fernando/luos
1
0
Fork 0
Code Releases Activity

Merged in feature/HOR-3615 (pull request #5857)

Browse Source 
HOR-3615

Approved-by: Julio Cesar Laura Avendaño <contact@julio-laura.com>
This commit is contained in:
Marco Antonio Nina Mena
2017-08-07 03:30:19 +00:00
committed by Julio Cesar Laura Avendaño
parent 5c2d8dc971 3370968048
commit 044ab74a9c
2 changed files with 79 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

109
workflow/engine/controllers/designer.php
View File

@@ -7,6 +7,11 @@
* @access public
*/
use Maveriks\Util\ClassLoader;
use \OAuth2\Request;
use \ProcessMaker\BusinessModel\Light\Tracker;
use \ProcessMaker\Services\OAuth2\Server;
class Designer extends Controller
{
protected $clientId = 'x-pm-local-client';
@@ -26,51 +31,10 @@ class Designer extends Controller
$proUid = isset($httpData->prj_uid) ? $httpData->prj_uid : '';
$appUid = isset($httpData->app_uid) ? $httpData->app_uid : '';
$proReadOnly = isset($httpData->prj_readonly) ? $httpData->prj_readonly : 'false';
$client = $this->getClientCredentials();
if (isset($httpData->tracker_designer) && $httpData->tracker_designer == 1) {
try {
if (!isset($_SESSION['CASE']) && !isset($_SESSION['PIN'])) {
throw (new \Exception(
\G::LoadTranslation('ID_CASE_NOT_EXISTS') . "\n" . \G::LoadTranslation('ID_PIN_INVALID')
));
}
\ProcessMaker\BusinessModel\Light\Tracker::authentication($_SESSION['CASE'], $_SESSION['PIN']);
} catch (\Exception $e) {
Bootstrap::registerMonolog('CaseTracker', 400, $e->getMessage(), [], SYS_SYS, 'processmaker.log');
\G::header('Location: /errors/error403.php');
die();
}
$client["tracker_designer"] = 1;
}
$authCode = $this->getAuthorizationCode($client);
$clientToken = $this->getCredentials($httpData);
$debug = false; //System::isDebugMode();
$loader = Maveriks\Util\ClassLoader::getInstance();
$loader->add(PATH_TRUNK . 'vendor/bshaffer/oauth2-server-php/src/', "OAuth2");
$request = array(
'grant_type' => 'authorization_code',
'code' => $authCode
);
$server = array(
'REQUEST_METHOD' => 'POST'
);
$headers = array(
"PHP_AUTH_USER" => $client['CLIENT_ID'],
"PHP_AUTH_PW" => $client['CLIENT_SECRET'],
"Content-Type" => "multipart/form-data;",
"Authorization" => "Basic " . base64_encode($client['CLIENT_ID'] . ":" . $client['CLIENT_SECRET'])
);
$request = new \OAuth2\Request(array(), $request, array(), array(), array(), $server, null, $headers);
$oauthServer = new \ProcessMaker\Services\OAuth2\Server();
$response = $oauthServer->postToken($request, true);
$clientToken = $response->getParameters();
$clientToken["client_id"] = $client['CLIENT_ID'];
$clientToken["client_secret"] = $client['CLIENT_SECRET'];
$consolidated = 0;
$enterprise = 0;
$distribution = 0;
@@ -197,10 +161,10 @@ class Designer extends Controller
protected function getAuthorizationCode($client)
{
\ProcessMaker\Services\OAuth2\Server::setDatabaseSource($this->getDsn());
\ProcessMaker\Services\OAuth2\Server::setPmClientId($client['CLIENT_ID']);
Server::setDatabaseSource($this->getDsn());
Server::setPmClientId($client['CLIENT_ID']);
$oauthServer = new \ProcessMaker\Services\OAuth2\Server();
$oauthServer = new Server();
if (isset($client["tracker_designer"]) && $client["tracker_designer"] == 1) {
$_SESSION["USER_LOGGED"] = "00000000000000000000000000000001";
@@ -232,4 +196,59 @@ class Designer extends Controller
return array('dsn' => $dsn, 'username' => DB_USER, 'password' => DB_PASS);
}
/**
* Return credentials oauth2
*
* @param object $httpData
* @return array credentials
*/
public function getCredentials($httpData = null)
{
$client = $this->getClientCredentials();
if (!empty($httpData->tracker_designer) && $httpData->tracker_designer == 1) {
try {
if (!isset($_SESSION['CASE']) && !isset($_SESSION['PIN'])) {
throw (new \Exception(
\G::LoadTranslation('ID_CASE_NOT_EXISTS') . "\n" . \G::LoadTranslation('ID_PIN_INVALID')
));
}
Tracker::authentication($_SESSION['CASE'], $_SESSION['PIN']);
} catch (\Exception $e) {
Bootstrap::registerMonolog('CaseTracker', 400, $e->getMessage(), [], SYS_SYS, 'processmaker.log');
\G::header('Location: /errors/error403.php');
die();
}
$client["tracker_designer"] = 1;
}
$authCode = $this->getAuthorizationCode($client);
$loader = ClassLoader::getInstance();
$loader->add(PATH_TRUNK . 'vendor/bshaffer/oauth2-server-php/src/', "OAuth2");
$request = array(
'grant_type' => 'authorization_code',
'code' => $authCode
);
$server = array(
'REQUEST_METHOD' => 'POST'
);
$headers = array(
"PHP_AUTH_USER" => $client['CLIENT_ID'],
"PHP_AUTH_PW" => $client['CLIENT_SECRET'],
"Content-Type" => "multipart/form-data;",
"Authorization" => "Basic " . base64_encode($client['CLIENT_ID'] . ":" . $client['CLIENT_SECRET'])
);
$request = new Request(array(), $request, array(), array(), array(), $server, null, $headers);
$oauthServer = new Server();
$response = $oauthServer->postToken($request, true);
$clientToken = $response->getParameters();
$clientToken["client_id"] = $client['CLIENT_ID'];
$clientToken["client_secret"] = $client['CLIENT_SECRET'];
return $clientToken;
}
}

7
workflow/engine/methods/processes/mainInit.php
View File

@@ -88,6 +88,13 @@ $oHeadPublisher->assign("arrayMenuNewOptionPlugin", $arrayMenuNewOptionPlugin);
$oHeadPublisher->assign("arrayContextMenuOptionPlugin", $arrayContextMenuOptionPlugin);
$oHeadPublisher->assign('extJsViewState', $oHeadPublisher->getExtJsViewState());
$designer = new Designer();
$oHeadPublisher->assign('SYS_SYS', SYS_SYS);
$oHeadPublisher->assign('SYS_LANG', SYS_LANG);
$oHeadPublisher->assign('SYS_SKIN', SYS_SKIN);
$oHeadPublisher->assign('HTTP_SERVER_HOSTNAME', PmSystem::getHttpServerHostnameRequestsFrontEnd());
$oHeadPublisher->assign('credentials', base64_encode(G::json_encode($designer->getCredentials())));
$deleteCasesFlag = false;
global $RBAC;
if($RBAC->userCanAccess('PM_DELETE_PROCESS_CASES') === 1) {