Page MenuHomeDevCentral
Files F24894790

No OneTemporary
Actions

View Options

diff --git a/workspaces/src/Engines/Auth/Methods/AzharProvider.php b/workspaces/src/Engines/Auth/Methods/AzharProvider.php
index 724b91c..9c4d6d0 100644
--- a/workspaces/src/Engines/Auth/Methods/AzharProvider.php
+++ b/workspaces/src/Engines/Auth/Methods/AzharProvider.php
@@ -1,225 +1,227 @@
<?php
/**
* _, __, _, _ __, _ _, _, _
* / \ |_) (_ | | \ | /_\ |\ |
* \ / |_) , ) | |_/ | | | | \|
* ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
*
* Azhàr provider authentication method class
*
* @package ObsidianWorkspaces
* @subpackage Auth
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @filesource
*/
namespace Waystone\Workspaces\Engines\Auth\Methods;
use Waystone\Workspaces\Engines\Auth\AuthenticationMethod;
use Waystone\Workspaces\Engines\I18n\Language;
+use Keruald\OmniTools\HTTP\Requests\Request;
+
use stdClass;
/**
* Azhàr provider authentication method class
*
* Azhàr sends a document providing authentication and registration of new
* users. It's signed by a shared secret key.
*/
class AzharProvider extends AuthenticationMethod {
/**
* @var string Shared secret key
*/
public $secretKey;
/**
* @var string Client key, to identify the consumer application.
*/
public $clientKey;
/**
* @var string The Azhàr identity provider login URL
*/
public $url;
/**
* Handles user login request
*/
public function handleRequest () {
$action = array_key_exists('action', $_GET) ? $_GET['action'] : '';
$sessionKey =
array_key_exists('sessionKey', $_GET) ? $_GET['sessionKey'] : '';
if ($action == "user.login.azhar.initialize") {
//Redirects user to Azhàr SSO service
$callbackUrl =
- get_server_url() . get_url($this->context->workspace->code)
+ Request::getServerURL() . get_url($this->context->workspace->code)
. '?action=user.login.azhar.success&authenticationMethodId='
. $this->id;
$url = $this->url . '?mode=provider&key=' . $this->clientKey
. '&sessionKey=' . $this->getSessionKey()
. '&url=' . urlencode($callbackUrl);
header('Location: ' . $url);
exit;
} elseif ($action == "user.login.azhar.success") {
//User claims to have logged in, we can get authentication information
$reply = $this->fetchInformation();
if (!$this->isDocumentLegit($reply)) {
$this->loginError = Language::get('ExternalLoginNotLegitReply');
return;
}
if ($reply->status == "SUCCESS") {
//Creates user or login
$this->name = $reply->username;
$this->email = $reply->email;
$this->remoteUserId = $reply->localUserId;
$this->signInOrCreateUser();
return;
} elseif ($reply->status == "ERROR_USER_SIDE") {
switch ($reply->code) {
case 'NO_USER_VISIT':
case 'NOT_LOGGED_IN':
$this ->loginError = Language::get('ExternalLoginNotRemotelyLoggedIn');
return;
}
} elseif ($reply->status == "ERROR_BETWEEN_US") {
switch ($reply->code) {
case 'SESSION_BADSECRET':
$this->loginError = sprintf(Language::get('ExternalLoginTechnicalDifficulty'), $reply->code);
return;
}
}
$this->loginError = '<p>An unknown error has been received:</p><pre>' . print_r($reply, true) . '</pre><p>Please notify technical support about this new error message, so we can handle it in the future.</p>';
} else {
$this->loginError = '<p>Unknown action: $action</p>';
}
}
/**
* Gets Azhàr provider session key
*
* This key allows us as consumer to fetch information, and Azhàr as provider to store it.
*
* @return string the session key
*/
public function getSessionKey () {
$hash = md5($this->id);
if (!isset($_SESSION['Auth-$hash']['SessionKey'])) {
$url = $this->url . '?mode=provider.announce&key=' . $this->clientKey
. '&url=n/a';
$reply = self::query($url);
$this->setSessionSecret($reply->sessionSecret);
$_SESSION['Auth-$hash']['SessionKey'] = $reply->sessionKey;
}
return $_SESSION['Auth-$hash']['SessionKey'];
}
/**
* Gets Azhàr provider session secret
*
* @return string the session secret
*/
private function getSessionSecret () {
$hash = md5($this->id);
return $_SESSION['Auth-$hash']['SessionSecret'];
}
/**
* Sets Azhàr provider session secret
*
* @param string $secret the session secret
*/
private function setSessionSecret ($secret) {
$hash = md5($this->id);
$_SESSION['Auth-$hash']['SessionSecret'] = $secret;
}
/**
* Gets Azhàr external authentication link
*
* @retrun string the login link
*/
public function getAuthenticationLink () {
- $url = get_server_url() . get_url($this->context->workspace->code)
+ $url = Request::getServerURL() . get_url($this->context->workspace->code)
. '?action=user.login.azhar.initialize&authenticationMethodId=' . $this->id;
return $url;
}
/**
* Determines if the document received has been signed by the correct shared secret key.
*
* @return boolean true if the document is legit; otherwise, false.
*/
function isDocumentLegit ($document) {
$hash = '';
$claimedHash = null;
foreach ($document as $key => $value) {
if ($key == 'hash') {
$claimedHash = $value;
continue;
}
$hash .= md5($key . $value);
}
$salt = '$2y$10$' . substr($this->secretKey, 0, 22);
$computedHash = crypt($hash, $salt);
return $claimedHash === $computedHash;
}
/**
* Fetches information document
*
* @return stdClass The Azhàr identity provider information about the current login operation
*/
function fetchInformation () {
$url = $this->url . '?mode=provider.fetch&key=' . $this->clientKey
. '&sessionSecret=' . $this->getSessionSecret()
. '&sessionKey=' . $this->getSessionKey()
. '&url=n/a';
return self::query($url);
}
/**
* Gets the contents of the specified URL and decode the JSON reply
*
* @param string $url The URL to the JSON document to query.
*
* @return stdClass The reply
*/
public static function query ($url) {
$data = file_get_contents($url);
return json_decode($data);
}
/**
* Loads an AzharProvider instance from a generic array.
* Typically used to deserialize a configuration.
*
* @param array $data The associative array to deserialize
* @param mixed $context The application context
*
* @return AzharProvider The deserialized instance
*/
public static function loadFromArray (array $data, mixed $context) : self {
$instance = parent::loadFromArray($data, $context);
$instance->url = $data["url"];
$instance->secretKey = $data["secretKey"];
$instance->clientKey = $data["clientKey"];
return $instance;
}
}
diff --git a/workspaces/src/includes/GlobalFunctions.php b/workspaces/src/includes/GlobalFunctions.php
index e9fb639..1469ff9 100644
--- a/workspaces/src/includes/GlobalFunctions.php
+++ b/workspaces/src/includes/GlobalFunctions.php
@@ -1,140 +1,121 @@
<?php
use Waystone\Workspaces\Engines\Workspaces\Workspace;
+use Keruald\OmniTools\HTTP\Requests\Request;
+
////////////////////////////////////////////////////////////////////////////////
/// ///
/// Misc helper functions ///
/// ///
////////////////////////////////////////////////////////////////////////////////
//Plural management
/*
* Gets a "s" if the specified amount requests the plural
* @param mixed $amount the quantity (should be numeric)
* @return string 's' if the amount is greater or equal than 2 ; otherwise, ''
*/
function s ($amount) {
if ($amount >= 2 || $amount <= -2 ) return 's';
}
/**
* Gets file extension
* @param string $file the file to get the extension
* @return string the file extension
*/
function get_extension ($file) {
$dotPosition = strrpos($file, ".");
return substr($file, $dotPosition + 1);
}
/**
* Gets file name
* @param string $file the file to get the extension
* @return string the file name
*/
function get_filename ($file) {
//TODO: clear directory
$dotPosition = strrpos($file, ".");
return substr($file, 0, $dotPosition);
}
////////////////////////////////////////////////////////////////////////////////
/// ///
/// URL helpers functions ///
/// ///
////////////////////////////////////////////////////////////////////////////////
/*
* Gets URL
* @return string URL
*/
function get_url () {
global $Config;
if (func_num_args() > 0) {
$pieces = func_get_args();
return $Config['BaseURL'] . '/' . implode('/', $pieces);
} elseif ($Config['BaseURL'] == "" || $Config['BaseURL'] == "/index.php") {
return "/";
} else {
return $Config['BaseURL'];
}
}
-/*
- * Gets server URL
- * @todo find a way to detect https:// on non standard port
- * @return string the server URL
- */
-function get_server_url () {
- if (php_sapi_name() == 'cli') {
- return '';
- }
- switch ($port = $_SERVER['SERVER_PORT']) {
- case '80':
- return "http://$_SERVER[SERVER_NAME]";
-
- case '443':
- return "https://$_SERVER[SERVER_NAME]";
-
- default:
- return "http://$_SERVER[SERVER_NAME]:$_SERVER[SERVER_PORT]";
- }
-}
-
/*
* Gets $_SERVER['PATH_INFO'] or computes the equivalent if not defined.
* @return string the relevant URL part
*/
function get_current_url () {
global $Config;
//Gets relevant URL part from relevant $_SERVER variables
if (array_key_exists('PATH_INFO', $_SERVER)) {
//Without mod_rewrite, and url like /index.php/controller
//we use PATH_INFO. It's the easiest case.
return $_SERVER["PATH_INFO"];
}
//In other cases, we'll need to get the relevant part of the URL
- $current_url = get_server_url() . $_SERVER['REQUEST_URI'];
+ $current_url = Request::getServerURL() . $_SERVER['REQUEST_URI'];
//Relevant URL part starts after the site URL
$len = strlen($Config['SiteURL']);
//We need to assert it's the correct site
if (substr($current_url, 0, $len) != $Config['SiteURL']) {
- dieprint_r(GENERAL_ERROR, "Edit includes/config.php and specify the correct site URL<br /><strong>Current value:</strong> $Config[SiteURL]<br /><strong>Expected value:</strong> a string starting by " . get_server_url(), "Setup");
+ dieprint_r(GENERAL_ERROR, "Edit includes/config.php and specify the correct site URL<br /><strong>Current value:</strong> $Config[SiteURL]<br /><strong>Expected value:</strong> a string starting by " . Request::getServerURL(), "Setup");
}
if (array_key_exists('REDIRECT_URL', $_SERVER)) {
//With mod_rewrite, we can use REDIRECT_URL
//We take the end of the URL, ie *FROM* $len position
- return substr(get_server_url() . $_SERVER["REDIRECT_URL"], $len);
+ return substr(Request::getServerURL() . $_SERVER["REDIRECT_URL"], $len);
}
//Last possibility: use REQUEST_URI, but remove QUERY_STRING
//If you need to edit here, use $_SERVER['REQUEST_URI']
//but you need to discard $_SERVER['QUERY_STRING']
//We take the end of the URL, ie *FROM* $len position
- $url = substr(get_server_url() . $_SERVER["REQUEST_URI"], $len);
+ $url = substr(Request::getServerURL() . $_SERVER["REQUEST_URI"], $len);
//But if there are a query string (?action=... we need to discard it)
if ($_SERVER['QUERY_STRING']) {
return substr($url, 0, strlen($url) - strlen($_SERVER['QUERY_STRING']) - 1);
}
return $url;
}
/*
* Gets an array of url fragments to be processed by controller
* @return array an array containing URL fragments
*/
function get_current_url_fragments () {
$url_source = get_current_url();
if ($url_source == '/index.php') return array();
return explode('/', substr($url_source, 1));
}
diff --git a/workspaces/src/includes/config.php b/workspaces/src/includes/config.php
index 1332984..4968727 100755
--- a/workspaces/src/includes/config.php
+++ b/workspaces/src/includes/config.php
@@ -1,280 +1,281 @@
<?php
/**
* _, __, _, _ __, _ _, _, _
* / \ |_) (_ | | \ | /_\ |\ |
* \ / |_) , ) | |_/ | | | | \|
* ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
*
* Configuration file
*
* This file will contain your site/application settings. Ideally, you should
* make this file autogenerable by a setup process.
*
* @package ObsidianWorkspaces
* @subpackage Keruald
* @author Sébastien Santoro aka Dereckson <dereckson@espace-win.org>
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @filesource
*
*/
use Keruald\Cache\Engines\CacheVoid;
use Keruald\Database\Engines\MySQLiEngine;
+use Keruald\OmniTools\HTTP\Requests\Request;
////////////////////////////////////////////////////////////////////////////////
/// ///
/// I. SQL configuration ///
/// ///
////////////////////////////////////////////////////////////////////////////////
//SQL configuration
$Config['sql']['engine'] = MySQLiEngine::class;
$Config['sql']['host'] = $_ENV["DB_HOST"] ?? 'localhost';
$Config['sql']['username'] = $_ENV["DB_USER"] ?? 'obsidian';
$Config['sql']['password'] = $_ENV["DB_PASSWORD"] ?? 'obsidian';
$Config['sql']['database'] = $_ENV["DB_NAME"] ?? 'obsidian';
$Config['sql']['fetch_mode'] = MYSQLI_BOTH;
$Config['sql']['dontThrowExceptions'] = true;
//SQL tables
$prefix = '';
define('TABLE_PERMISSIONS', $prefix . 'permissions');
define('TABLE_USERS', $prefix . 'users');
define('TABLE_USERS_AUTH', $prefix . 'users_auth');
define('TABLE_UGROUPS', $prefix . 'users_groups');
define('TABLE_UGROUPS_MEMBERS', $prefix . 'users_groups_members');
define('TABLE_SESSIONS', $prefix . 'sessions');
define('TABLE_WORKSPACES', $prefix . 'workspaces');
////////////////////////////////////////////////////////////////////////////////
/// ///
/// II. Site configuration ///
/// ///
////////////////////////////////////////////////////////////////////////////////
//Dates
date_default_timezone_set("UTC");
//Secret key, used for some verification hashes in URLs (e.g. xhr calls)
//or forms.
$Config['SecretKey'] = 'Replace this by a secret key, like AdYN}"p/+D.U]M^MC&-Q~KFthXZCT*g<V:dL.@{Mt-Di1mEA\&~_Eh\I\WA';
//When reading files, buffer size
const BUFFER_SIZE = 4096;
//Site theme
$Config['Theme'] = 'bluegray';
////////////////////////////////////////////////////////////////////////////////
/// ///
/// III. Script URLs ///
/// ///
////////////////////////////////////////////////////////////////////////////////
/*
* The following settings give your script/application URL.
*
* Without mod_rewrite:
*
* Subdirectory:
* - $Config['SiteURL'] = 'http://www.yourdomain.tld/application/index.php';
* - $Config['BaseURL'] = '/application/index.php';
*
* Root directory:
* - $Config['SiteURL'] = 'http://www.yourdomain.tld/index.php';
* - $Config['BaseURL'] = '/index.php';
*
* With mod_rewrite:
*
* Subdirectory:
* - $Config['SiteURL'] = 'http://www.yourdomain.tld/application';
* - $Config['BaseURL'] = '/application';
*
* In .htaccess or your vhost definition:
* RewriteEngine On
* RewriteBase /application/
* RewriteCond %{REQUEST_FILENAME} !-f
* RewriteCond %{REQUEST_FILENAME} !-d
* RewriteRule . /application/index.php [L]
*
* Root directory:
* - $Config['SiteURL'] = 'http://www.yourdomain.tld';
* - $Config['BaseURL'] = '';
*
* In .htaccess or your vhost definition:
* RewriteEngine On
* RewriteBase /
* RewriteCond %{REQUEST_FILENAME} !-f
* RewriteCond %{REQUEST_FILENAME} !-d
* RewriteRule . /index.php [L]
*
*
* If you don't want to specify the server domain, you can use get_server_url:
* $Config['SiteURL'] = get_server_url() . '/application';
* $Config['SiteURL'] = get_server_url();
*
* !!! No trailing slash !!!
*
*/
-$Config['SiteURL'] = get_server_url();
+$Config['SiteURL'] = Request::getServerURL();
$Config['BaseURL'] = '';
////////////////////////////////////////////////////////////////////////////////
/// ///
/// IV. Static content ///
/// ///
////////////////////////////////////////////////////////////////////////////////
//Where the static content is located?
//Static content = 4 directories: js, css, img and content
//On default installation, those directories are at site root.
//To improve site performance, you can use a CDN for that.
//
//Recommanded setting: $Config['StaticContentURL'] = $Config['SiteURL'];
//Or if this is the site root: $Config['StaticContentURL'] = '';
//With CoralCDN: $Config['StaticContentURL'] = . '.nyud.net';
//
$Config['StaticContentURL'] = '';
//$Config['StaticContentURL'] = get_server_url() . '.nyud.net';
//Content directories
$Config['Content']['Cache'] = 'content/cache';
$Config['Content']['Help'] = 'content/help';
$Config['Content']['Workspaces'] = 'content/workspaces';
$Config['Content']['Disclaimers'] = 'content/disclaimers';
/*
* The following settings configure your document storage engine.
*
* To use MongoDB:
*
* $Config['DocumentStorage'] = [
* 'Type' => 'MongoDB',
* 'Host' => 'mymongoinstance.domain.tld',
* 'Port' => 27017,
* 'Database' => 'obsidian'
* ];
*
* To use MongoDB, and authenticate with a username and a password:
*
* $Config['DocumentStorage'] = [
* 'Type' => 'MongoDB',
* 'Host' => 'mymongoinstance.domain.tld',
* 'Port' => 27017,
* 'Database' => 'obsidian',
* 'Username' => 'yourusername',
* 'Password' => 'yourpassword'
* ];
*
* To connect to MongoDB with SSL, use the same syntax and add a SSL context as 'SSL' parameter.
* Documentation about SSL context is located at the following PHP documentation URL:
* http://www.php.net/manual/en/context.ssl.php
*
* $Config['DocumentStorage'] = [
* 'Type' => 'MongoDB',
* 'Host' => 'mymongoinstance.domain.tld',
* 'Port' => 27017,
* 'Database' => 'obsidian',
* 'SSL' => [
* 'cafile' => '/path/to/CAcertificate.crt',
* 'local_cert' => '/path/to/yourcertificate.pem',
* 'verify_peer' => true,
* 'allow_self_signed' => false,
* 'CN_match' => 'the server certificate expected CN'
* ]
* ];
*
*
* If you don't want to deploy a MongoDB server, you can use either MySQL
* or SQLite 3 if you need concurrency, either plain text files if you're
* the only user as a fallback.
*
*
* For MySQL, it uses the same connection as the main application.
*
* $Config['DocumentStorage'] = [
* 'Type' => 'MySQL',
* 'Table' => $prefix . 'collections',
* ];
*
* Engine will automatically intialize the database if the file hasn't been found.
*
* You can also store the table in another database with the db.table syntax:
*
* $Config['DocumentStorage'] = [
* 'Type' => 'MySQL',
* 'Table' => 'obsidian_data.collections',
* ];
*
*
* To use SQLite 3:
*
* $Config['DocumentStorage'] = [
* 'Type' => 'SQLite',
* 'File' => 'content/collections.db',
* ];
*
* Engine will automatically intialize the database if the file hasn't been found.
*
*
* To use file storage, create a folder and gives it as path parameter:
*
* $Config['DocumentStorage'] = [
* 'Type' => 'Files',
* 'Path' => 'content/collections',
* ];
*
*/
$Config['DocumentStorage'] = [
'Type' => 'MongoDB',
'Host' => 'localhost',
'Port' => 27017
];
//ImageMagick paths
//Be careful on Windows platform convert could match the NTFS convert command.
$Config['ImageMagick']['convert'] = 'convert';
$Config['ImageMagick']['mogrify'] = 'mogrify';
$Config['ImageMagick']['composite'] = 'composite';
$Config['ImageMagick']['identify'] = 'identify';
////////////////////////////////////////////////////////////////////////////////
/// ///
/// V. Caching ///
/// ///
////////////////////////////////////////////////////////////////////////////////
/*
* Some data (Smarty, OpenID and sessions) are cached in the cache directory.
*
* Security tip: you can move this cache directory outside the webserver tree.
*/
const CACHE_DIR = 'cache';
/*
* Furthermore, you can also enable a cache engine, like memcached, to store
* data from heavy database queries, or frequently accessed stuff.
*
* To use memcached:
* - $Config['cache']['engine'] = CacheMemcached::class;
* - $Config['cache']['server'] = 'localhost';
* - $Config['cache']['port'] = 11211;
*
* To disable cache:
* - $Config['cache']['engine'] = CacheVoid::class;
* (or omit the cache key)
*/
$Config['cache']['engine'] = CacheVoid::class;
////////////////////////////////////////////////////////////////////////////////
/// ///
/// VI. Sessions ///
/// ///
////////////////////////////////////////////////////////////////////////////////
//If you want to use a common table of sessions / user handling
//with several websites, specify a different resource id for each site.
$Config['ResourceID'] = 32;

File Metadata

Mime Type
text/x-diff
Expires
Wed, Mar 18, 13:12 (21 h, 32 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3539958
Default Alt Text
(23 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator