diff --git a/modules/content_management/class/class_content_manager_tools_Abstract.php b/modules/content_management/class/class_content_manager_tools_Abstract.php
index 0c9a44c111e2ffbfaebdbf882d635396c700ab9d..f7ad3ab383ab63cbc66dc5aaf13e007f539d3e48 100755
--- a/modules/content_management/class/class_content_manager_tools_Abstract.php
+++ b/modules/content_management/class/class_content_manager_tools_Abstract.php
@@ -443,10 +443,19 @@ abstract class content_management_tools_Abstract
$jnlp_attribute1 = $docXML->createAttribute('spec');
$jnlp_attribute1->value = '6.0+';
$jnlp_balise->appendChild($jnlp_attribute1);
+
+ $pathUrl = trim($_SESSION['config']['coreurl'], '/');
+
$jnlp_attribute2 = $docXML->createAttribute('codebase');
- $jnlp_attribute2->value = $_SESSION['config']['tmppath'];
+ $jnlp_attribute2->value = $pathUrl . '/rest/jnlpDownload/';
$jnlp_balise->appendChild($jnlp_attribute2);
+ $jnlp_attribute3 = $docXML->createAttribute('href');
+ $jnlp_attribute3->value = $jnlp_name;
+ $jnlp_balise->appendChild($jnlp_attribute3);
+
+ //"{$pathUrl}/rest/jnlp?fileName={$jnlp_name}";
+
$info_balise=$docXML->createElement("information");
$title_balise=$docXML->createElement("title","Editeur de modèle de document");
@@ -626,7 +635,7 @@ abstract class content_management_tools_Abstract
$_SESSION['cm_applet'][$_SESSION['user']['UserId']][$uid_applet_name]=$uid_applet_name.'.lck';
$pathUrl = trim($_SESSION['config']['coreurl'], '/');
- $file = "{$pathUrl}/rest/jnlp?fileName={$jnlp_name}";
+ $file = "{$pathUrl}/rest/jnlpDownload/{$jnlp_name}";
//echo '<a id="jnlp_file" href="'.$file.'" onclick="window.location.href=\''.$file.'\';self.close();"></a>';
echo '<script>window.location.href=\''.$file.'\';if($(\'CMApplet\')) {destroyModal(\'CMApplet\');};if($(\'CMApplet\')) {destroyModal(\'CMApplet\');};</script>';
diff --git a/rest/index.php b/rest/index.php
index 0e7f357a31d7285e7ac7e710e26d70f40e373b11..f29ef20cfc7bf4a2a38b7959c5d50c72d8ed8567 100755
--- a/rest/index.php
+++ b/rest/index.php
@@ -28,28 +28,34 @@ require_once("src/core/lang/lang-{$language}.php");
$app = new \Slim\App(['settings' => ['displayErrorDetails' => true, 'determineRouteBeforeAppMiddleware' => true]]);
+//route without auth
+$app->get('/jnlpDownload/{jnlpUniqueId}', \ContentManagement\controllers\JnlpController::class . ':donwloadJnlp');
+
//Authentication
$app->add(function (\Slim\Http\Request $request, \Slim\Http\Response $response, callable $next) {
- $userId = \SrcCore\controllers\AuthenticationController::authentication();
-
- if (!empty($userId)) {
- $GLOBALS['userId'] = $userId;
- $route = $request->getAttribute('route');
- if (!empty($route)) {
- $currentRoute = $route->getPattern();
- $r = \SrcCore\controllers\AuthenticationController::isRouteAvailable(['userId' => $userId, 'currentRoute' => $currentRoute]);
- if (!$r['isRouteAvailable']) {
- return $response->withStatus(405)->withJson(['errors' => $r['errors']]);
+ $route = $request->getAttribute('route');
+ if ($route->getPattern() <> '/jnlpDownload/{jnlpUniqueId}') {
+ $userId = \SrcCore\controllers\AuthenticationController::authentication();
+ if (!empty($userId)) {
+ $GLOBALS['userId'] = $userId;
+ if (!empty($route)) {
+ $currentRoute = $route->getPattern();
+ $r = \SrcCore\controllers\AuthenticationController::isRouteAvailable(['userId' => $userId, 'currentRoute' => $currentRoute]);
+ if (!$r['isRouteAvailable']) {
+ return $response->withStatus(405)->withJson(['errors' => $r['errors']]);
+ }
}
+ $response = $next($request, $response);
+ return $response;
+ } else {
+ return $response->withStatus(401)->withJson(['errors' => 'Authentication Failed']);
}
+ } else {
$response = $next($request, $response);
return $response;
- } else {
- return $response->withStatus(401)->withJson(['errors' => 'Authentication Failed']);
}
});
-
//Initialize
$app->get('/initialize', \SrcCore\controllers\CoreController::class . ':initialize');
@@ -171,7 +177,8 @@ $app->get('/home/lastRessources', \Home\controllers\HomeController::class . ':ge
//Jnlp
$app->post('/jnlp', \ContentManagement\controllers\JnlpController::class . ':generateJnlp');
-$app->get('/jnlp', \ContentManagement\controllers\JnlpController::class . ':renderJnlp');
+
+//$app->get('/jnlp/{jnlpUniqueId}', \ContentManagement\controllers\JnlpController::class . ':renderJnlp');
$app->post('/jnlp/{jnlpUniqueId}', \ContentManagement\controllers\JnlpController::class . ':processJnlp');
$app->get('/jnlp/lock/{jnlpUniqueId}', \ContentManagement\controllers\JnlpController::class . ':isLockFileExisting');
diff --git a/src/app/contentManagement/controllers/JnlpController.php b/src/app/contentManagement/controllers/JnlpController.php
index 6e9992c00771ca64a342c1bb6a5847348723f218..873f85c5b97c0a08e3cadb8ed0afb097ad20edf3 100644
--- a/src/app/contentManagement/controllers/JnlpController.php
+++ b/src/app/contentManagement/controllers/JnlpController.php
@@ -180,18 +180,18 @@ class JnlpController
return $response->withJson(['generatedJnlp' => $jnlpFileNameExt, 'jnlpUniqueId' => $jnlpUniqueId]);
}
- public function renderJnlp(Request $request, Response $response)
+ public function donwloadJnlp(Request $request, Response $response, array $aArgs)
{
$data = $request->getQueryParams();
- if (explode('.', $data['fileName'])[1] != 'jnlp') {
+ if (explode('.', $aArgs['jnlpUniqueId'])[1] != 'jnlp') {
return $response->withStatus(403)->withJson(['errors' => 'File extension forbidden']);
- } elseif (strpos($data['fileName'], "{$GLOBALS['userId']}_maarchCM_") === false) {
+ } elseif (strpos($aArgs['jnlpUniqueId'], "{$GLOBALS['userId']}_maarchCM_") === false) {
return $response->withStatus(403)->withJson(['errors' => 'File name forbidden']);
}
$tmpPath = CoreConfigModel::getTmpPath();
- $jnlp = file_get_contents($tmpPath . $data['fileName']);
+ $jnlp = file_get_contents($tmpPath . $aArgs['jnlpUniqueId']);
if ($jnlp === false) {
return $response->withStatus(404)->withJson(['errors' => 'Jnlp file not found on ' . $tmpPath]);
}
@@ -201,6 +201,7 @@ class JnlpController
return $response->withHeader('Content-Type', 'application/x-java-jnlp-file');
}
+
public function processJnlp(Request $request, Response $response, array $aArgs)
{
$data = $request->getParams();