/** * Override base method to do some processing of incoming requests * * @param \CAction $action * * @return bool * @throws Exception */ protected function _beforeAction($action) { /** * fix the slash at the end, Yii removes trailing slash by default, * but it is needed in some APIs to determine file vs folder, etc. * 'rest/<service:[_0-9a-zA-Z-]+>/<resource:[_0-9a-zA-Z-\/. ]+>' */ $_path = $_service = FilterInput::get($_GET, 'path', null, FILTER_SANITIZE_STRING); $_resource = null; if (false !== ($_pos = strpos($_path, '/'))) { $_service = substr($_path, 0, $_pos); $_resource = $_pos < strlen($_path) ? substr($_path, $_pos + 1) : null; // // fix removal of trailing slashes from resource // if ( !empty( $this->_resource ) ) // { // $requestUri = Yii::app()->request->requestUri; // // if ( ( false === strpos( $requestUri, '?' ) && '/' === substr( $requestUri, strlen( $requestUri ) - 1, 1 ) ) || // ( '/' === substr( $requestUri, strpos( $requestUri, '?' ) - 1, 1 ) ) // ) // { // $this->_resource .= '/'; // } // } } return array($_service, $_resource); }
/** * */ public function actionGet() { $_service = FilterInput::get(INPUT_GET, 'service', ''); try { /** @var BaseFileSvc $_obj */ $_obj = ServiceHandler::getServiceObject($_service); switch ($_obj->getType()) { case 'Local File Storage': case 'Remote File Storage': $_fullPath = FilterInput::get(INPUT_GET, 'path', ''); if (!empty($_obj->privatePaths)) { // match path pieces to public accessible $_count = substr_count($_fullPath, '/'); $_pos = -1; for ($_ndx = 0; $_ndx < $_count; $_ndx++) { $_pos = strpos($_fullPath, '/', $_pos + 1); $_piece = substr($_fullPath, 0, $_pos) . '/'; if (false !== array_search($_piece, $_obj->privatePaths)) { $_statusHeader = 'HTTP/1.1 403 Forbidden. You have no access to this file or folder.'; header($_statusHeader); header('Content-Type: text/html'); Pii::end(); } } // check for full file path if (false !== array_search($_fullPath, $_obj->privatePaths)) { $_statusHeader = 'HTTP/1.1 403 Forbidden. You have no access to this file or folder.'; header($_statusHeader); header('Content-Type: text/html'); Pii::end(); } } $_container = substr($_fullPath, 0, strpos($_fullPath, '/')); $_path = ltrim(substr($_fullPath, strpos($_fullPath, '/') + 1), '/'); $_obj->streamFile($_container, $_path); Pii::end(); break; } $_statusHeader = 'HTTP/1.1 403 Forbidden. You have no access to this file or folder.'; header($_statusHeader); header('Content-Type: text/html'); Pii::end(); } catch (\Exception $ex) { die($ex->getMessage()); } }
/** * First-time Welcome page */ public function actionWelcome() { // User cool too? if (null === ($_user = ResourceStore::model('user')->findByPk(Session::getCurrentUserId()))) { throw new ForbiddenException(); } /** * If request contains a "force_remove=1" parameter, * remove the registration file and redirect */ if ('1' == FilterInput::get(INPUT_GET, 'force_remove', 0)) { Log::debug('Forced removal of registration marker requested.'); SystemManager::registerPlatform($_user, false, true); $this->redirect($this->_getRedirectUrl()); } $_model = new SupportForm(); // collect user input data if (isset($_POST, $_POST['SupportForm'])) { $_model->setAttributes($_POST['SupportForm']); // Validate user input and redirect to the previous page if valid if ($_model->validate()) { try { SystemManager::registerPlatform($_user, $_model->getSkipped()); $this->redirect($this->_getRedirectUrl()); return; } catch (\Exception $_ex) { $_model->addError(null, $_ex->getMessage()); } } $_model->addError('Problem', 'Registration System Unavailable'); } $this->render('welcome', array('model' => $_model)); }
/** * Checks the progress of any in-flight OAuth requests * * @param bool $skipTokenCheck If true, assume there is no token * * @throws NotImplementedException * @throws \DreamFactory\Oasys\Exceptions\RedirectRequiredException * @return string */ public function checkAuthenticationProgress($skipTokenCheck = false) { if (false === $skipTokenCheck && $this->getConfig('access_token')) { return true; } if (GrantTypes::AUTHORIZATION_CODE != $this->getConfig('grant_type')) { throw new NotImplementedException(); } $_code = FilterInput::get(INPUT_GET, 'code'); // No code is present, request one if (empty($_code)) { $_redirectUrl = $this->getAuthorizationUrl(); if (Flows::SERVER_SIDE == $this->getConfig('flow_type')) { throw new RedirectRequiredException($_redirectUrl); } header('Location: ' . $_redirectUrl); exit; } // Figure out where the redirect goes... $_redirectUri = $this->getConfig('redirect_uri'); $_proxyUrl = $this->getConfig('redirect_proxy_url'); if (!empty($_proxyUrl)) { $_redirectUri = $_proxyUrl; } // Got a code, now get a token $_token = $this->requestAccessToken(GrantTypes::AUTHORIZATION_CODE, array('code' => $_code, 'redirect_uri' => $_redirectUri, 'state' => Option::request('state'))); $_info = null; if (isset($_token, $_token['result'])) { if (!is_string($_token['result'])) { $_info = $_token['result']; } else { parse_str($_token['result'], $_info); } $this->_responsePayload = $_info; } if (!is_array($_info) && !is_object($_info) || null !== ($_error = Option::get($_info, 'error'))) { // Error Log::error('Error returned from oauth token request: ' . print_r($_info, true)); $this->_revokeAuthorization(); return false; } return $this->_processReceivedToken($_info); }