Merged in release/3.2.2 (pull request #6128)

release/3.2.2

Approved-by: Paula Quispe <paula.quispe@processmaker.com>

workflow/engine/src/ProcessMaker/Plugins/Adapters/PluginAdapter.php

@@ -90,6 +90,7 @@ class PluginAdapter
         '_aJavascripts' => ['name' => 'PLUGIN_JS', 'type' => 'array'],
         '_aJs' => ['name' => 'PLUGIN_JS', 'type' => 'array'],
         '_restServices' => ['name' => 'PLUGIN_REST_SERVICE', 'type' => 'array'],
+        '_aTaskExtendedProperties' => ['name' => 'PLUGIN_TASK_EXTENDED_PROPERTIES', 'type' => 'array'],
     ];
 
     /**

workflow/engine/src/ProcessMaker/Plugins/PluginRegistry.php

@@ -854,12 +854,19 @@ class PluginRegistry
                 }
                 if ($found) {
                     require_once($classFile);
-                    $sClassName = substr($this->_aPluginDetails[$trigger->getNamespace()]->getClassName(), 0, 1) .
+                    $sClassNameA = substr($this->_aPluginDetails[$trigger->getNamespace()]->getClassName(), 0, 1) .
                         str_replace(
-                            'plugin',
+                            ['Plugin','plugin'],
+                            'Class',
+                            substr($this->_aPluginDetails[$trigger->getNamespace()]->getClassName(), 1)
+                        );
+                    $sClassNameB = substr($this->_aPluginDetails[$trigger->getNamespace()]->getClassName(), 0, 1) .
+                        str_replace(
+                            ['Plugin','plugin'],
                             'class',
                             substr($this->_aPluginDetails[$trigger->getNamespace()]->getClassName(), 1)
                         );
+                    $sClassName = class_exists($sClassNameA) ? $sClassNameA : $sClassNameB;
                     $obj = new $sClassName();
                     $methodName = $trigger->getTriggerName();
                     $response = $obj->{$methodName}($oData);

workflow/engine/src/ProcessMaker/Services/Api/Project.php

@@ -16,12 +16,10 @@ use ProcessMaker\Project\Adapter\BpmnWorkflow;
 use Exception;
 
 /**
- * Class Project
- *
  * @package Services\Api\ProcessMaker
- * @author Erik Amaru Ortiz <aortiz.erik@gmail.com, erik@colosa.com>
- *
  * @protected
+ * @access protected
+ * @class AccessControl {@permission PM_FACTORY}
  */
 class Project extends Api
 {
@@ -53,7 +51,6 @@ class Project extends Api
 
     /**
      * @url GET /:prj_uid
-     *
      * @param string $prj_uid {@min 32}{@max 32}
      */
     public function doGetProject($prj_uid)
@@ -75,10 +72,6 @@ class Project extends Api
      *
      * @param string $prj_name
      * @param array $request_data
-     *
-     * @author Brayan Pereyra (Cochalo) <brayan@colosa.com>
-     * @copyright Colosa - Bolivia
-     *
      * @url POST
      * @status 201
      */
@@ -97,7 +90,6 @@ class Project extends Api
 
     /**
      * @url PUT /:prj_uid
-     *
      * @param string $prj_uid {@min 32}{@max 32}
      */
     public function doPutProject($prj_uid, $request_data)
@@ -141,11 +133,10 @@ class Project extends Api
 
     /**
      * Bulk actions
+     * 
      * @url POST /bulk
-     *
      * @access protected
      * @class AccessControl {@permission PM_FACTORY}
-     *
      * @param array $request_data
      * @return array $response
      * @throws Exception
@@ -162,7 +153,6 @@ class Project extends Api
 
     /**
      * @url GET /:prj_uid/export/listObjects
-     *
      * @param string $prj_uid {@min 32}{@max 32}
      * @return mixed|string
      * @throws RestException
@@ -180,7 +170,6 @@ class Project extends Api
 
     /**
      * @url GET /:prj_uid/export-granular
-     *
      * @param string $prj_uid {@min 32}{@max 32}
      * @param string $objects
      */
@@ -203,7 +192,6 @@ class Project extends Api
 
     /**
      * @url GET /:prj_uid/export
-     *
      * @param string $prj_uid {@min 32}{@max 32}
      */
     public function export($prj_uid)
@@ -230,9 +218,7 @@ class Project extends Api
 
     /**
      * @url POST /import
-     *
      * @param array $request_data
-     *
      * @status 201
      */
     public function doPostImport(array $request_data, $option = null, $option_group = null)
@@ -260,7 +246,6 @@ class Project extends Api
 
     /**
      * @url POST /save-as
-     *
      * @param string $prj_uid         {@from body}
      * @param string $prj_name        {@from body}
      * @param string $prj_description {@from body}
@@ -274,7 +259,6 @@ class Project extends Api
 
     /**
      * @url GET /:prj_uid/process
-     *
      * @param string $prj_uid {@min 32}{@max 32}
      */
     public function doGetProcess($prj_uid)
@@ -295,7 +279,6 @@ class Project extends Api
 
     /**
      * @url PUT /:prj_uid/process
-     *
      * @param string $prj_uid      {@min 32}{@max 32}
      * @param array  $request_data
      */
@@ -315,9 +298,7 @@ class Project extends Api
 
     /**
      * @url POST /generate-bpmn
-     *
      * @param array $request_data
-     *
      * @status 201
      */
     public function doPostGenerateBpmn(array $request_data)
@@ -353,7 +334,6 @@ class Project extends Api
 
     /**
      * @url GET /:prj_uid/dynaforms
-     *
      * @param string $prj_uid {@min 32}{@max 32}
      */
     public function doGetDynaForms($prj_uid)
@@ -373,7 +353,6 @@ class Project extends Api
 
     /**
      * @url GET /:prj_uid/input-documents
-     *
      * @param string $prj_uid {@min 32}{@max 32}
      */
     public function doGetInputDocuments($prj_uid)
@@ -393,7 +372,6 @@ class Project extends Api
 
     /**
      * @url GET /:prj_uid/variables
-     *
      * @param string $prj_uid {@min 32}{@max 32}
      */
     public function doGetVariables($prj_uid)
@@ -414,7 +392,6 @@ class Project extends Api
     /**
      * @url GET /:prj_uid/grid/variables
      * @url GET /:prj_uid/grid/:grid_uid/variables
-     *
      * @param string $prj_uid  {@min 32}{@max 32}
      * @param string $grid_uid
      */
@@ -435,7 +412,6 @@ class Project extends Api
 
     /**
      * @url GET /:prj_uid/trigger-wizards
-     *
      * @param string $prj_uid {@min 32}{@max 32}
      */
     public function doGetTriggerWizards($prj_uid)
@@ -455,7 +431,6 @@ class Project extends Api
 
     /**
      * @url PUT /:prj_uid/update-route-order
-     *
      * @param string $prj_uid {@min 32}{@max 32}
      */
     public function doPutUpdateRouteOrder($prj_uid, $request_data)
@@ -471,7 +446,6 @@ class Project extends Api
 
     /**
      * @url PUT /:prj_uid/update-route-order-from-project
-     *
      * @param string $prj_uid {@min 32}{@max 32}
      */
     public function doPutUpdateRouteOrderFromProject($prj_uid)

workflow/engine/src/ProcessMaker/Util/helpers.php

@@ -1,4 +1,8 @@
 <?php
+
+use Illuminate\Session\TokenMismatchException;
+use Illuminate\Support\Str;
+
 /**
  * We will send a case note in the actions by email
  * @param object $httpData
@@ -361,3 +365,46 @@ function eprintln ($s = "", $c = null)
         print "$s\n";
     }
 }
+
+/**
+ * Initialize the user logged session
+ */
+function initUserSession($usrUid, $usrName)
+{
+    $_SESSION['USER_LOGGED'] = $usrUid;
+    $_SESSION['USR_USERNAME'] = $usrName;
+    $_SESSION['USR_CSRF_TOKEN'] = Str::random(40);
+}
+
+/**
+ * Verify token for an incoming request.
+ *
+ * @param type $request
+ * @throws TokenMismatchException
+ */
+function verifyCsrfToken($request)
+{
+    $headers = getallheaders();
+    $token = isset($request['_token'])
+        ? $request['_token']
+        : (isset($headers['X-CSRF-TOKEN'])
+        ? $headers['X-CSRF-TOKEN']
+        : null);
+    $match = is_string($_SESSION['USR_CSRF_TOKEN'])
+        && is_string($token)
+        && !empty($_SESSION['USR_CSRF_TOKEN'])
+        && hash_equals($_SESSION['USR_CSRF_TOKEN'], $token);
+    if (!$match) {
+        throw new TokenMismatchException();
+    }
+}
+
+/**
+ * Get the current user CSRF token.
+ *
+ * @return string
+ */
+function csrfToken()
+{
+    return isset($_SESSION['USR_CSRF_TOKEN']) ? $_SESSION['USR_CSRF_TOKEN'] : '';
+}