From 26a25532f57d44f3740d77ac321a4c8d205015c6 Mon Sep 17 00:00:00 2001 From: aina-esokia Date: Tue, 15 Jan 2019 15:54:37 +0400 Subject: [PATCH 1/5] taken account config to retrieve token in header or in url --- lib/classes/API/OAuth2/Adapter.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/classes/API/OAuth2/Adapter.php b/lib/classes/API/OAuth2/Adapter.php index c674aa277b..e64e258b1d 100644 --- a/lib/classes/API/OAuth2/Adapter.php +++ b/lib/classes/API/OAuth2/Adapter.php @@ -537,7 +537,9 @@ class API_OAuth2_Adapter extends OAuth2 public function verifyAccessToken($scope = null, $exit_not_present = true, $exit_invalid = true, $exit_expired = true, $exit_scope = true, $realm = null) { - $token_param = $this->getAccessTokenParams(); + $useTokenHeader = $this->app['conf']->get(['main', 'api_token_header']); + + $token_param = $this->getAccessTokenParams($useTokenHeader); // Access token was not provided if ($token_param === false) { From fd495e7966a2d30e0e858687716729ce3f521375 Mon Sep 17 00:00:00 2001 From: aina-esokia Date: Tue, 15 Jan 2019 17:06:34 +0400 Subject: [PATCH 2/5] update configuration.sample.yml for api_token_header config --- config/configuration.sample.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/config/configuration.sample.yml b/config/configuration.sample.yml index 5ae54d2134..050b6562c1 100644 --- a/config/configuration.sample.yml +++ b/config/configuration.sample.yml @@ -7,6 +7,7 @@ main: languages: [] key: '' api_require_ssl: true + api_token_header: false database: host: 127.0.0.1 port: 3306 From cb490bc83d0466a97d67c99ab31e54888aa1a4c8 Mon Sep 17 00:00:00 2001 From: aina-esokia Date: Wed, 16 Jan 2019 12:27:24 +0400 Subject: [PATCH 3/5] use const on call --- lib/classes/API/OAuth2/Adapter.php | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/lib/classes/API/OAuth2/Adapter.php b/lib/classes/API/OAuth2/Adapter.php index e64e258b1d..4de6639d4d 100644 --- a/lib/classes/API/OAuth2/Adapter.php +++ b/lib/classes/API/OAuth2/Adapter.php @@ -537,7 +537,9 @@ class API_OAuth2_Adapter extends OAuth2 public function verifyAccessToken($scope = null, $exit_not_present = true, $exit_invalid = true, $exit_expired = true, $exit_scope = true, $realm = null) { - $useTokenHeader = $this->app['conf']->get(['main', 'api_token_header']); + $apiTokenHeader = $this->app['conf']->get(['main', 'api_token_header']); + + $useTokenHeader = $this->useTokenHeaderChoice($apiTokenHeader); $token_param = $this->getAccessTokenParams($useTokenHeader); @@ -810,4 +812,21 @@ class API_OAuth2_Adapter extends OAuth2 return false; } } + + /** + * Get the correct constante to call on Oauth2 + * + * @param $apiTokenHeader + * @return string + */ + private function useTokenHeaderChoice($apiTokenHeader) + { + if ($apiTokenHeader === true) { + return Oauth2::TOKEN_ONLY_IN_HEADER; + } elseif ($apiTokenHeader === false) { + return Oauth2::TOKEN_ONLY_IN_GETPOST; + } else { + return Oauth2::TOKEN_AUTO_FIND; + } + } } From 1e851113c8fac2cede66b59519ec55d975edd106 Mon Sep 17 00:00:00 2001 From: aina-esokia Date: Thu, 17 Jan 2019 11:02:22 +0400 Subject: [PATCH 4/5] update alchemy/oauth2php in 4.1 --- composer.json | 2 +- composer.lock | 43 +++++++++++++++++-------------------------- 2 files changed, 18 insertions(+), 27 deletions(-) diff --git a/composer.json b/composer.json index bd39a204e7..98a77a6f1a 100644 --- a/composer.json +++ b/composer.json @@ -50,7 +50,7 @@ "alchemy/embed-bundle": "^0.3.4", "alchemy/geonames-api-consumer": "~0.1.0", "alchemy/mediavorus": "^0.4.4", - "alchemy/oauth2php": "1.0.0", + "alchemy/oauth2php": "1.1.0", "alchemy/phlickr": "0.2.9", "alchemy/phpexiftool": "^0.7.0", "alchemy/rest-bundle": "^0.0.5", diff --git a/composer.lock b/composer.lock index 9745425f25..727a76d576 100644 --- a/composer.lock +++ b/composer.lock @@ -1,10 +1,10 @@ { "_readme": [ "This file locks the dependencies of your project to a known state", - "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", + "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "253990d4c81f9ae5f78c6c1221d6cf29", + "content-hash": "adf4074eb26ea80d414430d4f7b61311", "packages": [ { "name": "alchemy-fr/tcpdf-clone", @@ -337,16 +337,16 @@ }, { "name": "alchemy/oauth2php", - "version": "1.0.0", + "version": "1.1.0", "source": { "type": "git", "url": "https://github.com/alchemy-fr/oauth2-php.git", - "reference": "cb4fcb73e30ab54e0fb85a65b4d57147f7a0df15" + "reference": "fe5c19b417965110bad0981a6dfd2097b5ce4306" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/alchemy-fr/oauth2-php/zipball/cb4fcb73e30ab54e0fb85a65b4d57147f7a0df15", - "reference": "cb4fcb73e30ab54e0fb85a65b4d57147f7a0df15", + "url": "https://api.github.com/repos/alchemy-fr/oauth2-php/zipball/fe5c19b417965110bad0981a6dfd2097b5ce4306", + "reference": "fe5c19b417965110bad0981a6dfd2097b5ce4306", "shasum": "" }, "type": "library", @@ -356,7 +356,7 @@ ] }, "notification-url": "https://packagist.org/downloads/", - "time": "2013-07-01T09:46:59+00:00" + "time": "2019-01-16T16:10:46+00:00" }, { "name": "alchemy/phlickr", @@ -1898,12 +1898,12 @@ "version": "v2.5.6", "source": { "type": "git", - "url": "https://github.com/doctrine/doctrine2.git", + "url": "https://github.com/doctrine/orm.git", "reference": "e6c434196c8ef058239aaa0724b4aadb0107940b" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/doctrine/doctrine2/zipball/e6c434196c8ef058239aaa0724b4aadb0107940b", + "url": "https://api.github.com/repos/doctrine/orm/zipball/e6c434196c8ef058239aaa0724b4aadb0107940b", "reference": "e6c434196c8ef058239aaa0724b4aadb0107940b", "shasum": "" }, @@ -2304,12 +2304,12 @@ "version": "v2.2.1", "source": { "type": "git", - "url": "https://github.com/google/google-api-php-client.git", + "url": "https://github.com/googleapis/google-api-php-client.git", "reference": "b69b8ac4bf6501793c389d4e013a79d09c85c5f2" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/google/google-api-php-client/zipball/b69b8ac4bf6501793c389d4e013a79d09c85c5f2", + "url": "https://api.github.com/repos/googleapis/google-api-php-client/zipball/b69b8ac4bf6501793c389d4e013a79d09c85c5f2", "reference": "b69b8ac4bf6501793c389d4e013a79d09c85c5f2", "shasum": "" }, @@ -2363,12 +2363,12 @@ "version": "v0.36", "source": { "type": "git", - "url": "https://github.com/google/google-api-php-client-services.git", + "url": "https://github.com/googleapis/google-api-php-client-services.git", "reference": "2fd7d2876fbc0174faddba3241956a1393536159" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/google/google-api-php-client-services/zipball/2fd7d2876fbc0174faddba3241956a1393536159", + "url": "https://api.github.com/repos/googleapis/google-api-php-client-services/zipball/2fd7d2876fbc0174faddba3241956a1393536159", "reference": "2fd7d2876fbc0174faddba3241956a1393536159", "shasum": "" }, @@ -2400,12 +2400,12 @@ "version": "v1.1.0", "source": { "type": "git", - "url": "https://github.com/google/google-auth-library-php.git", + "url": "https://github.com/googleapis/google-auth-library-php.git", "reference": "548d27d670f0236dc5258fa4cdde6e7b63464cfd" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/google/google-auth-library-php/zipball/548d27d670f0236dc5258fa4cdde6e7b63464cfd", + "url": "https://api.github.com/repos/googleapis/google-auth-library-php/zipball/548d27d670f0236dc5258fa4cdde6e7b63464cfd", "reference": "548d27d670f0236dc5258fa4cdde6e7b63464cfd", "shasum": "" }, @@ -5766,17 +5766,6 @@ { "name": "roave/security-advisories", "version": "dev-master", - "source": { - "type": "git", - "url": "https://github.com/Roave/SecurityAdvisories.git", - "reference": "3db4b0df21d1f527304650e717c66af48981f1c4" - }, - "dist": { - "type": "zip", - "url": "https://api.github.com/repos/Roave/SecurityAdvisories/zipball/3db4b0df21d1f527304650e717c66af48981f1c4", - "reference": "3db4b0df21d1f527304650e717c66af48981f1c4", - "shasum": "" - }, "conflict": { "adodb/adodb-php": "<5.20.6", "amphp/artax": ">=2,<2.0.4|>0.7.1,<1.0.4", @@ -6015,6 +6004,7 @@ "keywords": [ "microframework" ], + "abandoned": "symfony/flex", "time": "2016-01-06T14:59:35+00:00" }, { @@ -6060,6 +6050,7 @@ ], "description": "A WebProfiler for Silex", "homepage": "http://silex.sensiolabs.org/", + "abandoned": true, "time": "2016-01-10T11:39:13+00:00" }, { From 9976ebee6f8dfd304bd39738a8807a94bc0a7934 Mon Sep 17 00:00:00 2001 From: aina-esokia Date: Thu, 17 Jan 2019 19:02:00 +0400 Subject: [PATCH 5/5] update composer.lock --- composer.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/composer.lock b/composer.lock index 727a76d576..9d00d30e67 100644 --- a/composer.lock +++ b/composer.lock @@ -341,12 +341,12 @@ "source": { "type": "git", "url": "https://github.com/alchemy-fr/oauth2-php.git", - "reference": "fe5c19b417965110bad0981a6dfd2097b5ce4306" + "reference": "801510972240555fa182813851efd96659d37a68" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/alchemy-fr/oauth2-php/zipball/fe5c19b417965110bad0981a6dfd2097b5ce4306", - "reference": "fe5c19b417965110bad0981a6dfd2097b5ce4306", + "url": "https://api.github.com/repos/alchemy-fr/oauth2-php/zipball/801510972240555fa182813851efd96659d37a68", + "reference": "801510972240555fa182813851efd96659d37a68", "shasum": "" }, "type": "library", @@ -356,7 +356,7 @@ ] }, "notification-url": "https://packagist.org/downloads/", - "time": "2019-01-16T16:10:46+00:00" + "time": "2019-01-17T14:34:10+00:00" }, { "name": "alchemy/phlickr",