mirror of
https://github.com/alchemy-fr/Phraseanet.git
synced 2025-10-12 12:33:26 +00:00
949bf06cac
Conflicts: CHANGELOG.md bin/console bin/developer bin/setup bower.json composer.json composer.lock features/bootstrap/FeatureContext.php features/bootstrap/GuiContext.php lib/Alchemy/Phrasea/Authentication/Token/TokenValidator.php lib/Alchemy/Phrasea/Command/BuildMissingSubdefs.php lib/Alchemy/Phrasea/Command/CreateCollection.php lib/Alchemy/Phrasea/Command/Developer/JavascriptBuilder.php lib/Alchemy/Phrasea/Controller/Admin/Collection.php lib/Alchemy/Phrasea/Controller/Admin/Databoxes.php lib/Alchemy/Phrasea/Controller/Admin/TaskManager.php lib/Alchemy/Phrasea/Controller/Api/V1.php lib/Alchemy/Phrasea/Controller/Client/Baskets.php lib/Alchemy/Phrasea/Controller/Client/Root.php lib/Alchemy/Phrasea/Controller/Prod/Basket.php lib/Alchemy/Phrasea/Controller/Prod/Export.php lib/Alchemy/Phrasea/Controller/Prod/Property.php lib/Alchemy/Phrasea/Controller/Prod/Records.php lib/Alchemy/Phrasea/Controller/Prod/Tools.php lib/Alchemy/Phrasea/Controller/Prod/Upload.php lib/Alchemy/Phrasea/Controller/Root/Login.php lib/Alchemy/Phrasea/Controller/Thesaurus/Thesaurus.php lib/Alchemy/Phrasea/Core/Event/ApiLoadEndEvent.php lib/Alchemy/Phrasea/Core/Event/ApiLoadStartEvent.php lib/Alchemy/Phrasea/Core/Provider/TaskManagerServiceProvider.php lib/Alchemy/Phrasea/Core/Version.php lib/Alchemy/Phrasea/Exception/XMLParseErrorException.php lib/Alchemy/Phrasea/Helper/DatabaseHelper.php lib/Alchemy/Phrasea/Helper/User/Edit.php lib/Alchemy/Phrasea/SearchEngine/Phrasea/PhraseaEngine.php lib/Alchemy/Phrasea/SearchEngine/SearchEngineOptions.php lib/Doctrine/Entities/AuthFailure.php lib/Doctrine/Entities/Basket.php lib/Doctrine/Entities/BasketElement.php lib/Doctrine/Entities/LazaretAttribute.php lib/Doctrine/Entities/LazaretCheck.php lib/Doctrine/Entities/LazaretFile.php lib/Doctrine/Entities/LazaretSession.php lib/Doctrine/Entities/Session.php lib/Doctrine/Entities/SessionModule.php lib/Doctrine/Entities/StoryWZ.php lib/Doctrine/Entities/UsrList.php lib/Doctrine/Entities/UsrListEntry.php lib/Doctrine/Entities/UsrListOwner.php lib/Doctrine/Entities/ValidationData.php lib/Doctrine/Entities/ValidationParticipant.php lib/Doctrine/Entities/ValidationSession.php lib/Doctrine/Logger/MonologSQLLogger.php lib/Doctrine/Repositories/BasketRepository.php lib/Doctrine/Repositories/ValidationParticipantRepository.php lib/Doctrine/Types/Binary.php lib/Doctrine/Types/Blob.php lib/Doctrine/Types/Enum.php lib/Doctrine/Types/LongBlob.php lib/Doctrine/Types/VarBinary.php lib/classes/API/OAuth2/Account.php lib/classes/API/OAuth2/Application.php lib/classes/API/OAuth2/Application/OfficePlugin.php lib/classes/API/OAuth2/AuthCode.php lib/classes/API/OAuth2/RefreshToken.php lib/classes/API/OAuth2/Token.php lib/classes/API/V1/Abstract.php lib/classes/API/V1/Interface.php lib/classes/API/V1/adapter.php lib/classes/API/V1/exception/abstract.php lib/classes/API/V1/exception/badrequest.php lib/classes/API/V1/exception/forbidden.php lib/classes/API/V1/exception/internalservererror.php lib/classes/API/V1/exception/maintenance.php lib/classes/API/V1/exception/methodnotallowed.php lib/classes/API/V1/exception/notfound.php lib/classes/API/V1/exception/unauthorized.php lib/classes/API/V1/result.php lib/classes/Exception/Feed/EntryNotFound.php lib/classes/Exception/Feed/ItemNotFound.php lib/classes/Exception/Feed/PublisherNotFound.php lib/classes/Feed/Abstract.php lib/classes/Feed/Adapter.php lib/classes/Feed/Aggregate.php lib/classes/Feed/Collection.php lib/classes/Feed/CollectionInterface.php lib/classes/Feed/Entry/Adapter.php lib/classes/Feed/Entry/Collection.php lib/classes/Feed/Entry/CollectionInterface.php lib/classes/Feed/Entry/Interface.php lib/classes/Feed/Entry/Item.php lib/classes/Feed/Entry/ItemInterface.php lib/classes/Feed/Interface.php lib/classes/Feed/Link.php lib/classes/Feed/LinkInterface.php lib/classes/Feed/Publisher/Adapter.php lib/classes/Feed/Publisher/Interface.php lib/classes/Feed/Token.php lib/classes/Feed/TokenAggregate.php lib/classes/Feed/XML/Abstract.php lib/classes/Feed/XML/Atom.php lib/classes/Feed/XML/Cooliris.php lib/classes/Feed/XML/Interface.php lib/classes/Feed/XML/RSS.php lib/classes/Feed/XML/RSS/Image.php lib/classes/Feed/XML/RSS/ImageInterface.php lib/classes/User/Adapter.php lib/classes/User/Interface.php lib/classes/appbox/register.php lib/classes/connection.php lib/classes/connection/abstract.php lib/classes/connection/interface.php lib/classes/connection/pdo.php lib/classes/connection/pdoStatementDebugger.php lib/classes/deprecated/countries.php lib/classes/deprecated/inscript.api.php lib/classes/eventsmanager/event/test.php lib/classes/ftpclient.php lib/classes/http/request.php lib/classes/media/subdef.php lib/classes/module/console/schedulerStart.php lib/classes/module/console/schedulerState.php lib/classes/module/console/schedulerStop.php lib/classes/module/console/taskState.php lib/classes/module/console/tasklist.php lib/classes/module/console/taskrun.php lib/classes/patch/320alpha4b.php lib/classes/patch/3715alpha1a.php lib/classes/patch/379alpha1a.php lib/classes/patch/380alpha10a.php lib/classes/patch/380alpha11a.php lib/classes/patch/380alpha13a.php lib/classes/patch/380alpha14a.php lib/classes/patch/380alpha15a.php lib/classes/patch/380alpha16a.php lib/classes/patch/380alpha17a.php lib/classes/patch/380alpha18a.php lib/classes/patch/380alpha3a.php lib/classes/patch/380alpha4a.php lib/classes/patch/380alpha6a.php lib/classes/patch/380alpha8a.php lib/classes/patch/380alpha9a.php lib/classes/patch/381alpha1b.php lib/classes/patch/381alpha2a.php lib/classes/patch/381alpha3a.php lib/classes/patch/381alpha4a.php lib/classes/patch/383alpha1a.php lib/classes/patch/383alpha2a.php lib/classes/patch/383alpha3a.php lib/classes/patch/383alpha4a.php lib/classes/record/adapter.php lib/classes/record/preview.php lib/classes/recordutils.php lib/classes/recordutils/audio.php lib/classes/recordutils/document.php lib/classes/recordutils/map.php lib/classes/recordutils/video.php lib/classes/registry.php lib/classes/registryInterface.php lib/classes/set/order.php lib/classes/system/url.php lib/classes/task/Scheduler.php lib/classes/task/appboxAbstract.php lib/classes/task/databoxAbstract.php lib/classes/task/manager.php lib/classes/task/period/RecordMover.php lib/classes/task/period/apibridge.php lib/classes/task/period/apiwebhooks.php lib/classes/task/period/archive.php lib/classes/task/period/cindexer.php lib/classes/task/period/emptyColl.php lib/classes/task/period/ftp.php lib/classes/task/period/ftpPull.php lib/classes/task/period/subdef.php lib/classes/task/period/test.php lib/classes/task/period/writemeta.php lib/conf.d/PhraseaFixture/AbstractWZ.php lib/conf.d/PhraseaFixture/Basket/LoadFiveBaskets.php lib/conf.d/PhraseaFixture/Basket/LoadOneBasket.php lib/conf.d/PhraseaFixture/Basket/LoadOneBasketEnv.php lib/conf.d/PhraseaFixture/Lazaret/LoadOneFile.php lib/conf.d/PhraseaFixture/Story/LoadOneStory.php lib/conf.d/PhraseaFixture/UsrLists/ListAbstract.php lib/conf.d/PhraseaFixture/UsrLists/UsrList.php lib/conf.d/PhraseaFixture/UsrLists/UsrListEntry.php lib/conf.d/PhraseaFixture/UsrLists/UsrListOwner.php lib/conf.d/PhraseaFixture/ValidationParticipant/LoadOneParticipant.php lib/conf.d/PhraseaFixture/ValidationParticipant/LoadParticipantWithSession.php lib/conf.d/PhraseaFixture/ValidationSession/LoadOneValidationSession.php templates/web/admin/collection/collection.html.twig templates/web/common/dialog_export.html.twig templates/web/common/menubar.html.twig templates/web/prod/actions/Tools/index.html.twig templates/web/prod/index.html.twig templates/web/prod/upload/upload-flash.html.twig templates/web/prod/upload/upload.html.twig templates/web/report/report_layout_child.html.twig templates/web/setup/step2.html.twig templates/web/thesaurus/new-synonym-dialog.html.twig templates/web/thesaurus/properties.html.twig templates/web/thesaurus/search.html.twig tests/Alchemy/Tests/Phrasea/Application/ApiAbstract.php tests/Alchemy/Tests/Phrasea/Cache/FactoryTest.php tests/Alchemy/Tests/Phrasea/Controller/Admin/AdminCollectionTest.php tests/Alchemy/Tests/Phrasea/Controller/Client/RootTest.php
179 lines
7.0 KiB
PHP
179 lines
7.0 KiB
PHP
<?php
|
|
|
|
/*
|
|
* This file is part of Phraseanet
|
|
*
|
|
* (c) 2005-2015 Alchemy
|
|
*
|
|
* For the full copyright and license information, please view the LICENSE
|
|
* file that was distributed with this source code.
|
|
*/
|
|
|
|
namespace Alchemy\Phrasea\Controller\Api;
|
|
|
|
use Alchemy\Phrasea\Authentication\Context;
|
|
use Alchemy\Phrasea\Authentication\Exception\AccountLockedException;
|
|
use Alchemy\Phrasea\Authentication\Exception\RequireCaptchaException;
|
|
use Alchemy\Phrasea\Core\Event\PreAuthenticate;
|
|
use Alchemy\Phrasea\Core\Event\PostAuthenticate;
|
|
use Alchemy\Phrasea\Core\PhraseaEvents;
|
|
use Silex\Application;
|
|
use Silex\ControllerProviderInterface;
|
|
use Symfony\Component\HttpFoundation\Response;
|
|
use Symfony\Component\HttpKernel\Exception\HttpException;
|
|
use Symfony\Component\HttpFoundation\Request;
|
|
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
|
|
|
class Oauth2 implements ControllerProviderInterface
|
|
{
|
|
public function connect(Application $app)
|
|
{
|
|
$app['controller.oauth2'] = $this;
|
|
|
|
$controllers = $app['controllers_factory'];
|
|
|
|
/**
|
|
* AUTHORIZE ENDPOINT
|
|
*
|
|
* Authorization endpoint - used to obtain authorization from the
|
|
* resource owner via user-agent redirection.
|
|
*/
|
|
$authorize_func = function () use ($app) {
|
|
$request = $app['request'];
|
|
$oauth2Adapter = $app['oauth2-server'];
|
|
|
|
$context = new Context(Context::CONTEXT_OAUTH2_NATIVE);
|
|
$app['dispatcher']->dispatch(PhraseaEvents::PRE_AUTHENTICATE, new PreAuthenticate($request, $context));
|
|
|
|
//Check for auth params, send error or redirect if not valid
|
|
$params = $oauth2Adapter->getAuthorizationRequestParameters($request);
|
|
|
|
$appAuthorized = false;
|
|
$error = $request->get('error', '');
|
|
|
|
if (null === $client = $app['repo.api-applications']->findByClientId($params['client_id'])) {
|
|
throw new NotFoundHttpException(sprintf('Application with client id %s could not be found', $params['client_id']));
|
|
}
|
|
|
|
$oauth2Adapter->setClient($client);
|
|
|
|
$actionAccept = $request->get("action_accept");
|
|
$actionLogin = $request->get("action_login");
|
|
|
|
$template = "api/auth/end_user_authorization.html.twig";
|
|
|
|
$custom_template = sprintf(
|
|
"%s/config/templates/web/api/auth/end_user_authorization/%s.html.twig"
|
|
, $app['root.path']
|
|
, $client->getId()
|
|
);
|
|
|
|
if (file_exists($custom_template)) {
|
|
$template = sprintf(
|
|
'api/auth/end_user_authorization/%s.html.twig'
|
|
, $client->getId()
|
|
);
|
|
}
|
|
|
|
if (!$app['authentication']->isAuthenticated()) {
|
|
if ($actionLogin !== null) {
|
|
try {
|
|
if (null === $usrId = $app['auth.native']->getUsrId($request->get("login"), $request->get("password"), $request)) {
|
|
$app['session']->getFlashBag()->set('error', $app->trans('login::erreur: Erreur d\'authentification'));
|
|
|
|
return $app->redirectPath('oauth2_authorize', array_merge(array('error' => 'login'), $params));
|
|
}
|
|
} catch (RequireCaptchaException $e) {
|
|
return $app->redirectPath('oauth2_authorize', array_merge(array('error' => 'captcha'), $params));
|
|
} catch (AccountLockedException $e) {
|
|
return $app->redirectPath('oauth2_authorize', array_merge(array('error' => 'account-locked'), $params));
|
|
}
|
|
|
|
$user = $app['repo.users']->find($usrId);
|
|
$app['authentication']->openAccount($user);
|
|
$event = new PostAuthenticate($request, new Response(), $user, $context);
|
|
$app['dispatcher']->dispatch(PhraseaEvents::POST_AUTHENTICATE, $event);
|
|
} else {
|
|
$r = new Response($app['twig']->render($template, array('error' => $error, "auth" => $oauth2Adapter)));
|
|
$r->headers->set('Content-Type', 'text/html');
|
|
|
|
return $r;
|
|
}
|
|
}
|
|
|
|
//check if current client is already authorized by current user
|
|
$clients = $app['repo.api-applications']->findAuthorizedAppsByUser($app['authentication']->getUser());
|
|
|
|
foreach ($clients as $authClient) {
|
|
if ($client->getClientId() == $authClient->getClientId()) {
|
|
$appAuthorized = true;
|
|
break;
|
|
}
|
|
}
|
|
|
|
$account = $oauth2Adapter->updateAccount($app['authentication']->getUser());
|
|
|
|
$params['account_id'] = $account->getId();
|
|
|
|
if (!$appAuthorized && $actionAccept === null) {
|
|
$params = [
|
|
"auth" => $oauth2Adapter,
|
|
"error" => $error,
|
|
];
|
|
|
|
$r = new Response($app['twig']->render($template, $params));
|
|
$r->headers->set('Content-Type', 'text/html');
|
|
|
|
return $r;
|
|
} elseif (!$appAuthorized && $actionAccept !== null) {
|
|
$appAuthorized = (Boolean) $actionAccept;
|
|
if ($appAuthorized) {
|
|
$app['manipulator.api-account']->authorizeAccess($account);
|
|
} else {
|
|
$app['manipulator.api-account']->revokeAccess($account);
|
|
}
|
|
}
|
|
|
|
//if native app show template
|
|
if ($oauth2Adapter->isNativeApp($params['redirect_uri'])) {
|
|
$params = $oauth2Adapter->finishNativeClientAuthorization($appAuthorized, $params);
|
|
|
|
$r = new Response($app['twig']->render("api/auth/native_app_access_token.html.twig", $params));
|
|
$r->headers->set('Content-Type', 'text/html');
|
|
|
|
return $r;
|
|
}
|
|
|
|
$oauth2Adapter->finishClientAuthorization($appAuthorized, $params);
|
|
|
|
// As OAuth2 library already outputs response content, we need to send an empty
|
|
// response to avoid breaking silex controller
|
|
return '';
|
|
};
|
|
|
|
$controllers->match('/authorize', $authorize_func)
|
|
->method('GET|POST')
|
|
->bind('oauth2_authorize');
|
|
|
|
/**
|
|
* TOKEN ENDPOINT
|
|
* Token endpoint - used to exchange an authorization grant for an access token.
|
|
*/
|
|
$controllers->post('/token', function (\Silex\Application $app, Request $request) {
|
|
if ( ! $request->isSecure()) {
|
|
throw new HttpException(400, 'This route requires the use of the https scheme', null, ['content-type' => 'application/json']);
|
|
}
|
|
|
|
$app['oauth2-server']->grantAccessToken($request);
|
|
ob_flush();
|
|
flush();
|
|
|
|
// As OAuth2 library already outputs response content, we need to send an empty
|
|
// response to avoid breaking silex controller
|
|
return '';
|
|
});
|
|
|
|
return $controllers;
|
|
}
|
|
}
|