/**
* Retrieve a new access token and store it in cache
* @param mixed $scopes
* @param string $cacheKey
*/
private function retrieveToken($scopes, $cacheKey)
{
$this->token = AppIdentityService::getAccessToken($scopes);
if ($this->token) {
$this->client->getCache()->set($cacheKey, $this->token);
}
}
public function testReturnsExpectedToken()
{
// include the mock AppIdentityService class
require_once __DIR__ . '/../mocks/AppIdentityService.php';
$wantedToken = ['access_token' => '1/abdef1234567890', 'expires_in' => '57', 'token_type' => 'Bearer'];
AppIdentityService::$accessToken = $wantedToken;
$_SERVER['SERVER_SOFTWARE'] = 'Google App Engine';
$g = new AppIdentityCredentials();
$this->assertEquals($wantedToken, $g->fetchAuthToken());
}
/**
* Send an email.
*
* This is a re-implementation of PHP's mail() function using App Engine
* mail API. The function relies on mailparse extension to parse emails.
*
* @param string $to Receiver, or receivers of the mail.
* @param string $subject Subject of the email to be sent.
* @param string $message Message to be sent.
* @param string $additional_headers optional
* String to be inserted at the end of the email header.
* @param string $additional_parameters optional
* Additional flags to be passed to the mail program. This arugment is
* added only to match the signature of PHP's mail() function. The value is
* always ignored.
* @return bool
* TRUE if the message is sent successfully, otherwise return FALSE.
*
* @see http://php.net/mail
*/
public static function sendMail($to, $subject, $message, $additional_headers = null, $additional_parameters = null)
{
$raw_mail = "To: {$to}\r\nSubject: {$subject}\r\n";
if ($additional_headers != null) {
$raw_mail .= trim($additional_headers);
}
$raw_mail .= "\r\n\r\n{$message}";
$mime = mailparse_msg_create();
mailparse_msg_parse($mime, $raw_mail);
$root_part = mailparse_msg_get_part_data($mime);
// Set sender address based on the following order
// 1. "From" header in $additional_headers
// 2. "sendmail_from" ini setting
// 3. Default address "mailer@<app-id>.appspotmail.com
$from = ini_get('sendmail_from');
if (isset($root_part['headers']['from'])) {
$from = $root_part['headers']['from'];
}
if ($from === false || $from == "") {
$from = sprintf(self::DEFAULT_SENDER_ADDRESS_FORMAT, AppIdentityService::getApplicationId());
syslog(LOG_WARNING, "mail(): Unable to determine sender's email address from the " . "'sendmail_from' directive in php.ini or from the 'From' " . "header. Falling back to the default {$from}.");
}
$email = new Message();
try {
$email->setSender($from);
$email->addTo($root_part['headers']['to']);
if (isset($root_part['headers']['cc'])) {
$email->AddCc($root_part['headers']['cc']);
}
if (isset($root_part['headers']['bcc'])) {
$email->AddBcc($root_part['headers']['bcc']);
}
$email->setSubject($root_part['headers']['subject']);
$parts = mailparse_msg_get_structure($mime);
if (count($parts) > 1) {
foreach ($parts as $part_id) {
$part = mailparse_msg_get_part($mime, $part_id);
self::parseMimePart($part, $raw_mail, $email);
}
} else {
if ($root_part['content-type'] == 'text/plain') {
$email->setTextBody($message);
} else {
if ($root_part['content-type'] == 'text/html') {
$email->setHtmlBody($message);
}
}
}
$email->send();
} catch (\Exception $e) {
trigger_error('mail(): ' . $e->getMessage(), E_USER_WARNING);
return false;
}
return true;
}
/**
* Retrieve an access token for the scopes supplied.
*/
public function authenticateForScope($scopes)
{
if ($this->token && $this->tokenScopes == $scopes) {
return $this->token;
}
$memcache = new Memcached();
$this->token = $memcache->get(self::CACHE_PREFIX . $scopes);
if (!$this->token) {
$this->token = AppIdentityService::getAccessToken($scopes);
if ($this->token) {
$memcache->set(self::CACHE_PREFIX . $scopes, $this->token, self::CACHE_LIFETIME);
}
}
$this->tokenScopes = $scopes;
return $this->token;
}
/**
* Retrieve an access token for the scopes supplied.
*/
public function authenticateForScope($scopes)
{
if ($this->token && $this->tokenScopes == $scopes) {
return $this->token;
}
$cacheKey = self::CACHE_PREFIX;
if (is_string($scopes)) {
$cacheKey .= $scopes;
} else {
if (is_array($scopes)) {
$cacheKey .= implode(":", $scopes);
}
}
$this->token = $this->client->getCache()->get($cacheKey);
if (!$this->token) {
$this->token = AppIdentityService::getAccessToken($scopes);
if ($this->token) {
$this->client->getCache()->set($cacheKey, $this->token);
}
}
$this->tokenScopes = $scopes;
return $this->token;
}
/**
* Retrieve an access token for the scopes supplied.
*/
public function authenticateForScope($scopes)
{
if ($this->token && $this->tokenScopes == $scopes) {
return $this->token;
}
$memcache = new Memcached();
$this->token = $memcache->get(self::CACHE_PREFIX . $scopes);
if (!$this->token) {
$this->token = AppIdentityService::getAccessToken($scopes);
if ($this->token) {
$memcache_key = self::CACHE_PREFIX;
if (is_string($scopes)) {
$memcache_key .= $scopes;
} else {
if (is_array($scopes)) {
$memcache_key .= implode(":", $scopes);
}
}
$memcache->set($memcache_key, $this->token, self::CACHE_LIFETIME);
}
}
$this->tokenScopes = $scopes;
return $this->token;
}
private static function sign_auth_key($auth_key)
{
if (self::is_production()) {
return AppIdentityService::signForApp($auth_key);
} else {
// In the development server we are not concerned with trying to generate
// a secure signature.
return ['key_name' => 'development_hash', 'signature' => sha1($auth_key)];
}
}
/**
* Get the OAuth Token HTTP header for the supplied scope.
*
* @param $scopes mixed The scopes to acquire the token for.
*
* @return array The HTTP authorization header for the scopes, using the
* applications service account. False if the call failed.
*/
protected function getOAuthTokenHeader($scopes)
{
if ($this->anonymous) {
return [];
}
try {
$token = AppIdentityService::getAccessToken($scopes);
return ["Authorization" => sprintf(self::OAUTH_TOKEN_FORMAT, $token['access_token'])];
} catch (AppIdentityException $e) {
return false;
}
}
/**
* Implements FetchAuthTokenInterface#fetchAuthToken.
*
* Fetches the auth tokens using the AppIdentityService if available.
* As the AppIdentityService uses protobufs to fetch the access token,
* the GuzzleHttp\ClientInterface instance passed in will not be used.
*
* @param callable $httpHandler callback which delivers psr7 request
* @return array the auth metadata:
* array(2) {
* ["access_token"]=>
* string(3) "xyz"
* ["expiration_time"]=>
* string(10) "1444339905"
* }
*/
public function fetchAuthToken(callable $httpHandler = null)
{
if (!self::onAppEngine()) {
return array();
}
if (!class_exists('google\\appengine\\api\\app_identity\\AppIdentityService')) {
throw new \Exception('This class must be run in App Engine, or you must include the AppIdentityService ' . 'mock class defined in tests/mocks/AppIdentityService.php');
}
// AppIdentityService expects an array when multiple scopes are supplied
$scope = is_array($this->scope) ? $this->scope : explode(' ', $this->scope);
$token = AppIdentityService::getAccessToken($scope);
return $token;
}
function gethostname()
{
return AppIdentityService::getApplicationId();
}
public function testGetDefaultVersionHostname()
{
putenv("DEFAULT_VERSION_HOSTNAME=my-app.appspot.com");
$this->assertEquals("my-app.appspot.com", AppIdentityService::getDefaultVersionHostname());
}
/**
* Get an OAuth2 access token for the applications service account without
* caching the result. Usually getAccessToken($scopes) should be used instead
* which calls this method and caches the result in memcache.
*
* @param array $scopes The scopes to acquire the access token for.
* Can be either a single string or an array of strings.
*
* @throws InvalidArgumentException If $scopes is not a string or an array of
* strings.
* @throws AppIdentityException If there is an error using the AppIdentity
* service.
*
* @return array An array with the following key/value pairs.
* 'access_token' - The access token for the application.
* 'expiration_time' - The expiration time for the access token.
*/
private static function getAccessTokenUncached($scopes)
{
$req = new GetAccessTokenRequest();
$resp = new GetAccessTokenResponse();
if (is_string($scopes)) {
$req->addScope($scopes);
} else {
if (is_array($scopes)) {
foreach ($scopes as $scope) {
if (is_string($scope)) {
$req->addScope($scope);
} else {
throw new \InvalidArgumentException('Invalid scope ' . $scope);
}
}
} else {
throw new \InvalidArgumentException('Invalid scope ' . $scopes);
}
}
try {
ApiProxy::makeSyncCall(self::PACKAGE_NAME, 'GetAccessToken', $req, $resp);
} catch (ApplicationError $e) {
throw AppIdentityService::applicationErrorToException($e);
}
return ['access_token' => $resp->getAccessToken(), 'expiration_time' => $resp->getExpirationTime()];
}
private function executeServiceErrorTest($error, $expected_response)
{
$req = new \google\appengine\GetAccessTokenRequest();
$scope = 'mail.google.com/invalid-scope';
$req->addScope($scope);
$exception = new \google\appengine\runtime\ApplicationError($error, "not initialized");
$this->setExpectedException('\\google\\appengine\\api\\app_identity\\AppIdentityException', $expected_response);
self::expectGetAccessTokenRequest(array($scope), false, $exception);
$result = AppIdentityService::getAccessToken($scope);
}
protected function callNotifier($endpoint, $params)
{
$credentials = file_get_contents(storage_path('notifier.json'));
$credentials = json_decode($credentials);
$auth = sprintf('%s:%s', $credentials->username, $credentials->password);
$headers = [sprintf('Authorization: Basic %s', base64_encode($auth)), 'Content-type: application/x-www-form-urlencoded', sprintf('User-Agent: %s', AppIdentityService::getApplicationId())];
$contextParams = ['http' => ['method' => 'POST', 'header' => implode("\r\n", $headers) . "\r\n", 'content' => http_build_query($params)]];
$context = stream_context_create($contextParams);
$response = file_get_contents($credentials->url . $endpoint, false, $context);
//syslog(LOG_DEBUG, print_r($contextParams, true));
//syslog(LOG_DEBUG, print_r($http_response_header, true));
return $response;
}
/**
* Get the default email address for App Engine
*
* @param string $user User part of the email address (typically 'wordpress')
* @return string Email address with the correct email domain
*/
function get_default_email($user = '******')
{
// Let's build an email address for the app via the app identity api
$service_account = new AppIdentityService();
$id = $service_account->getApplicationId();
if (empty($id)) {
$service_account_name = $service_account->getServiceAccountName();
$service_account_from_name = explode('@', $service_account_name);
$id = $service_account_from_name[0];
}
return $user . '@' . $id . '.appspotmail.com';
}