Merged in qronald/processmaker (pull request #1545)

fix oauth2 in PM < 3 in Table rbac user

framework/src/Maveriks/WebApplication.php

@@ -296,6 +296,9 @@ class WebApplication
         list($host, $port) = strpos(DB_HOST, ':') !== false ? explode(':', DB_HOST) : array(DB_HOST, '');
         $port = empty($port) ? '' : ";port=$port";
         Services\OAuth2\Server::setDatabaseSource(DB_USER, DB_PASS, DB_ADAPTER.":host=$host;dbname=".DB_NAME.$port);
+        if (DB_NAME != DB_RBAC_NAME) { //it's PM < 3
+            Services\OAuth2\Server::setDatabaseSourceRBAC(DB_RBAC_USER, DB_RBAC_PASS, DB_ADAPTER.":host=".DB_RBAC_HOST.";dbname=".DB_RBAC_NAME.$port);
+        }
 
         // Setting default OAuth Client id, for local PM Web Designer
         Services\OAuth2\Server::setPmClientId($pmOauthClientId);

workflow/engine/methods/cases/casesStreamingFile.php

@@ -0,0 +1,111 @@
+<?php
+
+
+$actionAjax = isset( $_REQUEST['actionAjax'] ) ? $_REQUEST['actionAjax'] : null;
+
+if ($actionAjax == "streaming") {
+
+    $app_uid = isset( $_REQUEST['a'] ) ? $_REQUEST['a'] : null;
+    $inp_doc_uid = isset( $_REQUEST['d'] ) ? $_REQUEST['d'] : null;
+    $oAppDocument = new \AppDocument();
+
+    if (! isset( $fileData['version'] )) {
+        $docVersion = $oAppDocument->getLastAppDocVersion( $inp_doc_uid );
+    } else {
+        $docVersion = $fileData['version'];
+    }
+
+    $oAppDocument->Fields = $oAppDocument->load( $inp_doc_uid, $docVersion );
+
+    $sAppDocUid  = $oAppDocument->getAppDocUid();
+    $iDocVersion = $oAppDocument->getDocVersion();
+    $info = pathinfo( $oAppDocument->getAppDocFilename() );
+    $ext  = (isset($info['extension'])?$info['extension']:'');
+
+    $file = \G::getPathFromFileUID($oAppDocument->Fields['APP_UID'], $sAppDocUid);
+
+    $realPath  = PATH_DOCUMENT .  $app_uid . '/' . $file[0] . $file[1] . '_' . $iDocVersion . '.' . $ext;
+    $realPath1 = PATH_DOCUMENT . $app_uid . '/' . $file[0] . $file[1] . '.' . $ext;
+
+    if (file_exists( $realPath )) {
+        $finfo    = finfo_open(FILEINFO_MIME_TYPE);
+        $mimeType = finfo_file($finfo, $realPath);
+        finfo_close($finfo);
+        if ($ext == "mp3") {
+            $mimeType = "audio/mpeg";
+        }
+        rangeDownload($realPath,$mimeType);
+    } elseif (file_exists( $realPath1 )) {
+        $finfo    = finfo_open(FILEINFO_MIME_TYPE);
+        $mimeType = finfo_file($finfo, $realPath1);
+        finfo_close($finfo);
+        if ($ext == "mp3") {
+            $mimeType = "audio/mpeg";
+        }
+        rangeDownload($realPath1,$mimeType);
+    } else {
+        header ("HTTP/1.0 404 Not Found");
+        return;
+    }
+    exit(0);
+}
+
+exit;
+
+function rangeDownload($location,$mimeType)
+{
+    if (!file_exists($location))
+    {
+        header ("HTTP/1.0 404 Not Found");
+        return;
+    }
+    $size  = filesize($location);
+    $time  = date('r', filemtime($location));
+
+    $fm = @fopen($location, 'rb');
+    if (!$fm)
+    {
+        header ("HTTP/1.0 505 Internal server error");
+        return;
+    }
+
+    $begin  = 0;
+    $end  = $size - 1;
+
+    if (isset($_SERVER['HTTP_RANGE']))
+    {
+        if (preg_match('/bytes=\h*(\d+)-(\d*)[\D.*]?/i', $_SERVER['HTTP_RANGE'], $matches))
+        {
+            $begin  = intval($matches[1]);
+            if (!empty($matches[2]))
+            {
+                $end  = intval($matches[2]);
+            }
+        }
+    }
+
+    header('HTTP/1.0 206 Partial Content');
+    header("Content-Type: $mimeType");
+    header('Cache-Control: public, must-revalidate, max-age=0');
+    header('Pragma: no-cache');
+    header('Accept-Ranges: bytes');
+    header('Content-Length:' . (($end - $begin) + 1));
+    if (isset($_SERVER['HTTP_RANGE']))
+    {
+        header("Content-Range: bytes $begin-$end/$size");
+    }
+    header("Content-Disposition: inline; filename=$location");
+    header("Content-Transfer-Encoding: binary");
+    header("Last-Modified: $time");
+
+    $cur  = $begin;
+    fseek($fm, $begin, 0);
+
+    while(!feof($fm) && $cur <= $end && (connection_status() == 0))
+    {
+        set_time_limit(0);
+        print fread($fm, min(1024 * 16, ($end - $cur) + 1));
+        $cur += 1024 * 16;
+        flush();
+    }
+}

workflow/engine/src/ProcessMaker/Services/OAuth2/PmPdo.php

@@ -17,9 +17,10 @@ class PmPdo implements \OAuth2\Storage\AuthorizationCodeInterface,
 {
 
     protected $db;
+    protected $dbRBAC;
     protected $config;
 
-    public function __construct($connection, $config = array())
+    public function __construct($connection, $config = array(), $connectionRBAC = null)
     {
         if (!$connection instanceof \PDO) {
             if (!is_array($connection)) {
@@ -37,6 +38,23 @@ class PmPdo implements \OAuth2\Storage\AuthorizationCodeInterface,
         }
         $this->db = $connection;
 
+        // it's for Pm < 3
+        if (!is_null($connectionRBAC) &&(!$connectionRBAC instanceof \PDO)) {
+            if (!is_array($connectionRBAC)) {
+                throw new \InvalidArgumentException('First argument to OAuth2\Storage\Pdo must be an instance of PDO or a configuration array');
+            }
+            if (!isset($connectionRBAC['dsn'])) {
+                throw new \InvalidArgumentException('configuration array must contain "dsn"');
+            }
+            // merge optional parameters
+            $connectionRBAC = array_merge(array(
+                'username' => null,
+                'password' => null,
+            ), $connectionRBAC);
+            $connectionRBAC = new \PDO($connectionRBAC['dsn'], $connectionRBAC['username'], $connectionRBAC['password']);
+        }
+        $this->dbRBAC = $connectionRBAC;
+
         // debugging
         $connection->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION);
 
@@ -45,7 +63,7 @@ class PmPdo implements \OAuth2\Storage\AuthorizationCodeInterface,
             'access_token_table' => 'OAUTH_ACCESS_TOKENS',
             'refresh_token_table' => 'OAUTH_REFRESH_TOKENS',
             'code_table' => 'OAUTH_AUTHORIZATION_CODES',
-            'user_table' => 'USERS',
+            'user_table' => 'RBAC_USERS',
             'jwt_table' => 'OAUTH_JWT',
         ), $config);
     }
@@ -211,12 +229,15 @@ class PmPdo implements \OAuth2\Storage\AuthorizationCodeInterface,
     // plaintext passwords are bad!  Override this for your application
     protected function checkPassword($user, $password)
     {
-        return $user['USR_PASSWORD'] == md5($password);
+        return $user['USR_PASSWORD'] == \Bootstrap::hashPassword($password);
     }
 
     public function getUser($username)
     {
         $stmt = $this->db->prepare($sql = sprintf('SELECT * FROM %s WHERE USR_USERNAME=:username', $this->config['user_table']));
+        if (!is_null($this->dbRBAC)) {
+            $stmt = $this->dbRBAC->prepare($sql = sprintf('SELECT * FROM %s WHERE USR_USERNAME=:username', $this->config['user_table']));
+        }
         $stmt->execute(array('username' => $username));
 
         if (!$userInfo = $stmt->fetch()) {

workflow/engine/src/ProcessMaker/Services/OAuth2/Server.php

@@ -29,6 +29,10 @@ class Server implements iAuthenticate
     protected static $dbUser;
     protected static $dbPassword;
     protected static $dsn;
+    protected static $dbUserRBAC;
+    protected static $dbPasswordRBAC;
+    protected static $dsnRBAC;
+    protected static $isRBAC = false;
     protected static $workspace;
 
     public function __construct()
@@ -42,9 +46,15 @@ class Server implements iAuthenticate
         );
 
         // $dsn is the Data Source Name for your database, for exmaple "mysql:dbname=my_oauth2_db;host=localhost"
-        $config = array('dsn' => self::$dsn, 'username' => self::$dbUser, 'password' => self::$dbPassword);
-        //var_dump($config); die;
-        $this->storage = new PmPdo($config);
+        $cnn = array('dsn' => self::$dsn, 'username' => self::$dbUser, 'password' => self::$dbPassword);
+
+        if (self::$isRBAC) {
+            $config = array('user_table' => 'USERS');
+            $cnnrbac = array('dsn' => self::$dsnRBAC, 'username' => self::$dbUserRBAC, 'password' => self::$dbPasswordRBAC);
+            $this->storage = new PmPdo($cnn, $config, $cnnrbac);
+        } else {
+            $this->storage = new PmPdo($cnn);
+        }
 
         // Pass a storage object or array of storage objects to the OAuth2 server class
         $this->server = new \OAuth2\Server($this->storage, array('allow_implicit' => true));
@@ -112,6 +122,21 @@ class Server implements iAuthenticate
         }
     }
 
+    public static function setDatabaseSourceRBAC($user, $password = '', $dsn = '')
+    {
+        if (is_array($user)) {
+            self::$dbUserRBAC = $user['username'];
+            self::$dbPasswordRBAC = $user['password'];
+            self::$dsnRBAC = $user['dsn'];
+            self::$isRBAC = true;
+        } else {
+            self::$dbUserRBAC = $user;
+            self::$dbPasswordRBAC = $password;
+            self::$dsnRBAC = $dsn;
+            self::$isRBAC = true;
+        }
+    }
+
     public static function setWorkspace($workspace)
     {
         self::$workspace = $workspace;

workflow/engine/src/ProcessMaker/Services/api.ini

@@ -98,3 +98,5 @@ debug = 1
 [alias: emails]
     email = "ProcessMaker\Services\Api\EmailServer"
 
+[alias: light]
+    light = "ProcessMaker\Services\Api\Light"

workflow/public_html/sysGeneric.php

@@ -894,6 +894,7 @@ if (! defined( 'EXECUTE_BY_CRON' )) {
         $noLoginFiles[] = 'casesSaveDataView';
         $noLoginFiles[] = 'propelTableAjax';
         $noLoginFiles[] = 'licenseUpdate';
+        $noLoginFiles[] = 'casesStreamingFile';
 
         $noLoginFolders[] = 'services';
         $noLoginFolders[] = 'tracker';