示例#1
0
 /**
  * Method for validating contents of a request; returns an array of
  * collected details if request is valid, otherwise returns false.
  *
  * @param array $linkData An array of keys to check
  *
  * @return boolean|array
  */
 public function validateRequest($linkData)
 {
     $controller = $this->getController();
     $params = $controller->params();
     $keyValueArray = [];
     foreach ($linkData as $details) {
         // We expect most parameters to come via query, but some (mainly ID) may
         // be in the route:
         $keyValueArray[$details] = $params->fromQuery($details, $params->fromRoute($details));
     }
     $hashKey = $this->hmac->generate($linkData, $keyValueArray);
     if ($params->fromQuery('hashKey') != $hashKey) {
         return false;
     }
     // Initialize gatheredDetails with any POST values we find; this will
     // allow us to repopulate the form with user-entered values if there
     // is an error.  However, it is important that we load the POST data
     // FIRST and then override it with GET values in order to ensure that
     // the user doesn't bypass the hashkey verification by manipulating POST
     // values.
     $gatheredDetails = $params->fromPost('gatheredDetails', []);
     // Make sure the bib ID is included, even if it's not loaded as part of
     // the validation loop below.
     $gatheredDetails['id'] = $params->fromRoute('id', $params->fromQuery('id'));
     // Get Values Passed from holdings.php
     $gatheredDetails = array_merge($gatheredDetails, $keyValueArray);
     return $gatheredDetails;
 }
示例#2
0
 /**
  * Get link for holding action
  *
  * @param    Array $holdingItem
  * @return    Array
  */
 protected function getHoldLink(array $holdingItem)
 {
     if (!isset($holdingItem['bibsysnumber'])) {
         return null;
     }
     $linkValues = array('id' => $holdingItem['bib_library'] . '-' . $holdingItem['bibsysnumber'], 'item_id' => $this->buildItemId($holdingItem));
     return array('action' => 'Hold', 'record' => $this->idItem, 'anchor' => '#tabnav', 'query' => http_build_query($linkValues + array('hashKey' => $this->hmac->generate($this->hmacKeys, $linkValues))));
 }
示例#3
0
文件: Holds.php 项目: guenterh/vufind
 /**
  * Get Hold Form
  *
  * Supplies holdLogic with the form details required to place a request
  *
  * @param array  $details  An array of item data
  * @param array  $HMACKeys An array of keys to hash
  * @param string $action   The action for which the details are built
  *
  * @return array             Details for generating URL
  */
 protected function getRequestDetails($details, $HMACKeys, $action)
 {
     // Generate HMAC
     $HMACkey = $this->hmac->generate($HMACKeys, $details);
     // Add Params
     foreach ($details as $key => $param) {
         $needle = in_array($key, $HMACKeys);
         if ($needle) {
             $queryString[] = $key . "=" . urlencode($param);
         }
     }
     // Add HMAC
     $queryString[] = "hashKey=" . urlencode($HMACkey);
     $queryString = implode('&', $queryString);
     // Build Params
     return ['action' => $action, 'record' => $details['id'], 'source' => isset($details['source']) ? $details['source'] : 'VuFind', 'query' => $queryString, 'anchor' => "#tabnav"];
 }
示例#4
0
 /**
  * Get Hold Link
  *
  * Supplies the form details required to place a hold
  *
  * @param array $data     An array of item data
  * @param array $HMACKeys An array of keys to hash
  *
  * @return array          Details for generating URL
  */
 protected function getHoldDetails($data, $HMACKeys)
 {
     // Generate HMAC
     $HMACkey = $this->hmac->generate($HMACKeys, $data);
     // Add Params
     foreach ($data as $key => $param) {
         $needle = in_array($key, $HMACKeys);
         if ($needle) {
             $queryString[] = $key . '=' . urlencode($param);
         }
     }
     // Add HMAC
     $queryString[] = 'hashKey=' . urlencode($HMACkey);
     $queryString = implode('&', $queryString);
     // Build Params
     return ['action' => 'Hold', 'record' => $data['id'], 'query' => $queryString, 'anchor' => '#tabnav'];
 }
示例#5
0
 /**
  * Get Hold Form
  *
  * Supplies holdLogic with the form details required to place a hold
  *
  * @param array $holdDetails An array of item data
  * @param array $HMACKeys    An array of keys to hash
  *
  * @return array             Details for generating URL
  */
 protected function getHoldDetails($holdDetails, $HMACKeys)
 {
     // Generate HMAC
     $HMACkey = HMAC::generate($HMACKeys, $holdDetails);
     // Add Params
     foreach ($holdDetails as $key => $param) {
         $needle = in_array($key, $HMACKeys);
         if ($needle) {
             $queryString[] = $key . "=" . urlencode($param);
         }
     }
     //Add HMAC
     $queryString[] = "hashKey=" . urlencode($HMACkey);
     $queryString = implode('&', $queryString);
     // Build Params
     return array('action' => 'Hold', 'record' => $holdDetails['id'], 'query' => $queryString, 'anchor' => "#tabnav");
 }
示例#6
0
 /**
  * Utility function for generating a token for unsubscribing a
  * saved search.
  *
  * @param VuFind\Crypt\HMAC $hmac HMAC hash generator
  * @param object            $user User object
  *
  * @return string token
  */
 public function getUnsubscribeSecret(HMAC $hmac, $user)
 {
     $data = ['id' => $this->id, 'user_id' => $user->id, 'created' => $user->created];
     return $hmac->generate(array_keys($data), $data);
 }
示例#7
0
 /**
  * Test hashing.
  *
  * @return void
  */
 public function testHash()
 {
     $hmac = new HMAC('secret');
     $this->assertEquals('330891b9db42bdf6aeb558a35e2a1780', $hmac->generate(['foo'], ['foo' => 'bar']));
 }