Merge pull request #88 from techjoomla/release-2.3.1

Merge `Release 2.3.1` into `master`
techjoomla · Apr 9, 2019 · cb278ea · cb278ea
2 parents 488bd8b + bd149e2
commit cb278ea
Show file tree

Hide file tree

Showing 18 changed files with 831 additions and 40 deletions.
diff --git a/code/admin/language/en-GB/en-GB.com_api.ini b/code/admin/language/en-GB/en-GB.com_api.ini
@@ -99,3 +99,6 @@ UNASSIGNED_HASH="No user for this API Key"
 ; Permissions
 JACTION_MANAGELOGS="Manage Logs"
 JACTION_MANAGELOGS_DESC="Allows users in this group to manage API logs."
+
+; Since 2.3.1
+COM_API_USER_ID="ID"
diff --git a/code/admin/models/keys.php b/code/admin/models/keys.php
@@ -116,7 +116,7 @@ protected function getListQuery()
 		$query->join("LEFT", "#__users AS uc ON uc.id=a.checked_out");
 
 		// Join over the user field 'userid'
-		$query->select('userid.name AS userid');
+		$query->select('userid.name AS name');
 		$query->join('LEFT', '#__users AS userid ON userid.id = a.userid');
 
 		// Join over the user field 'created_by'
@@ -151,6 +151,12 @@ protected function getListQuery()
 			}
 		}
 
+		// Needed for login api, which try to get keys for userid trying to log in
+		if ($this->getState('user_id'))
+		{
+			$query->where('userid = ' . $db->quote($this->getState('user_id')));
+		}
+
 		// Add the list ordering clause.
 		$orderCol = $this->state->get('list.ordering');
 		$orderDirn = $this->state->get('list.direction');

diff --git a/code/admin/views/keys/tmpl/default.php b/code/admin/views/keys/tmpl/default.php
@@ -209,7 +209,8 @@ class="input-medium" onchange="Joomla.orderTable()">
 								</td>
 							<?php endif; ?>
 							<td>
-								<a href="<?php echo 'index.php?option=com_api&task=key.edit&id='.(int) $item->id; ?>"><?php echo $item->userid; ?></a>
+								<a href="<?php echo 'index.php?option=com_api&task=key.edit&id='.(int) $item->id; ?>"><?php echo $item->name; ?></a>
+								<div class="small"><?php echo JText::_('COM_API_USER_ID') . ': ' . $item->userid; ?></div>
 							</td>
 							<td>
 								<?php if (isset($item->checked_out) && $item->checked_out) : ?>

diff --git a/code/api.xml b/code/api.xml
@@ -1,13 +1,13 @@
 <?xml version="1.0" encoding="utf-8"?>
 <extension type="component" version="3.0" method="upgrade">
 	<name>com_api</name>
-	<creationDate>2014-09-09</creationDate>
+	<creationDate>10th Jan 2019</creationDate>
 	<copyright>Copyright (C) 2009-2017. All rights reserved.</copyright>
 	<license>GNU General Public License version 2 or later; see LICENSE.txt</license>
 	<author>Techjoomla</author>
 	<authorEmail>[email protected]</authorEmail>
 	<authorUrl>https://techjoomla.com</authorUrl>
-	<version>2.2</version>
+	<version>2.3.1</version>
 	<description>Multi-purpose REST API framework for Joomla</description>
 	<install>
 		<!-- Runs on install -->
@@ -21,10 +21,10 @@
 			<file driver="mysql" charset="utf8">sql/uninstall.mysql.utf8.sql</file>
 		</sql>
 	</uninstall>
-	<update> 
-		<schemas> 
-			<schemapath type="mysql">sql/updates/mysql</schemapath> 
-		</schemas> 
+	<update>
+		<schemas>
+			<schemapath type="mysql">sql/updates/mysql</schemapath>
+		</schemas>
 	</update>
 	<files folder="site">
 		<filename>index.html</filename>
@@ -38,6 +38,7 @@
 		<folder>assets</folder>
 		<folder>libraries</folder>
 		<folder>language</folder>
+		<folder>vendors</folder>
 	</files>
 	<languages folder="site">
 		<language tag="en-GB">language/en-GB/en-GB.com_api.ini</language>

diff --git a/code/plugins/authentication/tjapi/index.html b/code/plugins/authentication/tjapi/index.html
@@ -0,0 +1 @@
+<!DOCTYPE html><title></title>
diff --git a/code/plugins/authentication/tjapi/languages/en-GB/en-GB.plg_authentication_tjapi.ini b/code/plugins/authentication/tjapi/languages/en-GB/en-GB.plg_authentication_tjapi.ini
@@ -0,0 +1,8 @@
+; @package     API
+; @subpackage  Authentication.Tjtokenlogin
+; @copyright   Copyright (C) 2009 - 2018 Techjoomla. All rights reserved.
+; @license     http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL
+; Note: All ini files need to be saved as UTF-8
+
+PLG_AUTHENTICATION_TJAPI="Authentication - TjApi"
+PLG_AUTHENTICATION_TJAPI_XML_DESCRIPTION="Authentication - TjApi plugin"
diff --git a/code/plugins/authentication/tjapi/languages/en-GB/en-GB.plg_authentication_tjapi.sys.ini b/code/plugins/authentication/tjapi/languages/en-GB/en-GB.plg_authentication_tjapi.sys.ini
@@ -0,0 +1,8 @@
+; @package     API
+; @subpackage  Authentication.Tjtokenlogin
+; @copyright   Copyright (C) 2009 - 2018 Techjoomla. All rights reserved.
+; @license     http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL
+; Note: All ini files need to be saved as UTF-8
+
+PLG_AUTHENTICATION_TJAPI="Authentication - TjApi"
+PLG_AUTHENTICATION_TJAPI_XML_DESCRIPTION="Authentication - TjApi plugin"
diff --git a/code/plugins/authentication/tjapi/tjapi.php b/code/plugins/authentication/tjapi/tjapi.php
@@ -0,0 +1,95 @@
+<?php
+/**
+ * @package     API
+ * @subpackage  Authentication.tjtokenlogin
+ *
+ * @copyright   Copyright (C) 2009 - 2019 Techjoomla. All rights reserved.
+ * @license     http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL
+ */
+
+defined('_JEXEC') or die('Unauthorized Access');
+
+/**
+ * Class for Tjapi Authentication Plugin
+ *
+ * @since  1.0.0
+ */
+class PlgAuthenticationTjapi extends JPlugin
+{
+	/**
+	 * Verify Api Key
+	 *
+	 * @param   int     $userId  User id
+	 * @param   string  $key     API key
+	 *
+	 * @return  boolean
+	 */
+	public function verifyApiKey($userId, $key)
+	{
+		// Load table
+		JTable::addIncludePath(JPATH_ROOT . '/administrator/components/com_api/tables');
+		$table = JTable::getInstance('Key', 'ApiTable');
+		$table->load(array('userid' => $userId));
+
+		if ($key == $table->hash)
+		{
+			return true;
+		}
+
+		return false;
+	}
+
+	/**
+	 * This method should handle any authentication and report back to the subject
+	 *
+	 * @param   array   &$credentials  Array holding the user credentials
+	 * @param   array   $options       Array of extra options
+	 * @param   object  &$response     Authentication response object
+	 *
+	 * @return  void
+	 *
+	 * @since   1.0.0
+	 */
+	public function onUserAuthenticate(&$credentials, $options, &$response)
+	{
+		$uid = isset($credentials['id']) ? $credentials['id'] : '';
+		$key = isset($credentials['key']) ? $credentials['key'] : '';
+
+		$response->type = 'Tjapi';
+
+		if (empty($uid) || empty($key))
+		{
+			$response->status        = JAuthentication::STATUS_FAILURE;
+			$response->error_message = JText::_('JGLOBAL_AUTH_NO_USER');
+		}
+		else
+		{
+			// Verify the key
+			$match = $this->verifyApiKey($uid, $key);
+
+			if ($match === true)
+			{
+				// Bring this in line with the rest of the authentication
+				$user = JUser::getInstance($uid);
+
+				// Set response data.
+				$response->username = $user->username;
+				$response->email    = $user->email;
+				$response->fullname = $user->name;
+				$response->password = $user->password;
+				$response->language = $user->getParam('language');
+
+				$response->status        = JAuthentication::STATUS_SUCCESS;
+				$response->error_message = '';
+			}
+			else
+			{
+				// Invalid password
+				$response->status        = JAuthentication::STATUS_FAILURE;
+				$response->error_message = JText::_('JGLOBAL_AUTH_INVALID_PASS');
+			}
+		}
+
+		return;
+	}
+}
diff --git a/code/plugins/authentication/tjapi/tjapi.xml b/code/plugins/authentication/tjapi/tjapi.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="utf-8"?>
+<extension version="3.1" type="plugin" group="authentication" method="upgrade">
+	<name>plg_authentication_tjapi</name>
+	<description>PLG_AUTHENTICATION_TJAPI_XML_DESCRIPTION</description>
+	<author>Techjomla</author>
+	<authorEmail>[email protected]</authorEmail>
+	<authorUrl>https://techjoomla.com</authorUrl>
+	<creationDate>9th Jan 2019</creationDate>
+	<copyright>Copyright (C) 2009 - 2019 Techjoomla. All rights reserved.</copyright>
+	<license>http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL</license>
+	<version>1.0.0</version>
+
+	<files>
+		<filename plugin="tjapi">tjapi.php</filename>
+	</files>
+
+	<languages folder="languages">
+		<language tag="en-GB">en-GB/en-GB.plg_authentication_tjapi.ini</language>
+		<language tag="en-GB">en-GB/en-GB.plg_authentication_tjapi.sys.ini</language>
+	</languages>
+
+	<config>
+		<fields name="params">
+			<fieldset name="basic">
+			</fieldset>
+		</fields>
+	</config>
+
+</extension>
diff --git a/code/plugins/system/tjtokenlogin/languages/en-GB/en-GB.plg_system_tjtokenlogin.ini b/code/plugins/system/tjtokenlogin/languages/en-GB/en-GB.plg_system_tjtokenlogin.ini
@@ -0,0 +1,8 @@
+; @package     API
+; @subpackage  System.Tjtokenlogin
+; @copyright   Copyright (C) 2009 - 2018 Techjoomla. All rights reserved.
+; @license     http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL
+; Note: All ini files need to be saved as UTF-8
+
+PLG_SYSTEM_TJTOKENLOGIN="System - TjTokenLogin"
+PLG_SYSTEM_TJTOKENLOGIN_XML_DESCRIPTION="System - TjTokenLogin plugin"
diff --git a/code/plugins/system/tjtokenlogin/languages/en-GB/en-GB.plg_system_tjtokenlogin.sys.ini b/code/plugins/system/tjtokenlogin/languages/en-GB/en-GB.plg_system_tjtokenlogin.sys.ini
@@ -0,0 +1,8 @@
+; @package     API
+; @subpackage  System.Tjtokenlogin
+; @copyright   Copyright (C) 2009 - 2018 Techjoomla. All rights reserved.
+; @license     http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL
+; Note: All ini files need to be saved as UTF-8
+
+PLG_SYSTEM_TJTOKENLOGIN="System - TjTokenLogin"
+PLG_SYSTEM_TJTOKENLOGIN_XML_DESCRIPTION="System - TjTokenLogin plugin"
diff --git a/code/plugins/system/tjtokenlogin/tjtokenlogin.php b/code/plugins/system/tjtokenlogin/tjtokenlogin.php
@@ -0,0 +1,125 @@
+<?php
+/**
+ * @package     API
+ * @subpackage  System.tjtokenlogin
+ *
+ * @copyright   Copyright (C) 2009 - 2019 Techjoomla. All rights reserved.
+ * @license     http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL
+ */
+
+defined('_JEXEC') or die('Unauthorized Access');
+
+require_once JPATH_SITE . '/components/com_api/vendors/php-jwt/src/JWT.php';
+require_once JPATH_SITE . '/components/com_api/vendors/php-jwt/src/BeforeValidException.php';
+require_once JPATH_SITE . '/components/com_api/vendors/php-jwt/src/ExpiredException.php';
+require_once JPATH_SITE . '/components/com_api/vendors/php-jwt/src/SignatureInvalidException.php';
+
+use Firebase\JWT\JWT;
+use Firebase\JWT\DomainException;
+use Firebase\JWT\InvalidArgumentException;
+use Firebase\JWT\UnexpectedValueException;
+use Firebase\JWT\DateTime;
+
+/**
+ * Class for Tjtokenlogin System Plugin
+ *
+ * @since  1.0.0
+ */
+class PlgSystemTjtokenlogin extends JPlugin
+{
+	/**
+	 * Application object.
+	 *
+	 * @var    JApplicationCms
+	 * @since  1.0.0
+	 */
+	protected $app;
+
+	/**
+	 * Valiate JWT token method to run onAfterInitialise
+	 * Only purpose is to initialise the login authentication process if a cookie is present
+	 *
+	 * @return  void
+	 *
+	 * @since   1.0.0
+	 * @throws  InvalidArgumentException
+	 */
+	public function onAfterInitialise()
+	{
+		// Get the application if not done by JPlugin. This may happen during upgrades from Joomla 2.5.
+		if (!$this->app)
+		{
+			$this->app = JFactory::getApplication();
+		}
+
+		// No remember me for admin.
+		if ($this->app->isClient('administrator'))
+		{
+			return;
+		}
+
+		// Get logintoken
+		$input      = JFactory::getApplication()->input;
+		$loginToken = $input->get->get('logintoken', '', 'STRING');
+
+		// If loginToken is not set, return
+		if (!$loginToken)
+		{
+			return false;
+		}
+
+		// Get id from payload
+		$loginTokenArray = explode('.', $loginToken);
+
+		if (!isset($loginTokenArray[1]))
+		{
+			return false;
+		}
+
+		// Note - The token payload is a JSON string encoded as Base64
+		// And no keys are required to decode it.
+		$payload = $loginTokenArray[1];
+		$payload = base64_decode($payload);
+		$payload = json_decode($payload);
+
+		if (!isset($payload->id))
+		{
+			return false;
+		}
+
+		// Load api key table
+		JTable::addIncludePath(JPATH_ROOT . '/administrator/components/com_api/tables');
+		$table = JTable::getInstance('Key', 'ApiTable');
+		$table->load(array('userid' => $payload->id));
+		$key = $table->hash;
+
+		// Generate claim for jwt
+		// @TODO - set other claims
+		$data = [
+			"id" => trim($payload->id),
+			/*"iat" => '',
+			"exp" => '',
+			"aud" => '',
+			"sub" => ''*/
+		];
+
+		// We are using HS256 algo to generate JWT
+		$jwt = JWT::encode($data, trim($key), 'HS256');
+
+		if ($jwt !== $loginToken)
+		{
+			return false;
+		}
+
+		// @if (JFactory::getUser()->get('guest'))
+		// {
+
+		$this->app->login(array('id' => $payload->id, 'key' => $key), array('silent' => true));
+
+		$redirect = $input->get->get('redirect', '', 'STRING');
+		$redirect = base64_decode($redirect);
+		$this->app->redirect(JRoute::_($redirect, false));
+
+		// }
+	}
+}
diff --git a/code/plugins/system/tjtokenlogin/tjtokenlogin.xml b/code/plugins/system/tjtokenlogin/tjtokenlogin.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="utf-8"?>
+<extension version="3.1" type="plugin" group="system" method="upgrade">
+	<name>plg_system_tjtokenlogin</name>
+	<description>PLG_SYSTEM_TJTOKENLOGIN_XML_DESCRIPTION</description>
+	<author>Techjomla</author>
+	<authorEmail>[email protected]</authorEmail>
+	<authorUrl>https://techjoomla.com</authorUrl>
+	<creationDate>9th Jan 2019</creationDate>
+	<copyright>Copyright (C) 2009 - 2019 Techjoomla. All rights reserved.</copyright>
+	<license>http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL</license>
+	<version>1.0.0</version>
+
+	<files>
+		<filename plugin="tjtokenlogin">tjtokenlogin.php</filename>
+	</files>
+
+	<languages folder="languages">
+		<language tag="en-GB">en-GB/en-GB.plg_system_tjtokenlogin.ini</language>
+		<language tag="en-GB">en-GB/en-GB.plg_system_tjtokenlogin.sys.ini</language>
+	</languages>
+
+	<config>
+		<fields name="params">
+			<fieldset name="basic">
+			</fieldset>
+		</fields>
+	</config>
+
+</extension>