Rev 1278 | Rev 1305 | Go to most recent revision | Only display areas with differences | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 1278 | Rev 1293 | ||
|---|---|---|---|
| 1 | <?php |
1 | <?php |
| 2 | 2 | ||
| 3 | /* |
3 | /* |
| 4 | * OIDplus 2.0 |
4 | * OIDplus 2.0 |
| 5 | * Copyright 2019 - 2023 Daniel Marschall, ViaThinkSoft |
5 | * Copyright 2019 - 2023 Daniel Marschall, ViaThinkSoft |
| 6 | * |
6 | * |
| 7 | * Licensed under the Apache License, Version 2.0 (the "License"); |
7 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 8 | * you may not use this file except in compliance with the License. |
8 | * you may not use this file except in compliance with the License. |
| 9 | * You may obtain a copy of the License at |
9 | * You may obtain a copy of the License at |
| 10 | * |
10 | * |
| 11 | * http://www.apache.org/licenses/LICENSE-2.0 |
11 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 12 | * |
12 | * |
| 13 | * Unless required by applicable law or agreed to in writing, software |
13 | * Unless required by applicable law or agreed to in writing, software |
| 14 | * distributed under the License is distributed on an "AS IS" BASIS, |
14 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
15 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 16 | * See the License for the specific language governing permissions and |
16 | * See the License for the specific language governing permissions and |
| 17 | * limitations under the License. |
17 | * limitations under the License. |
| 18 | */ |
18 | */ |
| 19 | 19 | ||
| 20 | // ATTENTION: If you change something, please make sure that the changes |
20 | // ATTENTION: If you change something, please make sure that the changes |
| 21 | // are synchronous with OIDplusPageAdminAutomatedAJAXCalls |
21 | // are synchronous with OIDplusPageAdminAutomatedAJAXCalls |
| 22 | 22 | ||
| 23 | namespace ViaThinkSoft\OIDplus; |
23 | namespace ViaThinkSoft\OIDplus; |
| 24 | 24 | ||
| 25 | // phpcs:disable PSR1.Files.SideEffects |
25 | // phpcs:disable PSR1.Files.SideEffects |
| 26 | \defined('INSIDE_OIDPLUS') or die; |
26 | \defined('INSIDE_OIDPLUS') or die; |
| 27 | // phpcs:enable PSR1.Files.SideEffects |
27 | // phpcs:enable PSR1.Files.SideEffects |
| 28 | 28 | ||
| 29 | class OIDplusPageRaAutomatedAJAXCalls extends OIDplusPagePluginRa { |
29 | class OIDplusPageRaAutomatedAJAXCalls extends OIDplusPagePluginRa { |
| 30 | 30 | ||
| 31 | /** |
31 | /** |
| 32 | * @param string $actionID |
- | |
| 33 | * @param array $params |
32 | * @param array $params |
| 34 | * @return array |
33 | * @return array |
| 35 | * @throws OIDplusException |
34 | * @throws OIDplusException |
| 36 | */ |
35 | */ |
| 37 | public function action(string $actionID, array $params): array { |
36 | private function action_Blacklist(array $params): array { |
| 38 | if ($actionID == 'blacklistJWT') { |
- | |
| 39 | if (!OIDplus::baseConfig()->getValue('JWT_ALLOW_AJAX_USER', true)) { |
37 | if (!OIDplus::baseConfig()->getValue('JWT_ALLOW_AJAX_USER', true)) { |
| 40 | throw new OIDplusException(_L('The administrator has disabled this feature. (Base configuration setting %1).','JWT_ALLOW_AJAX_USER')); |
38 | throw new OIDplusException(_L('The administrator has disabled this feature. (Base configuration setting %1).','JWT_ALLOW_AJAX_USER')); |
| 41 | } |
39 | } |
| 42 | 40 | ||
| 43 | _CheckParamExists($params, 'user'); |
41 | _CheckParamExists($params, 'user'); |
| 44 | $ra_email = $params['user']; |
42 | $ra_email = $params['user']; |
| 45 | 43 | ||
| 46 | if (!OIDplus::authUtils()->isRaLoggedIn($ra_email) && !OIDplus::authUtils()->isAdminLoggedIn()) { |
44 | if (!OIDplus::authUtils()->isRaLoggedIn($ra_email) && !OIDplus::authUtils()->isAdminLoggedIn()) { |
| 47 | throw new OIDplusHtmlException(_L('You need to <a %1>log in</a> as the requested RA %2 or as admin.',OIDplus::gui()->link('oidplus:login$ra$'.$ra_email),'<b>'.htmlentities($ra_email).'</b>'), null, 401); |
45 | throw new OIDplusHtmlException(_L('You need to <a %1>log in</a> as the requested RA %2 or as admin.',OIDplus::gui()->link('oidplus:login$ra$'.$ra_email),'<b>'.htmlentities($ra_email).'</b>'), null, 401); |
| 48 | } |
46 | } |
| 49 | 47 | ||
| 50 | $gen = OIDplusAuthContentStoreJWT::JWT_GENERATOR_AJAX; |
48 | $gen = OIDplusAuthContentStoreJWT::JWT_GENERATOR_AJAX; |
| 51 | $sub = $ra_email; |
49 | $sub = $ra_email; |
| 52 | 50 | ||
| 53 | OIDplusAuthContentStoreJWT::jwtBlacklist($gen, $sub); |
51 | OIDplusAuthContentStoreJWT::jwtBlacklist($gen, $sub); |
| 54 | 52 | ||
| 55 | return array("status" => 0); |
53 | return array("status" => 0); |
| - | 54 | } |
|
| - | 55 | ||
| - | 56 | /** |
|
| - | 57 | * @param string $actionID |
|
| - | 58 | * @param array $params |
|
| - | 59 | * @return array |
|
| - | 60 | * @throws OIDplusException |
|
| - | 61 | */ |
|
| - | 62 | public function action(string $actionID, array $params): array { |
|
| - | 63 | if ($actionID == 'blacklistJWT') { |
|
| - | 64 | return $this->action_Blacklist($params); |
|
| 56 | } else { |
65 | } else { |
| 57 | return parent::action($actionID, $params); |
66 | return parent::action($actionID, $params); |
| 58 | } |
67 | } |
| 59 | } |
68 | } |
| 60 | 69 | ||
| 61 | /** |
70 | /** |
| 62 | * @param string $id |
71 | * @param string $id |
| 63 | * @param array $out |
72 | * @param array $out |
| 64 | * @param bool $handled |
73 | * @param bool $handled |
| 65 | * @return void |
74 | * @return void |
| 66 | * @throws OIDplusException |
75 | * @throws OIDplusException |
| 67 | */ |
76 | */ |
| 68 | public function gui(string $id, array &$out, bool &$handled) { |
77 | public function gui(string $id, array &$out, bool &$handled) { |
| 69 | $parts = explode('$',$id,2); |
78 | $parts = explode('$',$id,2); |
| 70 | $ra_email = $parts[1] ?? ''; |
79 | $ra_email = $parts[1] ?? ''; |
| 71 | 80 | ||
| 72 | if ($parts[0] == 'oidplus:automated_ajax_information_ra') { |
81 | if ($parts[0] == 'oidplus:automated_ajax_information_ra') { |
| 73 | $handled = true; |
82 | $handled = true; |
| 74 | 83 | ||
| 75 | $out['title'] = _L('Automated AJAX calls'); |
84 | $out['title'] = _L('Automated AJAX calls'); |
| 76 | $out['icon'] = file_exists(__DIR__.'/img/main_icon.png') ? OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/main_icon.png' : ''; |
85 | $out['icon'] = file_exists(__DIR__.'/img/main_icon.png') ? OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/main_icon.png' : ''; |
| 77 | 86 | ||
| 78 | if (!OIDplus::authUtils()->isRaLoggedIn($ra_email) && !OIDplus::authUtils()->isAdminLoggedIn()) { |
87 | if (!OIDplus::authUtils()->isRaLoggedIn($ra_email) && !OIDplus::authUtils()->isAdminLoggedIn()) { |
| 79 | throw new OIDplusHtmlException(_L('You need to <a %1>log in</a> as the requested RA %2 or as admin.',OIDplus::gui()->link('oidplus:login$ra$'.$ra_email),'<b>'.htmlentities($ra_email).'</b>'), $out['title'], 401); |
88 | throw new OIDplusHtmlException(_L('You need to <a %1>log in</a> as the requested RA %2 or as admin.',OIDplus::gui()->link('oidplus:login$ra$'.$ra_email),'<b>'.htmlentities($ra_email).'</b>'), $out['title'], 401); |
| 80 | } |
89 | } |
| 81 | 90 | ||
| 82 | if (!OIDplus::baseConfig()->getValue('JWT_ALLOW_AJAX_USER', true)) { |
91 | if (!OIDplus::baseConfig()->getValue('JWT_ALLOW_AJAX_USER', true)) { |
| 83 | throw new OIDplusException(_L('The administrator has disabled this feature. (Base configuration setting %1).','JWT_ALLOW_AJAX_USER'), $out['title']); |
92 | throw new OIDplusException(_L('The administrator has disabled this feature. (Base configuration setting %1).','JWT_ALLOW_AJAX_USER'), $out['title']); |
| 84 | } |
93 | } |
| 85 | 94 | ||
| 86 | $gen = OIDplusAuthContentStoreJWT::JWT_GENERATOR_AJAX; |
95 | $gen = OIDplusAuthContentStoreJWT::JWT_GENERATOR_AJAX; |
| 87 | $sub = $ra_email; |
96 | $sub = $ra_email; |
| 88 | 97 | ||
| 89 | $authSimulation = new OIDplusAuthContentStoreJWT(); |
98 | $authSimulation = new OIDplusAuthContentStoreJWT(); |
| 90 | $authSimulation->raLogin($ra_email); |
99 | $authSimulation->raLogin($ra_email); |
| 91 | $authSimulation->setValue('oidplus_generator', $gen); |
100 | $authSimulation->setValue('oidplus_generator', $gen); |
| 92 | $token = $authSimulation->getJWTToken(); |
101 | $token = $authSimulation->getJWTToken(); |
| 93 | 102 | ||
| 94 | $out['text'] .= '<p>'._L('You can make automated calls to your OIDplus account by calling the AJAX API.').'</p>'; |
103 | $out['text'] .= '<p>'._L('You can make automated calls to your OIDplus account by calling the AJAX API.').'</p>'; |
| 95 | $out['text'] .= '<p>'._L('The URL for the AJAX script is:').'</p>'; |
104 | $out['text'] .= '<p>'._L('The URL for the AJAX script is:').'</p>'; |
| 96 | $out['text'] .= '<p><b>'.OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL).'ajax.php</b></p>'; |
105 | $out['text'] .= '<p><b>'.OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL).'ajax.php</b></p>'; |
| 97 | $out['text'] .= '<p>'._L('You must at least provide following fields:').'</p>'; |
106 | $out['text'] .= '<p>'._L('You must at least provide following fields:').'</p>'; |
| 98 | $out['text'] .= '<p><pre id="oidplus_auth_jwt">'; |
107 | $out['text'] .= '<p><pre id="oidplus_auth_jwt">'; |
| 99 | $out['text'] .= htmlentities(OIDplusAuthContentStoreJWT::COOKIE_NAME).' = "'.htmlentities($token).'"'."\n"; |
108 | $out['text'] .= htmlentities(OIDplusAuthContentStoreJWT::COOKIE_NAME).' = "'.htmlentities($token).'"'."\n"; |
| 100 | $out['text'] .= '</pre></p>'; |
109 | $out['text'] .= '</pre></p>'; |
| 101 | $out['text'] .= '<p><input type="button" value="'._L('Copy to clipboard').'" onClick="copyToClipboard(oidplus_auth_jwt)"></p>'; |
110 | $out['text'] .= '<p><input type="button" value="'._L('Copy to clipboard').'" onClick="copyToClipboard(oidplus_auth_jwt)"></p>'; |
| 102 | $out['text'] .= '<p>'._L('Please keep this information confidential!').'</p>'; |
111 | $out['text'] .= '<p>'._L('Please keep this information confidential!').'</p>'; |
| 103 | $out['text'] .= '<p>'._L('The JWT-token (secret!) will automatically perform a one-time-login to fulfill the request. The other fields are the normal fields which are called during the usual operation of OIDplus.').'</p>'; |
112 | $out['text'] .= '<p>'._L('The JWT-token (secret!) will automatically perform a one-time-login to fulfill the request. The other fields are the normal fields which are called during the usual operation of OIDplus.').'</p>'; |
| 104 | $out['text'] .= '<p>'._L('Currently, there is no documentation for the AJAX calls. However, you can look at the <b>script.js</b> files of the plugins to see the field names being used. You can also enable network analysis in your web browser debugger (F12) to see the request headers sent to the server during the operation of OIDplus.').'</p>'; |
113 | $out['text'] .= '<p>'._L('Currently, there is no documentation for the AJAX calls. However, you can look at the <b>script.js</b> files of the plugins to see the field names being used. You can also enable network analysis in your web browser debugger (F12) to see the request headers sent to the server during the operation of OIDplus.').'</p>'; |
| 105 | 114 | ||
| 106 | $out['text'] .= '<h2>'._L('Blacklisted tokens').'</h2>'; |
115 | $out['text'] .= '<h2>'._L('Blacklisted tokens').'</h2>'; |
| 107 | $bl_time = OIDplusAuthContentStoreJWT::jwtGetBlacklistTime($gen, $sub); |
116 | $bl_time = OIDplusAuthContentStoreJWT::jwtGetBlacklistTime($gen, $sub); |
| 108 | if ($bl_time == 0) { |
117 | if ($bl_time == 0) { |
| 109 | $out['text'] .= '<p>'._L('None of the previously generated JWT tokens have been blacklisted.').'</p>'; |
118 | $out['text'] .= '<p>'._L('None of the previously generated JWT tokens have been blacklisted.').'</p>'; |
| 110 | } else { |
119 | } else { |
| 111 | $out['text'] .= '<p>'._L('All tokens generated before %1 have been blacklisted.',date('d F Y, H:i:s',$bl_time+1)).'</p>'; |
120 | $out['text'] .= '<p>'._L('All tokens generated before %1 have been blacklisted.',date('d F Y, H:i:s',$bl_time+1)).'</p>'; |
| 112 | } |
121 | } |
| 113 | $out['text'] .= '<button type="button" name="btn_blacklist_jwt" id="btn_blacklist_jwt" class="btn btn-danger btn-xs" onclick="OIDplusPageRaAutomatedAJAXCalls.blacklistJWT('.js_escape($ra_email).')">'._L('Blacklist all previously generated tokens').'</button>'; |
122 | $out['text'] .= '<button type="button" name="btn_blacklist_jwt" id="btn_blacklist_jwt" class="btn btn-danger btn-xs" onclick="OIDplusPageRaAutomatedAJAXCalls.blacklistJWT('.js_escape($ra_email).')">'._L('Blacklist all previously generated tokens').'</button>'; |
| 114 | 123 | ||
| 115 | $out['text'] .= '<h2>'._L('Example for adding OID 2.999.123 using JavaScript').'</h2>'; |
124 | $out['text'] .= '<h2>'._L('Example for adding OID 2.999.123 using JavaScript').'</h2>'; |
| 116 | $cont = file_get_contents(__DIR__.'/examples/example_js.html'); |
125 | $cont = file_get_contents(__DIR__.'/examples/example_js.html'); |
| 117 | $cont = str_replace('<url>', OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL).'ajax.php', $cont); |
126 | $cont = str_replace('<url>', OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL).'ajax.php', $cont); |
| 118 | $cont = str_replace('<token>', $token, $cont); |
127 | $cont = str_replace('<token>', $token, $cont); |
| 119 | $out['text'] .= '<pre id="example_js">'.htmlentities($cont).'</pre>'; |
128 | $out['text'] .= '<pre id="example_js">'.htmlentities($cont).'</pre>'; |
| 120 | $out['text'] .= '<p><input type="button" value="'._L('Copy to clipboard').'" onClick="copyToClipboard(example_js)"></p>'; |
129 | $out['text'] .= '<p><input type="button" value="'._L('Copy to clipboard').'" onClick="copyToClipboard(example_js)"></p>'; |
| 121 | 130 | ||
| 122 | $out['text'] .= '<h2>'._L('Example for adding OID 2.999.123 using PHP (located at a foreign server)').'</h2>'; |
131 | $out['text'] .= '<h2>'._L('Example for adding OID 2.999.123 using PHP (located at a foreign server)').'</h2>'; |
| 123 | $cont = file_get_contents(__DIR__.'/examples/example_php.phps'); |
132 | $cont = file_get_contents(__DIR__.'/examples/example_php.phps'); |
| 124 | $cont = str_replace('<url>', OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL).'ajax.php', $cont); |
133 | $cont = str_replace('<url>', OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL).'ajax.php', $cont); |
| 125 | $cont = str_replace('<token>', $token, $cont); |
134 | $cont = str_replace('<token>', $token, $cont); |
| 126 | $out['text'] .= '<pre id="example_php">'.preg_replace("@<br.*>@ismU","",highlight_string($cont,true)).'</pre>'; |
135 | $out['text'] .= '<pre id="example_php">'.preg_replace("@<br.*>@ismU","",highlight_string($cont,true)).'</pre>'; |
| 127 | $out['text'] .= '<p><input type="button" value="'._L('Copy to clipboard').'" onClick="copyToClipboard(example_php)"></p>'; |
136 | $out['text'] .= '<p><input type="button" value="'._L('Copy to clipboard').'" onClick="copyToClipboard(example_php)"></p>'; |
| 128 | 137 | ||
| 129 | $out['text'] .= '<h2>'._L('Example for adding OID 2.999.123 using Python').'</h2>'; |
138 | $out['text'] .= '<h2>'._L('Example for adding OID 2.999.123 using Python').'</h2>'; |
| 130 | $cont = file_get_contents(__DIR__.'/examples/example_python.py'); |
139 | $cont = file_get_contents(__DIR__.'/examples/example_python.py'); |
| 131 | $cont = str_replace('<url>', OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL).'ajax.php', $cont); |
140 | $cont = str_replace('<url>', OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL).'ajax.php', $cont); |
| 132 | $cont = str_replace('<token>', $token, $cont); |
141 | $cont = str_replace('<token>', $token, $cont); |
| 133 | $out['text'] .= '<pre id="example_python">'.htmlentities($cont).'</pre>'; |
142 | $out['text'] .= '<pre id="example_python">'.htmlentities($cont).'</pre>'; |
| 134 | $out['text'] .= '<p><input type="button" value="'._L('Copy to clipboard').'" onClick="copyToClipboard(example_python)"></p>'; |
143 | $out['text'] .= '<p><input type="button" value="'._L('Copy to clipboard').'" onClick="copyToClipboard(example_python)"></p>'; |
| 135 | 144 | ||
| 136 | $out['text'] .= '<h2>'._L('Example for adding OID 2.999.123 using VBScript').'</h2>'; |
145 | $out['text'] .= '<h2>'._L('Example for adding OID 2.999.123 using VBScript').'</h2>'; |
| 137 | $cont = file_get_contents(__DIR__.'/examples/example_vbs.vbs'); |
146 | $cont = file_get_contents(__DIR__.'/examples/example_vbs.vbs'); |
| 138 | $cont = str_replace('<url>', OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL).'ajax.php', $cont); |
147 | $cont = str_replace('<url>', OIDplus::webpath(null,OIDplus::PATH_ABSOLUTE_CANONICAL).'ajax.php', $cont); |
| 139 | $cont = str_replace('<token>', $token, $cont); |
148 | $cont = str_replace('<token>', $token, $cont); |
| 140 | $out['text'] .= '<pre id="example_vbs">'.htmlentities($cont).'</pre>'; |
149 | $out['text'] .= '<pre id="example_vbs">'.htmlentities($cont).'</pre>'; |
| 141 | $out['text'] .= '<p><input type="button" value="'._L('Copy to clipboard').'" onClick="copyToClipboard(example_vbs)"></p>'; |
150 | $out['text'] .= '<p><input type="button" value="'._L('Copy to clipboard').'" onClick="copyToClipboard(example_vbs)"></p>'; |
| 142 | } |
151 | } |
| 143 | } |
152 | } |
| 144 | 153 | ||
| 145 | /** |
154 | /** |
| 146 | * @param array $json |
155 | * @param array $json |
| 147 | * @param string|null $ra_email |
156 | * @param string|null $ra_email |
| 148 | * @param bool $nonjs |
157 | * @param bool $nonjs |
| 149 | * @param string $req_goto |
158 | * @param string $req_goto |
| 150 | * @return bool |
159 | * @return bool |
| 151 | * @throws OIDplusException |
160 | * @throws OIDplusException |
| 152 | */ |
161 | */ |
| 153 | public function tree(array &$json, string $ra_email=null, bool $nonjs=false, string $req_goto=''): bool { |
162 | public function tree(array &$json, string $ra_email=null, bool $nonjs=false, string $req_goto=''): bool { |
| 154 | if (!$ra_email) return false; |
163 | if (!$ra_email) return false; |
| 155 | if (!OIDplus::authUtils()->isRaLoggedIn($ra_email) && !OIDplus::authUtils()->isAdminLoggedIn()) return false; |
164 | if (!OIDplus::authUtils()->isRaLoggedIn($ra_email) && !OIDplus::authUtils()->isAdminLoggedIn()) return false; |
| 156 | 165 | ||
| 157 | if (file_exists(__DIR__.'/img/main_icon16.png')) { |
166 | if (file_exists(__DIR__.'/img/main_icon16.png')) { |
| 158 | $tree_icon = OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/main_icon16.png'; |
167 | $tree_icon = OIDplus::webpath(__DIR__,OIDplus::PATH_RELATIVE).'img/main_icon16.png'; |
| 159 | } else { |
168 | } else { |
| 160 | $tree_icon = null; // default icon (folder) |
169 | $tree_icon = null; // default icon (folder) |
| 161 | } |
170 | } |
| 162 | 171 | ||
| 163 | $json[] = array( |
172 | $json[] = array( |
| 164 | 'id' => 'oidplus:automated_ajax_information_ra$'.$ra_email, |
173 | 'id' => 'oidplus:automated_ajax_information_ra$'.$ra_email, |
| 165 | 'icon' => $tree_icon, |
174 | 'icon' => $tree_icon, |
| 166 | 'text' => _L('Automated AJAX calls') |
175 | 'text' => _L('Automated AJAX calls') |
| 167 | ); |
176 | ); |
| 168 | 177 | ||
| 169 | return true; |
178 | return true; |
| 170 | } |
179 | } |
| 171 | 180 | ||
| 172 | /** |
181 | /** |
| 173 | * @param string $request |
182 | * @param string $request |
| 174 | * @return array|false |
183 | * @return array|false |
| 175 | */ |
184 | */ |
| 176 | public function tree_search(string $request) { |
185 | public function tree_search(string $request) { |
| 177 | return false; |
186 | return false; |
| 178 | } |
187 | } |
| 179 | } |
188 | } |
| 180 | 189 | ||