summaryrefslogtreecommitdiff
path: root/app
diff options
context:
space:
mode:
Diffstat (limited to 'app')
-rw-r--r--app/Api/AuthApi.php82
-rw-r--r--app/Api/BaseApi.php45
-rw-r--r--app/Api/Middleware/AuthenticationApiMiddleware.php130
-rw-r--r--app/Core/Base.php1
-rw-r--r--app/ServiceProvider/ApiProvider.php74
-rw-r--r--app/common.php1
6 files changed, 206 insertions, 127 deletions
diff --git a/app/Api/AuthApi.php b/app/Api/AuthApi.php
deleted file mode 100644
index 1cbce5ae..00000000
--- a/app/Api/AuthApi.php
+++ /dev/null
@@ -1,82 +0,0 @@
-<?php
-
-namespace Kanboard\Api;
-
-use JsonRPC\Exception\AuthenticationFailureException;
-
-/**
- * Base class
- *
- * @package Kanboard\Api
- * @author Frederic Guillot
- */
-class AuthApi extends BaseApi
-{
- /**
- * Check api credentials
- *
- * @access public
- * @param string $username
- * @param string $password
- * @param string $class
- * @param string $method
- * @throws AuthenticationFailureException
- */
- public function checkCredentials($username, $password, $class, $method)
- {
- $this->dispatcher->dispatch('app.bootstrap');
-
- if ($this->isUserAuthenticated($username, $password)) {
- $this->checkProcedurePermission(true, $method);
- $this->userSession->initialize($this->userModel->getByUsername($username));
- } elseif ($this->isAppAuthenticated($username, $password)) {
- $this->checkProcedurePermission(false, $method);
- } else {
- $this->logger->error('API authentication failure for '.$username);
- throw new AuthenticationFailureException('Wrong credentials');
- }
- }
-
- /**
- * Check user credentials
- *
- * @access public
- * @param string $username
- * @param string $password
- * @return boolean
- */
- private function isUserAuthenticated($username, $password)
- {
- return $username !== 'jsonrpc' &&
- ! $this->userLockingModel->isLocked($username) &&
- $this->authenticationManager->passwordAuthentication($username, $password);
- }
-
- /**
- * Check administrative credentials
- *
- * @access public
- * @param string $username
- * @param string $password
- * @return boolean
- */
- private function isAppAuthenticated($username, $password)
- {
- return $username === 'jsonrpc' && $password === $this->getApiToken();
- }
-
- /**
- * Get API Token
- *
- * @access private
- * @return string
- */
- private function getApiToken()
- {
- if (defined('API_AUTHENTICATION_TOKEN')) {
- return API_AUTHENTICATION_TOKEN;
- }
-
- return $this->configModel->get('api_token');
- }
-}
diff --git a/app/Api/BaseApi.php b/app/Api/BaseApi.php
index ae41e5b5..9f69aa65 100644
--- a/app/Api/BaseApi.php
+++ b/app/Api/BaseApi.php
@@ -13,51 +13,6 @@ use Kanboard\Core\Base;
*/
abstract class BaseApi extends Base
{
- private $user_allowed_procedures = array(
- 'getMe',
- 'getMyDashboard',
- 'getMyActivityStream',
- 'createMyPrivateProject',
- 'getMyProjectsList',
- 'getMyProjects',
- 'getMyOverdueTasks',
- );
-
- private $both_allowed_procedures = array(
- 'getTimezone',
- 'getVersion',
- 'getDefaultTaskColor',
- 'getDefaultTaskColors',
- 'getColorList',
- 'getProjectById',
- 'getTask',
- 'getTaskByReference',
- 'getAllTasks',
- 'openTask',
- 'closeTask',
- 'moveTaskPosition',
- 'createTask',
- 'updateTask',
- 'getBoard',
- 'getProjectActivity',
- 'getOverdueTasksByProject',
- 'searchTasks',
- );
-
- public function checkProcedurePermission($is_user, $procedure)
- {
- $is_both_procedure = in_array($procedure, $this->both_allowed_procedures);
- $is_user_procedure = in_array($procedure, $this->user_allowed_procedures);
-
- if ($is_user && ! $is_both_procedure && ! $is_user_procedure) {
- throw new AccessDeniedException('Permission denied');
- } elseif (! $is_user && ! $is_both_procedure && $is_user_procedure) {
- throw new AccessDeniedException('Permission denied');
- }
-
- $this->logger->debug('API call: '.$procedure);
- }
-
public function checkProjectPermission($project_id)
{
if ($this->userSession->isLogged() && ! $this->projectPermissionModel->isUserAllowed($project_id, $this->userSession->getId())) {
diff --git a/app/Api/Middleware/AuthenticationApiMiddleware.php b/app/Api/Middleware/AuthenticationApiMiddleware.php
new file mode 100644
index 00000000..5f63e1a1
--- /dev/null
+++ b/app/Api/Middleware/AuthenticationApiMiddleware.php
@@ -0,0 +1,130 @@
+<?php
+
+namespace Kanboard\Api\Middleware;
+
+use JsonRPC\Exception\AccessDeniedException;
+use JsonRPC\Exception\AuthenticationFailureException;
+use JsonRPC\MiddlewareInterface;
+use Kanboard\Core\Base;
+
+/**
+ * Class AuthenticationApiMiddleware
+ *
+ * @package Kanboard\Api\Middleware
+ * @author Frederic Guillot
+ */
+class AuthenticationApiMiddleware extends Base implements MiddlewareInterface
+{
+ private $user_allowed_procedures = array(
+ 'getMe',
+ 'getMyDashboard',
+ 'getMyActivityStream',
+ 'createMyPrivateProject',
+ 'getMyProjectsList',
+ 'getMyProjects',
+ 'getMyOverdueTasks',
+ );
+
+ private $both_allowed_procedures = array(
+ 'getTimezone',
+ 'getVersion',
+ 'getDefaultTaskColor',
+ 'getDefaultTaskColors',
+ 'getColorList',
+ 'getProjectById',
+ 'getTask',
+ 'getTaskByReference',
+ 'getAllTasks',
+ 'openTask',
+ 'closeTask',
+ 'moveTaskPosition',
+ 'createTask',
+ 'updateTask',
+ 'getBoard',
+ 'getProjectActivity',
+ 'getOverdueTasksByProject',
+ 'searchTasks',
+ );
+
+ /**
+ * Execute Middleware
+ *
+ * @access public
+ * @param string $username
+ * @param string $password
+ * @param string $procedureName
+ * @throws AccessDeniedException
+ * @throws AuthenticationFailureException
+ */
+ public function execute($username, $password, $procedureName)
+ {
+ $this->dispatcher->dispatch('app.bootstrap');
+
+ if ($this->isUserAuthenticated($username, $password)) {
+ $this->checkProcedurePermission(true, $procedureName);
+ $this->userSession->initialize($this->userModel->getByUsername($username));
+ } elseif ($this->isAppAuthenticated($username, $password)) {
+ $this->checkProcedurePermission(false, $procedureName);
+ } else {
+ $this->logger->error('API authentication failure for '.$username);
+ throw new AuthenticationFailureException('Wrong credentials');
+ }
+ }
+
+ /**
+ * Check user credentials
+ *
+ * @access public
+ * @param string $username
+ * @param string $password
+ * @return boolean
+ */
+ private function isUserAuthenticated($username, $password)
+ {
+ return $username !== 'jsonrpc' &&
+ ! $this->userLockingModel->isLocked($username) &&
+ $this->authenticationManager->passwordAuthentication($username, $password);
+ }
+
+ /**
+ * Check administrative credentials
+ *
+ * @access public
+ * @param string $username
+ * @param string $password
+ * @return boolean
+ */
+ private function isAppAuthenticated($username, $password)
+ {
+ return $username === 'jsonrpc' && $password === $this->getApiToken();
+ }
+
+ /**
+ * Get API Token
+ *
+ * @access private
+ * @return string
+ */
+ private function getApiToken()
+ {
+ if (defined('API_AUTHENTICATION_TOKEN')) {
+ return API_AUTHENTICATION_TOKEN;
+ }
+
+ return $this->configModel->get('api_token');
+ }
+
+ public function checkProcedurePermission($is_user, $procedure)
+ {
+ $is_both_procedure = in_array($procedure, $this->both_allowed_procedures);
+ $is_user_procedure = in_array($procedure, $this->user_allowed_procedures);
+
+ if ($is_user && ! $is_both_procedure && ! $is_user_procedure) {
+ throw new AccessDeniedException('Permission denied');
+ } elseif (! $is_user && ! $is_both_procedure && $is_user_procedure) {
+ throw new AccessDeniedException('Permission denied');
+ }
+
+ $this->logger->debug('API call: '.$procedure);
+ }
+}
diff --git a/app/Core/Base.php b/app/Core/Base.php
index 99c093e4..725bd7c0 100644
--- a/app/Core/Base.php
+++ b/app/Core/Base.php
@@ -140,6 +140,7 @@ use Pimple\Container;
* @property \Psr\Log\LoggerInterface $logger
* @property \PicoDb\Database $db
* @property \Symfony\Component\EventDispatcher\EventDispatcher $dispatcher
+ * @property \JsonRPC\Server $api
*/
abstract class Base
{
diff --git a/app/ServiceProvider/ApiProvider.php b/app/ServiceProvider/ApiProvider.php
new file mode 100644
index 00000000..19d945f6
--- /dev/null
+++ b/app/ServiceProvider/ApiProvider.php
@@ -0,0 +1,74 @@
+<?php
+
+namespace Kanboard\ServiceProvider;
+
+use JsonRPC\Server;
+use Kanboard\Api\ActionApi;
+use Kanboard\Api\AppApi;
+use Kanboard\Api\BoardApi;
+use Kanboard\Api\CategoryApi;
+use Kanboard\Api\ColumnApi;
+use Kanboard\Api\CommentApi;
+use Kanboard\Api\FileApi;
+use Kanboard\Api\GroupApi;
+use Kanboard\Api\GroupMemberApi;
+use Kanboard\Api\LinkApi;
+use Kanboard\Api\MeApi;
+use Kanboard\Api\Middleware\AuthenticationApiMiddleware;
+use Kanboard\Api\ProjectApi;
+use Kanboard\Api\ProjectPermissionApi;
+use Kanboard\Api\SubtaskApi;
+use Kanboard\Api\SwimlaneApi;
+use Kanboard\Api\TaskApi;
+use Kanboard\Api\TaskLinkApi;
+use Kanboard\Api\UserApi;
+use Pimple\Container;
+use Pimple\ServiceProviderInterface;
+
+/**
+ * Class ApiProvider
+ *
+ * @package Kanboard\ServiceProvider
+ * @author Frederic Guillot
+ */
+class ApiProvider implements ServiceProviderInterface
+{
+ /**
+ * Registers services on the given container.
+ *
+ * @param Container $container
+ * @return Container
+ */
+ public function register(Container $container)
+ {
+ $server = new Server();
+ $server->setAuthenticationHeader(API_AUTHENTICATION_HEADER);
+ $server->getMiddlewareHandler()
+ ->withMiddleware(new AuthenticationApiMiddleware($container))
+ ;
+
+ $server->getProcedureHandler()
+ ->withObject(new MeApi($container))
+ ->withObject(new ActionApi($container))
+ ->withObject(new AppApi($container))
+ ->withObject(new BoardApi($container))
+ ->withObject(new ColumnApi($container))
+ ->withObject(new CategoryApi($container))
+ ->withObject(new CommentApi($container))
+ ->withObject(new FileApi($container))
+ ->withObject(new LinkApi($container))
+ ->withObject(new ProjectApi($container))
+ ->withObject(new ProjectPermissionApi($container))
+ ->withObject(new SubtaskApi($container))
+ ->withObject(new SwimlaneApi($container))
+ ->withObject(new TaskApi($container))
+ ->withObject(new TaskLinkApi($container))
+ ->withObject(new UserApi($container))
+ ->withObject(new GroupApi($container))
+ ->withObject(new GroupMemberApi($container))
+ ;
+
+ $container['api'] = $server;
+ return $container;
+ }
+}
diff --git a/app/common.php b/app/common.php
index 4781ddb4..e73d3a64 100644
--- a/app/common.php
+++ b/app/common.php
@@ -47,4 +47,5 @@ $container->register(new Kanboard\ServiceProvider\ExternalLinkProvider());
$container->register(new Kanboard\ServiceProvider\AvatarProvider());
$container->register(new Kanboard\ServiceProvider\FilterProvider());
$container->register(new Kanboard\ServiceProvider\QueueProvider());
+$container->register(new Kanboard\ServiceProvider\ApiProvider());
$container->register(new Kanboard\ServiceProvider\PluginProvider());