Merge branch 'cc-5709-airtime-analyzer-cloud-storage' into cc-5709-airtime-analyzer-cloud-storage-saas
Conflicts: airtime_mvc/application/Bootstrap.php airtime_mvc/application/configs/ACL.php airtime_mvc/application/controllers/ApiController.php airtime_mvc/application/controllers/plugins/Acl_plugin.php airtime_mvc/application/forms/GeneralPreferences.php airtime_mvc/application/modules/rest/controllers/MediaController.php airtime_mvc/application/views/scripts/form/preferences_general.phtml airtime_mvc/application/views/scripts/form/support-setting.phtml airtime_mvc/build/sql/schema.sql
This commit is contained in:
drigato
commit
ca9750f415
46 changed files with 771 additions and 595 deletions
|
|
@ -33,11 +33,6 @@ class Rest_MediaController extends Zend_Rest_Controller
|
|||
|
||||
public function indexAction()
|
||||
{
|
||||
if (!$this->verifyAuth(true, true))
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
$files_array = array();
|
||||
foreach (CcFilesQuery::create()->find() as $file)
|
||||
{
|
||||
|
|
@ -57,11 +52,6 @@ class Rest_MediaController extends Zend_Rest_Controller
|
|||
|
||||
public function downloadAction()
|
||||
{
|
||||
if (!$this->verifyAuth(true, true))
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
$id = $this->getId();
|
||||
if (!$id) {
|
||||
return;
|
||||
|
|
@ -84,11 +74,6 @@ class Rest_MediaController extends Zend_Rest_Controller
|
|||
|
||||
public function getAction()
|
||||
{
|
||||
if (!$this->verifyAuth(true, true))
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
$id = $this->getId();
|
||||
if (!$id) {
|
||||
return;
|
||||
|
|
@ -107,20 +92,6 @@ class Rest_MediaController extends Zend_Rest_Controller
|
|||
|
||||
public function postAction()
|
||||
{
|
||||
/* If the user presents a valid API key, we don't check CSRF tokens.
|
||||
CSRF tokens are only used for session based authentication.
|
||||
*/
|
||||
if(!$this->verifyAPIKey()){
|
||||
if(!$this->verifyCSRFToken($this->_getParam('csrf_token'))){
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if (!$this->verifyAuth(true, true))
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
//If we do get an ID on a POST, then that doesn't make any sense
|
||||
//since POST is only for creating.
|
||||
if ($id = $this->_getParam('id', false)) {
|
||||
|
|
@ -181,11 +152,6 @@ class Rest_MediaController extends Zend_Rest_Controller
|
|||
|
||||
public function putAction()
|
||||
{
|
||||
if (!$this->verifyAuth(true, true))
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
$id = $this->getId();
|
||||
if (!$id) {
|
||||
return;
|
||||
|
|
@ -275,11 +241,6 @@ class Rest_MediaController extends Zend_Rest_Controller
|
|||
|
||||
public function deleteAction()
|
||||
{
|
||||
if (!$this->verifyAuth(true, true))
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
$id = $this->getId();
|
||||
if (!$id) {
|
||||
return;
|
||||
|
|
@ -308,80 +269,6 @@ class Rest_MediaController extends Zend_Rest_Controller
|
|||
return $id;
|
||||
}
|
||||
|
||||
private function verifyCSRFToken($token){
|
||||
$current_namespace = new Zend_Session_Namespace('csrf_namespace');
|
||||
$observed_csrf_token = $token;
|
||||
$expected_csrf_token = $current_namespace->authtoken;
|
||||
|
||||
if($observed_csrf_token == $expected_csrf_token){
|
||||
return true;
|
||||
}else{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
private function verifyAuth($checkApiKey, $checkSession)
|
||||
{
|
||||
// Session takes precedence over API key for now:
|
||||
if ($checkSession && $this->verifySession()) {
|
||||
// CSRF token validation only applies to session based authorization.
|
||||
if(!$this->verifyCSRFToken($this->_getParam('csrf_token'))){
|
||||
$resp = $this->getResponse();
|
||||
$resp->setHttpResponseCode(401);
|
||||
$resp->appendBody("ERROR: Token Missmatch.");
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
if ($checkApiKey && $this->verifyAPIKey())
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
$resp = $this->getResponse();
|
||||
$resp->setHttpResponseCode(401);
|
||||
$resp->appendBody("ERROR: Incorrect API key.");
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
private function verifyAPIKey()
|
||||
{
|
||||
//The API key is passed in via HTTP "basic authentication":
|
||||
// http://en.wikipedia.org/wiki/Basic_access_authentication
|
||||
|
||||
$CC_CONFIG = Config::getConfig();
|
||||
|
||||
//Decode the API key that was passed to us in the HTTP request.
|
||||
$authHeader = $this->getRequest()->getHeader("Authorization");
|
||||
$encodedRequestApiKey = substr($authHeader, strlen("Basic "));
|
||||
$encodedStoredApiKey = base64_encode($CC_CONFIG["apiKey"][0] . ":");
|
||||
if ($encodedRequestApiKey === $encodedStoredApiKey)
|
||||
{
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
private function verifySession()
|
||||
{
|
||||
$auth = Zend_Auth::getInstance();
|
||||
if ($auth->hasIdentity())
|
||||
{
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
|
||||
//Token checking stub code. We'd need to change LoginController.php to generate a token too, but
|
||||
//but luckily all the token code already exists and works.
|
||||
//$auth = new Application_Model_Auth();
|
||||
//$auth->checkToken(Application_Model_Preference::getUserId(), $token);
|
||||
}
|
||||
|
||||
private function fileNotFoundResponse()
|
||||
{
|
||||
$resp = $this->getResponse();
|
||||
|
|
@ -489,7 +376,7 @@ class Rest_MediaController extends Zend_Rest_Controller
|
|||
private function getOwnerId()
|
||||
{
|
||||
try {
|
||||
if ($this->verifySession()) {
|
||||
if (Zend_Auth::getInstance()->hasIdentity()) {
|
||||
$service_user = new Application_Service_UserService();
|
||||
return $service_user->getCurrentUser()->getDbId();
|
||||
} else {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue