Mobile Story - Add JWT Support, implement file upload, browser view, …

…and login

app/config/default/parameters.yml.dist

@@ -35,3 +35,6 @@ parameters:
     converter: 'api' # api|unoconv
     redis_host: 127.0.0.1
     redis_port: 6379
+    jwt_key: ~
+    jwt_algorithm: HS256
+    jwt_expiration_seconds: 600

composer.json

@@ -45,7 +45,8 @@
     "reprovinci/solr-php-client": "1.0.3",
     "mrclay/minify": "^2.2",
     "friendsofsymfony/rest-bundle": "^1.7",
-    "jms/serializer-bundle": "^1.1"
+    "jms/serializer-bundle": "^1.1",
+    "firebase/php-jwt": "^5.0"
   },
   "require-dev": {
     "phpunit/phpunit": "^5.2.12",

src/Casebox/CoreBundle/Service/Auth/CaseboxAuth.php

@@ -173,16 +173,14 @@ public function verifyUserPassword($username, $password)
     public function logout()
     {
 		$user = $this->getEm()->getRepository('CaseboxCoreBundle:UsersGroups')->findUserByUsername(User::getUsername());
+		$anonToken = new AnonymousToken('theTokensKey', 'anon.', []);
+        $this->getSecurityContext()->setToken($anonToken);
+        $this->getSession()->invalidate();
         if (!$user instanceof UsersGroupsEntity) {
             return false;
         }
 		$user->setLastLogout(time());
 		$this->getEm()->flush();
-
-
-        $anonToken = new AnonymousToken('theTokensKey', 'anon.', []);
-        $this->getSecurityContext()->setToken($anonToken);
-        $this->getSession()->invalidate();
 
         return true;
     }

src/Casebox/CoreBundle/Service/System.php

@@ -66,8 +66,11 @@ public function bootstrap(Container $container, Request $request = null)
 
             // Process user locale
             $user = $session->get('user');
-            $language = (!empty($user['language'])) ? $user['language'] : $request->getLocale();
-            $request->setLocale($language);
+			if(is_array($user))
+			{
+	            $language = (!empty($user['language'])) ? $user['language'] : $request->getLocale();
+	            $request->setLocale($language);
+			}
         }
     }
 

src/Casebox/CoreBundle/Service/User.php

@@ -1090,7 +1090,7 @@ public static function getUsername($idOrData = false)
 
         $data = is_numeric($idOrData) ? static::getPreferences($idOrData) : $idOrData;
 
-        $rez = empty($data['name']) ? '' : $data['name'];
+        $rez = is_array($data)? (empty($data['name']) ? '' : $data['name']):'';
 
         return $rez;
     }

src/Casebox/RestBundle/Controller/RestApiController.php

@@ -8,6 +8,10 @@
 use FOS\RestBundle\Controller\Annotations\View;
 use FOS\RestBundle\Controller\FOSRestController;
 use FOS\RestBundle\Request\ParamFetcher;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Casebox\CoreBundle\Service\Config;
+use Casebox\CoreBundle\Service\BrowserView;
 
 /**
  * Class RestApiController
@@ -34,13 +38,36 @@ class RestApiController extends FOSRestController
      *
      * @return View
      */
-    public function browserAction(ParamFetcher $fetcher)
+    public function browserAction(Request $request, ParamFetcher $fetcher)
     {
         $action = $fetcher->get('action');
         $data = $fetcher->get('data');
-
-        $result = null;
-
+
+		$configService = $this->get('casebox_core.service.config');	
+
+		if(!($this->validateUser($request)))
+		{
+			return new Response(null,401);
+		}
+
+		if ($action == 'saveFile')
+		{
+			$file['error'] = UPLOAD_ERR_OK;
+	        $file['tmp_name'] = tempnam($configService->get('incomming_files_dir'), 'cbup');
+	        $file['dir'] = '/';
+
+	        file_put_contents($file['tmp_name'],base64_decode($data['file']));
+
+	        $file['name'] = urldecode($data['fileName']);
+			$file['pid'] = urldecode($data['pid']);
+			$file['type'] = 'image/png';
+			$file['size'] = filesize($file['tmp_name']);
+			$file['md5'] = md5_file($file['tmp_name']);
+
+	        $_FILES = ['file' => $file];
+		}
+		$browser = new \Casebox\CoreBundle\Service\Browser();
+		$result = $browser->{$action}($data);
         return $this->view()->setData($result);
     }
 
@@ -74,13 +101,13 @@ public function browserActionsAction(ParamFetcher $fetcher)
      *
      * @return View
      */
-    public function browserTreeAction(ParamFetcher $fetcher)
+    public function browserTreeAction(Request $request, ParamFetcher $fetcher)
     {
         $action = $fetcher->get('action');
         $data = $fetcher->get('data');
 
         $result = null;
-
+		
         return $this->view()->setData($result);
     }
 
@@ -92,13 +119,20 @@ public function browserTreeAction(ParamFetcher $fetcher)
      *
      * @return View
      */
-    public function browserViewAction(ParamFetcher $fetcher)
+    public function browserViewAction(Request $request, ParamFetcher $fetcher)
     {
         $action = $fetcher->get('action');
         $data = $fetcher->get('data');
-
-        $result = null;
-
+
+		if(!($this->validateUser($request)))
+		{
+			return new Response(null,401);
+		}
+
+		$sr = new \Casebox\CoreBundle\Service\BrowserView();
+        $results = $sr->{$action}($data);
+		$result = $results;
+
         return $this->view()->setData($result);
     }
 
@@ -132,7 +166,7 @@ public function favoritesAction(ParamFetcher $fetcher)
      *
      * @return View
      */
-    public function filesAction(ParamFetcher $fetcher)
+    public function filesAction(Request $request, ParamFetcher $fetcher)
     {
         $action = $fetcher->get('action');
         $data = $fetcher->get('data');
@@ -365,10 +399,16 @@ public function userLoginAction(ParamFetcher $fetcher)
     {
         $username = $fetcher->get('username');
         $password = $fetcher->get('password');
-
-        $result = null;
-
-        return $this->view()->setData($result);
+        $restService = $this->get('casebox_rest.service.rest_api_service');
+
+		if (!empty($username) && !empty($password))
+		{
+			$key = $restService->authenticate($username,$password);			
+		}
+
+        $result = array('jwt' => $key);
+
+		return $this->view()->setData($result);
     }
 
     /**
@@ -379,6 +419,7 @@ public function userLoginAction(ParamFetcher $fetcher)
      */
     public function userLogoutAction(ParamFetcher $fetcher)
     {
+    	$this->get('casebox_core.service_auth.authentication')->logout();
         $result = null;
 
         return $this->view()->setData($result);
@@ -441,4 +482,28 @@ public function usersGroupsAction(ParamFetcher $fetcher)
 
         return $this->view()->setData($result);
     }
+
+	private function validateUser(Request $request)
+	{
+		$valid = false;
+		$restService = $this->get('casebox_rest.service.rest_api_service');
+		$authHeader = $request->headers->get('Authorization');
+		if ($authHeader) {
+			$user = $restService->validateUserJWT($authHeader);
+			if (is_array($user))
+			{
+				$session = $request->getSession();
+	            $session->set('user', $user);
+	            $session->save();
+				$valid = true;
+			}
+			else {
+				$this->get('casebox_core.service_auth.authentication')->logout();
+            } 
+        } else
+        {
+        		$this->get('casebox_core.service_auth.authentication')->logout();
+        }	
+		return $valid;		
+	}
 }