PageRenderTime 64ms CodeModel.GetById 29ms RepoModel.GetById 1ms app.codeStats 0ms

/xenforo/library/bdApi/ControllerApi/Tool.php

https://gitlab.com/billyprice1/bdApi
PHP | 305 lines | 232 code | 60 blank | 13 comment | 27 complexity | e1c02090ff393d68d041d6f44fcd7f62 MD5 | raw file
    

  1. <?php
    2. 

  2. 

  3. class bdApi_ControllerApi_Tool extends bdApi_ControllerApi_Abstract
    4. 

  4. {
    5. 

  5.     public function actionGetLogin()
    6. 

  6.     {
    7. 

  7.         $redirectUri = $this->_input->filterSingle('redirect_uri', XenForo_Input::STRING);
    8. 

  8.         if (empty($redirectUri)) {
    9. 

  9.             return $this->responseError(new XenForo_Phrase('bdapi_slash_tools_login_requires_redirect_uri'), 400);
    10. 

  10.         }
    11. 

  11. 

  12.         /* @var $session bdApi_Session */
    13. 

  13.         $session = XenForo_Application::getSession();
    14. 

  14.         $clientId = $session->getOAuthClientId();
    15. 

  15.         if (empty($clientId)) {
    16. 

  16.             $this->_response->setHeader('X-Api-Login-Error', 'client_id');
    17. 

  17.             return $this->responseNoPermission();
    18. 

  18.         }
    19. 

  19. 

  20.         if (!$session->isValidRedirectUri($redirectUri)) {
    21. 

  21.             $this->_response->setHeader('X-Api-Login-Error', 'redirect_uri');
    22. 

  22.             return $this->responseNoPermission();
    23. 

  23.         }
    24. 

  24. 

  25.         $userId = XenForo_Visitor::getUserId();
    26. 

  26.         if (empty($userId)) {
    27. 

  27.             $this->_response->setHeader('X-Api-Login-Error', 'oauth_token');
    28. 

  28.             return $this->responseNoPermission();
    29. 

  29.         }
    30. 

  30. 

  31.         $loginLinkData = array(
    32. 

  32.             'redirect' => $redirectUri,
    33. 

  33.             'timestamp' => XenForo_Application::$time + 10,
    34. 

  34.         );
    35. 

  35.         $loginLinkData['user_id'] = bdApi_Crypt::encryptTypeOne($userId, $loginLinkData['timestamp']);
    36. 

  36. 

  37.         $loginLink = XenForo_Link::buildPublicLink('login/api', '', $loginLinkData);
    38. 

  38. 

  39.         return $this->responseRedirect(XenForo_ControllerResponse_Redirect::RESOURCE_CANONICAL_PERMANENT, $loginLink);
    40. 

  40.     }
    41. 

  41. 

  42.     public function actionPostLoginSocial()
    43. 

  43.     {
    44. 

  44.         $social = array();
    45. 

  45. 

  46.         $options = XenForo_Application::getOptions();
    47. 

  47. 

  48.         if ($options->get('facebookAppId')) {
    49. 

  49.             $social[] = 'facebook';
    50. 

  50.         }
    51. 

  51. 

  52.         if ($options->get('twitterAppKey')) {
    53. 

  53.             $social[] = 'twitter';
    54. 

  54.         }
    55. 

  55. 

  56.         if ($options->get('googleClientId')) {
    57. 

  57.             $social[] = 'google';
    58. 

  58.         }
    59. 

  59. 

  60.         return $this->responseData('bdApi_ViewApi_Tool_LoginSocial', array('social' => $social));
    61. 

  61.     }
    62. 

  62. 

  63.     public function actionGetLogout()
    64. 

  64.     {
    65. 

  65.         $redirectUri = $this->_input->filterSingle('redirect_uri', XenForo_Input::STRING);
    66. 

  66.         if (empty($redirectUri)) {
    67. 

  67.             return $this->responseError(new XenForo_Phrase('bdapi_slash_tools_login_requires_redirect_uri'), 400);
    68. 

  68.         }
    69. 

  69. 

  70.         /* @var $session bdApi_Session */
    71. 

  71.         $session = XenForo_Application::getSession();
    72. 

  72.         $clientId = $session->getOAuthClientId();
    73. 

  73.         if (empty($clientId)) {
    74. 

  74.             $this->_response->setHeader('X-Api-Logout-Error', 'client_id');
    75. 

  75.             return $this->responseNoPermission();
    76. 

  76.         }
    77. 

  77. 

  78.         if (!$session->isValidRedirectUri($redirectUri)) {
    79. 

  79.             $this->_response->setHeader('X-Api-Logout-Error', 'redirect_uri');
    80. 

  80.             return $this->responseNoPermission();
    81. 

  81.         }
    82. 

  82. 

  83.         $logoutLinkData = array(
    84. 

  84.             'redirect' => $redirectUri,
    85. 

  85.             '_xfToken' => XenForo_Visitor::getInstance()->get('csrf_token_page'),
    86. 

  86.             'timestamp' => XenForo_Application::$time + 10,
    87. 

  87.         );
    88. 

  88.         $logoutLinkData['md5'] = bdApi_Crypt::encryptTypeOne(md5($logoutLinkData['redirect']), $logoutLinkData['timestamp']);
    89. 

  89. 

  90.         $logoutLink = XenForo_Link::buildPublicLink('logout', '', $logoutLinkData);
    91. 

  91. 

  92.         return $this->responseRedirect(XenForo_ControllerResponse_Redirect::RESOURCE_CANONICAL_PERMANENT, $logoutLink);
    93. 

  93.     }
    94. 

  94. 

  95.     public function actionPostPasswordTest()
    96. 

  96.     {
    97. 

  97.         $input = $this->_input->filter(array(
    98. 

  98.             'password' => XenForo_Input::STRING,
    99. 

  99.             'password_algo' => XenForo_Input::STRING,
    100. 

  100.             'decrypt' => XenForo_Input::UINT,
    101. 

  101.         ));
    102. 

  102. 

  103.         if (!XenForo_Application::debugMode()) {
    104. 

  104.             return $this->responseNoPermission();
    105. 

  105.         }
    106. 

  106. 

  107.         if (empty($input['decrypt'])) {
    108. 

  108.             $result = bdApi_Crypt::encrypt($input['password'], $input['password_algo']);
    109. 

  109.         } else {
    110. 

  110.             $result = bdApi_Crypt::decrypt($input['password'], $input['password_algo']);
    111. 

  111.         }
    112. 

  112. 

  113.         $data = array('result' => $result);
    114. 

  114. 

  115.         return $this->responseData('bdApi_ViewApi_Tool_PasswordTest', $data);
    116. 

  116.     }
    117. 

  117. 

  118.     public function actionPostPasswordResetRequest()
    119. 

  119.     {
    120. 

  120.         $this->_assertRegistrationRequired();
    121. 

  121. 

  122.         $user = XenForo_Visitor::getInstance()->toArray();
    123. 

  123. 

  124.         /* @var $userConfirmationModel XenForo_Model_UserConfirmation */
    125. 

  125.         $userConfirmationModel = $this->getModelFromCache('XenForo_Model_UserConfirmation');
    126. 

  126.         $userConfirmationModel->sendPasswordResetRequest($user);
    127. 

  127. 

  128.         return $this->responseMessage(new XenForo_Phrase('password_reset_request_has_been_emailed_to_you'));
    129. 

  129.     }
    130. 

  130. 

  131.     public function actionPostLink()
    132. 

  132.     {
    133. 

  133.         $type = $this->_input->filterSingle('type', XenForo_Input::STRING, array('default' => 'public'));
    134. 

  134.         $route = $this->_input->filterSingle('route', XenForo_Input::STRING, array('default' => 'index'));
    135. 

  135. 

  136.         switch ($type) {
    137. 

  137.             case 'admin':
    138. 

  138.                 $link = XenForo_Link::buildAdminLink($route);
    139. 

  139.                 break;
    140. 

  140.             case 'public':
    141. 

  141.             default:
    142. 

  142.                 $link = XenForo_Link::buildPublicLink($route);
    143. 

  143.                 break;
    144. 

  144.         }
    145. 

  145. 

  146.         $data = array(
    147. 

  147.             'type' => $type,
    148. 

  148.             'route' => $route,
    149. 

  149.             'link' => $link,
    150. 

  150.         );
    151. 

  151. 

  152.         return $this->responseData('bdApi_ViewApi_Tool_Link', $data);
    153. 

  153.     }
    154. 

  154. 

  155.     public function actionPostPing()
    156. 

  156.     {
    157. 

  157.         $this->_assertAdminPermission('bdApi');
    158. 

  158. 

  159.         $visitor = XenForo_Visitor::getInstance();
    160. 

  160.         $userId = $this->_input->filterSingle('user_id', XenForo_Input::UINT);
    161. 

  161.         $message = $this->_input->filterSingle('message', XenForo_Input::STRING);
    162. 

  162. 

  163.         XenForo_Model_Alert::alert(
    164. 

  164.             $userId,
    165. 

  165.             $visitor['user_id'], $visitor['username'],
    166. 

  166.             'api_ping', 0, 'message',
    167. 

  167.             array(
    168. 

  168.                 'message' => $message,
    169. 

  169.             )
    170. 

  170.         );
    171. 

  171. 

  172.         return $this->responseMessage(new XenForo_Phrase('changes_saved'));
    173. 

  173.     }
    174. 

  174. 

  175.     public function actionGetParseLink()
    176. 

  176.     {
    177. 

  177.         $link = $this->_input->filterSingle('link', XenForo_Input::STRING);
    178. 

  178.         $link = XenForo_Link::convertUriToAbsoluteUri($link, true);
    179. 

  179.         $fc = XenForo_Application::get('_bdApi_fc');
    180. 

  180.         /* @var $dependencies bdApi_Dependencies */
    181. 

  181.         $dependencies = $fc->getDependencies();
    182. 

  182. 

  183.         $request = new bdApi_Zend_Controller_Request_Http($link);
    184. 

  184.         $request->setBaseUrl(parse_url(XenForo_Application::getOptions()->get('boardUrl'), PHP_URL_PATH));
    185. 

  185. 

  186.         $routeMatch = $dependencies->routePublic($request);
    187. 

  187.         if (!$routeMatch OR !$routeMatch->getControllerName()) {
    188. 

  188.             // link cannot be route
    189. 

  189.             return $this->_actionGetParseLink_getControllerResponseNop($link, false);
    190. 

  190.         }
    191. 

  191. 

  192.         $controllerResponse = $this->_actionGetParseLink_getControllerResponse($link, $request, $routeMatch);
    193. 

  193.         if (!empty($controllerResponse)) {
    194. 

  194.             return $controllerResponse;
    195. 

  195.         }
    196. 

  196. 

  197.         // controller / action not recognized...
    198. 

  198.         return $this->_actionGetParseLink_getControllerResponseNop($link, true);
    199. 

  199.     }
    200. 

  200. 

  201.     protected function _actionGetParseLink_getControllerResponseNop($link, $routed)
    202. 

  202.     {
    203. 

  203.         return $this->responseData('bdApi_ViewApi_Tool_ParseLink', array(
    204. 

  204.             'link' => $link,
    205. 

  205.             'routed' => $routed,
    206. 

  206.         ));
    207. 

  207.     }
    208. 

  208. 

  209.     protected function _actionGetParseLink_getControllerResponse($link, Zend_Controller_Request_Http $request, XenForo_RouteMatch $routeMatch)
    210. 

  210.     {
    211. 

  211.         switch ($routeMatch->getControllerName()) {
    212. 

  212.             case 'XenForo_ControllerPublic_Forum':
    213. 

  213.                 $nodeId = $request->getParam('node_id');
    214. 

  214. 

  215.                 if (empty($nodeId)) {
    216. 

  216.                     $nodeName = $request->getParam('node_name');
    217. 

  217.                     if (!empty($nodeName)) {
    218. 

  218.                         /* @var $nodeModel XenForo_Model_Node */
    219. 

  219.                         $nodeModel = $this->getModelFromCache('XenForo_Model_Node');
    220. 

  220.                         $node = $nodeModel->getNodeByName($nodeName, 'Forum');
    221. 

  221.                         if (!empty($node)) {
    222. 

  222.                             $nodeId = $node['node_id'];
    223. 

  223.                         }
    224. 

  224.                     }
    225. 

  225.                 }
    226. 

  226. 

  227.                 if (!empty($nodeId)) {
    228. 

  228.                     $this->_request->setParam('forum_id', $nodeId);
    229. 

  229.                 }
    230. 

  230. 

  231.                 return $this->responseReroute('bdApi_ControllerApi_Thread', 'get-index');
    232. 

  232.             case 'XenForo_ControllerPublic_Thread':
    233. 

  233.                 $threadId = $request->getParam('thread_id');
    234. 

  234. 

  235.                 if (!empty($threadId)) {
    236. 

  236.                     $this->_request->setParam('thread_id', $threadId);
    237. 

  237. 

  238.                     $linkFragment = parse_url($link, PHP_URL_FRAGMENT);
    239. 

  239.                     if (!empty($linkFragment) AND preg_match('#^post-(?<post_id>\d+)$#', $linkFragment, $fragment)) {
    240. 

  240.                         $this->_request->setParam('page_of_post_id', $fragment['post_id']);
    241. 

  241.                     }
    242. 

  242. 

  243.                     return $this->responseReroute('bdApi_ControllerApi_Post', 'get-index');
    244. 

  244.                 }
    245. 

  245.                 break;
    246. 

  246.             case 'XenForo_ControllerPublic_Post':
    247. 

  247.                 $postId = $request->getParam('post_id');
    248. 

  248. 

  249.                 if (!empty($postId)) {
    250. 

  250.                     $this->_request->setParam('page_of_post_id', $postId);
    251. 

  251.                     return $this->responseReroute('bdApi_ControllerApi_Post', 'get-index');
    252. 

  252.                 }
    253. 

  253.                 break;
    254. 

  254.         }
    255. 

  255. 

  256.         return null;
    257. 

  257.     }
    258. 

  258. 

  259.     protected function _preDispatchFirst($action)
    260. 

  260.     {
    261. 

  261.         switch ($action) {
    262. 

  262.             case 'GetLogin':
    263. 

  263.             case 'GetLogout':
    264. 

  264.                 $this->_redirectAsNoPermission = true;
    265. 

  265.                 break;
    266. 

  266.         }
    267. 

  267. 

  268.         parent::_preDispatchFirst($action);
    269. 

  269.     }
    270. 

  270. 

  271.     protected $_redirectAsNoPermission = false;
    272. 

  272. 

  273.     public function responseNoPermission()
    274. 

  274.     {
    275. 

  275.         if ($this->_redirectAsNoPermission) {
    276. 

  276.             // this "hack" is required because other pre dispatch jobs may throw no permission response around
    277. 

  277.             // and we want to redirect them all, not just from our actions
    278. 

  278.             $redirectUri = $this->_input->filterSingle('redirect_uri', XenForo_Input::STRING);
    279. 

  279.             if (!empty($redirectUri)) {
    280. 

  280.                 return $this->responseRedirect(
    281. 

  281.                     XenForo_ControllerResponse_Redirect::RESOURCE_CANONICAL_PERMANENT,
    282. 

  282.                     $redirectUri
    283. 

  283.                 );
    284. 

  284.             }
    285. 

  285.         }
    286. 

  286. 

  287.         return parent::responseNoPermission();
    288. 

  288.     }
    289. 

  289. 

  290. 

  291.     protected function _getScopeForAction($action)
    292. 

  292.     {
    293. 

  293.         return false;
    294. 

  294.     }
    295. 

  295. 

  296.     /**
    297. 

  297.      *
    298. 

  298.      * @return XenForo_Model_Alert
    299. 

  299.      */
    300. 

  300.     protected function _getAlertModel()
    301. 

  301.     {
    302. 

  302.         return $this->getModelFromCache('XenForo_Model_Alert');
    303. 

  303.     }
    304. 

  304. 

  305. }
    306. 

  306.