mirror of
https://github.com/salesagility/SuiteCRM.git
synced 2024-11-22 07:52:36 +00:00
162 lines
5.8 KiB
PHP
162 lines
5.8 KiB
PHP
<?php
|
|
/**
|
|
*
|
|
* SugarCRM Community Edition is a customer relationship management program developed by
|
|
* SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc.
|
|
*
|
|
* SuiteCRM is an extension to SugarCRM Community Edition developed by SalesAgility Ltd.
|
|
* Copyright (C) 2011 - 2018 SalesAgility Ltd.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify it under
|
|
* the terms of the GNU Affero General Public License version 3 as published by the
|
|
* Free Software Foundation with the addition of the following permission added
|
|
* to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
|
|
* IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
|
|
* OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
|
|
*
|
|
* This program is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
|
|
* FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
|
* details.
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public License along with
|
|
* this program; if not, see http://www.gnu.org/licenses or write to the Free
|
|
* Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
|
* 02110-1301 USA.
|
|
*
|
|
* You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
|
|
* SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
|
|
*
|
|
* The interactive user interfaces in modified source and object code versions
|
|
* of this program must display Appropriate Legal Notices, as required under
|
|
* Section 5 of the GNU Affero General Public License version 3.
|
|
*
|
|
* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
|
|
* these Appropriate Legal Notices must retain the display of the "Powered by
|
|
* SugarCRM" logo and "Supercharged by SuiteCRM" logo. If the display of the logos is not
|
|
* reasonably feasible for technical reasons, the Appropriate Legal Notices must
|
|
* display the words "Powered by SugarCRM" and "Supercharged by SuiteCRM".
|
|
*/
|
|
|
|
namespace SuiteCRM\API\OAuth2\Middleware;
|
|
|
|
use League\OAuth2\Server\Exception\OAuthServerException;
|
|
use League\OAuth2\Server\ResourceServer as OAuthResourceServer;
|
|
use Psr\Http\Message\ResponseInterface;
|
|
use Psr\Http\Message\ServerRequestInterface;
|
|
use SuiteCRM\API\v8\Exception\NotAllowedException;
|
|
use SuiteCRM\Enumerator\ExceptionCode;
|
|
use SuiteCRM\Utility\SuiteLogger as Logger;
|
|
|
|
#[\AllowDynamicProperties]
|
|
class ResourceServer
|
|
{
|
|
/**
|
|
* @var ResourceServer
|
|
*/
|
|
private $server;
|
|
|
|
private static $ROUTES_EXEMPT_FROM_AUTH = [
|
|
'oauth/access_token',
|
|
'v8/swagger.json',
|
|
];
|
|
|
|
/**
|
|
* @param OAuthResourceServer $server
|
|
*/
|
|
public function __construct(OAuthResourceServer $server)
|
|
{
|
|
$this->server = $server;
|
|
}
|
|
|
|
/**
|
|
* @param ServerRequestInterface $request
|
|
* @param ResponseInterface $response
|
|
* @param callable $next
|
|
*
|
|
* @return \Psr\Http\Message\ResponseInterface
|
|
*/
|
|
public function __invoke(ServerRequestInterface $request, ResponseInterface $response, callable $next)
|
|
{
|
|
try {
|
|
if (!in_array($request->getUri()->getPath(), self::$ROUTES_EXEMPT_FROM_AUTH)) {
|
|
$request = $this->server->validateAuthenticatedRequest($request);
|
|
|
|
$this->setCurrentUserGlobal($request);
|
|
}
|
|
} catch (OAuthServerException $exception) {
|
|
$log = new Logger();
|
|
$log->error(
|
|
'[ResourceServer] '.
|
|
' Code: ' . $exception->getCode().
|
|
' Message: ' . $exception->getMessage().
|
|
' ErrorType: ' . $exception->getErrorType().
|
|
' Hint: ' . $exception->getHint()
|
|
);
|
|
return $exception->generateHttpResponse($response);
|
|
// @codeCoverageIgnoreStart
|
|
} catch (\Exception $exception) {
|
|
$log = new Logger();
|
|
$log->error(
|
|
'[ResourceServer] '.
|
|
$exception->getCode().' '.$exception->getMessage()
|
|
);
|
|
return (new OAuthServerException($exception->getMessage(), 0, 'unknown_error', 500))
|
|
->generateHttpResponse($response);
|
|
// @codeCoverageIgnoreEnd
|
|
}
|
|
|
|
// Pass the request and response on to the next responder in the chain
|
|
return $next($request, $response);
|
|
}
|
|
|
|
/**
|
|
* Suite needs a current_user global for roles, security groups etc.
|
|
*
|
|
* @param ServerRequestInterface $request
|
|
* @throws NotAllowedException
|
|
*/
|
|
private function setCurrentUserGlobal(ServerRequestInterface $request)
|
|
{
|
|
global $current_user;
|
|
|
|
$user = $this->getUserFromRequest($request);
|
|
|
|
// validate user is still active
|
|
if ($user->status === 'Inactive') {
|
|
throw new NotAllowedException('[User Not Active]', ExceptionCode::API_USER_NOT_ACTIVE);
|
|
}
|
|
|
|
$current_user = $user;
|
|
}
|
|
|
|
/**
|
|
* @param ServerRequestInterface $request
|
|
* @return \User
|
|
*
|
|
* @throws NotAllowedException
|
|
*/
|
|
private function getUserFromRequest(ServerRequestInterface $request)
|
|
{
|
|
$user = new \User();
|
|
|
|
$user->retrieve($request->getAttribute('oauth_user_id'));
|
|
|
|
if ($user->id) {
|
|
return $user;
|
|
}
|
|
|
|
// We need a User to take ownership of actions, so if we are using a grant type that does not have
|
|
// an associated User we fall back on the User defined in the OAuth2Clients
|
|
$client = new \OAuth2Clients();
|
|
$client->retrieve($request->getAttribute('oauth_client_id'));
|
|
|
|
$user->retrieve($client->assigned_user_id);
|
|
if ($user->id) {
|
|
return $user;
|
|
}
|
|
|
|
throw new NotAllowedException('[User Not Active]', ExceptionCode::API_USER_NOT_ACTIVE);
|
|
}
|
|
}
|