Merged in feature/HOR-3615 (pull request #5857)

HOR-3615

Approved-by: Julio Cesar Laura Avendaño <contact@julio-laura.com>

workflow/engine/controllers/designer.php

@@ -7,6 +7,11 @@
  * @access public
  */
 
+use Maveriks\Util\ClassLoader;
+use \OAuth2\Request;
+use \ProcessMaker\BusinessModel\Light\Tracker;
+use \ProcessMaker\Services\OAuth2\Server;
+
 class Designer extends Controller
 {
     protected $clientId = 'x-pm-local-client';
@@ -26,51 +31,10 @@ class Designer extends Controller
         $proUid = isset($httpData->prj_uid) ? $httpData->prj_uid : '';
         $appUid = isset($httpData->app_uid) ? $httpData->app_uid : '';
         $proReadOnly = isset($httpData->prj_readonly) ? $httpData->prj_readonly : 'false';
-        $client = $this->getClientCredentials();
 
-        if (isset($httpData->tracker_designer) && $httpData->tracker_designer == 1) {
+        $clientToken = $this->getCredentials($httpData);
-            try {
-                if (!isset($_SESSION['CASE']) && !isset($_SESSION['PIN'])) {
-                    throw (new \Exception(
-                        \G::LoadTranslation('ID_CASE_NOT_EXISTS') . "\n" . \G::LoadTranslation('ID_PIN_INVALID')
-                    ));
-                }
-                \ProcessMaker\BusinessModel\Light\Tracker::authentication($_SESSION['CASE'], $_SESSION['PIN']);
-            } catch (\Exception $e) {
-                Bootstrap::registerMonolog('CaseTracker', 400, $e->getMessage(), [], SYS_SYS, 'processmaker.log');
-                \G::header('Location: /errors/error403.php');
-                die();
-            }
-            $client["tracker_designer"] = 1;
-        }
-
-        $authCode = $this->getAuthorizationCode($client);
         $debug = false; //System::isDebugMode();
 
-        $loader = Maveriks\Util\ClassLoader::getInstance();
-        $loader->add(PATH_TRUNK . 'vendor/bshaffer/oauth2-server-php/src/', "OAuth2");
-
-        $request = array(
-            'grant_type' => 'authorization_code',
-            'code' => $authCode
-        );
-        $server = array(
-            'REQUEST_METHOD' => 'POST'
-        );
-        $headers = array(
-            "PHP_AUTH_USER" => $client['CLIENT_ID'],
-            "PHP_AUTH_PW" => $client['CLIENT_SECRET'],
-            "Content-Type" => "multipart/form-data;",
-            "Authorization" => "Basic " . base64_encode($client['CLIENT_ID'] . ":" . $client['CLIENT_SECRET'])
-        );
-
-        $request = new \OAuth2\Request(array(), $request, array(), array(), array(), $server, null, $headers);
-        $oauthServer = new \ProcessMaker\Services\OAuth2\Server();
-        $response = $oauthServer->postToken($request, true);
-        $clientToken = $response->getParameters();
-        $clientToken["client_id"] = $client['CLIENT_ID'];
-        $clientToken["client_secret"] = $client['CLIENT_SECRET'];
-
         $consolidated = 0;
         $enterprise = 0;
         $distribution = 0;
@@ -197,10 +161,10 @@ class Designer extends Controller
 
     protected function getAuthorizationCode($client)
     {
-        \ProcessMaker\Services\OAuth2\Server::setDatabaseSource($this->getDsn());
+        Server::setDatabaseSource($this->getDsn());
-        \ProcessMaker\Services\OAuth2\Server::setPmClientId($client['CLIENT_ID']);
+        Server::setPmClientId($client['CLIENT_ID']);
 
-        $oauthServer = new \ProcessMaker\Services\OAuth2\Server();
+        $oauthServer = new Server();
 
         if (isset($client["tracker_designer"]) && $client["tracker_designer"] == 1) {
             $_SESSION["USER_LOGGED"] = "00000000000000000000000000000001";
@@ -232,4 +196,59 @@ class Designer extends Controller
 
         return array('dsn' => $dsn, 'username' => DB_USER, 'password' => DB_PASS);
     }
+
+    /**
+     * Return credentials oauth2
+     *
+     * @param object $httpData
+     * @return array credentials
+     */
+    public function getCredentials($httpData = null)
+    {
+        $client = $this->getClientCredentials();
+
+        if (!empty($httpData->tracker_designer) && $httpData->tracker_designer == 1) {
+            try {
+                if (!isset($_SESSION['CASE']) && !isset($_SESSION['PIN'])) {
+                    throw (new \Exception(
+                        \G::LoadTranslation('ID_CASE_NOT_EXISTS') . "\n" . \G::LoadTranslation('ID_PIN_INVALID')
+                    ));
+                }
+                Tracker::authentication($_SESSION['CASE'], $_SESSION['PIN']);
+            } catch (\Exception $e) {
+                Bootstrap::registerMonolog('CaseTracker', 400, $e->getMessage(), [], SYS_SYS, 'processmaker.log');
+                \G::header('Location: /errors/error403.php');
+                die();
+            }
+            $client["tracker_designer"] = 1;
+        }
+
+        $authCode = $this->getAuthorizationCode($client);
+
+        $loader = ClassLoader::getInstance();
+        $loader->add(PATH_TRUNK . 'vendor/bshaffer/oauth2-server-php/src/', "OAuth2");
+
+        $request = array(
+            'grant_type' => 'authorization_code',
+            'code' => $authCode
+        );
+        $server = array(
+            'REQUEST_METHOD' => 'POST'
+        );
+        $headers = array(
+            "PHP_AUTH_USER" => $client['CLIENT_ID'],
+            "PHP_AUTH_PW" => $client['CLIENT_SECRET'],
+            "Content-Type" => "multipart/form-data;",
+            "Authorization" => "Basic " . base64_encode($client['CLIENT_ID'] . ":" . $client['CLIENT_SECRET'])
+        );
+
+        $request = new Request(array(), $request, array(), array(), array(), $server, null, $headers);
+        $oauthServer = new Server();
+        $response = $oauthServer->postToken($request, true);
+        $clientToken = $response->getParameters();
+        $clientToken["client_id"] = $client['CLIENT_ID'];
+        $clientToken["client_secret"] = $client['CLIENT_SECRET'];
+
+        return $clientToken;
+    }
 }

workflow/engine/methods/processes/mainInit.php

@@ -88,6 +88,13 @@ $oHeadPublisher->assign("arrayMenuNewOptionPlugin", $arrayMenuNewOptionPlugin);
 $oHeadPublisher->assign("arrayContextMenuOptionPlugin", $arrayContextMenuOptionPlugin);
 $oHeadPublisher->assign('extJsViewState', $oHeadPublisher->getExtJsViewState());
 
+$designer = new Designer();
+$oHeadPublisher->assign('SYS_SYS', SYS_SYS);
+$oHeadPublisher->assign('SYS_LANG', SYS_LANG);
+$oHeadPublisher->assign('SYS_SKIN', SYS_SKIN);
+$oHeadPublisher->assign('HTTP_SERVER_HOSTNAME', PmSystem::getHttpServerHostnameRequestsFrontEnd());
+$oHeadPublisher->assign('credentials', base64_encode(G::json_encode($designer->getCredentials())));
+
 $deleteCasesFlag = false;
 global $RBAC;
 if($RBAC->userCanAccess('PM_DELETE_PROCESS_CASES') === 1) {