diff --git a/code/site/libraries/authentication.php b/code/site/libraries/authentication.php index 63805a9..203a2bf 100644 --- a/code/site/libraries/authentication.php +++ b/code/site/libraries/authentication.php @@ -9,14 +9,19 @@ */ defined('_JEXEC') or die; -jimport('joomla.application.component.model'); + +use Joomla\CMS\Object\CMSObject; +use Joomla\CMS\Component\ComponentHelper; +use Joomla\CMS\Factory; +use Joomla\CMS\Plugin\PluginHelper; +use Joomla\CMS\Language\Text; /** * Class for API authetication * * @since 1.0 */ -abstract class ApiAuthentication extends JObject +abstract class ApiAuthentication extends CMSObject { protected $auth_method = null; @@ -57,8 +62,8 @@ abstract public function authenticate(); */ public static function authenticateRequest() { - $params = JComponentHelper::getParams('com_api'); - $app = JFactory::getApplication(); + $params = ComponentHelper::getParams('com_api'); + $app = Factory::getApplication(); $className = 'APIAuthentication' . ucwords(self::getAuthMethod()); @@ -73,24 +78,24 @@ public static function authenticateRequest() } else { - $user = JFactory::getUser($user_id); + $user = Factory::getUser($user_id); if (!$user->id) { - self::setAuthError(JText::_("COM_API_USER_NOT_FOUND")); + self::setAuthError(Text::_("COM_API_USER_NOT_FOUND")); return false; } if ($user->block == 1) { - self::setAuthError(JText::_("COM_API_BLOCKED_USER")); + self::setAuthError(Text::_("COM_API_BLOCKED_USER")); return false; } /* V1.8.1 - to set admin info headers - $log_user = JFactory::getUser(); */ + $log_user = Factory::getUser(); */ $isroot = $user->authorise('core.admin'); if ($isroot) @@ -145,12 +150,13 @@ public static function getAuthError() */ public static function getPluginsList() { - $plugins = JPluginHelper::getPlugin('api'); + $plugins = PluginHelper::getPlugin('api'); $pluginsArr = array(); foreach ($plugins as $plg) { - $xml = JFactory::getXML(JPATH_SITE . '/plugins/api/' . $plg->name . '/' . $plg->name . '.xml'); + $xml = simplexml_load_file(JPATH_SITE . '/plugins/api/' . $plg->name . '/' . $plg->name . '.xml'); + $version = (string) $xml->version; $pluginsArr[] = $plg->name . '-' . $version; } @@ -167,7 +173,7 @@ public static function getPluginsList() */ public static function getCom_apiVersion() { - $xml = JFactory::getXML(JPATH_ADMINISTRATOR . '/components/com_api/api.xml'); + $xml = simplexml_load_file(JPATH_ADMINISTRATOR . '/components/com_api/api.xml'); return $version = (string) $xml->version; } @@ -181,14 +187,13 @@ public static function getCom_apiVersion() */ private static function getAuthMethod() { - $app = JFactory::getApplication(); - $key = $app->input->get('key'); + $server = Factory::getApplication()->input->server; - if (isset($_SERVER['HTTP_X_AUTH']) && $_SERVER['HTTP_X_AUTH']) + if (!empty($server->getString('HTTP_X_AUTH', ''))) { - $authMethod = $_SERVER['HTTP_X_AUTH']; + $authMethod = trim($server->getString('HTTP_X_AUTH', '')); } - elseif ($key || self::getBearerToken()) + elseif (self::getBearerToken()) { $authMethod = 'key'; } @@ -228,14 +233,15 @@ public static function getBearerToken() private static function getAuthorizationHeader() { $headers = null; + $server = Factory::getApplication()->input->server; - if (isset($_SERVER['Authorization'])) + if (!empty($server->getString('Authorization', ''))) { - $headers = trim($_SERVER["Authorization"]); + $headers = trim($server->getString('Authorization', '')); } - elseif (isset($_SERVER['HTTP_AUTHORIZATION'])) + elseif (!empty($server->getString('HTTP_AUTHORIZATION', ''))) { - $headers = trim($_SERVER["HTTP_AUTHORIZATION"]); + $headers = trim($server->getString('HTTP_AUTHORIZATION', '')); } elseif (function_exists('apache_request_headers')) { @@ -250,13 +256,13 @@ private static function getAuthorizationHeader() } } - if (isset($_SERVER['X-Authorization'])) + if (!empty($server->getString('X-Authorization', ''))) { - $headers = trim($_SERVER["X-Authorization"]); + $headers = trim($server->getString('X-Authorization', '')); } - elseif (isset($_SERVER['HTTP_X_AUTHORIZATION'])) + elseif (!empty($server->getString('HTTP_X_AUTHORIZATION', ''))) { - $headers = trim($_SERVER["HTTP_X_AUTHORIZATION"]); + $headers = trim($server->getString('HTTP_X_AUTHORIZATION', '')); } elseif (function_exists('apache_request_headers')) { @@ -283,9 +289,9 @@ private static function getAuthorizationHeader() */ public static function getImpersonateHeader() { - $jinput = JFactory::getApplication()->input; - $xImpersonate = $jinput->server->get('X-Impersonate', '', 'STRING'); - $httpXImpersonate = $jinput->server->get('HTTP_X_IMPERSONATE', '', 'STRING'); + $server = Factory::getApplication()->input->server; + $xImpersonate = $server->getString('X-Impersonate', ''); + $httpXImpersonate = $server->getString('HTTP_X_IMPERSONATE', ''); if (!empty($xImpersonate)) { @@ -318,7 +324,7 @@ public static function getUserIdToImpersonate($tokenUserId) } // Get user from tokenUserId - $user = JFactory::getUser($tokenUserId); + $user = Factory::getUser($tokenUserId); $isSuperAdmin = $user->authorise('core.admin'); // If this user is not super admin user, return false @@ -346,7 +352,7 @@ public static function getUserIdToImpersonate($tokenUserId) } else { - ApiError::raiseError("400", JText::_('COM_API_INVALID_USER_TO_IMPERSONATE'), 'APIValidationException'); + ApiError::raiseError("400", Text::_('COM_API_INVALID_USER_TO_IMPERSONATE'), 'APIValidationException'); return false; } @@ -354,7 +360,7 @@ public static function getUserIdToImpersonate($tokenUserId) // If username or emailid exists ? if ($searchFor) { - $db = JFactory::getDbo(); + $db = Factory::getDbo(); $query = $db->getQuery(true) ->select($db->quoteName('id')) ->from($db->quoteName('#__users')) @@ -367,7 +373,7 @@ public static function getUserIdToImpersonate($tokenUserId) } else { - ApiError::raiseError("400", JText::_('COM_API_INVALID_USER_TO_IMPERSONATE'), 'APIValidationException'); + ApiError::raiseError("400", Text::_('COM_API_INVALID_USER_TO_IMPERSONATE'), 'APIValidationException'); return false; } @@ -383,7 +389,7 @@ public static function getUserIdToImpersonate($tokenUserId) } else { - ApiError::raiseError("400", JText::_('COM_API_INVALID_USER_TO_IMPERSONATE'), 'APIValidationException'); + ApiError::raiseError("400", Text::_('COM_API_INVALID_USER_TO_IMPERSONATE'), 'APIValidationException'); return false; } diff --git a/code/site/libraries/authentication/key.php b/code/site/libraries/authentication/key.php index 37cd788..38c21f0 100755 --- a/code/site/libraries/authentication/key.php +++ b/code/site/libraries/authentication/key.php @@ -9,7 +9,9 @@ */ defined('_JEXEC') or die; -jimport('joomla.application.component.model'); + +use Joomla\CMS\Language\Text; +use Joomla\CMS\Table\Table; /** * API resource class @@ -29,25 +31,17 @@ class ApiAuthenticationKey extends ApiAuthentication */ public function authenticate() { - $app = JFactory::getApplication(); - $query_token = $app->input->get('key', '', 'STRING'); $header_token = $this->getBearerToken(); - $key = $header_token ? $header_token : $query_token; - $token = $this->loadTokenByHash($key); + $token = $this->loadTokenByHash($header_token); if (isset($token->state) && $token->state == 1) { $userId = parent::getUserIdToImpersonate($token->userid); - if ($userId) - { - return $userId; - } - - return $token->userid; + return $userId ? $userId : $token->userid; } - $this->setError(JText::_('COM_API_KEY_NOT_FOUND')); + $this->setError(Text::_('COM_API_KEY_NOT_FOUND')); return false; } @@ -57,11 +51,11 @@ public function authenticate() * * @param STRING $hash The token hash * - * @return OBJECT + * @return OBJECT|boolean */ public function loadTokenByHash($hash) { - $table = JTable::getInstance('Key', 'ApiTable'); + $table = Table::getInstance('Key', 'ApiTable'); $table->loadByHash($hash); return $table; diff --git a/code/site/libraries/plugin.php b/code/site/libraries/plugin.php index c1ebadc..5929b1f 100755 --- a/code/site/libraries/plugin.php +++ b/code/site/libraries/plugin.php @@ -12,9 +12,14 @@ defined('_JEXEC') or die('Restricted access'); -jimport('joomla.plugin.plugin'); -jimport('joomla.filesystem.file'); -jimport('joomla.application.component.helper'); +use Joomla\CMS\Plugin\CMSPlugin; +use Joomla\CMS\Plugin\PluginHelper; +use Joomla\CMS\Factory; +use Joomla\CMS\Uri\Uri; +use Joomla\CMS\Language\Text; +use Joomla\CMS\Component\ComponentHelper; +use Joomla\CMS\Filesystem\File; +use Joomla\CMS\Table\Table; /** * API_plugin base class @@ -22,7 +27,7 @@ * * @since 1.0 */ -class ApiPlugin extends JPlugin +class ApiPlugin extends CMSPlugin { protected $user = null; @@ -65,9 +70,9 @@ class ApiPlugin extends JPlugin */ public static function getInstance($name) { - $app = JFactory::getApplication(); + $app = Factory::getApplication(); $param_path = JPATH_BASE . self::$plg_path . $name . '.xml'; - $plugin = JPluginHelper::getPlugin('api', $name); + $plugin = PluginHelper::getPlugin('api', $name); if (isset(self::$instances[$name])) { @@ -86,14 +91,14 @@ public static function getInstance($name) if (empty($plugin)) { - ApiError::raiseError(400, JText::sprintf('COM_API_PLUGIN_CLASS_NOT_FOUND', ucfirst($name)), 'APINotFoundException'); + ApiError::raiseError(400, Text::sprintf('COM_API_PLUGIN_CLASS_NOT_FOUND', ucfirst($name)), 'APINotFoundException'); } $plgfile = JPATH_BASE . self::$plg_path . $name . '/' . $name . '.php'; - if (! JFile::exists($plgfile)) + if (! File::exists($plgfile)) { - ApiError::raiseError(400, JText::sprintf('COM_API_FILE_NOT_FOUND', ucfirst($name)), 'APINotFoundException'); + ApiError::raiseError(400, Text::sprintf('COM_API_FILE_NOT_FOUND', ucfirst($name)), 'APINotFoundException'); } include_once $plgfile; @@ -101,10 +106,10 @@ public static function getInstance($name) if (! class_exists($class)) { - ApiError::raiseError(400, JText::sprintf('COM_API_PLUGIN_CLASS_NOT_FOUND', ucfirst($name)), 'APINotFoundException'); + ApiError::raiseError(400, Text::sprintf('COM_API_PLUGIN_CLASS_NOT_FOUND', ucfirst($name)), 'APINotFoundException'); } - $cparams = JComponentHelper::getParams('com_api'); + $cparams = ComponentHelper::getParams('com_api'); $handler = new $class($dispatcher, array('params' => $cparams)); $handler->set('params', $cparams); @@ -177,12 +182,14 @@ public function __construct(&$subject, $config = array()) protected function negotiateContent($output = null) { $format = null; + $server = Factory::getApplication()->input->server; + $httpAccept = $server->get('HTTP_ACCEPT', array(), 'ARRAY'); - if (is_null($output) && isset($_SERVER['HTTP_ACCEPT'])) + if (is_null($output) && !empty($httpAccept)) { - if (in_array($_SERVER['HTTP_ACCEPT'], array_keys($this->content_types))) + if (in_array($httpAccept, array_keys($this->content_types))) { - $format = $_SERVER['HTTP_ACCEPT']; + $format = $httpAccept; } } elseif (in_array($output, $this->content_types)) @@ -241,14 +248,7 @@ final public function getResourceAccess($resource, $method = 'GET', $returnParam } else { - if ($returnParamsDefault) - { - return $this->params->get('resource_access', 'protected'); - } - else - { - return false; - } + return $returnParamsDefault ? $this->params->get('resource_access', 'protected') : false; } } @@ -279,7 +279,7 @@ final public function fetchResource($resource_name = null) $user = APIAuthentication::authenticateRequest(); $this->set('user', $user); - $session = JFactory::getSession(); + $session = Factory::getSession(); $session->set('user', $user); $access = $this->getResourceAccess($resource_name, $this->request_method); @@ -291,7 +291,7 @@ final public function fetchResource($resource_name = null) if (! $this->checkRequestLimit()) { - ApiError::raiseError(403, JText::_('COM_API_RATE_LIMIT_EXCEEDED'), 'APIUnauthorisedException'); + ApiError::raiseError(403, Text::_('COM_API_RATE_LIMIT_EXCEEDED'), 'APIUnauthorisedException'); } $this->lastUsed(); @@ -321,12 +321,12 @@ final private function checkInternally($resource_name) { if (! method_exists($this, $resource_name)) { - ApiError::raiseError(404, JText::sprintf('COM_API_PLUGIN_METHOD_NOT_FOUND', ucfirst($resource_name)), 'APINotFoundException'); + ApiError::raiseError(404, Text::sprintf('COM_API_PLUGIN_METHOD_NOT_FOUND', ucfirst($resource_name)), 'APINotFoundException'); } if (! is_callable(array($this, $resource_name))) { - ApiError::raiseError(404, JText::sprintf('COM_API_PLUGIN_METHOD_NOT_CALLABLE', ucfirst($resource_name)), 'APINotFoundException'); + ApiError::raiseError(404, Text::sprintf('COM_API_PLUGIN_METHOD_NOT_CALLABLE', ucfirst($resource_name)), 'APINotFoundException'); } return true; @@ -341,7 +341,7 @@ final private function checkInternally($resource_name) */ final private function checkRequestLimit() { - $app = JFactory::getApplication(); + $app = Factory::getApplication(); $limit = $this->params->get('request_limit', 0); if ($limit == 0) @@ -349,10 +349,9 @@ final private function checkRequestLimit() return true; } - $hash = $app->input->get('key', '', 'STRING'); + $hash = APIAuthentication::getBearerToken(); $ip_address = $app->input->server->get('REMOTE_ADDR', '', 'STRING'); - - $time = $this->params->get('request_limit_time', 'hour'); + $time = $this->params->get('request_limit_time', 'hour'); switch ($time) { @@ -372,7 +371,7 @@ final private function checkRequestLimit() $query_time = time() - $offset; - $db = JFactory::getDBO(); + $db = Factory::getDBO(); $query = $db->getQuery(true); $query->select('COUNT(*)'); $query->from($db->quoteName('#__api_logs')); @@ -381,14 +380,7 @@ final private function checkRequestLimit() $db->setQuery($query); $result = $db->loadResult(); - if ($result >= $limit) - { - return false; - } - else - { - return true; - } + return $result >= $limit ? false : true; } /** @@ -407,14 +399,14 @@ final private function log() return; } - $app = JFactory::getApplication(); + $app = Factory::getApplication(); // For exclude password from log - $params = JComponentHelper::getParams('com_api'); + $params = ComponentHelper::getParams('com_api'); $excludes = $params->get('exclude_log'); $raw_post = file_get_contents('php://input'); $redactions = explode(",", $excludes); - $req_url = JURI::current() . '?' . JFactory::getURI()->getQuery(); + $req_url = Uri::getInstance()->toString(); switch ($app->input->server->get('CONTENT_TYPE')) { @@ -440,9 +432,9 @@ final private function log() break; } - $table = JTable::getInstance('Log', 'ApiTable'); - $date = JFactory::getDate(); - $table->hash = $app->input->get('key', '', 'STRING'); + $table = Table::getInstance('Log', 'ApiTable'); + $date = Factory::getDate(); + $table->hash = APIAuthentication::getBearerToken(); $table->ip_address = $app->input->server->get('REMOTE_ADDR', '', 'STRING'); $table->time = $date->toSql(); $table->request = $req_url; @@ -462,10 +454,9 @@ final private function log() */ final private function lastUsed() { - $app = JFactory::getApplication(); - $table = JTable::getInstance('Key', 'ApiTable'); + $table = Table::getInstance('Key', 'ApiTable'); + $hash = APIAuthentication::getBearerToken(); - $hash = $app->input->get('key', '', 'STRING'); $table->setLastUsed($hash); } @@ -504,7 +495,7 @@ public function setApiResponse($error, $data) if ($error) { $result->err_code = $this->err_code; - $result->err_message = JText::_($this->err_message); + $result->err_message = Text::_($this->err_message); } else { @@ -523,7 +514,7 @@ public function setApiResponse($error, $data) */ public function encode() { - $document = JFactory::getDocument(); + $document = Factory::getDocument(); $document->setMimeEncoding($this->format); $format_name = $this->content_types[$this->format]; @@ -531,12 +522,12 @@ public function encode() if (! method_exists($this, $method)) { - ApiError::raiseError(406, JText::_('COM_API_PLUGIN_NO_ENCODER')); + ApiError::raiseError(406, Text::_('COM_API_PLUGIN_NO_ENCODER')); } if (! is_callable(array($this, $method))) { - ApiError::raiseError(404, JText::_('COM_API_PLUGIN_NO_ENCODER')); + ApiError::raiseError(404, Text::_('COM_API_PLUGIN_NO_ENCODER')); } return $this->$method();