/**
* Convert a Zend\Http\Response in a PSR-7 response, using zend-diactoros
*
* @param ZendRequest $zendRequest
* @return ServerRequest
*/
public static function fromZend(ZendRequest $zendRequest)
{
$body = new Stream('php://memory', 'wb+');
$body->write($zendRequest->getContent());
$headers = empty($zendRequest->getHeaders()) ? [] : $zendRequest->getHeaders()->toArray();
$query = empty($zendRequest->getQuery()) ? [] : $zendRequest->getQuery()->toArray();
$post = empty($zendRequest->getPost()) ? [] : $zendRequest->getPost()->toArray();
$files = empty($zendRequest->getFiles()) ? [] : $zendRequest->getFiles()->toArray();
$request = new ServerRequest([], self::convertFilesToUploaded($files), $zendRequest->getUriString(), $zendRequest->getMethod(), $body, $headers);
$request = $request->withQueryParams($query);
return $request->withParsedBody($post);
}
/**
* Prepares the REST Request object with values appropriate for a sub-resource request.
*
* @param \BedRest\Rest\Request\Request $restRequest
* @param \Zend\Http\Request $httpRequest
* @param \Zend\Mvc\Router\RouteMatch $routeMatch
*/
protected function prepareSubResource(RestRequest $restRequest, HttpRequest $httpRequest, RouteMatch $routeMatch)
{
$id = $routeMatch->getParam('id', null);
$restRequest->setParameter('identifier', $id);
$resourceName = $routeMatch->getParam('__CONTROLLER__');
$subResourceName = $routeMatch->getParam('subresource', null);
$restRequest->setResource($resourceName . '/' . $subResourceName);
$subId = $routeMatch->getParam('subresource_id', null);
if (!empty($subId)) {
$restRequest->setParameter('subresource_identifier', $subId);
}
$method = strtoupper($httpRequest->getMethod());
if (!empty($method)) {
if (empty($subId) && $method !== RestRequestType::METHOD_POST) {
$method .= '_COLLECTION';
}
$restRequest->setMethod(constant('BedRest\\Rest\\Request\\Type::METHOD_' . $method));
}
}
public function testRequestCanAlwaysForcesUppecaseMethodName()
{
$request = new Request();
$request->setMethod('get');
$this->assertEquals('GET', $request->getMethod());
}
/**
* Digest Authentication
*
* @param string $header Client's Authorization header
* @throws Zend\Authentication\Adapter\Exception\UnexpectedValueException
* @return Zend\Authentication\Result Valid auth result only on successful auth
*/
protected function _digestAuth($header)
{
if (empty($header)) {
throw new Exception\RuntimeException('The value of the client Authorization header is required');
}
if (empty($this->_digestResolver)) {
throw new Exception\RuntimeException('A digestResolver object must be set before doing Digest authentication');
}
$data = $this->_parseDigestAuth($header);
if ($data === false) {
$this->_response->setStatusCode(400);
return new Authentication\Result(
Authentication\Result::FAILURE_UNCATEGORIZED,
array(),
array('Invalid Authorization header format')
);
}
// See ZF-1052. This code was a bit too unforgiving of invalid
// usernames. Now, if the username is bad, we re-challenge the client.
if ('::invalid::' == $data['username']) {
return $this->_challengeClient();
}
// Verify that the client sent back the same nonce
if ($this->_calcNonce() != $data['nonce']) {
return $this->_challengeClient();
}
// The opaque value is also required to match, but of course IE doesn't
// play ball.
if (!$this->_ieNoOpaque && $this->_calcOpaque() != $data['opaque']) {
return $this->_challengeClient();
}
// Look up the user's password hash. If not found, deny access.
// This makes no assumptions about how the password hash was
// constructed beyond that it must have been built in such a way as
// to be recreatable with the current settings of this object.
$ha1 = $this->_digestResolver->resolve($data['username'], $data['realm']);
if ($ha1 === false) {
return $this->_challengeClient();
}
// If MD5-sess is used, a1 value is made of the user's password
// hash with the server and client nonce appended, separated by
// colons.
if ($this->_algo == 'MD5-sess') {
$ha1 = hash('md5', $ha1 . ':' . $data['nonce'] . ':' . $data['cnonce']);
}
// Calculate h(a2). The value of this hash depends on the qop
// option selected by the client and the supported hash functions
switch ($data['qop']) {
case 'auth':
$a2 = $this->_request->getMethod() . ':' . $data['uri'];
break;
case 'auth-int':
// Should be REQUEST_METHOD . ':' . uri . ':' . hash(entity-body),
// but this isn't supported yet, so fall through to default case
default:
throw new Exception\RuntimeException('Client requested an unsupported qop option');
}
// Using hash() should make parameterizing the hash algorithm
// easier
$ha2 = hash('md5', $a2);
// Calculate the server's version of the request-digest. This must
// match $data['response']. See RFC 2617, section 3.2.2.1
$message = $data['nonce'] . ':' . $data['nc'] . ':' . $data['cnonce'] . ':' . $data['qop'] . ':' . $ha2;
$digest = hash('md5', $ha1 . ':' . $message);
// If our digest matches the client's let them in, otherwise return
// a 401 code and exit to prevent access to the protected resource.
if ($digest == $data['response']) {
$identity = array('username'=>$data['username'], 'realm'=>$data['realm']);
return new Authentication\Result(Authentication\Result::SUCCESS, $identity);
} else {
return $this->_challengeClient();
}
}
/**
* Map the authentication adapter to a module
* Since Apigility 1.1
*
* @param Request $request
* @return ViewModel|ApiProblemResponse
*/
protected function mappingAuthentication(Request $request)
{
$module = $this->params('name', false);
$version = $this->params()->fromQuery('version', false);
switch ($request->getMethod()) {
case $request::METHOD_GET:
return $this->createAuthenticationMapResult($this->model->getAuthenticationMap($module, $version));
case $request::METHOD_PUT:
return $this->updateAuthenticationMap($this->bodyParams(), $module, $version);
case $request::METHOD_DELETE:
return $this->removeAuthenticationMap($module, $version);
default:
$response = new ApiProblemResponse(new ApiProblem(405, 'Only the methods GET, PUT, DELETE are allowed for this URI'));
$response->getHeaders()->addHeaderLine('Allow', 'GET, PUT, DELETE');
return $response;
}
}
public function testRequestCanSetAndRetrieveValidMethod()
{
$request = new Request();
$request->setMethod('POST');
$this->assertEquals('POST', $request->getMethod());
}
/**
* Returns true, if the request is a POST request.
*
* @return boolean
*/
public function isPostRequest()
{
return \Zend\Http\Request::METHOD_POST == $this->httpRequest->getMethod();
}
/**
* @param Request $request
* @param User $apiClient
* @param string $timestamp
* @return string
*/
private function createHmac(Request $request, User $apiClient, $timestamp)
{
$method = $request->getMethod();
$uri = $request->getUri()->getPath();
$query = $request->getQuery();
$query->offsetUnset('q');
$query->toString();
// Remove internal routing parameter
if (isset($query['q'])) {
unset($query['q']);
}
//$key = $apiClient->getUsername();
$key = 'testuser'; // Debug
$input = trim(join(' ', [$timestamp, $method, $uri, $query->toString()]));
return hash_hmac('sha256', $input, $key, false);
}
private function buildRequest(HttpRequest $httpRequest)
{
$headers = $httpRequest->getHeaders();
// Marshal content type, so we can seed it into the $_SERVER array
$contentType = $headers->has('Content-Type') ? $headers->get('Content-Type')->getFieldValue() : '';
// Get $_SERVER superglobal
$server = [];
if ($httpRequest instanceof PhpEnvironmentRequest) {
$server = $httpRequest->getServer()->toArray();
} elseif (!empty($_SERVER)) {
$server = $_SERVER;
}
$server['REQUEST_METHOD'] = $httpRequest->getMethod();
// Seed headers with HTTP auth information
$headers = $headers->toArray();
if (isset($server['PHP_AUTH_USER'])) {
$headers['PHP_AUTH_USER'] = $server['PHP_AUTH_USER'];
}
if (isset($server['PHP_AUTH_PW'])) {
$headers['PHP_AUTH_PW'] = $server['PHP_AUTH_PW'];
}
$bodyParams = $this->getBodyParams($httpRequest);
return new OAuthRequest($httpRequest->getQuery()->toArray(), $bodyParams, [], [], [], $server, $httpRequest->getContent(), $headers);
}
/**
* @param HttpRequest $request
* @return boolean
*/
public function isHttpRequestMethodEnabled(HttpRequest $request)
{
$methods = $this->getMethods();
$isMethodEnabled = count($methods) === 0 || in_array(strtoupper($request->getMethod()), $methods);
return $isMethodEnabled;
}
