/**
* Method for validating contents of a request; returns an array of
* collected details if request is valid, otherwise returns false.
*
* @param array $linkData An array of keys to check
*
* @return boolean|array
*/
public function validateRequest($linkData)
{
$controller = $this->getController();
$params = $controller->params();
$keyValueArray = [];
foreach ($linkData as $details) {
// We expect most parameters to come via query, but some (mainly ID) may
// be in the route:
$keyValueArray[$details] = $params->fromQuery($details, $params->fromRoute($details));
}
$hashKey = $this->hmac->generate($linkData, $keyValueArray);
if ($params->fromQuery('hashKey') != $hashKey) {
return false;
}
// Initialize gatheredDetails with any POST values we find; this will
// allow us to repopulate the form with user-entered values if there
// is an error. However, it is important that we load the POST data
// FIRST and then override it with GET values in order to ensure that
// the user doesn't bypass the hashkey verification by manipulating POST
// values.
$gatheredDetails = $params->fromPost('gatheredDetails', []);
// Make sure the bib ID is included, even if it's not loaded as part of
// the validation loop below.
$gatheredDetails['id'] = $params->fromRoute('id', $params->fromQuery('id'));
// Get Values Passed from holdings.php
$gatheredDetails = array_merge($gatheredDetails, $keyValueArray);
return $gatheredDetails;
}
/**
* Get link for holding action
*
* @param Array $holdingItem
* @return Array
*/
protected function getHoldLink(array $holdingItem)
{
if (!isset($holdingItem['bibsysnumber'])) {
return null;
}
$linkValues = array('id' => $holdingItem['bib_library'] . '-' . $holdingItem['bibsysnumber'], 'item_id' => $this->buildItemId($holdingItem));
return array('action' => 'Hold', 'record' => $this->idItem, 'anchor' => '#tabnav', 'query' => http_build_query($linkValues + array('hashKey' => $this->hmac->generate($this->hmacKeys, $linkValues))));
}
/**
* Get Hold Form
*
* Supplies holdLogic with the form details required to place a request
*
* @param array $details An array of item data
* @param array $HMACKeys An array of keys to hash
* @param string $action The action for which the details are built
*
* @return array Details for generating URL
*/
protected function getRequestDetails($details, $HMACKeys, $action)
{
// Generate HMAC
$HMACkey = $this->hmac->generate($HMACKeys, $details);
// Add Params
foreach ($details as $key => $param) {
$needle = in_array($key, $HMACKeys);
if ($needle) {
$queryString[] = $key . "=" . urlencode($param);
}
}
// Add HMAC
$queryString[] = "hashKey=" . urlencode($HMACkey);
$queryString = implode('&', $queryString);
// Build Params
return ['action' => $action, 'record' => $details['id'], 'source' => isset($details['source']) ? $details['source'] : 'VuFind', 'query' => $queryString, 'anchor' => "#tabnav"];
}
/**
* Get Hold Link
*
* Supplies the form details required to place a hold
*
* @param array $data An array of item data
* @param array $HMACKeys An array of keys to hash
*
* @return array Details for generating URL
*/
protected function getHoldDetails($data, $HMACKeys)
{
// Generate HMAC
$HMACkey = $this->hmac->generate($HMACKeys, $data);
// Add Params
foreach ($data as $key => $param) {
$needle = in_array($key, $HMACKeys);
if ($needle) {
$queryString[] = $key . '=' . urlencode($param);
}
}
// Add HMAC
$queryString[] = 'hashKey=' . urlencode($HMACkey);
$queryString = implode('&', $queryString);
// Build Params
return ['action' => 'Hold', 'record' => $data['id'], 'query' => $queryString, 'anchor' => '#tabnav'];
}
/**
* Get Hold Form
*
* Supplies holdLogic with the form details required to place a hold
*
* @param array $holdDetails An array of item data
* @param array $HMACKeys An array of keys to hash
*
* @return array Details for generating URL
*/
protected function getHoldDetails($holdDetails, $HMACKeys)
{
// Generate HMAC
$HMACkey = HMAC::generate($HMACKeys, $holdDetails);
// Add Params
foreach ($holdDetails as $key => $param) {
$needle = in_array($key, $HMACKeys);
if ($needle) {
$queryString[] = $key . "=" . urlencode($param);
}
}
//Add HMAC
$queryString[] = "hashKey=" . urlencode($HMACkey);
$queryString = implode('&', $queryString);
// Build Params
return array('action' => 'Hold', 'record' => $holdDetails['id'], 'query' => $queryString, 'anchor' => "#tabnav");
}
/**
* Utility function for generating a token for unsubscribing a
* saved search.
*
* @param VuFind\Crypt\HMAC $hmac HMAC hash generator
* @param object $user User object
*
* @return string token
*/
public function getUnsubscribeSecret(HMAC $hmac, $user)
{
$data = ['id' => $this->id, 'user_id' => $user->id, 'created' => $user->created];
return $hmac->generate(array_keys($data), $data);
}
/**
* Test hashing.
*
* @return void
*/
public function testHash()
{
$hmac = new HMAC('secret');
$this->assertEquals('330891b9db42bdf6aeb558a35e2a1780', $hmac->generate(['foo'], ['foo' => 'bar']));
}
