Netsyms/Mods-for-HESK-Netsyms
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Got started adding internal usage. A lot more work to handle this than I originally thought

Browse Source
This commit is contained in:
Mike Koch 2017-05-02 12:48:03 -04:00
parent e21c26689a
commit fddd3de664
6 changed files with 115 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
api/BusinessLogic/Exceptions/InternalUseOnlyException.php Normal file
View File

@ -0,0 +1,10 @@
<?php
namespace BusinessLogic\Exceptions;
class InternalUseOnlyException extends ApiFriendlyException {
function __construct() {
parent::__construct("This endpoint can only be used internally", "Internal Use Only", 400);
}
}

16
api/BusinessLogic/Exceptions/SessionNotActiveException.php Normal file
View File

@ -0,0 +1,16 @@
<?php
/**
* Created by PhpStorm.
* User: cokoch
* Date: 5/2/2017
* Time: 12:28 PM
*/
namespace BusinessLogic\Exceptions;
class SessionNotActiveException extends ApiFriendlyException {
function __construct() {
parent::__construct("You must be logged in to call internal API methods", "Authentication Required", 401);
}
}

16
api/Controllers/InternalApiController.php Normal file
View File

@ -0,0 +1,16 @@
<?php
namespace Controllers;
use BusinessLogic\Exceptions\InternalUseOnlyException;
use BusinessLogic\Helpers;
abstract class InternalApiController {
function checkForInternalUseOnly() {
$tokenHeader = Helpers::getHeader('X-AUTH-TOKEN');
if ($tokenHeader === null || trim($tokenHeader) === '') {
throw new InternalUseOnlyException();
}
}
}

26
api/Controllers/Tickets/ResendTicketEmailToCustomerController.php Normal file
View File

@ -0,0 +1,26 @@
<?php
namespace Controllers\Tickets;
use BusinessLogic\Tickets\TicketRetriever;
use Controllers\InternalApiController;
class ResendTicketEmailToCustomerController extends InternalApiController {
function get($ticketId) {
global $applicationContext, $userContext, $hesk_settings;
$this->checkForInternalUseOnly();
/* @var $ticketRetriever TicketRetriever */
$ticketRetriever = $applicationContext->get[TicketRetriever::class];
$ticket = $ticketRetriever->getTicketById($ticketId, $hesk_settings, $userContext);
$reply = -1;
if (isset($_GET['replyId'])) {
$reply = $_GET['replyId'];
}
//-- TODO Get reply if necessary including all attachments :O
}
}

27
api/index.php
View File

@ -18,8 +18,14 @@ function handle404() {
function before() { function before() {
assertApiIsEnabled(); assertApiIsEnabled();
$token = \BusinessLogic\Helpers::getHeader('X-AUTH-TOKEN'); $internalUse = \BusinessLogic\Helpers::getHeader('X-INTERNAL-CALL');
buildUserContext($token);
if ($internalUse === 'true') {
buildUserContextFromSession();
} else {
$token = \BusinessLogic\Helpers::getHeader('X-AUTH-TOKEN');
buildUserContext($token);
}
} }
function assertApiIsEnabled() { function assertApiIsEnabled() {
@ -36,6 +42,19 @@ function assertApiIsEnabled() {
return; return;
} }
function buildUserContextFromSession() {
global $userContext;
hesk_session_start();
if (!hesk_isLoggedIn(false)) {
throw new \BusinessLogic\Exceptions\SessionNotActiveException();
}
/* @var $userContext \BusinessLogic\Security\UserContext */
$userContext = \BusinessLogic\Security\UserContext::fromDataRow($_SESSION);
}
function buildUserContext($xAuthToken) { function buildUserContext($xAuthToken) {
global $applicationContext, $userContext, $hesk_settings; global $applicationContext, $userContext, $hesk_settings;
@ -161,6 +180,10 @@ Link::all(array(
// Settings // Settings
'/v1/settings' => \Controllers\Settings\SettingsController::class, '/v1/settings' => \Controllers\Settings\SettingsController::class,
/* Internal use only routes */
// Resend email response
'/v1/staff/tickets/{i}/resend-email' => \Controllers\Tickets\ResendTicketEmailToCustomerController::class,
// Any URL that doesn't match goes to the 404 handler // Any URL that doesn't match goes to the 404 handler
'404' => 'handle404' '404' => 'handle404'
)); ));

29
inc/admin_functions.inc.php
View File

@ -460,7 +460,7 @@ function hesk_autoLogin($noredirect = 0)
} // END hesk_autoLogin() } // END hesk_autoLogin()
function hesk_isLoggedIn() function hesk_isLoggedIn($redirect_if_not_logged_in = true)
{ {
global $hesk_settings; global $hesk_settings;
@ -482,8 +482,13 @@ function hesk_isLoggedIn()
} }
hesk_session_stop(); hesk_session_stop();
header('Location: ' . $url);
exit(); if ($redirect_if_not_logged_in) {
header('Location: ' . $url);
exit();
} else {
return false;
}
} else { } else {
hesk_session_regenerate_id(); hesk_session_regenerate_id();
@ -493,8 +498,13 @@ function hesk_isLoggedIn()
// Exit if user not found // Exit if user not found
if (hesk_dbNumRows($res) != 1) { if (hesk_dbNumRows($res) != 1) {
hesk_session_stop(); hesk_session_stop();
header('Location: ' . $url);
exit(); if ($redirect_if_not_logged_in) {
header('Location: ' . $url);
exit();
} else {
return false;
}
} }
// Fetch results from database // Fetch results from database
@ -503,8 +513,13 @@ function hesk_isLoggedIn()
// Verify this session is still valid // Verify this session is still valid
if (!hesk_activeSessionValidate($me['user'], $me['pass'], $_SESSION['session_verify'])) { if (!hesk_activeSessionValidate($me['user'], $me['pass'], $_SESSION['session_verify'])) {
hesk_session_stop(); hesk_session_stop();
header('Location: ' . $url);
exit(); if ($redirect_if_not_logged_in) {
header('Location: ' . $url);
exit();
} else {
return false;
}
} }
// Update session variables as needed // Update session variables as needed