X-Git-Url: https://git-public.kairo.at/?p=authserver.git;a=blobdiff_plain;f=app%2Fapi.php;h=605a7d79d6ee735ad4fd672bfc4972631ab036ae;hp=f51f20198eda8c59c146e24d858c8e50e777a192;hb=HEAD;hpb=04116cc5dabb951023fb511fda0dc36956d6a84a diff --git a/app/api.php b/app/api.php index f51f201..605a7d7 100644 --- a/app/api.php +++ b/app/api.php @@ -9,6 +9,13 @@ // Include the common auth system files (including the OAuth2 Server object). require_once(__DIR__.'/authsystem.inc.php'); +if ($settings['piwik_enabled']) { + // We do not send out an HTML file, so we need to do the Piwik tracking ourselves. + // Init is done here, actual tracking before exit. + require_once($settings['piwik_tracker_path'].'PiwikTracker.php'); + PiwikTracker::$URL = ((strpos($settings['piwik_url'], '://') === false) ? 'http://localhost' : '' ).$settings['piwik_url']; + $piwikTracker = new PiwikTracker($idSite = $settings['piwik_site_id']); +} $errors = $utils->checkForSecureConnection(); $utils->sendSecurityHeaders(); @@ -17,7 +24,13 @@ if (!count($errors)) { // Handle a request to a resource and authenticate the access token $token_OK = $server->verifyResourceRequest(OAuth2\Request::createFromGlobals()); if (!$token_OK) { - $server->getResponse()->send(); + $response = $server->getResponse(); + if (!count($response->getParameters())) { + // We get an empty response if we don't get any auth header. Let's actually note that explicitly. + $response->setError($response->getStatusCode(), 'auth_missing', 'Authentication missing'); + } + $response->send(); + if ($settings['piwik_enabled']) { $piwikTracker->doTrackPageView('API Request: Bad Token'); } exit(); } $token = $server->getAccessTokenData(OAuth2\Request::createFromGlobals()); @@ -49,7 +62,7 @@ if (!count($errors)) { } elseif (array_key_exists('newclient', $_GET)) { if ($token['scope'] == 'clientreg') { - if (intval(@$token['user_id'])) { + if (intval($token['user_id'] ?? 0)) { $result = $db->prepare('SELECT `id`,`email` FROM `auth_users` WHERE `id` = :userid;'); $result->execute(array(':userid' => $token['user_id'])); $user = $result->fetch(PDO::FETCH_ASSOC); @@ -59,8 +72,8 @@ if (!count($errors)) { 'error_description' => 'The user the access token is connected to was not recognized.'))); } else { - if (in_array($user['email'], $utils->client_reg_email_whitelist)) { - if (strlen(@$_GET['client_id']) >= 5) { + if (($utils->client_reg_email_whitelist === false) || (in_array($user['email'], $utils->client_reg_email_whitelist))) { + if (strlen($_GET['client_id'] ?? '') >= 5) { $result = $db->prepare('SELECT `client_id`,`user_id` FROM `oauth_clients` WHERE `client_id` = :clientid;'); $result->execute(array(':clientid' => $_GET['client_id'])); $client = $result->fetch(PDO::FETCH_ASSOC); @@ -91,13 +104,13 @@ if (!count($errors)) { 'error_description' => 'Unexpectedly failed to save new secret.'))); } else { - if (strlen(@$_GET['redirect_uri'])) { + if (strlen($_GET['redirect_uri'] ?? '')) { $result = $db->prepare('UPDATE `oauth_clients` SET `redirect_uri` = :rediruri WHERE `client_id` = :clientid;'); if (!$result->execute(array(':rediruri' => $_GET['redirect_uri'],':clientid' => $client['client_id']))) { $utils->log('client_save_failure', 'client: '.$client['client_id'].', new redirect_uri: '.$_GET['redirect_uri'].' - '.$result->errorInfo()[2]); } } - if (strlen(@$_GET['scope'])) { + if (strlen($_GET['scope'] ?? '')) { $result = $db->prepare('UPDATE `oauth_clients` SET `scope` = :scope WHERE `client_id` = :clientid;'); if (!$result->execute(array(':scope' => $_GET['scope'],':clientid' => $client['client_id']))) { $utils->log('client_save_failure', 'client: '.$client['client_id'].', new scope: '.$_GET['scope'].' - '.$result->errorInfo()[2]); @@ -141,4 +154,7 @@ else { print(json_encode(array('error' => 'insecure_connection', 'error_description' => 'Your connection is insecure. The API can only be accessed on secure connections.'))); } +if ($settings['piwik_enabled']) { + $piwikTracker->doTrackPageView('API Request'.(strlen($token['scope'])?': '.$token['scope']:'')); +} ?>