// Include the common auth system files (including the OAuth2 Server object).
require_once(__DIR__.'/authsystem.inc.php');
+if ($settings['piwik_enabled']) {
+ // We do not send out an HTML file, so we need to do the Piwik tracking ourselves.
+ // Init is done here, actual tracking before exit.
+ require_once($settings['piwik_tracker_path'].'PiwikTracker.php');
+ PiwikTracker::$URL = ((strpos($settings['piwik_url'], '://') === false) ? 'http://localhost' : '' ).$settings['piwik_url'];
+ $piwikTracker = new PiwikTracker($idSite = $settings['piwik_site_id']);
+}
$errors = $utils->checkForSecureConnection();
$utils->sendSecurityHeaders();
// Handle a request to a resource and authenticate the access token
$token_OK = $server->verifyResourceRequest(OAuth2\Request::createFromGlobals());
if (!$token_OK) {
- $server->getResponse()->send();
+ $response = $server->getResponse();
+ if (!count($response->getParameters())) {
+ // We get an empty response if we don't get any auth header. Let's actually note that explicitly.
+ $response->setError($response->getStatusCode(), 'auth_missing', 'Authentication missing');
+ }
+ $response->send();
+ if ($settings['piwik_enabled']) { $piwikTracker->doTrackPageView('API Request: Bad Token'); }
exit();
}
$token = $server->getAccessTokenData(OAuth2\Request::createFromGlobals());
}
elseif (array_key_exists('newclient', $_GET)) {
if ($token['scope'] == 'clientreg') {
- if (intval(@$token['user_id'])) {
+ if (intval($token['user_id'] ?? 0)) {
$result = $db->prepare('SELECT `id`,`email` FROM `auth_users` WHERE `id` = :userid;');
$result->execute(array(':userid' => $token['user_id']));
$user = $result->fetch(PDO::FETCH_ASSOC);
'error_description' => 'The user the access token is connected to was not recognized.')));
}
else {
- if (in_array($user['email'], $utils->client_reg_email_whitelist)) {
- if (strlen(@$_GET['client_id']) >= 5) {
+ if (($utils->client_reg_email_whitelist === false) || (in_array($user['email'], $utils->client_reg_email_whitelist))) {
+ if (strlen($_GET['client_id'] ?? '') >= 5) {
$result = $db->prepare('SELECT `client_id`,`user_id` FROM `oauth_clients` WHERE `client_id` = :clientid;');
$result->execute(array(':clientid' => $_GET['client_id']));
$client = $result->fetch(PDO::FETCH_ASSOC);
'error_description' => 'Unexpectedly failed to save new secret.')));
}
else {
- if (strlen(@$_GET['redirect_uri'])) {
+ if (strlen($_GET['redirect_uri'] ?? '')) {
$result = $db->prepare('UPDATE `oauth_clients` SET `redirect_uri` = :rediruri WHERE `client_id` = :clientid;');
if (!$result->execute(array(':rediruri' => $_GET['redirect_uri'],':clientid' => $client['client_id']))) {
$utils->log('client_save_failure', 'client: '.$client['client_id'].', new redirect_uri: '.$_GET['redirect_uri'].' - '.$result->errorInfo()[2]);
}
}
- if (strlen(@$_GET['scope'])) {
+ if (strlen($_GET['scope'] ?? '')) {
$result = $db->prepare('UPDATE `oauth_clients` SET `scope` = :scope WHERE `client_id` = :clientid;');
if (!$result->execute(array(':scope' => $_GET['scope'],':clientid' => $client['client_id']))) {
$utils->log('client_save_failure', 'client: '.$client['client_id'].', new scope: '.$_GET['scope'].' - '.$result->errorInfo()[2]);
print(json_encode(array('error' => 'insecure_connection',
'error_description' => 'Your connection is insecure. The API can only be accessed on secure connections.')));
}
+if ($settings['piwik_enabled']) {
+ $piwikTracker->doTrackPageView('API Request'.(strlen($token['scope'])?': '.$token['scope']:''));
+}
?>