/** * Checks the request header for correct xAPI version. **/ protected function checkVersion() { $version = \LockerRequest::header('X-Experience-API-Version'); if (!isset($version) || substr($version, 0, 4) !== '1.0.') { throw new Exceptions\Exception('This is not an accepted version of xAPI.'); } }
/** * Checks the request header for correct xAPI version. **/ protected function checkVersion() { $version = \LockerRequest::header('X-Experience-API-Version'); $isInvalidVersion = !(isset($version) && (substr($version, 0, 4) === '1.0.' || $version === '1.0')); if ($isInvalidVersion) { throw new Exceptions\Exception('This is not an accepted version of xAPI.'); } }
/** * Deals with multipart requests. * @return ['content' => $content, 'attachments' => $attachments]. */ private function getParts() { $content = \LockerRequest::getContent(); $contentType = \LockerRequest::header('Content-Type'); $types = explode(';', $contentType, 2); $mimeType = count($types) >= 1 ? $types[0] : $types; if ($mimeType == 'multipart/mixed') { $components = Attachments::setAttachments($contentType, $content); // Returns 'formatting' error. if (empty($components)) { throw new Exceptions\Exception('There is a problem with the formatting of your submitted content.'); } // Returns 'no attachment' error. if (!isset($components['attachments'])) { throw new Exceptions\Exception('There were no attachments.'); } $content = $components['body']; $attachments = $components['attachments']; } else { $attachments = []; } return ['content' => $content, 'attachments' => $attachments]; }
/** * Gets the username and password from the authorization string. * @return [String] Formed of [Username, Password] */ static function getUserPassFromAuth() { $authorization = \LockerRequest::header('Authorization'); if ($authorization !== null && strpos($authorization, 'Basic') === 0) { list($username, $password) = Helpers::getUserPassFromBAuth($authorization); } else { if ($authorization !== null && strpos($authorization, 'Bearer') === 0) { list($username, $password) = Helpers::getUserPassFromOAuth($authorization); } else { throw new Exceptions\Exception('Invalid auth', 400); } } return [$username, $password]; }
/** * Checks and gets the updated header. * @return String The updated timestamp ISO 8601 formatted. */ public function getUpdatedValue() { $updated = \LockerRequest::header('Updated'); // Checks the updated parameter. if (!empty($updated)) { if (!$this->validateTimestamp($updated)) { \App::abort(400, sprintf("`%s` is not an valid ISO 8601 formatted timestamp", $updated)); } } else { $updated = Carbon::now()->toISO8601String(); } return $updated; }
/* |-------------------------------------------------------------------------- | Guest Filter |-------------------------------------------------------------------------- | | The "guest" filter is the counterpart of the authentication filters as | it simply checks that the current user is not logged in. A redirect | response will be issued if they are, which you may freely change. | */ Route::filter('guest', function () { if (Auth::check()) { return Redirect::to('/'); } }); /* |-------------------------------------------------------------------------- | CSRF Protection Filter |-------------------------------------------------------------------------- | | The CSRF filter is responsible for protecting your application against | cross-site request forgery attacks. If this special token in a user | session does not match the one given in this request, we'll bail. | */ Route::filter('csrf', function () { $token = Request::ajax() ? LockerRequest::header('X-CSRF-Token') : Input::get('_token'); if (Session::token() !== $token) { throw new Illuminate\Session\TokenMismatchException(); } });