File fof/dispatcher/dispatcher.php | Joomla! Framework TM

  1 <?php
  2 /**
  3  * @package     FrameworkOnFramework
  4  * @subpackage  dispatcher
  5  * @copyright   Copyright (C) 2010-2016 Nicholas K. Dionysopoulos / Akeeba Ltd. All rights reserved.
  6  * @license     GNU General Public License version 2 or later; see LICENSE.txt
  7  */
  8 // Protect from unauthorized access
  9 defined('FOF_INCLUDED') or die;
 10 
 11 /**
 12  * FrameworkOnFramework dispatcher class
 13  *
 14  * FrameworkOnFramework is a set of classes which extend Joomla! 1.5 and later's
 15  * MVC framework with features making maintaining complex software much easier,
 16  * without tedious repetitive copying of the same code over and over again.
 17  *
 18  * @package  FrameworkOnFramework
 19  * @since    1.0
 20  */
 21 class FOFDispatcher extends FOFUtilsObject
 22 {
 23     /** @var array Configuration variables */
 24     protected $config = array();
 25 
 26     /** @var FOFInput Input variables */
 27     protected $input = array();
 28 
 29     /** @var string The name of the default view, in case none is specified */
 30     public $defaultView = 'cpanel';
 31 
 32     // Variables for FOF's transparent user authentication. You can override them
 33     // in your Dispatcher's __construct() method.
 34 
 35     /** @var int The Time Step for the TOTP used in FOF's transparent user authentication */
 36     protected $fofAuth_timeStep = 6;
 37 
 38     /** @var string The key for the TOTP, Base32 encoded (watch out; Base32, NOT Base64!) */
 39     protected $fofAuth_Key = null;
 40 
 41     /** @var array Which formats to be handled by transparent authentication */
 42     protected $fofAuth_Formats = array('json', 'csv', 'xml', 'raw');
 43 
 44     /**
 45      * Should I logout the transparently authenticated user on logout?
 46      * Recommended to leave it on in order to avoid crashing the sessions table.
 47      *
 48      * @var boolean
 49      */
 50     protected $fofAuth_LogoutOnReturn = true;
 51 
 52     /** @var array Which methods to use to fetch authentication credentials and in which order */
 53     protected $fofAuth_AuthMethods = array(
 54         /* HTTP Basic Authentication using encrypted information protected
 55          * with a TOTP (the username must be "_fof_auth") */
 56         'HTTPBasicAuth_TOTP',
 57         /* Encrypted information protected with a TOTP passed in the
 58          * _fofauthentication query string parameter */
 59         'QueryString_TOTP',
 60         /* HTTP Basic Authentication using a username and password pair in plain text */
 61         'HTTPBasicAuth_Plaintext',
 62         /* Plaintext, JSON-encoded username and password pair passed in the
 63          * _fofauthentication query string parameter */
 64         'QueryString_Plaintext',
 65         /* Plaintext username and password in the _fofauthentication_username
 66          * and _fofauthentication_username query string parameters */
 67         'SplitQueryString_Plaintext',
 68     );
 69 
 70     /** @var bool Did we successfully and transparently logged in a user? */
 71     private $_fofAuth_isLoggedIn = false;
 72 
 73     /** @var string The calculated encryption key for the _TOTP methods, used if we have to encrypt the reply */
 74     private $_fofAuth_CryptoKey = '';
 75 
 76     /**
 77      * Get a static (Singleton) instance of a particular Dispatcher
 78      *
 79      * @param   string  $option  The component name
 80      * @param   string  $view    The View name
 81      * @param   array   $config  Configuration data
 82      *
 83      * @staticvar  array  $instances  Holds the array of Dispatchers FOF knows about
 84      *
 85      * @return  FOFDispatcher
 86      */
 87     public static function &getAnInstance($option = null, $view = null, $config = array())
 88     {
 89         static $instances = array();
 90 
 91         $hash = $option . $view;
 92 
 93         if (!array_key_exists($hash, $instances))
 94         {
 95             $instances[$hash] = self::getTmpInstance($option, $view, $config);
 96         }
 97 
 98         return $instances[$hash];
 99     }
100 
101     /**
102      * Gets a temporary instance of a Dispatcher
103      *
104      * @param   string  $option  The component name
105      * @param   string  $view    The View name
106      * @param   array   $config  Configuration data
107      *
108      * @return FOFDispatcher
109      */
110     public static function &getTmpInstance($option = null, $view = null, $config = array())
111     {
112         if (array_key_exists('input', $config))
113         {
114             if ($config['input'] instanceof FOFInput)
115             {
116                 $input = $config['input'];
117             }
118             else
119             {
120                 if (!is_array($config['input']))
121                 {
122                     $config['input'] = (array) $config['input'];
123                 }
124 
125                 $config['input'] = array_merge($_REQUEST, $config['input']);
126                 $input = new FOFInput($config['input']);
127             }
128         }
129         else
130         {
131             $input = new FOFInput;
132         }
133 
134         $config['option']   = !is_null($option) ? $option : $input->getCmd('option', 'com_foobar');
135         $config['view']     = !is_null($view) ? $view : $input->getCmd('view', '');
136 
137         $input->set('option', $config['option']);
138         $input->set('view', $config['view']);
139 
140         $config['input'] = $input;
141 
142         $className = ucfirst(str_replace('com_', '', $config['option'])) . 'Dispatcher';
143 
144         if (!class_exists($className))
145         {
146             $componentPaths = FOFPlatform::getInstance()->getComponentBaseDirs($config['option']);
147 
148             $searchPaths = array(
149                 $componentPaths['main'],
150                 $componentPaths['main'] . '/dispatchers',
151                 $componentPaths['admin'],
152                 $componentPaths['admin'] . '/dispatchers'
153             );
154 
155             if (array_key_exists('searchpath', $config))
156             {
157                 array_unshift($searchPaths, $config['searchpath']);
158             }
159 
160             $filesystem = FOFPlatform::getInstance()->getIntegrationObject('filesystem');
161 
162             $path = $filesystem->pathFind(
163                     $searchPaths, 'dispatcher.php'
164             );
165 
166             if ($path)
167             {
168                 require_once $path;
169             }
170         }
171 
172         if (!class_exists($className))
173         {
174             $className = 'FOFDispatcher';
175         }
176 
177         $instance = new $className($config);
178 
179         return $instance;
180     }
181 
182     /**
183      * Public constructor
184      *
185      * @param   array  $config  The configuration variables
186      */
187     public function __construct($config = array())
188     {
189         // Cache the config
190         $this->config = $config;
191 
192         // Get the input for this MVC triad
193         if (array_key_exists('input', $config))
194         {
195             $this->input = $config['input'];
196         }
197         else
198         {
199             $this->input = new FOFInput;
200         }
201 
202         // Get the default values for the component name
203         $this->component = $this->input->getCmd('option', 'com_foobar');
204 
205         // Load the component's fof.xml configuration file
206         $configProvider = new FOFConfigProvider;
207         $this->defaultView = $configProvider->get($this->component . '.dispatcher.default_view', $this->defaultView);
208 
209         // Get the default values for the view name
210         $this->view = $this->input->getCmd('view', null);
211 
212         if (empty($this->view))
213         {
214             // Do we have a task formatted as controller.task?
215             $task = $this->input->getCmd('task', '');
216 
217             if (!empty($task) && (strstr($task, '.') !== false))
218             {
219                 list($this->view, $task) = explode('.', $task, 2);
220                 $this->input->set('task', $task);
221             }
222         }
223 
224         if (empty($this->view))
225         {
226             $this->view = $this->defaultView;
227         }
228 
229         $this->layout = $this->input->getCmd('layout', null);
230 
231         // Overrides from the config
232         if (array_key_exists('option', $config))
233         {
234             $this->component = $config['option'];
235         }
236 
237         if (array_key_exists('view', $config))
238         {
239             $this->view = empty($config['view']) ? $this->view : $config['view'];
240         }
241 
242         if (array_key_exists('layout', $config))
243         {
244             $this->layout = $config['layout'];
245         }
246 
247         $this->input->set('option', $this->component);
248         $this->input->set('view', $this->view);
249         $this->input->set('layout', $this->layout);
250 
251         if (array_key_exists('authTimeStep', $config))
252         {
253             $this->fofAuth_timeStep = empty($config['authTimeStep']) ? 6 : $config['authTimeStep'];
254         }
255     }
256 
257     /**
258      * The main code of the Dispatcher. It spawns the necessary controller and
259      * runs it.
260      *
261      * @throws Exception
262      *
263      * @return  void|Exception
264      */
265     public function dispatch()
266     {
267         $platform = FOFPlatform::getInstance();
268 
269         if (!$platform->authorizeAdmin($this->input->getCmd('option', 'com_foobar')))
270         {
271             return $platform->raiseError(403, JText::_('JLIB_APPLICATION_ERROR_ACCESS_FORBIDDEN'));
272         }
273 
274         $this->transparentAuthentication();
275 
276         // Merge English and local translations
277         $platform->loadTranslations($this->component);
278 
279         $canDispatch = true;
280 
281         if ($platform->isCli())
282         {
283             $canDispatch = $canDispatch && $this->onBeforeDispatchCLI();
284         }
285 
286         $canDispatch = $canDispatch && $this->onBeforeDispatch();
287 
288         if (!$canDispatch)
289         {
290             // We can set header only if we're not in CLI
291             if(!$platform->isCli())
292             {
293                 $platform->setHeader('Status', '403 Forbidden', true);
294             }
295 
296             return $platform->raiseError(403, JText::_('JLIB_APPLICATION_ERROR_ACCESS_FORBIDDEN'));
297         }
298 
299         // Get and execute the controller
300         $option = $this->input->getCmd('option', 'com_foobar');
301         $view   = $this->input->getCmd('view', $this->defaultView);
302         $task   = $this->input->getCmd('task', null);
303 
304         if (empty($task))
305         {
306             $task = $this->getTask($view);
307         }
308 
309         // Pluralise/sungularise the view name for typical tasks
310         if (in_array($task, array('edit', 'add', 'read')))
311         {
312             $view = FOFInflector::singularize($view);
313         }
314         elseif (in_array($task, array('browse')))
315         {
316             $view = FOFInflector::pluralize($view);
317         }
318 
319         $this->input->set('view', $view);
320         $this->input->set('task', $task);
321 
322         $config = $this->config;
323         $config['input'] = $this->input;
324 
325         $controller = FOFController::getTmpInstance($option, $view, $config);
326         $status = $controller->execute($task);
327 
328         if (!$this->onAfterDispatch())
329         {
330             // We can set header only if we're not in CLI
331             if(!$platform->isCli())
332             {
333                 $platform->setHeader('Status', '403 Forbidden', true);
334             }
335 
336             return $platform->raiseError(403, JText::_('JLIB_APPLICATION_ERROR_ACCESS_FORBIDDEN'));
337         }
338 
339         $format = $this->input->get('format', 'html', 'cmd');
340         $format = empty($format) ? 'html' : $format;
341 
342         if ($controller->hasRedirect())
343         {
344             $controller->redirect();
345         }
346     }
347 
348     /**
349      * Tries to guess the controller task to execute based on the view name and
350      * the HTTP request method.
351      *
352      * @param   string  $view  The name of the view
353      *
354      * @return  string  The best guess of the task to execute
355      */
356     protected function getTask($view)
357     {
358         // Get a default task based on plural/singular view
359         $request_task = $this->input->getCmd('task', null);
360         $task = FOFInflector::isPlural($view) ? 'browse' : 'edit';
361 
362         // Get a potential ID, we might need it later
363         $id = $this->input->get('id', null, 'int');
364 
365         if ($id == 0)
366         {
367             $ids = $this->input->get('ids', array(), 'array');
368 
369             if (!empty($ids))
370             {
371                 $id = array_shift($ids);
372             }
373         }
374 
375         // Check the request method
376 
377         if (!isset($_SERVER['REQUEST_METHOD']))
378         {
379             $_SERVER['REQUEST_METHOD'] = 'GET';
380         }
381 
382         $requestMethod = strtoupper($_SERVER['REQUEST_METHOD']);
383 
384         switch ($requestMethod)
385         {
386             case 'POST':
387             case 'PUT':
388                 if (!is_null($id))
389                 {
390                     $task = 'save';
391                 }
392                 break;
393 
394             case 'DELETE':
395                 if ($id != 0)
396                 {
397                     $task = 'delete';
398                 }
399                 break;
400 
401             case 'GET':
402             default:
403                 // If it's an edit without an ID or ID=0, it's really an add
404                 if (($task == 'edit') && ($id == 0))
405                 {
406                     $task = 'add';
407                 }
408 
409                 // If it's an edit in the frontend, it's really a read
410                 elseif (($task == 'edit') && FOFPlatform::getInstance()->isFrontend())
411                 {
412                     $task = 'read';
413                 }
414                 break;
415         }
416 
417         return $task;
418     }
419 
420     /**
421      * Executes right before the dispatcher tries to instantiate and run the
422      * controller.
423      *
424      * @return  boolean  Return false to abort
425      */
426     public function onBeforeDispatch()
427     {
428         return true;
429     }
430 
431     /**
432      * Sets up some environment variables, so we can work as usually on CLI, too.
433      *
434      * @return  boolean  Return false to abort
435      */
436     public function onBeforeDispatchCLI()
437     {
438         JLoader::import('joomla.environment.uri');
439         JLoader::import('joomla.application.component.helper');
440 
441         // Trick to create a valid url used by JURI
442         $this->_originalPhpScript = '';
443 
444         // We have no Application Helper (there is no Application!), so I have to define these constants manually
445         $option = $this->input->get('option', '', 'cmd');
446 
447         if ($option)
448         {
449             $componentPaths = FOFPlatform::getInstance()->getComponentBaseDirs($option);
450 
451             if (!defined('JPATH_COMPONENT'))
452             {
453                 define('JPATH_COMPONENT', $componentPaths['main']);
454             }
455 
456             if (!defined('JPATH_COMPONENT_SITE'))
457             {
458                 define('JPATH_COMPONENT_SITE', $componentPaths['site']);
459             }
460 
461             if (!defined('JPATH_COMPONENT_ADMINISTRATOR'))
462             {
463                 define('JPATH_COMPONENT_ADMINISTRATOR', $componentPaths['admin']);
464             }
465         }
466 
467         return true;
468     }
469 
470     /**
471      * Executes right after the dispatcher runs the controller.
472      *
473      * @return  boolean  Return false to abort
474      */
475     public function onAfterDispatch()
476     {
477         // If we have to log out the user, please do so now
478         if ($this->fofAuth_LogoutOnReturn && $this->_fofAuth_isLoggedIn)
479         {
480             FOFPlatform::getInstance()->logoutUser();
481         }
482 
483         return true;
484     }
485 
486     /**
487      * Transparently authenticates a user
488      *
489      * @return  void
490      */
491     public function transparentAuthentication()
492     {
493         // Only run when there is no logged in user
494         if (!FOFPlatform::getInstance()->getUser()->guest)
495         {
496             return;
497         }
498 
499         // @todo Check the format
500         $format = $this->input->getCmd('format', 'html');
501 
502         if (!in_array($format, $this->fofAuth_Formats))
503         {
504             return;
505         }
506 
507         foreach ($this->fofAuth_AuthMethods as $method)
508         {
509             // If we're already logged in, don't bother
510             if ($this->_fofAuth_isLoggedIn)
511             {
512                 continue;
513             }
514 
515             // This will hold our authentication data array (username, password)
516             $authInfo = null;
517 
518             switch ($method)
519             {
520                 case 'HTTPBasicAuth_TOTP':
521 
522                     if (empty($this->fofAuth_Key))
523                     {
524                         continue;
525                     }
526 
527                     if (!isset($_SERVER['PHP_AUTH_USER']))
528                     {
529                         continue;
530                     }
531 
532                     if (!isset($_SERVER['PHP_AUTH_PW']))
533                     {
534                         continue;
535                     }
536 
537                     if ($_SERVER['PHP_AUTH_USER'] != '_fof_auth')
538                     {
539                         continue;
540                     }
541 
542                     $encryptedData = $_SERVER['PHP_AUTH_PW'];
543 
544                     $authInfo = $this->_decryptWithTOTP($encryptedData);
545                     break;
546 
547                 case 'QueryString_TOTP':
548                     $encryptedData = $this->input->get('_fofauthentication', '', 'raw');
549 
550                     if (empty($encryptedData))
551                     {
552                         continue;
553                     }
554 
555                     $authInfo = $this->_decryptWithTOTP($encryptedData);
556                     break;
557 
558                 case 'HTTPBasicAuth_Plaintext':
559                     if (!isset($_SERVER['PHP_AUTH_USER']))
560                     {
561                         continue;
562                     }
563 
564                     if (!isset($_SERVER['PHP_AUTH_PW']))
565                     {
566                         continue;
567                     }
568 
569                     $authInfo = array(
570                         'username'   => $_SERVER['PHP_AUTH_USER'],
571                         'password'   => $_SERVER['PHP_AUTH_PW']
572                     );
573                     break;
574 
575                 case 'QueryString_Plaintext':
576                     $jsonencoded = $this->input->get('_fofauthentication', '', 'raw');
577 
578                     if (empty($jsonencoded))
579                     {
580                         continue;
581                     }
582 
583                     $authInfo = json_decode($jsonencoded, true);
584 
585                     if (!is_array($authInfo))
586                     {
587                         $authInfo = null;
588                     }
589                     elseif (!array_key_exists('username', $authInfo) || !array_key_exists('password', $authInfo))
590                     {
591                         $authInfo = null;
592                     }
593                     break;
594 
595                 case 'SplitQueryString_Plaintext':
596                     $authInfo = array(
597                         'username'   => $this->input->get('_fofauthentication_username', '', 'raw'),
598                         'password'   => $this->input->get('_fofauthentication_password', '', 'raw'),
599                     );
600 
601                     if (empty($authInfo['username']))
602                     {
603                         $authInfo = null;
604                     }
605 
606                     break;
607 
608                 default:
609                     continue;
610 
611                     break;
612             }
613 
614             // No point trying unless we have a username and password
615             if (!is_array($authInfo))
616             {
617                 continue;
618             }
619 
620             $this->_fofAuth_isLoggedIn = FOFPlatform::getInstance()->loginUser($authInfo);
621         }
622     }
623 
624     /**
625      * Decrypts a transparent authentication message using a TOTP
626      *
627      * @param   string  $encryptedData  The encrypted data
628      *
629      * @codeCoverageIgnore
630      * @return  array  The decrypted data
631      */
632     private function _decryptWithTOTP($encryptedData)
633     {
634         if (empty($this->fofAuth_Key))
635         {
636             $this->_fofAuth_CryptoKey = null;
637 
638             return null;
639         }
640 
641         $totp = new FOFEncryptTotp($this->fofAuth_timeStep);
642         $period = $totp->getPeriod();
643         $period--;
644 
645         for ($i = 0; $i <= 2; $i++)
646         {
647             $time = ($period + $i) * $this->fofAuth_timeStep;
648             $otp = $totp->getCode($this->fofAuth_Key, $time);
649             $this->_fofAuth_CryptoKey = hash('sha256', $this->fofAuth_Key . $otp);
650 
651             $aes = new FOFEncryptAes($this->_fofAuth_CryptoKey);
652             $ret = $aes->decryptString($encryptedData);
653             $ret = rtrim($ret, "\000");
654 
655             $ret = json_decode($ret, true);
656 
657             if (!is_array($ret))
658             {
659                 continue;
660             }
661 
662             if (!array_key_exists('username', $ret))
663             {
664                 continue;
665             }
666 
667             if (!array_key_exists('password', $ret))
668             {
669                 continue;
670             }
671 
672             // Successful decryption!
673             return $ret;
674         }
675 
676         // Obviously if we're here we could not decrypt anything. Bail out.
677         $this->_fofAuth_CryptoKey = null;
678 
679         return null;
680     }
681 
682     /**
683      * Creates a decryption key for use with the TOTP decryption method
684      *
685      * @param   integer  $time  The timestamp used for TOTP calculation, leave empty to use current timestamp
686      *
687      * @codeCoverageIgnore
688      * @return  string  THe encryption key
689      */
690     private function _createDecryptionKey($time = null)
691     {
692         $totp = new FOFEncryptTotp($this->fofAuth_timeStep);
693         $otp = $totp->getCode($this->fofAuth_Key, $time);
694 
695         $key = hash('sha256', $this->fofAuth_Key . $otp);
696 
697         return $key;
698     }
699 
700     /**
701      * Main function to detect if we're running in a CLI environment and we're admin
702      *
703      * @return  array  isCLI and isAdmin. It's not an associtive array, so we can use list.
704      */
705     public static function isCliAdmin()
706     {
707         static $isCLI   = null;
708         static $isAdmin = null;
709 
710         if (is_null($isCLI) && is_null($isAdmin))
711         {
712             $isCLI   = FOFPlatform::getInstance()->isCli();
713             $isAdmin = FOFPlatform::getInstance()->isBackend();
714         }
715 
716         return array($isCLI, $isAdmin);
717     }
718 }
719
Namespaces

Classes

Interfaces

Exceptions

Constants

Functions
