[GitHub/WoltLab/WCF.git] / wcfsetup / install / files / lib / data / package / PackageAction.class.php

<?php

namespace wcf\data\package;

use wcf\data\AbstractDatabaseObjectAction;
use wcf\system\database\util\PreparedStatementConditionBuilder;
use wcf\system\exception\SystemException;
use wcf\system\io\RemoteFile;
use wcf\system\request\LinkHandler;
use wcf\system\WCF;
use wcf\util\HTTPRequest;
use wcf\util\JSON;

/**
 * Executes package-related actions.
 *
 * @author  Alexander Ebert
 * @copyright   2001-2019 WoltLab GmbH
 * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
 * @package WoltLabSuite\Core\Data\Package
 *
 * @method  Package         create()
 * @method  PackageEditor[]     getObjects()
 * @method  PackageEditor       getSingleObject()
 */
class PackageAction extends AbstractDatabaseObjectAction
{
    /**
     * @inheritDoc
     */
    protected $className = PackageEditor::class;

    /**
     * @inheritDoc
     */
    protected $permissionsCreate = ['admin.configuration.package.canInstallPackage'];

    /**
     * @inheritDoc
     */
    protected $permissionsDelete = ['admin.configuration.package.canUninstallPackage'];

    /**
     * @inheritDoc
     */
    protected $permissionsUpdate = ['admin.configuration.package.canUpdatePackage'];

    /**
     * @inheritDoc
     */
    protected $requireACP = ['searchForPurchasedItems'];

    /**
     * Validates parameters to search for purchased items in the WoltLab Plugin-Store.
     */
    public function validateSearchForPurchasedItems()
    {
        WCF::getSession()->checkPermissions([
            'admin.configuration.package.canInstallPackage',
            'admin.configuration.package.canUpdatePackage',
        ]);

        $this->readString('password', true);
        $this->readString('username', true);

        if (empty($this->parameters['username'])) {
            $conditions = new PreparedStatementConditionBuilder();
            $conditions->add("serverURL REGEXP ?", ['https?://store\.woltlab\.com/[a-z]+/']);
            $conditions->add("loginUsername <> ''");
            $conditions->add("loginPassword <> ''");

            // check if user has already provided credentials
            $sql = "SELECT  loginUsername, loginPassword
                    FROM    wcf" . WCF_N . "_package_update_server
                    " . $conditions;
            $statement = WCF::getDB()->prepareStatement($sql, 1);
            $statement->execute($conditions->getParameters());
            $row = $statement->fetchArray();
            if (!empty($row['loginUsername']) && !empty($row['loginPassword'])) {
                $this->parameters['password'] = $row['loginPassword'];
                $this->parameters['username'] = $row['loginUsername'];
            }
        }
    }

    /**
     * Searches for purchased items in the WoltLab Plugin-Store.
     *
     * @return  string[]
     * @throws  SystemException
     */
    public function searchForPurchasedItems()
    {
        if (!RemoteFile::supportsSSL()) {
            return [
                'noSSL' => WCF::getLanguage()->get('wcf.acp.pluginStore.api.noSSL'),
            ];
        }

        if (empty($this->parameters['username']) || empty($this->parameters['password'])) {
            return [
                'template' => $this->renderAuthorizationDialog(false),
            ];
        }

        $request = new HTTPRequest('https://api.woltlab.com/1.1/customer/purchases/list.json', [
            'method' => 'POST',
        ], [
            'username' => $this->parameters['username'],
            'password' => $this->parameters['password'],
            'wcfVersion' => WCF_VERSION,
        ]);

        $request->execute();
        $reply = $request->getReply();
        $response = JSON::decode($reply['body']);

        $code = $response['status'] ?? 500;
        switch ($code) {
            case 200:
                if (empty($response['products'])) {
                    return [
                        'noResults' => WCF::getLanguage()->getDynamicVariable('wcf.acp.pluginStore.purchasedItems.noResults'),
                    ];
                } else {
                    WCF::getSession()->register('__pluginStoreProducts', $response['products']);
                    WCF::getSession()->register('__pluginStoreWcfMajorReleases', $response['wcfMajorReleases']);

                    return [
                        'redirectURL' => LinkHandler::getInstance()->getLink('PluginStorePurchasedItems'),
                    ];
                }
                break;

            // authentication error
            case 401:
                return [
                    'template' => $this->renderAuthorizationDialog(true),
                ];
                break;

            // any other kind of errors
            default:
                throw new SystemException(WCF::getLanguage()->getDynamicVariable(
                    'wcf.acp.pluginStore.api.error',
                    ['status' => $code]
                ));
                break;
        }
    }

    /**
     * Renders the authentication dialog.
     *
     * @param bool $rejected
     * @return  string
     */
    protected function renderAuthorizationDialog($rejected)
    {
        WCF::getTPL()->assign([
            'rejected' => $rejected,
        ]);

        return WCF::getTPL()->fetch('pluginStoreAuthorization');
    }
}
Commit	Line	Data
158bd3ca	1	<?php
a9229942	2
158bd3ca	3	namespace wcf\data\package;
a9229942	4
158bd3ca	5	use wcf\data\AbstractDatabaseObjectAction;
93c9c717	6	use wcf\system\database\util\PreparedStatementConditionBuilder;
eb0f6246	7	use wcf\system\exception\SystemException;
e7714ce1	8	use wcf\system\io\RemoteFile;
eb0f6246	9	use wcf\system\request\LinkHandler;
317c8af5	10	use wcf\system\WCF;
e7714ce1	11	use wcf\util\HTTPRequest;
079b9ff4	12	use wcf\util\JSON;
158bd3ca TD	13
	14	/**
	15	* Executes package-related actions.
a9229942 TD	16	*
	17	* @author Alexander Ebert
	18	* @copyright 2001-2019 WoltLab GmbH
	19	* @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
	20	* @package WoltLabSuite\Core\Data\Package
	21	*
	22	* @method Package create()
	23	* @method PackageEditor[] getObjects()
	24	* @method PackageEditor getSingleObject()
158bd3ca	25	*/
a9229942 TD	26	class PackageAction extends AbstractDatabaseObjectAction
	27	{
	28	/**
	29	* @inheritDoc
	30	*/
	31	protected $className = PackageEditor::class;
	32
	33	/**
	34	* @inheritDoc
	35	*/
	36	protected $permissionsCreate = ['admin.configuration.package.canInstallPackage'];
	37
	38	/**
	39	* @inheritDoc
	40	*/
	41	protected $permissionsDelete = ['admin.configuration.package.canUninstallPackage'];
	42
	43	/**
	44	* @inheritDoc
	45	*/
	46	protected $permissionsUpdate = ['admin.configuration.package.canUpdatePackage'];
	47
	48	/**
	49	* @inheritDoc
	50	*/
	51	protected $requireACP = ['searchForPurchasedItems'];
	52
	53	/**
	54	* Validates parameters to search for purchased items in the WoltLab Plugin-Store.
	55	*/
	56	public function validateSearchForPurchasedItems()
	57	{
	58	WCF::getSession()->checkPermissions([
	59	'admin.configuration.package.canInstallPackage',
	60	'admin.configuration.package.canUpdatePackage',
	61	]);
	62
	63	$this->readString('password', true);
	64	$this->readString('username', true);
	65
	66	if (empty($this->parameters['username'])) {
	67	$conditions = new PreparedStatementConditionBuilder();
	68	$conditions->add("serverURL REGEXP ?", ['https?://store\.woltlab\.com/[a-z]+/']);
	69	$conditions->add("loginUsername <> ''");
	70	$conditions->add("loginPassword <> ''");
	71
	72	// check if user has already provided credentials
	73	$sql = "SELECT loginUsername, loginPassword
	74	FROM wcf" . WCF_N . "_package_update_server
	75	" . $conditions;
	76	$statement = WCF::getDB()->prepareStatement($sql, 1);
	77	$statement->execute($conditions->getParameters());
	78	$row = $statement->fetchArray();
	79	if (!empty($row['loginUsername']) && !empty($row['loginPassword'])) {
	80	$this->parameters['password'] = $row['loginPassword'];
	81	$this->parameters['username'] = $row['loginUsername'];
	82	}
	83	}
	84	}
	85
	86	/**
	87	* Searches for purchased items in the WoltLab Plugin-Store.
	88	*
	89	* @return string[]
90	* @throws SystemException
91	*/
92	public function searchForPurchasedItems()
93	{
94	if (!RemoteFile::supportsSSL()) {
95	return [
96	'noSSL' => WCF::getLanguage()->get('wcf.acp.pluginStore.api.noSSL'),
97	];
98	}
99
100	if (empty($this->parameters['username']) \|\| empty($this->parameters['password'])) {
101	return [
102	'template' => $this->renderAuthorizationDialog(false),
103	];
104	}
105
106	$request = new HTTPRequest('https://api.woltlab.com/1.1/customer/purchases/list.json', [
107	'method' => 'POST',
108	], [
109	'username' => $this->parameters['username'],
110	'password' => $this->parameters['password'],
111	'wcfVersion' => WCF_VERSION,
112	]);
113
114	$request->execute();
115	$reply = $request->getReply();
116	$response = JSON::decode($reply['body']);
117
118	$code = $response['status'] ?? 500;
119	switch ($code) {
120	case 200:
121	if (empty($response['products'])) {
122	return [
123	'noResults' => WCF::getLanguage()->getDynamicVariable('wcf.acp.pluginStore.purchasedItems.noResults'),
124	];
125	} else {
126	WCF::getSession()->register('__pluginStoreProducts', $response['products']);
127	WCF::getSession()->register('__pluginStoreWcfMajorReleases', $response['wcfMajorReleases']);
128
129	return [
130	'redirectURL' => LinkHandler::getInstance()->getLink('PluginStorePurchasedItems'),
131	];
132	}
133	break;
134
135	// authentication error
136	case 401:
137	return [
138	'template' => $this->renderAuthorizationDialog(true),
139	];
140	break;
141
142	// any other kind of errors
143	default:
144	throw new SystemException(WCF::getLanguage()->getDynamicVariable(
145	'wcf.acp.pluginStore.api.error',
146	['status' => $code]
147	));
148	break;
149	}
150	}
151
152	/**
153	* Renders the authentication dialog.
154	*
155	* @param bool $rejected
156	* @return string
157	*/
158	protected function renderAuthorizationDialog($rejected)
159	{
160	WCF::getTPL()->assign([
161	'rejected' => $rejected,
162	]);
163
164	return WCF::getTPL()->fetch('pluginStoreAuthorization');
165	}
dcb3a44c	166	}