($authResult !== true) { header('WWW-Authenticate: Basic realm="ActiveSync for Tine 2.0"'); header('HTTP/1.1 401 Unauthorized'); return; } if (!$this->_checkUserPermissions($loginName)) { return; } $this->_initializeRegistry(); $request = new Zend_Controller_Request_Http(); $request->setRequestUri($this->_request->getRequestUri()); $syncFrontend = new Syncroton_Server(Tinebase_Core::getUser()->accountId, $request, $this->_body); $syncFrontend->handle(); Tinebase_Controller::getInstance()->logout(); }
/** * execute the action * * @param string $job * @todo make self::EXECUTION_METHOD_EXEC_CLI working */ protected function _executeAction($job) { // execute in subprocess if ($this->_getConfig()->tine20->executionMethod === self::EXECUTION_METHOD_EXEC_CLI) { $output = system('php $paths ./../../tine20.php --method Tinebase.executeQueueJob message=' . escapeshellarg($job), $exitCode); if (exitCode != 0) { throw new Exception('Problem during execution with shell: ' . $output); } // execute in same process } else { Tinebase_Core::initFramework(); Tinebase_Core::set(Tinebase_Core::USER, Tinebase_User::getInstance()->getFullUserById($job['account_id'])); Tinebase_ActionQueue::getInstance()->executeAction($job); } }
/** * (non-PHPdoc) * @see Tinebase_Server_Interface::handle() */ public function handle(\Zend\Http\Request $request = null, $body = null) { $this->_request = $request instanceof \Zend\Http\Request ? $request : Tinebase_Core::get(Tinebase_Core::REQUEST); if ($body !== null) { $this->_body = $body; } else { if ($this->_request instanceof \Zend\Http\Request) { $this->_body = fopen('php://temp', 'r+'); fwrite($this->_body, $request->getContent()); rewind($this->_body); } } try { list($loginName, $password) = $this->_getAuthData($this->_request); } catch (Tinebase_Exception_NotFound $tenf) { header('WWW-Authenticate: Basic realm="WebDAV for Tine 2.0"'); header('HTTP/1.1 401 Unauthorized'); return; } if (Tinebase_Core::isLogLevel(Zend_Log::INFO)) { Tinebase_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ . ' is CalDav, CardDAV or WebDAV request.'); } Tinebase_Core::initFramework(); if (Tinebase_Controller::getInstance()->login($loginName, $password, $this->_request, self::REQUEST_TYPE) !== true) { header('WWW-Authenticate: Basic realm="WebDAV for Tine 2.0"'); header('HTTP/1.1 401 Unauthorized'); return; } if (Tinebase_Core::isLogLevel(Zend_Log::INFO)) { Tinebase_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ . ' requestUri:' . $this->_request->getRequestUri()); } self::$_server = new \Sabre\DAV\Server(new Tinebase_WebDav_Root()); if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { $contentType = self::$_server->httpRequest->getHeader('Content-Type'); Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . " requestContentType: " . $contentType); if (preg_match('/^text/', $contentType)) { // NOTE inputstream can not be rewinded $debugStream = fopen('php://temp', 'r+'); stream_copy_to_stream($this->_body, $debugStream); rewind($debugStream); $this->_body = $debugStream; Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . " <<< *DAV request\n" . stream_get_contents($this->_body)); rewind($this->_body); } else { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . " <<< *DAV request\n -- BINARY DATA --"); } } self::$_server->httpRequest->setBody($this->_body); // compute base uri self::$_server->setBaseUri($this->_request->getBaseUrl() . '/'); $tempDir = Tinebase_Core::getTempDir(); if (!empty($tempDir)) { self::$_server->addPlugin(new \Sabre\DAV\Locks\Plugin(new \Sabre\DAV\Locks\Backend\File($tempDir . '/webdav.lock'))); } self::$_server->addPlugin(new \Sabre\DAV\Auth\Plugin(new Tinebase_WebDav_Auth(), null)); $aclPlugin = new \Sabre\DAVACL\Plugin(); $aclPlugin->defaultUsernamePath = Tinebase_WebDav_PrincipalBackend::PREFIX_USERS; $aclPlugin->principalCollectionSet = array(Tinebase_WebDav_PrincipalBackend::PREFIX_USERS, Tinebase_WebDav_PrincipalBackend::PREFIX_GROUPS); $aclPlugin->principalSearchPropertySet = array('{DAV:}displayname' => 'Display name', '{' . \Sabre\DAV\Server::NS_SABREDAV . '}email-address' => 'Email address', '{' . \Sabre\CalDAV\Plugin::NS_CALENDARSERVER . '}email-address-set' => 'Email addresses', '{' . \Sabre\CalDAV\Plugin::NS_CALENDARSERVER . '}first-name' => 'First name', '{' . \Sabre\CalDAV\Plugin::NS_CALENDARSERVER . '}last-name' => 'Last name', '{' . \Sabre\CalDAV\Plugin::NS_CALDAV . '}calendar-user-address-set' => 'Calendar user address set', '{' . \Sabre\CalDAV\Plugin::NS_CALDAV . '}calendar-user-type' => 'Calendar user type'); self::$_server->addPlugin($aclPlugin); self::$_server->addPlugin(new \Sabre\CardDAV\Plugin()); self::$_server->addPlugin(new Calendar_Frontend_CalDAV_SpeedUpPlugin()); // this plugin must be loaded before CalDAV plugin self::$_server->addPlugin(new \Sabre\CalDAV\Plugin()); self::$_server->addPlugin(new \Sabre\CalDAV\SharingPlugin()); self::$_server->addPlugin(new Calendar_Frontend_CalDAV_PluginAutoSchedule()); self::$_server->addPlugin(new Calendar_Frontend_CalDAV_PluginDefaultAlarms()); self::$_server->addPlugin(new Calendar_Frontend_CalDAV_PluginManagedAttachments()); self::$_server->addPlugin(new Calendar_Frontend_CalDAV_PluginPrivateEvents()); self::$_server->addPlugin(new Tinebase_WebDav_Plugin_Inverse()); self::$_server->addPlugin(new Tinebase_WebDav_Plugin_OwnCloud()); self::$_server->addPlugin(new Tinebase_WebDav_Plugin_PrincipalSearch()); #self::$_server->addPlugin(new DAV\Sync\Plugin()); self::$_server->addPlugin(new \Sabre\DAV\Browser\Plugin()); if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { ob_start(); } self::$_server->exec(); if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . " >>> *DAV response:\n" . ob_get_contents()); ob_end_flush(); } Tinebase_Controller::getInstance()->logout($this->_request->getServer('REMOTE_ADDR')); }
/** * (non-PHPdoc) * @see Tinebase_Server_Interface::handle() */ public function handle(\Zend\Http\Request $request = null, $body = null) { $this->_request = $request instanceof \Zend\Http\Request ? $request : Tinebase_Core::get(Tinebase_Core::REQUEST); $this->_body = $body !== null ? $body : fopen('php://input', 'r'); $request = $request instanceof \Zend\Http\Request ? $request : new \Zend\Http\PhpEnvironment\Request(); // only for debugging //Tinebase_Core::getLogger()->DEBUG(__METHOD__ . '::' . __LINE__ . " raw request: " . $request->__toString()); // handle CORS requests if ($request->getHeaders()->has('ORIGIN') && !$request->getHeaders()->has('X-FORWARDED-HOST')) { /** * First the client sends a preflight request * * METHOD: OPTIONS * Access-Control-Request-Headers:x-requested-with, content-type * Access-Control-Request-Method:POST * Origin:http://other.site * Referer:http://other.site/example.html * User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.111 Safari/537.36 * * We have to respond with * * Access-Control-Allow-Credentials:true * Access-Control-Allow-Headers:x-requested-with, x-tine20-request-type, content-type, x-tine20-jsonkey * Access-Control-Allow-Methods:POST * Access-Control-Allow-Origin:http://other.site * * Then the client sends the standard JSON request with two additional headers * * METHOD: POST * Origin:http://other.site * Referer:http://other.site/example.html * Standard-JSON-Rquest-Headers... * * We have to add two additional headers to our standard response * * Access-Control-Allow-Credentials:true * Access-Control-Allow-Origin:http://other.site */ $origin = $request->getHeaders('ORIGIN')->getFieldValue(); $uri = \Zend\Uri\UriFactory::factory($origin); if (in_array($uri->getScheme(), array('http', 'https'))) { $allowedOrigins = array_merge((array) Tinebase_Core::getConfig()->get(Tinebase_Config::ALLOWEDJSONORIGINS, array()), array($this->_request->getServer('SERVER_NAME'))); if (in_array($uri->getHost(), $allowedOrigins)) { // this headers have to be sent, for any CORS'ed JSON request header('Access-Control-Allow-Origin: ' . $origin); header('Access-Control-Allow-Credentials: true'); } // check for CORS preflight request if ($request->getMethod() == \Zend\Http\Request::METHOD_OPTIONS && $request->getHeaders()->has('ACCESS-CONTROL-REQUEST-METHOD')) { $this->_methods = array('handleCors'); if (in_array($uri->getHost(), $allowedOrigins)) { header('Access-Control-Allow-Methods: POST'); header('Access-Control-Allow-Headers: x-requested-with, x-tine20-request-type, content-type, x-tine20-jsonkey'); header('Access-Control-Max-Age: 3600'); // cache result of OPTIONS request for 1 hour } else { Tinebase_Core::getLogger()->WARN(__METHOD__ . '::' . __LINE__ . " unhandled CORS preflight request from {$origin}"); Tinebase_Core::getLogger()->INFO(__METHOD__ . '::' . __LINE__ . " you may want to set \"'allowedJsonOrigins' => array('{$uri->getHost()}'),\" to config.inc.php"); Tinebase_Core::getLogger()->DEBUG(__METHOD__ . '::' . __LINE__ . " allowed origins: " . print_r($allowedOrigins, TRUE)); } // stop further processing => is OPTIONS request return; } } } $exception = false; if (Tinebase_Session::sessionExists()) { try { Tinebase_Core::startCoreSession(); } catch (Zend_Session_Exception $zse) { $exception = new Tinebase_Exception_AccessDenied('Not Authorised', 401); // expire session cookie for client Tinebase_Session::expireSessionCookie(); } } if ($exception === false) { try { Tinebase_Core::initFramework(); } catch (Exception $exception) { if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' initFramework exception: ' . $exception); } } } $json = $request->getContent(); $json = Tinebase_Core::filterInputForDatabase($json); if (substr($json, 0, 1) == '[') { if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' batched request'); } $isBatchedRequest = true; $requests = Zend_Json::decode($json); } else { $isBatchedRequest = false; $requests = array(Zend_Json::decode($json)); } if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { $_requests = $requests; foreach (array('password', 'oldPassword', 'newPassword') as $field) { if (isset($requests[0]["params"][$field])) { $_requests[0]["params"][$field] = "*******"; } } if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' is JSON request. rawdata: ' . print_r($_requests, true)); } } $response = array(); foreach ($requests as $requestOptions) { if ($requestOptions !== NULL) { $request = new Zend_Json_Server_Request(); $request->setOptions($requestOptions); $response[] = $exception ? $this->_handleException($request, $exception) : $this->_handle($request); } else { if (Tinebase_Core::isLogLevel(Zend_Log::NOTICE)) { Tinebase_Core::getLogger()->notice(__METHOD__ . '::' . __LINE__ . ' Got empty request options: skip request.'); } $response[] = NULL; } } if (!headers_sent()) { header('Content-type: application/json'); } echo $isBatchedRequest ? '[' . implode(',', $response) . ']' : $response[0]; }
/** * handler for HTTP api requests * @todo session expire handling * * @return HTTP */ public function handle() { try { Tinebase_Core::initFramework(); Tinebase_Core::getLogger()->INFO(__METHOD__ . '::' . __LINE__ . ' Is HTTP request. method: ' . (isset($_REQUEST['method']) ? $_REQUEST['method'] : 'EMPTY')); //Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ .' Rawdata: ' . print_r($_REQUEST, true)); $server = new Tinebase_Http_Server(); //NOTE: auth check for Tinebase HTTP api is done via Tinebase_Http::checkAuth $server->setClass('Tinebase_Frontend_Http', 'Tinebase'); // register addidional HTTP apis only available for authorised users if (Zend_Auth::getInstance()->hasIdentity()) { if (empty($_REQUEST['method'])) { $_REQUEST['method'] = 'Tinebase.mainScreen'; } $applicationParts = explode('.', $_REQUEST['method']); $applicationName = ucfirst($applicationParts[0]); if (Tinebase_Core::getUser() && Tinebase_Core::getUser()->hasRight($applicationName, Tinebase_Acl_Rights_Abstract::RUN)) { try { $server->setClass($applicationName . '_Frontend_Http', $applicationName); } catch (Exception $e) { Tinebase_Core::getLogger()->warn(__METHOD__ . '::' . __LINE__ . " Failed to add HTTP API for application '{$applicationName}' Exception: \n" . $e); } } } if (empty($_REQUEST['method'])) { $_REQUEST['method'] = 'Tinebase.login'; } $server->handle($_REQUEST); } catch (Exception $exception) { if (!is_object(Tinebase_Core::getLogger())) { // no logger -> exception happened very early, just rethrow it error_log($exception); header('HTTP/1.0 503 Service Unavailable'); die('Service Unavailable'); } Tinebase_Core::getLogger()->INFO($exception); $server = new Tinebase_Http_Server(); $server->setClass('Tinebase_Frontend_Http', 'Tinebase'); if ($exception instanceof Zend_Session_Exception) { Tinebase_Core::getLogger()->INFO(__METHOD__ . '::' . __LINE__ . ' Attempt to request a privileged Http-API method without valid session from "' . $_SERVER['REMOTE_ADDR']); // expire session cookie for client Zend_Session::expireSessionCookie(); header('HTTP/1.0 403 Forbidden'); exit; } else { try { // check if setup is required $setupController = Setup_Controller::getInstance(); if ($setupController->setupRequired()) { $server->handle(array('method' => 'Tinebase.setupRequired')); } else { if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->DEBUG(__CLASS__ . '::' . __METHOD__ . ' (' . __LINE__ . ') Http-Api exception: ' . print_r($exception, true)); } $server->handle(array('method' => 'Tinebase.exception')); } } catch (Exception $e) { error_log($exception); header('HTTP/1.0 503 Service Unavailable'); die('Service Unavailable'); } } } }
/** * (non-PHPdoc) * @see Tinebase_Server_Interface::handle() */ public function handle(\Zend\Http\Request $request = null, $body = null) { $this->_request = $request instanceof \Zend\Http\Request ? $request : Tinebase_Core::get(Tinebase_Core::REQUEST); $this->_body = $body !== null ? $body : fopen('php://input', 'r'); $server = new Tinebase_Http_Server(); $server->setClass('Tinebase_Frontend_Http', 'Tinebase'); $server->setClass('Filemanager_Frontend_Download', 'Download'); try { if (Tinebase_Session::sessionExists()) { try { Tinebase_Core::startCoreSession(); } catch (Zend_Session_Exception $zse) { // expire session cookie for client Tinebase_Session::expireSessionCookie(); } } Tinebase_Core::initFramework(); if (Tinebase_Core::isLogLevel(Zend_Log::INFO)) { Tinebase_Core::getLogger()->info(__METHOD__ . '::' . __LINE__ . ' Is HTTP request. method: ' . $this->getRequestMethod()); } if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) { Tinebase_Core::getLogger()->trace(__METHOD__ . '::' . __LINE__ . ' REQUEST: ' . print_r($_REQUEST, TRUE)); } // register additional HTTP apis only available for authorised users if (Tinebase_Session::isStarted() && Zend_Auth::getInstance()->hasIdentity()) { if (empty($_REQUEST['method'])) { $_REQUEST['method'] = 'Tinebase.mainScreen'; } $applicationParts = explode('.', $this->getRequestMethod()); $applicationName = ucfirst($applicationParts[0]); if (Tinebase_Core::getUser() && Tinebase_Core::getUser()->hasRight($applicationName, Tinebase_Acl_Rights_Abstract::RUN)) { try { $server->setClass($applicationName . '_Frontend_Http', $applicationName); } catch (Exception $e) { Tinebase_Core::getLogger()->warn(__METHOD__ . '::' . __LINE__ . " Failed to add HTTP API for application '{$applicationName}' Exception: \n" . $e); } } } else { if (empty($_REQUEST['method'])) { $_REQUEST['method'] = 'Tinebase.login'; } // sessionId got send by client, but we don't use sessions for non authenticated users if (Tinebase_Session::sessionExists()) { // expire session cookie on client Tinebase_Session::expireSessionCookie(); } } $this->_method = $this->getRequestMethod(); $server->handle($_REQUEST); } catch (Zend_Json_Server_Exception $zjse) { // invalid method requested or not authenticated, etc. Tinebase_Exception::log($zjse); Tinebase_Core::getLogger()->INFO(__METHOD__ . '::' . __LINE__ . ' Attempt to request a privileged Http-API method without valid session from "' . $_SERVER['REMOTE_ADDR']); header('HTTP/1.0 403 Forbidden'); exit; } catch (Exception $exception) { Tinebase_Exception::log($exception, false); try { $setupController = Setup_Controller::getInstance(); if ($setupController->setupRequired()) { if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' Setup required'); } $this->_method = 'Tinebase.setupRequired'; } else { if (preg_match('/download|export/', $this->_method)) { if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' Server error during download/export - exit with 500'); } header('HTTP/1.0 500 Internal Server Error'); exit; } else { if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) { Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' Show mainscreen with setup exception'); } $this->_method = 'Tinebase.exception'; } } $server->handle(array('method' => $this->_method)); } catch (Exception $e) { header('HTTP/1.0 503 Service Unavailable'); die('Service Unavailable'); } } }