Пример #1
0
 public function testRequestCanSetAndRetrieveUri()
 {
     $request = new Request();
     $request->setUri('/foo');
     $this->assertEquals('/foo', $request->getUri());
     $this->assertInstanceOf('Zend\\Uri\\Uri', $request->uri());
     $this->assertEquals('/foo', $request->uri()->toString());
     $this->assertEquals('/foo', $request->getUri());
 }
Пример #2
0
 /**
  * Login
  *
  * @param \Zend\Http\Request $request
  * @param \Zend\Http\Response $response
  * @return null|array|\Zend\Http\Response
  */
 public function login(array $options, HttpRequest $request, HttpResponse $response = null)
 {
     if (null === $response) {
         $response = new PhpResponse();
     }
     $session = $this->getSessionContainer();
     $code = $request->getQuery('code');
     if (empty($options['redirect_uri'])) {
         $options['redirect_uri'] = $request->getUri()->getScheme() . '://' . $this->getSiteInfo()->getFulldomain() . $request->getRequestUri();
     }
     if (empty($code)) {
         $session['state'] = String::generateRandom(32);
         $session['redirect_uri'] = $options['redirect_uri'];
         $response->setContent('')->setStatusCode(302)->getHeaders()->clearHeaders()->addHeaderLine('Location', static::DIALOG_URI . '?' . http_build_query(array('client_id' => $options['client_id'], 'redirect_uri' => $options['redirect_uri'], 'state' => $session['state'], 'scope' => 'email')));
         if ($response instanceof PhpResponse) {
             $response->send();
             exit;
         } else {
             return $response;
         }
     }
     $state = $request->getQuery('state');
     if (empty($session['state']) || $state !== $session['state']) {
         return null;
     }
     $client = $this->getHttpClient();
     $params = null;
     @parse_str($client->setMethod('GET')->setUri(static::ACCESS_URI)->setParameterGet(array('client_id' => $options['client_id'], 'redirect_uri' => $session['redirect_uri'], 'client_secret' => $options['client_secret'], 'code' => $code))->send()->getBody(), $params);
     unset($session['state']);
     unset($session['redirect_uri']);
     if (empty($params['access_token'])) {
         return null;
     }
     return @json_decode($client->setMethod('GET')->setUri(static::API_URI)->setParameterGet(array('access_token' => $params['access_token']))->send()->getBody(), true);
 }
Пример #3
0
 /**
  * @inheritdoc
  */
 public function request(array $params)
 {
     try {
         $request = new Request();
         $headers = $request->getHeaders();
         $request->setUri($params['url']);
         $headers->addHeaderLine('Accept-Encoding', 'gzip,deflate');
         if ($params['config']->isAuthenticationPossible() === true && $this->option['keys']['public'] !== null && $this->option['keys']['private'] !== null) {
             /**
              * Note: DATE_RFC1123 my not be RFC 1123 compliant, depending on your platform.
              * @link http://www.php.net/manual/de/function.gmdate.php#25031
              */
             $date = gmdate('D, d M Y H:i:s \\G\\M\\T');
             $path = $request->getUri()->getPath();
             $headers->addHeaderLine('Date', $date);
             $headers->addHeaderLine('Authorization', $this->signRequest('GET', $date, $path));
         }
         if (isset($params['lastmodified'])) {
             $headers->addHeaderLine('If-Modified-Since', $params['lastmodified']);
         }
         $response = $this->client->send($request);
         $body = $response->getBody();
         $headers = null;
         if ($this->option['responseheader']) {
             $headers = $response->getHeaders()->toArray();
             $this->lastResponseHeaders = $headers;
         }
     } catch (\Exception $e) {
         throw new ClientException('Client exception catched, use getPrevious().', 0, $e);
     }
     return $this->createResponse($params['config']->isJson(), $response->getStatusCode(), $body, $headers);
 }
Пример #4
0
 /**
  * Check if the HTTP request is a CORS request by checking if the Origin header is present and that the
  * request URI is not the same as the one in the Origin
  *
  * @param  HttpRequest $request
  * @return bool
  */
 public function isCorsRequest(HttpRequest $request)
 {
     $headers = $request->getHeaders();
     if (!$headers->has('Origin')) {
         return false;
     }
     $originUri = UriFactory::factory($headers->get('Origin')->getFieldValue());
     $requestUri = $request->getUri();
     // According to the spec (http://tools.ietf.org/html/rfc6454#section-4), we should check host, port and scheme
     return !($originUri->getHost() === $requestUri->getHost()) || !($originUri->getPort() === $requestUri->getPort()) || !($originUri->getScheme() === $requestUri->getScheme());
 }
Пример #5
0
 /**
  * Perform an API request.
  *
  * Returns a Response object if the API HTTP request return a valid
  * response, false otherwise.
  *
  * @param  Request $request
  * @return Response|false
  */
 protected function apiRequest(Request $request)
 {
     $httpClient = $this->getHttpClient();
     // check session
     if ($this->token === null && substr($request->getUri()->getPath(), 0, 13) !== '/REST/Session') {
         throw new Exception\NotAuthenticatedException('An API session must be established by calling ' . 'Dyn\\TrafficManagement::createSession() before making other API calls');
     }
     $this->lastResponse = null;
     $this->lastHttpResponse = $httpClient->dispatch($request);
     if ($this->lastHttpResponse->isSuccess()) {
         $json = json_decode($this->lastHttpResponse->getBody());
         if (!$json) {
             return false;
         }
         // parse response and store
         $this->lastResponse = Response::fromJson($json);
         return $this->lastResponse;
     }
     return false;
 }
 public function create($data)
 {
     $router = $this->serviceLocator->get('router');
     $controllerLoader = $this->serviceLocator->get('controllerLoader');
     foreach ($data as $key => $requestData) {
         $request = new Request();
         $request->setMethod($requestData['method']);
         $request->setUri($requestData['uri']);
         $queryString = $request->getUri()->getQuery();
         if ($queryString) {
             $query = [];
             parse_str($queryString, $query);
             $request->setQuery(new Parameters($query));
         }
         if (isset($requestData['headers'])) {
             foreach ($requestData['headers'] as $name => $value) {
                 $request->getHeaders()->addHeaderLine($name, $value);
             }
         }
         $request->getHeaders()->addHeaders([$this->request->getHeaders()->get('Accept'), $this->request->getHeaders()->get('Content-Type')]);
         if (isset($requestData['content'])) {
             $request->setContent(json_encode($requestData['content']));
         }
         $response = new Response();
         $event = new MvcEvent();
         $event->setRequest($request);
         $event->setResponse($response);
         $match = $router->match($request);
         RouteListener::resolveController($match);
         $contentModel = null;
         if (!isset($match) || $match->getMatchedRouteName() != 'rest.' . $this->options->getManifestName()) {
             $contentModel = $this->createExceptionContentModel(new Exception\RuntimeException(sprintf('%s uri is not a rest route, so is not supported by batch controller.', $requestData['uri'])), $event);
         } else {
             try {
                 $controller = $controllerLoader->get($match->getParam('controller'));
             } catch (\Zend\ServiceManager\Exception\ServiceNotFoundException $exception) {
                 $contentModel = $this->createExceptionContentModel($exception, $event);
                 $response->setStatusCode(404);
             }
             $event->setRouteMatch($match);
             $controller->setEvent($event);
             if (!isset($contentModel)) {
                 try {
                     $contentModel = $controller->dispatch($request, $response);
                 } catch (\Exception $exception) {
                     $contentModel = $this->createExceptionContentModel($exception, $event);
                 }
             }
         }
         $headers = [];
         foreach ($response->getHeaders() as $header) {
             $headers[$header->getFieldName()] = $header->getFieldValue();
         }
         $responseModel = new JsonModel(['status' => $response->getStatusCode(), 'headers' => $headers]);
         if ($contentModel instanceof ModelInterface) {
             $responseModel->addChild($contentModel, 'content');
         }
         $this->model->addChild($responseModel, $key);
     }
     return $this->model;
 }
Пример #7
0
 /**
  * Parse Digest Authorization header
  *
  * @param  string $header Client's Authorization: HTTP header
  * @return array|bool Data elements from header, or false if any part of
  *                    the header is invalid
  */
 protected function _parseDigestAuth($header)
 {
     $temp = null;
     $data = array();
     // See ZF-1052. Detect invalid usernames instead of just returning a
     // 400 code.
     $ret = preg_match('/username="******"]+)"/', $header, $temp);
     if (!$ret || empty($temp[1]) || !ctype_print($temp[1]) || strpos($temp[1], ':') !== false) {
         $data['username'] = '******';
     } else {
         $data['username'] = $temp[1];
     }
     $temp = null;
     $ret = preg_match('/realm="([^"]+)"/', $header, $temp);
     if (!$ret || empty($temp[1])) {
         return false;
     }
     if (!ctype_print($temp[1]) || strpos($temp[1], ':') !== false) {
         return false;
     } else {
         $data['realm'] = $temp[1];
     }
     $temp = null;
     $ret = preg_match('/nonce="([^"]+)"/', $header, $temp);
     if (!$ret || empty($temp[1])) {
         return false;
     }
     if (!ctype_xdigit($temp[1])) {
         return false;
     }
     $data['nonce'] = $temp[1];
     $temp = null;
     $ret = preg_match('/uri="([^"]+)"/', $header, $temp);
     if (!$ret || empty($temp[1])) {
         return false;
     }
     // Section 3.2.2.5 in RFC 2617 says the authenticating server must
     // verify that the URI field in the Authorization header is for the
     // same resource requested in the Request Line.
     $rUri = $this->request->getUri();
     $cUri = UriFactory::factory($temp[1]);
     // Make sure the path portion of both URIs is the same
     if ($rUri->getPath() != $cUri->getPath()) {
         return false;
     }
     // Section 3.2.2.5 seems to suggest that the value of the URI
     // Authorization field should be made into an absolute URI if the
     // Request URI is absolute, but it's vague, and that's a bunch of
     // code I don't want to write right now.
     $data['uri'] = $temp[1];
     $temp = null;
     $ret = preg_match('/response="([^"]+)"/', $header, $temp);
     if (!$ret || empty($temp[1])) {
         return false;
     }
     if (32 != strlen($temp[1]) || !ctype_xdigit($temp[1])) {
         return false;
     }
     $data['response'] = $temp[1];
     $temp = null;
     // The spec says this should default to MD5 if omitted. OK, so how does
     // that square with the algo we send out in the WWW-Authenticate header,
     // if it can easily be overridden by the client?
     $ret = preg_match('/algorithm="?(' . $this->algo . ')"?/', $header, $temp);
     if ($ret && !empty($temp[1]) && in_array($temp[1], $this->supportedAlgos)) {
         $data['algorithm'] = $temp[1];
     } else {
         $data['algorithm'] = 'MD5';
         // = $this->algo; ?
     }
     $temp = null;
     // Not optional in this implementation
     $ret = preg_match('/cnonce="([^"]+)"/', $header, $temp);
     if (!$ret || empty($temp[1])) {
         return false;
     }
     if (!ctype_print($temp[1])) {
         return false;
     }
     $data['cnonce'] = $temp[1];
     $temp = null;
     // If the server sent an opaque value, the client must send it back
     if ($this->useOpaque) {
         $ret = preg_match('/opaque="([^"]+)"/', $header, $temp);
         if (!$ret || empty($temp[1])) {
             // Big surprise: IE isn't RFC 2617-compliant.
             $headers = $this->request->getHeaders();
             if (!$headers->has('User-Agent')) {
                 return false;
             }
             $userAgent = $headers->get('User-Agent')->getFieldValue();
             if (false === strpos($userAgent, 'MSIE')) {
                 return false;
             }
             $temp[1] = '';
             $this->ieNoOpaque = true;
         }
         // This implementation only sends MD5 hex strings in the opaque value
         if (!$this->ieNoOpaque && (32 != strlen($temp[1]) || !ctype_xdigit($temp[1]))) {
             return false;
         }
         $data['opaque'] = $temp[1];
         $temp = null;
     }
     // Not optional in this implementation, but must be one of the supported
     // qop types
     $ret = preg_match('/qop="?(' . implode('|', $this->supportedQops) . ')"?/', $header, $temp);
     if (!$ret || empty($temp[1])) {
         return false;
     }
     if (!in_array($temp[1], $this->supportedQops)) {
         return false;
     }
     $data['qop'] = $temp[1];
     $temp = null;
     // Not optional in this implementation. The spec says this value
     // shouldn't be a quoted string, but apparently some implementations
     // quote it anyway. See ZF-1544.
     $ret = preg_match('/nc="?([0-9A-Fa-f]{8})"?/', $header, $temp);
     if (!$ret || empty($temp[1])) {
         return false;
     }
     if (8 != strlen($temp[1]) || !ctype_xdigit($temp[1])) {
         return false;
     }
     $data['nc'] = $temp[1];
     $temp = null;
     return $data;
 }
Пример #8
0
 protected function execute($url, $method, array $query = null, array $rawdata = null, Headers $headers = null)
 {
     $request = new Request();
     // Headers
     $request->getHeaders()->addHeaders(array('Content-Type' => $this->getContentType()));
     if ($headers) {
         $request->getHeaders()->addHeaders($headers);
     }
     // Query
     if ($query) {
         $request->setQuery(new Parameters($query));
     }
     $request->setUri($url)->setMethod($method);
     switch ($method) {
         case self::HTTP_VERB_POST:
         case self::HTTP_VERB_PUT:
         case self::HTTP_VERB_PATCH:
             if ($rawdata) {
                 $request->setPost(new Parameters($rawdata));
             }
             break;
     }
     $client = new HttpClient('', $this->_httpClientOptions);
     $adapter = $client->getAdapter();
     /* @var $adapter Curl */
     $secure = $request->getUri()->getScheme() == 'https';
     $adapter->connect($request->getUri()->getHost(), $request->getUri()->getPort(), $secure);
     $ch = $adapter->getHandle();
     // Set URL
     curl_setopt($ch, CURLOPT_URL, $request->getUriString() . '?' . $request->getQuery()->toString());
     // ensure correct curl call
     $curlValue = true;
     switch ($method) {
         case 'GET':
             $curlMethod = CURLOPT_HTTPGET;
             break;
         case 'POST':
             $curlMethod = CURLOPT_POST;
             break;
         case 'PUT':
         case 'PATCH':
         case 'DELETE':
         case 'OPTIONS':
         case 'TRACE':
         case 'HEAD':
             $curlMethod = CURLOPT_CUSTOMREQUEST;
             $curlValue = $method;
             break;
         default:
             // For now, through an exception for unsupported request methods
             throw new Exception("Method '{$method}' currently not supported");
     }
     // mark as HTTP request and set HTTP method
     curl_setopt($ch, CURL_HTTP_VERSION_1_1, true);
     curl_setopt($ch, $curlMethod, $curlValue);
     // ensure actual response is returned
     curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
     // set callback function
     if ($this->getCallbackWriteFunction() instanceof \Closure) {
         curl_setopt($ch, CURLOPT_WRITEFUNCTION, $this->getCallbackWriteFunction());
     }
     // ensure headers are also returned
     curl_setopt($ch, CURLOPT_HEADER, false);
     // set callback function
     if ($this->getCallbackHeaderFunction() instanceof \Closure) {
         curl_setopt($ch, CURLOPT_HEADERFUNCTION, $this->getCallbackHeaderFunction());
     }
     // Treating basic auth headers in a special way
     if ($request->getHeaders() instanceof Headers) {
         $headersArray = $request->getHeaders()->toArray();
         if (array_key_exists('Authorization', $headersArray) && 'Basic' == substr($headersArray['Authorization'], 0, 5)) {
             curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
             curl_setopt($ch, CURLOPT_USERPWD, base64_decode(substr($headersArray['Authorization'], 6)));
             unset($headersArray['Authorization']);
         }
         // set additional headers
         if (!isset($headersArray['Accept'])) {
             $headersArray['Accept'] = '';
         }
         $curlHeaders = array();
         foreach ($headersArray as $key => $value) {
             $curlHeaders[] = $key . ': ' . $value;
         }
         curl_setopt($ch, CURLOPT_HTTPHEADER, $curlHeaders);
     }
     // POST body
     switch ($method) {
         case 'POST':
         case 'PUT':
         case 'PATCH':
             curl_setopt($ch, CURLOPT_POSTFIELDS, $request->getPost()->toArray());
             break;
     }
     $this->_handlers[uniqid()] = $ch;
     end($this->_handlers);
     return key($this->_handlers);
 }
Пример #9
0
 /**
  * Normailze Uri
  *
  * @return mixed
  */
 public function normalize()
 {
     return $this->request->getUri()->normalize();
 }
Пример #10
0
 protected function getSubRequest($batchRequest, array $requestData)
 {
     $request = new Request();
     $request->setMethod($requestData['method']);
     $request->setUri($requestData['uri']);
     $queryString = $request->getUri()->getQuery();
     if ($queryString) {
         $query = [];
         parse_str($queryString, $query);
         $request->setQuery(new Parameters($query));
     }
     $requestHeaders = [$batchRequest->getHeaders()->get('Accept'), $batchRequest->getHeaders()->get('Content-Type')];
     if (isset($requestData['headers'])) {
         foreach ($requestData['headers'] as $name => $value) {
             $requestHeaders[] = GenericHeader::fromString($name . ': ' . $value);
         }
     }
     $request->getHeaders()->addHeaders($requestHeaders);
     if (isset($requestData['content'])) {
         $request->setContent(json_encode($requestData['content']));
     }
     return $request;
 }
Пример #11
0
    /**
     * @param Request $request
     * @param User $apiClient
     * @param string $timestamp
     * @return string
     */
    private function createHmac(Request $request, User $apiClient, $timestamp)
    {
        $method = $request->getMethod();
        $uri = $request->getUri()->getPath();
        $query = $request->getQuery();
        $query->offsetUnset('q');
        $query->toString();
        // Remove internal routing parameter
        if (isset($query['q'])) {
            unset($query['q']);
        }

        //$key = $apiClient->getUsername();
        $key = 'testuser'; // Debug
        $input = trim(join(' ', [$timestamp, $method, $uri, $query->toString()]));
        return hash_hmac('sha256', $input, $key, false);
    }
Пример #12
0
 /**
  * Converts the request into a url.
  *
  * This encodes the query parameters associated with the request.
  *
  * @param Request $request
  * @return string
  */
 public static function toUriString(Request $request)
 {
     $uri = clone $request->getUri();
     $uri->setQuery(array_merge($uri->getQueryAsArray(), $request->getQuery()->toArray()));
     return $uri->toString();
 }