/**
* Attempt to get a CSRF from frontend, either using
* the X-CSRF-Token HTTP header or the csrf_token
* POST parameter.
* */
private function _getFrontendToken(Zend_Controller_Request_Abstract $request)
{
if ($request->getHeader('X-CSRF-Token')) {
return $request->getHeader('X-CSRF-Token');
} else {
return $request->getPost('csrf_token');
}
}
/**
* Fetches authentication credentials from the current request
*
* @param Zend_Controller_Request_Abstract $request The current request object
*
* @return array
*/
private function _getAuthHeaderCredentials(Zend_Controller_Request_Abstract $request)
{
$authHeader = $request->getHeader('Authorization');
if (is_string($authHeader) && strlen($authHeader) > 0) {
if (strtolower(substr($authHeader, 0, 8)) === 'foaf+ssl') {
$auth = base64_decode(substr($authHeader, 9));
$creds = explode('=', $auth);
foreach ($creds as &$c) {
if (substr($c, 0, 1) === '"') {
$c = substr($c, 1, -1);
}
}
if (count($creds) > 0) {
return array('type' => 'foaf+ssl', 'creds' => $creds);
}
} else {
if (strtolower(substr($authHeader, 0, 5)) === 'basic') {
$auth = base64_decode(substr($authHeader, 6));
$creds = array_filter(explode(':', $auth));
if (count($creds) > 0) {
return array('type' => 'basic', 'username' => $creds[0], 'password' => isset($creds[1]) ? $creds[1] : '');
}
}
}
}
}
public function preDispatch(\Zend_Controller_Request_Abstract $request)
{
if (APPLICATION_ENV != 'development' && !$request->getHeader('DNT')) {
$view = Zend_Controller_Front::getInstance()->getParam('bootstrap')->getResource('view');
$view->headScript()->appendFile('js/track.js');
}
}
/**
* @param Zend_Controller_Request_Abstract $request
*/
public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request)
{
if (!$request instanceof Zend_Controller_Request_Http) {
return;
}
// Accept URI parameter over Accept header for specifying of desired response format
$format = $this->getRequest()->getParam('format') ?: $request->getHeader('Accept');
// @todo Need to look into implementing Accept header supporting multiple types with quality factors
switch (true) {
// XML
case stristr($format, 'text/xml') && !stristr($format, 'html'):
$request->setParam('format', 'xml');
break;
// JSONP/Javascript
// JSONP/Javascript
case stristr($format, 'text/javascript'):
$request->setParam('format', 'js');
break;
// JSON
// JSON
case stristr($format, 'application/json'):
default:
// Note the fall through!
$request->setParam('format', 'json');
break;
}
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$context = $request->getHeader('X-Zrt-Format');
if ($context) {
$request->setParam('format', $context);
}
}
/**
* Validates the current request.
*
* All requests MUST include a valid User-Agent header. Requests with no
* User-Agent header will be rejected.
*
* @internal
* @param Zend_Controller_Request_Abstract $request
* @see http://framework.zend.com/manual/1.12/en/zend.controller.request.html Zend_Controller_Request_Abstract
*/
public function routeStartup(Zend_Controller_Request_Abstract $request)
{
if (!$request->getHeader('User-Agent')) {
$this->getResponse()->setHttpResponseCode(403)->setHeader('Content-Type', 'text/plain; charset=utf-8')->setBody(implode("\n", self::$_errMessage))->sendResponse();
exit(403);
}
}
/**
* Set REST action/method based on cascading priority of allowed syntaxes
*
* @param Zend_Controller_Request_Abstract $request
*/
public function routeShutdown(Zend_Controller_Request_Abstract $request)
{
// Only do for API module
if ('api' != $this->getRequest()->getModuleName()) {
return;
}
$action = $request->getMethod();
// Support override of method request type
if ('get' != strtolower($action)) {
if ($request->getParam('_method')) {
$action = $request->getParam('_method');
} elseif ($request->getHeader('X-HTTP-Method-Override')) {
$action = $request->getHeader('X-HTTP-Method-Override');
}
}
$request->setActionName(strtolower($action));
}
/**
* Sets the application locale and translation based on the locale param, if
* one is not provided it defaults to english
*
* @param Zend_Controller_Request_Abstract $request
* @return Void
*/
public function routeShutdown(Zend_Controller_Request_Abstract $request)
{
$config = Zend_Registry::get('config');
$frontController = Zend_Controller_Front::getInstance();
$params = $request->getParams();
$registry = Zend_Registry::getInstance();
// Steps setting the locale.
// 1. Default language is set in config
// 2. TLD in host header
// 3. Locale params specified in request
$locale = $registry->get('Zend_Locale');
// Check host header TLD.
$tld = preg_replace('/^.*\\./', '', $request->getHeader('Host'));
// Provide a list of tld's and their corresponding default languages
$tldLocales = $frontController->getParam('tldLocales');
if (is_array($tldLocales) && array_key_exists($tld, $tldLocales)) {
// The TLD in the request matches one of our specified TLD -> Locales
$locale->setLocale(strtolower($tldLocales[$tld]));
} elseif (isset($params['locale'])) {
// There is a locale specified in the request params.
$locale->setLocale(strtolower($params['locale']));
}
// Now that our locale is set, let's check which language has been selected
// and try to load a translation file for it.
$language = $locale->getLanguage();
$translate = Garp_I18n::getTranslateByLocale($locale);
Zend_Registry::set('Zend_Translate', $translate);
Zend_Form::setDefaultTranslator($translate);
if (!$config->resources->router->locale->enabled) {
return;
}
$path = '/' . ltrim($request->getPathInfo(), '/\\');
// If the language is in the path, then we will want to set the baseUrl
// to the specified language.
$langIsInUrl = preg_match('/^\\/' . $language . '\\/?/', $path);
$uiDefaultLangIsInUrl = false;
$uiDefaultLanguage = false;
if (isset($config->resources->locale->uiDefault)) {
$uiDefaultLanguage = $config->resources->locale->uiDefault;
$uiDefaultLangIsInUrl = preg_match('/^\\/' . $uiDefaultLanguage . '\\/?/', $path);
}
if ($langIsInUrl || $uiDefaultLangIsInUrl) {
if ($uiDefaultLangIsInUrl) {
$frontController->setBaseUrl($frontController->getBaseUrl() . '/' . $uiDefaultLanguage);
} else {
$frontController->setBaseUrl($frontController->getBaseUrl() . '/' . $language);
}
} elseif (!empty($config->resources->router->locale->enabled) && $config->resources->router->locale->enabled) {
$redirectUrl = '/' . $language . $path;
if ($frontController->getRouter()->getCurrentRouteName() === 'admin' && !empty($config->resources->locale->adminDefault)) {
$adminDefaultLanguage = $config->resources->locale->adminDefault;
$redirectUrl = '/' . $adminDefaultLanguage . $path;
} elseif ($uiDefaultLanguage) {
$redirectUrl = '/' . $uiDefaultLanguage . $path;
}
$this->getResponse()->setRedirect($redirectUrl, 301);
}
}
public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request)
{
$header = $request->getHeader('Accept');
if (strstr($header, 'application/json')) {
$request->setParam('format', 'json');
} elseif (strstr($header, 'application/xml')) {
$request->setParam('format', 'xml');
} else {
$request->setParam('format', 'html');
}
}
/**
* Check if the request is HTTP, if so check for a Accept header and set the right format in the request object
*
* @param Zend_Controller_Request_Abstract $request
* @return void
*/
public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request)
{
// Skip header check when we don't have a HTTP request (for instance: cli-scripts)
if (!$request instanceof Zend_Controller_Request_Http) {
return;
}
$this->getResponse()->setHeader('Vary', 'Accept');
$header = $request->getHeader('Accept');
foreach (self::$_mapping as $format => $requestHeader) {
if (false !== strstr($header, $requestHeader)) {
$request->setParam('format', $format);
break;
}
}
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
$apiKey = $request->getHeader('Api-Key');
//on récupère notre fichier de configuration
//car notre apikey est stoquée dedans
$config = Zend_Controller_Front::getInstance()->getParam('bootstrap');
$configkeys = $config->getOption('apikey');
//Si notre apikey est mauvaise alors qu'on essaie d'accéder à notre module rest et qu'on est pas sur la page d'erreur,
//on renvoie vers la page d'erreur
if ($apiKey != $configkeys['rest'] && $request->getControllerName() != "error") {
//Ici, on met le code 403 ACCES_DENIED à notre réponse HTTP
$this->getResponse()->setHttpResponseCode(403);
//Et on redirige vers le controller d'erreur
$request->setControllerName('error')->setActionName('api')->setDispatched(true);
}
}
public function routeShutdown(Zend_Controller_Request_Abstract $request)
{
$this->_request = $request;
$format = 'html';
if ($accept = $request->getHeader('Accept')) {
if (strpos($accept, 'html') === false) {
$types = explode(',', $accept);
$mainType = trim($types[0]);
$mime = explode('/', $mainType);
if ($mime[1] !== '') {
$format = $mime[1];
}
}
}
if ($request->getParam('format') === null) {
$request->setParam('format', $format);
}
$context = $request->format;
$contextHelper = Zend_Controller_Action_HelperBroker::getStaticHelper('contextSwitch');
$contextHelper->addContext('html', array())->setDefaultContext('html');
$this->_initDependencies($context);
}
public function preDispatch(Zend_Controller_Request_Abstract $request)
{
Zend_Registry::set('requestIsAjax', $request->isXmlHttpRequest());
$format = $this->parseAccept($request->getHeader('accept'));
Zend_Registry::set('responseFormat', $format);
}
/**
* PHP only parses the body into $_POST if its a POST request
* this parses the reqest body in accordance with RFC2616 spec regardless of the HTTP method
*/
private function handleRequestBody(Zend_Controller_Request_Abstract $request)
{
$header = strtolower($request->getHeader('Content-Type'));
// cleanup the charset part
$header = current(explode(';', $header));
// detect request body content type
foreach ($this->requestTypes as $contentType) {
if ($header == $contentType) {
break;
}
}
// extract the raw body
$rawBody = $request->getRawBody();
// treat these two separately because of the way PHP treats POST
if (in_array($contentType, array('multipart/form-data', 'application/x-www-form-urlencoded'))) {
// PHP takes care of everything for us in this case lets just modify the $_FILES array
if ($request->isPost() && $contentType == 'multipart/form-data') {
// if there are files, lets modify the array to match what we've done below
foreach ($_FILES as &$file) {
$data = file_get_contents($file['tmp_name']);
$file['content'] = base64_encode($data);
}
// reset the array pointer
unset($file);
} else {
switch ($contentType) {
case 'application/x-www-form-urlencoded':
parse_str($rawBody, $_POST);
break;
// this is wher the magic happens
// creates the $_FILES array for none POST requests
// this is wher the magic happens
// creates the $_FILES array for none POST requests
case 'multipart/form-data':
// extract the boundary
parse_str(end(explode(';', $request->getHeader('Content-Type'))));
if (isset($boundary)) {
// get rid of the boundary at the edges
if (preg_match(sprintf('/--%s(.+)--%s--/s', $boundary, $boundary), $rawBody, $regs)) {
// split into chuncks
$chunks = explode('--' . $boundary, trim($regs[1]));
foreach ($chunks as $chunk) {
// parse each chunk
if (preg_match('/Content-Disposition: form-data; name="(?P<name>.+?)"(?:; filename="(?P<filename>.+?)")?(?P<headers>(?:\\r|\\n)+?.+?(?:\\r|\\n)+?)?(?P<data>.+)/si', $chunk, $regs)) {
// dedect a file upload
if (!empty($regs['filename'])) {
// put aside for further analysis
$data = $regs['data'];
$headers = $this->parseHeaders($regs['headers']);
// set our params variable
$_FILES[$regs['name']] = array('name' => $regs['filename'], 'type' => $headers['Content-Type'], 'size' => mb_strlen($data), 'content' => base64_encode($data));
// otherwise its a regular key=value combination
} else {
$_POST[$regs['name']] = trim($regs['data']);
}
}
}
}
}
break;
}
}
$request->setParams($_POST + $_FILES);
} elseif (!empty($rawBody)) {
// seems like we are dealing with an encoded request
try {
switch ($contentType) {
case 'text/javascript':
case 'application/json':
case 'application/javascript':
$_POST = (array) Zend_Json::decode($rawBody, Zend_Json::TYPE_OBJECT);
break;
case 'text/xml':
case 'application/xml':
$json = @Zend_Json::fromXml($rawBody);
$_POST = (array) Zend_Json::decode($json, Zend_Json::TYPE_OBJECT)->request;
break;
case 'text/php':
case 'application/x-httpd-php':
case 'application/x-httpd-php-source':
$_POST = (array) unserialize($rawBody);
break;
default:
$_POST = (array) $rawBody;
break;
}
$request->setParams($_POST);
} catch (Exception $e) {
$request->dispatchError(REST_Response::BAD_REQUEST, 'Invalid Payload Format');
return;
}
}
}
/**
* Route shutdown hook -- Check for router exceptions
*
* @param Zend_Controller_Request_Abstract $request
*/
public function routeShutdown(Zend_Controller_Request_Abstract $request)
{
// Avoid error override! :S
if (count($this->getResponse()->getException())) {
return;
}
if ($request->getHeader('Unica-Application')) {
// External API authentication MicroGateway
$adapter = new App_Auth_Adapter_ExternalUgw();
} else {
if ($request->getHeader('TransactionInfo')) {
// External API authentication
$adapter = new App_Auth_Adapter_External();
} else {
if ($request->getHeader(App_Auth_Adapter_ThirdParty::HEADER)) {
// External API authentication
$adapter = new App_Auth_Adapter_ThirdParty();
} else {
if (($token = $request->getParam('downloadToken')) && $token instanceof Download\Model\DownloadTokenModel) {
// Download authentication
$adapter = new App_Auth_Adapter_DownloadToken();
} else {
$auth = Zend_Auth::getInstance();
// Temporal + Persistent login
$temporalLogins = array(self::AUTH_TYPE_AUTH_TOKEN, self::AUTH_TYPE_REGULAR, self::AUTH_TYPE_CORE, self::AUTH_TYPE_ACTIVATION_TOKEN, self::AUTH_TYPE_LOST_PASSWORD_TOKEN, self::AUTH_TYPE_PASSWORD_EXPIRED_TOKEN);
// Don't keep identity if authType is temporal
// remove false when FE fix their implementation
if ($auth->hasIdentity() && ($ident = $auth->getIdentity()) && !$request->getHeader('Authorization')) {
if (!empty($ident['authType']) && !in_array($ident['authType'], $temporalLogins)) {
$auth->clearIdentity();
} else {
if (!empty($ident['token'])) {
// Send the token in the response and assume logged
$this->getResponse()->setHeader('X-M2M-AuthToken', $ident['token'], true);
return;
}
}
}
// Common authentication
$adapter = new App_Auth_Adapter_M2m();
// Register supported authentication schemes
$adapter->registerScheme('M2MUser', array($this, 'schemeM2MUser'));
$adapter->registerScheme('M2MToken', array($this, 'schemeM2MToken'));
$adapter->registerScheme('M2MLogout', array($this, 'schemeM2MLogout'));
$adapter->registerScheme('M2MActivationToken', array($this, 'schemeM2MActivationToken'));
$adapter->registerScheme('M2MCore', array($this, 'schemeM2MCore'));
// Used for request new password, use valid user+mail to bypass lostPassword action
$adapter->registerScheme('M2MLostPassword', array($this, 'schemeM2MLostPassword'));
// Used for change user password with a valid lostToken
$adapter->registerScheme('M2MLostPasswordToken', array($this, 'schemeM2MLostPasswordToken'));
// Used for change user password with a valid token
$adapter->registerScheme('M2MPasswordExpiredToken', array($this, 'schemeM2MPasswordExpiredToken'));
// If not explicitely disabled use also auth basic
if (FALSE === $request->getHeader('X-M2M-NoAuthBasic')) {
$adapter->registerScheme('Basic', array($this, 'schemeBasic'));
}
// If explicitely enabled use also auth async method
if (FALSE !== $request->getHeader('X-M2M-AuthAsync')) {
$adapter->registerScheme('M2MAsync', array($this, 'schemeM2MAsync'));
}
}
}
}
}
// Setup the authentication adapter
$adapter->setRequest($request);
$adapter->setResponse(Zend_Controller_Front::getInstance()->getResponse());
// Throws exception when auth fails, ErrorController should catch it
$result = Zend_Auth::getInstance()->authenticate($adapter);
if (!$result->isValid()) {
\App::log()->debug("Authentication failed using adapter: " . get_class($adapter));
// Notify the browser about the login needed
$response = $this->getResponse();
$response->setHeader('Connection', 'close');
throw new Application\Exceptions\UnauthorizedException("Authentication failed");
}
}
public function dispatchLoopStartup(Zend_Controller_Request_Abstract $request)
{
$tw = new TeraWurfl();
$tw->getDeviceCapabilitiesFromAgent($request->getHeader('User-Agent'));
Zend_Registry::set('twurfl', $tw);
}
/**
* NOTE only executed in case is the external module
* 1. uses trackingtoken plugin
* 2. parses transactioninfo header
* 3. gets transactionid value from header
* 4. concats transactionId to tracingtoken
*
* @param (Zend_Controller_Request_Abstract) $request
*
* @return null
* @author fmp245 <*****@*****.**>
**/
public function routeShutdown(Zend_Controller_Request_Abstract $request)
{
if ($header = $request->getHeader('M2M-Tracking-Token')) {
$this->trackingToken->setRequestToken($header);
return;
}
if (!$this->isExternalModule($request)) {
return;
}
$header = $request->getHeader('Unica-Correlator');
if ($header) {
$this->trackingToken->setRequestToken(implode('-', array($this->trackingToken->getRequestToken(), $header)));
} else {
$header = $request->getHeader('transactioninfo');
$output = $this->parseExternalHeaderRequest($header);
if (isset($output['transactionid'])) {
$this->trackingToken->setRequestToken(implode('-', array($this->trackingToken->getRequestToken(), $output['transactionid'])));
}
}
}
/**
* Matches an array of mime types against the Accept header in a request.
*
* @param Zend_Controller_Request_Abstract $request the request
* @param array $supportedMimetypes The mime types to match against
*
* @return string
*/
public static function matchMimetypeFromRequest(Zend_Controller_Request_Abstract $request, array $supportedMimetypes)
{
// get accept header
$acceptHeader = strtolower($request->getHeader('Accept'));
require_once 'Mimeparse.php';
try {
$match = @Mimeparse::best_match($supportedMimetypes, $acceptHeader);
} catch (Exception $e) {
$match = '';
}
return $match;
}
