From d458b6b852a7161dd73e31d45499faa5bbbac88a Mon Sep 17 00:00:00 2001 From: Tim Otten Date: Thu, 4 Mar 2021 01:25:20 -0800 Subject: [PATCH] authx - Allow `civicrm/ajax/rest` to accept auth params akin to `extern/rest.php` --- .../Civi/Authx/LegacyRestAuthenticator.php | 42 +++++++++++++++++ ext/authx/authx.php | 4 ++ ext/authx/settings/authx.setting.php | 7 ++- tests/phpunit/E2E/Extern/AuthxRestTest.php | 45 +++++++++++++++++++ 4 files changed, 97 insertions(+), 1 deletion(-) create mode 100644 ext/authx/Civi/Authx/LegacyRestAuthenticator.php create mode 100644 tests/phpunit/E2E/Extern/AuthxRestTest.php diff --git a/ext/authx/Civi/Authx/LegacyRestAuthenticator.php b/ext/authx/Civi/Authx/LegacyRestAuthenticator.php new file mode 100644 index 000000000000..aaf37892ca7c --- /dev/null +++ b/ext/authx/Civi/Authx/LegacyRestAuthenticator.php @@ -0,0 +1,42 @@ + "FATAL: $message", "is_error" => 1]; + $r = new Response(200, ['Content-Type' => 'text/javascript'], json_encode($data)); + \CRM_Utils_System::sendResponse($r); + } + + protected function login(AuthenticatorTarget $tgt) { + parent::login($tgt); + \Civi::dispatcher()->addListener('hook_civicrm_permission_check', function ($e) { + if ($e->permission === 'access AJAX API') { + $e->granted = TRUE; + } + }); + } + +} diff --git a/ext/authx/authx.php b/ext/authx/authx.php index 95fd219557b8..00bcafaf43ee 100644 --- a/ext/authx/authx.php +++ b/ext/authx/authx.php @@ -36,6 +36,10 @@ _authx_redact(['_authx']); } } + + if (count($e->args) > 2 && $e->args[1] === 'ajax' && $e->args[2] === 'rest' && (!empty($_REQUEST['api_key']) || !empty($_REQUEST['key']))) { + return (new \Civi\Authx\LegacyRestAuthenticator())->auth($e, ['flow' => 'legacyrest', 'cred' => 'Bearer ' . $_REQUEST['api_key'] ?? '', 'siteKey' => $_REQUEST['key'] ?? NULL]); + } }); /** diff --git a/ext/authx/settings/authx.setting.php b/ext/authx/settings/authx.setting.php index 5613bb2f06b9..dedb9ec8bd7f 100644 --- a/ext/authx/settings/authx.setting.php +++ b/ext/authx/settings/authx.setting.php @@ -17,7 +17,7 @@ * @copyright CiviCRM LLC https://civicrm.org/licensing */ $_authx_settings = function() { - $flows = ['param', 'header', 'xheader', 'login', 'auto']; + $flows = ['param', 'header', 'xheader', 'login', 'auto', 'legacyrest']; $basic = [ 'group_name' => 'CiviCRM Preferences', 'group' => 'authx', @@ -76,6 +76,11 @@ ], ]; } + + // Override defaults for a few specific elements + $s['authx_legacyrest_cred']['default'] = ['jwt', 'api_key']; + $s['authx_legacyrest_user']['default'] = 'require'; + return $s; }; diff --git a/tests/phpunit/E2E/Extern/AuthxRestTest.php b/tests/phpunit/E2E/Extern/AuthxRestTest.php new file mode 100644 index 000000000000..ef38cad1fd27 --- /dev/null +++ b/tests/phpunit/E2E/Extern/AuthxRestTest.php @@ -0,0 +1,45 @@ +install(['authx']) + ->callback( + function() { + \CRM_Utils_System::synchronizeUsers(); + }, + 'synchronizeUsers' + ) + ->apply(); + } + + protected function getRestUrl() { + return CRM_Utils_System::url('civicrm/ajax/rest', NULL, TRUE, NULL, FALSE, TRUE); + } + + public function apiTestCases() { + $r = parent::apiTestCases(); + $r = array_filter($r, function($case) { + // The 'civicrm/ajax/rest' end-point does not support '?q' inputs. + return !isset($case[0]['q']); + }); + return $r; + } + +}