private function generateKs($partnerId, $additionalData, $privileges)
{
$partner = $this->getPartner($partnerId);
$limitedKs = '';
$result = kSessionUtils::startKSession($partnerId, $partner->getAdminSecret(), '', $limitedKs, self::EXPIRY_SECONDS, kSessionBase::SESSION_TYPE_ADMIN, '', $privileges, null, $additionalData);
if ($result < 0) {
throw new Exception('Failed to create limited session for partner ' . $partnerId);
}
return $limitedKs;
}
/**
* @return string
*/
public static function generateKs($partnerId, $tokenPrefix)
{
$partner = PartnerPeer::retrieveByPK($partnerId);
$userSecret = $partner->getSecret();
//actionslimit:1
$privileges = kSessionBase::PRIVILEGE_SET_ROLE . ":" . self::EXTERNAL_INTEGRATION_SERVICES_ROLE_NAME;
$privileges .= "," . kSessionBase::PRIVILEGE_ACTIONS_LIMIT . ":1";
$dcParams = kDataCenterMgr::getCurrentDc();
$token = $dcParams["secret"];
$additionalData = md5($tokenPrefix . $token);
$ks = "";
$creationSucces = kSessionUtils::startKSession($partnerId, $userSecret, "", $ks, self::THREE_DAYS_IN_SECONDS, KalturaSessionType::USER, "", $privileges, null, $additionalData);
if ($creationSucces >= 0) {
return $ks;
}
return false;
}
public function executeImpl($partner_id, $subp_id, $puser_id, $partner_prefix, $puser_kuser)
{
// make sure the secret fits the one in the partner's table
$ks = "";
$expiry = $this->getP("expiry", 86400);
$admin = $this->getP("admin", false);
$privileges = $this->getP("privileges", null);
$result = kSessionUtils::startKSession($partner_id, $this->getPM("secret"), $puser_id, $ks, $expiry, $admin, "", $privileges);
if ($result >= 0) {
$this->addMsg("ks", $ks);
$this->addMsg("partner_id", $partner_id);
$this->addMsg("subp_id", $subp_id);
$this->addMsg("uid", $puser_id);
} else {
// TODO - see that there is a good error for when the invalid login count exceed s the max
$this->addError(APIErrors::START_SESSION_ERROR, $partner_id);
$this->addDebug("error", $result);
}
}
public function getDownloadUrlWithExpiry($expiry, $useCdn = false)
{
$ksStr = "";
$partnerId = $this->getPartnerId();
$partner = PartnerPeer::retrieveByPK($partnerId);
$secret = $partner->getSecret();
$privilege = ks::PRIVILEGE_DOWNLOAD . ":" . $this->getEntryId();
$result = kSessionUtils::startKSession($partnerId, $secret, null, $ksStr, $expiry, false, "", $privilege);
if ($result < 0) {
throw new Exception("Failed to generate session for flavor asset [" . $this->getId() . "]");
}
$finalPath = myPartnerUtils::getUrlForPartner($this->getPartnerId(), $this->getPartnerId() * 100) . "/download" . "/entry_id/" . $this->getEntryId() . "/flavor/" . $this->getId() . "/ks/" . $ksStr;
// Gonen May 12 2010 - removing CDN URLs. see ticket 5135 in internal mantis
// in order to avoid conflicts with access_control (geo-location restriction), we always return the requestHost (www_host from kConf)
// and not the CDN host relevant for the partner.
// Tan-Tan January 27 2011 - in some places we do need the cdn, I added a paramter useCdn to force it.
if ($useCdn) {
$downloadUrl = myPartnerUtils::getCdnHost($partnerId) . $finalPath;
} else {
$downloadUrl = requestUtils::getRequestHost() . $finalPath;
}
return $downloadUrl;
}
private static function createUrl($partner_id, $file_name)
{
$ksStr = "";
$partner = PartnerPeer::retrieveByPK($partner_id);
$secret = $partner->getSecret();
$privilege = ks::PRIVILEGE_DOWNLOAD . ":" . $file_name;
$maxExpiry = 86400;
$expiry = $partner->getKsMaxExpiryInSeconds();
if (!$expiry || $expiry > $maxExpiry) {
$expiry = $maxExpiry;
}
$result = kSessionUtils::startKSession($partner_id, $secret, null, $ksStr, $expiry, false, "", $privilege);
if ($result < 0) {
throw new Exception("Failed to generate session for asset [" . $this->getId() . "] of type " . $this->getType());
}
//url is built with DC url in order to be directed to the same DC of the saved file
$url = kDataCenterMgr::getCurrentDcUrl() . "/api_v3/index.php/service/report/action/serve/ks/{$ksStr}/id/{$file_name}/report.csv";
return $url;
}
public function getDownloadUrlWithExpiry($expiry, $useCdn = false, $forceProxy = false, $preview = null)
{
$ksStr = "";
$partnerId = $this->getPartnerId();
if ($this->isKsNeededForDownload() || $preview) {
$partner = PartnerPeer::retrieveByPK($partnerId);
$secret = $partner->getSecret();
$privilege = ks::PRIVILEGE_DOWNLOAD . ":" . $this->getEntryId();
$privilege .= "," . kSessionBase::PRIVILEGE_DISABLE_ENTITLEMENT_FOR_ENTRY . ":" . $this->getEntryId();
$privilege .= "," . kSessionBase::PRIVILEGE_VIEW . ":" . $this->getEntryId();
$privilege .= "," . kSessionBase::PRIVILEGE_DOWNLOAD_ASSET . ":" . $this->getId();
if ($preview) {
$privilege .= "," . kSessionBase::PRIVILEGE_PREVIEW . ":" . $preview;
}
$result = kSessionUtils::startKSession($partnerId, $secret, null, $ksStr, $expiry, false, "", $privilege);
if ($result < 0) {
throw new Exception("Failed to generate session for asset [" . $this->getId() . "] of type " . $this->getType());
}
}
$finalPath = $this->getFinalDownloadUrlPathWithoutKs();
if ($ksStr) {
$finalPath .= "/ks/" . $ksStr;
}
if ($forceProxy) {
$finalPath .= "/relocate/" . $this->getEntryId() . "." . $this->getFileExt();
}
// Gonen May 12 2010 - removing CDN URLs. see ticket 5135 in internal mantis
// in order to avoid conflicts with access_control (geo-location restriction), we always return the requestHost (www_host from kConf)
// and not the CDN host relevant for the partner.
// Tan-Tan January 27 2011 - in some places we do need the cdn, I added a paramter useCdn to force it.
if ($useCdn) {
// TODO in that case we should use the serve flavor and the url manager in order to support secured and signed urls
$downloadUrl = myPartnerUtils::getCdnHost($partnerId) . $finalPath;
} else {
$downloadUrl = requestUtils::getRequestHost() . $finalPath;
}
return $downloadUrl;
}
/**
*
* Gets KS for PS2
* @param string $secret
* @param string $userId
* @param KalturaSessionType $type
* @param string $partnerId
* @param int $expiry
* @param unknown_type $privileges
*/
public static function getKs($secret, $userId = "", $type = 0, $partnerId = null, $expiry = 86400, $privileges = null)
{
$ks = '';
$result = kSessionUtils::startKSession($partnerId, $secret, $userId, $ks, $expiry, $type, "", $privileges);
if ($result >= 0) {
return $ks;
} else {
throw new Exception("Error starting admin session for: Partner: {$partnerId}, with Secret: {$secret} \n");
}
}
/**
* Start an impersonated session with Kaltura's server.
* The result KS info contains the session key that you should pass to all services that requires a ticket.
* Type, expiry and privileges won't be changed if they're not set
*
* @action impersonateByKs
* @param string $session The old KS of the impersonated partner
* @param KalturaSessionType $type Type of the new KS
* @param int $expiry Expiry time in seconds of the new KS
* @param string $privileges Privileges of the new KS
* @return KalturaSessionInfo
*
* @throws APIErrors::START_SESSION_ERROR
*/
function impersonateByKsAction($session, $type = null, $expiry = null, $privileges = null)
{
KalturaResponseCacher::disableCache();
$oldKS = null;
try {
$oldKS = ks::fromSecureString($session);
} catch (Exception $e) {
KalturaLog::err($e->getMessage());
throw new KalturaAPIException(APIErrors::START_SESSION_ERROR, $this->getPartnerId());
}
$impersonatedPartnerId = $oldKS->partner_id;
$impersonatedUserId = $oldKS->user;
$impersonatedType = $oldKS->type;
$impersonatedExpiry = $oldKS->valid_until - time();
$impersonatedPrivileges = $oldKS->privileges;
if (!is_null($type)) {
$impersonatedType = $type;
}
if (!is_null($expiry)) {
$impersonatedExpiry = $expiry;
}
if ($privileges) {
$impersonatedPrivileges = $privileges;
}
// verify partner is allowed to start session for another partner
$impersonatedPartner = null;
if (!myPartnerUtils::allowPartnerAccessPartner($this->getPartnerId(), $this->partnerGroup(), $impersonatedPartnerId)) {
$c = PartnerPeer::getDefaultCriteria();
$c->addAnd(PartnerPeer::ID, $impersonatedPartnerId);
$impersonatedPartner = PartnerPeer::doSelectOne($c);
} else {
// get impersonated partner
$impersonatedPartner = PartnerPeer::retrieveByPK($impersonatedPartnerId);
}
if (!$impersonatedPartner) {
KalturaLog::err("Impersonated partner [{$impersonatedPartnerId} ]could not be fetched from the DB");
throw new KalturaAPIException(APIErrors::START_SESSION_ERROR, $this->getPartnerId());
}
// set the correct secret according to required session type
if ($impersonatedType == KalturaSessionType::ADMIN) {
$impersonatedSecret = $impersonatedPartner->getAdminSecret();
} else {
$impersonatedSecret = $impersonatedPartner->getSecret();
}
$sessionInfo = new KalturaSessionInfo();
$result = kSessionUtils::startKSession($impersonatedPartnerId, $impersonatedSecret, $impersonatedUserId, $sessionInfo->ks, $impersonatedExpiry, $impersonatedType, '', $impersonatedPrivileges, $this->getPartnerId());
if ($result < 0) {
KalturaLog::err("Failed starting a session with result [{$result}]");
throw new KalturaAPIException(APIErrors::START_SESSION_ERROR, $this->getPartnerId());
}
$sessionInfo->partnerId = $impersonatedPartnerId;
$sessionInfo->userId = $impersonatedUserId;
$sessionInfo->expiry = $impersonatedExpiry;
$sessionInfo->sessionType = $impersonatedType;
$sessionInfo->privileges = $impersonatedPrivileges;
return $sessionInfo;
}
public function getDownloadUrlWithExpiry($expiry, $useCdn = false)
{
$ksStr = "";
$ksNeeded = true;
$partnerId = $this->getPartnerId();
if (!PermissionPeer::isValidForPartner(PermissionName::FEATURE_ENTITLEMENT, $partnerId)) {
$invalidModerationStatuses = array(entry::ENTRY_MODERATION_STATUS_PENDING_MODERATION, entry::ENTRY_MODERATION_STATUS_REJECTED);
$entry = $this->getentry();
if ($entry && !in_array($entry->getModerationStatus(), $invalidModerationStatuses) && ($entry->getStartDate() === null || $entry->getStartDate(null) < time()) && ($entry->getEndDate() === null || $entry->getEndDate(null) > time() + 86400)) {
$accessControl = $entry->getaccessControl();
if ($accessControl && !$accessControl->getRulesArray()) {
$ksNeeded = false;
}
}
}
if ($ksNeeded) {
$partner = PartnerPeer::retrieveByPK($partnerId);
$secret = $partner->getSecret();
$privilege = ks::PRIVILEGE_DOWNLOAD . ":" . $this->getEntryId();
$privilege .= "," . kSessionBase::PRIVILEGE_DISABLE_ENTITLEMENT_FOR_ENTRY . ":" . $this->getEntryId();
$result = kSessionUtils::startKSession($partnerId, $secret, null, $ksStr, $expiry, false, "", $privilege);
if ($result < 0) {
throw new Exception("Failed to generate session for asset [" . $this->getId() . "] of type " . $this->getType());
}
}
$finalPath = $this->getFinalDownloadUrlPathWithoutKs();
if ($ksStr) {
$finalPath .= "/ks/" . $ksStr;
}
// Gonen May 12 2010 - removing CDN URLs. see ticket 5135 in internal mantis
// in order to avoid conflicts with access_control (geo-location restriction), we always return the requestHost (www_host from kConf)
// and not the CDN host relevant for the partner.
// Tan-Tan January 27 2011 - in some places we do need the cdn, I added a paramter useCdn to force it.
if ($useCdn) {
// TODO in that case we should use the serve flavor and the url manager in order to support secured and signed urls
$downloadUrl = myPartnerUtils::getCdnHost($partnerId) . $finalPath;
} else {
$downloadUrl = requestUtils::getRequestHost() . $finalPath;
}
return $downloadUrl;
}
/**
* Start an impersonated session with Kaltura's server.
* The result KS is the session key that you should pass to all services that requires a ticket.
*
* @action impersonate
* @param string $secret Remember to provide the correct secret according to the sessionType you want
* @param int $impersonatedPartnerId
* @param string $userId
* @param KalturaSessionType $type Regular session or Admin session
* @param int $partnerId
* @param int $expiry KS expiry time in seconds
* @param string $privileges
* @return string
*
* @throws APIErrors::START_SESSION_ERROR
*/
function impersonateAction($secret, $impersonatedPartnerId, $userId = "", $type = 0, $partnerId = null, $expiry = 86400, $privileges = null)
{
KalturaResponseCacher::disableCache();
// verify that partnerId exists and is in correspondence with given secret
$result = myPartnerUtils::isValidSecret($partnerId, $secret, "", $expiry, $type);
if ($result !== true) {
throw new KalturaAPIException(APIErrors::START_SESSION_ERROR, $partnerId);
}
// verify partner is allowed to start session for another partner
if (!myPartnerUtils::allowPartnerAccessPartner($partnerId, $this->partnerGroup(), $impersonatedPartnerId)) {
throw new KalturaAPIException(APIErrors::START_SESSION_ERROR, $partnerId);
}
// get impersonated partner
$impersonatedPartner = PartnerPeer::retrieveByPK($impersonatedPartnerId);
if (!$impersonatedPartner) {
// impersonated partner could not be fetched from the DB
throw new KalturaAPIException(APIErrors::START_SESSION_ERROR, $partnerId);
}
// set the correct secret according to required session type
if ($type == KalturaSessionType::ADMIN) {
$impersonatedSecret = $impersonatedPartner->getAdminSecret();
} else {
$impersonatedSecret = $impersonatedPartner->getSecret();
}
// make sure the secret fits the one in the partner's table
$ks = "";
$result = kSessionUtils::startKSession($impersonatedPartner->getId(), $impersonatedSecret, $userId, $ks, $expiry, $type, "", $privileges, $partnerId);
if ($result >= 0) {
return $ks;
} else {
throw new KalturaAPIException(APIErrors::START_SESSION_ERROR, $partnerId);
}
}
/**
* @param CaptionAsset $captionAsset
* @param int $expiry
* @return string
*/
protected static function generateKsForCaptionServe($captionAsset, $expiry = 86400)
{
$partnerId = $captionAsset->getPartnerId();
$partner = PartnerPeer::retrieveByPK($partnerId);
$secret = $partner->getSecret();
$privilege = self::KS_PRIVILEGE_CAPTION . ":" . $captionAsset->getEntryId();
$ksStr = '';
kSessionUtils::startKSession($partnerId, $secret, null, $ksStr, $expiry, false, "", $privilege);
return $ksStr;
}
protected function generateLimitedKs($partnerId, $stateData)
{
$partner = $this->getPartner($partnerId);
$limitedKs = '';
$expiry = 30 * 60;
// 30 minutes
$privileges = kSessionBase::PRIVILEGE_ACTIONS_LIMIT . ':0';
$additionalData = json_encode($stateData);
$result = kSessionUtils::startKSession($partnerId, $partner->getAdminSecret(), '', $limitedKs, $expiry, kSessionBase::SESSION_TYPE_ADMIN, '', $privileges, null, $additionalData);
if ($result < 0) {
throw new Exception('Failed to create limited session for partner ' . $partnerId);
}
return $limitedKs;
}
private function getAdminKs($partnerId, $secret)
{
$ks = '';
$result = kSessionUtils::startKSession($partnerId, $secret, '', $ks, 86400, KalturaSessionType::ADMIN, '', null);
if ($result >= 0) {
return $ks;
} else {
$this->fail('Start session error');
}
}
