protected function generate(Credentials $credentials, $scope)
{
$sql = 'SELECT id,
name,
password
FROM fusio_user
WHERE name = :name
AND status = :status';
$user = $this->connection->fetchAssoc($sql, array('name' => $credentials->getClientId(), 'status' => User::STATUS_ADMINISTRATOR));
if (!empty($user)) {
if (password_verify($credentials->getClientSecret(), $user['password'])) {
$scopes = ['backend'];
// generate access token
$expires = new \DateTime();
$expires->add(new \DateInterval('PT1H'));
$now = new \DateTime();
$accessToken = hash('sha256', uniqid());
$this->connection->insert('fusio_app_token', ['appId' => App::BACKEND, 'userId' => $user['id'], 'status' => AppToken::STATUS_ACTIVE, 'token' => $accessToken, 'scope' => implode(',', $scopes), 'ip' => isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '127.0.0.1', 'expire' => $expires->format($this->connection->getDatabasePlatform()->getDateTimeFormatString()), 'date' => $now->format($this->connection->getDatabasePlatform()->getDateTimeFormatString())]);
$token = new AccessToken();
$token->setAccessToken($accessToken);
$token->setTokenType('bearer');
$token->setExpiresIn($expires->getTimestamp());
$token->setScope(implode(',', $scopes));
return $token;
} else {
throw new ServerErrorException('Invalid password');
}
} else {
throw new ServerErrorException('Unknown user');
}
}
private function getNews()
{
$con = $this->getRequestCondition();
$con->add('pageId', '=', $this->page->getId());
// archive
$year = (int) $this->getUriFragments('year');
$month = (int) $this->getUriFragments('month');
// i think this software will not be used after the year 3000 if so
// please travel back in time and slap me in the face ... nothing
// happens ;D
if ($year > 2010 && $year < 3000 && ($month > 0 && $month < 13)) {
$date = new DateTime($year . '-' . ($month < 10 ? '0' : '') . $month . '-01', $this->registry['core.default_timezone']);
$con->add('date', '>=', $date->format(DateTime::SQL));
$con->add('date', '<', $date->add(new DateInterval('P1M'))->format(DateTime::SQL));
}
$url = new Url($this->base->getSelf());
$count = $url->getParam('count') > 0 ? $url->getParam('count') : 8;
$count = $count > 16 ? 16 : $count;
$result = $this->getHandler()->getResultSet(array(), $url->getParam('startIndex'), $count, $url->getParam('sortBy'), $url->getParam('sortOrder'), $con, SQL::FETCH_OBJECT);
$paging = new Paging($url, $result);
$this->template->assign('pagingNews', $paging, 0);
return $result;
}
protected function getConsumer($consumerKey, $token)
{
$sql = <<<SQL
SELECT
\tapi.id AS `apiId`,
\tapi.callback AS `apiCallback`,
\tapi.consumerKey AS `apiConsumerKey`,
\tapi.consumerSecret AS `apiConsumerSecret`
\tFROM {$this->registry['table.oauth']} api
\t\tWHERE api.consumerKey = ?
\t\tLIMIT 1
SQL;
$result = $this->sql->getAll($sql, array($consumerKey));
foreach ($result as $row) {
$request = $this->fetchRequestValues($token);
if (empty($request)) {
throw new Exception('Invalid request');
}
// check whether the request token was requested
// from the same ip
if ($request['requestIp'] != $_SERVER['REMOTE_ADDR']) {
throw new Exception('Token was requested from another ip');
}
// check whether the request is assigned
// to this api
if ($row['apiId'] != $request['requestApiId']) {
throw new Exception('Request is not assigned to this API');
}
// check expire
$now = new DateTime('NOW', $this->registry['core.default_timezone']);
$date = new DateTime($request['requestDate'], $this->registry['core.default_timezone']);
$date->add(new DateInterval($request['requestExpire']));
if ($now > $date) {
$con = new Condition(array('token', '=', $token));
$this->sql->delete($this->registry['table.oauth_request'], $con);
throw new Exception('The token is expired');
}
$this->requestId = $request['requestId'];
$this->nonce = $request['requestNonce'];
$this->verifier = $request['requestVerifier'];
return new Provider\Consumer($row['apiConsumerKey'], $row['apiConsumerSecret'], $request['requestToken'], $request['requestTokenSecret']);
}
}
public function onLoad()
{
parent::onLoad();
// get oauth token
$oauthToken = $this->get->oauth_token('string', array(new Filter\Length(40, 40), new Filter\Xdigit()));
if ($this->validate->hasError()) {
throw new Exception($this->validate->getLastError());
}
// check whether user is logged in if not redirect them to
// the login form
if ($this->user->isAnonymous()) {
$self = $this->page->getUrl() . '/auth?oauth_token=' . $oauthToken;
header('Location: ' . $this->page->getUrl() . '?redirect=' . urlencode($self));
exit;
}
if ($this->user->hasRight('login_view')) {
// add path
$this->path->add('Auth', $this->page->getUrl() . '/auth');
try {
if (!empty($oauthToken)) {
// check token
$row = $this->getHandler('AmunService\\Oauth\\Request')->getOneByToken($oauthToken, array('apiId', 'status', 'callback', 'token', 'expire', 'date'));
if (!empty($row)) {
$this->template->assign('token', $row['token']);
// assign api id
$this->apiId = $row['apiId'];
// check token status so if a token has access status we
// can not access this page
if (!in_array($row['status'], array(Oauth\Record::TEMPORARY, Oauth\Record::APPROVED))) {
throw new Exception('The token was already approved');
}
// check expire
$now = new DateTime('NOW', $this->registry['core.default_timezone']);
$date = new DateTime($row['date'], $this->registry['core.default_timezone']);
$date->add(new DateInterval($row['expire']));
if ($now > $date) {
$con = new Condition(array('token', '=', $oauthToken));
$this->hm->getTable('AmunService\\Oauth\\Request')->delete($con);
throw new Exception('The token is expired');
}
// load user rights
$con = new Condition(array('groupId', '=', $this->user->getGroupId()));
$this->userRights = $this->getHandler('AmunService\\User\\Group\\Right')->getAll(array('rightId', 'groupId', 'rightDescription'), 0, 1024, 'rightDescription', Sql::SORT_ASC, $con);
$this->template->assign('userRights', $this->userRights);
// assign token and callback for later use
$token = $row['token'];
$callback = $row['callback'];
// parse callback
if ($callback != 'oob') {
$host = parse_url($row['callback'], PHP_URL_HOST);
if (!empty($host)) {
$this->template->assign('consumerHost', $host);
} else {
throw new Exception('No valid callback was defined in the request');
}
}
} else {
throw new Exception('The consumer provide an invalid token');
}
// request consumer informations
$row = $this->getHandler('AmunService\\Oauth')->getOneById($this->apiId, array('url', 'title', 'description'));
if (!empty($row)) {
$this->template->assign('consumerTitle', $row['title']);
$this->template->assign('consumerDescription', $row['description']);
} else {
throw new Exception('Request is not assigned to an user');
}
// check whether access is already allowed
if ($this->getHandler('AmunService\\Oauth\\Access')->isAllowed($this->apiId, $this->user->getId())) {
$this->allowAccess($token, $callback, false);
}
} else {
throw new Exception('The consumer has not provide an valid token');
}
} catch (\Exception $e) {
$this->template->assign('error', $e->getMessage());
}
// template
$this->htmlCss->add('login');
} else {
throw new Exception('Access not allowed');
}
}
protected function getResponse(Provider\Consumer $consumer, Provider\Request $request)
{
// we check how often this ip has requested an token ... because
// of security reasons each consumer can have max 5 request tokens
$maxCount = 5;
$ip = $_SERVER['REMOTE_ADDR'];
$con = new Condition(array('ip', '=', $ip), array('status', '=', Oauth\Record::TEMPORARY));
$count = $this->sql->count($this->registry['table.oauth_request'], $con);
if ($count >= $maxCount) {
$conDelete = new Condition();
$result = $this->sql->select($this->registry['table.oauth_request'], array('id', 'expire', 'date'), $con, Sql::SELECT_ALL);
foreach ($result as $row) {
$now = new DateTime('NOW', $this->registry['core.default_timezone']);
$date = new DateTime($row['date'], $this->registry['core.default_timezone']);
$date->add(new DateInterval($row['expire']));
if ($now > $date) {
$conDelete->add('id', '=', $row['id'], 'OR');
}
}
if ($conDelete->hasCondition()) {
$this->sql->delete($this->registry['table.oauth_request'], $conDelete);
}
throw new Exception('You can only have max. ' . $maxCount . ' active request tokens');
}
// get nonce
$nonce = $request->getNonce();
// assign callback
$callback = $request->getCallback();
// generate tokens
$token = Security::generateToken();
$tokenSecret = Security::generateToken();
// we save the timestamp in the request but because it comes from
// the user we doesnt use them to check the expire date
$timestamp = $request->getTimestamp();
// you have 30 minutes to authorize the request token and to exchange
// them for an access token
$expire = 'PT30M';
$date = new DateTime('NOW', $this->registry['core.default_timezone']);
$this->sql->insert($this->registry['table.oauth_request'], array('apiId' => $this->apiId, 'status' => Oauth\Record::TEMPORARY, 'ip' => $ip, 'nonce' => $nonce, 'callback' => $callback, 'token' => $token, 'tokenSecret' => $tokenSecret, 'timestamp' => $timestamp, 'expire' => $expire, 'date' => $date->format(DateTime::SQL)));
$response = new Provider\Response();
$response->setToken($token);
$response->setTokenSecret($tokenSecret);
return $response;
}
