WebSVN – oidplus – Blame – /trunk/plugins/viathinksoft/adminPages/910_automated_ajax_calls/OIDplusPageAdminAutomatedAJAXCalls.class.php

Rev	Author	Line No.	Line
635	daniel-mar	1	<?php
		2
		3	/*
		4	* OIDplus 2.0
		5	* Copyright 2019 - 2021 Daniel Marschall, ViaThinkSoft
		6	*
		7	* Licensed under the Apache License, Version 2.0 (the "License");
		8	* you may not use this file except in compliance with the License.
		9	* You may obtain a copy of the License at
		10	*
		11	* http://www.apache.org/licenses/LICENSE-2.0
		12	*
		13	* Unless required by applicable law or agreed to in writing, software
		14	* distributed under the License is distributed on an "AS IS" BASIS,
		15	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
		16	* See the License for the specific language governing permissions and
		17	* limitations under the License.
		18	*/
		19
		20	// ATTENTION: If you change something, please make sure that the changes
		21	// are synchronous with OIDplusPageRaAutomatedAJAXCalls
		22
		23	if (!defined('INSIDE_OIDPLUS')) die();
		24
		25	class OIDplusPageAdminAutomatedAJAXCalls extends OIDplusPagePluginAdmin {
		26
		27	public function action($actionID, $params) {
		28	if ($actionID == 'blacklistJWT') {
		29	if (!OIDplus::authUtils()->isAdminLoggedIn()) {
		30	throw new OIDplusException(_L('You need to <a %1>log in</a> as administrator.',OIDplus::gui()->link('oidplus:login$admin')));
		31	}
		32
		33	if (!OIDplus::baseConfig()->getValue('JWT_ALLOW_AJAX_ADMIN', true)) {
		34	throw new OIDplusException(_L('The administrator has disabled this feature. (Base configuration setting %1).','JWT_ALLOW_AJAX_ADMIN'));
		35	}
		36
		37	$gen = OIDplusAuthContentStoreJWT::JWT_GENERATOR_AJAX;
		38	$sub = 'admin';
		39
		40	OIDplusAuthContentStoreJWT::jwtBlacklist($gen, $sub);
		41
		42	return array("status" => 0);
		43	} else {
		44	throw new OIDplusException(_L('Unknown action ID'));
		45	}
		46	}
		47
		48	public function gui($id, &$out, &$handled) {
		49	if ($id === 'oidplus:automated_ajax_information_admin') {
		50	$handled = true;
		51	$out['title'] = _L('Automated AJAX calls');
801	daniel-mar	52	$out['icon'] = file_exists(__DIR__.'/img/main_icon.png') ? OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/main_icon.png' : '';
635	daniel-mar	53
		54	if (!OIDplus::authUtils()->isAdminLoggedIn()) {
800	daniel-mar	55	$out['icon'] = 'img/error.png';
635	daniel-mar	56	$out['text'] = '<p>'._L('You need to <a %1>log in</a> as administrator.',OIDplus::gui()->link('oidplus:login$admin')).'</p>';
		57	return;
		58	}
		59
		60	if (!OIDplus::baseConfig()->getValue('JWT_ALLOW_AJAX_ADMIN', true)) {
		61	$out['text'] = '<p>'._L('The administrator has disabled this feature. (Base configuration setting %1).','JWT_ALLOW_AJAX_ADMIN').'</p>';
		62	return;
		63	}
		64
		65	$gen = OIDplusAuthContentStoreJWT::JWT_GENERATOR_AJAX;
		66	$sub = 'admin';
		67
		68	$authSimulation = new OIDplusAuthContentStoreJWT();
		69	$authSimulation->adminLogin();
		70	$authSimulation->setValue('oidplus_generator', $gen);
		71	$token = $authSimulation->getJWTToken();
		72
		73	$out['text'] .= '<p>'._L('You can make automated calls to your OIDplus account by calling the AJAX API.').'</p>';
		74	$out['text'] .= '<p>'._L('The URL for the AJAX script is:').'</p>';
801	daniel-mar	75	$out['text'] .= '<p><b>'.OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL).'ajax.php</b></p>';
635	daniel-mar	76	$out['text'] .= '<p>'._L('You must at least provide following fields:').'</p>';
876	daniel-mar	77	$out['text'] .= '<p><pre id="oidplus_auth_jwt">';
635	daniel-mar	78	$out['text'] .= 'OIDPLUS_AUTH_JWT = "'.htmlentities($token).'"'."\n";
		79	$out['text'] .= '</pre></p>';
876	daniel-mar	80	$out['text'] .= '<p><input type="button" value="'._L('Copy to clipboard').'" onClick="copyToClipboard(oidplus_auth_jwt)"></p>';
635	daniel-mar	81	$out['text'] .= '<p>'._L('Please keep this information confidential!').'</p>';
		82	$out['text'] .= '<p>'._L('The JWT-token (secret!) will automatically perform a one-time-login to fulfill the request. The other fields are the normal fields which are called during the usual operation of OIDplus.').'</p>';
		83	$out['text'] .= '<p>'._L('Currently, there is no documentation for the AJAX calls. However, you can look at the <b>script.js</b> files of the plugins to see the field names being used. You can also enable network analysis in your web browser debugger (F12) to see the request headers sent to the server during the operation of OIDplus.').'</p>';
		84
		85	$out['text'] .= '<h2>'._L('Blacklisted tokens').'</h2>';
		86	$bl_time = OIDplusAuthContentStoreJWT::jwtGetBlacklistTime($gen, $sub);
		87	if ($bl_time == 0) {
		88	$out['text'] .= '<p>'._L('None of the previously generated JWT tokens have been blacklisted.').'</p>';
		89	} else {
		90	$out['text'] .= '<p>'._L('All tokens generated before %1 have been blacklisted.',date('d F Y, H:i:s',$bl_time+1)).'</p>';
		91	}
		92	$out['text'] .= '<button type="button" name="btn_blacklist_jwt" id="btn_blacklist_jwt" class="btn btn-danger btn-xs" onclick="OIDplusPageAdminAutomatedAJAXCalls.blacklistJWT()">'._L('Blacklist all previously generated tokens').'</button>';
		93
		94	$out['text'] .= '<h2>'._L('Example for adding OID 2.999.123 using JavaScript').'</h2>';
		95	$cont = file_get_contents(__DIR__.'/examples/example_js.html');
802	daniel-mar	96	$cont = str_replace('<url>', OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL).'ajax.php', $cont);
635	daniel-mar	97	$cont = str_replace('<token>', $token, $cont);
		98	$out['text'] .= '<pre>'.htmlentities($cont).'</pre>';
		99
		100	$out['text'] .= '<h2>'._L('Example for adding OID 2.999.123 using PHP (located at a foreign server)').'</h2>';
		101	$cont = file_get_contents(__DIR__.'/examples/example_php.phps');
801	daniel-mar	102	$cont = str_replace('<url>', OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL).'ajax.php', $cont);
635	daniel-mar	103	$cont = str_replace('<token>', $token, $cont);
		104	$out['text'] .= '<pre>'.preg_replace("@<br.*>@ismU","",highlight_string($cont,true)).'</pre>';
		105
		106	$out['text'] .= '<h2>'._L('Example for adding OID 2.999.123 using Python').'</h2>';
		107	$cont = file_get_contents(__DIR__.'/examples/example_python.py');
801	daniel-mar	108	$cont = str_replace('<url>', OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL).'ajax.php', $cont);
635	daniel-mar	109	$cont = str_replace('<token>', $token, $cont);
		110	$out['text'] .= '<pre>'.htmlentities($cont).'</pre>';
		111
		112	$out['text'] .= '<h2>'._L('Example for adding OID 2.999.123 using VBScript').'</h2>';
		113	$cont = file_get_contents(__DIR__.'/examples/example_vbs.vbs');
802	daniel-mar	114	$cont = str_replace('<url>', OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL).'ajax.php', $cont);
635	daniel-mar	115	$cont = str_replace('<token>', $token, $cont);
		116	$out['text'] .= '<pre>'.htmlentities($cont).'</pre>';
		117	}
		118	}
		119
		120	public function tree(&$json, $ra_email=null, $nonjs=false, $req_goto='') {
		121	if (!OIDplus::authUtils()->isAdminLoggedIn()) return false;
		122
800	daniel-mar	123	if (file_exists(__DIR__.'/img/main_icon16.png')) {
801	daniel-mar	124	$tree_icon = OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/main_icon16.png';
635	daniel-mar	125	} else {
		126	$tree_icon = null; // default icon (folder)
		127	}
		128
		129	$json[] = array(
		130	'id' => 'oidplus:automated_ajax_information_admin',
		131	'icon' => $tree_icon,
		132	'text' => _L('Automated AJAX calls')
		133	);
		134
		135	return true;
		136	}
		137
		138	public function tree_search($request) {
		139	return false;
		140	}
		141	}

Subversion Repositories oidplus

oidplus/trunk/plugins/viathinksoft/adminPages/910_automated_ajax_calls/OIDplusPageAdminAutomatedAJAXCalls.class.php @ 1293 – Rev 876