FOSSology  4.4.0
Open Source License Compliance by Open Source Software
AjaxManageToken.php
1 <?php
2 /*
3  SPDX-FileCopyrightText: © 2019 Siemens AG
4  Author: Gaurav Mishra <mishra.gaurav@siemens.com>
5 
6  SPDX-License-Identifier: GPL-2.0-only
7 */
8 namespace Fossology\UI\Ajax;
9 
10 use Fossology\Lib\Auth\Auth;
11 use Fossology\Lib\Db\DbManager;
12 use Fossology\Lib\Plugin\DefaultPlugin;
13 use Fossology\UI\Api\Helper\AuthHelper;
14 use Fossology\UI\Api\Helper\DbHelper;
15 use Symfony\Component\HttpFoundation\JsonResponse;
16 use Symfony\Component\HttpFoundation\Request;
17 
22 class AjaxManageToken extends DefaultPlugin
23 {
24 
25  const NAME = "manage-token";
26 
29  private $dbManager;
30 
31  function __construct()
32  {
33  parent::__construct(self::NAME,
34  array(
35  self::PERMISSION => Auth::PERM_WRITE
36  ));
37  $this->dbManager = $this->getObject('db.manager');
38  }
39 
45  protected function handle(Request $request)
46  {
47  $task = GetParm('task', PARM_STRING);
48  $tokenId = GetParm('token-id', PARM_STRING);
49  $response = null;
50 
51  list($tokenPk, $userId) = explode(".", $tokenId);
52  if (Auth::getUserId() != $userId) {
53  $task = "invalid";
54  } else {
55  $verifySql = "SELECT user_fk FROM personal_access_tokens " .
56  "WHERE pat_pk = $1 LIMIT 1;";
57 
58  $row = $this->dbManager->getSingleRow($verifySql, [$tokenPk],
59  __METHOD__ . ".verifyToken");
60  if (empty($row) || $row['user_fk'] != $userId) {
61  $task = "invalid";
62  }
63  }
64  switch ($task) {
65  case "reveal":
66  $response = new JsonResponse($this->revealToken($tokenPk,
67  $request->getHost()));
68  break;
69  case "revoke":
70  $response = new JsonResponse($this->invalidateToken($tokenPk));
71  break;
72  default:
73  $response = new JsonResponse(["status" => false], 400);
74  }
75  return $response;
76  }
77 
85  function revealToken($tokenPk, $hostname="")
86  {
87  global $container;
89  $restDbHelper = $container->get("helper.dbHelper");
91  $authHelper = $container->get('helper.authHelper');
92  $user_pk = Auth::getUserId();
93  $jti = "$tokenPk.$user_pk";
94 
95  $tokenInfo = $restDbHelper->getTokenKey($tokenPk);
96  if (!empty($tokenInfo['client_id'])) {
97  return [
98  "status" => true,
99  "token" => $tokenInfo['client_id']
100  ];
101  }
102  $tokenScope = $tokenInfo['token_scope'];
103 
104  $jwtToken = $authHelper->generateJwtToken($tokenInfo['expire_on'],
105  $tokenInfo['created_on'], $jti, $tokenScope, $tokenInfo['token_key']);
106  return array(
107  "status" => true,
108  "token" => $jwtToken
109  );
110  }
111 
118  private function invalidateToken($tokenPk)
119  {
120  global $container;
121  $restDbHelper = $container->get("helper.dbHelper");
122  $restDbHelper->invalidateToken($tokenPk);
123  return array(
124  "status" => true
125  );
126  }
127 }
128 
129 register_plugin(new AjaxManageToken());
Fossology\Lib\Auth\Auth
Contains the constants and helpers for authentication of user.
Definition: Auth.php:24
Fossology\Lib\Auth\Auth\getUserId
static getUserId()
Get the current user's id.
Definition: Auth.php:68
Fossology\UI\Ajax\AjaxManageToken
Class to handle ajax calls to revoke an API token.
Definition: AjaxManageToken.php:23
Fossology\UI\Ajax\AjaxManageToken\handle
handle(Request $request)
Revoke an active API token.
Definition: AjaxManageToken.php:45
Fossology\UI\Api\Helper\AuthHelper
Provides helper methods for REST api.
Definition: AuthHelper.php:38
Fossology\UI\Api\Helper\DbHelper
Provides helper methods to access database for REST api.
Definition: DbHelper.php:38
PARM_STRING
const PARM_STRING
Definition: common-parm.php:18
GetParm
GetParm($parameterName, $parameterType)
This function will retrieve the variables and check data types.
Definition: common-parm.php:46
dbManager
fo_dbManager * dbManager
fo_dbManager object
Definition: process.c:16
list
list_t type structure used to keep various lists. (e.g. there are multiple lists).
Definition: nomos.h:308