From 2c02533f20f8dc903b6809f3f1be0160b40c7db8 Mon Sep 17 00:00:00 2001
From: Laurent Giovannoni <laurent.giovannoni@maarch.org>
Date: Tue, 23 Oct 2018 19:08:32 +0200
Subject: [PATCH] FEAT # 8375
---
.../class_content_manager_tools_Abstract.php | 13 +++++--
rest/index.php | 35 +++++++++++--------
.../controllers/JnlpController.php | 9 ++---
3 files changed, 37 insertions(+), 20 deletions(-)
diff --git a/modules/content_management/class/class_content_manager_tools_Abstract.php b/modules/content_management/class/class_content_manager_tools_Abstract.php
index 0c9a44c111e..f7ad3ab383a 100755
--- a/modules/content_management/class/class_content_manager_tools_Abstract.php
+++ b/modules/content_management/class/class_content_manager_tools_Abstract.php
@@ -443,10 +443,19 @@ abstract class content_management_tools_Abstract
$jnlp_attribute1 = $docXML->createAttribute('spec');
$jnlp_attribute1->value = '6.0+';
$jnlp_balise->appendChild($jnlp_attribute1);
+
+ $pathUrl = trim($_SESSION['config']['coreurl'], '/');
+
$jnlp_attribute2 = $docXML->createAttribute('codebase');
- $jnlp_attribute2->value = $_SESSION['config']['tmppath'];
+ $jnlp_attribute2->value = $pathUrl . '/rest/jnlpDownload/';
$jnlp_balise->appendChild($jnlp_attribute2);
+ $jnlp_attribute3 = $docXML->createAttribute('href');
+ $jnlp_attribute3->value = $jnlp_name;
+ $jnlp_balise->appendChild($jnlp_attribute3);
+
+ //"{$pathUrl}/rest/jnlp?fileName={$jnlp_name}";
+
$info_balise=$docXML->createElement("information");
$title_balise=$docXML->createElement("title","Editeur de modèle de document");
@@ -626,7 +635,7 @@ abstract class content_management_tools_Abstract
$_SESSION['cm_applet'][$_SESSION['user']['UserId']][$uid_applet_name]=$uid_applet_name.'.lck';
$pathUrl = trim($_SESSION['config']['coreurl'], '/');
- $file = "{$pathUrl}/rest/jnlp?fileName={$jnlp_name}";
+ $file = "{$pathUrl}/rest/jnlpDownload/{$jnlp_name}";
//echo '<a id="jnlp_file" href="'.$file.'" onclick="window.location.href=\''.$file.'\';self.close();"></a>';
echo '<script>window.location.href=\''.$file.'\';if($(\'CMApplet\')) {destroyModal(\'CMApplet\');};if($(\'CMApplet\')) {destroyModal(\'CMApplet\');};</script>';
diff --git a/rest/index.php b/rest/index.php
index 0e7f357a31d..f29ef20cfc7 100755
--- a/rest/index.php
+++ b/rest/index.php
@@ -28,28 +28,34 @@ require_once("src/core/lang/lang-{$language}.php");
$app = new \Slim\App(['settings' => ['displayErrorDetails' => true, 'determineRouteBeforeAppMiddleware' => true]]);
+//route without auth
+$app->get('/jnlpDownload/{jnlpUniqueId}', \ContentManagement\controllers\JnlpController::class . ':donwloadJnlp');
+
//Authentication
$app->add(function (\Slim\Http\Request $request, \Slim\Http\Response $response, callable $next) {
- $userId = \SrcCore\controllers\AuthenticationController::authentication();
-
- if (!empty($userId)) {
- $GLOBALS['userId'] = $userId;
- $route = $request->getAttribute('route');
- if (!empty($route)) {
- $currentRoute = $route->getPattern();
- $r = \SrcCore\controllers\AuthenticationController::isRouteAvailable(['userId' => $userId, 'currentRoute' => $currentRoute]);
- if (!$r['isRouteAvailable']) {
- return $response->withStatus(405)->withJson(['errors' => $r['errors']]);
+ $route = $request->getAttribute('route');
+ if ($route->getPattern() <> '/jnlpDownload/{jnlpUniqueId}') {
+ $userId = \SrcCore\controllers\AuthenticationController::authentication();
+ if (!empty($userId)) {
+ $GLOBALS['userId'] = $userId;
+ if (!empty($route)) {
+ $currentRoute = $route->getPattern();
+ $r = \SrcCore\controllers\AuthenticationController::isRouteAvailable(['userId' => $userId, 'currentRoute' => $currentRoute]);
+ if (!$r['isRouteAvailable']) {
+ return $response->withStatus(405)->withJson(['errors' => $r['errors']]);
+ }
}
+ $response = $next($request, $response);
+ return $response;
+ } else {
+ return $response->withStatus(401)->withJson(['errors' => 'Authentication Failed']);
}
+ } else {
$response = $next($request, $response);
return $response;
- } else {
- return $response->withStatus(401)->withJson(['errors' => 'Authentication Failed']);
}
});
-
//Initialize
$app->get('/initialize', \SrcCore\controllers\CoreController::class . ':initialize');
@@ -171,7 +177,8 @@ $app->get('/home/lastRessources', \Home\controllers\HomeController::class . ':ge
//Jnlp
$app->post('/jnlp', \ContentManagement\controllers\JnlpController::class . ':generateJnlp');
-$app->get('/jnlp', \ContentManagement\controllers\JnlpController::class . ':renderJnlp');
+
+//$app->get('/jnlp/{jnlpUniqueId}', \ContentManagement\controllers\JnlpController::class . ':renderJnlp');
$app->post('/jnlp/{jnlpUniqueId}', \ContentManagement\controllers\JnlpController::class . ':processJnlp');
$app->get('/jnlp/lock/{jnlpUniqueId}', \ContentManagement\controllers\JnlpController::class . ':isLockFileExisting');
diff --git a/src/app/contentManagement/controllers/JnlpController.php b/src/app/contentManagement/controllers/JnlpController.php
index 6e9992c0077..873f85c5b97 100644
--- a/src/app/contentManagement/controllers/JnlpController.php
+++ b/src/app/contentManagement/controllers/JnlpController.php
@@ -180,18 +180,18 @@ class JnlpController
return $response->withJson(['generatedJnlp' => $jnlpFileNameExt, 'jnlpUniqueId' => $jnlpUniqueId]);
}
- public function renderJnlp(Request $request, Response $response)
+ public function donwloadJnlp(Request $request, Response $response, array $aArgs)
{
$data = $request->getQueryParams();
- if (explode('.', $data['fileName'])[1] != 'jnlp') {
+ if (explode('.', $aArgs['jnlpUniqueId'])[1] != 'jnlp') {
return $response->withStatus(403)->withJson(['errors' => 'File extension forbidden']);
- } elseif (strpos($data['fileName'], "{$GLOBALS['userId']}_maarchCM_") === false) {
+ } elseif (strpos($aArgs['jnlpUniqueId'], "{$GLOBALS['userId']}_maarchCM_") === false) {
return $response->withStatus(403)->withJson(['errors' => 'File name forbidden']);
}
$tmpPath = CoreConfigModel::getTmpPath();
- $jnlp = file_get_contents($tmpPath . $data['fileName']);
+ $jnlp = file_get_contents($tmpPath . $aArgs['jnlpUniqueId']);
if ($jnlp === false) {
return $response->withStatus(404)->withJson(['errors' => 'Jnlp file not found on ' . $tmpPath]);
}
@@ -201,6 +201,7 @@ class JnlpController
return $response->withHeader('Content-Type', 'application/x-java-jnlp-file');
}
+
public function processJnlp(Request $request, Response $response, array $aArgs)
{
$data = $request->getParams();
--
GitLab