CMS  Version 3.9
api_manager.inc
Go to the documentation of this file.
1 <?php
7 Fakoli::usingFeature("api_helper");
8 Fakoli::using("section");
9 
10 class APIEndPoint
11 {
12  function __construct()
13  {
14  }
15 
16  function checkAccess()
17  {
18  return false;
19  }
20 
21  function allowAnonymous()
22  {
23  return false;
24  }
25 }
26 
27 class SimpleQueryAPIEndPoint extends APIEndPoint
28 {
29  protected $helper;
30  protected $roles;
31 
32  function __construct($class, $roles = "", $searchFilter = null, $outputFilter = null, $constraints = "")
33  {
34  $this->roles = $roles;
35  $this->helper = new APIHelper($class, $searchFilter, $outputFilter, $constraints);
36  }
37 
38  function get()
39  {
40  return $this->helper->query();
41  }
42 
43 
44  function checkAccess()
45  {
46  return checkRole($this->roles);
47  }
48 
49  function allowAnonymous()
50  {
51  return ($this->roles == "");
52  }
53 }
54 
55 class AuthenticateAPIEndPoint extends APIEndPoint
56 {
57  function get()
58  {
59  Fakoli::JSONreturn(APIManager::validateAPILogin());
60  }
61 
62  function post()
63  {
64  Fakoli::JSONreturn(APIManager::validateAPILogin());
65  }
66 
67  function allowAnonymous()
68  {
69  return true;
70  }
71 }
72 
73 class ExtendTokenAPIEndPoint extends APIEndPoint
74 {
75  function get()
76  {
77  Fakoli::JSONreturn(APIManager::extendToken());
78  }
79 
80  function post()
81  {
82  Fakoli::JSONreturn(APIManager::extendToken());
83  }
84 
85  function allowAnonymous()
86  {
87  return true;
88  }
89 }
90 
91 
97 class APIContentManager implements ISectionContentManager
98 {
99  function getDefaultPage($section) { return $section->default_page; }
100 
101  function getContent($section, $identifier)
102  {
103  // Create Mock SectionContent object
104  $content = new SectionContent();
105  $content->section_id = $section->section_id;
106  $content->identifier = $identifier;
107  return $content;
108  }
109 
110  function sendContent($section, $identifier)
111  {
112  if (!$identifier)
113  {
114  throw new FakoliException("Missing identifier");
115  }
116 
117  APIManager::dispatch($identifier);
118  }
119 
120  function getAdminView($section)
121  {
122  return new APIContentAdminView($section);
123  }
124 }
125 
126 class APIContentAdminView extends AbstractSectionContentAdminView
127 {
128  function __construct($section)
129  {
130  parent::__construct($section);
131  }
132 
133  function handlePOST()
134  {
135  }
136 
137  function drawView()
138  {
139  global $script;
140 
141  /*
142  $tokens = Query::create(ShareToken, "ORDER BY created_date")->execute();
143  $table = new DataListView($tokens, "share_tokens");
144  $table->column("Token", "<a href=''>{token}</a>", true)
145  ->column("Type", "{item_type}", true)
146  ->column("Shared By", "{User.getFullName()}", true)
147  ->column("Active", "<i class='fa-fw fas fa-{active:check/times}'></i>", true, "text-align: center")
148  ->column("# Accesses", "{countAccesses()}", true, "text-align: right");
149 
150  $table->pageSize = 20;
151  $table->filter = true;
152  $table->sortable = true;
153  $table->emptyMessage = "No items have been shared";
154  $table->excelFile = "share_tokens.xls";
155 
156  $script .= $table->writeScript();
157 
158  echo "<h3>Share Tokens</h3>";
159 
160  $table->drawView();
161  */
162  }
163 }
164 class APIManager
165 {
166  private static $endpoints = null;
167 
168  function ApiManager()
169  {
170 
171  }
172 
173  static function registerEndPoint($endpoint, $handler)
174  {
175  APIManager::$endpoints[$endpoint] = $handler;
176  }
177 
178  static function getEndPoint($endpoint)
179  {
180  if (!APIManager::$endpoints)
181  {
182  APIManager::$endpoints = array();
183  ComponentManager::fireEvent('RegisterAPIEndPoints');
184  }
185 
186  return APIManager::$endpoints[$endpoint];
187  }
188 
189  static function dispatch($endpoint)
190  {
191  global $method;
192  global $user;
193 
194  $handler = APIManager::getEndPoint($endpoint);
195  if (!$handler)
196  {
197  throw new FakoliException("API Endpoint not found");
198  }
199 
200  $m = strtolower($method);
201  if (!method_exists($handler, $m))
202  {
203  throw new FakoliException("Unsupported HTTP Verb");
204  }
205 
206  if ($handler->allowAnonymous())
207  {
208  $handler->$m();
209  return;
210  }
211 
212  $t = checkIdentifier($_GET["token"]);
213 
214  if (!$t)
215  {
216  throw new FakoliException("No Authentication Token Provided");
217  }
218 
219  $token = APIToken::getToken($t);
220  if (!$token)
221  {
222  throw new FakoliException("Authentication Token Not Found");
223  }
224 
225  if (!$token->active)
226  {
227  throw new FakoliException("Invalid Token");
228  }
229 
230  $user = $token->User();
231 
232  if (!$handler->checkAccess())
233  {
234  throw new FakoliException("Permission Denied");
235  }
236 
237  $handler->$m();
238  }
239 
240  function validateAPILogin()
241  {
242  global $user;
243 
244  $mgr = new UserManager();
245 
246  $username = $_REQUEST[$mgr->getUsernameField()];
247  $password = $_REQUEST["password"];
248 
249  if (Settings::getValue("login", "reject_all_blank_passwords"))
250  {
251  // JDG - guard against data not found exception
252  if(!$username OR !$password)
253  {
254  LoginManager::recordLoginAttempt($username, "api", null, "failure");
255  LoginManager::$error = "Incorrect user name or password.";
256  return "ERROR|".LoginManager::$error;
257  }
258  }
259  else
260  {
261  if(!$username)
262  {
263  LoginManager::recordLoginAttempt($username, "api", null, "failure");
264  LoginManager::$error = "Incorrect user name or password.";
265  return "ERROR|".LoginManager::$error;
266  }
267  }
268 
269  ComponentManager::fireEvent("OnLoginSubmit");
270 
271  $user = $mgr->validatePassword($username, $password);
272  if ($user)
273  {
274  $token = APIToken::getUserToken($user->user_id);
275  if (!$token)
276  {
277  $token = new APIToken();
278  $token->token = plainGUID();
279  $token->user_id = $user->user_id;
280  $token->created_date = now();
281  $token->expiry_date = null;
282  $token->active = true;
283  $token->last_access = now();
284  $token->save();
285  }
286 
287  $tokenLifetime = Settings::getValue("api", "token_lifetime");
288  if ($tokenLifetime)
289  {
290  $expiryDate = new DateTime();
291  $expiryDate->modify("+".$tokenLifetime);
292  $token->expiry_date = $expiryDate->format("Y-m-d H:i:s T");
293  }
294 
295  LoginManager::recordLoginAttempt($username, "api", null, "success");
296  Fakoli::JSONReturn($token, true);
297  }
298  else
299  {
300  return "ERROR";
301  }
302  }
303 
304  function extendToken()
305  {
306  $t = checkIdentifier($_GET["token"]);
307 
308  $token = APIToken::getToken($t);
309 
310  $tokenLifetime = Settings::getValue("api", "token_lifetime");
311  if ($tokenLifetime)
312  {
313  $expiryDate = new DateTime();
314  $expiryDate->modify("+".$tokenLifetime);
315  $token->expiry_date = $expiryDate->format("Y-m-d H:i:s T");
316  $token->save();
317  }
318  }
319 
320  static function registerAPIEndPoints()
321  {
322  APIManager::registerEndPoint("authenticate", new AuthenticateAPIEndPoint());
323  APIManager::registerEndPoint("extend", new AuthenticateAPIEndPoint());
324  }
325 
326  static function setDefaults()
327  {
328  Settings::setDefaultValue("api", "token_lifetime", "30 days", "String", "Specifies how long API authorization tokens stay valid. Leave blank to have tokens never expire");
329  }
330 
331  static function registerSectionContentManager()
332  {
333  SectionContentManagerMap::registerManager("API", new APIContentManager());
334  }
335 
336  static function upgradeComponent($version)
337  {
338  $mgr = new APIUpgradeManager();
339  $mgr->upgrade($version);
340  }
341 }
342 ?>
$script
$script
Definition: activity_report.inc:37
$token
$token
Definition: authentication_token_form.inc:41
$mgr
$mgr
Definition: authentication_token_form.inc:55
$class
$class
Definition: data_import_field_mapping.inc:5
$handler
$handler
Definition: event_form.inc:62
$section
$section
Definition: event_form.inc:44
$username
$username
Definition: password_help.inc:54
APIContentAdminView
Definition: api_manager.inc:127
APIContentAdminView\__construct
__construct($section)
Definition: api_manager.inc:128
APIContentAdminView\handlePOST
handlePOST()
Definition: api_manager.inc:133
APIContentAdminView\drawView
drawView()
Definition: api_manager.inc:137
APIContentManager
Provides a central management class for event handlers and common functionality for the api component...
Definition: api_manager.inc:98
APIContentManager\getDefaultPage
getDefaultPage($section)
Returns the identifier for the default page in the section (i.e.
Definition: api_manager.inc:99
APIContentManager\getAdminView
getAdminView($section)
Factory method to build the view class for displaying and manipulating section content for the specif...
Definition: api_manager.inc:120
APIContentManager\getContent
getContent($section, $identifier)
Returns a SectionContent object for the specified section and identifier.
Definition: api_manager.inc:101
APIContentManager\sendContent
sendContent($section, $identifier)
Renders and sends the specified content for the given section.
Definition: api_manager.inc:110
APIManager\setDefaults
static setDefaults()
Definition: api_manager.inc:326
APIManager\upgradeComponent
static upgradeComponent($version)
Definition: api_manager.inc:336
APIManager\registerSectionContentManager
static registerSectionContentManager()
Definition: api_manager.inc:331
APIManager\registerEndPoint
static registerEndPoint($endpoint, $handler)
Definition: api_manager.inc:173
APIManager\getEndPoint
static getEndPoint($endpoint)
Definition: api_manager.inc:178
APIManager\registerAPIEndPoints
static registerAPIEndPoints()
Definition: api_manager.inc:320
APIManager\dispatch
static dispatch($endpoint)
Definition: api_manager.inc:189
APIToken\getToken
static getToken($token)
Definition: api_token.inc:49
APIToken\getUserToken
static getUserToken($user_id)
Definition: api_token.inc:39
AbstractSectionContentAdminView
Definition: section_content_manager.inc:111
AbstractSectionContentAdminView\$section
$section
Definition: section_content_manager.inc:112
ComponentManager\fireEvent
static fireEvent($event, $parameter=null, $mustBeConsumed=false)
Fire an event to all subscribers as detailed in their manifests.
Definition: component_manager.inc:442
FakoliException
FakoliException is the base exception class for all Fakoli errors.
Definition: core.inc:53
Fakoli\usingFeature
static usingFeature()
Uses the specified framework feature(s).
Definition: core.inc:388
Fakoli\using
static using()
Import the datamodels, views and manifest for the specified component(s).
Definition: core.inc:116
Fakoli\JSONreturn
static JSONreturn($object, $sendType=true, $wrap=true)
Return a DataItem to the client in JSON format.
Definition: core.inc:1160
LoginManager\recordLoginAttempt
static recordLoginAttempt($username, $mode, $token, $result)
Records a login attempt in the login audit trail.
Definition: login.inc:117
LoginManager\$error
static $error
Definition: login.inc:96
SectionContent
Definition: section.inc:251
SectionContentManagerMap\registerManager
static registerManager($type, $manager)
Registers a SectionContentManager for handling a specified section type.
Definition: section_manager.inc:88
Settings\getValue
static getValue($component, $name)
Retrieve the value of the specified Setting.
Definition: settings.inc:104
Settings\setDefaultValue
static setDefaultValue($component, $name, $value, $field_type="String", $annotation="", $category="", $options="", $weight=0)
Sets the default value of the given component setting.
Definition: settings.inc:174
SimpleQueryAPIEndPoint\__construct
__construct($class, $roles="", $searchFilter=null, $outputFilter=null, $constraints="")
Definition: api_manager.inc:32
UserManager
Provides the interface to the user model for the application.
Definition: user_manager.inc:50
$user
global $user
Definition: comment_form.inc:16
$method
$method
Pull out a simple reference to the request method.
Definition: core.inc:1573
ISectionContentManager
Defines the interface required by a SectionContentManager.
Definition: section_content_manager.inc:44
$identifier
$identifier
Definition: rss.inc:37
$content
if(array_key_exists("HTTP_IF_MODIFIED_SINCE", $_SERVER)) $content
Definition: styles.css.inc:24